9397
|
1 |
diff -urN -x /home/sbade/dontdirr openssl-engine-0.9.6e.base/crypto/engine/Makefile openssl-engine-0.9.6e.patch/crypto/engine/Makefile
|
|
2 |
--- openssl-engine-0.9.6e.base/crypto/engine/Makefile Thu Feb 7 23:04:30 2002
|
|
3 |
+++ openssl-engine-0.9.6e.patch/crypto/engine/Makefile Fri Aug 2 14:37:08 2002
|
|
4 |
@@ -24,10 +24,10 @@
|
|
5 |
LIB=$(TOP)/libcrypto.a
|
|
6 |
LIBSRC= engine_err.c engine_lib.c engine_list.c engine_openssl.c \
|
|
7 |
hw_atalla.c hw_cswift.c hw_ncipher.c hw_aep.c hw_sureware.c \
|
|
8 |
- hw_ubsec.c hw_keyclient.c
|
|
9 |
+ hw_ubsec.c hw_keyclient.c hw_ibmca.c
|
|
10 |
LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_openssl.o \
|
|
11 |
hw_atalla.o hw_cswift.o hw_ncipher.o hw_aep.o hw_sureware.o \
|
|
12 |
- hw_ubsec.o hw_keyclient.o
|
|
13 |
+ hw_ubsec.o hw_keyclient.o hw_ibmca.o
|
|
14 |
|
|
15 |
SRC= $(LIBSRC)
|
|
16 |
|
|
17 |
diff -urN -x /home/sbade/dontdirr openssl-engine-0.9.6e.base/crypto/engine/Makefile.ssl openssl-engine-0.9.6e.patch/crypto/engine/Makefile.ssl
|
|
18 |
--- openssl-engine-0.9.6e.base/crypto/engine/Makefile.ssl Thu Feb 7 23:04:30 2002
|
|
19 |
+++ openssl-engine-0.9.6e.patch/crypto/engine/Makefile.ssl Fri Aug 2 14:37:08 2002
|
|
20 |
@@ -24,10 +24,10 @@
|
|
21 |
LIB=$(TOP)/libcrypto.a
|
|
22 |
LIBSRC= engine_err.c engine_lib.c engine_list.c engine_openssl.c \
|
|
23 |
hw_atalla.c hw_cswift.c hw_ncipher.c hw_aep.c hw_sureware.c \
|
|
24 |
- hw_ubsec.c hw_keyclient.c
|
|
25 |
+ hw_ubsec.c hw_keyclient.c hw_ibmca.c
|
|
26 |
LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_openssl.o \
|
|
27 |
hw_atalla.o hw_cswift.o hw_ncipher.o hw_aep.o hw_sureware.o \
|
|
28 |
- hw_ubsec.o hw_keyclient.o
|
|
29 |
+ hw_ubsec.o hw_keyclient.o hw_ibmca.o
|
|
30 |
|
|
31 |
SRC= $(LIBSRC)
|
|
32 |
|
|
33 |
diff -urN -x /home/sbade/dontdirr openssl-engine-0.9.6e.base/crypto/engine/engine.h openssl-engine-0.9.6e.patch/crypto/engine/engine.h
|
|
34 |
--- openssl-engine-0.9.6e.base/crypto/engine/engine.h Thu Feb 7 23:04:29 2002
|
|
35 |
+++ openssl-engine-0.9.6e.patch/crypto/engine/engine.h Fri Aug 2 14:37:08 2002
|
|
36 |
@@ -406,6 +406,13 @@
|
|
37 |
#define ENGINE_F_UBSEC_RNG_BYTES 172
|
|
38 |
#define ENGINE_F_UBSEC_RSA_MOD_EXP 168
|
|
39 |
#define ENGINE_F_UBSEC_RSA_MOD_EXP_CRT 169
|
|
40 |
+#define ENGINE_F_IBMCA_FINISH 180
|
|
41 |
+#define ENGINE_F_IBMCA_INIT 181
|
|
42 |
+#define ENGINE_F_IBMCA_MOD_EXP 182
|
|
43 |
+#define ENGINE_F_IBMCA_MOD_EXP_CRT 183
|
|
44 |
+#define ENGINE_F_IBMCA_RAND_BYTES 184
|
|
45 |
+#define ENGINE_F_IBMCA_RSA_MOD_EXP 185
|
|
46 |
+
|
|
47 |
|
|
48 |
/* Reason codes. */
|
|
49 |
#define ENGINE_R_AEP_INIT_FAILURE 132
|
|
50 |
diff -urN -x /home/sbade/dontdirr openssl-engine-0.9.6e.base/crypto/engine/engine_err.c openssl-engine-0.9.6e.patch/crypto/engine/engine_err.c
|
|
51 |
--- openssl-engine-0.9.6e.base/crypto/engine/engine_err.c Thu Feb 7 23:04:27 2002
|
|
52 |
+++ openssl-engine-0.9.6e.patch/crypto/engine/engine_err.c Fri Aug 2 14:37:08 2002
|
|
53 |
@@ -177,6 +177,12 @@
|
|
54 |
{ERR_PACK(0,ENGINE_F_UBSEC_RNG_BYTES,0), "UBSEC_RNG_BYTES"},
|
|
55 |
{ERR_PACK(0,ENGINE_F_UBSEC_RSA_MOD_EXP,0), "UBSEC_RSA_MOD_EXP"},
|
|
56 |
{ERR_PACK(0,ENGINE_F_UBSEC_RSA_MOD_EXP_CRT,0), "UBSEC_RSA_MOD_EXP_CRT"},
|
|
57 |
+{ERR_PACK(0,ENGINE_F_IBMCA_FINISH,0), "IBMCA_FINISH"},
|
|
58 |
+{ERR_PACK(0,ENGINE_F_IBMCA_INIT,0), "IBMCA_INIT"},
|
|
59 |
+{ERR_PACK(0,ENGINE_F_IBMCA_MOD_EXP,0), "IBMCA_MOD_EXP"},
|
|
60 |
+{ERR_PACK(0,ENGINE_F_IBMCA_MOD_EXP_CRT,0), "IBMCA_MOD_EXP_CRT"},
|
|
61 |
+{ERR_PACK(0,ENGINE_F_IBMCA_RAND_BYTES,0), "IBMCA_RAND_BYTES"},
|
|
62 |
+{ERR_PACK(0,ENGINE_F_IBMCA_RSA_MOD_EXP,0), "IBMCA_RSA_MOD_EXP"},
|
|
63 |
{0,NULL}
|
|
64 |
};
|
|
65 |
|
|
66 |
diff -urN -x /home/sbade/dontdirr openssl-engine-0.9.6e.base/crypto/engine/engine_int.h openssl-engine-0.9.6e.patch/crypto/engine/engine_int.h
|
|
67 |
--- openssl-engine-0.9.6e.base/crypto/engine/engine_int.h Sat Nov 17 06:28:05 2001
|
|
68 |
+++ openssl-engine-0.9.6e.patch/crypto/engine/engine_int.h Fri Aug 2 14:37:08 2002
|
|
69 |
@@ -151,6 +151,11 @@
|
|
70 |
ENGINE *ENGINE_atalla();
|
|
71 |
#endif /* !NO_HW_ATALLA */
|
|
72 |
|
|
73 |
+#ifndef NO_HW_IBMCA
|
|
74 |
+/* Returns a structure of ibmca methods. */
|
|
75 |
+ENGINE *ENGINE_ibmca();
|
|
76 |
+#endif /* !NO_HW_IBMCA */
|
|
77 |
+
|
|
78 |
#ifndef NO_HW_AEP
|
|
79 |
/* Returns a structure of AEP methods. */
|
|
80 |
ENGINE *ENGINE_aep();
|
|
81 |
diff -urN -x /home/sbade/dontdirr openssl-engine-0.9.6e.base/crypto/engine/engine_list.c openssl-engine-0.9.6e.patch/crypto/engine/engine_list.c
|
|
82 |
--- openssl-engine-0.9.6e.base/crypto/engine/engine_list.c Sat Nov 17 06:28:07 2001
|
|
83 |
+++ openssl-engine-0.9.6e.patch/crypto/engine/engine_list.c Fri Aug 2 14:37:08 2002
|
|
84 |
@@ -215,6 +215,10 @@
|
|
85 |
return 0;
|
|
86 |
#endif /* !NO_HW_KEYCLIENT */
|
|
87 |
#endif /* !NO_HW */
|
|
88 |
+#ifndef NO_HW_IBMCA
|
|
89 |
+ if(!engine_list_add(ENGINE_ibmca()))
|
|
90 |
+ return 0;
|
|
91 |
+#endif /* !NO_HW_IBMCA */
|
|
92 |
engine_list_flag = 1;
|
|
93 |
return 1;
|
|
94 |
}
|
|
95 |
diff -urN -x /home/sbade/dontdirr openssl-engine-0.9.6e.base/crypto/engine/hw_ibmca.c openssl-engine-0.9.6e.patch/crypto/engine/hw_ibmca.c
|
|
96 |
--- openssl-engine-0.9.6e.base/crypto/engine/hw_ibmca.c Thu Jan 1 01:00:00 1970
|
|
97 |
+++ openssl-engine-0.9.6e.patch/crypto/engine/hw_ibmca.c Fri Aug 2 14:38:02 2002
|
|
98 |
@@ -0,0 +1,814 @@
|
|
99 |
+/* crypto/engine/hw_ibmca.c */
|
|
100 |
+/* Written by Geoff Thorpe ([email protected]) for the OpenSSL
|
|
101 |
+ * project 2000.
