[thirdparty/openssl.git] / engines / e_gmp.c

/* crypto/engine/e_gmp.c */
/*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2003.
 */
/* ====================================================================
 * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

/*
 * This engine is not (currently) compiled in by default. Do enable it,
 * reconfigure OpenSSL with "enable-gmp -lgmp". The GMP libraries and headers
 * must reside in one of the paths searched by the compiler/linker, otherwise
 * paths must be specified - eg. try configuring with "enable-gmp
 * -I<includepath> -L<libpath> -lgmp". YMMV.
 */

/*-
 * As for what this does - it's a largely unoptimised implementation of an
 * ENGINE that uses the GMP library to perform RSA private key operations. To
 * obtain more information about what "unoptimised" means, see my original mail
 * on the subject (though ignore the build instructions which have since
 * changed);
 *
 *    http://www.mail-archive.com/openssl-dev@openssl.org/msg12227.html
 *
 * On my athlon system at least, it appears the builtin OpenSSL code is now
 * slightly faster, which is to say that the RSA-related MPI performance
 * between OpenSSL's BIGNUM and GMP's mpz implementations is probably pretty
 * balanced for this chip, and so the performance degradation in this ENGINE by
 * having to convert to/from GMP formats (and not being able to cache
 * montgomery forms) is probably the difference. However, if some unconfirmed
 * reports from users is anything to go by, the situation on some other
 * chipsets might be a good deal more favourable to the GMP version (eg. PPC).
 * Feedback welcome. */

#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
#include <openssl/engine.h>
#include <openssl/rsa.h>
#include <openssl/bn.h>

#ifndef OPENSSL_NO_HW
# ifndef OPENSSL_NO_GMP

#  include <gmp.h>

#  define E_GMP_LIB_NAME "gmp engine"
#  include "e_gmp_err.c"

static int e_gmp_destroy(ENGINE *e);
static int e_gmp_init(ENGINE *e);
static int e_gmp_finish(ENGINE *e);
static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));

#  ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
                             BN_CTX *ctx);
static int e_gmp_rsa_finish(RSA *r);
#  endif

/* The definitions for control commands specific to this engine */
/* #define E_GMP_CMD_SO_PATH            ENGINE_CMD_BASE */
static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = {
#  if 0
    {E_GMP_CMD_SO_PATH,
     "SO_PATH",
     "Specifies the path to the 'e_gmp' shared library",
     ENGINE_CMD_FLAG_STRING},
#  endif
    {0, NULL, NULL, 0}
};

#  ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD e_gmp_rsa = {
    "GMP RSA method",
    NULL,
    NULL,
    NULL,
    NULL,
    e_gmp_rsa_mod_exp,
    NULL,
    NULL,
    e_gmp_rsa_finish,
    /*
     * These flags initialise montgomery crud that GMP ignores, however it
     * makes sure the public key ops (which are done in openssl) don't seem
     * *slower* than usual :-)
     */
    RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE,
    NULL,
    NULL,
    NULL
};
#  endif

/* Constants used when creating the ENGINE */
static const char *engine_e_gmp_id = "gmp";
static const char *engine_e_gmp_name = "GMP engine support";

/*
 * This internal function is used by ENGINE_gmp() and possibly by the
 * "dynamic" ENGINE support too
 */
static int bind_helper(ENGINE *e)
{
#  ifndef OPENSSL_NO_RSA
    const RSA_METHOD *meth1;
#  endif
    if (!ENGINE_set_id(e, engine_e_gmp_id) ||
        !ENGINE_set_name(e, engine_e_gmp_name) ||
#  ifndef OPENSSL_NO_RSA
        !ENGINE_set_RSA(e, &e_gmp_rsa) ||
#  endif
        !ENGINE_set_destroy_function(e, e_gmp_destroy) ||
        !ENGINE_set_init_function(e, e_gmp_init) ||
        !ENGINE_set_finish_function(e, e_gmp_finish) ||
        !ENGINE_set_ctrl_function(e, e_gmp_ctrl) ||
        !ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))
        return 0;

