static int tpm_rsa_finish(RSA *rsa)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
DBG("%s", __FUNCTION__);
if (!app_data)
return 1;
if (app_data->hHash) {
Tspi_Context_CloseObject(hContext, app_data->hHash);
app_data->hHash = NULL_HHASH;
}
if (app_data->hKey) {
Tspi_Context_CloseObject(hContext, app_data->hKey);
app_data->hKey = NULL_HKEY;
}
if (app_data->hEncData) {
Tspi_Context_CloseObject(hContext, app_data->hEncData);
app_data->hEncData = NULL_HENCDATA;
}
OPENSSL_free(app_data);
return 1;
}
static int
nss_cmd_evp_cert(NSS_CTX *ctx, void *p) {
NSS_KEYCTX *keyctx = NULL;
struct {
EVP_PKEY *pkey;
X509 *x509;
} *param = p;
switch (param->pkey->type) {
case EVP_PKEY_RSA: {
RSA *pkey_rsa = EVP_PKEY_get1_RSA(param->pkey);
keyctx = RSA_get_ex_data(pkey_rsa, nss_rsa_ctx_index);
RSA_free(pkey_rsa);
} break;
case EVP_PKEY_DSA: {
DSA *pkey_dsa = EVP_PKEY_get1_DSA(param->pkey);
keyctx = DSA_get_ex_data(pkey_dsa, nss_dsa_ctx_index);
DSA_free(pkey_dsa);
} break;
default: {
NSSerr(NSS_F_CMD_EVP_CERT, NSS_R_UNSUPPORTED_KEYTYPE);
{ /* add extra error message data */
char msgstr[10];
BIO_snprintf(msgstr, sizeof(msgstr), "%d", param->pkey->type);
ERR_add_error_data(2, "KEYTYPE=", msgstr);
}
} break;
}
param->x509 = X509_from_CERTCertificate(keyctx->cert);
return(param->x509 ? 1 : 0);
}
static int cca_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
long returnCode;
long reasonCode;
long lflen = flen;
long exitDataLength = 0;
unsigned char exitData[8];
long ruleArrayLength = 1;
unsigned char ruleArray[8] = "PKCS-1.2";
long dataStructureLength = 0;
unsigned char dataStructure[8];
long outputLength = RSA_size(rsa);
long keyTokenLength;
unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
keyTokenLength = *(long *)keyToken;
keyToken += sizeof(long);
pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
&ruleArrayLength, ruleArray, &lflen, (unsigned char *)from,
&dataStructureLength, dataStructure, &keyTokenLength,
keyToken, &outputLength, to);
return (returnCode | reasonCode) ? 0 : 1;
}
/*
* Does what OpenSSL rsa_priv_enc does.
*/
static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
RSA *rsa,int padding)
{
int ret=0,tlen;
char *hptr=NULL;
char msg[64]="ENGINE_rsa_sign";
if (!p_surewarehk_Rsa_Sign)
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,ENGINE_R_NOT_INITIALISED);
}
/* extract ref to private key */
else if (!(hptr=(char*)RSA_get_ex_data(rsa, rsaHndidx)))
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
}
else
{
switch (padding)
{
case RSA_PKCS1_PADDING: /* do it in one shot */
ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_SIGN,ret);
break;
case RSA_NO_PADDING:
default:
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_UNKNOWN_PADDING_TYPE);
}
}
return ret==1 ? tlen : ret;
}
static int capi_rsa_free(RSA *rsa)
{
CAPI_KEY *capi_key;
capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
capi_free_key(capi_key);
RSA_set_ex_data(rsa, rsa_capi_idx, 0);
return 1;
}
int keystore_rsa_priv_enc(int flen, const unsigned char* from, unsigned char* to, RSA* rsa,
int padding) {
ALOGV("keystore_rsa_sign(%d, %p, %p, %p, %d)", flen, from, to, rsa, padding);
int num = RSA_size(rsa);
UniquePtr<uint8_t> padded(new uint8_t[num]);
if (padded.get() == NULL) {
ALOGE("could not allocate padded signature");
return 0;
}
switch (padding) {
case RSA_PKCS1_PADDING:
if (!RSA_padding_add_PKCS1_type_1(padded.get(), num, from, flen)) {
return 0;
}
break;
case RSA_X931_PADDING:
if (!RSA_padding_add_X931(padded.get(), num, from, flen)) {
return 0;
}
break;
case RSA_NO_PADDING:
if (!RSA_padding_add_none(padded.get(), num, from, flen)) {
return 0;
}
break;
default:
ALOGE("Unknown padding type: %d", padding);
