1 /* crypto/engine/hw_ibmca.c */
3 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
6 /* ====================================================================
7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
35 * 6. Redistributions of any form whatsoever must retain the following
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
60 /* (C) COPYRIGHT International Business Machines Corp. 2001 */
63 #include <openssl/crypto.h>
64 #include <openssl/dso.h>
65 #include <openssl/engine.h>
68 # ifndef OPENSSL_NO_HW_IBMCA
71 # include "ica_openssl_api.h"
73 # include "vendor_defns/ica_openssl_api.h"
76 # define IBMCA_LIB_NAME "ibmca engine"
77 # include "hw_ibmca_err.c"
79 static int ibmca_destroy(ENGINE
*e
);
80 static int ibmca_init(ENGINE
*e
);
81 static int ibmca_finish(ENGINE
*e
);
82 static int ibmca_ctrl(ENGINE
*e
, int cmd
, long i
, void *p
, void (*f
) ());
84 static const char *IBMCA_F1
= "icaOpenAdapter";
85 static const char *IBMCA_F2
= "icaCloseAdapter";
86 static const char *IBMCA_F3
= "icaRsaModExpo";
87 static const char *IBMCA_F4
= "icaRandomNumberGenerate";
88 static const char *IBMCA_F5
= "icaRsaCrt";
90 ICA_ADAPTER_HANDLE handle
= 0;
93 static int ibmca_mod_exp(BIGNUM
*r
, const BIGNUM
*a
, const BIGNUM
*p
,
94 const BIGNUM
*m
, BN_CTX
*ctx
);
96 static int ibmca_mod_exp_crt(BIGNUM
*r
, const BIGNUM
*a
, const BIGNUM
*p
,
97 const BIGNUM
*q
, const BIGNUM
*dmp1
,
98 const BIGNUM
*dmq1
, const BIGNUM
*iqmp
,
101 # ifndef OPENSSL_NO_RSA
103 static int ibmca_rsa_mod_exp(BIGNUM
*r0
, const BIGNUM
*I
, RSA
*rsa
);
106 /* This function is aliased to mod_exp (with the mont stuff dropped). */
107 static int ibmca_mod_exp_mont(BIGNUM
*r
, const BIGNUM
*a
, const BIGNUM
*p
,
108 const BIGNUM
*m
, BN_CTX
*ctx
,
111 # ifndef OPENSSL_NO_DSA
113 static int ibmca_dsa_mod_exp(DSA
*dsa
, BIGNUM
*rr
, BIGNUM
*a1
,
114 BIGNUM
*p1
, BIGNUM
*a2
, BIGNUM
*p2
, BIGNUM
*m
,
115 BN_CTX
*ctx
, BN_MONT_CTX
*in_mont
);
116 static int ibmca_mod_exp_dsa(DSA
*dsa
, BIGNUM
*r
, BIGNUM
*a
,
117 const BIGNUM
*p
, const BIGNUM
*m
, BN_CTX
*ctx
,
121 # ifndef OPENSSL_NO_DH
123 /* This function is alised to mod_exp (with the DH and mont dropped). */
124 static int ibmca_mod_exp_dh(const DH
*dh
, BIGNUM
*r
,
125 const BIGNUM
*a
, const BIGNUM
*p
,
126 const BIGNUM
*m
, BN_CTX
*ctx
, BN_MONT_CTX
*m_ctx
);
130 static int ibmca_rand_bytes(unsigned char *buf
, int num
);
131 static int ibmca_rand_status(void);
133 /* WJH - check for more commands, like in nuron */
135 /* The definitions for control commands specific to this engine */
136 # define IBMCA_CMD_SO_PATH ENGINE_CMD_BASE
137 static const ENGINE_CMD_DEFN ibmca_cmd_defns
[] = {
140 "Specifies the path to the 'atasi' shared library",
141 ENGINE_CMD_FLAG_STRING
},
145 # ifndef OPENSSL_NO_RSA
146 /* Our internal RSA_METHOD that we provide pointers to */
147 static RSA_METHOD ibmca_rsa
= {
164 # ifndef OPENSSL_NO_DSA
165 /* Our internal DSA_METHOD that we provide pointers to */
166 static DSA_METHOD ibmca_dsa
= {
168 NULL
, /* dsa_do_sign */
169 NULL
, /* dsa_sign_setup */
170 NULL
, /* dsa_do_verify */
171 ibmca_dsa_mod_exp
