static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa)
{
int v_len, d_len;
int to_return = 0;
int fd;
BIGNUM v, *pv = &v;
BN_init(&v);
if (!bn_wexpand(pv, dsa->p->top)) {
UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
v_len = BN_num_bits(dsa->p);
d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
const DSA_METHOD *meth;
fd = 0;
UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);
meth = DSA_OpenSSL();
to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
goto err;
}
if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
(unsigned char *)dgst, d_len,
(unsigned char *)dsa->p->d,
BN_num_bits(dsa->p),
(unsigned char *)dsa->q->d,
BN_num_bits(dsa->q),
(unsigned char *)dsa->g->d,
BN_num_bits(dsa->g),
(unsigned char *)dsa->pub_key->d,
BN_num_bits(dsa->pub_key),
(unsigned char *)sig->r->d,
BN_num_bits(sig->r),
(unsigned char *)sig->s->d,
BN_num_bits(sig->s), (unsigned char *)v.d,
&v_len) != 0) {
const DSA_METHOD *meth;
UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);
p_UBSEC_ubsec_close(fd);
meth = DSA_OpenSSL();
to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
goto err;
}
p_UBSEC_ubsec_close(fd);
to_return = 1;
err:
BN_clear_free(&v);
return to_return;
}
// Create the OpenSSL representation of the key
void OSSLDSAPublicKey::createOSSLKey()
{
if (dsa != NULL) return;
dsa = DSA_new();
if (dsa == NULL)
{
ERROR_MSG("Could not create DSA object");
return;
}
// Use the OpenSSL implementation and not any engine
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#ifdef WITH_FIPS
if (FIPS_mode())
DSA_set_method(dsa, FIPS_dsa_openssl());
else
DSA_set_method(dsa, DSA_OpenSSL());
#else
DSA_set_method(dsa, DSA_OpenSSL());
#endif
#else
DSA_set_method(dsa, DSA_OpenSSL());
#endif
BIGNUM* bn_p = OSSL::byteString2bn(p);
BIGNUM* bn_q = OSSL::byteString2bn(q);
BIGNUM* bn_g = OSSL::byteString2bn(g);
BIGNUM* bn_pub_key = OSSL::byteString2bn(y);
DSA_set0_pqg(dsa, bn_p, bn_q, bn_g);
DSA_set0_key(dsa, bn_pub_key, NULL);
}
const DSA_METHOD *DSA_get_default_method (void)
{
if (!default_DSA_method)
{
#ifdef OPENSSL_FIPS
if (FIPS_mode ())
return FIPS_dsa_openssl ();
else
return DSA_OpenSSL ();
#else
default_DSA_method = DSA_OpenSSL ();
#endif
}
return default_DSA_method;
}
const DSA_METHOD *DSA_get_default_method(void)
{
if (!default_DSA_method) {
default_DSA_method = DSA_OpenSSL();
}
return default_DSA_method;
}
static int capi_init(ENGINE *e)
{
CAPI_CTX *ctx;
const RSA_METHOD *ossl_rsa_meth;
const DSA_METHOD *ossl_dsa_meth;
if (capi_idx < 0) {
capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
if (capi_idx < 0)
goto memerr;
cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
/* Setup RSA_METHOD */
rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_rsa_meth = RSA_PKCS1_SSLeay();
capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
/* Setup DSA Method */
dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_dsa_meth = DSA_OpenSSL();
capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
}
ctx = capi_ctx_new();
if (!ctx)
goto memerr;
ENGINE_set_ex_data(e, capi_idx, ctx);
# ifdef OPENSSL_CAPIENG_DIALOG
{
HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
if (cryptui)
ctx->certselectdlg =
(CERTDLG) GetProcAddress(cryptui,
"CryptUIDlgSelectCertificateFromStore");
if (kernel)
ctx->getconswindow =
(GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow");
if (cryptui && !OPENSSL_isservice())
ctx->client_cert_select = cert_select_dialog;
}
# endif
return 1;
memerr:
CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
return 0;
return 1;
}
DSA *FIPS_dsa_new(void)
{
DSA *ret;
ret = OPENSSL_malloc(sizeof(DSA));