return 0;
}
uint8_t* key_id = reinterpret_cast<uint8_t*>(RSA_get_ex_data(rsa, rsa_key_handle));
if (key_id == NULL) {
ALOGE("key had no key_id!");
return 0;
}
Keystore_Reply reply;
if (keystore_cmd(CommandCodes[SIGN], &reply, 2, strlen(reinterpret_cast<const char*>(key_id)),
key_id, static_cast<size_t>(num), reinterpret_cast<const uint8_t*>(padded.get()))
!= NO_ERROR) {
ALOGE("There was an error during rsa_mod_exp");
return 0;
}
const size_t replyLen = reply.length();
if (replyLen <= 0) {
ALOGW("No valid signature returned");
return 0;
}
memcpy(to, reply.get(), replyLen);
ALOGV("rsa=%p keystore_rsa_sign => returning %p len %llu", rsa, to,
(unsigned long long) replyLen);
return static_cast<int>(replyLen);
}
static int
rsae_priv_dec(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
{
log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
if (RSA_get_ex_data(rsa, 0) != NULL) {
return (rsae_send_imsg(flen, from, to, rsa, padding,
IMSG_CA_PRIVDEC));
}
return (rsa_default->rsa_priv_dec(flen, from, to, rsa, padding));
}
static void get_privsep_data(const RSA *rsa, struct st_neverbleed_rsa_exdata_t **exdata,
struct st_neverbleed_thread_data_t **thdata)
{
*exdata = RSA_get_ex_data(rsa, 0);
if (*exdata == NULL) {
errno = 0;
dief("invalid internal ref");
}
*thdata = get_thread_data((*exdata)->nb);
}
static int tpm_rsa_finish(RSA *rsa)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
DBG("%s", __FUNCTION__);
OPENSSL_free(app_data);
return 1;
}
static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa)
{
E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
if (hptr)
return hptr;
hptr = OPENSSL_malloc(sizeof(*hptr));
if (!hptr)
return NULL;
/*
* These inits could probably be replaced by more intelligent mpz_init2()
* versions, to reduce malloc-thrashing.
*/
mpz_init(hptr->n);
mpz_init(hptr->d);
mpz_init(hptr->e);
mpz_init(hptr->p);
mpz_init(hptr->q);
mpz_init(hptr->dmp1);
mpz_init(hptr->dmq1);
mpz_init(hptr->iqmp);
mpz_init(hptr->r0);
mpz_init(hptr->r1);
mpz_init(hptr->I0);
mpz_init(hptr->m1);
if (!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e))
goto err;
if (!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1
|| !rsa->iqmp) {
hptr->public_only = 1;
return hptr;
}
if (!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) ||
!bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) ||
!bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp))
goto err;
hptr->public_only = 0;
RSA_set_ex_data(rsa, hndidx_rsa, hptr);
return hptr;
err:
mpz_clear(hptr->n);
mpz_clear(hptr->d);
mpz_clear(hptr->e);
mpz_clear(hptr->p);
mpz_clear(hptr->q);
mpz_clear(hptr->dmp1);
mpz_clear(hptr->dmq1);
mpz_clear(hptr->iqmp);
mpz_clear(hptr->r0);
mpz_clear(hptr->r1);
mpz_clear(hptr->I0);
mpz_clear(hptr->m1);
OPENSSL_free(hptr);
return NULL;
}
static int pkcs11_rsa_priv_enc_method(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
PKCS11_KEY *key = RSA_get_ex_data(rsa, rsa_ex_index);
int (*priv_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
if (key == NULL) {
priv_enc = RSA_meth_get_priv_enc(RSA_get_default_method());
return priv_enc(flen, from, to, rsa, padding);
}
return PKCS11_private_encrypt(flen, from, to, key, padding);
}
static int hwcrhk_rsa_finish(RSA *rsa)
{
HWCryptoHook_RSAKeyHandle *hptr;
hptr = RSA_get_ex_data(rsa, hndidx_rsa);
if (hptr) {
p_hwcrhk_RSAUnloadKey(*hptr, NULL);
OPENSSL_free(hptr);
RSA_set_ex_data(rsa, hndidx_rsa, NULL);
}
return 1;
}
int capi_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
int i;
unsigned char *tmpbuf;
CAPI_KEY *capi_key;
CAPI_CTX *ctx;
ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
if (!capi_key)
{
CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
return -1;
