e_sureware.c revision 296341
1/*- 2* Written by Corinne Dive-Reclus(cdive@baltimore.com) 3* 4* 5* Redistribution and use in source and binary forms, with or without 6* modification, are permitted provided that the following conditions 7* are met: 8* 9* 1. Redistributions of source code must retain the above copyright 10* notice, this list of conditions and the following disclaimer. 11* 12* 2. Redistributions in binary form must reproduce the above copyright 13* notice, this list of conditions and the following disclaimer in 14* the documentation and/or other materials provided with the 15* distribution. 16* 17* 3. All advertising materials mentioning features or use of this 18* software must display the following acknowledgment: 19* "This product includes software developed by the OpenSSL Project 20* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 21* 22* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23* endorse or promote products derived from this software without 24* prior written permission. For written permission, please contact 25* licensing@OpenSSL.org. 26* 27* 5. Products derived from this software may not be called "OpenSSL" 28* nor may "OpenSSL" appear in their names without prior written 29* permission of the OpenSSL Project. 30* 31* 6. Redistributions of any form whatsoever must retain the following 32* acknowledgment: 33* "This product includes software developed by the OpenSSL Project 34* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 35* 36* Written by Corinne Dive-Reclus(cdive@baltimore.com) 37* 38* Copyright@2001 Baltimore Technologies Ltd. 39* All right Reserved. 40* * 41* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND * 42* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * 43* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * 44* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE * 45* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * 46* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * 47* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * 48* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * 49* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * 50* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * 51* SUCH DAMAGE. * 52====================================================================*/ 53 54#include <stdio.h> 55#include <string.h> 56#include <openssl/crypto.h> 57#include <openssl/pem.h> 58#include <openssl/dso.h> 59#include <openssl/engine.h> 60#include <openssl/rand.h> 61#ifndef OPENSSL_NO_RSA 62# include <openssl/rsa.h> 63#endif 64#ifndef OPENSSL_NO_DSA 65# include <openssl/dsa.h> 66#endif 67#ifndef OPENSSL_NO_DH 68# include <openssl/dh.h> 69#endif 70#include <openssl/bn.h> 71 72#ifndef OPENSSL_NO_HW 73# ifndef OPENSSL_NO_HW_SUREWARE 74 75# ifdef FLAT_INC 76# include "sureware.h" 77# else 78# include "vendor_defns/sureware.h" 79# endif 80 81# define SUREWARE_LIB_NAME "sureware engine" 82# include "e_sureware_err.c" 83 84static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, 85 void (*f) (void)); 86static int surewarehk_destroy(ENGINE *e); 87static int surewarehk_init(ENGINE *e); 88static int surewarehk_finish(ENGINE *e); 89static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 90 const BIGNUM *m, BN_CTX *ctx); 91 92/* RSA stuff */ 93# ifndef OPENSSL_NO_RSA 94static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from, 95 unsigned char *to, RSA *rsa, int padding); 96static int surewarehk_rsa_sign(int flen, const unsigned char *from, 97 unsigned char *to, RSA *rsa, int padding); 98# endif 99 100/* RAND stuff */ 101static int surewarehk_rand_bytes(unsigned char *buf, int num); 102static void surewarehk_rand_seed(const void *buf, int num); 103static void surewarehk_rand_add(const void *buf, int num, double entropy); 104 105/* KM stuff */ 106static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id, 107 UI_METHOD *ui_method, 108 void *callback_data); 109static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id, 110 UI_METHOD *ui_method, 111 void *callback_data); 112static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, 113 int idx, long argl, void *argp); 114# if 0 115static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, 116 int idx, long argl, void *argp); 117# endif 118 119# ifndef OPENSSL_NO_RSA 120/* This