if (!ret)
return NULL;
memset(ret, 0, sizeof(DSA));
ret->meth = DSA_OpenSSL();
if (ret->meth->init)
ret->meth->init(ret);
return ret;
}
static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
DSA *dsa)
{
struct crypt_kop kop;
BIGNUM *r = NULL, *s = NULL;
DSA_SIG *dsaret = NULL;
if ((r = BN_new()) == NULL)
goto err;
if ((s = BN_new()) == NULL) {
BN_free(r);
goto err;
}
memset(&kop, 0, sizeof kop);
kop.crk_op = CRK_DSA_SIGN;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
kop.crk_param[0].crp_p = (caddr_t) dgst;
kop.crk_param[0].crp_nbits = dlen * 8;
if (bn2crparam(dsa->p, &kop.crk_param[1]))
goto err;
if (bn2crparam(dsa->q, &kop.crk_param[2]))
goto err;
if (bn2crparam(dsa->g, &kop.crk_param[3]))
goto err;
if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
goto err;
kop.crk_iparams = 5;
if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
BN_num_bytes(dsa->q), s) == 0) {
dsaret = DSA_SIG_new();
if (dsaret == NULL)
goto err;
dsaret->r = r;
dsaret->s = s;
r = s = NULL;
} else {
const DSA_METHOD *meth = DSA_OpenSSL();
dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
}
err:
BN_free(r);
BN_free(s);
kop.crk_param[0].crp_p = NULL;
zapparams(&kop);
return (dsaret);
}
static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa )
{
zen_nb_t data, p, q, g, y, r, s, v;
char msg[20];
char v_data[20];
int ret;
CHEESE();
if ( !zencod_dso ) {
ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);
return 0;
}
if ( dlen > 160 ) {
ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
return 0;
}
/* Do in software if argument is too large for hardware */
if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
const DSA_METHOD *meth;
ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
meth = DSA_OpenSSL();
return meth->dsa_do_verify(dgst, dlen, sig, dsa);
}
BIGNUM2ZEN ( &p, dsa->p ) ;
BIGNUM2ZEN ( &q, dsa->q ) ;
BIGNUM2ZEN ( &g, dsa->g ) ;
BIGNUM2ZEN ( &y, dsa->pub_key ) ;
BIGNUM2ZEN ( &r, sig->r ) ;
BIGNUM2ZEN ( &s, sig->s ) ;
ptr_zencod_init_number ( &v, 160, v_data ) ;
ypcmem(msg, dgst, 20);
ptr_zencod_init_number ( &data, 160, msg ) ;
if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) {
PERROR("zenbridge_dsa_do_verify");
ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);
return 0;
}
return ( ( ret == 0 ) ? 1 : ret ) ;
}
static int
cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
DSA_SIG *sig, DSA *dsa)
{
struct crypt_kop kop;
int dsaret = 1;
memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DSA_VERIFY;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
kop.crk_param[0].crp_p = (caddr_t) dgst;
kop.crk_param[0].crp_nbits = dlen * 8;
if (bn2crparam(dsa->p, &kop.crk_param[1]))
goto err;
if (bn2crparam(dsa->q, &kop.crk_param[2]))
goto err;
if (bn2crparam(dsa->g, &kop.crk_param[3]))
goto err;
if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
goto err;
if (bn2crparam(sig->r, &kop.crk_param[5]))
goto err;
if (bn2crparam(sig->s, &kop.crk_param[6]))
goto err;
kop.crk_iparams = 7;
if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
/*
* OCF success value is 0, if not zero, change dsaret to fail
*/
if (0 != kop.crk_status)
dsaret = 0;
} else {
const DSA_METHOD *meth = DSA_OpenSSL();
dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
}
err:
kop.crk_param[0].crp_p = NULL;
zapparams(&kop);
return (dsaret);
}
int32_t CryptoNative_DsaSign(
DSA* dsa,
const uint8_t* hash,
int32_t hashLength,
uint8_t* refsignature,
int32_t* outSignatureLength)
{
if (outSignatureLength == NULL || dsa == NULL)
{
assert(false);
return 0;
}
// DSA_OpenSSL() returns a shared pointer, no need to free/cache.
