/* This internal function is used by ENGINE_cswift() and possibly by the
* "dynamic" ENGINE support too */
static int bind_helper(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth2;
#endif
if(!ENGINE_set_id(e, engine_cswift_id) ||
!ENGINE_set_name(e, engine_cswift_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &cswift_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &cswift_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &cswift_dh) ||
#endif
!ENGINE_set_RAND(e, &cswift_random) ||
!ENGINE_set_destroy_function(e, cswift_destroy) ||
!ENGINE_set_init_function(e, cswift_init) ||
!ENGINE_set_finish_function(e, cswift_finish) ||
!ENGINE_set_ctrl_function(e, cswift_ctrl) ||
!ENGINE_set_cmd_defns(e, cswift_cmd_defns))
return 0;
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the cswift-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway! */
meth1 = RSA_PKCS1_SSLeay();
cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif
#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth2 = DH_OpenSSL();
cswift_dh.generate_key = meth2->generate_key;
cswift_dh.compute_key = meth2->compute_key;
#endif
/* Ensure the cswift error handling is set up */
ERR_load_CSWIFT_strings();
return 1;
}
RSA *FIPS_rsa_new(void)
{
RSA *ret;
ret = OPENSSL_malloc(sizeof(RSA));
if (!ret)
return NULL;
memset(ret, 0, sizeof(RSA));
ret->meth = RSA_PKCS1_SSLeay();
if (ret->meth->init)
ret->meth->init(ret);
return ret;
}
const RSA_METHOD *RSA_get_default_method(void)
{
#ifndef OPERA_SMALL_VERSION
if (default_RSA_meth == NULL)
{
#ifdef RSA_NULL
default_RSA_meth=RSA_null_method();
#else
#if 0 /* was: #ifdef RSAref */
default_RSA_meth=RSA_PKCS1_RSAref();
#else
default_RSA_meth=RSA_PKCS1_SSLeay();
#endif
#endif
}
return default_RSA_meth;
#else
return RSA_PKCS1_SSLeay();
#endif
}
const RSA_METHOD *RSA_get_default_method(void)
{
if (default_RSA_meth == NULL)
{
#ifdef RSA_NULL
default_RSA_meth=RSA_null_method();
#else
default_RSA_meth=RSA_PKCS1_SSLeay();
#endif
}
return default_RSA_meth;
}
static int capi_init(ENGINE *e)
{
CAPI_CTX *ctx;
const RSA_METHOD *ossl_rsa_meth;
const DSA_METHOD *ossl_dsa_meth;
capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
ctx = capi_ctx_new();
if (!ctx || (capi_idx < 0))
goto memerr;
ENGINE_set_ex_data(e, capi_idx, ctx);
/* Setup RSA_METHOD */
rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_rsa_meth = RSA_PKCS1_SSLeay();
capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
/* Setup DSA Method */
dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_dsa_meth = DSA_OpenSSL();
capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
#ifdef OPENSSL_CAPIENG_DIALOG
{
HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
if (cryptui)
ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore");
if (kernel)
ctx->getconswindow = (GETCONSWIN)GetProcAddress(kernel, "GetConsoleWindow");
if (cryptui && !OPENSSL_isservice())
ctx->client_cert_select = cert_select_dialog;
}
#endif
return 1;
memerr:
CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
return 0;
return 1;
}
/*
* This function is aliased to mod_exp (with the mont stuff dropped).
*/
static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
int ret = 0;
/* Do in software if the key is too large for the hardware. */
if (BN_num_bits(m) > max_key_len) {
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
ret = (*meth->bn_mod_exp) (r, a, p, m, ctx, m_ctx);
} else {
ret = ubsec_mod_exp(r, a, p, m, ctx);
}
return ret;
}
static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *i, RSA *rsa )
{
CHEESE () ;
if ( !zencod_dso ) {
ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_NOT_LOADED);
return 0;
}
if ( !rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp ) {
ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BAD_KEY_COMPONENTS);
return 0;
}
/* Do in software if argument is too large for hardware */
if ( RSA_size(rsa) * 8 > ZENBRIDGE_MAX_KEYSIZE_RSA_CRT ) {
const RSA_METHOD *meth;
meth = RSA_PKCS1_SSLeay();
return meth->rsa_mod_exp(r0, i, rsa);
} else {
zen_nb_t y, x, p, q, dmp1, dmq1, iqmp;
if ( !bn_expand(r0, RSA_size(rsa) * 8) ) {
ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BN_EXPAND_FAIL);
return 0;
}
r0->top = (RSA_size(rsa) * 8 + BN_BITS2 - 1) / BN_BITS2;
BIGNUM2ZEN ( &x, i ) ;
BIGNUM2ZEN ( &y, r0 ) ;
BIGNUM2ZEN ( &p, rsa->p ) ;
BIGNUM2ZEN ( &q, rsa->q ) ;
