2
0

e_cswift.c 31 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129
  1. /* crypto/engine/hw_cswift.c */
  2. /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  3. * project 2000.
  4. */
  5. /* ====================================================================
  6. * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions
  10. * are met:
  11. *
  12. * 1. Redistributions of source code must retain the above copyright
  13. * notice, this list of conditions and the following disclaimer.
  14. *
  15. * 2. Redistributions in binary form must reproduce the above copyright
  16. * notice, this list of conditions and the following disclaimer in
  17. * the documentation and/or other materials provided with the
  18. * distribution.
  19. *
  20. * 3. All advertising materials mentioning features or use of this
  21. * software must display the following acknowledgment:
  22. * "This product includes software developed by the OpenSSL Project
  23. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24. *
  25. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26. * endorse or promote products derived from this software without
  27. * prior written permission. For written permission, please contact
  28. * licensing@OpenSSL.org.
  29. *
  30. * 5. Products derived from this software may not be called "OpenSSL"
  31. * nor may "OpenSSL" appear in their names without prior written
  32. * permission of the OpenSSL Project.
  33. *
  34. * 6. Redistributions of any form whatsoever must retain the following
  35. * acknowledgment:
  36. * "This product includes software developed by the OpenSSL Project
  37. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38. *
  39. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50. * OF THE POSSIBILITY OF SUCH DAMAGE.
  51. * ====================================================================
  52. *
  53. * This product includes cryptographic software written by Eric Young
  54. * (eay@cryptsoft.com). This product includes software written by Tim
  55. * Hudson (tjh@cryptsoft.com).
  56. *
  57. */
  58. #include <stdio.h>
  59. #include <string.h>
  60. #include <openssl/crypto.h>
  61. #include <openssl/buffer.h>
  62. #include <openssl/dso.h>
  63. #include <openssl/engine.h>
  64. #ifndef OPENSSL_NO_RSA
  65. #include <openssl/rsa.h>
  66. #endif
  67. #ifndef OPENSSL_NO_DSA
  68. #include <openssl/dsa.h>
  69. #endif
  70. #ifndef OPENSSL_NO_DH
  71. #include <openssl/dh.h>
  72. #endif
  73. #include <openssl/rand.h>
  74. #include <openssl/bn.h>
  75. #ifndef OPENSSL_NO_HW
  76. #ifndef OPENSSL_NO_HW_CSWIFT
  77. /* Attribution notice: Rainbow have generously allowed me to reproduce
  78. * the necessary definitions here from their API. This means the support
  79. * can build independently of whether application builders have the
  80. * API or hardware. This will allow developers to easily produce software
  81. * that has latent hardware support for any users that have accelerators
  82. * installed, without the developers themselves needing anything extra.
  83. *
  84. * I have only clipped the parts from the CryptoSwift header files that
  85. * are (or seem) relevant to the CryptoSwift support code. This is
  86. * simply to keep the file sizes reasonable.
  87. * [Geoff]
  88. */
  89. #ifdef FLAT_INC
  90. #include "cswift.h"
  91. #else
  92. #include "vendor_defns/cswift.h"
  93. #endif
  94. #define CSWIFT_LIB_NAME "cswift engine"
  95. #include "e_cswift_err.c"
  96. #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
  97. static int cswift_destroy(ENGINE *e);
  98. static int cswift_init(ENGINE *e);
  99. static int cswift_finish(ENGINE *e);
  100. static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
  101. #ifndef OPENSSL_NO_RSA
  102. static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
  103. #endif
  104. /* BIGNUM stuff */
  105. static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  106. const BIGNUM *m, BN_CTX *ctx);
  107. #ifndef OPENSSL_NO_RSA
  108. static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  109. const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
  110. const BIGNUM *iqmp, BN_CTX *ctx);
  111. #endif
  112. #ifndef OPENSSL_NO_RSA
  113. /* RSA stuff */
  114. static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
  115. /* This function is aliased to mod_exp (with the mont stuff dropped). */
