802de40be6d5d8755edd52e8c745956b0af573c1
[openssl.git] / engines / e_ubsec.c
1 /* crypto/engine/hw_ubsec.c */
2 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3  * project 2000.
4  *
5  * Cloned shamelessly by Joe Tardo. 
6  */
7 /* ====================================================================
8  * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer. 
16  *
17  * 2. Redistributions in binary form must reproduce the above copyright
18  *    notice, this list of conditions and the following disclaimer in
19  *    the documentation and/or other materials provided with the
20  *    distribution.
21  *
22  * 3. All advertising materials mentioning features or use of this
23  *    software must display the following acknowledgment:
24  *    "This product includes software developed by the OpenSSL Project
25  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26  *
27  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
28  *    endorse or promote products derived from this software without
29  *    prior written permission. For written permission, please contact
30  *    licensing@OpenSSL.org.
31  *
32  * 5. Products derived from this software may not be called "OpenSSL"
33  *    nor may "OpenSSL" appear in their names without prior written
34  *    permission of the OpenSSL Project.
35  *
36  * 6. Redistributions of any form whatsoever must retain the following
37  *    acknowledgment:
38  *    "This product includes software developed by the OpenSSL Project
39  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
42  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
45  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52  * OF THE POSSIBILITY OF SUCH DAMAGE.
53  * ====================================================================
54  *
55  * This product includes cryptographic software written by Eric Young
56  * (eay@cryptsoft.com).  This product includes software written by Tim
57  * Hudson (tjh@cryptsoft.com).
58  *
59  */
60
61 #include <stdio.h>
62 #include <string.h>
63 #include <openssl/crypto.h>
64 #include <openssl/buffer.h>
65 #include <openssl/dso.h>
66 #include <openssl/engine.h>
67 #include <openssl/rsa.h>
68 #include <openssl/dsa.h>
69 #include <openssl/dh.h>
70 #include <openssl/bn.h>
71
72 #ifndef OPENSSL_NO_HW
73 #ifndef OPENSSL_NO_HW_UBSEC
74
75 #ifdef FLAT_INC
76 #include "hw_ubsec.h"
77 #else
78 #include "vendor_defns/hw_ubsec.h"
79 #endif
80
81 #define UBSEC_LIB_NAME "ubsec engine"
82 #include "e_ubsec_err.c"
83
84 #define FAIL_TO_SOFTWARE -15
85
86 static int ubsec_destroy(ENGINE *e);
87 static int ubsec_init(ENGINE *e);
88 static int ubsec_finish(ENGINE *e);
89 static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
90 static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
91                 const BIGNUM *m, BN_CTX *ctx);
92 static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
93                         const BIGNUM *q, const BIGNUM *dp,
94                         const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
95 #ifndef OPENSSL_NO_RSA
96 static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
97 #endif
98 static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
99                 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
100 #ifndef OPENSSL_NO_DSA
101 #ifdef NOT_USED
102 static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
103                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
104                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
105 static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
106                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
107                 BN_MONT_CTX *m_ctx);
108 #endif
109 static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
110 static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
111                                 DSA_SIG *sig, DSA *dsa);
112 #endif
113 #ifndef OPENSSL_NO_DH
114 static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
115                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
116                 BN_MONT_CTX *m_ctx);
117 static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
118 static int ubsec_dh_generate_key(DH *dh);
119 #endif
120
121 #ifdef NOT_USED
122 static int ubsec_rand_bytes(unsigned char *buf, int num);
123 static int ubsec_rand_status(void);
124 #endif
125
126 #define UBSEC_CMD_SO_PATH               ENGINE_CMD_BASE
127 static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
128         {UBSEC_CMD_SO_PATH,
129                 "SO_PATH",
130                 "Specifies the path to the 'ubsec' shared library",
131                 ENGINE_CMD_FLAG_STRING},