}
if(padding != RSA_PKCS1_PADDING)
{
char errstr[10];
BIO_snprintf(errstr, 10, "%d", padding);
CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
ERR_add_error_data(2, "padding=", errstr);
return -1;
}
/* Create temp reverse order version of input */
if(!(tmpbuf = OPENSSL_malloc(flen)) )
{
CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
return -1;
}
for(i = 0; i < flen; i++)
tmpbuf[flen - i - 1] = from[i];
/* Finally decrypt it */
if(!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen))
{
CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
capi_addlasterror();
OPENSSL_free(tmpbuf);
return -1;
}
else memcpy(to, tmpbuf, flen);
OPENSSL_free(tmpbuf);
return flen;
}
static
pkcs11h_certificate_t
__pkcs11h_openssl_rsa_get_pkcs11h_certificate (
IN RSA *rsa
) {
pkcs11h_openssl_session_t session = NULL;
_PKCS11H_ASSERT (rsa!=NULL);
session = (pkcs11h_openssl_session_t)RSA_get_ex_data (rsa, __openssl_methods.rsa_index);
_PKCS11H_ASSERT (session!=NULL);
_PKCS11H_ASSERT (session->certificate!=NULL);
return session->certificate;
}
static int e_gmp_rsa_finish(RSA *rsa)
{
E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
if(!hptr) return 0;
mpz_clear(hptr->n);
mpz_clear(hptr->d);
mpz_clear(hptr->e);
mpz_clear(hptr->p);
mpz_clear(hptr->q);
mpz_clear(hptr->dmp1);
mpz_clear(hptr->dmq1);
mpz_clear(hptr->iqmp);
mpz_clear(hptr->r0);
mpz_clear(hptr->r1);
mpz_clear(hptr->I0);
mpz_clear(hptr->m1);
OPENSSL_free(hptr);
RSA_set_ex_data(rsa, hndidx_rsa, NULL);
return 1;
}
static int pkcs11_rsa_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
struct pkcs11_key_data *pkd = NULL;
CK_MECHANISM mech = {
CKM_RSA_PKCS, NULL_PTR, 0
};
CK_ULONG tlen = 0;
CK_RV rv;
int rval = -1;
tlen = RSA_size(rsa);
if(((pkd = RSA_get_ex_data(rsa, pkcs11_rsa_key_idx)) != NULL) &&
((rv = pkd->funcs->C_DecryptInit(pkd->session, &mech, pkd->key)) == CKR_OK) &&
/* TODO: handle CKR_BUFFER_TOO_SMALL */
((rv = pkd->funcs->C_Decrypt(pkd->session, (CK_BYTE *)from, flen, to, &tlen)) == CKR_OK)) {
rval = tlen;
} else {
return -1;
}
return (rval);
}
static int tpm_rsa_priv_dec(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
int padding)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
TSS_RESULT result;
UINT32 out_len, in_len;
BYTE *out;
int rv;
DBG("%s", __FUNCTION__);
if (!app_data) {
DBG("No app data found for RSA object %p. Calling software.",
rsa);
if ((rv = RSA_PKCS1_SSLeay()->rsa_priv_dec(flen, from, to, rsa,
padding)) < 0) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
}
return rv;
}
if (app_data->hKey == NULL_HKEY) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_INVALID_KEY);
return 0;
}
if (app_data->hEncData == NULL_HENCDATA) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,
&app_data->hEncData))) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
}
if (padding == RSA_PKCS1_PADDING &&
app_data->encScheme != TSS_ES_RSAESPKCSV15) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object", app_data->encScheme);
return 0;
} else if (padding == RSA_PKCS1_OAEP_PADDING &&
app_data->encScheme != TSS_ES_RSAESOAEP_SHA1_MGF1) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object", app_data->encScheme);
return 0;
}
in_len = flen;
if ((result = Tspi_SetAttribData(app_data->hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
in_len, from))) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_Data_Unbind(app_data->hEncData, app_data->hKey,
&out_len, &out))) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
DBG("%s: writing out %d bytes as a signature", __FUNCTION__, out_len);
memcpy(to, out, out_len);
Tspi_Context_FreeMemory(hContext, out);
return out_len;
}
int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