BIGNUM2ZEN ( &dmp1, rsa->dmp1 ) ;
BIGNUM2ZEN ( &dmq1, rsa->dmq1 ) ;
BIGNUM2ZEN ( &iqmp, rsa->iqmp ) ;
if ( ptr_zencod_rsa_mod_exp_crt ( &y, &x, &p, &q, &dmp1, &dmq1, &iqmp ) < 0 ) {
PERROR("zenbridge_rsa_mod_exp_crt");
ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_REQUEST_FAILED);
return 0;
}
return 1;
}
}
int aos_signature_init(struct aos_signature *sign)
{
memset(sign, 0, sizeof(struct aos_signature));
sign->rsa = RSA_new();
if(sign->rsa == NULL)
return 0;
RSA_set_method(sign->rsa, RSA_PKCS1_SSLeay());
sign->rsa->e = BN_new();
if(sign->rsa->e == NULL)
return 0;
BN_set_word(sign->rsa->e, 3);
return 1;
}
static int tpm_rsa_pub_dec(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
int padding)
{
int rv;
DBG("%s", __FUNCTION__);
if ((rv = RSA_PKCS1_SSLeay()->rsa_pub_dec(flen, from, to, rsa,
padding)) < 0) {
TSSerr(TPM_F_TPM_RSA_PUB_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
return rv;
}
RSA *RSA_new_method(RSA_METHOD *meth)
{
RSA *ret;
ret=(RSA *)rtlglue_malloc(sizeof(RSA));
if (ret == NULL)
return(NULL);
if (meth == NULL)
{
if((ret->meth=RSA_PKCS1_SSLeay()) == NULL)
{
rtlglue_free(ret);
return NULL;
}
}
else
ret->meth=meth;
meth = ret->meth;
ret->pad=0;
ret->version=0;
ret->n=NULL;
ret->e=NULL;
ret->d=NULL;
ret->p=NULL;
ret->q=NULL;
ret->dmp1=NULL;
ret->dmq1=NULL;
ret->iqmp=NULL;
ret->references=1;
ret->_method_mod_n=NULL;
ret->_method_mod_p=NULL;
ret->_method_mod_q=NULL;
ret->blinding=NULL;
ret->bignum_data=NULL;
ret->flags=meth->flags;
if ((meth->init != NULL) && !meth->init(ret))
{
rtlglue_free(ret);
ret=NULL;
}
return(ret);
}
static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
int to_return = 0;
AEP_RV rv = AEP_R_OK;
if (!aep_dso)
{
AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED);
goto err;
}
/*See if we have all the necessary bits for a crt*/
if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)
{
rv = aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
if (rv == FAIL_TO_SW){
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
goto err;
}
else if (rv != AEP_R_OK)
goto err;
}
else
{
if (!rsa->d || !rsa->n)
{
AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS);
goto err;
}
rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx);
if (rv != AEP_R_OK)
goto err;
}
to_return = 1;
err:
return to_return;
}
static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
int to_return = 0;
const RSA_METHOD * def_rsa_method;
/* Try the limits of RSA (2048 bits) */
if(BN_num_bytes(rsa->p) > 128 ||
BN_num_bytes(rsa->q) > 128 ||
BN_num_bytes(rsa->dmp1) > 128 ||
BN_num_bytes(rsa->dmq1) > 128 ||
BN_num_bytes(rsa->iqmp) > 128)
{
#ifdef RSA_NULL
def_rsa_method=RSA_null_method();
#else
#if 0
def_rsa_method=RSA_PKCS1_RSAref();
#else
def_rsa_method=RSA_PKCS1_SSLeay();
#endif
#endif
if(def_rsa_method)
return def_rsa_method->rsa_mod_exp(r0, I, rsa);
}
if((ctx = BN_CTX_new()) == NULL)
goto err;
if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
{
CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
goto err;
}
to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
rsa->dmq1, rsa->iqmp, ctx);
err:
if(ctx)
BN_CTX_free(ctx);
return to_return;
}
/* This function is aliased to RSA_mod_exp (with the mont stuff dropped).
*/
static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx )
{
CHEESE () ;
if ( !zencod_dso ) {
ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_NOT_LOADED);
return 0;
}
/* Do in software if argument is too large for hardware */
if ( BN_num_bits(m) > ZENBRIDGE_MAX_KEYSIZE_RSA ) {
const RSA_METHOD *meth;
meth = RSA_PKCS1_SSLeay();
return meth->bn_mod_exp(r, a, p, m, ctx, m_ctx);
} else {
zen_nb_t y, x, e, n;
if ( !bn_expand(r, BN_num_bits(m)) ) {
ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
return 0;
}
r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
BIGNUM2ZEN ( &x, a ) ;
BIGNUM2ZEN ( &y, r ) ;
BIGNUM2ZEN ( &e, p ) ;
BIGNUM2ZEN ( &n, m ) ;
if ( ptr_zencod_rsa_mod_exp ( &y, &x, &n, &e ) < 0 ) {
PERROR("zenbridge_rsa_mod_exp");
ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
return 0;
}
return 1;
}
}
static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx)
{
int to_return = 0;
if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
goto err;
}
to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
rsa->dmq1, rsa->iqmp, ctx);
if (to_return == FAIL_TO_SOFTWARE) {
/*
* Do in software as hardware failed.
