e_nuron.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434
  1. /* crypto/engine/hw_nuron.c */
  2. /* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
  3. * Thorpe's Atalla implementation.
  4. */
  5. /* ====================================================================
  6. * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions
  10. * are met:
  11. *
  12. * 1. Redistributions of source code must retain the above copyright
  13. * notice, this list of conditions and the following disclaimer.
  14. *
  15. * 2. Redistributions in binary form must reproduce the above copyright
  16. * notice, this list of conditions and the following disclaimer in
  17. * the documentation and/or other materials provided with the
  18. * distribution.
  19. *
  20. * 3. All advertising materials mentioning features or use of this
  21. * software must display the following acknowledgment:
  22. * "This product includes software developed by the OpenSSL Project
  23. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24. *
  25. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26. * endorse or promote products derived from this software without
  27. * prior written permission. For written permission, please contact
  28. * licensing@OpenSSL.org.
  29. *
  30. * 5. Products derived from this software may not be called "OpenSSL"
  31. * nor may "OpenSSL" appear in their names without prior written
  32. * permission of the OpenSSL Project.
  33. *
  34. * 6. Redistributions of any form whatsoever must retain the following
  35. * acknowledgment:
  36. * "This product includes software developed by the OpenSSL Project
  37. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38. *
  39. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50. * OF THE POSSIBILITY OF SUCH DAMAGE.
  51. * ====================================================================
  52. *
  53. * This product includes cryptographic software written by Eric Young
  54. * (eay@cryptsoft.com). This product includes software written by Tim
  55. * Hudson (tjh@cryptsoft.com).
  56. *
  57. */
  58. #include <stdio.h>
  59. #include <string.h>
  60. #include <openssl/crypto.h>
  61. #include <openssl/buffer.h>
  62. #include <openssl/dso.h>
  63. #include <openssl/engine.h>
  64. #ifndef OPENSSL_NO_RSA
  65. #include <openssl/rsa.h>
  66. #endif
  67. #ifndef OPENSSL_NO_DSA
  68. #include <openssl/dsa.h>
  69. #endif
  70. #ifndef OPENSSL_NO_DH
  71. #include <openssl/dh.h>
  72. #endif
  73. #include <openssl/bn.h>
  74. #ifndef OPENSSL_NO_HW
  75. #ifndef OPENSSL_NO_HW_NURON
  76. #define NURON_LIB_NAME "nuron engine"
  77. #include "e_nuron_err.c"
  78. static const char *NURON_LIBNAME = NULL;
  79. static const char *get_NURON_LIBNAME(void)
  80. {
  81. if(NURON_LIBNAME)
  82. return NURON_LIBNAME;
  83. return "nuronssl";
  84. }
  85. static void free_NURON_LIBNAME(void)
  86. {
  87. if(NURON_LIBNAME)
  88. OPENSSL_free((void*)NURON_LIBNAME);
  89. NURON_LIBNAME = NULL;
  90. }
  91. static long set_NURON_LIBNAME(const char *name)
  92. {
  93. free_NURON_LIBNAME();
  94. return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
  95. }
  96. static const char *NURON_F1 = "nuron_mod_exp";
  97. /* The definitions for control commands specific to this engine */
  98. #define NURON_CMD_SO_PATH ENGINE_CMD_BASE
  99. static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
  100. {NURON_CMD_SO_PATH,
  101. "SO_PATH",
  102. "Specifies the path to the 'nuronssl' shared library",
  103. ENGINE_CMD_FLAG_STRING},
  104. {0, NULL, NULL, 0}
  105. };
  106. typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
  107. static tfnModExp *pfnModExp = NULL;
  108. static DSO *pvDSOHandle = NULL;
  109. static int nuron_destroy(ENGINE *e)
  110. {
  111. free_NURON_LIBNAME();
  112. ERR_unload_NURON_strings();
  113. return 1;
  114. }
  115. static int nuron_init(ENGINE *e)
  116. {
  117. if(pvDSOHandle != NULL)
  118. {
  119. NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);
  120. return 0;
  121. }
  122. pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
  123. DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
  124. if(!pvDSOHandle)
  125. {
  126. NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);
