e_sureware.c revision 280304
1/*- 2* Written by Corinne Dive-Reclus(cdive@baltimore.com) 3* 4* 5* Redistribution and use in source and binary forms, with or without 6* modification, are permitted provided that the following conditions 7* are met: 8* 9* 1. Redistributions of source code must retain the above copyright 10* notice, this list of conditions and the following disclaimer. 11* 12* 2. Redistributions in binary form must reproduce the above copyright 13* notice, this list of conditions and the following disclaimer in 14* the documentation and/or other materials provided with the 15* distribution. 16* 17* 3. All advertising materials mentioning features or use of this 18* software must display the following acknowledgment: 19* "This product includes software developed by the OpenSSL Project 20* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 21* 22* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23* endorse or promote products derived from this software without 24* prior written permission. For written permission, please contact 25* licensing@OpenSSL.org. 26* 27* 5. Products derived from this software may not be called "OpenSSL" 28* nor may "OpenSSL" appear in their names without prior written 29* permission of the OpenSSL Project. 30* 31* 6. Redistributions of any form whatsoever must retain the following 32* acknowledgment: 33* "This product includes software developed by the OpenSSL Project 34* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 35* 36* Written by Corinne Dive-Reclus(cdive@baltimore.com) 37* 38* Copyright@2001 Baltimore Technologies Ltd. 39* All right Reserved. 40* * 41* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND * 42* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * 43* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * 44* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE * 45* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * 46* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * 47* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * 48* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * 49* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * 50* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * 51* SUCH DAMAGE. * 52====================================================================*/ 53 54#include <stdio.h> 55#include <string.h> 56#include <openssl/crypto.h> 57#include <openssl/pem.h> 58#include <openssl/dso.h> 59#include <openssl/engine.h> 60#include <openssl/rand.h> 61#ifndef OPENSSL_NO_RSA 62# include <openssl/rsa.h> 63#endif 64#ifndef OPENSSL_NO_DSA 65# include <openssl/dsa.h> 66#endif 67#ifndef OPENSSL_NO_DH 68# include <openssl/dh.h> 69#endif 70#include <openssl/bn.h> 71 72#ifndef OPENSSL_NO_HW 73# ifndef OPENSSL_NO_HW_SUREWARE 74 75# ifdef FLAT_INC 76# include "sureware.h" 77# else 78# include "vendor_defns/sureware.h" 79# endif 80 81# define SUREWARE_LIB_NAME "sureware engine" 82# include "e_sureware_err.c" 83 84static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, 85 void (*f) (void)); 86static int surewarehk_destroy(ENGINE *e); 87static int surewarehk_init(ENGINE *e); 88static int surewarehk_finish(ENGINE *e); 89static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 90 const BIGNUM *m, BN_CTX *ctx); 91 92/* RSA stuff */ 93# ifndef OPENSSL_NO_RSA 94static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from, 95 unsigned char *to, RSA *rsa, int padding); 96static int surewarehk_rsa_sign(int flen, const unsigned char *from, 97 unsigned char *to, RSA *rsa, int padding); 98# endif 99 100/* RAND stuff */ 101static int surewarehk_rand_bytes(unsigned char *buf, int num); 102static void surewarehk_rand_seed(const void *buf, int num); 103static void surewarehk_rand_add(const void *buf, int num, double entropy); 104 105/* KM stuff */ 106static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id, 107 UI_METHOD *ui_method, 108 void *callback_data); 109static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id, 110 UI_METHOD *ui_method, 111 void *callback_data); 112static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, 113 int idx, long argl, void *argp); 114# if 0 115static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, 116 int idx, long argl, void *argp); 117# endif 118 119# ifndef OPENSSL_NO_RSA 