  116. static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  117. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
  118. #endif
  119. #ifndef OPENSSL_NO_DSA
  120. /* DSA stuff */
  121. static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
  122. static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
  123. DSA_SIG *sig, DSA *dsa);
  124. #endif
  125. #ifndef OPENSSL_NO_DH
  126. /* DH stuff */
  127. /* This function is alised to mod_exp (with the DH and mont dropped). */
  128. static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
  129. const BIGNUM *a, const BIGNUM *p,
  130. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
  131. #endif
  132. /* RAND stuff */
  133. static int cswift_rand_bytes(unsigned char *buf, int num);
  134. static int cswift_rand_status(void);
  135. /* The definitions for control commands specific to this engine */
  136. #define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
  137. static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
  138. {CSWIFT_CMD_SO_PATH,
  139. "SO_PATH",
  140. "Specifies the path to the 'cswift' shared library",
  141. ENGINE_CMD_FLAG_STRING},
  142. {0, NULL, NULL, 0}
  143. };
  144. #ifndef OPENSSL_NO_RSA
  145. /* Our internal RSA_METHOD that we provide pointers to */
  146. static RSA_METHOD cswift_rsa =
  147. {
  148. "CryptoSwift RSA method",
  149. NULL,
  150. NULL,
  151. NULL,
  152. NULL,
  153. cswift_rsa_mod_exp,
  154. cswift_mod_exp_mont,
  155. NULL,
  156. NULL,
  157. 0,
  158. NULL,
  159. NULL,
  160. NULL,
  161. NULL
  162. };
  163. #endif
  164. #ifndef OPENSSL_NO_DSA
  165. /* Our internal DSA_METHOD that we provide pointers to */
  166. static DSA_METHOD cswift_dsa =
  167. {
  168. "CryptoSwift DSA method",
  169. cswift_dsa_sign,
  170. NULL, /* dsa_sign_setup */
  171. cswift_dsa_verify,
  172. NULL, /* dsa_mod_exp */
  173. NULL, /* bn_mod_exp */
  174. NULL, /* init */
  175. NULL, /* finish */
  176. 0, /* flags */
  177. NULL, /* app_data */
  178. NULL, /* dsa_paramgen */
  179. NULL /* dsa_keygen */
  180. };
  181. #endif
  182. #ifndef OPENSSL_NO_DH
  183. /* Our internal DH_METHOD that we provide pointers to */
  184. static DH_METHOD cswift_dh =
  185. {
  186. "CryptoSwift DH method",
  187. NULL,
  188. NULL,
  189. cswift_mod_exp_dh,
  190. NULL,
  191. NULL,
  192. 0,
  193. NULL,
  194. NULL
  195. };
  196. #endif
  197. static RAND_METHOD cswift_random =
  198. {
  199. /* "CryptoSwift RAND method", */
  200. NULL,
  201. cswift_rand_bytes,
  202. NULL,
  203. NULL,
  204. cswift_rand_bytes,
  205. cswift_rand_status,
  206. };
  207. /* Constants used when creating the ENGINE */
  208. static const char *engine_cswift_id = "cswift";
  209. static const char *engine_cswift_name = "CryptoSwift hardware engine support";
  210. /* This internal function is used by ENGINE_cswift() and possibly by the
  211. * "dynamic" ENGINE support too */
  212. static int bind_helper(ENGINE *e)
  213. {
  214. #ifndef OPENSSL_NO_RSA
  215. const RSA_METHOD *meth1;
  216. #endif
  217. #ifndef OPENSSL_NO_DH
  218. const DH_METHOD *meth2;
  219. #endif
  220. if(!ENGINE_set_id(e, engine_cswift_id) ||
  221. !ENGINE_set_name(e, engine_cswift_name) ||
  222. #ifndef OPENSSL_NO_RSA
  223. !ENGINE_set_RSA(e, &cswift_rsa) ||
  224. #endif
  225. #ifndef OPENSSL_NO_DSA
  226. !ENGINE_set_DSA(e, &cswift_dsa) ||
  227. #endif
  228. #ifndef OPENSSL_NO_DH
  229. !ENGINE_set_DH(e, &cswift_dh) ||
  230. #endif
  231. !ENGINE_set_RAND(e, &cswift_random) ||
  232. !ENGINE_set_destroy_function(e, cswift_destroy) ||
  233. !ENGINE_set_init_function(e, cswift_init) ||
  234. !ENGINE_set_finish_function(e, cswift_finish) ||
  235. !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
  236. !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
  237. return 0;
  238. #ifndef OPENSSL_NO_RSA
  239. /* We know that the "PKCS1_SSLeay()" functions hook properly
  240. * to the cswift-specific mod_exp and mod_exp_crt so we use
  241. * those functions. NB: We don't use ENGINE_openssl() or
  242. * anything "more generic" because something like the RSAref
  243. * code may not hook properly, and if you own one of these
  244. * cards then you have the right to do RSA operations on it
  245. * anyway! */
  246. meth1 = RSA_PKCS1_SSLeay();
  247. cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
  248. cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
  249. cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
