e_aep.c 32 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171
  1. /* ====================================================================
  2. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * 1. Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. *
  11. * 2. Redistributions in binary form must reproduce the above copyright
  12. * notice, this list of conditions and the following disclaimer in
  13. * the documentation and/or other materials provided with the
  14. * distribution.
  15. *
  16. * 3. All advertising materials mentioning features or use of this
  17. * software must display the following acknowledgment:
  18. * "This product includes software developed by the OpenSSL Project
  19. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  20. *
  21. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  22. * endorse or promote products derived from this software without
  23. * prior written permission. For written permission, please contact
  24. * licensing@OpenSSL.org.
  25. *
  26. * 5. Products derived from this software may not be called "OpenSSL"
  27. * nor may "OpenSSL" appear in their names without prior written
  28. * permission of the OpenSSL Project.
  29. *
  30. * 6. Redistributions of any form whatsoever must retain the following
  31. * acknowledgment:
  32. * "This product includes software developed by the OpenSSL Project
  33. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  34. *
  35. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  36. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  37. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  38. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  39. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  40. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  41. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  42. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  43. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  44. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  45. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  46. * OF THE POSSIBILITY OF SUCH DAMAGE.
  47. * ====================================================================
  48. *
  49. * This product includes cryptographic software written by Eric Young
  50. * (eay@cryptsoft.com). This product includes software written by Tim
  51. * Hudson (tjh@cryptsoft.com).
  52. *
  53. */
  54. #include <stdio.h>
  55. #include <openssl/bn.h>
  56. #include <string.h>
  57. #include <openssl/e_os2.h>
  58. #if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
  59. # include <sys/types.h>
  60. # include <unistd.h>
  61. #else
  62. # include <process.h>
  63. typedef int pid_t;
  64. #endif
  65. #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
  66. # define getpid GetThreadID
  67. extern int GetThreadID(void);
  68. #endif
  69. #include <openssl/crypto.h>
  70. #include <openssl/dso.h>
  71. #include <openssl/engine.h>
  72. #include <openssl/buffer.h>
  73. #ifndef OPENSSL_NO_RSA
  74. # include <openssl/rsa.h>
  75. #endif
  76. #ifndef OPENSSL_NO_DSA
  77. # include <openssl/dsa.h>
  78. #endif
  79. #ifndef OPENSSL_NO_DH
  80. # include <openssl/dh.h>
  81. #endif
  82. #include <openssl/bn.h>
  83. #ifndef OPENSSL_NO_HW
  84. # ifndef OPENSSL_NO_HW_AEP
  85. # ifdef FLAT_INC
  86. # include "aep.h"
  87. # else
  88. # include "vendor_defns/aep.h"
  89. # endif
  90. # define AEP_LIB_NAME "aep engine"
  91. # define FAIL_TO_SW 0x10101010
  92. # include "e_aep_err.c"
  93. static int aep_init(ENGINE *e);
  94. static int aep_finish(ENGINE *e);
  95. static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
  96. static int aep_destroy(ENGINE *e);
  97. static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
  98. static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
  99. static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
  100. static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
  101. /* BIGNUM stuff */
  102. # ifndef OPENSSL_NO_RSA
  103. static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  104. const BIGNUM *m, BN_CTX *ctx);
  105. static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  106. const BIGNUM *q, const BIGNUM *dmp1,
  107. const BIGNUM *dmq1, const BIGNUM *iqmp,
  108. BN_CTX *ctx);
  109. # endif
  110. /* RSA stuff */
  111. # ifndef OPENSSL_NO_RSA
  112. static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
  113. BN_CTX *ctx);
  114. # endif
  115. /* This function is aliased to mod_exp (with the mont stuff dropped). */
  116. # ifndef OPENSSL_NO_RSA
  117. static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  118. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
  119. # endif
  120. /* DSA stuff */
  121. # ifndef OPENSSL_NO_DSA
  122. static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
  123. BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
  124. BN_CTX *ctx, BN_MONT_CTX *in_mont);
  125. static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