if (DSA_get_method(dsa) == DSA_OpenSSL())
{
const BIGNUM* privKey;
DSA_get0_key(dsa, NULL, &privKey);
if (!privKey)
{
*outSignatureLength = 0;
ERR_PUT_error(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, DSA_R_MISSING_PARAMETERS, __FILE__, __LINE__);
return 0;
}
}
unsigned int unsignedSigLen = 0;
int32_t success = DSA_sign(0, hash, hashLength, refsignature, &unsignedSigLen, dsa);
if (!success) // Only 0 and 1 returned
{
*outSignatureLength = 0;
return 0;
}
assert(unsignedSigLen <= INT32_MAX);
*outSignatureLength = (int32_t)unsignedSigLen;
return 1;
}
/* As this is only ever called once, there's no need for locking
* (indeed - the lock will already be held by our caller!!!) */
static int bind_sureware(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
#endif
if(!ENGINE_set_id(e, engine_sureware_id) ||
!ENGINE_set_name(e, engine_sureware_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &surewarehk_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &surewarehk_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &surewarehk_dh) ||
#endif
!ENGINE_set_RAND(e, &surewarehk_rand) ||
!ENGINE_set_destroy_function(e, surewarehk_destroy) ||
!ENGINE_set_init_function(e, surewarehk_init) ||
!ENGINE_set_finish_function(e, surewarehk_finish) ||
!ENGINE_set_ctrl_function(e, (ENGINE_CTRL_FUNC_PTR)surewarehk_ctrl) ||
!ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
!ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
return 0;
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the cswift-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway! */
meth1 = RSA_PKCS1_SSLeay();
if (meth1)
{
surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
}
#endif
#ifndef OPENSSL_NO_DSA
/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
* bits. */
meth2 = DSA_OpenSSL();
if (meth2)
{
surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
}
#endif
#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
if (meth3)
{
surewarehk_dh.generate_key = meth3->generate_key;
surewarehk_dh.compute_key = meth3->compute_key;
}
#endif
/* Ensure the sureware error handling is set up */
ERR_load_SUREWARE_strings();
return 1;
}
void
ENGINE_load_cryptodev(void)
{
ENGINE *engine = ENGINE_new();
int fd;
if (engine == NULL)
return;
if ((fd = get_dev_crypto()) < 0) {
ENGINE_free(engine);
return;
}
/*
* find out what asymmetric crypto algorithms we support
*/
if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
close(fd);
ENGINE_free(engine);
return;
}
close(fd);
if (!ENGINE_set_id(engine, "cryptodev") ||
!ENGINE_set_name(engine, "BSD cryptodev engine") ||
!ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
!ENGINE_set_digests(engine, cryptodev_engine_digests) ||
!ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
!ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
ENGINE_free(engine);
return;
}
if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
if (cryptodev_asymfeat & CRF_MOD_EXP) {
cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
cryptodev_rsa.rsa_mod_exp =
cryptodev_rsa_mod_exp;
else
cryptodev_rsa.rsa_mod_exp =
cryptodev_rsa_nocrt_mod_exp;
}
}
if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
const DSA_METHOD *meth = DSA_OpenSSL();
memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
if (cryptodev_asymfeat & CRF_DSA_SIGN)
cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
if (cryptodev_asymfeat & CRF_MOD_EXP) {
cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
}
if (cryptodev_asymfeat & CRF_DSA_VERIFY)
cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
}
if (ENGINE_set_DH(engine, &cryptodev_dh)){
const DH_METHOD *dh_meth = DH_OpenSSL();
cryptodev_dh.generate_key = dh_meth->generate_key;
cryptodev_dh.compute_key = dh_meth->compute_key;
cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
if (cryptodev_asymfeat & CRF_MOD_EXP) {
cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
cryptodev_dh.compute_key =
cryptodev_dh_compute_key;
}
}
ENGINE_add(engine);
ENGINE_free(engine);
ERR_clear_error();
}
/* DSA stuff Functions
*/
static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa )
{
zen_nb_t p, q, g, x, y, r, s, data;
DSA_SIG *sig;
BIGNUM *bn_r = NULL;
BIGNUM *bn_s = NULL;
char msg[20];
CHEESE();
if ( !zencod_dso ) {
ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED);
goto FAILED;
}
if ( dlen > 160 ) {
ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
goto FAILED;
}
/* Do in software if argument is too large for hardware */
if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
const DSA_METHOD *meth;
ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
meth = DSA_OpenSSL();
return meth->dsa_do_sign(dgst, dlen, dsa);
}
if ( !(bn_s = BN_new()) || !(bn_r = BN_new()) ) {
ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
goto FAILED;
}
if ( !bn_expand(bn_r, 160) || !bn_expand(bn_s, 160) ) {
ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL);
goto FAILED;
}
bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
BIGNUM2ZEN ( &p, dsa->p ) ;
BIGNUM2ZEN ( &q, dsa->q ) ;
BIGNUM2ZEN ( &g, dsa->g ) ;
BIGNUM2ZEN ( &x, dsa->priv_key ) ;
BIGNUM2ZEN ( &y, dsa->pub_key ) ;
BIGNUM2ZEN ( &r, bn_r ) ;
BIGNUM2ZEN ( &s, bn_s ) ;
q.len = x.len = 160;
ypcmem(msg, dgst, 20);
ptr_zencod_init_number ( &data, 160, msg ) ;
if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) {
PERROR("zenbridge_dsa_do_sign");
ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
goto FAILED;
}
if ( !( sig = DSA_SIG_new () ) ) {
ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
goto FAILED;
}
sig->r = bn_r;
sig->s = bn_s;
return sig;
FAILED:
if (bn_r)
BN_free(bn_r);
if (bn_s)
BN_free(bn_s);
return NULL;
}
/* This internal function is used by ENGINE_aep() and possibly by the
* "dynamic" ENGINE support too */
static int bind_aep(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
#endif
if(!ENGINE_set_id(e, engine_aep_id) ||
!ENGINE_set_name(e, engine_aep_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &aep_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &aep_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &aep_dh) ||
#endif
#ifdef AEPRAND
!ENGINE_set_RAND(e, &aep_random) ||
#endif
!ENGINE_set_init_function(e, aep_init) ||
!ENGINE_set_destroy_function(e, aep_destroy) ||
!ENGINE_set_finish_function(e, aep_finish) ||
!ENGINE_set_ctrl_function(e, aep_ctrl) ||
!ENGINE_set_cmd_defns(e, aep_cmd_defns))
return 0;
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the aep-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway! */
meth1 = RSA_PKCS1_SSLeay();
aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif
#ifndef OPENSSL_NO_DSA
/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
* bits. */
meth2 = DSA_OpenSSL();
aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
aep_dsa = *DSA_get_default_method();
aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
#endif
#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
aep_dh.generate_key = meth3->generate_key;
aep_dh.compute_key = meth3->compute_key;
aep_dh.bn_mod_exp = meth3->bn_mod_exp;
#endif
/* Ensure the aep error handling is set up */
ERR_load_AEPHK_strings();
return 1;
}
/*
* This internal function is used by ENGINE_nuron() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
# ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
# endif
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
# endif
if (!ENGINE_set_id(e, engine_nuron_id) ||
!ENGINE_set_name(e, engine_nuron_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &nuron_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &nuron_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &nuron_dh) ||
# endif
!ENGINE_set_destroy_function(e, nuron_destroy) ||
!ENGINE_set_init_function(e, nuron_init) ||
!ENGINE_set_finish_function(e, nuron_finish) ||
!ENGINE_set_ctrl_function(e, nuron_ctrl) ||
!ENGINE_set_cmd_defns(e, nuron_cmd_defns))
return 0;
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* nuron-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
# endif
# ifndef OPENSSL_NO_DSA
/*
* Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
*/
meth2 = DSA_OpenSSL();
nuron_dsa.dsa_do_sign = meth2->dsa_do_sign;
nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
nuron_dsa.dsa_do_verify = meth2->dsa_do_verify;
# endif
# ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
nuron_dh.generate_key = meth3->generate_key;
nuron_dh.compute_key = meth3->compute_key;
# endif
/* Ensure the nuron error handling is set up */
ERR_load_NURON_strings();
return 1;
}