  250. cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
  251. #endif
  252. #ifndef OPENSSL_NO_DH
  253. /* Much the same for Diffie-Hellman */
  254. meth2 = DH_OpenSSL();
  255. cswift_dh.generate_key = meth2->generate_key;
  256. cswift_dh.compute_key = meth2->compute_key;
  257. #endif
  258. /* Ensure the cswift error handling is set up */
  259. ERR_load_CSWIFT_strings();
  260. return 1;
  261. }
  262. #ifdef OPENSSL_NO_DYNAMIC_ENGINE
  263. static ENGINE *engine_cswift(void)
  264. {
  265. ENGINE *ret = ENGINE_new();
  266. if(!ret)
  267. return NULL;
  268. if(!bind_helper(ret))
  269. {
  270. ENGINE_free(ret);
  271. return NULL;
  272. }
  273. return ret;
  274. }
  275. void ENGINE_load_cswift(void)
  276. {
  277. /* Copied from eng_[openssl|dyn].c */
  278. ENGINE *toadd = engine_cswift();
  279. if(!toadd) return;
  280. ENGINE_add(toadd);
  281. ENGINE_free(toadd);
  282. ERR_clear_error();
  283. }
  284. #endif
  285. /* This is a process-global DSO handle used for loading and unloading
  286. * the CryptoSwift library. NB: This is only set (or unset) during an
  287. * init() or finish() call (reference counts permitting) and they're
  288. * operating with global locks, so this should be thread-safe
  289. * implicitly. */
  290. static DSO *cswift_dso = NULL;
  291. /* These are the function pointers that are (un)set when the library has
  292. * successfully (un)loaded. */
  293. t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
  294. t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
  295. t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
  296. t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
  297. /* Used in the DSO operations. */
  298. static const char *CSWIFT_LIBNAME = NULL;
  299. static const char *get_CSWIFT_LIBNAME(void)
  300. {
  301. if(CSWIFT_LIBNAME)
  302. return CSWIFT_LIBNAME;
  303. return "swift";
  304. }
  305. static void free_CSWIFT_LIBNAME(void)
  306. {
  307. if(CSWIFT_LIBNAME)
  308. OPENSSL_free((void*)CSWIFT_LIBNAME);
  309. CSWIFT_LIBNAME = NULL;
  310. }
  311. static long set_CSWIFT_LIBNAME(const char *name)
  312. {
  313. free_CSWIFT_LIBNAME();
  314. return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
  315. }
  316. static const char *CSWIFT_F1 = "swAcquireAccContext";
  317. static const char *CSWIFT_F2 = "swAttachKeyParam";
  318. static const char *CSWIFT_F3 = "swSimpleRequest";
  319. static const char *CSWIFT_F4 = "swReleaseAccContext";
  320. /* CryptoSwift library functions and mechanics - these are used by the
  321. * higher-level functions further down. NB: As and where there's no
  322. * error checking, take a look lower down where these functions are
  323. * called, the checking and error handling is probably down there. */
  324. /* utility function to obtain a context */
  325. static int get_context(SW_CONTEXT_HANDLE *hac)
  326. {
  327. SW_STATUS status;
  328. status = p_CSwift_AcquireAccContext(hac);
  329. if(status != SW_OK)
  330. return 0;
  331. return 1;
  332. }
  333. /* similarly to release one. */
  334. static void release_context(SW_CONTEXT_HANDLE hac)
  335. {
  336. p_CSwift_ReleaseAccContext(hac);
  337. }
  338. /* Destructor (complements the "ENGINE_cswift()" constructor) */
  339. static int cswift_destroy(ENGINE *e)
  340. {
  341. free_CSWIFT_LIBNAME();
  342. ERR_unload_CSWIFT_strings();
  343. return 1;
  344. }
  345. /* (de)initialisation functions. */
  346. static int cswift_init(ENGINE *e)
  347. {
  348. SW_CONTEXT_HANDLE hac;
  349. t_swAcquireAccContext *p1;
  350. t_swAttachKeyParam *p2;
  351. t_swSimpleRequest *p3;
  352. t_swReleaseAccContext *p4;
  353. if(cswift_dso != NULL)
  354. {
  355. CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
  356. goto err;
  357. }
  358. /* Attempt to load libswift.so/swift.dll/whatever. */
  359. cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
  360. if(cswift_dso == NULL)
  361. {
  362. CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
  363. goto err;
  364. }
  365. if(!(p1 = (t_swAcquireAccContext *)
  366. DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
  367. !(p2 = (t_swAttachKeyParam *)
  368. DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
  369. !(p3 = (t_swSimpleRequest *)
  370. DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
  371. !(p4 = (t_swReleaseAccContext *)
  372. DSO_bind_func(cswift_dso, CSWIFT_F4)))
  373. {