132         {0, NULL, NULL, 0}
133         };
134
135 #ifndef OPENSSL_NO_RSA
136 /* Our internal RSA_METHOD that we provide pointers to */
137 static RSA_METHOD ubsec_rsa =
138         {
139         "UBSEC RSA method",
140         NULL,
141         NULL,
142         NULL,
143         NULL,
144         ubsec_rsa_mod_exp,
145         ubsec_mod_exp_mont,
146         NULL,
147         NULL,
148         0,
149         NULL,
150         NULL,
151         NULL,
152         NULL
153         };
154 #endif
155
156 #ifndef OPENSSL_NO_DSA
157 /* Our internal DSA_METHOD that we provide pointers to */
158 static DSA_METHOD ubsec_dsa =
159         {
160         "UBSEC DSA method",
161         ubsec_dsa_do_sign, /* dsa_do_sign */
162         NULL, /* dsa_sign_setup */
163         ubsec_dsa_verify, /* dsa_do_verify */
164         NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
165         NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
166         NULL, /* init */
167         NULL, /* finish */
168         0, /* flags */
169         NULL, /* app_data */
170         NULL, /* dsa_paramgen */
171         NULL /* dsa_keygen */
172         };
173 #endif
174
175 #ifndef OPENSSL_NO_DH
176 /* Our internal DH_METHOD that we provide pointers to */
177 static DH_METHOD ubsec_dh =
178         {
179         "UBSEC DH method",
180         ubsec_dh_generate_key,
181         ubsec_dh_compute_key,
182         ubsec_mod_exp_dh,
183         NULL,
184         NULL,
185         0,
186         NULL,
187         NULL
188         };
189 #endif
190
191 /* Constants used when creating the ENGINE */
192 static const char *engine_ubsec_id = "ubsec";
193 static const char *engine_ubsec_name = "UBSEC hardware engine support";
194
195 /* This internal function is used by ENGINE_ubsec() and possibly by the
196  * "dynamic" ENGINE support too */
197 static int bind_helper(ENGINE *e)
198         {
199 #ifndef OPENSSL_NO_RSA
200         const RSA_METHOD *meth1;
201 #endif
202 #ifndef OPENSSL_NO_DH
203 #ifndef HAVE_UBSEC_DH
204         const DH_METHOD *meth3;
205 #endif /* HAVE_UBSEC_DH */
206 #endif
207         if(!ENGINE_set_id(e, engine_ubsec_id) ||
208                         !ENGINE_set_name(e, engine_ubsec_name) ||
209 #ifndef OPENSSL_NO_RSA
210                         !ENGINE_set_RSA(e, &ubsec_rsa) ||
211 #endif
212 #ifndef OPENSSL_NO_DSA
213                         !ENGINE_set_DSA(e, &ubsec_dsa) ||
214 #endif
215 #ifndef OPENSSL_NO_DH
216                         !ENGINE_set_DH(e, &ubsec_dh) ||
217 #endif
218                         !ENGINE_set_destroy_function(e, ubsec_destroy) ||
219                         !ENGINE_set_init_function(e, ubsec_init) ||
220                         !ENGINE_set_finish_function(e, ubsec_finish) ||
221                         !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
222                         !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
223                 return 0;
224
225 #ifndef OPENSSL_NO_RSA
226         /* We know that the "PKCS1_SSLeay()" functions hook properly
227          * to the Broadcom-specific mod_exp and mod_exp_crt so we use
228          * those functions. NB: We don't use ENGINE_openssl() or
229          * anything "more generic" because something like the RSAref
230          * code may not hook properly, and if you own one of these
231          * cards then you have the right to do RSA operations on it
232          * anyway! */ 
233         meth1 = RSA_PKCS1_SSLeay();
234         ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
235         ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
236         ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
237         ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
238 #endif
239
240 #ifndef OPENSSL_NO_DH
241 #ifndef HAVE_UBSEC_DH
242         /* Much the same for Diffie-Hellman */
243         meth3 = DH_OpenSSL();
244         ubsec_dh.generate_key = meth3->generate_key;
245         ubsec_dh.compute_key = meth3->compute_key;
246 #endif /* HAVE_UBSEC_DH */
247 #endif
248
249         /* Ensure the ubsec error handling is set up */
250         ERR_load_UBSEC_strings();
251         return 1;
252         }
253
254 #ifdef OPENSSL_NO_DYNAMIC_ENGINE
255 static ENGINE *engine_ubsec(void)
256         {
257         ENGINE *ret = ENGINE_new();
258         if(!ret)
259                 return NULL;
260         if(!bind_helper(ret))
261                 {
262                 ENGINE_free(ret);
263                 return NULL;
264                 }
265         return ret;
266         }
267
268 void ENGINE_load_ubsec(void)
269         {
270         /* Copied from eng_[openssl|dyn].c */