120/* This function is aliased to mod_exp (with the mont stuff dropped). */ 121static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, 122 const BIGNUM *p, const BIGNUM *m, 123 BN_CTX *ctx, BN_MONT_CTX *m_ctx) 124{ 125 return surewarehk_modexp(r, a, p, m, ctx); 126} 127 128/* Our internal RSA_METHOD that we provide pointers to */ 129static RSA_METHOD surewarehk_rsa = { 130 "SureWare RSA method", 131 NULL, /* pub_enc */ 132 NULL, /* pub_dec */ 133 surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc */ 134 surewarehk_rsa_priv_dec, /* priv_dec */ 135 NULL, /* mod_exp */ 136 surewarehk_mod_exp_mont, /* mod_exp_mongomery */ 137 NULL, /* init */ 138 NULL, /* finish */ 139 0, /* RSA flag */ 140 NULL, 141 NULL, /* OpenSSL sign */ 142 NULL, /* OpenSSL verify */ 143 NULL /* keygen */ 144}; 145# endif 146 147# ifndef OPENSSL_NO_DH 148/* Our internal DH_METHOD that we provide pointers to */ 149/* This function is aliased to mod_exp (with the dh and mont dropped). */ 150static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, 151 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, 152 BN_MONT_CTX *m_ctx) 153{ 154 return surewarehk_modexp(r, a, p, m, ctx); 155} 156 157static DH_METHOD surewarehk_dh = { 158 "SureWare DH method", 159 NULL, /* gen_key */ 160 NULL, /* agree, */ 161 surewarehk_modexp_dh, /* dh mod exp */ 162 NULL, /* init */ 163 NULL, /* finish */ 164 0, /* flags */ 165 NULL, 166 NULL 167}; 168# endif 169 170static RAND_METHOD surewarehk_rand = { 171 /* "SureWare RAND method", */ 172 surewarehk_rand_seed, 173 surewarehk_rand_bytes, 174 NULL, /* cleanup */ 175 surewarehk_rand_add, 176 surewarehk_rand_bytes, 177 NULL, /* rand_status */ 178}; 179 180# ifndef OPENSSL_NO_DSA 181/* DSA stuff */ 182static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, 183 DSA *dsa); 184static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, 185 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, 186 BIGNUM *m, BN_CTX *ctx, 187 BN_MONT_CTX *in_mont) 188{ 189 BIGNUM t; 190 int to_return = 0; 191 BN_init(&t); 192 /* let rr = a1 ^ p1 mod m */ 193 if (!surewarehk_modexp(rr, a1, p1, m, ctx)) 194 goto end; 195 /* let t = a2 ^ p2 mod m */ 196 if (!surewarehk_modexp(&t, a2, p2, m, ctx)) 197 goto end; 198 /* let rr = rr * t mod m */ 199 if (!BN_mod_mul(rr, rr, &t, m, ctx)) 200 goto end; 201 to_return = 1; 202 end: 203 BN_free(&t); 204 return to_return; 205} 206 207static DSA_METHOD surewarehk_dsa = { 208 "SureWare DSA method", 209 surewarehk_dsa_do_sign, 210 NULL, /* sign setup */ 211 NULL, /* verify, */ 212 surewarehk_dsa_mod_exp, /* mod exp */ 213 NULL, /* bn mod exp */ 214 NULL, /* init */ 215 NULL, /* finish */ 216 0, 217 NULL, 218 NULL, 219 NULL 220}; 221# endif 222 223static const char *engine_sureware_id = "sureware"; 224static const char *engine_sureware_name = "SureWare hardware engine support"; 225 226/* Now, to our own code */ 227 228/* 229 * As this is only ever called once, there's no need for locking (indeed - 230 * the lock will already be held by our caller!!!) 231 */ 232static int bind_sureware(ENGINE *e) 233{ 234# ifndef OPENSSL_NO_RSA 235 const RSA_METHOD *meth1; 236# endif 237# ifndef OPENSSL_NO_DSA 238 const DSA_METHOD *meth2; 239# endif 240# ifndef OPENSSL_NO_DH 241 const DH_METHOD *meth3; 242# endif 243 244 if (!ENGINE_set_id(e, engine_sureware_id) || 245 !ENGINE_set_name(e, engine_sureware_name) || 246# ifndef OPENSSL_NO_RSA 247 !ENGINE_set_RSA(e, &surewarehk_rsa) || 248# endif 249# ifndef OPENSSL_NO_DSA 250 !ENGINE_set_DSA(e, &surewarehk_dsa) || 251# endif 252# ifndef OPENSSL_NO_DH 253 !ENGINE_set_DH(e, &surewarehk_dh) || 254# endif 255 !ENGINE_set_RAND(e, &surewarehk_rand) || 256 !ENGINE_set_destroy_function(e, surewarehk_destroy) || 257 !ENGINE_set_init_function(e, surewarehk_init) || 258 !ENGINE_set_finish_function(e, surewarehk_finish) || 259 !ENGINE_set_ctrl_function(e, surewarehk_ctrl) || 260 !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) || 261 !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey)) 262 return 0; 263 264# ifndef OPENSSL_NO_RSA 265 /* 266 * We know that the "PKCS1_SSLeay()" functions hook properly to the 267 * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB: 268 * We don't use ENGINE_openssl() or anything "more generic" because 269 * something like the RSAref code may not hook properly, and if you own 270 * one of these cards then you have the right to do RSA operations on it 271 * anyway! 