|
|
102 |
+ */
|
|
103 |
+/* ====================================================================
|
|
104 |
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
|
105 |
+ *
|
|
106 |
+ * Redistribution and use in source and binary forms, with or without
|
|
107 |
+ * modification, are permitted provided that the following conditions
|
|
108 |
+ * are met:
|
|
109 |
+ *
|
|
110 |
+ * 1. Redistributions of source code must retain the above copyright
|
|
111 |
+ * notice, this list of conditions and the following disclaimer.
|
|
112 |
+ *
|
|
113 |
+ * 2. Redistributions in binary form must reproduce the above copyright
|
|
114 |
+ * notice, this list of conditions and the following disclaimer in
|
|
115 |
+ * the documentation and/or other materials provided with the
|
|
116 |
+ * distribution.
|
|
117 |
+ *
|
|
118 |
+ * 3. All advertising materials mentioning features or use of this
|
|
119 |
+ * software must display the following acknowledgment:
|
|
120 |
+ * "This product includes software developed by the OpenSSL Project
|
|
121 |
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
|
122 |
+ *
|
|
123 |
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
124 |
+ * endorse or promote products derived from this software without
|
|
125 |
+ * prior written permission. For written permission, please contact
|
|
126 |
+ * [email protected].
|
|
127 |
+ *
|
|
128 |
+ * 5. Products derived from this software may not be called "OpenSSL"
|
|
129 |
+ * nor may "OpenSSL" appear in their names without prior written
|
|
130 |
+ * permission of the OpenSSL Project.
|
|
131 |
+ *
|
|
132 |
+ * 6. Redistributions of any form whatsoever must retain the following
|
|
133 |
+ * acknowledgment:
|
|
134 |
+ * "This product includes software developed by the OpenSSL Project
|
|
135 |
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
|
136 |
+ *
|
|
137 |
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
138 |
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
139 |
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
140 |
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
141 |
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
142 |
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
143 |
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
144 |
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
145 |
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
146 |
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
147 |
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
148 |
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
149 |
+ * ====================================================================
|
|
150 |
+ *
|
|
151 |
+ * This product includes cryptographic software written by Eric Young
|
|
152 |
+ * ([email protected]). This product includes software written by Tim
|
|
153 |
+ * Hudson ([email protected]).
|
|
154 |
+ *
|
|
155 |
+ */
|
|
156 |
+
|
|
157 |
+/* (C) COPYRIGHT International Business Machines Corp. 2001 */
|
|
158 |
+
|
|
159 |
+#include <stdio.h>
|
|
160 |
+#include <openssl/crypto.h>
|
|
161 |
+#include "cryptlib.h"
|
|
162 |
+#include <openssl/dso.h>
|
|
163 |
+#include "engine_int.h"
|
|
164 |
+#include <openssl/engine.h>
|
|
165 |
+
|
|
166 |
+#ifndef NO_HW
|
|
167 |
+#ifndef NO_HW_IBMCA
|
|
168 |
+
|
|
169 |
+#ifdef FLAT_INC
|
|
170 |
+#include "ica_openssl_api.h"
|
|
171 |
+#else
|
|
172 |
+#include "vendor_defns/ica_openssl_api.h"
|
|
173 |
+#endif
|
|
174 |
+
|
|
175 |
+static const char *IBMCA_F1 = "icaOpenAdapter";
|
|
176 |
+static const char *IBMCA_F2 = "icaCloseAdapter";
|
|
177 |
+static const char *IBMCA_F3 = "icaRsaModExpo";
|
|
178 |
+static const char *IBMCA_F4 = "icaRandomNumberGenerate";
|
|
179 |
+static const char *IBMCA_F5 = "icaRsaCrt";
|
|
180 |
+
|
|
181 |
+ICA_ADAPTER_HANDLE handle=0;
|
|
182 |
+
|
|
183 |
+static int ibmca_init(void);
|
|
184 |
+static int ibmca_finish(void);
|
|
185 |
+
|
|
186 |
+/* BIGNUM stuff */
|
|
187 |
+static int ibmca_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
|
188 |
+ const BIGNUM *m, BN_CTX *ctx);
|
|
189 |
+
|
|
190 |
+static int ibmca_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
|
191 |
+ const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
|
|
192 |
+ const BIGNUM *iqmp, BN_CTX *ctx);
|
|
193 |
+
|
|
194 |
+/* RSA stuff */
|
|
195 |
+static int ibmca_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
|
|
196 |
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
|
|
197 |
+static int ibmca_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
|
198 |
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
|
199 |
+
|
|
200 |
+/* DSA stuff */
|
|
201 |
+static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
|
|
202 |
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
|
|
203 |
+ BN_CTX *ctx, BN_MONT_CTX *in_mont);
|
|
204 |
+static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
|
|
205 |
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
|
|
206 |
+ BN_MONT_CTX *m_ctx);
|
|
207 |
+
|
|
208 |
+/* DH stuff */
|
|
209 |
+/* This function is alised to mod_exp (with the DH and mont dropped). */
|
|
210 |
+static int ibmca_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
|
211 |
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
|
212 |
+
|
|
213 |
+/* RAND stuff */
|
|
214 |
+static int ibmca_rand_bytes(unsigned char *buf, int num);
|
|
215 |
+static int ibmca_rand_status(void);
|
|
216 |
+
|
|
217 |
+/* Our internal RSA_METHOD that we provide pointers to */
|
|
218 |
+static RSA_METHOD ibmca_rsa =
|
|
219 |
+ {
|
|
220 |
+ "Ibmca RSA method",
|
|
221 |
+ NULL,
|
|
222 |
+ NULL,
|
|
223 |