  126. const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
  127. BN_MONT_CTX *m_ctx);
  128. # endif
  129. /* DH stuff */
  130. /* This function is aliased to mod_exp (with the DH and mont dropped). */
  131. # ifndef OPENSSL_NO_DH
  132. static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
  133. const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
  134. BN_MONT_CTX *m_ctx);
  135. # endif
  136. /* rand stuff */
  137. # ifdef AEPRAND
  138. static int aep_rand(unsigned char *buf, int num);
  139. static int aep_rand_status(void);
  140. # endif
  141. /* Bignum conversion stuff */
  142. static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize);
  143. static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
  144. unsigned char *AEP_BigNum);
  145. static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize,
  146. unsigned char *AEP_BigNum);
  147. /* The definitions for control commands specific to this engine */
  148. # define AEP_CMD_SO_PATH ENGINE_CMD_BASE
  149. static const ENGINE_CMD_DEFN aep_cmd_defns[] = {
  150. {AEP_CMD_SO_PATH,
  151. "SO_PATH",
  152. "Specifies the path to the 'aep' shared library",
  153. ENGINE_CMD_FLAG_STRING},
  154. {0, NULL, NULL, 0}
  155. };
  156. # ifndef OPENSSL_NO_RSA
  157. /* Our internal RSA_METHOD that we provide pointers to */
  158. static RSA_METHOD aep_rsa = {
  159. "Aep RSA method",
  160. NULL, /* rsa_pub_encrypt */
  161. NULL, /* rsa_pub_decrypt */
  162. NULL, /* rsa_priv_encrypt */
  163. NULL, /* rsa_priv_encrypt */
  164. aep_rsa_mod_exp, /* rsa_mod_exp */
  165. aep_mod_exp_mont, /* bn_mod_exp */
  166. NULL, /* init */
  167. NULL, /* finish */
  168. 0, /* flags */
  169. NULL, /* app_data */
  170. NULL, /* rsa_sign */
  171. NULL, /* rsa_verify */
  172. NULL /* rsa_keygen */
  173. };
  174. # endif
  175. # ifndef OPENSSL_NO_DSA
  176. /* Our internal DSA_METHOD that we provide pointers to */
  177. static DSA_METHOD aep_dsa = {
  178. "Aep DSA method",
  179. NULL, /* dsa_do_sign */
  180. NULL, /* dsa_sign_setup */
  181. NULL, /* dsa_do_verify */
  182. aep_dsa_mod_exp, /* dsa_mod_exp */
  183. aep_mod_exp_dsa, /* bn_mod_exp */
  184. NULL, /* init */
  185. NULL, /* finish */
  186. 0, /* flags */
  187. NULL, /* app_data */
  188. NULL, /* dsa_paramgen */
  189. NULL /* dsa_keygen */
  190. };
  191. # endif
  192. # ifndef OPENSSL_NO_DH
  193. /* Our internal DH_METHOD that we provide pointers to */
  194. static DH_METHOD aep_dh = {
  195. "Aep DH method",
  196. NULL,
  197. NULL,
  198. aep_mod_exp_dh,
  199. NULL,
  200. NULL,
  201. 0,
  202. NULL,
  203. NULL
  204. };
  205. # endif
  206. # ifdef AEPRAND
  207. /* our internal RAND_method that we provide pointers to */
  208. static RAND_METHOD aep_random = {
  209. /*
  210. * "AEP RAND method",
  211. */
  212. NULL,
  213. aep_rand,
  214. NULL,
  215. NULL,
  216. aep_rand,
  217. aep_rand_status,
  218. };
  219. # endif
  220. /*
  221. * Define an array of structures to hold connections
  222. */
  223. static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
  224. /*
  225. * Used to determine if this is a new process
  226. */
  227. static pid_t recorded_pid = 0;
  228. # ifdef AEPRAND
  229. static AEP_U8 rand_block[RAND_BLK_SIZE];
  230. static AEP_U32 rand_block_bytes = 0;
  231. # endif
  232. /* Constants used when creating the ENGINE */
  233. static const char *engine_aep_id = "aep";
  234. static const char *engine_aep_name = "Aep hardware engine support";
  235. static int max_key_len = 2176;
  236. /*
  237. * This internal function is used by ENGINE_aep() and possibly by the
  238. * "dynamic" ENGINE support too
  239. */
  240. static int bind_aep(ENGINE *e)
  241. {
  242. # ifndef OPENSSL_NO_RSA
  243. const RSA_METHOD *meth1;
  244. # endif
  245. # ifndef OPENSSL_NO_DSA
  246. const DSA_METHOD *meth2;
  247. # endif
  248. # ifndef OPENSSL_NO_DH
  249. const DH_METHOD *meth3;
  250. # endif
  251. if (!ENGINE_set_id(e, engine_aep_id) ||
  252. !ENGINE_set_name(e, engine_aep_name) ||
  253. # ifndef OPENSSL_NO_RSA
  254. !ENGINE_set_RSA(e, &aep_rsa) ||
  255. # endif
  256. # ifndef OPENSSL_NO_DSA
  257. !ENGINE_set_DSA(e, &aep_dsa) ||
  258. # endif
  259. # ifndef OPENSSL_NO_DH
  260. !ENGINE_set_DH(e, &aep_dh) ||
  261. # endif
  262. # ifdef AEPRAND
  263. !ENGINE_set_RAND(e, &aep_random) ||
  264. # endif
  265. !ENGINE_set_init_function(e, aep_init) ||
  266. !ENGINE_set_destroy_function(e, aep_destroy) ||
  267. !ENGINE_set_finish_function(e, aep_finish) ||
  268. !ENGINE_set_ctrl_function(e, aep_ctrl) ||
  269. !ENGINE_set_cmd_defns(e, aep_cmd_defns))
  270. return 0;
  271. # ifndef OPENSSL_NO_RSA
  272. /*
  273. * We know that the "PKCS1_SSLeay()" functions hook properly to the
  274. * aep-specific mod_exp and mod_exp_crt so we use those functions. NB: We
  275. * don't use ENGINE_openssl() or anything "more generic" because
  276. * something like the RSAref code may not hook properly, and if you own
  277. * one of these cards then you have the right to do RSA operations on it
  278. * anyway!