{
ALG_ID alg;
HCRYPTHASH hash;
DWORD slen;
unsigned int i;
int ret = -1;
CAPI_KEY *capi_key;
CAPI_CTX *ctx;
ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
if (!capi_key)
{
CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
return -1;
}
/* Convert the signature type to a CryptoAPI algorithm ID */
switch(dtype)
{
case NID_sha1:
alg = CALG_SHA1;
break;
case NID_md5:
alg = CALG_MD5;
break;
case NID_md5_sha1:
alg = CALG_SSL3_SHAMD5;
break;
default:
{
char algstr[10];
BIO_snprintf(algstr, 10, "%lx", dtype);
CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
ERR_add_error_data(2, "NID=0x", algstr);
return -1;
}
}
/* Create the hash object */
if(!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash))
{
CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
capi_addlasterror();
return -1;
}
/* Set the hash value to the value passed */
if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0))
{
CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
capi_addlasterror();
goto err;
}
/* Finally sign it */
slen = RSA_size(rsa);
if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen))
{
CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
capi_addlasterror();
goto err;
}
else
{
ret = 1;
/* Inplace byte reversal of signature */
for(i = 0; i < slen / 2; i++)
{
unsigned char c;
c = sigret[i];
sigret[i] = sigret[slen - i - 1];
sigret[slen - i - 1] = c;
}
*siglen = slen;
}
/* Now cleanup */
err:
CryptDestroyHash(hash);
return ret;
}
static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
RSA *rsa,int padding)
{
int ret=0,tlen;
char *buf=NULL,*hptr=NULL;
char msg[64]="ENGINE_rsa_priv_dec";
if (!p_surewarehk_Rsa_Priv_Dec)
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
}
/* extract ref to private key */
else if (!(hptr=(char*)RSA_get_ex_data(rsa, rsaHndidx)))
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
goto err;
}
/* analyse what padding we can do into the hardware */
if (padding==RSA_PKCS1_PADDING)
{
/* do it one shot */
ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
if (ret!=1)
goto err;
ret=tlen;
}
else /* do with no padding into hardware */
{
ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
if (ret!=1)
goto err;
/* intermediate buffer for padding */
if ((buf=(char*)OPENSSL_malloc(tlen)) == NULL)
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
goto err;
}
TINYCLR_SSL_MEMCPY(buf,to,tlen);/* transfert to into buf */
switch (padding) /* check padding in software */
{
#ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
break;
#endif
case RSA_SSLV23_PADDING:
ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
break;
case RSA_NO_PADDING:
ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
break;
default:
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (ret < 0)
SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_PADDING_CHECK_FAILED);
}
err:
if (buf)
{
OPENSSL_cleanse(buf,tlen);
OPENSSL_free(buf);
}
return ret;
}
static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa)
{
long returnCode;
long reasonCode;
long exitDataLength = 0;
unsigned char exitData[8];
long ruleArrayLength = 1;
unsigned char ruleArray[8] = "PKCS-1.1";
long outputLength = 256;
long outputBitLength;
long keyTokenLength;
unsigned char *hashBuffer = NULL;
unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
long length = SSL_SIG_LEN;
long keyLength;
X509_SIG sig;
ASN1_TYPE parameter;
X509_ALGOR algorithm;
ASN1_OCTET_STRING digest;
keyTokenLength = *(long *)keyToken;
keyToken += sizeof(long);
if (type == NID_md5 || type == NID_sha1) {
sig.algor = &algorithm;
algorithm.algorithm = OBJ_nid2obj(type);
if (!algorithm.algorithm) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