271         ENGINE *toadd = engine_ubsec();
272         if(!toadd) return;
273         ENGINE_add(toadd);
274         ENGINE_free(toadd);
275         ERR_clear_error();
276         }
277 #endif
278
279 /* This is a process-global DSO handle used for loading and unloading
280  * the UBSEC library. NB: This is only set (or unset) during an
281  * init() or finish() call (reference counts permitting) and they're
282  * operating with global locks, so this should be thread-safe
283  * implicitly. */
284
285 static DSO *ubsec_dso = NULL;
286
287 /* These are the function pointers that are (un)set when the library has
288  * successfully (un)loaded. */
289
290 static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
291 static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
292 static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
293 static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
294 #ifndef OPENSSL_NO_DH
295 static t_UBSEC_diffie_hellman_generate_ioctl 
296         *p_UBSEC_diffie_hellman_generate_ioctl = NULL;
297 static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
298 #endif
299 /* #ifndef OPENSSL_NO_RSA */
300 static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
301 static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
302 /* #endif */
303 #ifndef OPENSSL_NO_DSA
304 static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
305 static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
306 #endif
307 static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
308 static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
309 static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
310
311 static int max_key_len = 1024;  /* ??? */
312
313 /* 
314  * These are the static string constants for the DSO file name and the function
315  * symbol names to bind to. 
316  */
317
318 static const char *UBSEC_LIBNAME = NULL;
319 static const char *get_UBSEC_LIBNAME(void)
320         {
321         if(UBSEC_LIBNAME)
322                 return UBSEC_LIBNAME;
323         return "ubsec";
324         }
325 static void free_UBSEC_LIBNAME(void)
326         {
327         if(UBSEC_LIBNAME)
328                 OPENSSL_free((void*)UBSEC_LIBNAME);
329         UBSEC_LIBNAME = NULL;
330         }
331 static long set_UBSEC_LIBNAME(const char *name)
332         {
333         free_UBSEC_LIBNAME();
334         return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
335         }
336 static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
337 static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
338 static const char *UBSEC_F3 = "ubsec_open";
339 static const char *UBSEC_F4 = "ubsec_close";
340 #ifndef OPENSSL_NO_DH
341 static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
342 static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
343 #endif
344 /* #ifndef OPENSSL_NO_RSA */
345 static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
346 static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
347 /* #endif */
348 #ifndef OPENSSL_NO_DSA
349 static const char *UBSEC_F9 = "dsa_sign_ioctl";
350 static const char *UBSEC_F10 = "dsa_verify_ioctl";
351 #endif
352 static const char *UBSEC_F11 = "math_accelerate_ioctl";
353 static const char *UBSEC_F12 = "rng_ioctl";
354 static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
355
356 /* Destructor (complements the "ENGINE_ubsec()" constructor) */
357 static int ubsec_destroy(ENGINE *e)
358         {
359         free_UBSEC_LIBNAME();
360         ERR_unload_UBSEC_strings();
361         return 1;
362         }
363
364 /* (de)initialisation functions. */
365 static int ubsec_init(ENGINE *e)
366         {
367         t_UBSEC_ubsec_bytes_to_bits *p1;
368         t_UBSEC_ubsec_bits_to_bytes *p2;
369         t_UBSEC_ubsec_open *p3;
370         t_UBSEC_ubsec_close *p4;
371 #ifndef OPENSSL_NO_DH
372         t_UBSEC_diffie_hellman_generate_ioctl *p5;
373         t_UBSEC_diffie_hellman_agree_ioctl *p6;
374 #endif
375 /* #ifndef OPENSSL_NO_RSA */
376         t_UBSEC_rsa_mod_exp_ioctl *p7;
377         t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
378 /* #endif */
379 #ifndef OPENSSL_NO_DSA
380         t_UBSEC_dsa_sign_ioctl *p9;
381         t_UBSEC_dsa_verify_ioctl *p10;
382 #endif
383         t_UBSEC_math_accelerate_ioctl *p11;
384         t_UBSEC_rng_ioctl *p12;
385         t_UBSEC_max_key_len_ioctl *p13;
386         int fd = 0;
387
388         if(ubsec_dso != NULL)
389                 {
390                 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
391                 goto err;
392                 }
393         /* 
394          * Attempt to load libubsec.so/ubsec.dll/whatever. 
