Exemple #1
0
static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
                            DSA_SIG *sig, DSA *dsa)
{
    int v_len, d_len;
    int to_return = 0;
    int fd;
    BIGNUM v, *pv = &v;

    BN_init(&v);

    if (!bn_wexpand(pv, dsa->p->top)) {
        UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);
        goto err;
    }

    v_len = BN_num_bits(dsa->p);

    d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);

    if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
        const DSA_METHOD *meth;
        fd = 0;
        UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);
        meth = DSA_OpenSSL();
        to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
        goto err;
    }

    if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
                                 (unsigned char *)dgst, d_len,
                                 (unsigned char *)dsa->p->d,
                                 BN_num_bits(dsa->p),
                                 (unsigned char *)dsa->q->d,
                                 BN_num_bits(dsa->q),
                                 (unsigned char *)dsa->g->d,
                                 BN_num_bits(dsa->g),
                                 (unsigned char *)dsa->pub_key->d,
                                 BN_num_bits(dsa->pub_key),
                                 (unsigned char *)sig->r->d,
                                 BN_num_bits(sig->r),
                                 (unsigned char *)sig->s->d,
                                 BN_num_bits(sig->s), (unsigned char *)v.d,
                                 &v_len) != 0) {
        const DSA_METHOD *meth;
        UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);
        p_UBSEC_ubsec_close(fd);

        meth = DSA_OpenSSL();
        to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);

        goto err;
    }

    p_UBSEC_ubsec_close(fd);

    to_return = 1;
 err:
    BN_clear_free(&v);
    return to_return;
}
// Create the OpenSSL representation of the key
void OSSLDSAPublicKey::createOSSLKey()
{
	if (dsa != NULL) return;

	dsa = DSA_new();
	if (dsa == NULL)
	{
		ERROR_MSG("Could not create DSA object");
		return;
	}

	// Use the OpenSSL implementation and not any engine
#if OPENSSL_VERSION_NUMBER < 0x10100000L

#ifdef WITH_FIPS
	if (FIPS_mode())
		DSA_set_method(dsa, FIPS_dsa_openssl());
	else
		DSA_set_method(dsa, DSA_OpenSSL());
#else
	DSA_set_method(dsa, DSA_OpenSSL());
#endif

#else
	DSA_set_method(dsa, DSA_OpenSSL());
#endif

	BIGNUM* bn_p = OSSL::byteString2bn(p);
	BIGNUM* bn_q = OSSL::byteString2bn(q);
	BIGNUM* bn_g = OSSL::byteString2bn(g);
	BIGNUM* bn_pub_key = OSSL::byteString2bn(y);

	DSA_set0_pqg(dsa, bn_p, bn_q, bn_g);
	DSA_set0_key(dsa, bn_pub_key, NULL);
}
Exemple #3
0
const DSA_METHOD *DSA_get_default_method (void)
{
    if (!default_DSA_method)
    {
#ifdef OPENSSL_FIPS
        if (FIPS_mode ())
            return FIPS_dsa_openssl ();
        else
            return DSA_OpenSSL ();
#else
        default_DSA_method = DSA_OpenSSL ();
#endif
    }
    return default_DSA_method;
}
Exemple #4
0
const DSA_METHOD *DSA_get_default_method(void)
{
    if (!default_DSA_method) {
        default_DSA_method = DSA_OpenSSL();
    }
    return default_DSA_method;
}
Exemple #5
0
static int capi_init(ENGINE *e)
{
    CAPI_CTX *ctx;
    const RSA_METHOD *ossl_rsa_meth;
    const DSA_METHOD *ossl_dsa_meth;

    if (capi_idx < 0) {
        capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
        if (capi_idx < 0)
            goto memerr;

        cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);

        /* Setup RSA_METHOD */
        rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
        ossl_rsa_meth = RSA_PKCS1_SSLeay();
        capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
        capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
        capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
        capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;