272 */ 273 meth1 = RSA_PKCS1_SSLeay(); 274 if (meth1) { 275 surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; 276 surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; 277 } 278# endif 279 280# ifndef OPENSSL_NO_DSA 281 /* 282 * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits. 283 */ 284 meth2 = DSA_OpenSSL(); 285 if (meth2) { 286 surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify; 287 } 288# endif 289 290# ifndef OPENSSL_NO_DH 291 /* Much the same for Diffie-Hellman */ 292 meth3 = DH_OpenSSL(); 293 if (meth3) { 294 surewarehk_dh.generate_key = meth3->generate_key; 295 surewarehk_dh.compute_key = meth3->compute_key; 296 } 297# endif 298 299 /* Ensure the sureware error handling is set up */ 300 ERR_load_SUREWARE_strings(); 301 return 1; 302} 303 304# ifndef OPENSSL_NO_DYNAMIC_ENGINE 305static int bind_helper(ENGINE *e, const char *id) 306{ 307 if (id && (strcmp(id, engine_sureware_id) != 0)) 308 return 0; 309 if (!bind_sureware(e)) 310 return 0; 311 return 1; 312} 313 314IMPLEMENT_DYNAMIC_CHECK_FN() 315 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) 316# else 317static ENGINE *engine_sureware(void) 318{ 319 ENGINE *ret = ENGINE_new(); 320 if (!ret) 321 return NULL; 322 if (!bind_sureware(ret)) { 323 ENGINE_free(ret); 324 return NULL; 325 } 326 return ret; 327} 328 329void ENGINE_load_sureware(void) 330{ 331 /* Copied from eng_[openssl|dyn].c */ 332 ENGINE *toadd = engine_sureware(); 333 if (!toadd) 334 return; 335 ENGINE_add(toadd); 336 ENGINE_free(toadd); 337 ERR_clear_error(); 338} 339# endif 340 341/* 342 * This is a process-global DSO handle used for loading and unloading the 343 * SureWareHook library. NB: This is only set (or unset) during an init() or 344 * finish() call (reference counts permitting) and they're operating with 345 * global locks, so this should be thread-safe implicitly. 346 */ 347static DSO *surewarehk_dso = NULL; 348# ifndef OPENSSL_NO_RSA 349/* Index for KM handle. Not really used yet. */ 350static int rsaHndidx = -1; 351# endif 352# ifndef OPENSSL_NO_DSA 353/* Index for KM handle. Not really used yet. */ 354static int dsaHndidx = -1; 355# endif 356 357/* 358 * These are the function pointers that are (un)set when the library has 359 * successfully (un)loaded. 360 */ 361static SureWareHook_Init_t *p_surewarehk_Init = NULL; 362static SureWareHook_Finish_t *p_surewarehk_Finish = NULL; 363static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL; 364static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL; 365static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL; 366static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL; 367static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL; 368static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL; 369static SureWareHook_Free_t *p_surewarehk_Free = NULL; 370static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec = NULL; 371static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign = NULL; 372static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign = NULL; 373static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp = NULL; 374 375/* Used in the DSO operations. */ 376static const char *surewarehk_LIBNAME = "SureWareHook"; 377static const char *n_surewarehk_Init = "SureWareHook_Init"; 378static const char *n_surewarehk_Finish = "SureWareHook_Finish"; 379static const char *n_surewarehk_Rand_Bytes = "SureWareHook_Rand_Bytes"; 380static const char *n_surewarehk_Rand_Seed = "SureWareHook_Rand_Seed"; 381static const char *n_surewarehk_Load_Privkey = "SureWareHook_Load_Privkey"; 382static const char *n_surewarehk_Info_Pubkey = "SureWareHook_Info_Pubkey"; 383static const char *n_surewarehk_Load_Rsa_Pubkey = 384 "SureWareHook_Load_Rsa_Pubkey"; 385static const char *n_surewarehk_Load_Dsa_Pubkey = 386 "SureWareHook_Load_Dsa_Pubkey"; 387static const char *n_surewarehk_Free = "SureWareHook_Free"; 388static const char *n_surewarehk_Rsa_Priv_Dec = "SureWareHook_Rsa_Priv_Dec"; 389static const char *n_surewarehk_Rsa_Sign = "SureWareHook_Rsa_Sign"; 390static const char *n_surewarehk_Dsa_Sign = "SureWareHook_Dsa_Sign"; 391static const char *n_surewarehk_Mod_Exp = "SureWareHook_Mod_Exp"; 392static BIO *logstream = NULL; 393 394/* 395 * SureWareHook library functions and mechanics - these are used by the 396 * higher-level functions further down. NB: As and where there's no error 397 * checking, take a look lower down where these functions are called, the 398 * checking and error handling is probably down there. 