395          */
396         ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
397         if(ubsec_dso == NULL)
398                 {
399                 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
400                 goto err;
401                 }
402
403         if (
404         !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
405         !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
406         !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
407         !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
408 #ifndef OPENSSL_NO_DH
409         !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) 
410                                 DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
411         !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) 
412                                 DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
413 #endif
414 /* #ifndef OPENSSL_NO_RSA */
415         !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
416         !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
417 /* #endif */
418 #ifndef OPENSSL_NO_DSA
419         !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
420         !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
421 #endif
422         !(p11 = (t_UBSEC_math_accelerate_ioctl *) 
423                                 DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
424         !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||
425         !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))
426                 {
427                 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
428                 goto err;
429                 }
430
431         /* Copy the pointers */
432         p_UBSEC_ubsec_bytes_to_bits = p1;
433         p_UBSEC_ubsec_bits_to_bytes = p2;
434         p_UBSEC_ubsec_open = p3;
435         p_UBSEC_ubsec_close = p4;
436 #ifndef OPENSSL_NO_DH
437         p_UBSEC_diffie_hellman_generate_ioctl = p5;
438         p_UBSEC_diffie_hellman_agree_ioctl = p6;
439 #endif
440 #ifndef OPENSSL_NO_RSA
441         p_UBSEC_rsa_mod_exp_ioctl = p7;
442         p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
443 #endif
444 #ifndef OPENSSL_NO_DSA
445         p_UBSEC_dsa_sign_ioctl = p9;
446         p_UBSEC_dsa_verify_ioctl = p10;
447 #endif
448         p_UBSEC_math_accelerate_ioctl = p11;
449         p_UBSEC_rng_ioctl = p12;
450         p_UBSEC_max_key_len_ioctl = p13;
451
452         /* Perform an open to see if there's actually any unit running. */
453         if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))
454         {
455            p_UBSEC_ubsec_close(fd);
456            return 1;
457         }
458         else
459         {
460           UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
461         }
462
463 err:
464         if(ubsec_dso)
465                 DSO_free(ubsec_dso);
466         p_UBSEC_ubsec_bytes_to_bits = NULL;
467         p_UBSEC_ubsec_bits_to_bytes = NULL;
468         p_UBSEC_ubsec_open = NULL;
469         p_UBSEC_ubsec_close = NULL;
470 #ifndef OPENSSL_NO_DH
471         p_UBSEC_diffie_hellman_generate_ioctl = NULL;
472         p_UBSEC_diffie_hellman_agree_ioctl = NULL;
473 #endif
474 #ifndef OPENSSL_NO_RSA
475         p_UBSEC_rsa_mod_exp_ioctl = NULL;
476         p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
477 #endif
478 #ifndef OPENSSL_NO_DSA
479         p_UBSEC_dsa_sign_ioctl = NULL;
480         p_UBSEC_dsa_verify_ioctl = NULL;
481 #endif
482         p_UBSEC_math_accelerate_ioctl = NULL;
483         p_UBSEC_rng_ioctl = NULL;
484         p_UBSEC_max_key_len_ioctl = NULL;
485
486         return 0;
487         }
488
489 static int ubsec_finish(ENGINE *e)
490         {
491         free_UBSEC_LIBNAME();
492         if(ubsec_dso == NULL)
493                 {
494                 UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
495                 return 0;
496                 }
497         if(!DSO_free(ubsec_dso))
498                 {
499                 UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