#  ifndef OPENSSL_NO_RSA
    meth1 = RSA_PKCS1_SSLeay();
    e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
    e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
    e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
    e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
    e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;
#  endif

    /* Ensure the e_gmp error handling is set up */
    ERR_load_GMP_strings();
    return 1;
}

static ENGINE *engine_gmp(void)
{
    ENGINE *ret = ENGINE_new();
    if (!ret)
        return NULL;
    if (!bind_helper(ret)) {
        ENGINE_free(ret);
        return NULL;
    }
    return ret;
}

void ENGINE_load_gmp(void)
{
    /* Copied from eng_[openssl|dyn].c */
    ENGINE *toadd = engine_gmp();
    if (!toadd)
        return;
    ENGINE_add(toadd);
    ENGINE_free(toadd);
    ERR_clear_error();
}

#  ifndef OPENSSL_NO_RSA
/* Used to attach our own key-data to an RSA structure */
static int hndidx_rsa = -1;
#  endif

static int e_gmp_destroy(ENGINE *e)
{
    ERR_unload_GMP_strings();
    return 1;
}

/* (de)initialisation functions. */
static int e_gmp_init(ENGINE *e)
{
#  ifndef OPENSSL_NO_RSA
    if (hndidx_rsa == -1)
        hndidx_rsa = RSA_get_ex_new_index(0,
                                          "GMP-based RSA key handle",
                                          NULL, NULL, NULL);
#  endif
    if (hndidx_rsa == -1)
        return 0;
    return 1;
}

static int e_gmp_finish(ENGINE *e)
{
    return 1;
}

static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
{
    int to_return = 1;

    switch (cmd) {
#  if 0
    case E_GMP_CMD_SO_PATH:
        /* ... */
#  endif
        /* The command isn't understood by this engine */
    default:
        GMPerr(GMP_F_E_GMP_CTRL, GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED);
        to_return = 0;
        break;
    }

    return to_return;
}

/*
 * Most often limb sizes will be the same. If not, we use hex conversion
 * which is neat, but extremely inefficient.
 */
static int bn2gmp(const BIGNUM *bn, mpz_t g)
{
    bn_check_top(bn);
    if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
        (BN_BITS2 == GMP_NUMB_BITS)) {
        /* The common case */
        if (!_mpz_realloc(g, bn->top))
            return 0;
        memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0]));
        g->_mp_size = bn->top;
        if (bn->neg)
            g->_mp_size = -g->_mp_size;
        return 1;
    } else {
        int toret;
        char *tmpchar = BN_bn2hex(bn);
        if (!tmpchar)
            return 0;
        toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
        OPENSSL_free(tmpchar);
        return toret;
    }
}

static int gmp2bn(mpz_t g, BIGNUM *bn)
{
    if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
        (BN_BITS2 == GMP_NUMB_BITS)) {
        /* The common case */
        int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size;
        BN_zero(bn);
        if (bn_expand2(bn, s) == NULL)
            return 0;
        bn->top = s;
        memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0]));
        bn_correct_top(bn);
        bn->neg = g->_mp_size >= 0 ? 0 : 1;
        return 1;
    } else {
        int toret;
        char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
        if (!tmpchar)
            return 0;
        mpz_get_str(tmpchar, 16, g);
        toret = BN_hex2bn(&bn, tmpchar);
        OPENSSL_free(tmpchar);
        return toret;
    }
}