  279. */
  280. meth1 = RSA_PKCS1_SSLeay();
  281. aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
  282. aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
  283. aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
  284. aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
  285. # endif
  286. # ifndef OPENSSL_NO_DSA
  287. /*
  288. * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
  289. */
  290. meth2 = DSA_OpenSSL();
  291. aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
  292. aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
  293. aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
  294. aep_dsa = *DSA_get_default_method();
  295. aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
  296. aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
  297. # endif
  298. # ifndef OPENSSL_NO_DH
  299. /* Much the same for Diffie-Hellman */
  300. meth3 = DH_OpenSSL();
  301. aep_dh.generate_key = meth3->generate_key;
  302. aep_dh.compute_key = meth3->compute_key;
  303. aep_dh.bn_mod_exp = meth3->bn_mod_exp;
  304. # endif
  305. /* Ensure the aep error handling is set up */
  306. ERR_load_AEPHK_strings();
  307. return 1;
  308. }
  309. # ifndef OPENSSL_NO_DYNAMIC_ENGINE
  310. static int bind_helper(ENGINE *e, const char *id)
  311. {
  312. if (id && (strcmp(id, engine_aep_id) != 0))
  313. return 0;
  314. if (!bind_aep(e))
  315. return 0;
  316. return 1;
  317. }
  318. IMPLEMENT_DYNAMIC_CHECK_FN()
  319. IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
  320. # else
  321. static ENGINE *engine_aep(void)
  322. {
  323. ENGINE *ret = ENGINE_new();
  324. if (!ret)
  325. return NULL;
  326. if (!bind_aep(ret)) {
  327. ENGINE_free(ret);
  328. return NULL;
  329. }
  330. return ret;
  331. }
  332. void ENGINE_load_aep(void)
  333. {
  334. /* Copied from eng_[openssl|dyn].c */
  335. ENGINE *toadd = engine_aep();
  336. if (!toadd)
  337. return;
  338. ENGINE_add(toadd);
  339. ENGINE_free(toadd);
  340. ERR_clear_error();
  341. }
  342. # endif
  343. /*
  344. * This is a process-global DSO handle used for loading and unloading the Aep
  345. * library. NB: This is only set (or unset) during an init() or finish() call
  346. * (reference counts permitting) and they're operating with global locks, so
  347. * this should be thread-safe implicitly.
  348. */
  349. static DSO *aep_dso = NULL;
  350. /*
  351. * These are the static string constants for the DSO file name and the
  352. * function symbol names to bind to.
  353. */
  354. static const char *AEP_LIBNAME = NULL;
  355. static const char *get_AEP_LIBNAME(void)
  356. {
  357. if (AEP_LIBNAME)
  358. return AEP_LIBNAME;
  359. return "aep";
  360. }
  361. static void free_AEP_LIBNAME(void)
  362. {
  363. if (AEP_LIBNAME)
  364. OPENSSL_free((void *)AEP_LIBNAME);
  365. AEP_LIBNAME = NULL;
  366. }
  367. static long set_AEP_LIBNAME(const char *name)
  368. {
  369. free_AEP_LIBNAME();
  370. return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
  371. }
  372. static const char *AEP_F1 = "AEP_ModExp";
  373. static const char *AEP_F2 = "AEP_ModExpCrt";
  374. # ifdef AEPRAND
  375. static const char *AEP_F3 = "AEP_GenRandom";
  376. # endif
  377. static const char *AEP_F4 = "AEP_Finalize";
  378. static const char *AEP_F5 = "AEP_Initialize";
  379. static const char *AEP_F6 = "AEP_OpenConnection";
  380. static const char *AEP_F7 = "AEP_SetBNCallBacks";
  381. static const char *AEP_F8 = "AEP_CloseConnection";
  382. /*
  383. * These are the function pointers that are (un)set when the library has
  384. * successfully (un)loaded.