function is aliased to mod_exp (with the mont stuff dropped). */ 121static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, 122 const BIGNUM *p, const BIGNUM *m, 123 BN_CTX *ctx, BN_MONT_CTX *m_ctx) 124{ 125 return surewarehk_modexp(r, a, p, m, ctx); 126} 127 128/* Our internal RSA_METHOD that we provide pointers to */ 129static RSA_METHOD surewarehk_rsa = { 130 "SureWare RSA method", 131 NULL, /* pub_enc */ 132 NULL, /* pub_dec */ 133 surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc */ 134 surewarehk_rsa_priv_dec, /* priv_dec */ 135 NULL, /* mod_exp */ 136 surewarehk_mod_exp_mont, /* mod_exp_mongomery */ 137 NULL, /* init */ 138 NULL, /* finish */ 139 0, /* RSA flag */ 140 NULL, 141 NULL, /* OpenSSL sign */ 142 NULL, /* OpenSSL verify */ 143 NULL /* keygen */ 144}; 145# endif 146 147# ifndef OPENSSL_NO_DH 148/* Our internal DH_METHOD that we provide pointers to */ 149/* This function is aliased to mod_exp (with the dh and mont dropped). */ 150static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, 151 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, 152 BN_MONT_CTX *m_ctx) 153{ 154 return surewarehk_modexp(r, a, p, m, ctx); 155} 156 157static DH_METHOD surewarehk_dh = { 158 "SureWare DH method", 159 NULL, /* gen_key */ 160 NULL, /* agree, */ 161 surewarehk_modexp_dh, /* dh mod exp */ 162 NULL, /* init */ 163 NULL, /* finish */ 164 0, /* flags */ 165 NULL, 166 NULL 167}; 168# endif 169 170static RAND_METHOD surewarehk_rand = { 171 /* "SureWare RAND method", */ 172 surewarehk_rand_seed, 173 surewarehk_rand_bytes, 174 NULL, /* cleanup */ 175 surewarehk_rand_add, 176 surewarehk_rand_bytes, 177 NULL, /* rand_status */ 178}; 179 180# ifndef OPENSSL_NO_DSA 181/* DSA stuff */ 182static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, 183 DSA *dsa); 184static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, 185 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, 186 BIGNUM *m, BN_CTX *ctx, 187 BN_MONT_CTX *in_mont) 188{ 189 BIGNUM t; 190 int to_return = 0; 191 BN_init(&t); 192 /* let rr = a1 ^ p1 mod m */ 193 if (!surewarehk_modexp(rr, a1, p1, m, ctx)) 194 goto end; 195 /* let t = a2 ^ p2 mod m */ 196 if (!surewarehk_modexp(&t, a2, p2, m, ctx)) 197 goto end; 198 /* let rr = rr * t mod m */ 199 if (!BN_mod_mul(rr, rr, &t, m, ctx)) 200 goto end; 201 to_return = 1; 202 end: 203 BN_free(&t); 204 return to_return; 205} 206 207static DSA_METHOD surewarehk_dsa = { 208 "SureWare DSA method", 209 surewarehk_dsa_do_sign, 210 NULL, /* sign setup */ 211 NULL, /* verify, */ 212 surewarehk_dsa_mod_exp, /* mod exp */ 213 NULL, /* bn mod exp */ 214 NULL, /* init */ 215 NULL, /* finish */ 216 0, 217 NULL, 218 NULL, 219 NULL 220}; 221# endif 222 223static const char *engine_sureware_id = "sureware"; 224static const char *engine_sureware_name = "SureWare hardware engine support"; 225 226/* Now, to our own code */ 227 228/* 229 * As this is only ever called once, there's no need for locking (indeed - 230 * the lock will already be held by our caller!!!) 231 */ 232static int bind_sureware(ENGINE *e) 233{ 234# ifndef OPENSSL_NO_RSA 235 const RSA_METHOD *meth1; 236# endif 237# ifndef OPENSSL_NO_DSA 238 const DSA_METHOD *meth2; 239# endif 240# ifndef OPENSSL_NO_DH 241 const DH_METHOD *meth3; 242# endif 243 244 if (!ENGINE_set_id(e, engine_sureware_id) || 245 !ENGINE_set_name(e, engine_sureware_name) || 246# ifndef OPENSSL_NO_RSA 247 !ENGINE_set_RSA(e, &surewarehk_rsa) || 248# endif 249# ifndef OPENSSL_NO_DSA 250 !ENGINE_set_DSA(e, &surewarehk_dsa) || 251# endif 252# ifndef OPENSSL_NO_DH 253 !ENGINE_set_DH(e, &surewarehk_dh) || 254# endif 255 !ENGINE_set_RAND(e, &surewarehk_rand) || 256 !ENGINE_set_destroy_function(e, surewarehk_destroy) || 257 !ENGINE_set_init_function(e, surewarehk_init) || 258 !ENGINE_set_finish_function(e, surewarehk_finish) || 259 !ENGINE_set_ctrl_function(e, surewarehk_ctrl) || 260 !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) || 261 !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey)) 262 return 0; 263 264# ifndef OPENSSL_NO_RSA 265 /* 266 * We know that the "PKCS1_SSLeay()" functions hook properly to the 267 * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB: 268 * We don't use ENGINE_openssl() or anything "more generic" because 269 * something like the RSAref code may not hook properly, and if you own 270 * one of these cards then you have the right to do RSA operations on it 271 * anyway! 