  127. return 0;
  128. }
  129. pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);
  130. if(!pfnModExp)
  131. {
  132. NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);
  133. return 0;
  134. }
  135. return 1;
  136. }
  137. static int nuron_finish(ENGINE *e)
  138. {
  139. free_NURON_LIBNAME();
  140. if(pvDSOHandle == NULL)
  141. {
  142. NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);
  143. return 0;
  144. }
  145. if(!DSO_free(pvDSOHandle))
  146. {
  147. NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);
  148. return 0;
  149. }
  150. pvDSOHandle=NULL;
  151. pfnModExp=NULL;
  152. return 1;
  153. }
  154. static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
  155. {
  156. int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
  157. switch(cmd)
  158. {
  159. case NURON_CMD_SO_PATH:
  160. if(p == NULL)
  161. {
  162. NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
  163. return 0;
  164. }
  165. if(initialised)
  166. {
  167. NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);
  168. return 0;
  169. }
  170. return set_NURON_LIBNAME((const char *)p);
  171. default:
  172. break;
  173. }
  174. NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
  175. return 0;
  176. }
  177. static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
  178. const BIGNUM *m,BN_CTX *ctx)
  179. {
  180. if(!pvDSOHandle)
  181. {
  182. NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);
  183. return 0;
  184. }
  185. return pfnModExp(r,a,p,m);
  186. }
  187. #ifndef OPENSSL_NO_RSA
  188. static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
  189. {
  190. return nuron_mod_exp(r0,I,rsa->d,rsa->n,ctx);
  191. }
  192. #endif
  193. #ifndef OPENSSL_NO_DSA
  194. /* This code was liberated and adapted from the commented-out code in
  195. * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
  196. * (it doesn't have a CRT form for RSA), this function means that an
  197. * Atalla system running with a DSA server certificate can handshake
  198. * around 5 or 6 times faster/more than an equivalent system running with
  199. * RSA. Just check out the "signs" statistics from the RSA and DSA parts
  200. * of "openssl speed -engine atalla dsa1024 rsa1024". */
  201. static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
  202. BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
  203. BN_CTX *ctx, BN_MONT_CTX *in_mont)
  204. {
  205. BIGNUM t;
  206. int to_return = 0;
  207. BN_init(&t);
  208. /* let rr = a1 ^ p1 mod m */
  209. if (!nuron_mod_exp(rr,a1,p1,m,ctx))
  210. goto end;
  211. /* let t = a2 ^ p2 mod m */
  212. if (!nuron_mod_exp(&t,a2,p2,m,ctx))
  213. goto end;
  214. /* let rr = rr * t mod m */
  215. if (!BN_mod_mul(rr,rr,&t,m,ctx))
  216. goto end;
  217. to_return = 1;
  218. end:
  219. BN_free(&t);
  220. return to_return;
  221. }
  222. static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
  223. const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
  224. BN_MONT_CTX *m_ctx)
  225. {
  226. return nuron_mod_exp(r, a, p, m, ctx);
  227. }
  228. #endif
  229. /* This function is aliased to mod_exp (with the mont stuff dropped). */
  230. #ifndef OPENSSL_NO_RSA
  231. static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  232. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
  233. {
  234. return nuron_mod_exp(r, a, p, m, ctx);
  235. }
  236. #endif
  237. #ifndef OPENSSL_NO_DH
  238. /* This function is aliased to mod_exp (with the dh and mont dropped). */
  239. static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
  240. const BIGNUM *a, const BIGNUM *p,
  241. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
  242. {
  243. return nuron_mod_exp(r, a, p, m, ctx);
  244. }
  245. #endif
  246. #ifndef OPENSSL_NO_RSA
  247. static RSA_METHOD nuron_rsa =
  248. {
  249. "Nuron RSA method",
  250. NULL,
  251. NULL,
  252. NULL,
  253. NULL,
  254. nuron_rsa_mod_exp,
  255. nuron_mod_exp_mont,
  256. NULL,
  257. NULL,
  258. 0,
  259. NULL,
  260. NULL,
  261. NULL,
  262. NULL
  263. };
  264. #endif
  265. #ifndef OPENSSL_NO_DSA
  266. static DSA_METHOD nuron_dsa =
  267. {
  268. "Nuron DSA method",
  269. NULL, /* dsa_do_sign */
  270. NULL, /* dsa_sign_setup */