*/
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
to_return = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
}
err:
return to_return;
}
static CK_RV
add_pubkey_info(struct gpkcs11_st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key)
{
switch (key_type) {
case CKK_RSA: {
CK_BYTE *modulus = NULL;
size_t modulus_len = 0;
CK_ULONG modulus_bits = 0;
CK_BYTE *exponent = NULL;
size_t exponent_len = 0;
modulus_bits = BN_num_bits(key->pkey.rsa->n);
modulus_len = BN_num_bytes(key->pkey.rsa->n);
modulus = malloc(modulus_len);
BN_bn2bin(key->pkey.rsa->n, modulus);
exponent_len = BN_num_bytes(key->pkey.rsa->e);
exponent = malloc(exponent_len);
BN_bn2bin(key->pkey.rsa->e, exponent);
add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
add_object_attribute(o, 0, CKA_MODULUS_BITS,
&modulus_bits, sizeof(modulus_bits));
add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT,
exponent, exponent_len);
RSA_set_method(key->pkey.rsa, RSA_PKCS1_SSLeay());
free(modulus);
free(exponent);
}
default:
/* XXX */
break;
}
return CKR_OK;
}
static int
cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
struct crypt_kop kop;
int ret = 1;
if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
/* XXX 0 means failure?? */
return (0);
}
memset(&kop, 0, sizeof kop);
kop.crk_op = CRK_MOD_EXP_CRT;
/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
if (bn2crparam(rsa->p, &kop.crk_param[0]))
goto err;
if (bn2crparam(rsa->q, &kop.crk_param[1]))
goto err;
if (bn2crparam(I, &kop.crk_param[2]))
goto err;
if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
goto err;
if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
goto err;
if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
goto err;
kop.crk_iparams = 6;
if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
}
err:
zapparams(&kop);
return (ret);
}
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
const RSA_METHOD *def_rsa_method;
/* Try the limits of RSA (2048 bits) */
if (BN_num_bytes(r) > 256 ||
BN_num_bytes(a) > 256 || BN_num_bytes(m) > 256) {
# ifdef RSA_NULL
def_rsa_method = RSA_null_method();
# else
# if 0
def_rsa_method = RSA_PKCS1_RSAref();
# else
def_rsa_method = RSA_PKCS1_SSLeay();
# endif
# endif
if (def_rsa_method)
return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
}
return cswift_mod_exp(r, a, p, m, ctx);
}
static int
cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx)
{
return (RSA_PKCS1_SSLeay()->rsa_mod_exp)(r0, I, rsa, ctx);
}
void
ENGINE_load_cryptodev(void)
{
ENGINE *engine = ENGINE_new();
int fd;
if (engine == NULL)
return;
if ((fd = get_dev_crypto()) < 0) {
ENGINE_free(engine);
return;
}
/*
* find out what asymmetric crypto algorithms we support
*/
if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
close(fd);
ENGINE_free(engine);
return;
}
close(fd);
if (!ENGINE_set_id(engine, "cryptodev") ||
!ENGINE_set_name(engine, "BSD cryptodev engine") ||
!ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
!ENGINE_set_digests(engine, cryptodev_engine_digests) ||
!ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
!ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
ENGINE_free(engine);
return;
}
if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
if (cryptodev_asymfeat & CRF_MOD_EXP) {
cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
cryptodev_rsa.rsa_mod_exp =
cryptodev_rsa_mod_exp;
else
cryptodev_rsa.rsa_mod_exp =
cryptodev_rsa_nocrt_mod_exp;
}
}
if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
const DSA_METHOD *meth = DSA_OpenSSL();
memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
if (cryptodev_asymfeat & CRF_DSA_SIGN)
cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
if (cryptodev_asymfeat & CRF_MOD_EXP) {
cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
}
if (cryptodev_asymfeat & CRF_DSA_VERIFY)
cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
}
if (ENGINE_set_DH(engine, &cryptodev_dh)){
const DH_METHOD *dh_meth = DH_OpenSSL();
cryptodev_dh.generate_key = dh_meth->generate_key;
cryptodev_dh.compute_key = dh_meth->compute_key;
cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
if (cryptodev_asymfeat & CRF_MOD_EXP) {
cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
cryptodev_dh.compute_key =
cryptodev_dh_compute_key;
}
}
ENGINE_add(engine);
ENGINE_free(engine);
ERR_clear_error();
}
/*
* Generate key
*/
static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
sc_pkcs15_card_t *p15card,
sc_pkcs15_object_t *obj,
sc_pkcs15_pubkey_t *pubkey)
{
#ifndef ENABLE_OPENSSL
return SC_ERROR_NOT_SUPPORTED;
#else
int r = SC_ERROR_UNKNOWN;
long lg;
u8 *p;
sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data;
RSA *rsa = NULL;
BIGNUM *bn = NULL;
BIO *mem = NULL;
sc_file_t *prkf = NULL;
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
return SC_ERROR_NOT_SUPPORTED;
}
#if OPENSSL_VERSION_NUMBER>=0x00908000L
rsa = RSA_new();
bn = BN_new();
mem = BIO_new(BIO_s_mem());