}
if (!algorithm.algorithm->length) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
return 0;
}
parameter.type = V_ASN1_NULL;
parameter.value.ptr = NULL;
algorithm.parameter = ¶meter;
sig.digest = &digest;
sig.digest->data = (unsigned char *)m;
sig.digest->length = m_len;
length = i2d_X509_SIG(&sig, NULL);
}
keyLength = RSA_size(rsa);
if (length - RSA_PKCS1_PADDING > keyLength) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
switch (type) {
case NID_md5_sha1:
if (m_len != SSL_SIG_LEN) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN,
CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
return 0;
}
hashBuffer = (unsigned char *)m;
length = m_len;
break;
case NID_md5:
{
unsigned char *ptr;
ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
if (!hashBuffer) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
return 0;
}
i2d_X509_SIG(&sig, &ptr);
}
break;
case NID_sha1:
{
unsigned char *ptr;
ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
if (!hashBuffer) {
CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
return 0;
}
i2d_X509_SIG(&sig, &ptr);
}
break;
default:
return 0;
}
digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
exitData, &ruleArrayLength, ruleArray,
&keyTokenLength, keyToken, &length, hashBuffer,
&outputLength, &outputBitLength, sigret);
if (type == NID_sha1 || type == NID_md5) {
OPENSSL_cleanse(hashBuffer, keyLength + 1);
OPENSSL_free(hashBuffer);
}
*siglen = outputLength;
return ((returnCode || reasonCode) ? 0 : 1);
}
int HSM_PKCS11_rsa_sign ( int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, const RSA *rsa ) {
PKCS11_HANDLER *lib = NULL;
CK_OBJECT_HANDLE *pHandle = NULL;
HSM *driver = NULL;
CK_MECHANISM RSA_MECH = { CKM_RSA_PKCS, NULL_PTR, 0 };
unsigned char *p = NULL;
unsigned char *s = NULL;
unsigned char *tmps = NULL;
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
X509_SIG sig;
X509_SIG * sig_pnt = &sig;
#else
X509_SIG * sig_pnt = X509_SIG_new();
#endif
int i, j, rc;
int keysize = 0;
CK_ULONG ck_sigsize = 0;
CK_RV rv = CKR_OK;
unsigned char *buf = NULL;
/* Default checks for mis-passed pointers */
if (!m || !sigret || !siglen || !rsa || !sig_pnt) goto err;
/* Retrieves the reference to the hsm */
if((driver = (HSM *) RSA_get_ex_data (rsa, KEYPAIR_DRIVER_HANDLER_IDX))
== NULL ) {
PKI_ERROR(PKI_ERR_POINTER_NULL, "Can't get PKCS#11 Driver Handle");
goto err;
}
/* Retrieves the privkey object handler */
if((pHandle = (CK_OBJECT_HANDLE *) RSA_get_ex_data (rsa,
KEYPAIR_PRIVKEY_HANDLER_IDX)) == NULL ) {
PKI_ERROR(PKI_ERR_POINTER_NULL, "Can't get PrivateKey Handle");
goto err;
}
if ((lib = _hsm_get_pkcs11_handler ( driver )) == NULL ) {
PKI_ERROR(PKI_ERR_POINTER_NULL, "Can not get PKCS#11 Library handler");
goto err;
}
if(( HSM_PKCS11_session_new( lib->slot_id, &lib->session,
CKF_SERIAL_SESSION, lib )) == PKI_ERR ) {
PKI_log_debug("Failed to open a new session (R/W) with the token");
goto err;
}
/* Now we need to check the real encoding */
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
ASN1_OCTET_STRING digest;
ASN1_TYPE parameter;
X509_ALGOR algor;
sig.algor = &algor;
if((sig.algor->algorithm = OBJ_nid2obj(type)) == NULL ) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::Algor not recognized");
return ( 0 );
}
if( algor.algorithm->length == 0 ) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::Algor length is 0");
return ( 0 );
}
parameter.type = V_ASN1_NULL;
parameter.value.ptr = NULL;
sig.algor->parameter = ¶meter;
sig.digest = &digest;
sig.digest->data = (unsigned char *) m;
sig.digest->length = (int) m_len;
i = i2d_X509_SIG(sig_pnt, NULL);
#else
X509_ALGOR * alg = NULL;
ASN1_OCTET_STRING * data = NULL;
// Allocates a new signature