        /* Setup DSA Method */
        dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
        ossl_dsa_meth = DSA_OpenSSL();
        capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
        capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
        capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
    }

    ctx = capi_ctx_new();
    if (!ctx)
        goto memerr;

    ENGINE_set_ex_data(e, capi_idx, ctx);

#  ifdef OPENSSL_CAPIENG_DIALOG
    {
        HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
        HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
        if (cryptui)
            ctx->certselectdlg =
                (CERTDLG) GetProcAddress(cryptui,
                                         "CryptUIDlgSelectCertificateFromStore");
        if (kernel)
            ctx->getconswindow =
                (GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow");
        if (cryptui && !OPENSSL_isservice())
            ctx->client_cert_select = cert_select_dialog;
    }
#  endif

    return 1;

 memerr:
    CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
    return 0;

    return 1;
}
DSA *FIPS_dsa_new(void)
	{
	DSA *ret;
	ret = OPENSSL_malloc(sizeof(DSA));
	if (!ret)
		return NULL;
	memset(ret, 0, sizeof(DSA));
	ret->meth = DSA_OpenSSL();
	if (ret->meth->init)
		ret->meth->init(ret);
	return ret;
	}
Exemple #7
0
static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
                                      DSA *dsa)
{
    struct crypt_kop kop;
    BIGNUM *r = NULL, *s = NULL;
    DSA_SIG *dsaret = NULL;

    if ((r = BN_new()) == NULL)
        goto err;
    if ((s = BN_new()) == NULL) {
        BN_free(r);
        goto err;
    }

    memset(&kop, 0, sizeof kop);
    kop.crk_op = CRK_DSA_SIGN;

    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
    kop.crk_param[0].crp_p = (caddr_t) dgst;
    kop.crk_param[0].crp_nbits = dlen * 8;
    if (bn2crparam(dsa->p, &kop.crk_param[1]))
        goto err;
    if (bn2crparam(dsa->q, &kop.crk_param[2]))
        goto err;
    if (bn2crparam(dsa->g, &kop.crk_param[3]))
        goto err;
    if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
        goto err;
    kop.crk_iparams = 5;

    if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
                       BN_num_bytes(dsa->q), s) == 0) {
        dsaret = DSA_SIG_new();
        if (dsaret == NULL)
            goto err;
        dsaret->r = r;
        dsaret->s = s;
        r = s = NULL;
    } else {
        const DSA_METHOD *meth = DSA_OpenSSL();
        dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
    }
 err:
    BN_free(r);
    BN_free(s);
    kop.crk_param[0].crp_p = NULL;
    zapparams(&kop);
    return (dsaret);
}
static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa )
{
	zen_nb_t data, p, q, g, y, r, s, v;
	char msg[20];
	char v_data[20];
	int ret;

	CHEESE();

	if ( !zencod_dso ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);
		return 0;
	}

	if ( dlen > 160 ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
		return 0;
	}

	/* Do in software if argument is too large for hardware */
	if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
		BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
		const DSA_METHOD *meth;
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
		meth = DSA_OpenSSL();
		return meth->dsa_do_verify(dgst, dlen, sig, dsa);
	}

	BIGNUM2ZEN ( &p, dsa->p ) ;
	BIGNUM2ZEN ( &q, dsa->q ) ;
	BIGNUM2ZEN ( &g, dsa->g ) ;
	BIGNUM2ZEN ( &y, dsa->pub_key ) ;
	BIGNUM2ZEN ( &r, sig->r ) ;
	BIGNUM2ZEN ( &s, sig->s ) ;
	ptr_zencod_init_number ( &v, 160, v_data ) ;
	ypcmem(msg, dgst, 20);
	ptr_zencod_init_number ( &data, 160, msg ) ;

	if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) {
		PERROR("zenbridge_dsa_do_verify");
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);
		return 0;
	}

	return ( ( ret == 0 ) ? 1 : ret ) ;
}
Exemple #9
0
static int
cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
                     DSA_SIG *sig, DSA *dsa)
{
    struct crypt_kop kop;
    int dsaret = 1;

    memset(&kop, 0, sizeof(kop));
    kop.crk_op = CRK_DSA_VERIFY;