272 */ 273 meth1 = RSA_PKCS1_SSLeay(); 274 if (meth1) { 275 surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; 276 surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; 277 } 278# endif 279 280# ifndef OPENSSL_NO_DSA 281 /* 282 * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits. 283 */ 284 meth2 = DSA_OpenSSL(); 285 if (meth2) { 286 surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify; 287 } 288# endif 289 290# ifndef OPENSSL_NO_DH 291 /* Much the same for Diffie-Hellman */ 292 meth3 = DH_OpenSSL(); 293 if (meth3) { 294 surewarehk_dh.generate_key = meth3->generate_key; 295 surewarehk_dh.compute_key = meth3->compute_key; 296 } 297# endif 298 299 /* Ensure the sureware error handling is set up */ 300 ERR_load_SUREWARE_strings(); 301 return 1; 302} 303 304# ifndef OPENSSL_NO_DYNAMIC_ENGINE 305static int bind_helper(ENGINE *e, const char *id) 306{ 307 if (id && (strcmp(id, engine_sureware_id) != 0)) 308 return 0; 309 if (!bind_sureware(e)) 310 return 0; 311 return 1; 312} 313 314IMPLEMENT_DYNAMIC_CHECK_FN() 315 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) 316# else 317static ENGINE *engine_sureware(void) 318{ 319 ENGINE *ret = ENGINE_new(); 320 if (!ret) 321 return NULL; 322 if (!bind_sureware(ret)) { 323 ENGINE_free(ret); 324 return NULL; 325 } 326 return ret; 327} 328 329void ENGINE_load_sureware(void) 330{ 331 /* Copied from eng_[openssl|dyn].c */ 332 ENGINE *toadd = engine_sureware(); 333 if (!toadd) 334 return; 335 ENGINE_add(toadd); 336 ENGINE_free(toadd); 337 ERR_clear_error(); 338} 339# endif 340 341/* 342 * This is a process-global DSO handle used for loading and unloading the 343 * SureWareHook library. NB: This is only set (or unset) during an init() or 344 * finish() call (reference counts permitting) and they're operating with 345 * global locks, so this should be thread-safe implicitly. 346 */ 347static DSO *surewarehk_dso = NULL; 348# ifndef OPENSSL_NO_RSA 349/* Index for KM handle. Not really used yet. */ 350static int rsaHndidx = -1; 351# endif 352# ifndef OPENSSL_NO_DSA 353/* Index for KM handle. Not really used yet. */ 354static int dsaHndidx = -1; 355# endif 356 357/* 358 * These are the function pointers that are (un)set when the library has 359 * successfully (un)loaded. 360 */ 361static SureWareHook_Init_t *p_surewarehk_Init = NULL; 362static SureWareHook_Finish_t *p_surewarehk_Finish = NULL; 363static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL; 364static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL; 365static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL; 366static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL; 367static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL; 368static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL; 369static SureWareHook_Free_t *p_surewarehk_Free = NULL; 370static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec = NULL; 371static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign = NULL; 372static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign = NULL; 373static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp = NULL; 374 375/* Used in the DSO operations. */ 376static const char *surewarehk_LIBNAME = "SureWareHook"; 377static const char *n_surewarehk_Init = "SureWareHook_Init"; 378static const char *n_surewarehk_Finish = "SureWareHook_Finish"; 379static const char *n_surewarehk_Rand_Bytes = "SureWareHook_Rand_Bytes"; 380static const char *n_surewarehk_Rand_Seed = "SureWareHook_Rand_Seed"; 381static const char *n_surewarehk_Load_Privkey = "SureWareHook_Load_Privkey"; 382static const char *n_surewarehk_Info_Pubkey = "SureWareHook_Info_Pubkey"; 383static const char *n_surewarehk_Load_Rsa_Pubkey = 384 "SureWareHook_Load_Rsa_Pubkey"; 385static const char *n_surewarehk_Load_Dsa_Pubkey = 386 "SureWareHook_Load_Dsa_Pubkey"; 387static const char *n_surewarehk_Free = "SureWareHook_Free"; 388static const char *n_surewarehk_Rsa_Priv_Dec = "SureWareHook_Rsa_Priv_Dec"; 389static const char *n_surewarehk_Rsa_Sign = "SureWareHook_Rsa_Sign"; 390static const char *n_surewarehk_Dsa_Sign = "SureWareHook_Dsa_Sign"; 391static const char *n_surewarehk_Mod_Exp = "SureWareHook_Mod_Exp"; 392static BIO *logstream = NULL; 393 394/* 395 * SureWareHook library functions and mechanics - these are used by the 396 * higher-level functions further down. NB: As and where there's no error 397 * checking, take a look lower down where these functions are called, the 398 * checking and error handling is probably down there. 