#  ifndef OPENSSL_NO_RSA
typedef struct st_e_gmp_rsa_ctx {
    int public_only;
    mpz_t n;
    mpz_t d;
    mpz_t e;
    mpz_t p;
    mpz_t q;
    mpz_t dmp1;
    mpz_t dmq1;
    mpz_t iqmp;
    mpz_t r0, r1, I0, m1;
} E_GMP_RSA_CTX;

static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa)
{
    E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
    if (hptr)
        return hptr;
    hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX));
    if (!hptr)
        return NULL;
    /*
     * These inits could probably be replaced by more intelligent mpz_init2()
     * versions, to reduce malloc-thrashing.
     */
    mpz_init(hptr->n);
    mpz_init(hptr->d);
    mpz_init(hptr->e);
    mpz_init(hptr->p);
    mpz_init(hptr->q);
    mpz_init(hptr->dmp1);
    mpz_init(hptr->dmq1);
    mpz_init(hptr->iqmp);
    mpz_init(hptr->r0);
    mpz_init(hptr->r1);
    mpz_init(hptr->I0);
    mpz_init(hptr->m1);
    if (!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e))
        goto err;
    if (!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1
        || !rsa->iqmp) {
        hptr->public_only = 1;
        return hptr;
    }
    if (!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) ||
        !bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) ||
        !bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp))
        goto err;
    hptr->public_only = 0;
    RSA_set_ex_data(rsa, hndidx_rsa, hptr);
    return hptr;
 err:
    mpz_clear(hptr->n);
    mpz_clear(hptr->d);
    mpz_clear(hptr->e);
    mpz_clear(hptr->p);
    mpz_clear(hptr->q);
    mpz_clear(hptr->dmp1);
    mpz_clear(hptr->dmq1);
    mpz_clear(hptr->iqmp);
    mpz_clear(hptr->r0);
    mpz_clear(hptr->r1);
    mpz_clear(hptr->I0);
    mpz_clear(hptr->m1);
    OPENSSL_free(hptr);
    return NULL;
}

static int e_gmp_rsa_finish(RSA *rsa)
{
    E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
    if (!hptr)
        return 0;
    mpz_clear(hptr->n);
    mpz_clear(hptr->d);
    mpz_clear(hptr->e);
    mpz_clear(hptr->p);
    mpz_clear(hptr->q);
    mpz_clear(hptr->dmp1);
    mpz_clear(hptr->dmq1);
    mpz_clear(hptr->iqmp);
    mpz_clear(hptr->r0);
    mpz_clear(hptr->r1);
    mpz_clear(hptr->I0);
    mpz_clear(hptr->m1);
    OPENSSL_free(hptr);
    RSA_set_ex_data(rsa, hndidx_rsa, NULL);
    return 1;
}

static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
                             BN_CTX *ctx)
{
    E_GMP_RSA_CTX *hptr;
    int to_return = 0;

    hptr = e_gmp_get_rsa(rsa);
    if (!hptr) {
        GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_KEY_CONTEXT_ERROR);
        return 0;
    }
    if (hptr->public_only) {
        GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_MISSING_KEY_COMPONENTS);
        return 0;
    }

    /* ugh!!! */
    if (!bn2gmp(I, hptr->I0))
        return 0;

    /*
     * This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into
     * GMP-speak. It may be that GMP's API facilitates cleaner formulations
     * of this stuff, eg. better handling of negatives, or functions that
     * combine operations.
     */

    mpz_mod(hptr->r1, hptr->I0, hptr->q);
    mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q);

    mpz_mod(hptr->r1, hptr->I0, hptr->p);
    mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p);

    mpz_sub(hptr->r0, hptr->r0, hptr->m1);

    if (mpz_sgn(hptr->r0) < 0)
        mpz_add(hptr->r0, hptr->r0, hptr->p);
    mpz_mul(hptr->r1, hptr->r0, hptr->iqmp);
    mpz_mod(hptr->r0, hptr->r1, hptr->p);

    if (mpz_sgn(hptr->r0) < 0)
        mpz_add(hptr->r0, hptr->r0, hptr->p);
    mpz_mul(hptr->r1, hptr->r0, hptr->q);
    mpz_add(hptr->r0, hptr->r1, hptr->m1);