if(rsa == NULL || bn == NULL || mem == NULL)
{
r = SC_ERROR_OUT_OF_MEMORY;
goto out;
}
if(!BN_set_word(bn, RSA_F4) ||
!RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL))
#else
mem = BIO_new(BIO_s_mem());
if(mem == NULL)
{
r = SC_ERROR_OUT_OF_MEMORY;
goto out;
}
rsa = RSA_generate_key(key_info->modulus_length, RSA_F4, NULL, NULL);
if (!rsa)
#endif
{
r = SC_ERROR_UNKNOWN;
goto out;
}
rsa->meth = RSA_PKCS1_SSLeay();
if(pubkey != NULL)
{
if(!i2d_RSAPublicKey_bio(mem, rsa))
{
r = SC_ERROR_UNKNOWN;
goto out;
}
lg = BIO_get_mem_data(mem, &p);
pubkey->algorithm = SC_ALGORITHM_RSA;
r = sc_pkcs15_decode_pubkey(p15card->card->ctx, pubkey, p, lg);
}
(void) BIO_reset(mem);
if(!i2d_RSAPrivateKey_bio(mem, rsa))
{
r = SC_ERROR_UNKNOWN;
goto out;
}
lg = BIO_get_mem_data(mem, &p);
/* Get the private key file */
r = sc_profile_get_file_by_path(profile, &key_info->path, &prkf);
if (r < 0)
{
char pbuf[SC_MAX_PATH_STRING_SIZE];
r = sc_path_print(pbuf, sizeof(pbuf), &key_info->path);
if (r != SC_SUCCESS)
pbuf[0] = '\0';
goto out;
}
prkf->size = lg;
r = sc_pkcs15init_create_file(profile, p15card, prkf);
if(r) goto out;
r = sc_pkcs15init_update_file(profile, p15card, prkf, p, lg);
if(r) goto out;
out:
if(mem)
BIO_free(mem);
if(bn)
BN_free(bn);
if(rsa)
RSA_free(rsa);
if(prkf)
sc_file_free(prkf);
return r;
#endif
}
CK_RV
gpkcs11_add_credentials(char *label,
const char *cert_file,
const char *private_key_file,
char *id,
int anchor)
{
struct gpkcs11_st_object *o = NULL;
CK_BBOOL bool_true = CK_TRUE;
CK_BBOOL bool_false = CK_FALSE;
CK_OBJECT_CLASS c;
CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
CK_KEY_TYPE key_type;
CK_MECHANISM_TYPE mech_type;
CK_RV ret = CKR_GENERAL_ERROR;
void *subject_data = NULL;
size_t subject_length;
X509 *cert, *proxy_cert = NULL;
EVP_PKEY *public_key;
FILE *f = NULL;
size_t id_len = strlen(id);
f = fopen(cert_file, "r");
if (f == NULL) {
gpkcs11_log("failed to open file %s\n", cert_file);
return CKR_GENERAL_ERROR;
}
while (1) {
cert = PEM_read_X509(f, NULL, NULL, NULL);
if (cert == NULL) {
if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
break;
ret = CKR_GENERAL_ERROR;
goto out;
}
if (proxy_cert == NULL)
proxy_cert = cert;
ret = gpkcs11_add_certificate(label, cert, id, anchor);
if (ret)
goto out;
}
public_key = X509_get_pubkey(proxy_cert);
switch (EVP_PKEY_type(public_key->type)) {
case EVP_PKEY_RSA:
key_type = CKK_RSA;
break;
case EVP_PKEY_DSA:
key_type = CKK_DSA;
break;
default:
/* XXX */
break;
}
OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, subject_data, subject_length,
X509_get_subject_name(proxy_cert), ret);
if (ret)
goto out;
if (private_key_file) {
CK_FLAGS flags;
FILE *f;
o = add_st_object();
if (o == NULL) {
ret = CKR_DEVICE_MEMORY;
goto out;
}
o->type = STO_T_PRIVATE_KEY;
o->u.private_key.file = strdup(private_key_file);
o->u.private_key.key = NULL;
o->u.private_key.cert = proxy_cert;
c = CKO_PRIVATE_KEY;
add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c));
add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
add_object_attribute(o, 0, CKA_PRIVATE, &bool_true, sizeof(bool_false));
add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
add_object_attribute(o, 0, CKA_ID, id, id_len);
add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
mech_type = CKM_RSA_X_509;
add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length);
add_object_attribute(o, 0, CKA_SENSITIVE, &bool_true, sizeof(bool_true));
add_object_attribute(o, 0, CKA_SECONDARY_AUTH, &bool_false, sizeof(bool_true));
flags = 0;
add_object_attribute(o, 0, CKA_AUTH_PIN_FLAGS, &flags, sizeof(flags));
add_object_attribute(o, 0, CKA_DECRYPT, &bool_true, sizeof(bool_true));
add_object_attribute(o, 0, CKA_SIGN, &bool_true, sizeof(bool_true));
add_object_attribute(o, 0, CKA_SIGN_RECOVER, &bool_false, sizeof(bool_false));
add_object_attribute(o, 0, CKA_UNWRAP, &bool_true, sizeof(bool_true));
add_object_attribute(o, 0, CKA_EXTRACTABLE, &bool_true, sizeof(bool_true));
add_object_attribute(o, 0, CKA_NEVER_EXTRACTABLE, &bool_false, sizeof(bool_false));
add_pubkey_info(o, key_type, public_key);
f = fopen(private_key_file, "r");
if (f == NULL) {
gpkcs11_log("failed to open private key\n");
return CKR_GENERAL_ERROR;
}
o->u.private_key.key = PEM_read_PrivateKey(f, NULL, pem_callback, NULL);
fclose(f);
if (o->u.private_key.key == NULL) {
gpkcs11_log("failed to read private key a startup\n");
/* don't bother with this failure for now,
fix it at C_Login time */;
} else {
/* XXX verify keytype */
if (key_type == CKK_RSA)
RSA_set_method(o->u.private_key.key->pkey.rsa,
RSA_PKCS1_SSLeay());
if (X509_check_private_key(proxy_cert, o->u.private_key.key) != 1) {
EVP_PKEY_free(o->u.private_key.key);
o->u.private_key.key = NULL;
gpkcs11_log("private key doesn't verify\n");
} else {
gpkcs11_log("private key usable\n");
gpkcs11_soft_token.flags.login_done = 1;
}
}
}
ret = CKR_OK;
out:
if (ret != CKR_OK) {