500                 return 0;
501                 }
502         ubsec_dso = NULL;
503         p_UBSEC_ubsec_bytes_to_bits = NULL;
504         p_UBSEC_ubsec_bits_to_bytes = NULL;
505         p_UBSEC_ubsec_open = NULL;
506         p_UBSEC_ubsec_close = NULL;
507 #ifndef OPENSSL_NO_DH
508         p_UBSEC_diffie_hellman_generate_ioctl = NULL;
509         p_UBSEC_diffie_hellman_agree_ioctl = NULL;
510 #endif
511 #ifndef OPENSSL_NO_RSA
512         p_UBSEC_rsa_mod_exp_ioctl = NULL;
513         p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
514 #endif
515 #ifndef OPENSSL_NO_DSA
516         p_UBSEC_dsa_sign_ioctl = NULL;
517         p_UBSEC_dsa_verify_ioctl = NULL;
518 #endif
519         p_UBSEC_math_accelerate_ioctl = NULL;
520         p_UBSEC_rng_ioctl = NULL;
521         p_UBSEC_max_key_len_ioctl = NULL;
522         return 1;
523         }
524
525 static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
526         {
527         int initialised = ((ubsec_dso == NULL) ? 0 : 1);
528         switch(cmd)
529                 {
530         case UBSEC_CMD_SO_PATH:
531                 if(p == NULL)
532                         {
533                         UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
534                         return 0;
535                         }
536                 if(initialised)
537                         {
538                         UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
539                         return 0;
540                         }
541                 return set_UBSEC_LIBNAME((const char *)p);
542         default:
543                 break;
544                 }
545         UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
546         return 0;
547         }
548
549 static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
550                 const BIGNUM *m, BN_CTX *ctx)
551         {
552         int     y_len = 0;
553         int     fd;
554
555         if(ubsec_dso == NULL)
556         {
557                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
558                 return 0;
559         }
560
561         /* Check if hardware can't handle this argument. */
562         y_len = BN_num_bits(m);
563         if (y_len > max_key_len) {
564                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
565                 return BN_mod_exp(r, a, p, m, ctx);
566         } 
567
568         if(!bn_wexpand(r, m->top))
569         {
570                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
571                 return 0;
572         }
573
574         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
575                 fd = 0;
576                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_UNIT_FAILURE);
577                 return BN_mod_exp(r, a, p, m, ctx);
578         }
579
580         if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
581                 (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d, 
582                 BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
583         {
584                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
585                 p_UBSEC_ubsec_close(fd);
586
587                 return BN_mod_exp(r, a, p, m, ctx);
588         }
589
590         p_UBSEC_ubsec_close(fd);
591
592         r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
593         return 1;
594         }
595
596 #ifndef OPENSSL_NO_RSA
597 static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
598         {
599         int to_return = 0;
600
601         if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
602                 {
603                 UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
604                 goto err;
605                 }
606
607         to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
608                     rsa->dmq1, rsa->iqmp, ctx);
609         if (to_return == FAIL_TO_SOFTWARE)
610         {
611           /*
612            * Do in software as hardware failed.