    /* ugh!!! */
    if (gmp2bn(hptr->r0, r))
        to_return = 1;

    return 1;
}
#  endif

# endif                         /* !OPENSSL_NO_GMP */

/*
 * This stuff is needed if this ENGINE is being compiled into a
 * self-contained shared-library.
 */
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
IMPLEMENT_DYNAMIC_CHECK_FN()
#  ifndef OPENSSL_NO_GMP
static int bind_fn(ENGINE *e, const char *id)
{
    if (id && (strcmp(id, engine_e_gmp_id) != 0))
        return 0;
    if (!bind_helper(e))
        return 0;
    return 1;
}

IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
#  else
OPENSSL_EXPORT
    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
{
    return 0;
}
#  endif
# endif                         /* OPENSSL_NO_DYNAMIC_ENGINE */

#endif                          /* !OPENSSL_NO_HW */
Commit	Line	Data
a85bef18	1	/* crypto/engine/e_gmp.c */
40720ce3 MC	2	/*
	3	* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
	4	* 2003.
a85bef18 GT	5	*/
	6	/* ====================================================================
	7	* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	*
	13	* 1. Redistributions of source code must retain the above copyright
40720ce3	14	* notice, this list of conditions and the following disclaimer.
a85bef18 GT	15	*
	16	* 2. Redistributions in binary form must reproduce the above copyright
	17	* notice, this list of conditions and the following disclaimer in
	18	* the documentation and/or other materials provided with the
	19	* distribution.
	20	*
	21	* 3. All advertising materials mentioning features or use of this
	22	* software must display the following acknowledgment:
	23	* "This product includes software developed by the OpenSSL Project
	24	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	25	*
	26	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	27	* endorse or promote products derived from this software without
	28	* prior written permission. For written permission, please contact
	29	* licensing@OpenSSL.org.
	30	*
	31	* 5. Products derived from this software may not be called "OpenSSL"
	32	* nor may "OpenSSL" appear in their names without prior written
	33	* permission of the OpenSSL Project.
	34	*
	35	* 6. Redistributions of any form whatsoever must retain the following
	36	* acknowledgment:
	37	* "This product includes software developed by the OpenSSL Project
	38	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	39	*
	40	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	41	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	43	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	44	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	45	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	46	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	47	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	49	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	50	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	51	* OF THE POSSIBILITY OF SUCH DAMAGE.
	52	* ====================================================================
	53	*
	54	* This product includes cryptographic software written by Eric Young
	55	* (eay@cryptsoft.com). This product includes software written by Tim
	56	* Hudson (tjh@cryptsoft.com).
	57	*
	58	*/