, /* dsa_mod_exp */
172 ibmca_mod_exp_dsa
, /* bn_mod_exp */
180 # ifndef OPENSSL_NO_DH
181 /* Our internal DH_METHOD that we provide pointers to */
182 static DH_METHOD ibmca_dh
= {
194 static RAND_METHOD ibmca_rand
= {
195 /* "IBMCA RAND method", */
204 /* Constants used when creating the ENGINE */
205 static const char *engine_ibmca_id
= "ibmca";
206 static const char *engine_ibmca_name
= "Ibmca hardware engine support";
209 * This internal function is used by ENGINE_ibmca() and possibly by the
210 * "dynamic" ENGINE support too
212 static int bind_helper(ENGINE
*e
)
214 # ifndef OPENSSL_NO_RSA
215 const RSA_METHOD
*meth1
;
217 # ifndef OPENSSL_NO_DSA
218 const DSA_METHOD
*meth2
;
220 # ifndef OPENSSL_NO_DH
221 const DH_METHOD
*meth3
;
223 if (!ENGINE_set_id(e
, engine_ibmca_id
) ||
224 !ENGINE_set_name(e
, engine_ibmca_name
) ||
225 # ifndef OPENSSL_NO_RSA
226 !ENGINE_set_RSA(e
, &ibmca_rsa
) ||
228 # ifndef OPENSSL_NO_DSA
229 !ENGINE_set_DSA(e
, &ibmca_dsa
) ||
231 # ifndef OPENSSL_NO_DH
232 !ENGINE_set_DH(e
, &ibmca_dh
) ||
234 !ENGINE_set_RAND(e
, &ibmca_rand
) ||
235 !ENGINE_set_destroy_function(e
, ibmca_destroy
) ||
236 !ENGINE_set_init_function(e
, ibmca_init
) ||
237 !ENGINE_set_finish_function(e
, ibmca_finish
) ||
238 !ENGINE_set_ctrl_function(e
, ibmca_ctrl
) ||
239 !ENGINE_set_cmd_defns(e
, ibmca_cmd_defns
))
242 # ifndef OPENSSL_NO_RSA
244 * We know that the "PKCS1_SSLeay()" functions hook properly to the
245 * ibmca-specific mod_exp and mod_exp_crt so we use those functions. NB:
246 * We don't use ENGINE_openssl() or anything "more generic" because
247 * something like the RSAref code may not hook properly, and if you own
248 * one of these cards then you have the right to do RSA operations on it
251 meth1
= RSA_PKCS1_SSLeay();
252 ibmca_rsa
.rsa_pub_enc
= meth1
->rsa_pub_enc
;
253 ibmca_rsa
.rsa_pub_dec
= meth1
->rsa_pub_dec
;
254 ibmca_rsa
.rsa_priv_enc
= meth1
->rsa_priv_enc
;
255 ibmca_rsa
.rsa_priv_dec
= meth1
->rsa_priv_dec
;
258 # ifndef OPENSSL_NO_DSA
260 * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
262 meth2
= DSA_OpenSSL();
263 ibmca_dsa
.dsa_do_sign
= meth2
->dsa_do_sign
;
264 ibmca_dsa
.dsa_sign_setup
= meth2
->dsa_sign_setup
;
265 ibmca_dsa
.dsa_do_verify
= meth2
->dsa_do_verify
;
268 # ifndef OPENSSL_NO_DH
269 /* Much the same for Diffie-Hellman */
270 meth3
= DH_OpenSSL();
271 ibmca_dh
.generate_key
= meth3
->generate_key
;
272 ibmca_dh
.compute_key
= meth3
->compute_key
;
275 /* Ensure the ibmca error handling is set up */
276 ERR_load_IBMCA_strings();
280 static ENGINE
*engine_ibmca(void)
282 ENGINE
*ret
= ENGINE_new();
285 if (!bind_helper(ret
)) {
292 # ifdef ENGINE_DYNAMIC_SUPPORT
295 void ENGINE_load_ibmca(void)
297 /* Copied from eng_[openssl|dyn].c */
298 ENGINE
*toadd
= engine_ibmca();
306 /* Destructor (complements the "ENGINE_ibmca()" constructor) */
307 static int ibmca_destroy(ENGINE
*e
)
310 * Unload the ibmca error strings so any error state including our functs
311 * or reasons won't lead to a segfault (they simply get displayed without
312 * corresponding string data because none will be found).