399 */ 400static int threadsafe = 1; 401static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, 402 void (*f) (void)) 403{ 404 int to_return = 1; 405 406 switch (cmd) { 407 case ENGINE_CTRL_SET_LOGSTREAM: 408 { 409 BIO *bio = (BIO *)p; 410 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 411 if (logstream) { 412 BIO_free(logstream); 413 logstream = NULL; 414 } 415 if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1) 416 logstream = bio; 417 else 418 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL, 419 SUREWARE_R_BIO_WAS_FREED); 420 } 421 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); 422 break; 423 /* 424 * This will prevent the initialisation function from "installing" 425 * the mutex-handling callbacks, even if they are available from 426 * within the library (or were provided to the library from the 427 * calling application). This is to remove any baggage for 428 * applications not using multithreading. 429 */ 430 case ENGINE_CTRL_CHIL_NO_LOCKING: 431 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); 432 threadsafe = 0; 433 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); 434 break; 435 436 /* The command isn't understood by this engine */ 437 default: 438 SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL, 439 ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); 440 to_return = 0; 441 break; 442 } 443 444 return to_return; 445} 446 447/* Destructor (complements the "ENGINE_surewarehk()" constructor) */ 448static int surewarehk_destroy(ENGINE *e) 449{ 450 ERR_unload_SUREWARE_strings(); 451 return 1; 452} 453 454/* (de)initialisation functions. */ 455static int surewarehk_init(ENGINE *e) 456{ 457 char msg[64] = "ENGINE_init"; 458 SureWareHook_Init_t *p1 = NULL; 459 SureWareHook_Finish_t *p2 = NULL; 460 SureWareHook_Rand_Bytes_t *p3 = NULL; 461 SureWareHook_Rand_Seed_t *p4 = NULL; 462 SureWareHook_Load_Privkey_t *p5 = NULL; 463 SureWareHook_Load_Rsa_Pubkey_t *p6 = NULL; 464 SureWareHook_Free_t *p7 = NULL; 465 SureWareHook_Rsa_Priv_Dec_t *p8 = NULL; 466 SureWareHook_Rsa_Sign_t *p9 = NULL; 467 SureWareHook_Dsa_Sign_t *p12 = NULL; 468 SureWareHook_Info_Pubkey_t *p13 = NULL; 469 SureWareHook_Load_Dsa_Pubkey_t *p14 = NULL; 470 SureWareHook_Mod_Exp_t *p15 = NULL; 471 472 if (surewarehk_dso != NULL) { 473 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_ALREADY_LOADED); 474 goto err; 475 } 476 /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */ 477 surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0); 478 if (surewarehk_dso == NULL) { 479 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE); 480 goto err; 481 } 482 if (! 483 (p1 = 484 (SureWareHook_Init_t *) DSO_bind_func(surewarehk_dso, 485 n_surewarehk_Init)) 486|| !(p2 = 487 (SureWareHook_Finish_t *) DSO_bind_func(surewarehk_dso, 488 n_surewarehk_Finish)) 489|| !(p3 = 490 (SureWareHook_Rand_Bytes_t *) DSO_bind_func(surewarehk_dso, 491 n_surewarehk_Rand_Bytes)) 492|| !(p4 = 493 (SureWareHook_Rand_Seed_t *) DSO_bind_func(surewarehk_dso, 494 n_surewarehk_Rand_Seed)) 495|| !(p5 = 496 (SureWareHook_Load_Privkey_t *) DSO_bind_func(surewarehk_dso, 497 n_surewarehk_Load_Privkey)) 498|| !(p6 = 499 (SureWareHook_Load_Rsa_Pubkey_t *) DSO_bind_func(surewarehk_dso, 500 n_surewarehk_Load_Rsa_Pubkey)) 501|| !(p7 = 502 (SureWareHook_Free_t *) DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) 503|| !(p8 = 504 (SureWareHook_Rsa_Priv_Dec_t *) DSO_bind_func(surewarehk_dso, 505 n_surewarehk_Rsa_Priv_Dec)) 506|| !(p9 = 507 (SureWareHook_Rsa_Sign_t *) DSO_bind_func(surewarehk_dso, 508 n_surewarehk_Rsa_Sign)) 509|| !(p12 = 510 (SureWareHook_Dsa_Sign_t *) DSO_bind_func(surewarehk_dso, 511 n_surewarehk_Dsa_Sign)) 512|| !(p13 = 513 (SureWareHook_Info_Pubkey_t *) DSO_bind_func(surewarehk_dso, 514 n_surewarehk_Info_Pubkey)) 515|| !(p14 = 516 (SureWareHook_Load_Dsa_Pubkey_t *) DSO_bind_func(surewarehk_dso, 517 n_surewarehk_Load_Dsa_Pubkey)) 518|| !