static int capi_dsa_free(DSA *dsa)
{
CAPI_KEY *capi_key;
capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
capi_free_key(capi_key);
DSA_set_ex_data(dsa, dsa_capi_idx, 0);
return 1;
}
static
PKCS11H_BOOL
__pkcs11h_openssl_session_setDSA(
IN const pkcs11h_openssl_session_t openssl_session,
IN EVP_PKEY * evp
) {
PKCS11H_BOOL ret = FALSE;
DSA *dsa = NULL;
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_openssl_session_setDSA - entered openssl_session=%p, evp=%p",
(void *)openssl_session,
(void *)evp
);
if (
(dsa = EVP_PKEY_get1_DSA (evp)) == NULL
) {
_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get DSA key");
goto cleanup;
}
DSA_set_method (dsa, __openssl_methods.dsa);
DSA_set_ex_data (dsa, __openssl_methods.dsa_index, openssl_session);
ret = TRUE;
cleanup:
if (dsa != NULL) {
DSA_free (dsa);
dsa = NULL;
}
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: __pkcs11h_openssl_session_setDSA - return ret=%d",
ret
);
return ret;
}
static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
{
unsigned char *pubkey = NULL;
DWORD len;
BLOBHEADER *bh;
RSA *rkey = NULL;
DSA *dkey = NULL;
EVP_PKEY *ret = NULL;
if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len))
{
CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
capi_addlasterror();
return NULL;
}
pubkey = OPENSSL_malloc(len);
if (!pubkey)
goto memerr;
if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len))
{
CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
capi_addlasterror();
goto err;
}
bh = (BLOBHEADER *)pubkey;
if (bh->bType != PUBLICKEYBLOB)
{
CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
goto err;
}
if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX)
{
RSAPUBKEY *rp;
DWORD rsa_modlen;
unsigned char *rsa_modulus;
rp = (RSAPUBKEY *)(bh + 1);
if (rp->magic != 0x31415352)
{
char magstr[10];
BIO_snprintf(magstr, 10, "%lx", rp->magic);
CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
ERR_add_error_data(2, "magic=0x", magstr);
goto err;
}
rsa_modulus = (unsigned char *)(rp + 1);
rkey = RSA_new_method(eng);
if (!rkey)
goto memerr;
rkey->e = BN_new();
rkey->n = BN_new();
if (!rkey->e || !rkey->n)
goto memerr;
if (!BN_set_word(rkey->e, rp->pubexp))
goto memerr;
rsa_modlen = rp->bitlen / 8;
if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
goto memerr;
RSA_set_ex_data(rkey, rsa_capi_idx, key);
if (!(ret = EVP_PKEY_new()))
goto memerr;
EVP_PKEY_assign_RSA(ret, rkey);
rkey = NULL;
}
else if (bh->aiKeyAlg == CALG_DSS_SIGN)
{
DSSPUBKEY *dp;
DWORD dsa_plen;
unsigned char *btmp;
dp = (DSSPUBKEY *)(bh + 1);
if (dp->magic != 0x31535344)
{
char magstr[10];
BIO_snprintf(magstr, 10, "%lx", dp->magic);
CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
ERR_add_error_data(2, "magic=0x", magstr);
goto err;
}
dsa_plen = dp->bitlen / 8;
btmp = (unsigned char *)(dp + 1);
dkey = DSA_new_method(eng);
if (!dkey)
goto memerr;
dkey->p = BN_new();
dkey->q = BN_new();
dkey->g = BN_new();
dkey->pub_key = BN_new();
if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
goto memerr;
if (!lend_tobn(dkey->p, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
if (!lend_tobn(dkey->q, btmp, 20))
goto memerr;
btmp += 20;
if (!lend_tobn(dkey->g, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
DSA_set_ex_data(dkey, dsa_capi_idx, key);
if (!(ret = EVP_PKEY_new()))
goto memerr;
EVP_PKEY_assign_DSA(ret, dkey);
dkey = NULL;
}
else
{
char algstr[10];
BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
goto err;
}
err:
if (pubkey)
OPENSSL_free(pubkey);
if (!ret)
{
if (rkey)
RSA_free(rkey);
if (dkey)
DSA_free(dkey);
}
return ret;
memerr:
CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
{
EVP_PKEY *res = NULL;
#ifndef OPENSSL_NO_RSA
RSA *rsatmp = NULL;
#endif
#ifndef OPENSSL_NO_DSA
DSA *dsatmp=NULL;
#endif
char msg[64]="sureware_load_public";
int ret=0;
if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
{
SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_NOT_INITIALISED);
goto err;
}
switch (keytype)
{
#ifndef OPENSSL_NO_RSA
case 1: /*RSA*/
/* set private external reference */
rsatmp = RSA_new_method(e);
RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
rsatmp->flags |= RSA_FLAG_EXT_PKEY;
/* set public big nums*/
rsatmp->e = BN_new();
rsatmp->n = BN_new();
bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
!rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
goto err;
ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
(unsigned long *)rsatmp->n->d,
(unsigned long *)rsatmp->e->d);
surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
if (ret!=1)
{
SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
goto err;
}
/* normalise pub e and pub n */
rsatmp->e->top=el/sizeof(BN_ULONG);
bn_fix_top(rsatmp->e);
rsatmp->n->top=el/sizeof(BN_ULONG);
bn_fix_top(rsatmp->n);
/* create an EVP object: engine + rsa key */
res = EVP_PKEY_new();
EVP_PKEY_assign_RSA(res, rsatmp);
break;
#endif
#ifndef OPENSSL_NO_DSA
case 2:/*DSA*/
/* set private/public external reference */
dsatmp = DSA_new_method(e);
DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
/*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
/* set public key*/
dsatmp->pub_key = BN_new();
dsatmp->p = BN_new();
dsatmp->q = BN_new();
dsatmp->g = BN_new();
bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
!dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
!dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
!dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
goto err;
ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
(unsigned long *)dsatmp->pub_key->d,
(unsigned long *)dsatmp->p->d,
(unsigned long *)dsatmp->q->d,
(unsigned long *)dsatmp->g->d);
surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
if (ret!=1)
{
SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
goto err;
}
/* set parameters */
/* normalise pubkey and parameters in case of */
dsatmp->pub_key->top=el/sizeof(BN_ULONG);
bn_fix_top(dsatmp->pub_key);
dsatmp->p->top=el/sizeof(BN_ULONG);
bn_fix_top(dsatmp->p);
dsatmp->q->top=20/sizeof(BN_ULONG);
bn_fix_top(dsatmp->q);
dsatmp->g->top=el/sizeof(BN_ULONG);
bn_fix_top(dsatmp->g);
/* create an EVP object: engine + rsa key */
res = EVP_PKEY_new();
EVP_PKEY_assign_DSA(res, dsatmp);
break;
#endif
default:
SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
goto err;
}
return res;
err:
#ifndef OPENSSL_NO_RSA
if (rsatmp)
RSA_free(rsatmp);
#endif
#ifndef OPENSSL_NO_DSA
if (dsatmp)
DSA_free(dsatmp);
#endif
return NULL;
}