    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
    kop.crk_param[0].crp_p = (caddr_t) dgst;
    kop.crk_param[0].crp_nbits = dlen * 8;
    if (bn2crparam(dsa->p, &kop.crk_param[1]))
        goto err;
    if (bn2crparam(dsa->q, &kop.crk_param[2]))
        goto err;
    if (bn2crparam(dsa->g, &kop.crk_param[3]))
        goto err;
    if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
        goto err;
    if (bn2crparam(sig->r, &kop.crk_param[5]))
        goto err;
    if (bn2crparam(sig->s, &kop.crk_param[6]))
        goto err;
    kop.crk_iparams = 7;

    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
        /*
         * OCF success value is 0, if not zero, change dsaret to fail
         */
        if (0 != kop.crk_status)
            dsaret = 0;
    } else {
        const DSA_METHOD *meth = DSA_OpenSSL();

        dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
    }
 err:
    kop.crk_param[0].crp_p = NULL;
    zapparams(&kop);
    return (dsaret);
}
Exemple #10
0
int32_t CryptoNative_DsaSign(
    DSA* dsa,
    const uint8_t* hash,
    int32_t hashLength,
    uint8_t* refsignature,
    int32_t* outSignatureLength)
{
    if (outSignatureLength == NULL || dsa == NULL)
    {
        assert(false);
        return 0;
    }

    // DSA_OpenSSL() returns a shared pointer, no need to free/cache.
    if (DSA_get_method(dsa) == DSA_OpenSSL())
    {
        const BIGNUM* privKey;

        DSA_get0_key(dsa, NULL, &privKey);

        if (!privKey)
        {
            *outSignatureLength = 0;
            ERR_PUT_error(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, DSA_R_MISSING_PARAMETERS, __FILE__, __LINE__);
            return 0;
        }
    }

    unsigned int unsignedSigLen = 0;
    int32_t success = DSA_sign(0, hash, hashLength, refsignature, &unsignedSigLen, dsa);
    if (!success) // Only 0 and 1 returned
    {
        *outSignatureLength = 0;
        return 0;
    }

    assert(unsignedSigLen <= INT32_MAX);
    *outSignatureLength = (int32_t)unsignedSigLen;
    return 1;
}
/* As this is only ever called once, there's no need for locking
 * (indeed - the lock will already be held by our caller!!!) */
static int bind_sureware(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
    const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DSA
    const DSA_METHOD *meth2;
#endif
#ifndef OPENSSL_NO_DH
    const DH_METHOD *meth3;
#endif

    if(!ENGINE_set_id(e, engine_sureware_id) ||
            !ENGINE_set_name(e, engine_sureware_name) ||
#ifndef OPENSSL_NO_RSA
            !ENGINE_set_RSA(e, &surewarehk_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
            !ENGINE_set_DSA(e, &surewarehk_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
            !ENGINE_set_DH(e, &surewarehk_dh) ||
#endif
            !ENGINE_set_RAND(e, &surewarehk_rand) ||
            !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
            !ENGINE_set_init_function(e, surewarehk_init) ||
            !ENGINE_set_finish_function(e, surewarehk_finish) ||
            !ENGINE_set_ctrl_function(e, (ENGINE_CTRL_FUNC_PTR)surewarehk_ctrl) ||
            !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
            !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
        return 0;

#ifndef OPENSSL_NO_RSA
    /* We know that the "PKCS1_SSLeay()" functions hook properly
     * to the cswift-specific mod_exp and mod_exp_crt so we use
     * those functions. NB: We don't use ENGINE_openssl() or
     * anything "more generic" because something like the RSAref
     * code may not hook properly, and if you own one of these
     * cards then you have the right to do RSA operations on it
     * anyway! */
    meth1 = RSA_PKCS1_SSLeay();
    if (meth1)
    {
        surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
        surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
    }
#endif