(p15 = 519 (SureWareHook_Mod_Exp_t *) DSO_bind_func(surewarehk_dso, 520 n_surewarehk_Mod_Exp))) { 521 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE); 522 goto err; 523 } 524 /* Copy the pointers */ 525 p_surewarehk_Init = p1; 526 p_surewarehk_Finish = p2; 527 p_surewarehk_Rand_Bytes = p3; 528 p_surewarehk_Rand_Seed = p4; 529 p_surewarehk_Load_Privkey = p5; 530 p_surewarehk_Load_Rsa_Pubkey = p6; 531 p_surewarehk_Free = p7; 532 p_surewarehk_Rsa_Priv_Dec = p8; 533 p_surewarehk_Rsa_Sign = p9; 534 p_surewarehk_Dsa_Sign = p12; 535 p_surewarehk_Info_Pubkey = p13; 536 p_surewarehk_Load_Dsa_Pubkey = p14; 537 p_surewarehk_Mod_Exp = p15; 538 /* Contact the hardware and initialises it. */ 539 if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) { 540 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE); 541 goto err; 542 } 543 if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) { 544 SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE); 545 goto err; 546 } 547 /* 548 * try to load the default private key, if failed does not return a 549 * failure but wait for an explicit ENGINE_load_privakey 550 */ 551 surewarehk_load_privkey(e, NULL, NULL, NULL); 552 553 /* Everything's fine. */ 554# ifndef OPENSSL_NO_RSA 555 if (rsaHndidx == -1) 556 rsaHndidx = RSA_get_ex_new_index(0, 557 "SureWareHook RSA key handle", 558 NULL, NULL, surewarehk_ex_free); 559# endif 560# ifndef OPENSSL_NO_DSA 561 if (dsaHndidx == -1) 562 dsaHndidx = DSA_get_ex_new_index(0, 563 "SureWareHook DSA key handle", 564 NULL, NULL, surewarehk_ex_free); 565# endif 566 567 return 1; 568 err: 569 if (surewarehk_dso) 570 DSO_free(surewarehk_dso); 571 surewarehk_dso = NULL; 572 p_surewarehk_Init = NULL; 573 p_surewarehk_Finish = NULL; 574 p_surewarehk_Rand_Bytes = NULL; 575 p_surewarehk_Rand_Seed = NULL; 576 p_surewarehk_Load_Privkey = NULL; 577 p_surewarehk_Load_Rsa_Pubkey = NULL; 578 p_surewarehk_Free = NULL; 579 p_surewarehk_Rsa_Priv_Dec = NULL; 580 p_surewarehk_Rsa_Sign = NULL; 581 p_surewarehk_Dsa_Sign = NULL; 582 p_surewarehk_Info_Pubkey = NULL; 583 p_surewarehk_Load_Dsa_Pubkey = NULL; 584 p_surewarehk_Mod_Exp = NULL; 585 return 0; 586} 587 588static int surewarehk_finish(ENGINE *e) 589{ 590 int to_return = 1; 591 if (surewarehk_dso == NULL) { 592 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_NOT_LOADED); 593 to_return = 0; 594 goto err; 595 } 596 p_surewarehk_Finish(); 597 if (!DSO_free(surewarehk_dso)) { 598 SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_DSO_FAILURE); 599 to_return = 0; 600 goto err; 601 } 602 err: 603 if (logstream) 604 BIO_free(logstream); 605 surewarehk_dso = NULL; 606 p_surewarehk_Init = NULL; 607 p_surewarehk_Finish = NULL; 608 p_surewarehk_Rand_Bytes = NULL; 609 p_surewarehk_Rand_Seed = NULL; 610 p_surewarehk_Load_Privkey = NULL; 611 p_surewarehk_Load_Rsa_Pubkey = NULL; 612 p_surewarehk_Free = NULL; 613 p_surewarehk_Rsa_Priv_Dec = NULL; 614 p_surewarehk_Rsa_Sign = NULL; 615 p_surewarehk_Dsa_Sign = NULL; 616 p_surewarehk_Info_Pubkey = NULL; 617 p_surewarehk_Load_Dsa_Pubkey = NULL; 618 p_surewarehk_Mod_Exp = NULL; 619 return to_return; 620} 621 622static void surewarehk_error_handling(char *const msg, int func, int ret) 623{ 624 switch (ret) { 625 case SUREWAREHOOK_ERROR_UNIT_FAILURE: 626 ENGINEerr(func, SUREWARE_R_UNIT_FAILURE); 627 break; 628 case SUREWAREHOOK_ERROR_FALLBACK: 629 ENGINEerr(func, SUREWARE_R_REQUEST_FALLBACK); 630 break; 631 case SUREWAREHOOK_ERROR_DATA_SIZE: 632 ENGINEerr(func, SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL); 633 break; 634 case SUREWAREHOOK_ERROR_INVALID_PAD: 635 ENGINEerr(func, SUREWARE_R_PADDING_CHECK_FAILED); 636 break; 637 default: 638 ENGINEerr(func, SUREWARE_R_REQUEST_FAILED); 639 break; 640 case 1: /* nothing */ 641 msg[0] = '\0'; 642 } 643 if (*msg) { 644 ERR_add_error_data(1, msg); 645 if (logstream) { 646 CRYPTO_w_lock(CRYPTO_LOCK_BIO); 647 BIO_write(logstream, msg, strlen(msg)); 648 CRYPTO_w_unlock(CRYPTO_LOCK_BIO); 649 } 650 } 651} 652 653static int surewarehk_rand_bytes(unsigned char *buf, int num) 654{ 655 int ret = 0; 656 char msg[64] = "ENGINE_rand_bytes"; 657 if (!p_surewarehk_Rand_Bytes) { 658 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES, 659 ENGINE_R_NOT_INITIALISED); 660 } else { 661 ret = p_surewarehk_Rand_Bytes(msg, buf, num); 662 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_BYTES, ret); 663 } 664 return ret == 1 ? 