	59
40720ce3 MC	60	/*
	61	* This engine is not (currently) compiled in by default. Do enable it,
	62	* reconfigure OpenSSL with "enable-gmp -lgmp". The GMP libraries and headers
	63	* must reside in one of the paths searched by the compiler/linker, otherwise
	64	* paths must be specified - eg. try configuring with "enable-gmp
	65	* -I<includepath> -L<libpath> -lgmp". YMMV.
	66	*/
a85bef18	67
b558c8d5 TH	68	/*-
b558c8d5 TH	69	* As for what this does - it's a largely unoptimised implementation of an
a85bef18 GT	70	* ENGINE that uses the GMP library to perform RSA private key operations. To
	71	* obtain more information about what "unoptimised" means, see my original mail
	72	* on the subject (though ignore the build instructions which have since
	73	* changed);
	74	*
	75	* http://www.mail-archive.com/openssl-dev@openssl.org/msg12227.html
	76	*
	77	* On my athlon system at least, it appears the builtin OpenSSL code is now
	78	* slightly faster, which is to say that the RSA-related MPI performance
	79	* between OpenSSL's BIGNUM and GMP's mpz implementations is probably pretty
	80	* balanced for this chip, and so the performance degradation in this ENGINE by
	81	* having to convert to/from GMP formats (and not being able to cache
	82	* montgomery forms) is probably the difference. However, if some unconfirmed
	83	* reports from users is anything to go by, the situation on some other
	84	* chipsets might be a good deal more favourable to the GMP version (eg. PPC).
	85	* Feedback welcome. */
	86
	87	#include <stdio.h>
	88	#include <string.h>
	89	#include <openssl/crypto.h>
	90	#include <openssl/buffer.h>
	91	#include <openssl/engine.h>
292248b8 GT	92	#include <openssl/rsa.h>
292248b8 GT	93	#include <openssl/bn.h>
a85bef18 GT	94
a85bef18 GT	95	#ifndef OPENSSL_NO_HW
40720ce3	96	# ifndef OPENSSL_NO_GMP
a85bef18	97
40720ce3	98	# include <gmp.h>
a85bef18	99
40720ce3 MC	100	# define E_GMP_LIB_NAME "gmp engine"
40720ce3 MC	101	# include "e_gmp_err.c"
a85bef18 GT	102
	103	static int e_gmp_destroy(ENGINE *e);
	104	static int e_gmp_init(ENGINE *e);
	105	static int e_gmp_finish(ENGINE *e);
40720ce3	106	static int e_gmp_ctrl(ENGINE e, int cmd, long i, void p, void (*f) (void));
a85bef18	107
40720ce3	108	# ifndef OPENSSL_NO_RSA
a85bef18	109	/* RSA stuff */
40720ce3 MC	110	static int e_gmp_rsa_mod_exp(BIGNUM r, const BIGNUM I, RSA *rsa,
40720ce3 MC	111	BN_CTX *ctx);
a85bef18	112	static int e_gmp_rsa_finish(RSA *r);
40720ce3	113	# endif
a85bef18 GT	114
a85bef18 GT	115	/* The definitions for control commands specific to this engine */
40720ce3	116	/* #define E_GMP_CMD_SO_PATH ENGINE_CMD_BASE */
a85bef18	117	static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = {
40720ce3 MC	118	# if 0
	119	{E_GMP_CMD_SO_PATH,
	120	"SO_PATH",
	121	"Specifies the path to the 'e_gmp' shared library",
	122	ENGINE_CMD_FLAG_STRING},
	123	# endif
	124	{0, NULL, NULL, 0}
	125	};
	126
	127	# ifndef OPENSSL_NO_RSA
a85bef18	128	/* Our internal RSA_METHOD that we provide pointers to */
40720ce3 MC	129	static RSA_METHOD e_gmp_rsa = {
	130	"GMP RSA method",
	131	NULL,
	132	NULL,
	133	NULL,
	134	NULL,
	135	e_gmp_rsa_mod_exp,
	136	NULL,
	137	NULL,
	138	e_gmp_rsa_finish,
	139	/*
	140	* These flags initialise montgomery crud that GMP ignores, however it