314 ERR_unload_IBMCA_strings();
319 * This is a process-global DSO handle used for loading and unloading the
320 * Ibmca library. NB: This is only set (or unset) during an init() or
321 * finish() call (reference counts permitting) and they're operating with
322 * global locks, so this should be thread-safe implicitly.
325 static DSO
*ibmca_dso
= NULL
;
328 * These are the function pointers that are (un)set when the library has
329 * successfully (un)loaded.
332 static unsigned int (ICA_CALL
* p_icaOpenAdapter
) ();
333 static unsigned int (ICA_CALL
* p_icaCloseAdapter
) ();
334 static unsigned int (ICA_CALL
* p_icaRsaModExpo
) ();
335 static unsigned int (ICA_CALL
* p_icaRandomNumberGenerate
) ();
336 static unsigned int (ICA_CALL
* p_icaRsaCrt
) ();
338 /* utility function to obtain a context */
339 static int get_context(ICA_ADAPTER_HANDLE
* p_handle
)
341 unsigned int status
= 0;
343 status
= p_icaOpenAdapter(0, p_handle
);
349 /* similarly to release one. */
350 static void release_context(ICA_ADAPTER_HANDLE handle
)
352 p_icaCloseAdapter(handle
);
355 /* (de)initialisation functions. */
356 static int ibmca_init(ENGINE
*e
)
365 if (ibmca_dso
!= NULL
) {
366 IBMCAerr(IBMCA_F_IBMCA_INIT
, IBMCA_R_ALREADY_LOADED
);
370 * Attempt to load libatasi.so/atasi.dll/whatever. Needs to be changed
371 * unfortunately because the Ibmca drivers don't have standard library
372 * names that can be platform-translated well.
375 * TODO: Work out how to actually map to the names the Ibmca drivers
376 * really use - for now a symbollic link needs to be created on the host
377 * system from libatasi.so to atasi.so on unix variants.
380 /* WJH XXX check name translation */
382 ibmca_dso
= DSO_load(NULL
, IBMCA_LIBNAME
, NULL
,
384 * DSO_FLAG_NAME_TRANSLATION
386 if (ibmca_dso
== NULL
) {
387 IBMCAerr(IBMCA_F_IBMCA_INIT
, IBMCA_R_DSO_FAILURE
);
391 if (!(p1
= DSO_bind_func(ibmca_dso
, IBMCA_F1
)) ||
392 !(p2
= DSO_bind_func(ibmca_dso
, IBMCA_F2
)) ||
393 !(p3
= DSO_bind_func(ibmca_dso
, IBMCA_F3
)) ||
394 !(p4
= DSO_bind_func(ibmca_dso
, IBMCA_F4
)) ||
395 !(p5
= DSO_bind_func(ibmca_dso
, IBMCA_F5
))) {
396 IBMCAerr(IBMCA_F_IBMCA_INIT
, IBMCA_R_DSO_FAILURE
);
400 /* Copy the pointers */
402 p_icaOpenAdapter
= (unsigned int (ICA_CALL
*) ())p1
;
403 p_icaCloseAdapter
= (unsigned int (ICA_CALL
*) ())p2
;
404 p_icaRsaModExpo
= (unsigned int (ICA_CALL
*) ())p3
;
405 p_icaRandomNumberGenerate
= (unsigned int (ICA_CALL
*) ())p4
;
406 p_icaRsaCrt
= (unsigned int (ICA_CALL
*) ())p5
;
408 if (!get_context(&handle
)) {
409 IBMCAerr(IBMCA_F_IBMCA_INIT
, IBMCA_R_UNIT_FAILURE
);
416 p_icaOpenAdapter
= NULL
;
417 p_icaCloseAdapter
= NULL
;
418 p_icaRsaModExpo
= NULL
;
419 p_icaRandomNumberGenerate
= NULL
;
424 static int ibmca_finish(ENGINE
*e
)
426 if (ibmca_dso
== NULL
) {
427 IBMCAerr(IBMCA_F_IBMCA_FINISH
, IBMCA_R_NOT_LOADED
);
430 release_context(handle
);
431 if (!DSO_free(ibmca_dso
)) {
432 IBMCAerr(IBMCA_F_IBMCA_FINISH
, IBMCA_R_DSO_FAILURE
);
440 static int ibmca_ctrl(ENGINE
*e
, int cmd
, long i
, void *p
, void (*f
) ())
442 int initialised
= ((ibmca_dso
== NULL
) ? 0 : 1);
444 case IBMCA_CMD_SO_PATH
:
446 IBMCAerr(IBMCA_F_IBMCA_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