  385. */
  386. static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL;
  387. static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL;
  388. static t_AEP_ModExp *p_AEP_ModExp = NULL;
  389. static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL;
  390. # ifdef AEPRAND
  391. static t_AEP_GenRandom *p_AEP_GenRandom = NULL;
  392. # endif
  393. static t_AEP_Initialize *p_AEP_Initialize = NULL;
  394. static t_AEP_Finalize *p_AEP_Finalize = NULL;
  395. static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL;
  396. /* (de)initialisation functions. */
  397. static int aep_init(ENGINE *e)
  398. {
  399. t_AEP_ModExp *p1;
  400. t_AEP_ModExpCrt *p2;
  401. # ifdef AEPRAND
  402. t_AEP_GenRandom *p3;
  403. # endif
  404. t_AEP_Finalize *p4;
  405. t_AEP_Initialize *p5;
  406. t_AEP_OpenConnection *p6;
  407. t_AEP_SetBNCallBacks *p7;
  408. t_AEP_CloseConnection *p8;
  409. int to_return = 0;
  410. if (aep_dso != NULL) {
  411. AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_ALREADY_LOADED);
  412. goto err;
  413. }
  414. /* Attempt to load libaep.so. */
  415. aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
  416. if (aep_dso == NULL) {
  417. AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED);
  418. goto err;
  419. }
  420. if (!(p1 = (t_AEP_ModExp *) DSO_bind_func(aep_dso, AEP_F1)) ||
  421. !(p2 = (t_AEP_ModExpCrt *) DSO_bind_func(aep_dso, AEP_F2)) ||
  422. # ifdef AEPRAND
  423. !(p3 = (t_AEP_GenRandom *) DSO_bind_func(aep_dso, AEP_F3)) ||
  424. # endif
  425. !(p4 = (t_AEP_Finalize *) DSO_bind_func(aep_dso, AEP_F4)) ||
  426. !(p5 = (t_AEP_Initialize *) DSO_bind_func(aep_dso, AEP_F5)) ||
  427. !(p6 = (t_AEP_OpenConnection *) DSO_bind_func(aep_dso, AEP_F6)) ||
  428. !(p7 = (t_AEP_SetBNCallBacks *) DSO_bind_func(aep_dso, AEP_F7)) ||
  429. !(p8 = (t_AEP_CloseConnection *) DSO_bind_func(aep_dso, AEP_F8))) {
  430. AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED);
  431. goto err;
  432. }
  433. /* Copy the pointers */
  434. p_AEP_ModExp = p1;
  435. p_AEP_ModExpCrt = p2;
  436. # ifdef AEPRAND
  437. p_AEP_GenRandom = p3;
  438. # endif
  439. p_AEP_Finalize = p4;
  440. p_AEP_Initialize = p5;
  441. p_AEP_OpenConnection = p6;
  442. p_AEP_SetBNCallBacks = p7;
  443. p_AEP_CloseConnection = p8;
  444. to_return = 1;
  445. return to_return;
  446. err:
  447. if (aep_dso)
  448. DSO_free(aep_dso);
  449. aep_dso = NULL;
  450. p_AEP_OpenConnection = NULL;
  451. p_AEP_ModExp = NULL;
  452. p_AEP_ModExpCrt = NULL;
  453. # ifdef AEPRAND
  454. p_AEP_GenRandom = NULL;
  455. # endif
  456. p_AEP_Initialize = NULL;
  457. p_AEP_Finalize = NULL;
  458. p_AEP_SetBNCallBacks = NULL;
  459. p_AEP_CloseConnection = NULL;
  460. return to_return;
  461. }
  462. /* Destructor (complements the "ENGINE_aep()" constructor) */
  463. static int aep_destroy(ENGINE *e)
  464. {
  465. free_AEP_LIBNAME();
  466. ERR_unload_AEPHK_strings();
  467. return 1;
  468. }
  469. static int aep_finish(ENGINE *e)
  470. {
  471. int to_return = 0, in_use;
  472. AEP_RV rv;
  473. if (aep_dso == NULL) {
  474. AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_NOT_LOADED);
  475. goto err;
  476. }
  477. rv = aep_close_all_connections(0, &in_use);
  478. if (rv != AEP_R_OK) {
  479. AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CLOSE_HANDLES_FAILED);
  480. goto err;
  481. }
  482. if (in_use) {
  483. AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CONNECTIONS_IN_USE);
  484. goto err;
  485. }
  486. rv = p_AEP_Finalize();
  487. if (rv != AEP_R_OK) {
  488. AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_FINALIZE_FAILED);
  489. goto err;
  490. }
  491. if (!DSO_free(aep_dso)) {
  492. AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_UNIT_FAILURE);
  493. goto err;
  494. }
  495. aep_dso = NULL;
  496. p_AEP_CloseConnection = NULL;