  374. CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
  375. goto err;
  376. }
  377. /* Copy the pointers */
  378. p_CSwift_AcquireAccContext = p1;
  379. p_CSwift_AttachKeyParam = p2;
  380. p_CSwift_SimpleRequest = p3;
  381. p_CSwift_ReleaseAccContext = p4;
  382. /* Try and get a context - if not, we may have a DSO but no
  383. * accelerator! */
  384. if(!get_context(&hac))
  385. {
  386. CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
  387. goto err;
  388. }
  389. release_context(hac);
  390. /* Everything's fine. */
  391. return 1;
  392. err:
  393. if(cswift_dso)
  394. {
  395. DSO_free(cswift_dso);
  396. cswift_dso = NULL;
  397. }
  398. p_CSwift_AcquireAccContext = NULL;
  399. p_CSwift_AttachKeyParam = NULL;
  400. p_CSwift_SimpleRequest = NULL;
  401. p_CSwift_ReleaseAccContext = NULL;
  402. return 0;
  403. }
  404. static int cswift_finish(ENGINE *e)
  405. {
  406. free_CSWIFT_LIBNAME();
  407. if(cswift_dso == NULL)
  408. {
  409. CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
  410. return 0;
  411. }
  412. if(!DSO_free(cswift_dso))
  413. {
  414. CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
  415. return 0;
  416. }
  417. cswift_dso = NULL;
  418. p_CSwift_AcquireAccContext = NULL;
  419. p_CSwift_AttachKeyParam = NULL;
  420. p_CSwift_SimpleRequest = NULL;
  421. p_CSwift_ReleaseAccContext = NULL;
  422. return 1;
  423. }
  424. static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
  425. {
  426. int initialised = ((cswift_dso == NULL) ? 0 : 1);
  427. switch(cmd)
  428. {
  429. case CSWIFT_CMD_SO_PATH:
  430. if(p == NULL)
  431. {
  432. CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
  433. return 0;
  434. }
  435. if(initialised)
  436. {
  437. CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
  438. return 0;
  439. }
  440. return set_CSWIFT_LIBNAME((const char *)p);
  441. default:
  442. break;
  443. }
  444. CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
  445. return 0;
  446. }
  447. /* Un petit mod_exp */
  448. static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  449. const BIGNUM *m, BN_CTX *ctx)
  450. {
  451. /* I need somewhere to store temporary serialised values for
  452. * use with the CryptoSwift API calls. A neat cheat - I'll use
  453. * BIGNUMs from the BN_CTX but access their arrays directly as
  454. * byte arrays <grin>. This way I don't have to clean anything
  455. * up. */
  456. BIGNUM *modulus;
  457. BIGNUM *exponent;
  458. BIGNUM *argument;
  459. BIGNUM *result;
  460. SW_STATUS sw_status;
  461. SW_LARGENUMBER arg, res;
  462. SW_PARAM sw_param;
  463. SW_CONTEXT_HANDLE hac;
  464. int to_return, acquired;
  465. modulus = exponent = argument = result = NULL;
  466. to_return = 0; /* expect failure */
  467. acquired = 0;
  468. if(!get_context(&hac))
  469. {
  470. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
  471. goto err;
  472. }
  473. acquired = 1;
  474. /* Prepare the params */
  475. BN_CTX_start(ctx);
  476. modulus = BN_CTX_get(ctx);
  477. exponent = BN_CTX_get(ctx);
  478. argument = BN_CTX_get(ctx);
  479. result = BN_CTX_get(ctx);
  480. if(!result)
  481. {
  482. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
  483. goto err;
  484. }
  485. if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
  486. !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
  487. {
  488. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
  489. goto err;
  490. }
  491. sw_param.type = SW_ALG_EXP;
  492. sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
  493. (unsigned char *)modulus->d);
  494. sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
  495. sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
  496. (unsigned char *)exponent->d);
  497. sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
  498. /* Attach the key params */
  499. sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
  500. switch(sw_status)
  501. {
  502. case SW_OK:
  503. break;
  504. case SW_ERR_INPUT_SIZE:
  505. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
  506. goto err;
  507. default:
  508. {
  509. char tmpbuf[DECIMAL_SIZE(sw_status)+1];
  510. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
  511. sprintf(tmpbuf, "%ld", sw_status);
  512. ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
  513. }
  514. goto err;
  515. }
  516. /* Prepare the argument and response */
  517. arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