gpkcs11_log("something went wrong when adding cert!\n");
/* XXX wack o */;
}
if (f)
fclose(f);
return ret;
}
static int tpm_rsa_pub_enc(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
int padding)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
TSS_RESULT result;
UINT32 out_len, in_len;
BYTE *out;
int rv;
DBG("%s", __FUNCTION__);
if (!app_data) {
DBG("No app data found for RSA object %p. Calling software.",
rsa);
if ((rv = RSA_PKCS1_SSLeay()->rsa_pub_enc(flen, from, to, rsa,
padding)) < 0) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED);
}
return rv;
}
if (app_data->hKey == NULL_HKEY) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_KEY);
return 0;
}
if (app_data->hEncData == NULL_HENCDATA) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,
&app_data->hEncData))) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED);
return 0;
}
DBG("Setting hEncData(0x%x) in RSA object", app_data->hEncData);
}
DBG("flen is %d", flen);
if (padding == RSA_PKCS1_PADDING) {
if (app_data->encScheme != TSS_ES_RSAESPKCSV15) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object",
app_data->encScheme);
return 0;
}
if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE)) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
}
} else if (padding == RSA_PKCS1_OAEP_PADDING) {
if (app_data->encScheme != TSS_ES_RSAESOAEP_SHA1_MGF1) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object",
app_data->encScheme);
return 0;
}
/* subtract an extra 5 for the TCPA_BOUND_DATA structure */
if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE - 5)) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
}
} else {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_ENC_SCHEME);
return 0;
}
in_len = flen;
DBG("Bind: hKey(0x%x) hEncData(0x%x) in_len(%u)", app_data->hKey,
app_data->hEncData, in_len);
if ((result = Tspi_Data_Bind(app_data->hEncData, app_data->hKey,
in_len, from))) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED);
DBG("result = 0x%x (%s)", result,
Trspi_Error_String(result));
return 0;
}
/* pull out the bound data and return it */
if ((result = Tspi_GetAttribData(app_data->hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&out_len, &out))) {
TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED);
return 0;
}
DBG("%s: writing out %d bytes as bound data", __FUNCTION__, out_len);
memcpy(to, out, out_len);
Tspi_Context_FreeMemory(hContext, out);
return out_len;
}
static int tpm_rsa_priv_dec(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
int padding)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
TSS_RESULT result;
UINT32 out_len, in_len;
BYTE *out;
int rv;
DBG("%s", __FUNCTION__);
if (!app_data) {
DBG("No app data found for RSA object %p. Calling software.",
rsa);
if ((rv = RSA_PKCS1_SSLeay()->rsa_priv_dec(flen, from, to, rsa,
padding)) < 0) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
}
return rv;
}
if (app_data->hKey == NULL_HKEY) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_INVALID_KEY);
return 0;
}
if (app_data->hEncData == NULL_HENCDATA) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,
&app_data->hEncData))) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
}
if (padding == RSA_PKCS1_PADDING &&
app_data->encScheme != TSS_ES_RSAESPKCSV15) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object", app_data->encScheme);
return 0;
} else if (padding == RSA_PKCS1_OAEP_PADDING &&
app_data->encScheme != TSS_ES_RSAESOAEP_SHA1_MGF1) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object", app_data->encScheme);
return 0;
}
in_len = flen;
if ((result = Tspi_SetAttribData(app_data->hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
in_len, from))) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_Data_Unbind(app_data->hEncData, app_data->hKey,
&out_len, &out))) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
DBG("%s: writing out %d bytes as a signature", __FUNCTION__, out_len);
memcpy(to, out, out_len);
Tspi_Context_FreeMemory(hContext, out);
return out_len;
}
/* initialisation function */
static int tpm_engine_init(ENGINE * e)
{
TSS_RESULT result;
DBG("%s", __FUNCTION__);
#ifdef DLOPEN_TSPI
if (tpm_dso != NULL) {
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_ALREADY_LOADED);
return 1;
}
if ((tpm_dso = DSO_load(NULL, TPM_LIBNAME, NULL, 0)) == NULL) {
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE);
goto err;
}
#define bind_tspi_func(dso, func) (p_tspi_##func = (void *)DSO_bind_func(dso, "Tspi_" #func))
if (!bind_tspi_func(tpm_dso, Context_Create) ||
!bind_tspi_func(tpm_dso, Context_Close) ||
!bind_tspi_func(tpm_dso, Context_Connect) ||
!bind_tspi_func(tpm_dso, TPM_GetRandom) ||
!bind_tspi_func(tpm_dso, Key_CreateKey) ||
!bind_tspi_func(tpm_dso, Data_Bind) ||
!bind_tspi_func(tpm_dso, Data_Unbind) ||
!bind_tspi_func(tpm_dso, Context_CreateObject) ||
!bind_tspi_func(tpm_dso, Context_FreeMemory) ||
!bind_tspi_func(tpm_dso, Key_LoadKey) ||