1 : 0; 665} 666 667static void surewarehk_rand_seed(const void *buf, int num) 668{ 669 int ret = 0; 670 char msg[64] = "ENGINE_rand_seed"; 671 if (!p_surewarehk_Rand_Seed) { 672 SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED, 673 ENGINE_R_NOT_INITIALISED); 674 } else { 675 ret = p_surewarehk_Rand_Seed(msg, buf, num); 676 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_SEED, ret); 677 } 678} 679 680static void surewarehk_rand_add(const void *buf, int num, double entropy) 681{ 682 surewarehk_rand_seed(buf, num); 683} 684 685static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id, 686 char *hptr, unsigned long el, 687 char keytype) 688{ 689 EVP_PKEY *res = NULL; 690# ifndef OPENSSL_NO_RSA 691 RSA *rsatmp = NULL; 692# endif 693# ifndef OPENSSL_NO_DSA 694 DSA *dsatmp = NULL; 695# endif 696 char msg[64] = "sureware_load_public"; 697 int ret = 0; 698 if (!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey) { 699 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, 700 ENGINE_R_NOT_INITIALISED); 701 goto err; 702 } 703 switch (keytype) { 704# ifndef OPENSSL_NO_RSA 705 case 1: 706 /*RSA*/ 707 /* set private external reference */ 708 rsatmp = RSA_new_method(e); 709 RSA_set_ex_data(rsatmp, rsaHndidx, hptr); 710 rsatmp->flags |= RSA_FLAG_EXT_PKEY; 711 712 /* set public big nums */ 713 rsatmp->e = BN_new(); 714 rsatmp->n = BN_new(); 715 if(!rsatmp->e || !rsatmp->n) 716 goto err; 717 bn_expand2(rsatmp->e, el / sizeof(BN_ULONG)); 718 bn_expand2(rsatmp->n, el / sizeof(BN_ULONG)); 719 if (rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) || 720 rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG))) 721 goto err; 722 ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el, 723 (unsigned long *)rsatmp->n->d, 724 (unsigned long *)rsatmp->e->d); 725 surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret); 726 if (ret != 1) { 727 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, 728 ENGINE_R_FAILED_LOADING_PUBLIC_KEY); 729 goto err; 730 } 731 /* normalise pub e and pub n */ 732 rsatmp->e->top = el / sizeof(BN_ULONG); 733 bn_fix_top(rsatmp->e); 734 rsatmp->n->top = el / sizeof(BN_ULONG); 735 bn_fix_top(rsatmp->n); 736 /* create an EVP object: engine + rsa key */ 737 res = EVP_PKEY_new(); 738 EVP_PKEY_assign_RSA(res, rsatmp); 739 break; 740# endif 741 742# ifndef OPENSSL_NO_DSA 743 case 2: 744 /*DSA*/ 745 /* set private/public external reference */ 746 dsatmp = DSA_new_method(e); 747 DSA_set_ex_data(dsatmp, dsaHndidx, hptr); 748 /* 749 * dsatmp->flags |= DSA_FLAG_EXT_PKEY; 750 */ 751 752 /* set public key */ 753 dsatmp->pub_key = BN_new(); 754 dsatmp->p = BN_new(); 755 dsatmp->q = BN_new(); 756 dsatmp->g = BN_new(); 757 if(!dsatmp->pub_key || !dsatmp->p || !dsatmp->q || !dsatmp->g) 758 goto err; 759 bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG)); 760 bn_expand2(dsatmp->p, el / sizeof(BN_ULONG)); 761 bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG)); 762 bn_expand2(dsatmp->g, el / sizeof(BN_ULONG)); 763 if (dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG)) 764 || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG)) 765 || dsatmp->q->dmax != 20 / sizeof(BN_ULONG) 766 || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG))) 767 goto err; 768 769 ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el, 770 (unsigned long *)dsatmp-> 771 pub_key->d, 772 (unsigned long *)dsatmp->p->d, 773 (unsigned long *)dsatmp->q->d, 774 (unsigned long *)dsatmp->g->d); 775 surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret); 776 if (ret != 1) { 777 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, 778 ENGINE_R_FAILED_LOADING_PUBLIC_KEY); 779 goto err; 780 } 781 /* set parameters */ 782 /* normalise pubkey and parameters in case of */ 783 dsatmp->pub_key->top = el / sizeof(BN_ULONG); 784 bn_fix_top(dsatmp->pub_key); 785 dsatmp->p->top = el / sizeof(BN_ULONG); 786 bn_fix_top(dsatmp->p); 787 dsatmp->q->top = 20 / sizeof(BN_ULONG); 788 bn_fix_top(dsatmp->q); 789 dsatmp->g->top = el / sizeof(BN_ULONG); 790 bn_fix_top(dsatmp->g); 791 792 /* create an EVP object: engine + rsa key */ 793 res = EVP_PKEY_new(); 794 EVP_PKEY_assign_DSA(res, dsatmp); 795 break; 796# endif 797 798 default: 799 SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC, 