#ifndef OPENSSL_NO_DSA
    /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
     * bits. */
    meth2 = DSA_OpenSSL();
    if (meth2)
    {
        surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
    }
#endif

#ifndef OPENSSL_NO_DH
    /* Much the same for Diffie-Hellman */
    meth3 = DH_OpenSSL();
    if (meth3)
    {
        surewarehk_dh.generate_key = meth3->generate_key;
        surewarehk_dh.compute_key = meth3->compute_key;
    }
#endif

    /* Ensure the sureware error handling is set up */
    ERR_load_SUREWARE_strings();
    return 1;
}
void
ENGINE_load_cryptodev(void)
{
	ENGINE *engine = ENGINE_new();
	int fd;

	if (engine == NULL)
		return;
	if ((fd = get_dev_crypto()) < 0) {
		ENGINE_free(engine);
		return;
	}

	/*
	 * find out what asymmetric crypto algorithms we support
	 */
	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
		close(fd);
		ENGINE_free(engine);
		return;
	}
	close(fd);

	if (!ENGINE_set_id(engine, "cryptodev") ||
	    !ENGINE_set_name(engine, "BSD cryptodev engine") ||
	    !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
	    !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
	    !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
	    !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
		ENGINE_free(engine);
		return;
	}

	if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
		const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();

		cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
		cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
		cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
		cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
		cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
		cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
		if (cryptodev_asymfeat & CRF_MOD_EXP) {
			cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
			if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
				cryptodev_rsa.rsa_mod_exp =
				    cryptodev_rsa_mod_exp;
			else
				cryptodev_rsa.rsa_mod_exp =
				    cryptodev_rsa_nocrt_mod_exp;
		}
	}

	if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
		const DSA_METHOD *meth = DSA_OpenSSL();

		memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
		if (cryptodev_asymfeat & CRF_DSA_SIGN)
			cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
		if (cryptodev_asymfeat & CRF_MOD_EXP) {
			cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
			cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
		}
		if (cryptodev_asymfeat & CRF_DSA_VERIFY)
			cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
	}

	if (ENGINE_set_DH(engine, &cryptodev_dh)){
		const DH_METHOD *dh_meth = DH_OpenSSL();

		cryptodev_dh.generate_key = dh_meth->generate_key;
		cryptodev_dh.compute_key = dh_meth->compute_key;
		cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
		if (cryptodev_asymfeat & CRF_MOD_EXP) {
			cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
			if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
				cryptodev_dh.compute_key =
				    cryptodev_dh_compute_key;
		}
	}

	ENGINE_add(engine);
	ENGINE_free(engine);
	ERR_clear_error();
}
/* DSA stuff Functions
 */
static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa )
{
	zen_nb_t p, q, g, x, y, r, s, data;
	DSA_SIG *sig;
	BIGNUM *bn_r = NULL;
	BIGNUM *bn_s = NULL;
	char msg[20];

	CHEESE();

	if ( !zencod_dso ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED);
		goto FAILED;
	}

	if ( dlen > 160 ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
		goto FAILED;
	}

	/* Do in software if argument is too large for hardware */
	if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
		BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
		const DSA_METHOD *meth;
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
		meth = DSA_OpenSSL();
		return meth->dsa_do_sign(dgst, dlen, dsa);
	}

	if ( !(bn_s = BN_new()) || !(bn_r = BN_new()) ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
		goto FAILED;
	}

	if ( !bn_expand(bn_r, 160) || !bn_expand(bn_s, 160) ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL);
		goto FAILED;
	}

	bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
	BIGNUM2ZEN ( &p, dsa->p ) ;
	BIGNUM2ZEN ( &q, dsa->q ) ;
	BIGNUM2ZEN ( &g, dsa->g ) ;
	BIGNUM2ZEN ( &x, dsa->priv_key ) ;
	BIGNUM2ZEN ( &y, dsa->pub_key ) ;
	BIGNUM2ZEN ( &r, bn_r ) ;
	BIGNUM2ZEN ( &s, bn_s ) ;
	q.len = x.len = 160;

	ypcmem(msg, dgst, 20);
	ptr_zencod_init_number ( &data, 160, msg ) ;

	if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) {
		PERROR("zenbridge_dsa_do_sign");
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
		goto FAILED;
	}

	if ( !( sig = DSA_SIG_new () ) ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
		goto FAILED;
	}
	sig->r = bn_r;
	sig->s = bn_s;
	return sig;

 FAILED:
	if (bn_r)
		BN_free(bn_r);
	if (bn_s)
		BN_free(bn_s);
	return NULL;
}
Exemple #14
0
/* This internal function is used by ENGINE_aep() and possibly by the
 * "dynamic" ENGINE support too */
static int bind_aep(ENGINE *e)
	{
#ifndef OPENSSL_NO_RSA
	const RSA_METHOD  *meth1;
#endif
#ifndef OPENSSL_NO_DSA
	const DSA_METHOD  *meth2;
#endif
#ifndef OPENSSL_NO_DH
	const DH_METHOD	  *meth3;
#endif

	if(!ENGINE_set_id(e, engine_aep_id) ||
		!ENGINE_set_name(e, engine_aep_name) ||
#ifndef OPENSSL_NO_RSA
		!ENGINE_set_RSA(e, &aep_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
		!ENGINE_set_DSA(e, &aep_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
		!ENGINE_set_DH(e, &aep_dh) ||
#endif
#ifdef AEPRAND
		!ENGINE_set_RAND(e, &aep_random) ||
#endif
		!ENGINE_set_init_function(e, aep_init) ||
		!ENGINE_set_destroy_function(e, aep_destroy) ||
		!ENGINE_set_finish_function(e, aep_finish) ||
		!ENGINE_set_ctrl_function(e, aep_ctrl) ||
		!ENGINE_set_cmd_defns(e, aep_cmd_defns))
		return 0;

#ifndef OPENSSL_NO_RSA
	/* We know that the "PKCS1_SSLeay()" functions hook properly
	 * to the aep-specific mod_exp and mod_exp_crt so we use
	 * those functions. NB: We don't use ENGINE_openssl() or
	 * anything "more generic" because something like the RSAref
	 * code may not hook properly, and if you own one of these
	 * cards then you have the right to do RSA operations on it
	 * anyway! */
	meth1 = RSA_PKCS1_SSLeay();
	aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
	aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
	aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
	aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif


#ifndef OPENSSL_NO_DSA
	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
	 * bits. */
	meth2 = DSA_OpenSSL();
	aep_dsa.dsa_do_sign    = meth2->dsa_do_sign;
	aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
	aep_dsa.dsa_do_verify  = meth2->dsa_do_verify;

	aep_dsa = *DSA_get_default_method(); 
	aep_dsa.dsa_mod_exp = aep_dsa_mod_exp; 
	aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
#endif

#ifndef OPENSSL_NO_DH
	/* Much the same for Diffie-Hellman */
	meth3 = DH_OpenSSL();
	aep_dh.generate_key = meth3->generate_key;
	aep_dh.compute_key  = meth3->compute_key;
	aep_dh.bn_mod_exp   = meth3->bn_mod_exp;
#endif