!bind_tspi_func(tpm_dso, Context_LoadKeyByUUID) ||
!bind_tspi_func(tpm_dso, GetAttribData) ||
!bind_tspi_func(tpm_dso, Hash_Sign) ||
!bind_tspi_func(tpm_dso, Context_CloseObject) ||
!bind_tspi_func(tpm_dso, Hash_SetHashValue) ||
!bind_tspi_func(tpm_dso, SetAttribUint32) ||
!bind_tspi_func(tpm_dso, GetPolicyObject) ||
!bind_tspi_func(tpm_dso, Policy_SetSecret) ||
!bind_tspi_func(tpm_dso, TPM_StirRandom) ||
!bind_tspi_func(tpm_dso, Context_LoadKeyByBlob) ||
!bind_tspi_func(tpm_dso, Context_GetTpmObject) ||
!bind_tspi_func(tpm_dso, GetAttribUint32) ||
!bind_tspi_func(tpm_dso, SetAttribData) ||
!bind_tspi_func(tpm_dso, Policy_AssignToObject)
) {
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE);
goto err;
}
#endif /* DLOPEN_TSPI */
if ((result = Tspi_Context_Create(&hContext))) {
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE);
goto err;
}
/* XXX allow dest to be specified through pre commands */
if ((result = Tspi_Context_Connect(hContext, NULL))) {
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE);
goto err;
}
if ((result = Tspi_Context_GetTpmObject(hContext, &hTPM))) {
TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE);
goto err;
}
tpm_rsa.rsa_mod_exp = RSA_PKCS1_SSLeay()->rsa_mod_exp;
return 1;
err:
if (hContext != NULL_HCONTEXT) {
Tspi_Context_Close(hContext);
hContext = NULL_HCONTEXT;
hTPM = NULL_HTPM;
}
#ifdef DLOPEN_TSPI
if (tpm_dso) {
DSO_free(tpm_dso);
tpm_dso = NULL;
}
p_tspi_Context_Create = NULL;
p_tspi_Context_Close = NULL;
p_tspi_Context_Connect = NULL;
p_tspi_Context_FreeMemory = NULL;
p_tspi_Context_LoadKeyByBlob = NULL;
p_tspi_Context_LoadKeyByUUID = NULL;
p_tspi_Context_GetTpmObject = NULL;
p_tspi_Context_CloseObject = NULL;
p_tspi_Key_CreateKey = NULL;
p_tspi_Key_LoadKey = NULL;
p_tspi_Data_Bind = NULL;
p_tspi_Data_Unbind = NULL;
p_tspi_Hash_SetHashValue = NULL;
p_tspi_Hash_Sign = NULL;
p_tspi_GetAttribData = NULL;
p_tspi_SetAttribData = NULL;
p_tspi_GetAttribUint32 = NULL;
p_tspi_SetAttribUint32 = NULL;
p_tspi_GetPolicyObject = NULL;
p_tspi_Policy_SetSecret = NULL;
p_tspi_Policy_AssignToObject = NULL;
p_tspi_TPM_StirRandom = NULL;
p_tspi_TPM_GetRandom = NULL;
#endif
return 0;
}
/* This internal function is used by ENGINE_aep() and possibly by the
* "dynamic" ENGINE support too */
static int bind_aep(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
#endif
if(!ENGINE_set_id(e, engine_aep_id) ||
!ENGINE_set_name(e, engine_aep_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &aep_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &aep_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &aep_dh) ||
#endif
#ifdef AEPRAND
!ENGINE_set_RAND(e, &aep_random) ||
#endif
!ENGINE_set_init_function(e, aep_init) ||
!ENGINE_set_destroy_function(e, aep_destroy) ||
!ENGINE_set_finish_function(e, aep_finish) ||
!ENGINE_set_ctrl_function(e, aep_ctrl) ||
!ENGINE_set_cmd_defns(e, aep_cmd_defns))
return 0;
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the aep-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway! */
meth1 = RSA_PKCS1_SSLeay();
aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif
#ifndef OPENSSL_NO_DSA
/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
* bits. */
meth2 = DSA_OpenSSL();
aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
aep_dsa = *DSA_get_default_method();
aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
#endif
#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
aep_dh.generate_key = meth3->generate_key;
aep_dh.compute_key = meth3->compute_key;
aep_dh.bn_mod_exp = meth3->bn_mod_exp;
#endif
/* Ensure the aep error handling is set up */
ERR_load_AEPHK_strings();
return 1;
}
/*
* This internal function is used by ENGINE_nuron() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
# ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
# endif
# ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
# endif
# ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
# endif
if (!ENGINE_set_id(e, engine_nuron_id) ||
!ENGINE_set_name(e, engine_nuron_name) ||
# ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &nuron_rsa) ||
# endif
# ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &nuron_dsa) ||
# endif
# ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &nuron_dh) ||
# endif
!ENGINE_set_destroy_function(e, nuron_destroy) ||
!ENGINE_set_init_function(e, nuron_init) ||
!ENGINE_set_finish_function(e, nuron_finish) ||
!ENGINE_set_ctrl_function(e, nuron_ctrl) ||
!ENGINE_set_cmd_defns(e, nuron_cmd_defns))
return 0;
# ifndef OPENSSL_NO_RSA
/*
* We know that the "PKCS1_SSLeay()" functions hook properly to the
* nuron-specific mod_exp and mod_exp_crt so we use those functions. NB:
* We don't use ENGINE_openssl() or anything "more generic" because
* something like the RSAref code may not hook properly, and if you own
* one of these cards then you have the right to do RSA operations on it
* anyway!