if ((sig_pnt = X509_SIG_new()) == NULL) goto err;
// Gets the modifiable algorithm and digest pointers
X509_SIG_getm(sig_pnt, &alg, &data);
// Sets the algorithm
if (!X509_ALGOR_set0(alg, OBJ_nid2obj(type), V_ASN1_NULL, NULL)) goto err;
// Sets the digest data
if (!ASN1_OCTET_STRING_set(data, (unsigned char *)m, (int) m_len)) goto err;
// Gets the size of the DER encoded signature
i = i2d_X509_SIG(sig_pnt, NULL);
#endif
if((keysize = RSA_size ( rsa )) == 0 ) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::KEY size is 0");
goto err;
}
j=RSA_size(rsa);
if( i > ( j - RSA_PKCS1_PADDING_SIZE )) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::Digest too big");
goto err;
}
if((tmps = ( unsigned char *) PKI_Malloc ((unsigned int) j + 1 ))
== NULL ) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::Memory alloc error!");
return (0);
}
p = tmps;
i2d_X509_SIG(sig_pnt, &p);
s = tmps;
rc = pthread_mutex_lock( &lib->pkcs11_mutex );
PKI_log_debug( "pthread_mutex_lock()::RC=%d", rc );
while(( rv = lib->callbacks->C_SignInit(lib->session,
&RSA_MECH, *pHandle)) == CKR_OPERATION_ACTIVE ) {
int rc = 0;
rc = pthread_cond_wait( &lib->pkcs11_cond, &lib->pkcs11_mutex );
PKI_log_debug( "pthread_cond_wait()::RC=%d", rc );
}
if( rv != CKR_OK ) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::SignInit "
"(2) failed with code 0x%8.8X", rv );
pthread_cond_signal( &lib->pkcs11_cond );
pthread_mutex_unlock( &lib->pkcs11_mutex );
goto err;
}
ck_sigsize = *siglen;
PKI_log_debug("HSM_PKCS11_rsa_sign()::i = %d, siglen = %d, "
"sigret = %d (%p)", i, ck_sigsize, sizeof(sigret), sigret );
/* Let's exagerate for now... */
buf = PKI_Malloc (RSA_SIGNATURE_MAX_SIZE);
PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ );
ck_sigsize = RSA_SIGNATURE_MAX_SIZE;
PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ );
// if((rv = lib->callbacks->C_Sign( lib->session, (CK_BYTE *) m,
// m_len, sigret, &ck_sigsize)) != CKR_OK ) {
if((rv = lib->callbacks->C_Sign( lib->session, (CK_BYTE *) s,
(CK_ULONG) i, buf, &ck_sigsize)) != CKR_OK ) {
PKI_log_err("HSM_PKCS11_rsa_sign()::Sign failed with 0x%8.8X",
rv);
if( rv == CKR_BUFFER_TOO_SMALL ) {
/* The sign session has to be terminated */
/* To Be Done (TBD) */
PKI_log_err("HSM_PKCS11_rsa_sign()::Buffer too ",
"small (%s:%d)", __FILE__, __LINE__ );
}
pthread_cond_signal( &lib->pkcs11_cond );
pthread_mutex_unlock( &lib->pkcs11_mutex );
PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ );
goto err;
}
pthread_cond_signal( &lib->pkcs11_cond );
pthread_mutex_unlock( &lib->pkcs11_mutex );
PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ );
*siglen = (unsigned int) ck_sigsize;
PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ );
PKI_log_debug("HSM_PKCS11_rsa_sign():: BUF Written = %d", ck_sigsize );
memcpy(sigret, buf, *siglen);
// Free allocated memory
if (tmps) PKI_Free ( tmps );
if (buf) PKI_Free ( buf );
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
if (sig_pnt) X509_SIG_free(sig_pnt);
#endif
// Returns Success (1 is success in OpenSSL)
return 1;
err:
// Frees associated memory
if (tmps) PKI_Free(tmps);
if (buf) PKI_Free(buf);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
if (sig_pnt) X509_SIG_free(sig_pnt);
#endif
// Returns the error (0 is error in OpenSSL)
return 0;
}
static int
rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding, unsigned int cmd)
{
int ret = 0;
struct imsgbuf *ibuf;
struct imsg imsg;
int n, done = 0;
const void *toptr;
char *pkiname;
size_t tlen;
struct msg m;
uint64_t id;
if ((pkiname = RSA_get_ex_data(rsa, 0)) == NULL)
return (0);
/*
* Send a synchronous imsg because we cannot defer the RSA
* operation in OpenSSL's engine layer.