	/* Ensure the aep error handling is set up */
	ERR_load_AEPHK_strings();

	return 1;
}
Exemple #15
0
/*
 * This internal function is used by ENGINE_nuron() and possibly by the
 * "dynamic" ENGINE support too
 */
static int bind_helper(ENGINE *e)
{
#  ifndef OPENSSL_NO_RSA
    const RSA_METHOD *meth1;
#  endif
#  ifndef OPENSSL_NO_DSA
    const DSA_METHOD *meth2;
#  endif
#  ifndef OPENSSL_NO_DH
    const DH_METHOD *meth3;
#  endif
    if (!ENGINE_set_id(e, engine_nuron_id) ||
        !ENGINE_set_name(e, engine_nuron_name) ||
#  ifndef OPENSSL_NO_RSA
        !ENGINE_set_RSA(e, &nuron_rsa) ||
#  endif
#  ifndef OPENSSL_NO_DSA
        !ENGINE_set_DSA(e, &nuron_dsa) ||
#  endif
#  ifndef OPENSSL_NO_DH
        !ENGINE_set_DH(e, &nuron_dh) ||
#  endif
        !ENGINE_set_destroy_function(e, nuron_destroy) ||
        !ENGINE_set_init_function(e, nuron_init) ||
        !ENGINE_set_finish_function(e, nuron_finish) ||
        !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
        !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
        return 0;

#  ifndef OPENSSL_NO_RSA
    /*
     * We know that the "PKCS1_SSLeay()" functions hook properly to the
     * nuron-specific mod_exp and mod_exp_crt so we use those functions. NB:
     * We don't use ENGINE_openssl() or anything "more generic" because
     * something like the RSAref code may not hook properly, and if you own
     * one of these cards then you have the right to do RSA operations on it
     * anyway!
     */
    meth1 = RSA_PKCS1_SSLeay();
    nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
    nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
    nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
    nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#  endif

#  ifndef OPENSSL_NO_DSA
    /*
     * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
     */
    meth2 = DSA_OpenSSL();
    nuron_dsa.dsa_do_sign = meth2->dsa_do_sign;
    nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
    nuron_dsa.dsa_do_verify = meth2->dsa_do_verify;
#  endif

#  ifndef OPENSSL_NO_DH
    /* Much the same for Diffie-Hellman */
    meth3 = DH_OpenSSL();
    nuron_dh.generate_key = meth3->generate_key;
    nuron_dh.compute_key = meth3->compute_key;
#  endif

    /* Ensure the nuron error handling is set up */
    ERR_load_NURON_strings();
    return 1;
}
static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
	{
	DSA_SIG *to_return = NULL;
	int s_len = 160, r_len = 160, d_len, fd;
	BIGNUM m, *r=NULL, *s=NULL;

	BN_init(&m);

	s = BN_new();
	r = BN_new();
	if ((s == NULL) || (r==NULL))
		goto err;

	d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);

        if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
       	   (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
		UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
		goto err;
	}

	if (BN_bin2bn(dgst,dlen,&m) == NULL) {
		UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
		goto err;
	} 

	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
                const DSA_METHOD *meth;
		fd = 0;
		UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);
                meth = DSA_OpenSSL();
                to_return =  meth->dsa_do_sign(dgst, dlen, dsa);
		goto err;
	}

	if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
		(unsigned char *)dgst, d_len,
		NULL, 0,  /* compute random value */
		(unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
		(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
		(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
		(unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
		(unsigned char *)r->d, &r_len,
		(unsigned char *)s->d, &s_len ) != 0) {
                const DSA_METHOD *meth;

		UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);
                p_UBSEC_ubsec_close(fd);
                meth = DSA_OpenSSL();
                to_return = meth->dsa_do_sign(dgst, dlen, dsa);

		goto err;
	}

	p_UBSEC_ubsec_close(fd);

	r->top = (160+BN_BITS2-1)/BN_BITS2;
	s->top = (160+BN_BITS2-1)/BN_BITS2;

	to_return = DSA_SIG_new();
	if(to_return == NULL) {
		UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
		goto err;
	}

	to_return->r = r;
	to_return->s = s;

err:
	if (!to_return) {
		if (r) BN_free(r);
		if (s) BN_free(s);
	}                                 
	BN_clear_free(&m);
	return to_return;
}
/* This internal function is used by ENGINE_zencod () and possibly by the
 * "dynamic" ENGINE support too   ;-)
 */
static int bind_helper ( ENGINE *e )
{