613            */
614            const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
615            to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
616         }
617 err:
618         return to_return;
619         }
620 #endif
621
622 static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
623                         const BIGNUM *q, const BIGNUM *dp,
624                         const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
625         {
626         int     y_len,
627                 m_len,
628                 fd;
629
630         m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
631         y_len = BN_num_bits(p) + BN_num_bits(q);
632
633         /* Check if hardware can't handle this argument. */
634         if (y_len > max_key_len) {
635                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
636                 return FAIL_TO_SOFTWARE;
637         } 
638
639         if (!bn_wexpand(r, p->top + q->top + 1)) {
640                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
641                 return 0;
642         }
643
644         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
645                 fd = 0;
646                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_UNIT_FAILURE);
647                 return FAIL_TO_SOFTWARE;
648         }
649
650         if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
651                 (unsigned char *)a->d, BN_num_bits(a), 
652                 (unsigned char *)qinv->d, BN_num_bits(qinv),
653                 (unsigned char *)dp->d, BN_num_bits(dp),
654                 (unsigned char *)p->d, BN_num_bits(p),
655                 (unsigned char *)dq->d, BN_num_bits(dq),
656                 (unsigned char *)q->d, BN_num_bits(q),
657                 (unsigned char *)r->d,  &y_len) != 0) {
658                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_REQUEST_FAILED);
659                 p_UBSEC_ubsec_close(fd);
660                 return FAIL_TO_SOFTWARE;
661         }
662
663         p_UBSEC_ubsec_close(fd);
664
665         r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
666         return 1;
667 }
668
669 #ifndef OPENSSL_NO_DSA
670 #ifdef NOT_USED
671 static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
672                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
673                 BN_CTX *ctx, BN_MONT_CTX *in_mont)
674         {
675         BIGNUM t;
676         int to_return = 0;
677  
678         BN_init(&t);
679         /* let rr = a1 ^ p1 mod m */
680         if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
681         /* let t = a2 ^ p2 mod m */
682         if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
683         /* let rr = rr * t mod m */
684         if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
685         to_return = 1;
686 end:
687         BN_free(&t);
688         return to_return;
689         }
690
691 static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
692                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
693                 BN_MONT_CTX *m_ctx)
694         {
695         return ubsec_mod_exp(r, a, p, m, ctx);
696         }
697 #endif
698 #endif
699
700 /*
701  * This function is aliased to mod_exp (with the mont stuff dropped).
702  */
703 static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
704                 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
705         {
706         int ret = 0;
707
708 #ifndef OPENSSL_NO_RSA
709         /* Do in software if the key is too large for the hardware. */
710         if (BN_num_bits(m) > max_key_len)
711                 {
712                 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
713                 ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
714                 }
715         else
716 #endif
717                 {
718                 ret = ubsec_mod_exp(r, a, p, m, ctx);
719                 }
720         
721         return ret;
722         }
723
724 #ifndef OPENSSL_NO_DH
725 /* This function is aliased to mod_exp (with the dh and mont dropped). */
726 static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
727                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
728                 BN_MONT_CTX *m_ctx)
729         {
730         return ubsec_mod_exp(r, a, p, m, ctx);
731         }
732 #endif
733
734 #ifndef OPENSSL_NO_DSA
735 static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
736         {
737         DSA_SIG *to_return = NULL;
738         int s_len = 160, r_len = 160, d_len, fd;
739         BIGNUM m, *r=NULL, *s=NULL;
740
741         BN_init(&m);
742
743         s = BN_new();
744         r = BN_new();
745         if ((s == NULL) || (r==NULL))
746                 goto err;
747
748         d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
749
750         if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
751            (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
752                 UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
753                 goto err;
754         }
755
756         if (BN_bin2bn(dgst,dlen,&m) == NULL) {
757                 UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
758                 goto err;
759         } 
760
761         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
762                 const DSA_METHOD *meth;
763                 fd = 0;
764                 UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);
765                 meth = DSA_OpenSSL();
766                 to_return =  meth->dsa_do_sign(dgst, dlen, dsa);
767                 goto err;
768         }
769
770         if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