+ NULL,
|
|
224 |
+ NULL,
|
|
225 |
+ ibmca_rsa_mod_exp,
|
|
226 |
+ ibmca_mod_exp_mont,
|
|
227 |
+ NULL,
|
|
228 |
+ NULL,
|
|
229 |
+ 0,
|
|
230 |
+ NULL,
|
|
231 |
+ NULL,
|
|
232 |
+ NULL
|
|
233 |
+ };
|
|
234 |
+
|
|
235 |
+/* Our internal DSA_METHOD that we provide pointers to */
|
|
236 |
+static DSA_METHOD ibmca_dsa =
|
|
237 |
+ {
|
|
238 |
+ "Ibmca DSA method",
|
|
239 |
+ NULL, /* dsa_do_sign */
|
|
240 |
+ NULL, /* dsa_sign_setup */
|
|
241 |
+ NULL, /* dsa_do_verify */
|
|
242 |
+ ibmca_dsa_mod_exp, /* dsa_mod_exp */
|
|
243 |
+ ibmca_mod_exp_dsa, /* bn_mod_exp */
|
|
244 |
+ NULL, /* init */
|
|
245 |
+ NULL, /* finish */
|
|
246 |
+ 0, /* flags */
|
|
247 |
+ NULL /* app_data */
|
|
248 |
+ };
|
|
249 |
+
|
|
250 |
+/* Our internal DH_METHOD that we provide pointers to */
|
|
251 |
+static DH_METHOD ibmca_dh =
|
|
252 |
+ {
|
|
253 |
+ "Ibmca DH method",
|
|
254 |
+ NULL,
|
|
255 |
+ NULL,
|
|
256 |
+ ibmca_mod_exp_dh,
|
|
257 |
+ NULL,
|
|
258 |
+ NULL,
|
|
259 |
+ 0,
|
|
260 |
+ NULL
|
|
261 |
+ };
|
|
262 |
+
|
|
263 |
+static RAND_METHOD ibmca_rand =
|
|
264 |
+ {
|
|
265 |
+ /* "IBMCA RAND method", */
|
|
266 |
+ NULL,
|
|
267 |
+ ibmca_rand_bytes,
|
|
268 |
+ NULL,
|
|
269 |
+ NULL,
|
|
270 |
+ ibmca_rand_bytes,
|
|
271 |
+ ibmca_rand_status,
|
|
272 |
+ };
|
|
273 |
+
|
|
274 |
+/* Our ENGINE structure. */
|
|
275 |
+static ENGINE engine_ibmca =
|
|
276 |
+ {
|
|
277 |
+ "ibmca",
|
|
278 |
+ "Ibmca hardware engine support",
|
|
279 |
+ &ibmca_rsa,
|
|
280 |
+ &ibmca_dsa,
|
|
281 |
+ &ibmca_dh,
|
|
282 |
+ &ibmca_rand,
|
|
283 |
+ ibmca_mod_exp,
|
|
284 |
+ NULL,
|
|
285 |
+ ibmca_init,
|
|
286 |
+ ibmca_finish,
|
|
287 |
+ NULL, /* no ctrl() */
|
|
288 |
+ NULL, /* no load_privkey() */
|
|
289 |
+ NULL, /* no load_pubkey() */
|
|
290 |
+ 0, /* no flags */
|
|
291 |
+ 0, 0, /* no references */
|
|
292 |
+ NULL, NULL /* unlinked */
|
|
293 |
+ };
|
|
294 |
+
|
|
295 |
+/* As this is only ever called once, there's no need for locking
|
|
296 |
+ * (indeed - the lock will already be held by our caller!!!) */
|
|
297 |
+ENGINE *ENGINE_ibmca()
|
|
298 |
+ {
|
|
299 |
+ RSA_METHOD *meth1;
|
|
300 |
+ DSA_METHOD *meth2;
|
|
301 |
+ DH_METHOD *meth3;
|
|
302 |
+
|
|
303 |
+ /* We know that the "PKCS1_SSLeay()" functions hook properly
|
|
304 |
+ * to the ibmca-specific mod_exp and mod_exp_crt so we use
|
|
305 |
+ * those functions. NB: We don't use ENGINE_openssl() or
|
|
306 |
+ * anything "more generic" because something like the RSAref
|
|
307 |
+ * code may not hook properly, and if you own one of these
|
|
308 |
+ * cards then you have the right to do RSA operations on it
|
|
309 |
+ * anyway! */
|
|
310 |
+ meth1 = RSA_PKCS1_SSLeay();
|
|
311 |
+ ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
|
|
312 |
+ ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
|
|
313 |
+ ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
|
|
314 |
+ ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
|
|
315 |
+
|
|
316 |
+ /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
|
|
317 |
+ * bits. */
|
|
318 |
+ meth2 = DSA_OpenSSL();
|
|
319 |
+ ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;
|
|
320 |
+ ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
|
|
321 |
+ ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;
|
|
322 |
+
|
|
323 |
+ /* Much the same for Diffie-Hellman */
|
|
324 |
+ meth3 = DH_OpenSSL();
|
|
325 |
+ ibmca_dh.generate_key = meth3->generate_key;
|
|
326 |
+ ibmca_dh.compute_key = meth3->compute_key;
|
|
327 |
+ return &engine_ibmca;
|
|
328 |
+ }
|
|
329 |
+
|
|
330 |
+/* This is a process-global DSO handle used for loading and unloading
|
|
331 |
+ * the Ibmca library. NB: This is only set (or unset) during an
|
|
332 |
+ * init() or finish() call (reference counts permitting) and they're
|
|
333 |
+ * operating with global locks, so this should be thread-safe
|
|
334 |
+ * implicitly. */
|
|
335 |
+
|
|
336 |
+static DSO *ibmca_dso = NULL;
|
|
337 |
+
|
|
338 |
+/* These are the function pointers that are (un)set when the library has
|
|
339 |
+ * successfully (un)loaded. */
|
|
340 |
+
|
|
341 |
+static unsigned int (ICA_CALL *p_icaOpenAdapter)();
|
|
342 |
+static unsigned int (ICA_CALL *p_icaCloseAdapter)();
|
|
343 |
+static unsigned int (ICA_CALL *p_icaRsaModExpo)();
|
|
344 |
+static unsigned int (ICA_CALL *p_icaRandomNumberGenerate)();
|
|
345 |
+static unsigned int (ICA_CALL *p_icaRsaCrt)();
|
|
346 |
+
|
|
347 |
+/* utility function to obtain a context */
|
|
348 |
+static int get_context(ICA_ADAPTER_HANDLE *p_handle)
|
|
349 |
+ {
|
|
350 |
+ unsigned int status=0;
|
|
351 |
+
|
|
352 |
+ status = p_icaOpenAdapter(0, p_handle);
|
|
353 |
+ if(status != 0)
|
|
354 |
+ return 0;
|
|
355 |
+ return 1;
|
|
356 |
+ }
|
|
357 |
+
|
|
358 |
+/* similarly to release one. */
|
|
359 |
+static void release_context(ICA_ADAPTER_HANDLE handle)
|
|
360 |
+ {
|
|
361 |
+ p_icaCloseAdapter(handle);
|
|
362 |
+ }
|
|
363 |
+
|
|
364 |
+/* (de)initialisation functions. */
|
|
365 |
+static int ibmca_init()
|
|
366 |
+ {
|
|
367 |
+
|
|
368 |
+ void (*p1)();
|
|
369 |
+ void (*p2)();
|
|
370 |
+ void (*p3)();
|
|
371 |
+ void (*p4)();
|
|
372 |
+ void (*p5)();
|
|
373 |
+
|
|
374 |
+ if(ibmca_dso != NULL)
|
|
375 |
+ {
|
|
376 |
+ ENGINEerr(ENGINE_F_IBMCA_INIT,ENGINE_R_ALREADY_LOADED);
|
|
377 |
+ goto err;
|
|
378 |
+ }
|
|
379 |
+ /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
|
|
380 |
+ * changed unfortunately because the Ibmca drivers don't have
|
|
381 |
+ * standard library names that can be platform-translated well. */
|
|
382 |
+ /* TODO: Work out how to actually map to the names the Ibmca