800 ENGINE_R_FAILED_LOADING_PRIVATE_KEY); 801 goto err; 802 } 803 return res; 804 err: 805# ifndef OPENSSL_NO_RSA 806 if (rsatmp) 807 RSA_free(rsatmp); 808# endif 809# ifndef OPENSSL_NO_DSA 810 if (dsatmp) 811 DSA_free(dsatmp); 812# endif 813 return NULL; 814} 815 816static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id, 817 UI_METHOD *ui_method, 818 void *callback_data) 819{ 820 EVP_PKEY *res = NULL; 821 int ret = 0; 822 unsigned long el = 0; 823 char *hptr = NULL; 824 char keytype = 0; 825 char msg[64] = "ENGINE_load_privkey"; 826 827 if (!p_surewarehk_Load_Privkey) { 828 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY, 829 ENGINE_R_NOT_INITIALISED); 830 } else { 831 ret = p_surewarehk_Load_Privkey(msg, key_id, &hptr, &el, &keytype); 832 if (ret != 1) { 833 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY, 834 ENGINE_R_FAILED_LOADING_PRIVATE_KEY); 835 ERR_add_error_data(1, msg); 836 } else 837 res = sureware_load_public(e, key_id, hptr, el, keytype); 838 } 839 return res; 840} 841 842static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id, 843 UI_METHOD *ui_method, 844 void *callback_data) 845{ 846 EVP_PKEY *res = NULL; 847 int ret = 0; 848 unsigned long el = 0; 849 char *hptr = NULL; 850 char keytype = 0; 851 char msg[64] = "ENGINE_load_pubkey"; 852 853 if (!p_surewarehk_Info_Pubkey) { 854 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY, 855 ENGINE_R_NOT_INITIALISED); 856 } else { 857 /* call once to identify if DSA or RSA */ 858 ret = p_surewarehk_Info_Pubkey(msg, key_id, &el, &keytype); 859 if (ret != 1) { 860 SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY, 861 ENGINE_R_FAILED_LOADING_PUBLIC_KEY); 862 ERR_add_error_data(1, msg); 863 } else 864 res = sureware_load_public(e, key_id, hptr, el, keytype); 865 } 866 return res; 867} 868 869/* 870 * This cleans up an RSA/DSA KM key(do not destroy the key into the hardware) 871 * , called when ex_data is freed 872 */ 873static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, 874 int idx, long argl, void *argp) 875{ 876 if (!p_surewarehk_Free) { 877 SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE, ENGINE_R_NOT_INITIALISED); 878 } else 879 p_surewarehk_Free((char *)item, 0); 880} 881 882# if 0 883/* not currently used (bug?) */ 884/* 885 * This cleans up an DH KM key (destroys the key into hardware), called when 886 * ex_data is freed 887 */ 888static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, 889 int idx, long argl, void *argp) 890{ 891 if (!p_surewarehk_Free) { 892 SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE, 893 ENGINE_R_NOT_INITIALISED); 894 } else 895 p_surewarehk_Free((char *)item, 1); 896} 897# endif 898 899/* 900 * return number of decrypted bytes 901 */ 902# ifndef OPENSSL_NO_RSA 903static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from, 904 unsigned char *to, RSA *rsa, int padding) 905{ 906 int ret = 0, tlen; 907 char *buf = NULL, *hptr = NULL; 908 char msg[64] = "ENGINE_rsa_priv_dec"; 909 if (!p_surewarehk_Rsa_Priv_Dec) { 910 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 911 ENGINE_R_NOT_INITIALISED); 912 } 913 /* extract ref to private key */ 914 else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) { 915 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 916 SUREWARE_R_MISSING_KEY_COMPONENTS); 917 goto err; 918 } 919 /* analyse what padding we can do into the hardware */ 920 if (padding == RSA_PKCS1_PADDING) { 921 /* do it one shot */ 922 ret = 923 p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen, 924 to, hptr, SUREWARE_PKCS1_PAD); 925 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 926 ret); 927 if (ret != 1) 928 goto err; 929 ret = tlen; 930 } else { /* do with no padding into hardware */ 931 932 ret = 933 p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen, 934 to, hptr, SUREWARE_NO_PAD); 935 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 936 ret); 937 if (ret != 1) 938 goto err; 939 /* intermediate buffer for padding */ 940 if ((buf = OPENSSL_malloc(tlen)) == NULL) { 941 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 942 ERR_R_MALLOC_FAILURE); 943 goto err; 944 } 945 memcpy(buf, to, tlen); /* transfert to into buf */ 946 switch (padding) { /* check padding in software */ 947# ifndef OPENSSL_NO_SHA 948 case