*/
meth1 = RSA_PKCS1_SSLeay();
nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
# endif
# ifndef OPENSSL_NO_DSA
/*
* Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
*/
meth2 = DSA_OpenSSL();
nuron_dsa.dsa_do_sign = meth2->dsa_do_sign;
nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
nuron_dsa.dsa_do_verify = meth2->dsa_do_verify;
# endif
# ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
nuron_dh.generate_key = meth3->generate_key;
nuron_dh.compute_key = meth3->compute_key;
# endif
/* Ensure the nuron error handling is set up */
ERR_load_NURON_strings();
return 1;
}
/* As this is only ever called once, there's no need for locking
* (indeed - the lock will already be held by our caller!!!) */
static int bind_sureware(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
#endif
if(!ENGINE_set_id(e, engine_sureware_id) ||
!ENGINE_set_name(e, engine_sureware_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &surewarehk_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &surewarehk_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &surewarehk_dh) ||
#endif
!ENGINE_set_RAND(e, &surewarehk_rand) ||
!ENGINE_set_destroy_function(e, surewarehk_destroy) ||
!ENGINE_set_init_function(e, surewarehk_init) ||
!ENGINE_set_finish_function(e, surewarehk_finish) ||
!ENGINE_set_ctrl_function(e, (ENGINE_CTRL_FUNC_PTR)surewarehk_ctrl) ||
!ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
!ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
return 0;
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the cswift-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway! */
meth1 = RSA_PKCS1_SSLeay();
if (meth1)
{
surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
}
#endif
#ifndef OPENSSL_NO_DSA
/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
* bits. */
meth2 = DSA_OpenSSL();
if (meth2)
{
surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
}
#endif
#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
if (meth3)
{
surewarehk_dh.generate_key = meth3->generate_key;
surewarehk_dh.compute_key = meth3->compute_key;
}
#endif
/* Ensure the sureware error handling is set up */
ERR_load_SUREWARE_strings();
return 1;
}
static int tpm_rsa_priv_enc(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
int padding)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
TSS_RESULT result;
UINT32 sig_len;
BYTE *sig;
int rv;
DBG("%s", __FUNCTION__);
if (!app_data) {
DBG("No app data found for RSA object %p. Calling software.",
rsa);
if ((rv = RSA_PKCS1_SSLeay()->rsa_priv_enc(flen, from, to, rsa,
padding)) < 0) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED);
}
return rv;
}
if (padding != RSA_PKCS1_PADDING) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_PADDING_TYPE);
return 0;
}
if (app_data->hKey == NULL_HKEY) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_KEY);
return 0;
}
if (app_data->hHash == NULL_HHASH) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_HASH,
TSS_HASH_OTHER,
&app_data->hHash))) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED);
return 0;
}
}
if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) {
if (flen != SHA_DIGEST_LENGTH) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE);
return 0;
}
} else if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_DER) {
if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE)) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE);
return 0;
}
} else {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_ENC_SCHEME);
return 0;
}
if ((result = Tspi_Hash_SetHashValue(app_data->hHash, flen, from))) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_Hash_Sign(app_data->hHash, app_data->hKey,
&sig_len, &sig))) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED);
DBG("result = 0x%x (%s)", result,
Trspi_Error_String(result));
return 0;
}
DBG("%s: writing out %d bytes as a signature", __FUNCTION__, sig_len);
memcpy(to, sig, sig_len);
Tspi_Context_FreeMemory(hContext, sig);
return sig_len;
}
int neverbleed_init(neverbleed_t *nb, char *errbuf)
{
int pipe_fds[2] = {-1, -1}, listen_fd = -1;
char *tempdir = NULL;
const RSA_METHOD *default_method = RSA_PKCS1_SSLeay();
rsa_method.rsa_pub_enc = default_method->rsa_pub_enc;
rsa_method.rsa_pub_dec = default_method->rsa_pub_dec;
rsa_method.rsa_verify = default_method->rsa_verify;
/* setup the daemon */
if (pipe(pipe_fds) != 0) {
snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "pipe(2) failed:%s", strerror(errno));
goto Fail;
}
fcntl(pipe_fds[1], F_SETFD, O_CLOEXEC);
if ((tempdir = strdup("/tmp/openssl-privsep.XXXXXX")) == NULL) {
snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "no memory");
goto Fail;
}
if (mkdtemp(tempdir) == NULL) {
snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "failed to create temporary directory under /tmp:%s", strerror(errno));