399 */ 400static int threadsafe = 1; 401static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, 402 void (*f) (void)) 403{ 404 int to_return = 1; 405 406 switch (cmd) { 407 case ENGINE_CTRL_SET_LOGSTREAM: 408 { 409 BIO *bio = (BIO *)p; 410 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 411 if (logstream) { 412 BIO_free(logstream); 413 logstream = NULL; 414 } 415 if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1) 416 logstream = bio; 417 else 418 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL, 419 SUREWARE_R_BIO_WAS_FREED); 420 } 421 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); 422 break; 423 /* 424 * This will prevent the initialisation function from "installing" 425 * the mutex-handling callbacks, even if they are available from 426 * within the library (or were provided to the library from the 427 * calling application). This is to remove any baggage for 428 * applications not using multithreading. 429 */ 430 case ENGINE_CTRL_CHIL_NO_LOCKING: 431 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 432 threadsafe = 0; 433 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); 434 break; 435 436 /* The command isn't understood by this engine */ 437 default: 438 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL, 439 ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); 440 to_return = 0; 441 break; 442 } 443 444 return to_return; 445} 446 447/* Destructor (complements the "ENGINE_surewarehk()" constructor) */ 448static int surewarehk_destroy(ENGINE *e) 449{ 450 ERR_unload_SUREWARE_strings(); 451 return 1; 452} 453 454/* (de)initialisation functions. */ 455static int surewarehk_init(ENGINE *e) 456{ 457 char msg[64] = "ENGINE_init"; 458 SureWareHook_Init_t *p1 = NULL; 459 SureWareHook_Finish_t *p2 = NULL; 460 SureWareHook_Rand_Bytes_t *p3 = NULL; 461 SureWareHook_Rand_Seed_t *p4 = NULL; 462 SureWareHook_Load_Privkey_t *p5 = NULL; 463 SureWareHook_Load_Rsa_Pubkey_t *p6 = NULL; 464 SureWareHook_Free_t *p7 = NULL; 465 SureWareHook_Rsa_Priv_Dec_t *p8 = NULL; 466 SureWareHook_Rsa_Sign_t *p9 = NULL; 467 SureWareHook_Dsa_Sign_t *p12 = NULL; 468 SureWareHook_Info_Pubkey_t *p13 = NULL; 469 SureWareHook_Load_Dsa_Pubkey_t *p14 = NULL; 470 SureWareHook_Mod_Exp_t *p15 = NULL; 471 472 if (surewarehk_dso != NULL) { 473 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_ALREADY_LOADED); 474 goto err; 475 } 476 /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */ 477 surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0); 478 if (surewarehk_dso == NULL) { 479 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE); 480 goto err; 481 } 482 if (! 483 (p1 = 484 (SureWareHook_Init_t *) DSO_bind_func(surewarehk_dso, 485 n_surewarehk_Init)) 486|| !(p2 = 487 (SureWareHook_Finish_t *) DSO_bind_func(surewarehk_dso, 488 n_surewarehk_Finish)) 489|| !(p3 = 490 (SureWareHook_Rand_Bytes_t *) DSO_bind_func(surewarehk_dso, 491 n_surewarehk_Rand_Bytes)) 492|| !(p4 = 493 (SureWareHook_Rand_Seed_t *) DSO_bind_func(surewarehk_dso, 494 n_surewarehk_Rand_Seed)) 495|| !(p5 = 496 (SureWareHook_Load_Privkey_t *) DSO_bind_func(surewarehk_dso, 497 n_surewarehk_Load_Privkey)) 498|| !(p6 = 499 (SureWareHook_Load_Rsa_Pubkey_t *) DSO_bind_func(surewarehk_dso, 500 n_surewarehk_Load_Rsa_Pubkey)) 501|| !(p7 = 502 (SureWareHook_Free_t *) DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) 503|| !(p8 = 504 (SureWareHook_Rsa_Priv_Dec_t *) DSO_bind_func(surewarehk_dso, 505 n_surewarehk_Rsa_Priv_Dec)) 506|| !(p9 = 507 (SureWareHook_Rsa_Sign_t *) DSO_bind_func(surewarehk_dso, 508 n_surewarehk_Rsa_Sign)) 509|| !(p12 = 510 (SureWareHook_Dsa_Sign_t *) DSO_bind_func(surewarehk_dso, 511 n_surewarehk_Dsa_Sign)) 512|| !(p13 = 513 (SureWareHook_Info_Pubkey_t *) DSO_bind_func(surewarehk_dso, 514 n_surewarehk_Info_Pubkey)) 515|| !(p14 = 516 (SureWareHook_Load_Dsa_Pubkey_t *) DSO_bind_func(surewarehk_dso, 517 n_surewarehk_Load_Dsa_Pubkey)) 518|| !