450 IBMCAerr(IBMCA_F_IBMCA_CTRL
, IBMCA_R_ALREADY_LOADED
);
453 IBMCA_LIBNAME
= (const char *)p
;
458 IBMCAerr(IBMCA_F_IBMCA_CTRL
, IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED
);
462 static int ibmca_mod_exp(BIGNUM
*r
, const BIGNUM
*a
, const BIGNUM
*p
,
463 const BIGNUM
*m
, BN_CTX
*ctx
)
466 * I need somewhere to store temporary serialised values for use with the
467 * Ibmca API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX but
468 * access their arrays directly as byte arrays <grin>. This way I don't
469 * have to clean anything up.
472 BIGNUM
*argument
= NULL
;
473 BIGNUM
*result
= NULL
;
476 int inLen
, outLen
, tmpLen
;
478 ICA_KEY_RSA_MODEXPO
*publKey
= NULL
;
481 to_return
= 0; /* expect failure */
484 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP
, IBMCA_R_NOT_LOADED
);
487 /* Prepare the params */
489 argument
= BN_CTX_get(ctx
);
490 result
= BN_CTX_get(ctx
);
491 key
= BN_CTX_get(ctx
);
493 if (!argument
|| !result
|| !key
) {
494 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP
, IBMCA_R_BN_CTX_FULL
);
498 if (!bn_wexpand(argument
, m
->top
) || !bn_wexpand(result
, m
->top
) ||
499 !bn_wexpand(key
, sizeof(*publKey
) / BN_BYTES
)) {
500 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP
, IBMCA_R_BN_EXPAND_FAIL
);
504 publKey
= (ICA_KEY_RSA_MODEXPO
*)key
->d
;
506 if (publKey
== NULL
) {
509 memset(publKey
, 0, sizeof(ICA_KEY_RSA_MODEXPO
));
511 publKey
->keyType
= CORRECT_ENDIANNESS(ME_KEY_TYPE
);
512 publKey
->keyLength
= CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO
));
513 publKey
->expOffset
= (char *)publKey
->keyRecord
- (char *)publKey
;
516 * A quirk of the card: the exponent length has to be the same as the
517 * modulus (key) length
520 outLen
= BN_num_bytes(m
);
522 /* check for modulus length SAB*/
524 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP
, IBMCA_R_MEXP_LENGTH_TO_LARGE
);
527 /* check for modulus length SAB*/
529 publKey
->expLength
= publKey
->nLength
= outLen
;
531 * SAB Check for underflow condition the size of the exponent is less
532 * than the size of the parameter then we have a big problem and will
533 * underflow the keyRecord buffer. Bad stuff could happen then
535 if (outLen
< BN_num_bytes(p
)) {
536 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP
, IBMCA_R_UNDERFLOW_KEYRECORD
);
539 /* SAB End check for underflow */
541 BN_bn2bin(p
, &publKey
->keyRecord
[publKey
->expLength
- BN_num_bytes(p
)]);
542 BN_bn2bin(m
, &publKey
->keyRecord
[publKey
->expLength
]);
544 publKey
->modulusBitLength
= CORRECT_ENDIANNESS(publKey
->nLength
* 8);
545 publKey
->nOffset
= CORRECT_ENDIANNESS(publKey
->expOffset
+
548 publKey
->expOffset
= CORRECT_ENDIANNESS((char *)publKey
->keyRecord
-
552 publKey
->expLength
= publKey
->nLength
= CORRECT_ENDIANNESS(tmpLen
);
554 /* Prepare the argument */
556 memset(argument
->d
, 0, outLen
);
557 BN_bn2bin(a
, (unsigned char *)argument
->d
+ outLen
- BN_num_bytes(a
));
561 /* Perform the operation */
563 if ((rc
= p_icaRsaModExpo(handle
, inLen
, (unsigned char *)argument
->d
,
564 publKey
, &outLen
, (unsigned char *)result
->d
))
566 printf("rc = %d\n", rc
);
567 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP
, IBMCA_R_REQUEST_FAILED
);
571 /* Convert the response */
572 BN_bin2bn((unsigned char *)result
->d
, outLen
, r
);
579 # ifndef OPENSSL_NO_RSA
580 static int ibmca_rsa_mod_exp(BIGNUM
*r0
, const BIGNUM
*I
, RSA
*rsa
)
585 if ((ctx
= BN_CTX_new()) == NULL
)
587 if (!rsa
->p
|| !rsa
->q
|| !rsa
->dmp1
|| !rsa
->dmq1
|| !rsa
->iqmp
) {
588 if (!rsa
->d
|| !rsa
->n
) {
589 IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP
,
590 IBMCA_R_MISSING_KEY_COMPONENTS
);
593 to_return
= ibmca_mod_exp(r0
, I
, rsa
->d
, rsa
->n
, ctx
);
595 to_return
= ibmca_mod_exp_crt(r0
, I
, rsa
->p
, rsa
->q
, rsa
->dmp1
,
596 rsa
->dmq1
, rsa
->iqmp
, ctx
);
605 /* Ein kleines chinesisches "Restessen" */
606 static int ibmca_mod_exp_crt(BIGNUM
*r
, const BIGNUM
*a
, const BIGNUM
*p
,
607 const BIGNUM
*q
, const BIGNUM
*dmp1
,
608 const BIGNUM
*dmq1
, const BIGNUM
*iqmp
,
612 BIGNUM
*argument
= NULL
;
613 BIGNUM
*result
= NULL
;
616 int to_return
= 0; /* expect failure */
619 ICA_KEY_RSA_CRT
*privKey
= NULL
;
623 unsigned int offset
, pSize
, qSize
;
624 /* SAB New variables */
625 unsigned int keyRecordSize
;
626 unsigned int pbytes
= BN_num_bytes(p
);
627 unsigned int qbytes
= BN_num_bytes(q
);
628 unsigned int dmp1bytes
= BN_num_bytes(dmp1
);
629 unsigned int dmq1bytes
= BN_num_bytes(dmq1
);
630 unsigned int iqmpbytes
= BN_num_bytes(iqmp
);
632 /* Prepare the params */
635 argument
= BN_CTX_get(ctx
);
636 result
= BN_CTX_get(ctx
);
637 key
= BN_CTX_get(ctx
);
639 if (!argument
|| !result
|| !key
) {
640 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT
, IBMCA_R_BN_CTX_FULL
);
644 if (!bn_wexpand(argument
, p
->top
+ q
->top
) ||
645 !bn_wexpand(result
, p
->top
+ q
->top
) ||
646 !bn_wexpand(key
, sizeof(*privKey
) / BN_BYTES
)) {
647 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT
, IBMCA_R_BN_EXPAND_FAIL
);
651 privKey
= (ICA_KEY_RSA_CRT
*)key
->d
;
653 * SAB Add check for total size in bytes of the parms does not exceed the
654 * buffer space we have do this first
656 keyRecordSize
= pbytes
+ qbytes
+ dmp1bytes
+ dmq1bytes
+ iqmpbytes
;
657 if (keyRecordSize
> sizeof(privKey
->keyRecord
)) {
658 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT
, IBMCA_R_OPERANDS_TO_LARGE
);
662 if ((qbytes
+ dmq1bytes
) > 256) {
663 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT
, IBMCA_R_OPERANDS_TO_LARGE
);
667 if (pbytes
+ dmp1bytes
> 256) {
668 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT
, IBMCA_R_OPERANDS_TO_LARGE
);
672 /* end SAB additions */
674 memset(privKey
, 0, sizeof(ICA_KEY_RSA_CRT
));
675 privKey
->keyType
= CORRECT_ENDIANNESS(CRT_KEY_TYPE
);
676 privKey
->keyLength
= CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT
));
677 privKey
->modulusBitLength
= CORRECT_ENDIANNESS(BN_num_bytes(q
) * 2 * 8);
680 * p,dp & qInv are 1 QWORD Larger
682 privKey
->pLength
= CORRECT_ENDIANNESS(BN_num_bytes(p
) + 8);
683 privKey
->qLength
= CORRECT_ENDIANNESS(BN_num_bytes(q
));
684 privKey
->dpLength
= CORRECT_ENDIANNESS(BN_num_bytes(dmp1
) + 8);
685 privKey
->dqLength
= CORRECT_ENDIANNESS(BN_num_bytes(dmq1
));
686 privKey
->qInvLength
= CORRECT_ENDIANNESS(BN_num_bytes(iqmp
) + 8);
688 offset
= (char *)privKey
->keyRecord