goto Fail;
}
memset(&nb->sun_, 0, sizeof(nb->sun_));
nb->sun_.sun_family = AF_UNIX;
snprintf(nb->sun_.sun_path, sizeof(nb->sun_.sun_path), "%s/_", tempdir);
RAND_bytes(nb->auth_token, sizeof(nb->auth_token));
if ((listen_fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) {
snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "socket(2) failed:%s", strerror(errno));
goto Fail;
}
if (bind(listen_fd, (void *)&nb->sun_, sizeof(nb->sun_)) != 0) {
snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "failed to bind to %s:%s", nb->sun_.sun_path, strerror(errno));
goto Fail;
}
if (listen(listen_fd, SOMAXCONN) != 0) {
snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "listen(2) failed:%s", strerror(errno));
goto Fail;
}
switch (fork()) {
case -1:
snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "fork(2) failed:%s", strerror(errno));
goto Fail;
case 0:
close(pipe_fds[1]);
#ifdef __linux__
prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
#endif
memcpy(daemon_auth_token, nb->auth_token, NEVERBLEED_AUTH_TOKEN_SIZE);
daemon_main(listen_fd, pipe_fds[0], tempdir);
break;
default:
break;
}
close(listen_fd);
listen_fd = -1;
close(pipe_fds[0]);
pipe_fds[0] = -1;
/* setup engine */
if ((nb->engine = ENGINE_new()) == NULL ||
!ENGINE_set_id(nb->engine, "neverbleed") ||
!ENGINE_set_name(nb->engine, "privilege separation software engine") ||
!ENGINE_set_RSA(nb->engine, &rsa_method)) {
snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "failed to initialize the OpenSSL engine");
goto Fail;
}
ENGINE_add(nb->engine);
/* setup thread key */
pthread_key_create(&nb->thread_key, dispose_thread_data);
free(tempdir);
return 0;
Fail:
if (pipe_fds[0] != -1)
close(pipe_fds[0]);
if (pipe_fds[1] != -1)
close(pipe_fds[1]);
if (tempdir != NULL) {
unlink_dir(tempdir);
free(tempdir);
}
if (listen_fd != -1)
close(listen_fd);
if (nb->engine != NULL) {
ENGINE_free(nb->engine);
nb->engine = NULL;
}
return -1;
}
/* This internal function is used by ENGINE_zencod () and possibly by the
* "dynamic" ENGINE support too ;-)
*/
static int bind_helper ( ENGINE *e )
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth_rsa ;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth_dsa ;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth_dh ;
#endif
const RAND_METHOD *meth_rand ;
if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
!ENGINE_set_name ( e, engine_zencod_name ) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA ( e, &zencod_rsa ) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA ( e, &zencod_dsa ) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH ( e, &zencod_dh ) ||
#endif
!ENGINE_set_RAND ( e, &zencod_rand ) ||
!ENGINE_set_destroy_function ( e, zencod_destroy ) ||
!ENGINE_set_init_function ( e, zencod_init ) ||
!ENGINE_set_finish_function ( e, zencod_finish ) ||
!ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
!ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
!ENGINE_set_digests ( e, engine_digests ) ||
!ENGINE_set_ciphers ( e, engine_ciphers ) ) {
return 0 ;
}
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the Zencod-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway!
*/
meth_rsa = RSA_PKCS1_SSLeay () ;
zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
/* meth_rsa->rsa_mod_exp */
/* meth_rsa->bn_mod_exp */
zencod_rsa.init = meth_rsa->init ;
zencod_rsa.finish = meth_rsa->finish ;
#endif
#ifndef OPENSSL_NO_DSA
/* We use OpenSSL meth to supply what we don't provide ;-*)
*/
meth_dsa = DSA_OpenSSL () ;
/* meth_dsa->dsa_do_sign */
zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
/* meth_dsa->dsa_do_verify */
zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
/* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
zencod_dsa.init = meth_dsa->init ;
zencod_dsa.finish = meth_dsa->finish ;
#endif
#ifndef OPENSSL_NO_DH
/* We use OpenSSL meth to supply what we don't provide ;-*)
*/
meth_dh = DH_OpenSSL () ;
/* zencod_dh.generate_key = meth_dh->generate_key ; */
/* zencod_dh.compute_key = meth_dh->compute_key ; */
/* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
zencod_dh.init = meth_dh->init ;
zencod_dh.finish = meth_dh->finish ;
#endif
/* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
*/
meth_rand = RAND_SSLeay () ;
/* meth_rand->seed ; */
/* zencod_rand.seed = meth_rand->seed ; */
/* meth_rand->bytes ; */
/* zencod_rand.bytes = meth_rand->bytes ; */
zencod_rand.cleanup = meth_rand->cleanup ;
zencod_rand.add = meth_rand->add ;
/* meth_rand->pseudorand ; */
/* zencod_rand.pseudorand = meth_rand->pseudorand ; */
/* zencod_rand.status = meth_rand->status ; */
/* meth_rand->status ; */
/* Ensure the zencod error handling is set up */
ERR_load_ZENCOD_strings () ;
return 1 ;
}
