#ifndef NO_ERR
static ERR_STRING_DATA ENGINE_str_functs[]=
{
-{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0), "CSWIFT_FINISH"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0), "CSWIFT_INIT"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0), "CSWIFT_MOD_EXP_CRT"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0), "CSWIFT_RSA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0), "cswift_dsa_sign"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0), "cswift_finish"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0), "cswift_init"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0), "cswift_mod_exp"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0), "cswift_mod_exp_crt"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0), "cswift_rsa_mod_exp"},
{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"},
{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"},
{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_RAND,0), "ENGINE_get_RAND"},
{ERR_PACK(0,ENGINE_F_ENGINE_GET_RSA,0), "ENGINE_get_RSA"},
{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_list_add"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_list_remove"},
{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"},
{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0), "ENGINE_set_BN_mod_exp"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,0), "ENGINE_set_BN_mod_exp_crt"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "engine_set_default_type"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_DH,0), "ENGINE_set_DH"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_DSA,0), "ENGINE_set_DSA"},
{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"},
static int cswift_init();
static int cswift_finish();
+/* BIGNUM stuff */
static int cswift_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
static int cswift_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
const BIGNUM *iqmp, BN_CTX *ctx);
+/* RSA stuff */
static int cswift_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DSA stuff */
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+
+/* DH stuff */
/* This function is alised to mod_exp (with the DH and mont dropped). */
static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD cswift_rsa =
{
NULL
};
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD cswift_dsa =
+ {
+ "CryptoSwift DSA method",
+ cswift_dsa_sign,
+ NULL, /* dsa_sign_setup */
+ cswift_dsa_verify,
+ NULL, /* dsa_mod_exp */
+ NULL, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL /* app_data */
+ };
+
/* Our internal DH_METHOD that we provide pointers to */
static DH_METHOD cswift_dh =
{
"cswift",
"CryptoSwift hardware engine support",
&cswift_rsa,
- NULL,
+ &cswift_dsa,
&cswift_dh,
NULL,
cswift_mod_exp,
const BIGNUM *q, const BIGNUM *dmp1,
const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
{
- BIGNUM *rsa_p;
- BIGNUM *rsa_q;
- BIGNUM *rsa_dmp1;
- BIGNUM *rsa_dmq1;
- BIGNUM *rsa_iqmp;
- BIGNUM *argument;
- BIGNUM *result;
SW_LARGENUMBER arg, res;
SW_PARAM sw_param;
SW_CONTEXT_HANDLE hac;
- int to_return, acquired;
-
- rsa_p = rsa_q = rsa_dmp1 = rsa_dmq1 = rsa_iqmp =
- argument = result = NULL;
- to_return = 0; /* expect failure */
- acquired = 0;
+ BIGNUM *rsa_p = NULL;
+ BIGNUM *rsa_q = NULL;
+ BIGNUM *rsa_dmp1 = NULL;
+ BIGNUM *rsa_dmq1 = NULL;
+ BIGNUM *rsa_iqmp = NULL;
+ BIGNUM *argument = NULL;
+ BIGNUM *result = NULL;
+ int to_return = 0; /* expect failure */
+ int acquired = 0;
if(!get_context(&hac))
{
return cswift_mod_exp(r, a, p, m, ctx);
}
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+ {
+ SW_CONTEXT_HANDLE hac;
+ SW_PARAM sw_param;
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg, res;
+ unsigned char *ptr;
+ BN_CTX *ctx;
+ BIGNUM *dsa_p = NULL;
+ BIGNUM *dsa_q = NULL;
+ BIGNUM *dsa_g = NULL;
+ BIGNUM *dsa_key = NULL;
+ BIGNUM *result = NULL;
+ DSA_SIG *to_return = NULL;
+ int acquired = 0;
+
+ if((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if(!get_context(&hac))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_GET_HANDLE_FAILED);
+ goto err;
+ }
+ acquired = 1;
+ /* Prepare the params */
+ dsa_p = BN_CTX_get(ctx);
+ dsa_q = BN_CTX_get(ctx);
+ dsa_g = BN_CTX_get(ctx);
+ dsa_key = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !result)
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_CTX_FULL);
+ goto err;
+ }
+ if(!bn_wexpand(dsa_p, dsa->p->top) ||
+ !bn_wexpand(dsa_q, dsa->q->top) ||
+ !bn_wexpand(dsa_g, dsa->g->top) ||
+ !bn_wexpand(dsa_key, dsa->priv_key->top) ||
+ !bn_wexpand(result, dsa->p->top))
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ sw_param.type = SW_ALG_DSA;
+ sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+ (unsigned char *)dsa_p->d);
+ sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+ sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+ (unsigned char *)dsa_q->d);
+ sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+ sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+ (unsigned char *)dsa_g->d);
+ sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+ sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
+ (unsigned char *)dsa_key->d);
+ sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+ /* Attach the key params */
+ if(p_CSwift_AttachKeyParam(hac, &sw_param) != SW_OK)
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_PROVIDE_PARAMETERS);
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg.nbytes = dlen;
+ arg.value = (unsigned char *)dgst;
+ res.nbytes = BN_num_bytes(dsa->p);
+ memset(result->d, 0, res.nbytes);
+ res.value = (unsigned char *)result->d;
+ /* Perform the operation */
+ sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
+ &res, 1);
+ if(sw_status != SW_OK)
+ {
+ ENGINEerr(ENGINE_F_CSWIFT_DSA_SIGN,ENGINE_R_REQUEST_FAILED);
+ goto err;
+ }
+ /* Convert the response */
+ ptr = (unsigned char *)result->d;
+ if((to_return = DSA_SIG_new()) == NULL)
+ goto err;
+ to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
+ to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
+
+err:
+ if(acquired)
+ release_context(hac);
+ if(dsa_p) ctx->tos--;
+ if(dsa_q) ctx->tos--;
+ if(dsa_g) ctx->tos--;
+ if(dsa_key) ctx->tos--;
+ if(result) ctx->tos--;
+ if(ctx)
+ BN_CTX_free(ctx);
+ return to_return;
+ }
+
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa)
+ {
+ DSA_METHOD *meth, *tmp_meth;
+ int ret;
+ meth = DSA_OpenSSL();
+ tmp_meth = ENGINE_get_DSA(dsa->handle);
+ ENGINE_set_DSA(dsa->handle, meth);
+ ret = DSA_do_verify(dgst, dgst_len, sig, dsa);
+ ENGINE_set_DSA(dsa->handle, tmp_meth);
+ return ret;
+ }
+
/* This function is aliased to mod_exp (with the dh and mont dropped). */
static int cswift_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
projects / oweals / openssl.git / commitdiff