  518. arg.value = (unsigned char *)argument->d;
  519. res.nbytes = BN_num_bytes(m);
  520. memset(result->d, 0, res.nbytes);
  521. res.value = (unsigned char *)result->d;
  522. /* Perform the operation */
  523. if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
  524. &res, 1)) != SW_OK)
  525. {
  526. char tmpbuf[DECIMAL_SIZE(sw_status)+1];
  527. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
  528. sprintf(tmpbuf, "%ld", sw_status);
  529. ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
  530. goto err;
  531. }
  532. /* Convert the response */
  533. BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
  534. to_return = 1;
  535. err:
  536. if(acquired)
  537. release_context(hac);
  538. BN_CTX_end(ctx);
  539. return to_return;
  540. }
  541. #ifndef OPENSSL_NO_RSA
  542. int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
  543. {
  544. int mod;
  545. int numbytes = BN_num_bytes(in);
  546. mod = 0;
  547. while( ((out->nbytes = (numbytes+mod)) % 32) )
  548. {
  549. mod++;
  550. }
  551. out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
  552. if(!out->value)
  553. {
  554. return 0;
  555. }
  556. BN_bn2bin(in, &out->value[mod]);
  557. if(mod)
  558. memset(out->value, 0, mod);
  559. return 1;
  560. }
  561. #endif
  562. #ifndef OPENSSL_NO_RSA
  563. /* Un petit mod_exp chinois */
  564. static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  565. const BIGNUM *q, const BIGNUM *dmp1,
  566. const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
  567. {
  568. SW_STATUS sw_status;
  569. SW_LARGENUMBER arg, res;
  570. SW_PARAM sw_param;
  571. SW_CONTEXT_HANDLE hac;
  572. BIGNUM *result = NULL;
  573. BIGNUM *argument = NULL;
  574. int to_return = 0; /* expect failure */
  575. int acquired = 0;
  576. sw_param.up.crt.p.value = NULL;
  577. sw_param.up.crt.q.value = NULL;
  578. sw_param.up.crt.dmp1.value = NULL;
  579. sw_param.up.crt.dmq1.value = NULL;
  580. sw_param.up.crt.iqmp.value = NULL;
  581. if(!get_context(&hac))
  582. {
  583. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
  584. goto err;
  585. }
  586. acquired = 1;
  587. /* Prepare the params */
  588. argument = BN_new();
  589. result = BN_new();
  590. if(!result || !argument)
  591. {
  592. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
  593. goto err;
  594. }
  595. sw_param.type = SW_ALG_CRT;
  596. /************************************************************************/
  597. /* 04/02/2003 */
  598. /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
  599. /* limitation of cswift with values not a multiple of 32 */
  600. /************************************************************************/
  601. if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
  602. {
  603. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
  604. goto err;
  605. }
  606. if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
  607. {
  608. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
  609. goto err;
  610. }
  611. if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
  612. {
  613. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
  614. goto err;
  615. }
  616. if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
  617. {
  618. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
  619. goto err;
  620. }
  621. if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
  622. {
  623. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
  624. goto err;
  625. }
  626. if( !bn_wexpand(argument, a->top) ||
  627. !bn_wexpand(result, p->top + q->top))
  628. {
  629. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
  630. goto err;
  631. }
  632. /* Attach the key params */
  633. sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
  634. switch(sw_status)
  635. {
  636. case SW_OK:
  637. break;
  638. case SW_ERR_INPUT_SIZE:
  639. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
  640. goto err;
  641. default:
  642. {
  643. char tmpbuf[DECIMAL_SIZE(sw_status)+1];
  644. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
  645. sprintf(tmpbuf, "%ld", sw_status);
  646. ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
  647. }
  648. goto err;
  649. }
  650. /* Prepare the argument and response */
  651. arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
  652. arg.value = (unsigned char *)argument->d;
  653. res.nbytes = 2 * BN_num_bytes(p);