(p15 = 519 (SureWareHook_Mod_Exp_t *) DSO_bind_func(surewarehk_dso, 520 n_surewarehk_Mod_Exp))) { 521 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE); 522 goto err; 523 } 524 /* Copy the pointers */ 525 p_surewarehk_Init = p1; 526 p_surewarehk_Finish = p2; 527 p_surewarehk_Rand_Bytes = p3; 528 p_surewarehk_Rand_Seed = p4; 529 p_surewarehk_Load_Privkey = p5; 530 p_surewarehk_Load_Rsa_Pubkey = p6; 531 p_surewarehk_Free = p7; 532 p_surewarehk_Rsa_Priv_Dec = p8; 533 p_surewarehk_Rsa_Sign = p9; 534 p_surewarehk_Dsa_Sign = p12; 535 p_surewarehk_Info_Pubkey = p13; 536 p_surewarehk_Load_Dsa_Pubkey = p14; 537 p_surewarehk_Mod_Exp = p15; 538 /* Contact the hardware and initialises it. */ 539 if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) { 540 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE); 541 goto err; 542 } 543 if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) { 544 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE); 545 goto err; 546 } 547 /* 548 * try to load the default private key, if failed does not return a 549 * failure but wait for an explicit ENGINE_load_privakey 550 */ 551 surewarehk_load_privkey(e, NULL, NULL, NULL); 552 553 /* Everything's fine. */ 554# ifndef OPENSSL_NO_RSA 555 if (rsaHndidx == -1) 556 rsaHndidx = RSA_get_ex_new_index(0, 557 "SureWareHook RSA key handle", 558 NULL, NULL, surewarehk_ex_free); 559# endif 560# ifndef OPENSSL_NO_DSA 561 if (dsaHndidx == -1) 562 dsaHndidx = DSA_get_ex_new_index(0, 563 "SureWareHook DSA key handle", 564 NULL, NULL, surewarehk_ex_free); 565# endif 566 567 return 1; 568 err: 569 if (surewarehk_dso) 570 DSO_free(surewarehk_dso); 571 surewarehk_dso = NULL; 572 p_surewarehk_Init = NULL; 573 p_surewarehk_Finish = NULL; 574 p_surewarehk_Rand_Bytes = NULL; 575 p_surewarehk_Rand_Seed = NULL; 576 p_surewarehk_Load_Privkey = NULL; 577 p_surewarehk_Load_Rsa_Pubkey = NULL; 578 p_surewarehk_Free = NULL; 579 p_surewarehk_Rsa_Priv_Dec = NULL; 580 p_surewarehk_Rsa_Sign = NULL; 581 p_surewarehk_Dsa_Sign = NULL; 582 p_surewarehk_Info_Pubkey = NULL; 583 p_surewarehk_Load_Dsa_Pubkey = NULL; 584 p_surewarehk_Mod_Exp = NULL; 585 return 0; 586} 587 588static int surewarehk_finish(ENGINE *e) 589{ 590 int to_return = 1; 591 if (surewarehk_dso == NULL) { 592 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_NOT_LOADED); 593 to_return = 0; 594 goto err; 595 } 596 p_surewarehk_Finish(); 597 if (!DSO_free(surewarehk_dso)) { 598 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_DSO_FAILURE); 599 to_return = 0; 600 goto err; 601 } 602 err: 603 if (logstream) 604 BIO_free(logstream); 605 surewarehk_dso = NULL; 606 p_surewarehk_Init = NULL; 607 p_surewarehk_Finish = NULL; 608 p_surewarehk_Rand_Bytes = NULL; 609 p_surewarehk_Rand_Seed = NULL; 610 p_surewarehk_Load_Privkey = NULL; 611 p_surewarehk_Load_Rsa_Pubkey = NULL; 612 p_surewarehk_Free = NULL; 613 p_surewarehk_Rsa_Priv_Dec = NULL; 614 p_surewarehk_Rsa_Sign = NULL; 615 p_surewarehk_Dsa_Sign = NULL; 616 p_surewarehk_Info_Pubkey = NULL; 617 p_surewarehk_Load_Dsa_Pubkey = NULL; 618 p_surewarehk_Mod_Exp = NULL; 619 return to_return; 620} 621 622static void surewarehk_error_handling(char *const msg, int func, int ret) 623{ 624 switch (ret) { 625 case SUREWAREHOOK_ERROR_UNIT_FAILURE: 626 ENGINEerr(func, SUREWARE_R_UNIT_FAILURE); 627 break; 628 case SUREWAREHOOK_ERROR_FALLBACK: 629 ENGINEerr(func, SUREWARE_R_REQUEST_FALLBACK); 630 break; 631 case SUREWAREHOOK_ERROR_DATA_SIZE: 632 ENGINEerr(func, SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL); 633 break; 634 case SUREWAREHOOK_ERROR_INVALID_PAD: 635 ENGINEerr(func, SUREWARE_R_PADDING_CHECK_FAILED); 636 break; 637 default: 638 ENGINEerr(func, SUREWARE_R_REQUEST_FAILED); 639 break; 640 case 1: /* nothing */ 641 msg[0] = '\0'; 642 } 643 if (*msg) { 644 ERR_add_error_data(1, msg); 645 if (logstream) { 646 CRYPTO_w_lock(CRYPTO_LOCK_BIO); 647 BIO_write(logstream, msg, strlen(msg)); 648 CRYPTO_w_unlock(CRYPTO_LOCK_BIO); 649 } 650 } 651} 652 653static int surewarehk_rand_bytes(unsigned char *buf, int num) 654{ 655 int ret = 0; 656 char msg[64] = "ENGINE_rand_bytes"; 657 if (!p_surewarehk_Rand_Bytes) { 658 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES, 659 ENGINE_R_NOT_INITIALISED); 660 } else { 661 ret = p_surewarehk_Rand_Bytes(msg, buf, num); 662 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_BYTES, ret); 663 } 664 return ret == 1 ? 