|
|
383 |
+ * drivers really use - for now a symbollic link needs to be
|
|
384 |
+ * created on the host system from libatasi.so to atasi.so on
|
|
385 |
+ * unix variants. */
|
|
386 |
+
|
|
387 |
+ ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,
|
|
388 |
+ DSO_FLAG_NAME_TRANSLATION);
|
|
389 |
+ if(ibmca_dso == NULL)
|
|
390 |
+ {
|
|
391 |
+ ENGINEerr(ENGINE_F_IBMCA_INIT,ENGINE_R_DSO_FAILURE);
|
|
392 |
+ goto err;
|
|
393 |
+ }
|
|
394 |
+
|
|
395 |
+ if(!(p1 = DSO_bind_func(
|
|
396 |
+ ibmca_dso, IBMCA_F1)) ||
|
|
397 |
+ !(p2 = DSO_bind_func(
|
|
398 |
+ ibmca_dso, IBMCA_F2)) ||
|
|
399 |
+ !(p3 = DSO_bind_func(
|
|
400 |
+ ibmca_dso, IBMCA_F3)) ||
|
|
401 |
+ !(p4 = DSO_bind_func(
|
|
402 |
+ ibmca_dso, IBMCA_F4)) ||
|
|
403 |
+ !(p5 = DSO_bind_func(
|
|
404 |
+ ibmca_dso, IBMCA_F5)))
|
|
405 |
+ {
|
|
406 |
+ ENGINEerr(ENGINE_F_IBMCA_INIT,ENGINE_R_DSO_FAILURE);
|
|
407 |
+ goto err;
|
|
408 |
+ }
|
|
409 |
+
|
|
410 |
+ /* Copy the pointers */
|
|
411 |
+
|
|
412 |
+ p_icaOpenAdapter = (unsigned int (ICA_CALL *)())p1;
|
|
413 |
+ p_icaCloseAdapter = (unsigned int (ICA_CALL *)())p2;
|
|
414 |
+ p_icaRsaModExpo = (unsigned int (ICA_CALL *)())p3;
|
|
415 |
+ p_icaRandomNumberGenerate = (unsigned int (ICA_CALL *)())p4;
|
|
416 |
+ p_icaRsaCrt = (unsigned int (ICA_CALL *)())p5;
|
|
417 |
+
|
|
418 |
+ if(!get_context(&handle))
|
|
419 |
+ {
|
|
420 |
+ ENGINEerr(ENGINE_F_IBMCA_INIT,ENGINE_R_UNIT_FAILURE);
|
|
421 |
+ goto err;
|
|
422 |
+ }
|
|
423 |
+
|
|
424 |
+ return 1;
|
|
425 |
+ err:
|
|
426 |
+ if(ibmca_dso)
|
|
427 |
+ DSO_free(ibmca_dso);
|
|
428 |
+
|
|
429 |
+ p_icaOpenAdapter = NULL;
|
|
430 |
+ p_icaCloseAdapter = NULL;
|
|
431 |
+ p_icaRsaModExpo = NULL;
|
|
432 |
+ p_icaRandomNumberGenerate = NULL;
|
|
433 |
+
|
|
434 |
+ return 0;
|
|
435 |
+ }
|
|
436 |
+
|
|
437 |
+static int ibmca_finish()
|
|
438 |
+ {
|
|
439 |
+ if(ibmca_dso == NULL)
|
|
440 |
+ {
|
|
441 |
+ ENGINEerr(ENGINE_F_IBMCA_FINISH,ENGINE_R_NOT_LOADED);
|
|
442 |
+ return 0;
|
|
443 |
+ }
|
|
444 |
+ release_context(handle);
|
|
445 |
+ if(!DSO_free(ibmca_dso))
|
|
446 |
+ {
|
|
447 |
+ ENGINEerr(ENGINE_F_IBMCA_FINISH,ENGINE_R_DSO_FAILURE);
|
|
448 |
+ return 0;
|
|
449 |
+ }
|
|
450 |
+ ibmca_dso = NULL;
|
|
451 |
+
|
|
452 |
+ return 1;
|
|
453 |
+ }
|
|
454 |
+
|
|
455 |
+static int ibmca_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
|
456 |
+ const BIGNUM *m, BN_CTX *ctx)
|
|
457 |
+ {
|
|
458 |
+ /* I need somewhere to store temporary serialised values for
|
|
459 |
+ * use with the Ibmca API calls. A neat cheat - I'll use
|
|
460 |
+ * BIGNUMs from the BN_CTX but access their arrays directly as
|
|
461 |
+ * byte arrays <grin>. This way I don't have to clean anything
|
|
462 |
+ * up. */
|
|
463 |
+
|
|
464 |
+ BIGNUM *argument=NULL;
|
|
465 |
+ BIGNUM *result=NULL;
|
|
466 |
+ BIGNUM *key=NULL;
|
|
467 |
+ int to_return;
|
|
468 |
+ int inLen, outLen, tmpLen;
|
|
469 |
+
|
|
470 |
+
|
|
471 |
+ ICA_KEY_RSA_MODEXPO *publKey=NULL;
|
|
472 |
+ unsigned int rc;
|
|
473 |
+
|
|
474 |
+ to_return = 0; /* expect failure */
|
|
475 |
+
|
|
476 |
+ if(!ibmca_dso)
|
|
477 |
+ {
|
|
478 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP,ENGINE_R_NOT_LOADED);
|
|
479 |
+ goto err;
|
|
480 |
+ }
|
|
481 |
+ /* Prepare the params */
|
|
482 |
+ argument = BN_CTX_get(ctx);
|
|
483 |
+ result = BN_CTX_get(ctx);
|
|
484 |
+ key = BN_CTX_get(ctx);
|
|
485 |
+
|
|
486 |
+ if( !argument || !result || !key)
|
|
487 |
+ {
|
|
488 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP,ENGINE_R_BN_CTX_FULL);
|
|
489 |
+ goto err;
|
|
490 |
+ }
|
|
491 |
+
|
|
492 |
+
|
|
493 |
+ if(!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||
|
|
494 |
+ !bn_wexpand(key, sizeof(*publKey)/BN_BYTES))
|
|
495 |
+
|
|
496 |
+ {
|
|
497 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP,ENGINE_R_BN_EXPAND_FAIL);
|
|
498 |
+ goto err;
|
|
499 |
+ }
|
|
500 |
+
|
|
501 |
+ publKey = (ICA_KEY_RSA_MODEXPO *)key->d;
|
|
502 |
+
|
|
503 |
+ if (publKey == NULL)
|
|
504 |
+ {
|
|
505 |
+ goto err;
|
|
506 |
+ }
|
|
507 |
+ memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));
|
|
508 |
+
|
|
509 |
+ publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE);
|
|
510 |
+ publKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));
|
|
511 |
+ publKey->expOffset = (char *) publKey->keyRecord - (char *) publKey;
|
|
512 |
+
|
|
513 |
+ /* A quirk of the card: the exponent length has to be the same
|
|
514 |
+ as the modulus (key) length */
|
|
515 |
+
|
|
516 |
+ outLen = BN_num_bytes(m);
|
|
517 |
+
|
|
518 |
+ /* Check for a modulus greater than 2048 bits (256 bytes) */
|
|
519 |
+ if ( outLen > 256 ) {
|
|
520 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP,ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
|
|
521 |
+ goto err;
|
|
522 |
+ }
|
|
523 |
+ /* SAB End check for modulus length */
|
|
524 |
+
|
|
525 |
+
|
|
526 |
+ publKey->expLength = publKey->nLength = outLen;
|
|
527 |
+
|
|
528 |
+ /* SAB Check for underflow condition here */
|
|
529 |
+ /* if the size of the exponent length is less than the size of the parameter p,
|
|
530 |
+ * then we have a big problem and we will underlfow the keyRecord buffer
|
|
531 |
+ * who knows what will happen then
|
|
532 |
+ * */
|
|
533 |
+ if ( outLen < BN_num_bytes(p) ) {
|
|
534 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP,ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
|
|
535 |
+ goto err;
|
|
536 |
+ }
|
|
537 |
+ /* SAB End Check for underflow */
|
|
538 |
+
|
|
539 |
+
|
|
540 |
+ BN_bn2bin(p, &publKey->keyRecord[publKey->expLength -
|
|
541 |