- (char *)privKey
;
690 qSize
= BN_num_bytes(q
);
691 pSize
= qSize
+ 8; /* 1 QWORD larger */
694 * SAB probably aittle redundant, but we'll verify that each of the
695 * components which make up a key record sent ot the card does not exceed
696 * the space that is allocated for it. this handles the case where even
697 * if the total length does not exceed keyrecord zied, if the operands are
698 * funny sized they could cause potential side affects on either the card
702 if ((pbytes
> pSize
) || (dmp1bytes
> pSize
) ||
703 (iqmpbytes
> pSize
) || (qbytes
> qSize
) || (dmq1bytes
> qSize
)) {
704 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT
, IBMCA_R_OPERANDS_TO_LARGE
);
709 privKey
->dpOffset
= CORRECT_ENDIANNESS(offset
);
712 privKey
->dqOffset
= CORRECT_ENDIANNESS(offset
);
715 privKey
->pOffset
= CORRECT_ENDIANNESS(offset
);
718 privKey
->qOffset
= CORRECT_ENDIANNESS(offset
);
721 privKey
->qInvOffset
= CORRECT_ENDIANNESS(offset
);
723 pkey
= (char *)privKey
->keyRecord
;
725 /* SAB first check that we don;t under flow the buffer */
726 if (pSize
< pbytes
) {
727 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT
, IBMCA_R_UNDERFLOW_CONDITION
);
731 /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */
732 pkey
+= pSize
- BN_num_bytes(dmp1
);
733 BN_bn2bin(dmp1
, pkey
);
734 pkey
+= BN_num_bytes(dmp1
); /* move the pointer */
736 BN_bn2bin(dmq1
, pkey
); /* Copy over dmq1 */
738 pkey
+= qSize
; /* move pointer */
739 /* set up for zero padding of next field */
740 pkey
+= pSize
- BN_num_bytes(p
);
743 /* increment pointer by number of bytes moved */
744 pkey
+= BN_num_bytes(p
);
747 pkey
+= qSize
; /* move the pointer */
748 pkey
+= pSize
- BN_num_bytes(iqmp
); /* Adjust for padding */
749 BN_bn2bin(iqmp
, pkey
);
751 /* Prepare the argument and response */
754 * Correct endianess is used because the fields were converted above
756 outLen
= CORRECT_ENDIANNESS(privKey
->qLength
) * 2;
759 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT
, IBMCA_R_OUTLEN_TO_LARGE
);
763 /* SAB check for underflow here on the argeument */
764 if (outLen
< BN_num_bytes(a
)) {
765 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT
, IBMCA_R_UNDERFLOW_CONDITION
);
769 BN_bn2bin(a
, (unsigned char *)argument
->d
+ outLen
- BN_num_bytes(a
));
772 memset(result
->d
, 0, outLen
);
774 /* Perform the operation */
776 if ((rc
= p_icaRsaCrt(handle
, inLen
, (unsigned char *)argument
->d
,
777 privKey
, &outLen
, (unsigned char *)result
->d
)) != 0)
779 printf("rc = %d\n", rc
);
780 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT
, IBMCA_R_REQUEST_FAILED
);
784 /* Convert the response */
786 BN_bin2bn((unsigned char *)result
->d
, outLen
, r
);
795 # ifndef OPENSSL_NO_DSA
797 * This code was liberated and adapted from the commented-out code in
798 * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration (it
799 * doesn't have a CRT form for RSA), this function means that an Ibmca system
800 * running with a DSA server certificate can handshake around 5 or 6 times
801 * faster/more than an equivalent system running with RSA. Just check out the
802 * "signs" statistics from the RSA and DSA parts of "openssl speed -engine
803 * ibmca dsa1024 rsa1024".