1 : 0; 665} 666 667static void surewarehk_rand_seed(const void *buf, int num) 668{ 669 int ret = 0; 670 char msg[64] = "ENGINE_rand_seed"; 671 if (!p_surewarehk_Rand_Seed) { 672 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED, 673 ENGINE_R_NOT_INITIALISED); 674 } else { 675 ret = p_surewarehk_Rand_Seed(msg, buf, num); 676 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_SEED, ret); 677 } 678} 679 680static void surewarehk_rand_add(const void *buf, int num, double entropy) 681{ 682 surewarehk_rand_seed(buf, num); 683} 684 685static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id, 686 char *hptr, unsigned long el, 687 char keytype) 688{ 689 EVP_PKEY *res = NULL; 690# ifndef OPENSSL_NO_RSA 691 RSA *rsatmp = NULL; 692# endif 693# ifndef OPENSSL_NO_DSA 694 DSA *dsatmp = NULL; 695# endif 696 char msg[64] = "sureware_load_public"; 697 int ret = 0; 698 if (!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey) { 699 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, 700 ENGINE_R_NOT_INITIALISED); 701 goto err; 702 } 703 switch (keytype) { 704# ifndef OPENSSL_NO_RSA 705 case 1: 706 /*RSA*/ 707 /* set private external reference */ 708 rsatmp = RSA_new_method(e); 709 RSA_set_ex_data(rsatmp, rsaHndidx, hptr); 710 rsatmp->flags |= RSA_FLAG_EXT_PKEY; 711 712 /* set public big nums */ 713 rsatmp->e = BN_new(); 714 rsatmp->n = BN_new(); 715 bn_expand2(rsatmp->e, el / sizeof(BN_ULONG)); 716 bn_expand2(rsatmp->n, el / sizeof(BN_ULONG)); 717 if (!rsatmp->e || rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) || 718 !rsatmp->n || rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG))) 719 goto err; 720 ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el, 721 (unsigned long *)rsatmp->n->d, 722 (unsigned long *)rsatmp->e->d); 723 surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret); 724 if (ret != 1) { 725 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, 726 ENGINE_R_FAILED_LOADING_PUBLIC_KEY); 727 goto err; 728 } 729 /* normalise pub e and pub n */ 730 rsatmp->e->top = el / sizeof(BN_ULONG); 731 bn_fix_top(rsatmp->e); 732 rsatmp->n->top = el / sizeof(BN_ULONG); 733 bn_fix_top(rsatmp->n); 734 /* create an EVP object: engine + rsa key */ 735 res = EVP_PKEY_new(); 736 EVP_PKEY_assign_RSA(res, rsatmp); 737 break; 738# endif 739 740# ifndef OPENSSL_NO_DSA 741 case 2: 742 /*DSA*/ 743 /* set private/public external reference */ 744 dsatmp = DSA_new_method(e); 745 DSA_set_ex_data(dsatmp, dsaHndidx, hptr); 746 /* 747 * dsatmp->flags |= DSA_FLAG_EXT_PKEY; 748 */ 749 750 /* set public key */ 751 dsatmp->pub_key = BN_new(); 752 dsatmp->p = BN_new(); 753 dsatmp->q = BN_new(); 754 dsatmp->g = BN_new(); 755 bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG)); 756 bn_expand2(dsatmp->p, el / sizeof(BN_ULONG)); 757 bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG)); 758 bn_expand2(dsatmp->g, el / sizeof(BN_ULONG)); 759 if (!dsatmp->pub_key 760 || dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG)) 761 || !dsatmp->p || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG)) 762 || !dsatmp->q || dsatmp->q->dmax != 20 / sizeof(BN_ULONG) 763 || !dsatmp->g || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG))) 764 goto err; 765 766 ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el, 767 (unsigned long *)dsatmp-> 768 pub_key->d, 769 (unsigned long *)dsatmp->p->d, 770 (unsigned long *)dsatmp->q->d, 771 (unsigned long *)dsatmp->g->d); 772 surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret); 773 if (ret != 1) { 774 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, 775 ENGINE_R_FAILED_LOADING_PUBLIC_KEY); 776 goto err; 777 } 778 /* set parameters */ 779 /* normalise pubkey and parameters in case of */ 780 dsatmp->pub_key->top = el / sizeof(BN_ULONG); 781 bn_fix_top(dsatmp->pub_key); 782 dsatmp->p->top = el / sizeof(BN_ULONG); 783 bn_fix_top(dsatmp->p); 784 dsatmp->q->top = 20 / sizeof(BN_ULONG); 785 bn_fix_top(dsatmp->q); 786 dsatmp->g->top = el / sizeof(BN_ULONG); 787 bn_fix_top(dsatmp->g); 788 789 /* create an EVP object: engine + rsa key */ 790 res = EVP_PKEY_new(); 791 EVP_PKEY_assign_DSA(res, dsatmp); 792 break; 793# endif 794 795 default: 796 