*/
m_create(p_ca, cmd, 0, 0, -1);
rsae_reqid++;
m_add_id(p_ca, rsae_reqid);
m_add_string(p_ca, pkiname);
m_add_data(p_ca, (const void *)from, (size_t)flen);
m_add_size(p_ca, (size_t)RSA_size(rsa));
m_add_size(p_ca, (size_t)padding);
m_flush(p_ca);
ibuf = &p_ca->imsgbuf;
while (!done) {
if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
fatalx("imsg_read");
if (n == 0)
fatalx("pipe closed");
while (!done) {
if ((n = imsg_get(ibuf, &imsg)) == -1)
fatalx("imsg_get error");
if (n == 0)
break;
log_imsg(PROC_PONY, PROC_CA, &imsg);
switch (imsg.hdr.type) {
case IMSG_CA_PRIVENC:
case IMSG_CA_PRIVDEC:
break;
default:
/* Another imsg is queued up in the buffer */
pony_imsg(p_ca, &imsg);
imsg_free(&imsg);
continue;
}
m_msg(&m, &imsg);
m_get_id(&m, &id);
if (id != rsae_reqid)
fatalx("invalid response id");
m_get_int(&m, &ret);
if (ret > 0)
m_get_data(&m, &toptr, &tlen);
m_end(&m);
if (ret > 0)
memcpy(to, toptr, tlen);
done = 1;
imsg_free(&imsg);
}
}
mproc_event_add(p_ca);
return (ret);
}
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
char tempbuf[1024];
HWCryptoHook_ErrMsgBuf rmsg;
HWCryptoHook_RSAKeyHandle *hptr;
int to_return = 0, ret;
rmsg.buf = tempbuf;
rmsg.size = sizeof(tempbuf);
if(!hwcrhk_context)
{
HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
goto err;
}
/* This provides support for nForce keys. Since that's opaque data
all we do is provide a handle to the proper key and let HWCryptoHook
take care of the rest. */
if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
!= NULL)
{
HWCryptoHook_MPI m_a, m_r;
if(!rsa->n)
{
HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
HWCRHK_R_MISSING_KEY_COMPONENTS);
goto err;
}
/* Prepare the params */
bn_expand2(r, rsa->n->top); /* Check for error !! */
BN2MPI(m_a, I);
MPI2BN(r, m_r);
/* Perform the operation */
ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
/* Convert the response */
r->top = m_r.size / sizeof(BN_ULONG);
bn_fix_top(r);
if (ret < 0)
{
/* FIXME: When this error is returned, HWCryptoHook is
telling us that falling back to software computation
might be a good thing. */
if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
{
HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
HWCRHK_R_REQUEST_FALLBACK);
}
else
{
HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
HWCRHK_R_REQUEST_FAILED);
}
ERR_add_error_data(1,rmsg.buf);
goto err;
}
}
else
{
HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
{
HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
HWCRHK_R_MISSING_KEY_COMPONENTS);
goto err;
}
/* Prepare the params */
bn_expand2(r, rsa->n->top); /* Check for error !! */
BN2MPI(m_a, I);
BN2MPI(m_p, rsa->p);
BN2MPI(m_q, rsa->q);
BN2MPI(m_dmp1, rsa->dmp1);
BN2MPI(m_dmq1, rsa->dmq1);
BN2MPI(m_iqmp, rsa->iqmp);
MPI2BN(r, m_r);
/* Perform the operation */
ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
/* Convert the response */
r->top = m_r.size / sizeof(BN_ULONG);
bn_fix_top(r);
if (ret < 0)
{
/* FIXME: When this error is returned, HWCryptoHook is
telling us that falling back to software computation
might be a good thing. */
if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
{
HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
HWCRHK_R_REQUEST_FALLBACK);
}
else
{
HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
HWCRHK_R_REQUEST_FAILED);
}
ERR_add_error_data(1,rmsg.buf);
goto err;
}
}
/* If we're here, we must be here with some semblance of success :-) */
to_return = 1;
err:
return to_return;
}
static int tpm_rsa_priv_enc(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
int padding)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
TSS_RESULT result;
UINT32 sig_len;
BYTE *sig;
int rv;
DBG("%s", __FUNCTION__);
if (!app_data) {
DBG("No app data found for RSA object %p. Calling software.",
rsa);
if ((rv = RSA_PKCS1_SSLeay()->rsa_priv_enc(flen, from, to, rsa,
padding)) < 0) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED);