  497. p_AEP_OpenConnection = NULL;
  498. p_AEP_ModExp = NULL;
  499. p_AEP_ModExpCrt = NULL;
  500. # ifdef AEPRAND
  501. p_AEP_GenRandom = NULL;
  502. # endif
  503. p_AEP_Initialize = NULL;
  504. p_AEP_Finalize = NULL;
  505. p_AEP_SetBNCallBacks = NULL;
  506. to_return = 1;
  507. err:
  508. return to_return;
  509. }
  510. static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
  511. {
  512. int initialised = ((aep_dso == NULL) ? 0 : 1);
  513. switch (cmd) {
  514. case AEP_CMD_SO_PATH:
  515. if (p == NULL) {
  516. AEPHKerr(AEPHK_F_AEP_CTRL, ERR_R_PASSED_NULL_PARAMETER);
  517. return 0;
  518. }
  519. if (initialised) {
  520. AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_ALREADY_LOADED);
  521. return 0;
  522. }
  523. return set_AEP_LIBNAME((const char *)p);
  524. default:
  525. break;
  526. }
  527. AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
  528. return 0;
  529. }
  530. static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  531. const BIGNUM *m, BN_CTX *ctx)
  532. {
  533. int to_return = 0;
  534. int r_len = 0;
  535. AEP_CONNECTION_HNDL hConnection;
  536. AEP_RV rv;
  537. r_len = BN_num_bits(m);
  538. /* Perform in software if modulus is too large for hardware. */
  539. if (r_len > max_key_len) {
  540. AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
  541. return BN_mod_exp(r, a, p, m, ctx);
  542. }
  543. /*
  544. * Grab a connection from the pool
  545. */
  546. rv = aep_get_connection(&hConnection);
  547. if (rv != AEP_R_OK) {
  548. AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_GET_HANDLE_FAILED);
  549. return BN_mod_exp(r, a, p, m, ctx);
  550. }
  551. /*
  552. * To the card with the mod exp
  553. */
  554. rv = p_AEP_ModExp(hConnection, (void *)a, (void *)p, (void *)m, (void *)r,
  555. NULL);
  556. if (rv != AEP_R_OK) {
  557. AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_MOD_EXP_FAILED);
  558. rv = aep_close_connection(hConnection);
  559. return BN_mod_exp(r, a, p, m, ctx);
  560. }
  561. /*
  562. * Return the connection to the pool
  563. */
  564. rv = aep_return_connection(hConnection);
  565. if (rv != AEP_R_OK) {
  566. AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_RETURN_CONNECTION_FAILED);
  567. goto err;
  568. }
  569. to_return = 1;
  570. err:
  571. return to_return;
  572. }
  573. # ifndef OPENSSL_NO_RSA
  574. static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  575. const BIGNUM *q, const BIGNUM *dmp1,
  576. const BIGNUM *dmq1, const BIGNUM *iqmp,
  577. BN_CTX *ctx)
  578. {
  579. AEP_RV rv = AEP_R_OK;
  580. AEP_CONNECTION_HNDL hConnection;
  581. /*
  582. * Grab a connection from the pool
  583. */
  584. rv = aep_get_connection(&hConnection);
  585. if (rv != AEP_R_OK) {
  586. AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_GET_HANDLE_FAILED);
  587. return FAIL_TO_SW;
  588. }
  589. /*
  590. * To the card with the mod exp
  591. */
  592. rv = p_AEP_ModExpCrt(hConnection, (void *)a, (void *)p, (void *)q,
  593. (void *)dmp1, (void *)dmq1, (void *)iqmp, (void *)r,
  594. NULL);
  595. if (rv != AEP_R_OK) {
  596. AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_MOD_EXP_CRT_FAILED);
  597. rv = aep_close_connection(hConnection);
  598. return FAIL_TO_SW;
  599. }
  600. /*
  601. * Return the connection to the pool
  602. */
  603. rv = aep_return_connection(hConnection);
  604. if (rv != AEP_R_OK) {
  605. AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_RETURN_CONNECTION_FAILED);
  606. goto err;
  607. }
  608. err:
  609. return rv;
  610. }
  611. # endif
  612. # ifdef AEPRAND
  613. static int aep_rand(unsigned char *buf, int len)
  614. {
  615. AEP_RV rv = AEP_R_OK;
  616. AEP_CONNECTION_HNDL hConnection;
  617. CRYPTO_w_lock(CRYPTO_LOCK_RAND);
  618. /*
  619. * Can the request be serviced with what's already in the buffer?