static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
DSA_SIG *to_return = NULL;
int s_len = 160, r_len = 160, d_len, fd;
BIGNUM m, *r=NULL, *s=NULL;
BN_init(&m);
s = BN_new();
r = BN_new();
if ((s == NULL) || (r==NULL))
goto err;
d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
(!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
if (BN_bin2bn(dgst,dlen,&m) == NULL) {
UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
const DSA_METHOD *meth;
fd = 0;
UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);
meth = DSA_OpenSSL();
to_return = meth->dsa_do_sign(dgst, dlen, dsa);
goto err;
}
if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
(unsigned char *)dgst, d_len,
NULL, 0, /* compute random value */
(unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
(unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
(unsigned char *)r->d, &r_len,
(unsigned char *)s->d, &s_len ) != 0) {
const DSA_METHOD *meth;
UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);
p_UBSEC_ubsec_close(fd);
meth = DSA_OpenSSL();
to_return = meth->dsa_do_sign(dgst, dlen, dsa);
goto err;
}
p_UBSEC_ubsec_close(fd);
r->top = (160+BN_BITS2-1)/BN_BITS2;
s->top = (160+BN_BITS2-1)/BN_BITS2;
to_return = DSA_SIG_new();
if(to_return == NULL) {
UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
goto err;
}
to_return->r = r;
to_return->s = s;
err:
if (!to_return) {
if (r) BN_free(r);
if (s) BN_free(s);
}
BN_clear_free(&m);
return to_return;
}
/* This internal function is used by ENGINE_zencod () and possibly by the
* "dynamic" ENGINE support too ;-)
*/
static int bind_helper ( ENGINE *e )
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth_rsa ;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth_dsa ;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth_dh ;
#endif
const RAND_METHOD *meth_rand ;
if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
!ENGINE_set_name ( e, engine_zencod_name ) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA ( e, &zencod_rsa ) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA ( e, &zencod_dsa ) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH ( e, &zencod_dh ) ||
#endif
!ENGINE_set_RAND ( e, &zencod_rand ) ||
!ENGINE_set_destroy_function ( e, zencod_destroy ) ||
!ENGINE_set_init_function ( e, zencod_init ) ||
!ENGINE_set_finish_function ( e, zencod_finish ) ||
!ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
!ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
!ENGINE_set_digests ( e, engine_digests ) ||
!ENGINE_set_ciphers ( e, engine_ciphers ) ) {
return 0 ;
}
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the Zencod-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway!
*/
meth_rsa = RSA_PKCS1_SSLeay () ;
zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
/* meth_rsa->rsa_mod_exp */
/* meth_rsa->bn_mod_exp */
zencod_rsa.init = meth_rsa->init ;
zencod_rsa.finish = meth_rsa->finish ;
#endif
#ifndef OPENSSL_NO_DSA
/* We use OpenSSL meth to supply what we don't provide ;-*)
*/
meth_dsa = DSA_OpenSSL () ;
/* meth_dsa->dsa_do_sign */
zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
/* meth_dsa->dsa_do_verify */
zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
/* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
zencod_dsa.init = meth_dsa->init ;
zencod_dsa.finish = meth_dsa->finish ;
#endif
#ifndef OPENSSL_NO_DH
/* We use OpenSSL meth to supply what we don't provide ;-*)
*/
meth_dh = DH_OpenSSL () ;
/* zencod_dh.generate_key = meth_dh->generate_key ; */
/* zencod_dh.compute_key = meth_dh->compute_key ; */
/* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
zencod_dh.init = meth_dh->init ;
zencod_dh.finish = meth_dh->finish ;
#endif
/* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
*/
meth_rand = RAND_SSLeay () ;
/* meth_rand->seed ; */
/* zencod_rand.seed = meth_rand->seed ; */
/* meth_rand->bytes ; */
/* zencod_rand.bytes = meth_rand->bytes ; */
zencod_rand.cleanup = meth_rand->cleanup ;
zencod_rand.add = meth_rand->add ;
/* meth_rand->pseudorand ; */
/* zencod_rand.pseudorand = meth_rand->pseudorand ; */
/* zencod_rand.status = meth_rand->status ; */
/* meth_rand->status ; */
/* Ensure the zencod error handling is set up */
ERR_load_ZENCOD_strings () ;
return 1 ;
}