+ BN_num_bytes(p)]);
|
|
542 |
+ BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);
|
|
543 |
+
|
|
544 |
+
|
|
545 |
+
|
|
546 |
+ publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);
|
|
547 |
+ publKey->nOffset = CORRECT_ENDIANNESS(publKey->expOffset +
|
|
548 |
+ publKey->expLength);
|
|
549 |
+
|
|
550 |
+ publKey->expOffset = CORRECT_ENDIANNESS((char *) publKey->keyRecord -
|
|
551 |
+ (char *) publKey);
|
|
552 |
+
|
|
553 |
+
|
|
554 |
+ tmpLen = outLen;
|
|
555 |
+
|
|
556 |
+
|
|
557 |
+
|
|
558 |
+ publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);
|
|
559 |
+
|
|
560 |
+ /* Prepare the argument */
|
|
561 |
+
|
|
562 |
+ memset(argument->d, 0, outLen);
|
|
563 |
+ BN_bn2bin(a, (unsigned char *)argument->d + outLen -
|
|
564 |
+ BN_num_bytes(a));
|
|
565 |
+
|
|
566 |
+ inLen = outLen;
|
|
567 |
+
|
|
568 |
+ /* Perform the operation */
|
|
569 |
+
|
|
570 |
+ if( (rc = p_icaRsaModExpo(handle, inLen,(unsigned char *)argument->d,
|
|
571 |
+ publKey, &outLen, (unsigned char *)result->d))
|
|
572 |
+ !=0 )
|
|
573 |
+
|
|
574 |
+ {
|
|
575 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP,ENGINE_R_REQUEST_FAILED);
|
|
576 |
+ goto err;
|
|
577 |
+ }
|
|
578 |
+
|
|
579 |
+
|
|
580 |
+ /* Convert the response */
|
|
581 |
+ BN_bin2bn((unsigned char *)result->d, outLen, r);
|
|
582 |
+ to_return = 1;
|
|
583 |
+ err:
|
|
584 |
+ if(argument) ctx->tos--;
|
|
585 |
+ if(result) ctx->tos--;
|
|
586 |
+ if(key) ctx->tos--;
|
|
587 |
+
|
|
588 |
+ return to_return;
|
|
589 |
+ }
|
|
590 |
+
|
|
591 |
+static int ibmca_rsa_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
|
|
592 |
+ {
|
|
593 |
+ BN_CTX *ctx;
|
|
594 |
+ int to_return = 0;
|
|
595 |
+
|
|
596 |
+ if((ctx = BN_CTX_new()) == NULL)
|
|
597 |
+ goto err;
|
|
598 |
+ if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
|
|
599 |
+ {
|
|
600 |
+ if(!rsa->d || !rsa->n)
|
|
601 |
+ {
|
|
602 |
+ ENGINEerr(ENGINE_F_IBMCA_RSA_MOD_EXP,
|
|
603 |
+ ENGINE_R_MISSING_KEY_COMPONENTS);
|
|
604 |
+ goto err;
|
|
605 |
+ }
|
|
606 |
+ to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);
|
|
607 |
+ }
|
|
608 |
+ else
|
|
609 |
+ {
|
|
610 |
+ to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
|
|
611 |
+ rsa->dmq1, rsa->iqmp, ctx);
|
|
612 |
+ }
|
|
613 |
+ err:
|
|
614 |
+ if(ctx)
|
|
615 |
+ BN_CTX_free(ctx);
|
|
616 |
+ return to_return;
|
|
617 |
+ }
|
|
618 |
+
|
|
619 |
+/* Ein kleines chinesisches "Restessen" */
|
|
620 |
+static int ibmca_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
|
621 |
+ const BIGNUM *q, const BIGNUM *dmp1,
|
|
622 |
+ const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
|
|
623 |
+ {
|
|
624 |
+
|
|
625 |
+ BIGNUM *argument = NULL;
|
|
626 |
+ BIGNUM *result = NULL;
|
|
627 |
+ BIGNUM *key = NULL;
|
|
628 |
+
|
|
629 |
+ unsigned int keyRecordSize;
|
|
630 |
+
|
|
631 |
+ int to_return = 0; /* expect failure */
|
|
632 |
+
|
|
633 |
+ char *pkey=NULL;
|
|
634 |
+ ICA_KEY_RSA_CRT *privKey=NULL;
|
|
635 |
+ int inLen, outLen;
|
|
636 |
+
|
|
637 |
+ int rc;
|
|
638 |
+ unsigned int offset, pSize, qSize;
|
|
639 |
+
|
|
640 |
+ /* Prepare the params */
|
|
641 |
+
|
|
642 |
+ argument = BN_CTX_get(ctx);
|
|
643 |
+ result = BN_CTX_get(ctx);
|
|
644 |
+ key = BN_CTX_get(ctx);
|
|
645 |
+
|
|
646 |
+ if(!argument || !result || !key)
|
|
647 |
+ {
|
|
648 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP_CRT,ENGINE_R_BN_CTX_FULL);
|
|
649 |
+ goto err;
|
|
650 |
+ }
|
|
651 |
+
|
|
652 |
+ if(!bn_wexpand(argument, p->top + q->top) ||
|
|
653 |
+ !bn_wexpand(result, p->top + q->top) ||
|
|
654 |
+ !bn_wexpand(key, sizeof(*privKey)/BN_BYTES ))
|
|
655 |
+ {
|
|
656 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP_CRT,ENGINE_R_BN_EXPAND_FAIL);
|
|
657 |
+ goto err;
|
|
658 |
+ }
|
|
659 |
+
|
|
660 |
+ privKey = (ICA_KEY_RSA_CRT *)key->d;
|
|
661 |
+ memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));
|
|
662 |
+
|
|
663 |
+ /* SAB Add, check that the total size in bytes of the parameters does not
|
|
664 |
+ * exceede the buffer space we have
|
|
665 |
+ * do this first because if it exceeds the
|
|
666 |
+ */
|
|
667 |
+ keyRecordSize = BN_num_bytes(p) + BN_num_bytes(q) + BN_num_bytes(dmp1) +
|
|
668 |
+ BN_num_bytes(dmq1) + + BN_num_bytes(iqmp);
|
|
669 |
+ // DELETE BN_num_bytes(dmq1) + BN_num_bytes(q) + BN_num_bytes(iqmp);
|
|
670 |
+
|
|
671 |
+ if (keyRecordSize > sizeof(privKey->keyRecord)) {
|
|
672 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP_CRT,ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
|
|
673 |
+ goto err;
|
|
674 |
+ }
|
|
675 |
+
|
|
676 |
+ /* SAB add, check that the size of the split of q are not greater than 2048 (256 bytes) */
|
|
677 |
+ if ( (BN_num_bytes(q) + BN_num_bytes(dmq1) ) > 256 ) {
|
|
678 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP_CRT,ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
|
|
679 |
+ goto err;
|
|
680 |
+ }
|
|
681 |
+
|
|
682 |
+ /* SAB add, check that the size of the parts of P are not greater than 2048 (256 bytes) */
|
|
683 |
+ if ( (BN_num_bytes(p) + BN_num_bytes(dmp1) ) > 256 ) {
|
|
684 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP_CRT,ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
|
|
685 |
+ goto err;
|
|
686 |
+ }
|
|
687 |
+
|
|
688 |
+
|
|
689 |
+ privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE);
|
|
690 |
+ privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));
|
|
691 |
+ privKey->modulusBitLength = CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);
|
|
692 |
+
|
|
693 |
+ /*
|
|
694 |
+ * p,dp & qInv are 1 QWORD Larger
|
|
695 |
+ */
|
|
696 |
+ privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p)+8);
|
|
697 |
+ privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));
|
|
698 |
+ privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1)+8);
|
|
699 |
+ privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));
|
|
700 |
+ privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp)+8);
|
|
701 |
+
|
|
702 |
+ offset = (char *) privKey->keyRecord
|
|
703 |
+ - (char *) privKey;
|
|
704 |
+
|
|
705 |
+ qSize = BN_num_bytes(q);
|
|
706 |
+ pSize = qSize + 8; /* 1 QWORD larger */
|
|
707 |
+
|
|
708 |
+/* SAB probably a little redundant, but we'll verify that each of the
|
|
709 |
+ components which make up a keyrecord sent to the card does not
|
|
710 |
+ exceed the space that is allocate for it. This handles the
|
|
711 |
+ case where even if the total length does not exceed keyrecord size, if
|
|
712 |
+ the operands are funny sized causing potential side affects to either
|
|
713 |
+ the card or result */
|
|
714 |
+
|
|
715 |
+ if ( ((BN_num_bytes(p)) > pSize ) ||
|
|
716 |
+ ((BN_num_bytes(dmp1)) > pSize ) ||
|
|
717 |
+ ((BN_num_bytes(iqmp)) > pSize ) ||
|
|
718 |
+ ((BN_num_bytes(q)) > qSize ) ||
|
|
719 |
+ ((BN_num_bytes(dmq1)) > qSize ) ) {
|
|
720 |
+
|
|
721 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP_CRT,ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
|
|
722 |
+ goto err;
|
|
723 |
+
|
|
724 |
+ }
|
|
725 |
+
|
|
726 |
+
|
|
727 |
+
|
|
728 |
+
|
|
729 |
+ /* these offset values are ignored on all platforms except Intel
|
|
730 |
+ * in libica
|
|
731 |
+ * */
|
|
732 |
+ privKey->dpOffset = CORRECT_ENDIANNESS(offset);
|
|
733 |
+
|
|
734 |
+ offset += pSize;
|
|
735 |
+ privKey->dqOffset = CORRECT_ENDIANNESS(offset);
|
|
736 |
+
|
|
737 |
+ offset += qSize;
|
|
738 |
+ privKey->pOffset = CORRECT_ENDIANNESS(offset);
|
|
739 |
+
|
|
740 |
+ offset += pSize;
|
|
741 |
+ privKey->qOffset = CORRECT_ENDIANNESS(offset);
|
|
742 |
+
|
|
743 |
+ offset += qSize;
|
|
744 |
+ privKey->qInvOffset = CORRECT_ENDIANNESS(offset);
|
|
745 |
+
|
|
746 |
+ /* Start at the beginning of the buffer. */
|
|
747 |
+ pkey = (char *) privKey->keyRecord;
|
|
748 |
+
|
|
749 |
+ /* SAB First check that we won't underflow the buffer... */
|
|
750 |
+ /* p greater in size than pSize will cause us to underflow */
|
|
751 |
+ /* should really check the other data sizes as well before doing the copies */
|
|
752 |
+ /* no sense doing any copies if the sizes and offsets will create a bad buffer */
|
|
753 |
+ /* although the check for total lengths not exceeding total space should help */
|
|
754 |
+
|
|
755 |
+ if ( pSize < BN_num_bytes(p)){
|
|
756 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP_CRT,ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
|
|
757 |
+ goto err;
|
|
758 |
+ }
|
|
759 |
+
|
|
760 |
+
|
|
761 |
+ /* pkey += pSize - BN_num_bytes(p); this line is wrong SAB this is so that the field is padded with leading zeros */
|
|
762 |
+ pkey += pSize - BN_num_bytes(dmp1); /* SAB this is so that the field is padded with leading zeros */
|
|
763 |
+
|
|
764 |
+ BN_bn2bin(dmp1, pkey);
|
|
765 |
+ pkey += BN_num_bytes(dmp1); /* move the pointer */
|
|
766 |
+
|
|
767 |
+ BN_bn2bin(dmq1, pkey); /* Copy dmq1 */
|
|
768 |
+ pkey += qSize ; /* dmq1 is qSize but somewhere we should really check this */
|
|
769 |
+ pkey += pSize - BN_num_bytes(p); /* the next field is padded with leading zeros */
|
|
770 |
+
|
|
771 |
+ BN_bn2bin(p, pkey);
|
|
772 |
+
|
|
773 |
+ pkey += BN_num_bytes(p); /* move the pointer however many bytes we moved it */
|
|
774 |
+
|
|
775 |
+ BN_bn2bin(q, pkey);
|
|
776 |
+
|
|
777 |
+ pkey += qSize ; /* Move the pointer to the next offset in the buffer */
|
|
778 |
+ pkey += pSize - BN_num_bytes(iqmp); /* Another zero padded field */
|
|
779 |
+ BN_bn2bin(iqmp, pkey);
|
|
780 |
+
|
|
781 |
+ /* Prepare the argument and response */
|
|
782 |
+
|
|
783 |
+ outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2; /* correct endianess is used here because the privKey structures
|
|
784 |
+ fields were converted for endianess above This makes it into
|
|
785 |
+ native */
|
|
786 |
+
|
|
787 |
+ if (outLen > 256 ) {
|
|
788 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP_CRT,ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
|
|
789 |
+ goto err;
|
|
790 |
+ }
|
|
791 |
+
|
|
792 |
+
|
|
793 |
+ /* SAB Need to check for underflow as well as the case where outLen is < the argument which would clobber
|
|
794 |
+ * the prior buffers */
|
|
795 |
+ if ( outLen < BN_num_bytes(a)) {
|
|
796 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP_CRT,ENGINE_R_BN_EXPAND_FAIL);
|
|
797 |
+ }
|
|
798 |
+
|
|
799 |
+ /* This will pad with leading zeros if the argument is less than the key length this shouldnot really
|
|
800 |
+ * happen, but since the callers really are responsible for the padding, we need to make sure we have it
|
|
801 |
+ * proper */
|
|
802 |
+
|
|
803 |
+ BN_bn2bin(a, (unsigned char *)argument->d + outLen -
|
|
804 |
+ BN_num_bytes(a));
|
|
805 |
+
|
|
806 |
+
|
|
807 |
+ inLen = outLen;
|
|
808 |
+
|
|
809 |
+ memset(result->d, 0, outLen);
|
|
810 |
+
|
|
811 |
+ /* Perform the operation */
|
|
812 |
+
|
|
813 |
+ if ( (rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,
|
|
814 |
+ privKey, &outLen, (unsigned char *)result->d)) != 0)
|
|
815 |
+ {
|
|
816 |
+ ENGINEerr(ENGINE_F_IBMCA_MOD_EXP_CRT,ENGINE_R_REQUEST_FAILED);
|
|
817 |
+ goto err;
|
|
818 |
+ }
|
|
819 |
+
|
|
820 |
+ /* Convert the response */
|
|
821 |
+
|
|
822 |
+ BN_bin2bn((unsigned char *)result->d, outLen, r);
|
|
823 |
+ to_return = 1;
|
|
824 |
+
|
|
825 |