  620. */
  621. if (len <= rand_block_bytes) {
  622. memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
  623. rand_block_bytes -= len;
  624. CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
  625. } else
  626. /*
  627. * If not the get another block of random bytes
  628. */
  629. {
  630. CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
  631. rv = aep_get_connection(&hConnection);
  632. if (rv != AEP_R_OK) {
  633. AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_HANDLE_FAILED);
  634. goto err_nounlock;
  635. }
  636. if (len > RAND_BLK_SIZE) {
  637. rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
  638. if (rv != AEP_R_OK) {
  639. AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED);
  640. goto err_nounlock;
  641. }
  642. } else {
  643. CRYPTO_w_lock(CRYPTO_LOCK_RAND);
  644. rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2,
  645. &rand_block[0], NULL);
  646. if (rv != AEP_R_OK) {
  647. AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED);
  648. goto err;
  649. }
  650. rand_block_bytes = RAND_BLK_SIZE;
  651. memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
  652. rand_block_bytes -= len;
  653. CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
  654. }
  655. rv = aep_return_connection(hConnection);
  656. if (rv != AEP_R_OK) {
  657. AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_RETURN_CONNECTION_FAILED);
  658. goto err_nounlock;
  659. }
  660. }
  661. return 1;
  662. err:
  663. CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
  664. err_nounlock:
  665. return 0;
  666. }
  667. static int aep_rand_status(void)
  668. {
  669. return 1;
  670. }
  671. # endif
  672. # ifndef OPENSSL_NO_RSA
  673. static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
  674. {
  675. int to_return = 0;
  676. AEP_RV rv = AEP_R_OK;
  677. if (!aep_dso) {
  678. AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_NOT_LOADED);
  679. goto err;
  680. }
  681. /*
  682. * See if we have all the necessary bits for a crt
  683. */
  684. if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) {
  685. rv = aep_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, rsa->dmq1,
  686. rsa->iqmp, ctx);
  687. if (rv == FAIL_TO_SW) {
  688. const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
  689. to_return = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
  690. goto err;
  691. } else if (rv != AEP_R_OK)
  692. goto err;
  693. } else {
  694. if (!rsa->d || !rsa->n) {
  695. AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_MISSING_KEY_COMPONENTS);
  696. goto err;
  697. }
  698. rv = aep_mod_exp(r0, I, rsa->d, rsa->n, ctx);
  699. if (rv != AEP_R_OK)
  700. goto err;
  701. }
  702. to_return = 1;
  703. err:
  704. return to_return;
  705. }
  706. # endif
  707. # ifndef OPENSSL_NO_DSA
  708. static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
  709. BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
  710. BN_CTX *ctx, BN_MONT_CTX *in_mont)
  711. {
  712. BIGNUM t;
  713. int to_return = 0;
  714. BN_init(&t);
  715. /* let rr = a1 ^ p1 mod m */
  716. if (!aep_mod_exp(rr, a1, p1, m, ctx))
  717. goto end;
  718. /* let t = a2 ^ p2 mod m */
  719. if (!aep_mod_exp(&t, a2, p2, m, ctx))
  720. goto end;
  721. /* let rr = rr * t mod m */
  722. if (!BN_mod_mul(rr, rr, &t, m, ctx))
  723. goto end;
  724. to_return = 1;
  725. end:
  726. BN_free(&t);
  727. return to_return;
  728. }
  729. static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
  730. const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
  731. BN_MONT_CTX *m_ctx)
  732. {
  733. return aep_mod_exp(r, a, p, m, ctx);
  734. }
  735. # endif
  736. # ifndef OPENSSL_NO_RSA
  737. /* This function is aliased to mod_exp (with the mont stuff dropped). */
  738. static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  739. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
  740. {
  741. return aep_mod_exp(r, a, p, m, ctx);
  742. }
  743. # endif
  744. # ifndef OPENSSL_NO_DH
  745. /* This function is aliased to mod_exp (with the dh and mont dropped). */