	141	* makes sure the public key ops (which are done in openssl) don't seem
	142	* slower than usual :-)
	143	*/
	144	RSA_FLAG_CACHE_PUBLIC \| RSA_FLAG_CACHE_PRIVATE,
	145	NULL,
	146	NULL,
	147	NULL
	148	};
	149	# endif
a85bef18 GT	150
	151	/* Constants used when creating the ENGINE */
	152	static const char *engine_e_gmp_id = "gmp";
	153	static const char *engine_e_gmp_name = "GMP engine support";
	154
40720ce3 MC	155	/*
	156	* This internal function is used by ENGINE_gmp() and possibly by the
	157	* "dynamic" ENGINE support too
	158	*/
a85bef18	159	static int bind_helper(ENGINE *e)
40720ce3 MC	160	{
	161	# ifndef OPENSSL_NO_RSA
	162	const RSA_METHOD *meth1;
	163	# endif
	164	if (!ENGINE_set_id(e, engine_e_gmp_id) \|\|
	165	!ENGINE_set_name(e, engine_e_gmp_name) \|\|
	166	# ifndef OPENSSL_NO_RSA
	167	!ENGINE_set_RSA(e, &e_gmp_rsa) \|\|
	168	# endif
	169	!ENGINE_set_destroy_function(e, e_gmp_destroy) \|\|
	170	!ENGINE_set_init_function(e, e_gmp_init) \|\|
	171	!ENGINE_set_finish_function(e, e_gmp_finish) \|\|
	172	!ENGINE_set_ctrl_function(e, e_gmp_ctrl) \|\|
	173	!ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))
	174	return 0;
	175
	176	# ifndef OPENSSL_NO_RSA
	177	meth1 = RSA_PKCS1_SSLeay();
	178	e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
	179	e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
	180	e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
	181	e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
	182	e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;
	183	# endif
	184
	185	/* Ensure the e_gmp error handling is set up */
	186	ERR_load_GMP_strings();
	187	return 1;
	188	}
a85bef18 GT	189
a85bef18 GT	190	static ENGINE *engine_gmp(void)
40720ce3 MC	191	{
	192	ENGINE *ret = ENGINE_new();
	193	if (!ret)
	194	return NULL;
	195	if (!bind_helper(ret)) {
	196	ENGINE_free(ret);
	197	return NULL;
	198	}
	199	return ret;
	200	}
a85bef18 GT	201
a85bef18 GT	202	void ENGINE_load_gmp(void)
40720ce3 MC	203	{
	204	/* Copied from eng_[openssl\|dyn].c */
	205	ENGINE *toadd = engine_gmp();
	206	if (!toadd)
	207	return;
	208	ENGINE_add(toadd);
	209	ENGINE_free(toadd);
	210	ERR_clear_error();
	211	}
	212
	213	# ifndef OPENSSL_NO_RSA
a85bef18 GT	214	/* Used to attach our own key-data to an RSA structure */
a85bef18 GT	215	static int hndidx_rsa = -1;
40720ce3	216	# endif
a85bef18 GT	217
a85bef18 GT	218	static int e_gmp_destroy(ENGINE *e)
40720ce3 MC	219	{
	220	ERR_unload_GMP_strings();
	221	return 1;
	222	}
a85bef18 GT	223
	224	/* (de)initialisation functions. */
	225	static int e_gmp_init(ENGINE *e)
40720ce3 MC	226	{
	227	# ifndef OPENSSL_NO_RSA
	228	if (hndidx_rsa == -1)
	229	hndidx_rsa = RSA_get_ex_new_index(0,
	230	"GMP-based RSA key handle",
	231	NULL, NULL, NULL);
	232	# endif
	233	if (hndidx_rsa == -1)
	234	return 0;
	235	return 1;
	236	}
a85bef18 GT	237
a85bef18 GT	238	static int e_gmp_finish(ENGINE *e)
40720ce3 MC	239	{
	240	return 1;
	241	}
	242
	243	static int e_gmp_ctrl(ENGINE e, int cmd, long i, void p, void (*f) (void))
	244	{
	245	int to_return = 1;
	246
	247	switch (cmd) {
	248	# if 0
	249	case E_GMP_CMD_SO_PATH:
	250	/* ... */
	251	# endif
	252	/* The command isn't understood by this engine */
	253	default:
	254	GMPerr(GMP_F_E_GMP_CTRL, GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED);
	255	to_return = 0;
	256	break;
	257	}
	258
	259	return to_return;
	260	}
	261
	262	/*
	263	* Most often limb sizes will be the same. If not, we use hex conversion
	264	* which is neat, but extremely inefficient.
	265	*/
a85bef18	266	static int bn2gmp(const BIGNUM *bn, mpz_t g)
40720ce3 MC	267	{
	268	bn_check_top(bn);
	269	if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
	270	(BN_BITS2 == GMP_NUMB_BITS)) {
	271	/* The common case */
	272	if (!_mpz_realloc(g, bn->top))
	273	return 0;
	274	memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0]));
	275	g->_mp_size = bn->top;
	276	if (bn->neg)
	277	g->_mp_size = -g->_mp_size;
	278	return 1;
	279	} else {
	280	int toret;
	281	char *tmpchar = BN_bn2hex(bn);
	282	if (!tmpchar)
	283	return 0;
	284	toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
	285	OPENSSL_free(tmpchar);
	286	return toret;
	287	}
	288	}
a85bef18 GT	289
a85bef18 GT	290	static int gmp2bn(mpz_t g, BIGNUM *bn)
40720ce3 MC	291	{
	292	if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
	293	(BN_BITS2 == GMP_NUMB_BITS)) {
	294	/* The common case */
	295	int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size;
	296	BN_zero(bn);
	297	if (bn_expand2(bn, s) == NULL)
	298	return 0;
	299	bn->top = s;
	300	memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0]));
	301	bn_correct_top(bn);
	302	bn->neg = g->_mp_size >= 0 ? 0 : 1;
	303	return 1;
	304	} else {
	305	int toret;
	306	char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
	307	if (!tmpchar)
	308	return 0;
	309	mpz_get_str(tmpchar, 16, g);
	310	toret = BN_hex2bn(&bn, tmpchar);
	311	OPENSSL_free(tmpchar);
	312	return toret;
	313	}
	314	}
	315
	316	# ifndef OPENSSL_NO_RSA
	317	typedef struct st_e_gmp_rsa_ctx {
	318	int public_only;
	319	mpz_t n;
	320	mpz_t d;
	321	mpz_t e;
	322	mpz_t p;
	323	mpz_t q;
	324	mpz_t dmp1;
	325	mpz_t dmq1;
	326	mpz_t iqmp;
	327	mpz_t r0, r1, I0, m1;
	328	} E_GMP_RSA_CTX;
a85bef18 GT	329
a85bef18 GT	330	static E_GMP_RSA_CTX e_gmp_get_rsa(RSA rsa)
40720ce3 MC	331	{
	332	E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
	333	if (hptr)
	334	return hptr;
	335	hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX));
	336	if (!hptr)
	337	return NULL;
	338	/*
	339	* These inits could probably be replaced by more intelligent mpz_init2()
	340	* versions, to reduce malloc-thrashing.
	341	*/
	342	mpz_init(hptr->n);
	343	mpz_init(hptr->d);
	344	mpz_init(hptr->e);
	345	mpz_init(hptr->p);
	346	mpz_init(hptr->q);
	347	mpz_init(hptr->dmp1);
	348	mpz_init(hptr->dmq1);
	349	mpz_init(hptr->iqmp);
	350	mpz_init(hptr->r0);
	351	mpz_init(hptr->r1);
	352	mpz_init(hptr->I0);
	353	mpz_init(hptr->m1);
	354	if (!bn2gmp(rsa->n, hptr->n) \|\| !bn2gmp(rsa->e, hptr->e))
	355	goto err;
	356	if (!rsa->p \|\| !rsa->q \|\| !rsa->d \|\| !rsa->dmp1 \|\| !rsa->dmq1
	357	\|\| !rsa->iqmp) {
	358	hptr->public_only = 1;
	359	return hptr;
	360	}
	361	if (!bn2gmp(rsa->d, hptr->d) \|\| !bn2gmp(rsa->p, hptr->p) \|\|
	362	!bn2gmp(rsa->q, hptr->q) \|\| !bn2gmp(rsa->dmp1, hptr->dmp1) \|\|
	363	!bn2gmp(rsa->dmq1, hptr->dmq1) \|\| !bn2gmp(rsa->iqmp, hptr->iqmp))
	364	goto err;
	365	hptr->public_only = 0;
	366	RSA_set_ex_data(rsa, hndidx_rsa, hptr);
	367	return hptr;
	368	err:
	369	mpz_clear(hptr->n);
	370	mpz_clear(hptr->d);
	371	mpz_clear(hptr->e);
	372	mpz_clear(hptr->p);
	373	mpz_clear(hptr->q);
	374	mpz_clear(hptr->dmp1);
	375	mpz_clear(hptr->dmq1);
	376	mpz_clear(hptr->iqmp);
	377	mpz_clear(hptr->r0);
	378	mpz_clear(hptr->r1);
	379	mpz_clear(hptr->I0);
	380	mpz_clear(hptr->m1);
	381	OPENSSL_free(hptr);
	382	return NULL;
	383	}
a85bef18 GT	384
a85bef18 GT	385	static int e_gmp_rsa_finish(RSA *rsa)
40720ce3 MC	386	{
	387	E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
	388	if (!hptr)
	389	return 0;
	390	mpz_clear(hptr->n);
	391	mpz_clear(hptr->d);
	392	mpz_clear(hptr->e);
	393	mpz_clear(hptr->p);
	394	mpz_clear(hptr->q);
	395	mpz_clear(hptr->dmp1);
	396	mpz_clear(hptr->dmq1);
	397	mpz_clear(hptr->iqmp);
	398	mpz_clear(hptr->r0);
	399	mpz_clear(hptr->r1);
	400	mpz_clear(hptr->I0);
	401	mpz_clear(hptr->m1);
	402	OPENSSL_free(hptr);
	403	RSA_set_ex_data(rsa, hndidx_rsa, NULL);
	404	return 1;
	405	}
	406
	407	static int e_gmp_rsa_mod_exp(BIGNUM r, const BIGNUM I, RSA *rsa,
	408	BN_CTX *ctx)
	409	{
	410	E_GMP_RSA_CTX *hptr;
	411	int to_return = 0;
	412
	413	hptr = e_gmp_get_rsa(rsa);
	414	if (!hptr) {
	415	GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_KEY_CONTEXT_ERROR);
	416	return 0;
	417	}
	418	if (hptr->public_only) {
	419	GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_MISSING_KEY_COMPONENTS);
	420	return 0;
	421	}
	422
	423	/* ugh!!! */
	424	if (!bn2gmp(I, hptr->I0))
	425	return 0;
	426
	427	/*
	428	* This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into
	429	* GMP-speak. It may be that GMP's API facilitates cleaner formulations
	430	* of this stuff, eg. better handling of negatives, or functions that
	431	* combine operations.
	432	*/
	433
	434	mpz_mod(hptr->r1, hptr->I0, hptr->q);
	435	mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q);
	436
	437	mpz_mod(hptr->r1, hptr->I0, hptr->p);
	438	mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p);
	439
	440	mpz_sub(hptr->r0, hptr->r0, hptr->m1);
	441
	442	if (mpz_sgn(hptr->r0) < 0)
	443	mpz_add(hptr->r0, hptr->r0, hptr->p);
	444	mpz_mul(hptr->r1, hptr->r0, hptr->iqmp);
	445	mpz_mod(hptr->r0, hptr->r1, hptr->p);
	446
	447	if (mpz_sgn(hptr->r0) < 0)
	448	mpz_add(hptr->r0, hptr->r0, hptr->p);
	449	mpz_mul(hptr->r1, hptr->r0, hptr->q);
450	mpz_add(hptr->r0, hptr->r1, hptr->m1);
451
452	/* ugh!!! */
453	if (gmp2bn(hptr->r0, r))
454	to_return = 1;
455
456	return 1;
457	}
458	# endif
459
460	# endif /* !OPENSSL_NO_GMP */
461
462	/*
463	* This stuff is needed if this ENGINE is being compiled into a
464	* self-contained shared-library.
465	*/
466	# ifndef OPENSSL_NO_DYNAMIC_ENGINE
6455100f	467	IMPLEMENT_DYNAMIC_CHECK_FN()
40720ce3	468	# ifndef OPENSSL_NO_GMP
a85bef18	469	static int bind_fn(ENGINE e, const char id)
40720ce3 MC	470	{
	471	if (id && (strcmp(id, engine_e_gmp_id) != 0))
	472	return 0;
	473	if (!bind_helper(e))
	474	return 0;
	475	return 1;
	476	}
	477
a85bef18	478	IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
40720ce3	479	# else
6455100f	480	OPENSSL_EXPORT
40720ce3 MC	481	int bind_engine(ENGINE e, const char id, const dynamic_fns *fns)
	482	{
	483	return 0;
	484	}
	485	# endif
	486	# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
	487
	488	#endif /* !OPENSSL_NO_HW */