771                 (unsigned char *)dgst, d_len,
772                 NULL, 0,  /* compute random value */
773                 (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
774                 (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
775                 (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
776                 (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
777                 (unsigned char *)r->d, &r_len,
778                 (unsigned char *)s->d, &s_len ) != 0) {
779                 const DSA_METHOD *meth;
780
781                 UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);
782                 p_UBSEC_ubsec_close(fd);
783                 meth = DSA_OpenSSL();
784                 to_return = meth->dsa_do_sign(dgst, dlen, dsa);
785
786                 goto err;
787         }
788
789         p_UBSEC_ubsec_close(fd);
790
791         r->top = (160+BN_BITS2-1)/BN_BITS2;
792         s->top = (160+BN_BITS2-1)/BN_BITS2;
793
794         to_return = DSA_SIG_new();
795         if(to_return == NULL) {
796                 UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
797                 goto err;
798         }
799
800         to_return->r = r;
801         to_return->s = s;
802
803 err:
804         if (!to_return) {
805                 if (r) BN_free(r);
806                 if (s) BN_free(s);
807         }                                 
808         BN_clear_free(&m);
809         return to_return;
810 }
811
812 static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
813                                 DSA_SIG *sig, DSA *dsa)
814         {
815         int v_len, d_len;
816         int to_return = 0;
817         int fd;
818         BIGNUM v;
819
820         BN_init(&v);
821
822         if(!bn_wexpand(&v, dsa->p->top)) {
823                 UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);
824                 goto err;
825         }
826
827         v_len = BN_num_bits(dsa->p);
828
829         d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
830
831         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
832                 const DSA_METHOD *meth;
833                 fd = 0;
834                 UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);
835                 meth = DSA_OpenSSL();
836                 to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
837                 goto err;
838         }
839
840         if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
841                 (unsigned char *)dgst, d_len,
842                 (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
843                 (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
844                 (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
845                 (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
846                 (unsigned char *)sig->r->d, BN_num_bits(sig->r),
847                 (unsigned char *)sig->s->d, BN_num_bits(sig->s),
848                 (unsigned char *)v.d, &v_len) != 0) {
849                 const DSA_METHOD *meth;
850                 UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);
851                 p_UBSEC_ubsec_close(fd);
852
853                 meth = DSA_OpenSSL();
854                 to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
855
856                 goto err;
857         }
858
859         p_UBSEC_ubsec_close(fd);
860
861         to_return = 1;
862 err:
863         BN_clear_free(&v);
864         return to_return;
865         }
866 #endif
867
868 #ifndef OPENSSL_NO_DH
869 static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)
870         {
871         int      ret      = -1,
872                  k_len,
873                  fd;
874
875         k_len = BN_num_bits(dh->p);
876
877         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
878                 {
879                 const DH_METHOD *meth;
880                 UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_UNIT_FAILURE);
881                 meth = DH_OpenSSL();
882                 ret = meth->compute_key(key, pub_key, dh);
883                 goto err;
884                 }
885
886         if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
887                                                (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),
888                                                (unsigned char *)pub_key->d, BN_num_bits(pub_key),
889                                                (unsigned char *)dh->p->d, BN_num_bits(dh->p),
890                                                key, &k_len) != 0)
891                 {
892                 /* Hardware's a no go, failover to software */
893                 const DH_METHOD *meth;
894                 UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
895                 p_UBSEC_ubsec_close(fd);
896
897                 meth = DH_OpenSSL();
898                 ret = meth->compute_key(key, pub_key, dh);
899
900                 goto err;
901                 }
902
903         p_UBSEC_ubsec_close(fd);
904
905         ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
906 err:
907         return ret;
908         }
909
910 static int ubsec_dh_generate_key(DH *dh)
911         {
912         int      ret               = 0,
913                  random_bits       = 0,
914                  pub_key_len       = 0,
915                  priv_key_len      = 0,
916                  fd;
917         BIGNUM   *pub_key          = NULL;
918         BIGNUM   *priv_key         = NULL;
919
920         /* 
921          *  How many bits should Random x be? dh_key.c
922          *  sets the range from 0 to num_bits(modulus) ???