+ err:
|
|
826 |
+ if(argument) ctx->tos--;
|
|
827 |
+ if(result) ctx->tos--;
|
|
828 |
+ if(key) ctx->tos--;
|
|
829 |
+ return to_return;
|
|
830 |
+
|
|
831 |
+ }
|
|
832 |
+
|
|
833 |
+/* This code was liberated and adapted from the commented-out code in
|
|
834 |
+ * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration
|
|
835 |
+ * (it doesn't have a CRT form for RSA), this function means that an
|
|
836 |
+ * Ibmca system running with a DSA server certificate can handshake
|
|
837 |
+ * around 5 or 6 times faster/more than an equivalent system running with
|
|
838 |
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
|
|
839 |
+ * of "openssl speed -engine ibmca dsa1024 rsa1024". */
|
|
840 |
+static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
|
|
841 |
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
|
|
842 |
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
|
|
843 |
+ {
|
|
844 |
+ BIGNUM t;
|
|
845 |
+ int to_return = 0;
|
|
846 |
+
|
|
847 |
+ BN_init(&t);
|
|
848 |
+ /* let rr = a1 ^ p1 mod m */
|
|
849 |
+ if (!ibmca_mod_exp(rr,a1,p1,m,ctx)) goto end;
|
|
850 |
+ /* let t = a2 ^ p2 mod m */
|
|
851 |
+ if (!ibmca_mod_exp(&t,a2,p2,m,ctx)) goto end;
|
|
852 |
+ /* let rr = rr * t mod m */
|
|
853 |
+ if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
|
|
854 |
+ to_return = 1;
|
|
855 |
+ end:
|
|
856 |
+ BN_free(&t);
|
|
857 |
+ return to_return;
|
|
858 |
+ }
|
|
859 |
+
|
|
860 |
+
|
|
861 |
+static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
|
|
862 |
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
|
|
863 |
+ BN_MONT_CTX *m_ctx)
|
|
864 |
+ {
|
|
865 |
+ return ibmca_mod_exp(r, a, p, m, ctx);
|
|
866 |
+ }
|
|
867 |
+
|
|
868 |
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
|
|
869 |
+static int ibmca_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
|
870 |
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
|
|
871 |
+ {
|
|
872 |
+ return ibmca_mod_exp(r, a, p, m, ctx);
|
|
873 |
+ }
|
|
874 |
+
|
|
875 |
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
|
|
876 |
+static int ibmca_mod_exp_dh(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
|
877 |
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
|
|
878 |
+ {
|
|
879 |
+ return ibmca_mod_exp(r, a, p, m, ctx);
|
|
880 |
+ }
|
|
881 |
+
|
|
882 |
+/* Random bytes are good */
|
|
883 |
+static int ibmca_rand_bytes(unsigned char *buf, int num)
|
|
884 |
+ {
|
|
885 |
+ int to_return = 0; /* assume failure */
|
|
886 |
+ unsigned int ret;
|
|
887 |
+
|
|
888 |
+
|
|
889 |
+ if(handle == 0)
|
|
890 |
+ {
|
|
891 |
+ ENGINEerr(ENGINE_F_IBMCA_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
|
|
892 |
+ goto err;
|
|
893 |
+ }
|
|
894 |
+
|
|
895 |
+ ret = p_icaRandomNumberGenerate(handle, num, buf);
|
|
896 |
+ if (ret < 0)
|
|
897 |
+ {
|
|
898 |
+ ENGINEerr(ENGINE_F_IBMCA_RAND_BYTES,ENGINE_R_REQUEST_FAILED);
|
|
899 |
+ goto err;
|
|
900 |
+ }
|
|
901 |
+ to_return = 1;
|
|
902 |
+ err:
|
|
903 |
+ return to_return;
|
|
904 |
+ }
|
|
905 |
+
|
|
906 |
+static int ibmca_rand_status(void)
|
|
907 |
+ {
|
|
908 |
+ return 1;
|
|
909 |
+ }
|
|
910 |
+
|
|
911 |
+#endif /* !NO_HW_IBMCA */
|
|
912 |
+#endif /* !NO_HW */
|
|
913 |
diff -urN -x /home/sbade/dontdirr openssl-engine-0.9.6e.base/crypto/engine/vendor_defns/ica_openssl_api.h openssl-engine-0.9.6e.patch/crypto/engine/vendor_defns/ica_openssl_api.h
|
|
914 |
--- openssl-engine-0.9.6e.base/crypto/engine/vendor_defns/ica_openssl_api.h Thu Jan 1 01:00:00 1970
|
|
915 |
+++ openssl-engine-0.9.6e.patch/crypto/engine/vendor_defns/ica_openssl_api.h Fri Aug 2 14:37:08 2002
|
|
916 |
@@ -0,0 +1,189 @@
|
|
917 |
+
|
|
918 |
+#ifndef __ICA_OPENSSL_API_H__
|
|
919 |
+#define __ICA_OPENSSL_API_H__
|
|
920 |
+
|
|
921 |
+/**
|
|
922 |
+ ** abstract data types for API
|
|
923 |
+ **/
|
|
924 |
+
|
|
925 |
+#define ICA_ADAPTER_HANDLE int
|
|
926 |
+
|
|
927 |
+#if defined(linux) || defined (_AIX) || defined(sun)
|
|
928 |
+#define ICA_CALL
|
|
929 |
+#endif
|
|
930 |
+
|
|
931 |
+#if defined(WIN32) || defined(_WIN32)
|
|
932 |
+#define ICA_CALL __stdcall
|
|
933 |
+#endif
|
|
934 |
+
|
|
935 |
+/*------------------------------------------------*
|
|
936 |
+ | RSA defines and typedefs |
|
|
937 |
+ *------------------------------------------------*/
|
|
938 |
+ /*
|
|
939 |
+ * All data elements of the RSA key are in big-endian format
|
|
940 |
+ * Modulus-Exponent form of key
|
|
941 |
+ *
|
|
942 |
+ */
|
|
943 |
+ #define MAX_EXP_SIZE 256
|
|
944 |
+ #define MAX_MODULUS_SIZE 256
|
|
945 |
+ #define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
|
|
946 |
+
|
|
947 |
+ #define MAX_OPERAND_SIZE MAX_EXP_SIZE
|
|
948 |
+
|
|
949 |
+ typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
|
|
950 |
+ /*
|
|
951 |
+ * All data elements of the RSA key are in big-endian format
|
|
952 |
+ * Chinese Remainder Thereom(CRT) form of key
|
|
953 |
+ * Used only for Decrypt, the encrypt form is typically Modulus-Exponent
|
|
954 |
+ *
|
|
955 |
+ */
|
|
956 |
+ #define MAX_BP_SIZE 136
|
|
957 |
+ #define MAX_BQ_SIZE 128
|
|
958 |
+ #define MAX_NP_SIZE 136
|
|
959 |
+ #define MAX_NQ_SIZE 128
|
|
960 |
+ #define MAX_QINV_SIZE 136
|
|
961 |
+ #define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
|
|
962 |
+
|
|
963 |
+#define RSA_GEN_OPERAND_MAX 256 /* bytes */
|
|
964 |
+
|
|
965 |
+typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
|
|
966 |
+/*------------------------------------------------*
|
|
967 |
+ | RSA key token types |
|
|
968 |
+ *------------------------------------------------*/
|
|
969 |
+
|
|
970 |
+#define RSA_PUBLIC_MODULUS_EXPONENT 3