RSA_PKCS1_OAEP_PADDING: 949 ret = 950 RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf, 951 tlen, tlen, NULL, 0); 952 break; 953# endif 954 case RSA_SSLV23_PADDING: 955 ret = 956 RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen, 957 tlen); 958 break; 959 case RSA_NO_PADDING: 960 ret = 961 RSA_padding_check_none(to, tlen, (unsigned char *)buf, flen, 962 tlen); 963 break; 964 default: 965 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 966 SUREWARE_R_UNKNOWN_PADDING_TYPE); 967 goto err; 968 } 969 if (ret < 0) 970 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, 971 SUREWARE_R_PADDING_CHECK_FAILED); 972 } 973 err: 974 if (buf) { 975 OPENSSL_cleanse(buf, tlen); 976 OPENSSL_free(buf); 977 } 978 return ret; 979} 980 981/* 982 * Does what OpenSSL rsa_priv_enc does. 983 */ 984static int surewarehk_rsa_sign(int flen, const unsigned char *from, 985 unsigned char *to, RSA *rsa, int padding) 986{ 987 int ret = 0, tlen; 988 char *hptr = NULL; 989 char msg[64] = "ENGINE_rsa_sign"; 990 if (!p_surewarehk_Rsa_Sign) { 991 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, ENGINE_R_NOT_INITIALISED); 992 } 993 /* extract ref to private key */ 994 else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) { 995 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, 996 SUREWARE_R_MISSING_KEY_COMPONENTS); 997 } else { 998 switch (padding) { 999 case RSA_PKCS1_PADDING: /* do it in one shot */ 1000 ret = 1001 p_surewarehk_Rsa_Sign(msg, flen, (unsigned char *)from, &tlen, 1002 to, hptr, SUREWARE_PKCS1_PAD); 1003 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_SIGN, 1004 ret); 1005 break; 1006 case RSA_NO_PADDING: 1007 default: 1008 SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, 1009 SUREWARE_R_UNKNOWN_PADDING_TYPE); 1010 } 1011 } 1012 return ret == 1 ? tlen : ret; 1013} 1014 1015# endif 1016 1017# ifndef OPENSSL_NO_DSA 1018/* DSA sign and verify */ 1019static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen, 1020 DSA *dsa) 1021{ 1022 int ret = 0; 1023 char *hptr = NULL; 1024 DSA_SIG *psign = NULL; 1025 char msg[64] = "ENGINE_dsa_do_sign"; 1026 if (!p_surewarehk_Dsa_Sign) { 1027 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, 1028 ENGINE_R_NOT_INITIALISED); 1029 goto err; 1030 } 1031 /* extract ref to private key */ 1032 else if (!(hptr = DSA_get_ex_data(dsa, dsaHndidx))) { 1033 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, 1034 SUREWARE_R_MISSING_KEY_COMPONENTS); 1035 goto err; 1036 } else { 1037 if ((psign = DSA_SIG_new()) == NULL) { 1038 SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, 1039 ERR_R_MALLOC_FAILURE); 1040 goto err; 1041 } 1042 psign->r = BN_new(); 1043 psign->s = BN_new(); 1044 if(!psign->r || !psign->s) 1045 goto err; 1046 bn_expand2(psign->r, 20 / sizeof(BN_ULONG)); 1047 bn_expand2(psign->s, 20 / sizeof(BN_ULONG)); 1048 if (psign->r->dmax != 20 / sizeof(BN_ULONG) || 1049 psign->s->dmax != 20 / sizeof(BN_ULONG)) 1050 goto err; 1051 ret = p_surewarehk_Dsa_Sign(msg, flen, from, 1052 (unsigned long *)psign->r->d, 1053 (unsigned long *)psign->s->d, hptr); 1054 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, 1055 ret); 1056 } 1057 psign->r->top = 20 / sizeof(BN_ULONG); 1058 bn_fix_top(psign->r); 1059 psign->s->top = 20 / sizeof(BN_ULONG); 1060 bn_fix_top(psign->s); 1061 1062 err: 1063 if (psign) { 1064 DSA_SIG_free(psign); 1065 psign = NULL; 1066 } 1067 return psign; 1068} 1069# endif 1070 1071static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 1072 const BIGNUM *m, BN_CTX *ctx) 1073{ 1074 int ret = 0; 1075 char msg[64] = "ENGINE_modexp"; 1076 if (!p_surewarehk_Mod_Exp) { 1077 SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED); 1078 } else if (r) { 1079 bn_expand2(r, m->top); 1080 if (r->dmax == m->top) { 1081 /* do it */ 1082 ret = p_surewarehk_Mod_Exp(msg, 1083 m->top * sizeof(BN_ULONG), 1084 (unsigned long *)m->d, 1085 p->top * sizeof(BN_ULONG), 1086 (unsigned long *)p->d, 1087 a->top * sizeof(BN_ULONG), 1088 (unsigned long *)a->d, 1089 (unsigned long *)r->d); 1090 surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_MODEXP, ret); 1091 if (ret == 1) { 1092 /* normalise result */ 1093 r->top = m->top; 1094 bn_fix_top(r); 1095 } 1096 } 1097 } 1098 return ret; 1099} 1100# endif /* !OPENSSL_NO_HW_SureWare */ 1101#endif /* !OPENSSL_NO_HW */ 1102