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, 797 ENGINE_R_FAILED_LOADING_PRIVATE_KEY); 798 goto err; 799 } 800 return res; 801 err: 802# ifndef OPENSSL_NO_RSA 803 if (rsatmp) 804 RSA_free(rsatmp); 805# endif 806# ifndef OPENSSL_NO_DSA 807 if (dsatmp) 808 DSA_free(dsatmp); 809# endif 810 return NULL; 811} 812 813static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id, 814 UI_METHOD *ui_method, 815 void *callback_data) 816{ 817 EVP_PKEY *res = NULL; 818 int ret = 0; 819 unsigned long el = 0; 820 char *hptr = NULL; 821 char keytype = 0; 822 char msg[64] = "ENGINE_load_privkey"; 823 824 if (!p_surewarehk_Load_Privkey) { 825 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY, 826 ENGINE_R_NOT_INITIALISED); 827 } else { 828 ret = p_surewarehk_Load_Privkey(msg, key_id, &hptr, &el, &keytype); 829 if (ret != 1) { 830 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY, 831 ENGINE_R_FAILED_LOADING_PRIVATE_KEY); 832 ERR_add_error_data(1, msg); 833 } else 834 res = sureware_load_public(e, key_id, hptr, el, keytype); 835 } 836 return res; 837} 838 839static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id, 840 UI_METHOD *ui_method, 841 void *callback_data) 842{ 843 EVP_PKEY *res = NULL; 844 int ret = 0; 845 unsigned long el = 0; 846 char *hptr = NULL; 847 char keytype = 0; 848 char msg[64] = "ENGINE_load_pubkey"; 849 850 if (!p_surewarehk_Info_Pubkey) { 851 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY, 852 ENGINE_R_NOT_INITIALISED); 853 } else { 854 /* call once to identify if DSA or RSA */ 855 ret = p_surewarehk_Info_Pubkey(msg, key_id, &el, &keytype); 856 if (ret != 1) { 857 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY, 858 ENGINE_R_FAILED_LOADING_PUBLIC_KEY); 859 ERR_add_error_data(1, msg); 860 } else 861 res = sureware_load_public(e, key_id, hptr, el, keytype); 862 } 863 return res; 864} 865 866/* 867 * This cleans up an RSA/DSA KM key(do not destroy the key into the hardware) 868 * , called when ex_data is freed 869 */ 870static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, 871 int idx, long argl, void *argp) 872{ 873 if (!p_surewarehk_Free) { 874 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE, ENGINE_R_NOT_INITIALISED); 875 } else 876 p_surewarehk_Free((char *)item, 0); 877} 878 879# if 0 880/* not currently used (bug?) */ 881/* 882 * This cleans up an DH KM key (destroys the key into hardware), called when 883 * ex_data is freed 884 */ 885static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, 886 int idx, long argl, void *argp) 887{ 888 if (!p_surewarehk_Free) { 889 SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE, 890 ENGINE_R_NOT_INITIALISED); 891 } else 892 p_surewarehk_Free((char *)item, 1); 893} 894# endif 895 896/* 897 * return number of decrypted bytes 898 */ 899# ifndef OPENSSL_NO_RSA 900static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from, 901 unsigned char *to, RSA *rsa, int padding) 902{ 903 int ret = 0, tlen; 904 char *buf = NULL, *hptr = NULL; 905 char msg[64] = "ENGINE_rsa_priv_dec"; 906 if (!p_surewarehk_Rsa_Priv_Dec) { 907 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 908 ENGINE_R_NOT_INITIALISED); 909 } 910 /* extract ref to private key */ 911 else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) { 912 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 913 SUREWARE_R_MISSING_KEY_COMPONENTS); 914 goto err; 915 } 916 /* analyse what padding we can do into the hardware */ 917 if (padding == RSA_PKCS1_PADDING) { 918 /* do it one shot */ 919 ret = 920 p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen, 921 to, hptr, SUREWARE_PKCS1_PAD); 922 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 923 ret); 924 if (ret != 1) 925 goto err; 926 ret = tlen; 927 } else { /* do with no padding into hardware */ 928 929 ret = 930 p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen, 931 to, hptr, SUREWARE_NO_PAD); 932 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 933 ret); 934 if (ret != 1) 935 goto err; 936 /* intermediate buffer for padding */ 937 if ((buf = OPENSSL_malloc(tlen)) == NULL) { 938 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 939 ERR_R_MALLOC_FAILURE); 940 goto err; 941 } 942 memcpy(buf, to, tlen); /* transfert to into buf */ 943 switch (padding) { /* check padding in software */ 944# ifndef OPENSSL_NO_SHA 