  746. static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
  747. const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
  748. BN_MONT_CTX *m_ctx)
  749. {
  750. return aep_mod_exp(r, a, p, m, ctx);
  751. }
  752. # endif
  753. static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
  754. {
  755. int count;
  756. AEP_RV rv = AEP_R_OK;
  757. /*
  758. * Get the current process id
  759. */
  760. pid_t curr_pid;
  761. CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
  762. # ifdef NETWARE_CLIB
  763. curr_pid = GetThreadID();
  764. # elif defined(_WIN32)
  765. curr_pid = _getpid();
  766. # else
  767. curr_pid = getpid();
  768. # endif
  769. /*
  770. * Check if this is the first time this is being called from the current
  771. * process
  772. */
  773. if (recorded_pid != curr_pid) {
  774. /*
  775. * Remember our pid so we can check if we're in a new process
  776. */
  777. recorded_pid = curr_pid;
  778. /*
  779. * Call Finalize to make sure we have not inherited some data from a
  780. * parent process
  781. */
  782. p_AEP_Finalize();
  783. /*
  784. * Initialise the AEP API
  785. */
  786. rv = p_AEP_Initialize(NULL);
  787. if (rv != AEP_R_OK) {
  788. AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_INIT_FAILURE);
  789. recorded_pid = 0;
  790. goto end;
  791. }
  792. /*
  793. * Set the AEP big num call back functions
  794. */
  795. rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
  796. &ConvertAEPBigNum);
  797. if (rv != AEP_R_OK) {
  798. AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,
  799. AEPHK_R_SETBNCALLBACK_FAILURE);
  800. recorded_pid = 0;
  801. goto end;
  802. }
  803. # ifdef AEPRAND
  804. /*
  805. * Reset the rand byte count
  806. */
  807. rand_block_bytes = 0;
  808. # endif
  809. /*
  810. * Init the structures
  811. */
  812. for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
  813. aep_app_conn_table[count].conn_state = NotConnected;
  814. aep_app_conn_table[count].conn_hndl = 0;
  815. }
  816. /*
  817. * Open a connection
  818. */
  819. rv = p_AEP_OpenConnection(phConnection);
  820. if (rv != AEP_R_OK) {
  821. AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE);
  822. recorded_pid = 0;
  823. goto end;
  824. }
  825. aep_app_conn_table[0].conn_state = InUse;
  826. aep_app_conn_table[0].conn_hndl = *phConnection;
  827. goto end;
  828. }
  829. /*
  830. * Check the existing connections to see if we can find a free one
  831. */
  832. for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
  833. if (aep_app_conn_table[count].conn_state == Connected) {
  834. aep_app_conn_table[count].conn_state = InUse;
  835. *phConnection = aep_app_conn_table[count].conn_hndl;
  836. goto end;
  837. }
  838. }
  839. /*
  840. * If no connections available, we're going to have to try to open a new
  841. * one
  842. */
  843. for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
  844. if (aep_app_conn_table[count].conn_state == NotConnected) {
  845. /*
  846. * Open a connection
  847. */
  848. rv = p_AEP_OpenConnection(phConnection);
  849. if (rv != AEP_R_OK) {
  850. AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE);
  851. goto end;
  852. }
  853. aep_app_conn_table[count].conn_state = InUse;
  854. aep_app_conn_table[count].conn_hndl = *phConnection;
  855. goto end;
  856. }
  857. }
  858. rv = AEP_R_GENERAL_ERROR;
  859. end:
  860. CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
  861. return rv;
  862. }
  863. static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
  864. {
  865. int count;
  866. CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
  867. /*
  868. * Find the connection item that matches this connection handle
  869. */
  870. for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
  871. if (aep_app_conn_table[count].conn_hndl == hConnection) {
  872. aep_app_conn_table[count].conn_state = Connected;
  873. break;
  874. }
  875. }
  876. CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
  877. return AEP_R_OK;
  878. }
  879. static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