  654. memset(result->d, 0, res.nbytes);
  655. res.value = (unsigned char *)result->d;
  656. /* Perform the operation */
  657. if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
  658. &res, 1)) != SW_OK)
  659. {
  660. char tmpbuf[DECIMAL_SIZE(sw_status)+1];
  661. CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
  662. sprintf(tmpbuf, "%ld", sw_status);
  663. ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
  664. goto err;
  665. }
  666. /* Convert the response */
  667. BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
  668. to_return = 1;
  669. err:
  670. if(sw_param.up.crt.p.value)
  671. OPENSSL_free(sw_param.up.crt.p.value);
  672. if(sw_param.up.crt.q.value)
  673. OPENSSL_free(sw_param.up.crt.q.value);
  674. if(sw_param.up.crt.dmp1.value)
  675. OPENSSL_free(sw_param.up.crt.dmp1.value);
  676. if(sw_param.up.crt.dmq1.value)
  677. OPENSSL_free(sw_param.up.crt.dmq1.value);
  678. if(sw_param.up.crt.iqmp.value)
  679. OPENSSL_free(sw_param.up.crt.iqmp.value);
  680. if(result)
  681. BN_free(result);
  682. if(argument)
  683. BN_free(argument);
  684. if(acquired)
  685. release_context(hac);
  686. return to_return;
  687. }
  688. #endif
  689. #ifndef OPENSSL_NO_RSA
  690. static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
  691. {
  692. int to_return = 0;
  693. const RSA_METHOD * def_rsa_method;
  694. if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
  695. {
  696. CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
  697. goto err;
  698. }
  699. /* Try the limits of RSA (2048 bits) */
  700. if(BN_num_bytes(rsa->p) > 128 ||
  701. BN_num_bytes(rsa->q) > 128 ||
  702. BN_num_bytes(rsa->dmp1) > 128 ||
  703. BN_num_bytes(rsa->dmq1) > 128 ||
  704. BN_num_bytes(rsa->iqmp) > 128)
  705. {
  706. #ifdef RSA_NULL
  707. def_rsa_method=RSA_null_method();
  708. #else
  709. #if 0
  710. def_rsa_method=RSA_PKCS1_RSAref();
  711. #else
  712. def_rsa_method=RSA_PKCS1_SSLeay();
  713. #endif
  714. #endif
  715. if(def_rsa_method)
  716. return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);
  717. }
  718. to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
  719. rsa->dmq1, rsa->iqmp, ctx);
  720. err:
  721. return to_return;
  722. }
  723. /* This function is aliased to mod_exp (with the mont stuff dropped). */
  724. static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  725. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
  726. {
  727. const RSA_METHOD * def_rsa_method;
  728. /* Try the limits of RSA (2048 bits) */
  729. if(BN_num_bytes(r) > 256 ||
  730. BN_num_bytes(a) > 256 ||
  731. BN_num_bytes(m) > 256)
  732. {
  733. #ifdef RSA_NULL
  734. def_rsa_method=RSA_null_method();
  735. #else
  736. #if 0
  737. def_rsa_method=RSA_PKCS1_RSAref();
  738. #else
  739. def_rsa_method=RSA_PKCS1_SSLeay();
  740. #endif
  741. #endif
  742. if(def_rsa_method)
  743. return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
  744. }
  745. return cswift_mod_exp(r, a, p, m, ctx);
  746. }
  747. #endif /* OPENSSL_NO_RSA */
  748. #ifndef OPENSSL_NO_DSA
  749. static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
  750. {
  751. SW_CONTEXT_HANDLE hac;
  752. SW_PARAM sw_param;
  753. SW_STATUS sw_status;
  754. SW_LARGENUMBER arg, res;
  755. BN_CTX *ctx;
  756. BIGNUM *dsa_p = NULL;
  757. BIGNUM *dsa_q = NULL;
  758. BIGNUM *dsa_g = NULL;
  759. BIGNUM *dsa_key = NULL;
  760. BIGNUM *result = NULL;
  761. DSA_SIG *to_return = NULL;
  762. int acquired = 0;
  763. if((ctx = BN_CTX_new()) == NULL)
  764. goto err;
  765. if(!get_context(&hac))
  766. {
  767. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
  768. goto err;
  769. }
  770. acquired = 1;
  771. /* Prepare the params */
  772. BN_CTX_start(ctx);
  773. dsa_p = BN_CTX_get(ctx);
  774. dsa_q = BN_CTX_get(ctx);
  775. dsa_g = BN_CTX_get(ctx);
  776. dsa_key = BN_CTX_get(ctx);
  777. result = BN_CTX_get(ctx);
  778. if(!result)
  779. {
  780. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
  781. goto err;
  782. }
  783. if(!bn_wexpand(dsa_p, dsa->p->top) ||
  784. !bn_wexpand(dsa_q, dsa->q->top) ||
  785. !bn_wexpand(dsa_g, dsa->g->top) ||
  786. !bn_wexpand(dsa_key, dsa->priv_key->top) ||
  787. !bn_wexpand(result, dsa->p->top))
  788. {
  789. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
  790. goto err;
  791. }
  792. sw_param.type = SW_ALG_DSA;
  793. sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