923          */
924
925         if (dh->priv_key == NULL)
926                 {
927                 priv_key = BN_new();
928                 if (priv_key == NULL) goto err;
929                 priv_key_len = BN_num_bits(dh->p);
930                 bn_wexpand(priv_key, dh->p->top);
931                 do
932                         if (!BN_rand_range(priv_key, dh->p)) goto err;
933                 while (BN_is_zero(priv_key));
934                 random_bits = BN_num_bits(priv_key);
935                 }
936         else
937                 {
938                 priv_key = dh->priv_key;
939                 }
940
941         if (dh->pub_key == NULL)
942                 {
943                 pub_key = BN_new();
944                 pub_key_len = BN_num_bits(dh->p);
945                 bn_wexpand(pub_key, dh->p->top);
946                 if(pub_key == NULL) goto err;
947                 }
948         else
949                 {
950                 pub_key = dh->pub_key;
951                 }
952
953         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
954                 {
955                 const DH_METHOD *meth;
956                 UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_UNIT_FAILURE);
957                 meth = DH_OpenSSL();
958                 ret = meth->generate_key(dh);
959                 goto err;
960                 }
961
962         if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
963                                                   (unsigned char *)priv_key->d, &priv_key_len,
964                                                   (unsigned char *)pub_key->d,  &pub_key_len,
965                                                   (unsigned char *)dh->g->d, BN_num_bits(dh->g),
966                                                   (unsigned char *)dh->p->d, BN_num_bits(dh->p),
967                                                   0, 0, random_bits) != 0)
968                 {
969                 /* Hardware's a no go, failover to software */
970                 const DH_METHOD *meth;
971
972                 UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_REQUEST_FAILED);
973                 p_UBSEC_ubsec_close(fd);
974
975                 meth = DH_OpenSSL();
976                 ret = meth->generate_key(dh);
977
978                 goto err;
979                 }
980
981         p_UBSEC_ubsec_close(fd);
982
983         dh->pub_key = pub_key;
984         dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;
985         dh->priv_key = priv_key;
986         dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;
987
988         ret = 1;
989 err:
990         return ret;
991         }
992 #endif
993
994 #ifdef NOT_USED
995 static int ubsec_rand_bytes(unsigned char * buf,
996                             int num)
997         {
998         int      ret      = 0,
999                  fd;
1000
1001         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
1002                 {
1003                 const RAND_METHOD *meth;
1004                 UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE);
1005                 num = p_UBSEC_ubsec_bits_to_bytes(num);
1006                 meth = RAND_SSLeay();
1007                 meth->seed(buf, num);
1008                 ret = meth->bytes(buf, num);
1009                 goto err;
1010                 }
1011
1012         num *= 8; /* bytes to bits */
1013
1014         if (p_UBSEC_rng_ioctl(fd,
1015                               UBSEC_RNG_DIRECT,
1016                               buf,
1017                               &num) != 0)
1018                 {
1019                 /* Hardware's a no go, failover to software */
1020                 const RAND_METHOD *meth;
1021
1022                 UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED);
1023                 p_UBSEC_ubsec_close(fd);
1024
1025                 num = p_UBSEC_ubsec_bits_to_bytes(num);
1026                 meth = RAND_SSLeay();
1027                 meth->seed(buf, num);
1028                 ret = meth->bytes(buf, num);
1029
1030                 goto err;
1031                 }
1032
1033         p_UBSEC_ubsec_close(fd);
1034
1035         ret = 1;
1036 err:
1037         return(ret);
1038         }
1039
1040
1041 static int ubsec_rand_status(void)
1042         {
1043         return 0;
1044         }
1045 #endif
1046
1047 /* This stuff is needed if this ENGINE is being compiled into a self-contained
1048  * shared-library. */
1049 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
1050 static int bind_fn(ENGINE *e, const char *id)
1051         {
1052         if(id && (strcmp(id, engine_ubsec_id) != 0))
1053                 return 0;
1054         if(!bind_helper(e))
1055                 return 0;
1056         return 1;
1057         }
1058 IMPLEMENT_DYNAMIC_CHECK_FN()
1059 IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
1060 #endif /* OPENSSL_NO_DYNAMIC_ENGINE */
1061
1062 #endif /* !OPENSSL_NO_HW_UBSEC */
1063 #endif /* !OPENSSL_NO_HW */