945 case RSA_PKCS1_OAEP_PADDING: 946 ret = 947 RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf, 948 tlen, tlen, NULL, 0); 949 break; 950# endif 951 case RSA_SSLV23_PADDING: 952 ret = 953 RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen, 954 tlen); 955 break; 956 case RSA_NO_PADDING: 957 ret = 958 RSA_padding_check_none(to, tlen, (unsigned char *)buf, flen, 959 tlen); 960 break; 961 default: 962 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 963 SUREWARE_R_UNKNOWN_PADDING_TYPE); 964 goto err; 965 } 966 if (ret < 0) 967 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 968 SUREWARE_R_PADDING_CHECK_FAILED); 969 } 970 err: 971 if (buf) { 972 OPENSSL_cleanse(buf, tlen); 973 OPENSSL_free(buf); 974 } 975 return ret; 976} 977 978/* 979 * Does what OpenSSL rsa_priv_enc does. 980 */ 981static int surewarehk_rsa_sign(int flen, const unsigned char *from, 982 unsigned char *to, RSA *rsa, int padding) 983{ 984 int ret = 0, tlen; 985 char *hptr = NULL; 986 char msg[64] = "ENGINE_rsa_sign"; 987 if (!p_surewarehk_Rsa_Sign) { 988 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, ENGINE_R_NOT_INITIALISED); 989 } 990 /* extract ref to private key */ 991 else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) { 992 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, 993 SUREWARE_R_MISSING_KEY_COMPONENTS); 994 } else { 995 switch (padding) { 996 case RSA_PKCS1_PADDING: /* do it in one shot */ 997 ret = 998 p_surewarehk_Rsa_Sign(msg, flen, (unsigned char *)from, &tlen, 999 to, hptr, SUREWARE_PKCS1_PAD); 1000 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_SIGN, 1001 ret); 1002 break; 1003 case RSA_NO_PADDING: 1004 default: 1005 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, 1006 SUREWARE_R_UNKNOWN_PADDING_TYPE); 1007 } 1008 } 1009 return ret == 1 ? tlen : ret; 1010} 1011 1012# endif 1013 1014# ifndef OPENSSL_NO_DSA 1015/* DSA sign and verify */ 1016static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen, 1017 DSA *dsa) 1018{ 1019 int ret = 0; 1020 char *hptr = NULL; 1021 DSA_SIG *psign = NULL; 1022 char msg[64] = "ENGINE_dsa_do_sign"; 1023 if (!p_surewarehk_Dsa_Sign) { 1024 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, 1025 ENGINE_R_NOT_INITIALISED); 1026 goto err; 1027 } 1028 /* extract ref to private key */ 1029 else if (!(hptr = DSA_get_ex_data(dsa, dsaHndidx))) { 1030 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, 1031 SUREWARE_R_MISSING_KEY_COMPONENTS); 1032 goto err; 1033 } else { 1034 if ((psign = DSA_SIG_new()) == NULL) { 1035 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, 1036 ERR_R_MALLOC_FAILURE); 1037 goto err; 1038 } 1039 psign->r = BN_new(); 1040 psign->s = BN_new(); 1041 bn_expand2(psign->r, 20 / sizeof(BN_ULONG)); 1042 bn_expand2(psign->s, 20 / sizeof(BN_ULONG)); 1043 if (!psign->r || psign->r->dmax != 20 / sizeof(BN_ULONG) || 1044 !psign->s || psign->s->dmax != 20 / sizeof(BN_ULONG)) 1045 goto err; 1046 ret = p_surewarehk_Dsa_Sign(msg, flen, from, 1047 (unsigned long *)psign->r->d, 1048 (unsigned long *)psign->s->d, hptr); 1049 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, 1050 ret); 1051 } 1052 psign->r->top = 20 / sizeof(BN_ULONG); 1053 bn_fix_top(psign->r); 1054 psign->s->top = 20 / sizeof(BN_ULONG); 1055 bn_fix_top(psign->s); 1056 1057 err: 1058 if (psign) { 1059 DSA_SIG_free(psign); 1060 psign = NULL; 1061 } 1062 return psign; 1063} 1064# endif 1065 1066static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 1067 const BIGNUM *m, BN_CTX *ctx) 1068{ 1069 int ret = 0; 1070 char msg[64] = "ENGINE_modexp"; 1071 if (!p_surewarehk_Mod_Exp) { 1072 SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED); 1073 } else { 1074 bn_expand2(r, m->top); 1075 if (r && r->dmax == m->top) { 1076 /* do it */ 1077 ret = p_surewarehk_Mod_Exp(msg, 1078 m->top * sizeof(BN_ULONG), 1079 (unsigned long *)m->d, 1080 p->top * sizeof(BN_ULONG), 1081 (unsigned long *)p->d, 1082 a->top * sizeof(BN_ULONG), 1083 (unsigned long *)a->d, 1084 (unsigned long *)r->d); 1085 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_MODEXP, ret); 1086 if (ret == 1) { 1087 /* normalise result */ 1088 r->top = m->top; 1089 bn_fix_top(r); 1090 } 1091 } 1092 } 1093 return ret; 1094} 1095# endif /* !OPENSSL_NO_HW_SureWare */ 1096#endif /* !OPENSSL_NO_HW */ 1097