  794. (unsigned char *)dsa_p->d);
  795. sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
  796. sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
  797. (unsigned char *)dsa_q->d);
  798. sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
  799. sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
  800. (unsigned char *)dsa_g->d);
  801. sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
  802. sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
  803. (unsigned char *)dsa_key->d);
  804. sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
  805. /* Attach the key params */
  806. sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
  807. switch(sw_status)
  808. {
  809. case SW_OK:
  810. break;
  811. case SW_ERR_INPUT_SIZE:
  812. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
  813. goto err;
  814. default:
  815. {
  816. char tmpbuf[DECIMAL_SIZE(sw_status)+1];
  817. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
  818. sprintf(tmpbuf, "%ld", sw_status);
  819. ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
  820. }
  821. goto err;
  822. }
  823. /* Prepare the argument and response */
  824. arg.nbytes = dlen;
  825. arg.value = (unsigned char *)dgst;
  826. res.nbytes = BN_num_bytes(dsa->p);
  827. memset(result->d, 0, res.nbytes);
  828. res.value = (unsigned char *)result->d;
  829. /* Perform the operation */
  830. sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
  831. &res, 1);
  832. if(sw_status != SW_OK)
  833. {
  834. char tmpbuf[DECIMAL_SIZE(sw_status)+1];
  835. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
  836. sprintf(tmpbuf, "%ld", sw_status);
  837. ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
  838. goto err;
  839. }
  840. /* Convert the response */
  841. if((to_return = DSA_SIG_new()) == NULL)
  842. goto err;
  843. to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
  844. to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
  845. err:
  846. if(acquired)
  847. release_context(hac);
  848. if(ctx)
  849. {
  850. BN_CTX_end(ctx);
  851. BN_CTX_free(ctx);
  852. }
  853. return to_return;
  854. }
  855. static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
  856. DSA_SIG *sig, DSA *dsa)
  857. {
  858. SW_CONTEXT_HANDLE hac;
  859. SW_PARAM sw_param;
  860. SW_STATUS sw_status;
  861. SW_LARGENUMBER arg[2], res;
  862. unsigned long sig_result;
  863. BN_CTX *ctx;
  864. BIGNUM *dsa_p = NULL;
  865. BIGNUM *dsa_q = NULL;
  866. BIGNUM *dsa_g = NULL;
  867. BIGNUM *dsa_key = NULL;
  868. BIGNUM *argument = NULL;
  869. int to_return = -1;
  870. int acquired = 0;
  871. if((ctx = BN_CTX_new()) == NULL)
  872. goto err;
  873. if(!get_context(&hac))
  874. {
  875. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
  876. goto err;
  877. }
  878. acquired = 1;
  879. /* Prepare the params */
  880. BN_CTX_start(ctx);
  881. dsa_p = BN_CTX_get(ctx);
  882. dsa_q = BN_CTX_get(ctx);
  883. dsa_g = BN_CTX_get(ctx);
  884. dsa_key = BN_CTX_get(ctx);
  885. argument = BN_CTX_get(ctx);
  886. if(!argument)
  887. {
  888. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
  889. goto err;
  890. }
  891. if(!bn_wexpand(dsa_p, dsa->p->top) ||
  892. !bn_wexpand(dsa_q, dsa->q->top) ||
  893. !bn_wexpand(dsa_g, dsa->g->top) ||
  894. !bn_wexpand(dsa_key, dsa->pub_key->top) ||
  895. !bn_wexpand(argument, 40))
  896. {
  897. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
  898. goto err;
  899. }
  900. sw_param.type = SW_ALG_DSA;
  901. sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
  902. (unsigned char *)dsa_p->d);
  903. sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
  904. sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
  905. (unsigned char *)dsa_q->d);
  906. sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
  907. sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
  908. (unsigned char *)dsa_g->d);
  909. sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
  910. sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
  911. (unsigned char *)dsa_key->d);
  912. sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
  913. /* Attach the key params */
  914. sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
  915. switch(sw_status)
  916. {
  917. case SW_OK:
  918. break;
  919. case SW_ERR_INPUT_SIZE:
  920. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
  921. goto err;
  922. default:
  923. {
  924. char tmpbuf[DECIMAL_SIZE(sw_status)+1];