#ifndef OPENSSL_NO_RSA
	const RSA_METHOD *meth_rsa ;
#endif
#ifndef OPENSSL_NO_DSA
	const DSA_METHOD *meth_dsa ;
#endif
#ifndef OPENSSL_NO_DH
	const DH_METHOD *meth_dh ;
#endif

	const RAND_METHOD *meth_rand ;


	if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
			!ENGINE_set_name ( e, engine_zencod_name ) ||
#ifndef OPENSSL_NO_RSA
			!ENGINE_set_RSA ( e, &zencod_rsa ) ||
#endif
#ifndef OPENSSL_NO_DSA
			!ENGINE_set_DSA ( e, &zencod_dsa ) ||
#endif
#ifndef OPENSSL_NO_DH
			!ENGINE_set_DH ( e, &zencod_dh ) ||
#endif
			!ENGINE_set_RAND ( e, &zencod_rand ) ||

			!ENGINE_set_destroy_function ( e, zencod_destroy ) ||
			!ENGINE_set_init_function ( e, zencod_init ) ||
			!ENGINE_set_finish_function ( e, zencod_finish ) ||
			!ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
			!ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
			!ENGINE_set_digests ( e, engine_digests ) ||
			!ENGINE_set_ciphers ( e, engine_ciphers ) ) {
		return 0 ;
	}

#ifndef OPENSSL_NO_RSA
	/* We know that the "PKCS1_SSLeay()" functions hook properly
	 * to the Zencod-specific mod_exp and mod_exp_crt so we use
	 * those functions. NB: We don't use ENGINE_openssl() or
	 * anything "more generic" because something like the RSAref
	 * code may not hook properly, and if you own one of these
	 * cards then you have the right to do RSA operations on it
	 * anyway!
	 */
	meth_rsa = RSA_PKCS1_SSLeay () ;

	zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
	zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
	zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
	zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
	/* meth_rsa->rsa_mod_exp */
	/* meth_rsa->bn_mod_exp */
	zencod_rsa.init = meth_rsa->init ;
	zencod_rsa.finish = meth_rsa->finish ;
#endif

#ifndef OPENSSL_NO_DSA
	/* We use OpenSSL meth to supply what we don't provide ;-*)
	 */
	meth_dsa = DSA_OpenSSL () ;

	/* meth_dsa->dsa_do_sign */
	zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
	/* meth_dsa->dsa_do_verify */
	zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
	/* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
	zencod_dsa.init = meth_dsa->init ;
	zencod_dsa.finish = meth_dsa->finish ;
#endif

#ifndef OPENSSL_NO_DH
	/* We use OpenSSL meth to supply what we don't provide ;-*)
	 */
	meth_dh = DH_OpenSSL () ;

	/* zencod_dh.generate_key = meth_dh->generate_key ; */
	/* zencod_dh.compute_key = meth_dh->compute_key ; */
	/* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
	zencod_dh.init = meth_dh->init ;
	zencod_dh.finish = meth_dh->finish ;

#endif

	/* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
	 */
	meth_rand = RAND_SSLeay () ;

	/* meth_rand->seed ; */
	/* zencod_rand.seed = meth_rand->seed ; */
	/* meth_rand->bytes ; */
	/* zencod_rand.bytes = meth_rand->bytes ; */
	zencod_rand.cleanup = meth_rand->cleanup ;
	zencod_rand.add = meth_rand->add ;
	/* meth_rand->pseudorand ; */
	/* zencod_rand.pseudorand = meth_rand->pseudorand ; */
	/* zencod_rand.status = meth_rand->status ; */
	/* meth_rand->status ; */

	/* Ensure the zencod error handling is set up */
	ERR_load_ZENCOD_strings () ;
	return 1 ;
}