  271. NULL, /* dsa_do_verify */
  272. nuron_dsa_mod_exp, /* dsa_mod_exp */
  273. nuron_mod_exp_dsa, /* bn_mod_exp */
  274. NULL, /* init */
  275. NULL, /* finish */
  276. 0, /* flags */
  277. NULL, /* app_data */
  278. NULL, /* dsa_paramgen */
  279. NULL /* dsa_keygen */
  280. };
  281. #endif
  282. #ifndef OPENSSL_NO_DH
  283. static DH_METHOD nuron_dh =
  284. {
  285. "Nuron DH method",
  286. NULL,
  287. NULL,
  288. nuron_mod_exp_dh,
  289. NULL,
  290. NULL,
  291. 0,
  292. NULL,
  293. NULL
  294. };
  295. #endif
  296. /* Constants used when creating the ENGINE */
  297. static const char *engine_nuron_id = "nuron";
  298. static const char *engine_nuron_name = "Nuron hardware engine support";
  299. /* This internal function is used by ENGINE_nuron() and possibly by the
  300. * "dynamic" ENGINE support too */
  301. static int bind_helper(ENGINE *e)
  302. {
  303. #ifndef OPENSSL_NO_RSA
  304. const RSA_METHOD *meth1;
  305. #endif
  306. #ifndef OPENSSL_NO_DSA
  307. const DSA_METHOD *meth2;
  308. #endif
  309. #ifndef OPENSSL_NO_DH
  310. const DH_METHOD *meth3;
  311. #endif
  312. if(!ENGINE_set_id(e, engine_nuron_id) ||
  313. !ENGINE_set_name(e, engine_nuron_name) ||
  314. #ifndef OPENSSL_NO_RSA
  315. !ENGINE_set_RSA(e, &nuron_rsa) ||
  316. #endif
  317. #ifndef OPENSSL_NO_DSA
  318. !ENGINE_set_DSA(e, &nuron_dsa) ||
  319. #endif
  320. #ifndef OPENSSL_NO_DH
  321. !ENGINE_set_DH(e, &nuron_dh) ||
  322. #endif
  323. !ENGINE_set_destroy_function(e, nuron_destroy) ||
  324. !ENGINE_set_init_function(e, nuron_init) ||
  325. !ENGINE_set_finish_function(e, nuron_finish) ||
  326. !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
  327. !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
  328. return 0;
  329. #ifndef OPENSSL_NO_RSA
  330. /* We know that the "PKCS1_SSLeay()" functions hook properly
  331. * to the nuron-specific mod_exp and mod_exp_crt so we use
  332. * those functions. NB: We don't use ENGINE_openssl() or
  333. * anything "more generic" because something like the RSAref
  334. * code may not hook properly, and if you own one of these
  335. * cards then you have the right to do RSA operations on it
  336. * anyway! */
  337. meth1=RSA_PKCS1_SSLeay();
  338. nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;
  339. nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
  340. nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
  341. nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
  342. #endif
  343. #ifndef OPENSSL_NO_DSA
  344. /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
  345. * bits. */
  346. meth2=DSA_OpenSSL();
  347. nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
  348. nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
  349. nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
  350. #endif
  351. #ifndef OPENSSL_NO_DH
  352. /* Much the same for Diffie-Hellman */
  353. meth3=DH_OpenSSL();
  354. nuron_dh.generate_key=meth3->generate_key;
  355. nuron_dh.compute_key=meth3->compute_key;
  356. #endif
  357. /* Ensure the nuron error handling is set up */
  358. ERR_load_NURON_strings();
  359. return 1;
  360. }
  361. #ifdef OPENSSL_NO_DYNAMIC_ENGINE
  362. static ENGINE *engine_nuron(void)
  363. {
  364. ENGINE *ret = ENGINE_new();
  365. if(!ret)
  366. return NULL;
  367. if(!bind_helper(ret))
  368. {
  369. ENGINE_free(ret);
  370. return NULL;
  371. }
  372. return ret;
  373. }
  374. void ENGINE_load_nuron(void)
  375. {
  376. /* Copied from eng_[openssl|dyn].c */
  377. ENGINE *toadd = engine_nuron();
  378. if(!toadd) return;
  379. ENGINE_add(toadd);
  380. ENGINE_free(toadd);
  381. ERR_clear_error();
  382. }
  383. #endif
  384. /* This stuff is needed if this ENGINE is being compiled into a self-contained
  385. * shared-library. */
  386. #ifndef OPENSSL_NO_DYNAMIC_ENGINE
  387. static int bind_fn(ENGINE *e, const char *id)
  388. {
  389. if(id && (strcmp(id, engine_nuron_id) != 0))
  390. return 0;
  391. if(!bind_helper(e))
  392. return 0;
  393. return 1;
  394. }
  395. IMPLEMENT_DYNAMIC_CHECK_FN()
  396. IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
  397. #endif /* OPENSSL_NO_DYNAMIC_ENGINE */
  398. #endif /* !OPENSSL_NO_HW_NURON */
  399. #endif /* !OPENSSL_NO_HW */