  925. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
  926. sprintf(tmpbuf, "%ld", sw_status);
  927. ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
  928. }
  929. goto err;
  930. }
  931. /* Prepare the argument and response */
  932. arg[0].nbytes = dgst_len;
  933. arg[0].value = (unsigned char *)dgst;
  934. arg[1].nbytes = 40;
  935. arg[1].value = (unsigned char *)argument->d;
  936. memset(arg[1].value, 0, 40);
  937. BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
  938. BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
  939. res.nbytes = 4; /* unsigned long */
  940. res.value = (unsigned char *)(&sig_result);
  941. /* Perform the operation */
  942. sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
  943. &res, 1);
  944. if(sw_status != SW_OK)
  945. {
  946. char tmpbuf[DECIMAL_SIZE(sw_status)+1];
  947. CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
  948. sprintf(tmpbuf, "%ld", sw_status);
  949. ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
  950. goto err;
  951. }
  952. /* Convert the response */
  953. to_return = ((sig_result == 0) ? 0 : 1);
  954. err:
  955. if(acquired)
  956. release_context(hac);
  957. if(ctx)
  958. {
  959. BN_CTX_end(ctx);
  960. BN_CTX_free(ctx);
  961. }
  962. return to_return;
  963. }
  964. #endif
  965. #ifndef OPENSSL_NO_DH
  966. /* This function is aliased to mod_exp (with the dh and mont dropped). */
  967. static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
  968. const BIGNUM *a, const BIGNUM *p,
  969. const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
  970. {
  971. return cswift_mod_exp(r, a, p, m, ctx);
  972. }
  973. #endif
  974. /* Random bytes are good */
  975. static int cswift_rand_bytes(unsigned char *buf, int num)
  976. {
  977. SW_CONTEXT_HANDLE hac;
  978. SW_STATUS swrc;
  979. SW_LARGENUMBER largenum;
  980. int acquired = 0;
  981. int to_return = 0; /* assume failure */
  982. unsigned char buf32[1024];
  983. if (!get_context(&hac))
  984. {
  985. CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_UNIT_FAILURE);
  986. goto err;
  987. }
  988. acquired = 1;
  989. /************************************************************************/
  990. /* 04/02/2003 */
  991. /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
  992. /* limitation of cswift with values not a multiple of 32 */
  993. /************************************************************************/
  994. while(num >= (int)sizeof(buf32))
  995. {
  996. largenum.value = buf;
  997. largenum.nbytes = sizeof(buf32);
  998. /* tell CryptoSwift how many bytes we want and where we want it.
  999. * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
  1000. * - CryptoSwift can only do multiple of 32-bits. */
  1001. swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
  1002. if (swrc != SW_OK)
  1003. {
  1004. char tmpbuf[20];
  1005. CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
  1006. sprintf(tmpbuf, "%ld", swrc);
  1007. ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
  1008. goto err;
  1009. }
  1010. buf += sizeof(buf32);
  1011. num -= sizeof(buf32);
  1012. }
  1013. if(num)
  1014. {
  1015. largenum.nbytes = sizeof(buf32);
  1016. largenum.value = buf32;
  1017. swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
  1018. if (swrc != SW_OK)
  1019. {
  1020. char tmpbuf[20];
  1021. CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
  1022. sprintf(tmpbuf, "%ld", swrc);
  1023. ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
  1024. goto err;
  1025. }
  1026. memcpy(buf, largenum.value, num);
  1027. }
  1028. to_return = 1; /* success */
  1029. err:
  1030. if (acquired)
  1031. release_context(hac);
  1032. return to_return;
  1033. }
  1034. static int cswift_rand_status(void)
  1035. {
  1036. return 1;
  1037. }
  1038. /* This stuff is needed if this ENGINE is being compiled into a self-contained
  1039. * shared-library. */
  1040. #ifndef OPENSSL_NO_DYNAMIC_ENGINE
  1041. static int bind_fn(ENGINE *e, const char *id)
  1042. {
  1043. if(id && (strcmp(id, engine_cswift_id) != 0))
  1044. return 0;
  1045. if(!bind_helper(e))
  1046. return 0;
  1047. return 1;
  1048. }
  1049. IMPLEMENT_DYNAMIC_CHECK_FN()
  1050. IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
  1051. #endif /* OPENSSL_NO_DYNAMIC_ENGINE */
  1052. #endif /* !OPENSSL_NO_HW_CSWIFT */
  1053. #endif /* !OPENSSL_NO_HW */