|
|
971 |
+#define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
|
|
972 |
+
|
|
973 |
+#define KEYTYPE_MODEXPO 1
|
|
974 |
+#define KEYTYPE_PKCSCRT 2
|
|
975 |
+
|
|
976 |
+
|
|
977 |
+/*------------------------------------------------*
|
|
978 |
+ | RSA Key Token format |
|
|
979 |
+ *------------------------------------------------*/
|
|
980 |
+
|
|
981 |
+/*
|
|
982 |
+ * NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
|
|
983 |
+ * (lengths, offsets, exponents, modulus, etc.) are
|
|
984 |
+ * stored in big-endian format
|
|
985 |
+ */
|
|
986 |
+
|
|
987 |
+typedef struct _ICA_KEY_RSA_MODEXPO
|
|
988 |
+{ unsigned int keyType; /* RSA key type. */
|
|
989 |
+ unsigned int keyLength; /* Total length of the token. */
|
|
990 |
+ unsigned int modulusBitLength; /* Modulus n bit length. */
|
|
991 |
+ /* -- Start of the data length.*/
|
|
992 |
+ unsigned int nLength; /* Modulus n = p * q */
|
|
993 |
+ unsigned int expLength; /* exponent (public or private)*/
|
|
994 |
+ /* e = 1/d * mod(p-1)(q-1) */
|
|
995 |
+ /* -- Start of the data offsets*/
|
|
996 |
+ unsigned int nOffset; /* Modulus n . */
|
|
997 |
+ unsigned int expOffset; /* exponent (public or private)*/
|
|
998 |
+ unsigned char reserved[112]; /* reserved area */
|
|
999 |
+ /* -- Start of the variable -- */
|
|
1000 |
+ /* -- length token data. -- */
|
|
1001 |
+ ICA_KEY_RSA_MODEXPO_REC keyRecord;
|
|
1002 |
+} ICA_KEY_RSA_MODEXPO;
|
|
1003 |
+#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
|
|
1004 |
+
|
|
1005 |
+/*
|
|
1006 |
+ * NOTE: All the fields in the ICA_KEY_RSA_CRT structure
|
|
1007 |
+ * (lengths, offsets, exponents, modulus, etc.) are
|
|
1008 |
+ * stored in big-endian format
|
|
1009 |
+ */
|
|
1010 |
+
|
|
1011 |
+typedef struct _ICA_KEY_RSA_CRT
|
|
1012 |
+{ unsigned int keyType; /* RSA key type. */
|
|
1013 |
+ unsigned int keyLength; /* Total length of the token. */
|
|
1014 |
+ unsigned int modulusBitLength; /* Modulus n bit length. */
|
|
1015 |
+ /* -- Start of the data length.*/
|
|
1016 |
+#if _AIX
|
|
1017 |
+ unsigned int nLength; /* Modulus n = p * q */
|
|
1018 |
+#endif
|
|
1019 |
+ unsigned int pLength; /* Prime number p . */
|
|
1020 |
+ unsigned int qLength; /* Prime number q . */
|
|
1021 |
+ unsigned int dpLength; /* dp = d * mod(p-1) . */
|
|
1022 |
+ unsigned int dqLength; /* dq = d * mod(q-1) . */
|
|
1023 |
+ unsigned int qInvLength; /* PKCS: qInv = Ap/q */
|
|
1024 |
+ /* -- Start of the data offsets*/
|
|
1025 |
+#if _AIX
|
|
1026 |
+ unsigned int nOffset; /* Modulus n . */
|
|
1027 |
+#endif
|
|
1028 |
+ unsigned int pOffset; /* Prime number p . */
|
|
1029 |
+ unsigned int qOffset; /* Prime number q . */
|
|
1030 |
+ unsigned int dpOffset; /* dp . */
|
|
1031 |
+ unsigned int dqOffset; /* dq . */
|
|
1032 |
+ unsigned int qInvOffset; /* qInv for PKCS */
|
|
1033 |
+#if _AIX
|
|
1034 |
+ unsigned char reserved[80]; /* reserved area */
|
|
1035 |
+#else
|
|
1036 |
+ unsigned char reserved[88]; /* reserved area */
|
|
1037 |
+#endif
|
|
1038 |
+ /* -- Start of the variable -- */
|
|
1039 |
+ /* -- length token data. -- */
|
|
1040 |
+ ICA_KEY_RSA_CRT_REC keyRecord;
|
|
1041 |
+} ICA_KEY_RSA_CRT;
|
|
1042 |
+#define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
|
|
1043 |
+
|
|
1044 |
+unsigned int
|
|
1045 |
+icaOpenAdapter( unsigned int adapterId,
|
|
1046 |
+ ICA_ADAPTER_HANDLE *pAdapterHandle );
|
|
1047 |
+
|
|
1048 |
+unsigned int
|
|
1049 |
+icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle );
|
|
1050 |
+
|
|
1051 |
+unsigned int
|
|
1052 |
+icaRsaModExpo( ICA_ADAPTER_HANDLE hAdapterHandle,
|
|
1053 |
+ unsigned int inputDataLength,
|
|
1054 |
+ unsigned char *pInputData,
|
|
1055 |
+ ICA_KEY_RSA_MODEXPO *pKeyModExpo,
|
|
1056 |
+ unsigned int *pOutputDataLength,
|
|
1057 |
+ unsigned char *pOutputData );
|
|
1058 |
+
|
|
1059 |
+unsigned int
|
|
1060 |
+icaRsaCrt( ICA_ADAPTER_HANDLE hAdapterHandle,
|
|
1061 |
+ unsigned int inputDataLength,
|
|
1062 |
+ unsigned char *pInputData,
|
|
1063 |
+ ICA_KEY_RSA_CRT *pKeyCrt,
|
|
1064 |
+ unsigned int *pOutputDataLength,
|
|
1065 |
+ unsigned char *pOutputData );
|
|
1066 |
+
|
|
1067 |
+unsigned int
|
|
1068 |
+icaRandomNumberGenerate( ICA_ADAPTER_HANDLE hAdapterHandle,
|
|
1069 |
+ unsigned int outputDataLength,
|
|
1070 |
+ unsigned char *pOutputData );
|
|
1071 |
+
|
|
1072 |
+/* Specific macros and definitions to not have IFDEF;s all over the
|
|
1073 |
+ main code */
|
|
1074 |
+
|
|
1075 |
+#if (_AIX)
|
|
1076 |
+static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
|
|
1077 |
+#elif (WIN32)
|
|
1078 |
+static const char *IBMCA_LIBNAME = "cryptica";
|
|
1079 |
+#else
|
|
1080 |
+static const char *IBMCA_LIBNAME = "ica";
|
|
1081 |
+#endif
|
|
1082 |
+
|
|
1083 |
+#if (WIN32)
|
|
1084 |
+/*
|
|
1085 |
+ The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and
|
|
1086 |
+ offsets must be in big-endian format.
|
|
1087 |
+
|
|
1088 |
+*/
|
|
1089 |
+#define CORRECT_ENDIANNESS(b) ( \
|
|
1090 |
+ (((unsigned long) (b) & 0x000000ff) << 24) | \
|
|
1091 |
+ (((unsigned long) (b) & 0x0000ff00) << 8) | \
|
|
1092 |
+ (((unsigned long) (b) & 0x00ff0000) >> 8) | \
|
|
1093 |
+ (((unsigned long) (b) & 0xff000000) >> 24) \
|
|
1094 |
+ )
|
|
1095 |
+#define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
|
|
1096 |
+#define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
|
|
1097 |
+#else
|
|
1098 |
+#define CORRECT_ENDIANNESS(b) (b)
|
|
1099 |
+#define CRT_KEY_TYPE KEYTYPE_PKCSCRT
|
|
1100 |
+#define ME_KEY_TYPE KEYTYPE_MODEXPO
|
|
1101 |
+#endif
|
|
1102 |
+
|
|
1103 |
+
|
|
1104 |
+
|
|
1105 |
+#endif /* __ICA_OPENSSL_API_H__ */
|