  880. {
  881. int count;
  882. AEP_RV rv = AEP_R_OK;
  883. CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
  884. /*
  885. * Find the connection item that matches this connection handle
  886. */
  887. for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
  888. if (aep_app_conn_table[count].conn_hndl == hConnection) {
  889. rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
  890. if (rv != AEP_R_OK)
  891. goto end;
  892. aep_app_conn_table[count].conn_state = NotConnected;
  893. aep_app_conn_table[count].conn_hndl = 0;
  894. break;
  895. }
  896. }
  897. end:
  898. CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
  899. return rv;
  900. }
  901. static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
  902. {
  903. int count;
  904. AEP_RV rv = AEP_R_OK;
  905. *in_use = 0;
  906. if (use_engine_lock)
  907. CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
  908. for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
  909. switch (aep_app_conn_table[count].conn_state) {
  910. case Connected:
  911. rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
  912. if (rv != AEP_R_OK)
  913. goto end;
  914. aep_app_conn_table[count].conn_state = NotConnected;
  915. aep_app_conn_table[count].conn_hndl = 0;
  916. break;
  917. case InUse:
  918. (*in_use)++;
  919. break;
  920. case NotConnected:
  921. break;
  922. }
  923. }
  924. end:
  925. if (use_engine_lock)
  926. CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
  927. return rv;
  928. }
  929. /*
  930. * BigNum call back functions, used to convert OpenSSL bignums into AEP
  931. * bignums. Note only 32bit Openssl build support
  932. */
  933. static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize)
  934. {
  935. BIGNUM *bn;
  936. /*
  937. * Cast the ArbBigNum pointer to our BIGNUM struct
  938. */
  939. bn = (BIGNUM *)ArbBigNum;
  940. # ifdef SIXTY_FOUR_BIT_LONG
  941. *BigNumSize = bn->top << 3;
  942. # else
  943. /*
  944. * Size of the bignum in bytes is equal to the bn->top (no of 32 bit
  945. * words) multiplies by 4
  946. */
  947. *BigNumSize = bn->top << 2;
  948. # endif
  949. return AEP_R_OK;
  950. }
  951. static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
  952. unsigned char *AEP_BigNum)
  953. {
  954. BIGNUM *bn;
  955. # ifndef SIXTY_FOUR_BIT_LONG
  956. unsigned char *buf;
  957. int i;
  958. # endif
  959. /*
  960. * Cast the ArbBigNum pointer to our BIGNUM struct
  961. */
  962. bn = (BIGNUM *)ArbBigNum;
  963. # ifdef SIXTY_FOUR_BIT_LONG
  964. memcpy(AEP_BigNum, bn->d, BigNumSize);
  965. # else
  966. /*
  967. * Must copy data into a (monotone) least significant byte first format
  968. * performing endian conversion if necessary
  969. */
  970. for (i = 0; i < bn->top; i++) {
  971. buf = (unsigned char *)&bn->d[i];
  972. *((AEP_U32 *)AEP_BigNum) = (AEP_U32)
  973. ((unsigned)buf[1] << 8 | buf[0]) |
  974. ((unsigned)buf[3] << 8 | buf[2]) << 16;
  975. AEP_BigNum += 4;
  976. }
  977. # endif
  978. return AEP_R_OK;
  979. }
  980. /*
  981. * Turn an AEP Big Num back to a user big num
  982. */
  983. static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize,
  984. unsigned char *AEP_BigNum)
  985. {
  986. BIGNUM *bn;
  987. # ifndef SIXTY_FOUR_BIT_LONG
  988. int i;
  989. # endif
  990. bn = (BIGNUM *)ArbBigNum;
  991. /*
  992. * Expand the result bn so that it can hold our big num. Size is in bits
  993. */
  994. bn_expand(bn, (int)(BigNumSize << 3));
  995. # ifdef SIXTY_FOUR_BIT_LONG
  996. bn->top = BigNumSize >> 3;
  997. if ((BigNumSize & 7) != 0)
  998. bn->top++;
  999. memset(bn->d, 0, bn->top << 3);
  1000. memcpy(bn->d, AEP_BigNum, BigNumSize);
  1001. # else
  1002. bn->top = BigNumSize >> 2;
  1003. for (i = 0; i < bn->top; i++) {
  1004. bn->d[i] = (AEP_U32)
  1005. ((unsigned)AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
  1006. ((unsigned)AEP_BigNum[1] << 8 | AEP_BigNum[0]);
  1007. AEP_BigNum += 4;
  1008. }
  1009. # endif
  1010. return AEP_R_OK;
  1011. }
  1012. # endif /* !OPENSSL_NO_HW_AEP */
  1013. #endif /* !OPENSSL_NO_HW */