}
return rv;
}
if (padding != RSA_PKCS1_PADDING) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_PADDING_TYPE);
return 0;
}
if (app_data->hKey == NULL_HKEY) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_KEY);
return 0;
}
if (app_data->hHash == NULL_HHASH) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_HASH,
TSS_HASH_OTHER,
&app_data->hHash))) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED);
return 0;
}
}
if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) {
if (flen != SHA_DIGEST_LENGTH) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE);
return 0;
}
} else if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_DER) {
if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE)) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE);
return 0;
}
} else {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_ENC_SCHEME);
return 0;
}
if ((result = Tspi_Hash_SetHashValue(app_data->hHash, flen, from))) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_Hash_Sign(app_data->hHash, app_data->hKey,
&sig_len, &sig))) {
TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED);
DBG("result = 0x%x (%s)", result,
Trspi_Error_String(result));
return 0;
}
DBG("%s: writing out %d bytes as a signature", __FUNCTION__, sig_len);
memcpy(to, sig, sig_len);
Tspi_Context_FreeMemory(hContext, sig);
return sig_len;
}
static int tpm_rsa_pub_enc(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
int padding)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
TSS_RESULT result;
UINT32 out_len, in_len;
BYTE *out;
int rv;
DBG("%s", __FUNCTION__);
if (!app_data) {
DBG("No app data found for RSA object %p. Calling software.",
rsa);
if ((rv = RSA_PKCS1_SSLeay()->rsa_pub_enc(flen, from, to, rsa,
padding)) < 0) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED);
}
return rv;
}
if (app_data->hKey == NULL_HKEY) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_KEY);
return 0;
}
if (app_data->hEncData == NULL_HENCDATA) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,
&app_data->hEncData))) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED);
return 0;
}
DBG("Setting hEncData(0x%x) in RSA object", app_data->hEncData);
}
DBG("flen is %d", flen);
if (padding == RSA_PKCS1_PADDING) {
if (app_data->encScheme != TSS_ES_RSAESPKCSV15) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object",
app_data->encScheme);
return 0;
}
if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE)) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
}
} else if (padding == RSA_PKCS1_OAEP_PADDING) {
if (app_data->encScheme != TSS_ES_RSAESOAEP_SHA1_MGF1) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object",
app_data->encScheme);
return 0;
}
/* subtract an extra 5 for the TCPA_BOUND_DATA structure */
if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE - 5)) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
}
} else {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_ENC_SCHEME);
return 0;
}
in_len = flen;
DBG("Bind: hKey(0x%x) hEncData(0x%x) in_len(%u)", app_data->hKey,
app_data->hEncData, in_len);
if ((result = Tspi_Data_Bind(app_data->hEncData, app_data->hKey,
in_len, from))) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED);
DBG("result = 0x%x (%s)", result,
Trspi_Error_String(result));
return 0;
}
/* pull out the bound data and return it */
if ((result = Tspi_GetAttribData(app_data->hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&out_len, &out))) {
TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED);
return 0;
}
DBG("%s: writing out %d bytes as bound data", __FUNCTION__, out_len);
memcpy(to, out, out_len);
Tspi_Context_FreeMemory(hContext, out);
return out_len;
}
inline void* rsa_key::get_external_data(int index) const
{
// This call can fail but we cannot know for sure when it happens since NULL as a return value could also be a valid value...
return RSA_get_ex_data(raw(), index);
}