805 static int ibmca_dsa_mod_exp(DSA
*dsa
, BIGNUM
*rr
, BIGNUM
*a1
,
806 BIGNUM
*p1
, BIGNUM
*a2
, BIGNUM
*p2
, BIGNUM
*m
,
807 BN_CTX
*ctx
, BN_MONT_CTX
*in_mont
)
813 /* let rr = a1 ^ p1 mod m */
814 if (!ibmca_mod_exp(rr
, a1
, p1
, m
, ctx
))
816 /* let t = a2 ^ p2 mod m */
817 if (!ibmca_mod_exp(&t
, a2
, p2
, m
, ctx
))
819 /* let rr = rr * t mod m */
820 if (!BN_mod_mul(rr
, rr
, &t
, m
, ctx
))
828 static int ibmca_mod_exp_dsa(DSA
*dsa
, BIGNUM
*r
, BIGNUM
*a
,
829 const BIGNUM
*p
, const BIGNUM
*m
, BN_CTX
*ctx
,
832 return ibmca_mod_exp(r
, a
, p
, m
, ctx
);
836 /* This function is aliased to mod_exp (with the mont stuff dropped). */
837 static int ibmca_mod_exp_mont(BIGNUM
*r
, const BIGNUM
*a
, const BIGNUM
*p
,
838 const BIGNUM
*m
, BN_CTX
*ctx
,
841 return ibmca_mod_exp(r
, a
, p
, m
, ctx
);
844 # ifndef OPENSSL_NO_DH
845 /* This function is aliased to mod_exp (with the dh and mont dropped). */
846 static int ibmca_mod_exp_dh(DH
const *dh
, BIGNUM
*r
,
847 const BIGNUM
*a
, const BIGNUM
*p
,
848 const BIGNUM
*m
, BN_CTX
*ctx
, BN_MONT_CTX
*m_ctx
)
850 return ibmca_mod_exp(r
, a
, p
, m
, ctx
);
854 /* Random bytes are good */
855 static int ibmca_rand_bytes(unsigned char *buf
, int num
)
857 int to_return
= 0; /* assume failure */
861 IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES
, IBMCA_R_NOT_INITIALISED
);
865 ret
= p_icaRandomNumberGenerate(handle
, num
, buf
);
867 IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES
, IBMCA_R_REQUEST_FAILED
);
875 static int ibmca_rand_status(void)
881 * This stuff is needed if this ENGINE is being compiled into a
882 * self-contained shared-library.
884 # ifdef ENGINE_DYNAMIC_SUPPORT
885 static int bind_fn(ENGINE
*e
, const char *id
)
887 if (id
&& (strcmp(id
, engine_ibmca_id
) != 0)) /* WJH XXX */
894 IMPLEMENT_DYNAMIC_CHECK_FN()
895 IMPLEMENT_DYNAMIC_BIND_FN(bind_fn
)
896 # endif /* ENGINE_DYNAMIC_SUPPORT */
897 # endif /* !OPENSSL_NO_HW_IBMCA */
898 #endif /* !OPENSSL_NO_HW */