The ENGINE implementations in ./engines/ should be role models on how to
[openssl.git] / engines / e_ubsec.c
1 /* crypto/engine/hw_ubsec.c */
2 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
3  * project 2000.
4  *
5  * Cloned shamelessly by Joe Tardo. 
6  */
7 /* ====================================================================
8  * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer. 
16  *
17  * 2. Redistributions in binary form must reproduce the above copyright
18  *    notice, this list of conditions and the following disclaimer in
19  *    the documentation and/or other materials provided with the
20  *    distribution.
21  *
22  * 3. All advertising materials mentioning features or use of this
23  *    software must display the following acknowledgment:
24  *    "This product includes software developed by the OpenSSL Project
25  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26  *
27  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
28  *    endorse or promote products derived from this software without
29  *    prior written permission. For written permission, please contact
30  *    licensing@OpenSSL.org.
31  *
32  * 5. Products derived from this software may not be called "OpenSSL"
33  *    nor may "OpenSSL" appear in their names without prior written
34  *    permission of the OpenSSL Project.
35  *
36  * 6. Redistributions of any form whatsoever must retain the following
37  *    acknowledgment:
38  *    "This product includes software developed by the OpenSSL Project
39  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
42  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
45  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52  * OF THE POSSIBILITY OF SUCH DAMAGE.
53  * ====================================================================
54  *
55  * This product includes cryptographic software written by Eric Young
56  * (eay@cryptsoft.com).  This product includes software written by Tim
57  * Hudson (tjh@cryptsoft.com).
58  *
59  */
60
61 #include <stdio.h>
62 #include <string.h>
63 #include <openssl/crypto.h>
64 #include <openssl/buffer.h>
65 #include <openssl/dso.h>
66 #include <openssl/engine.h>
67
68 #ifndef OPENSSL_NO_HW
69 #ifndef OPENSSL_NO_HW_UBSEC
70
71 #ifdef FLAT_INC
72 #include "hw_ubsec.h"
73 #else
74 #include "vendor_defns/hw_ubsec.h"
75 #endif
76
77 #define UBSEC_LIB_NAME "ubsec engine"
78 #include "e_ubsec_err.c"
79
80 #define FAIL_TO_SOFTWARE -15
81
82 static int ubsec_destroy(ENGINE *e);
83 static int ubsec_init(ENGINE *e);
84 static int ubsec_finish(ENGINE *e);
85 static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
86 static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
87                 const BIGNUM *m, BN_CTX *ctx);
88 static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
89                         const BIGNUM *q, const BIGNUM *dp,
90                         const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
91 #ifndef OPENSSL_NO_RSA
92 static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
93 #endif
94 static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
95                 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
96 #ifndef OPENSSL_NO_DSA
97 #ifdef NOT_USED
98 static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
99                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
100                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
101 static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
102                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
103                 BN_MONT_CTX *m_ctx);
104 #endif
105 static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
106 static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
107                                 DSA_SIG *sig, DSA *dsa);
108 #endif
109 #ifndef OPENSSL_NO_DH
110 static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
111                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
112                 BN_MONT_CTX *m_ctx);
113 static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
114 static int ubsec_dh_generate_key(DH *dh);
115 #endif
116
117 #ifdef NOT_USED
118 static int ubsec_rand_bytes(unsigned char *buf, int num);
119 static int ubsec_rand_status(void);
120 #endif
121
122 #define UBSEC_CMD_SO_PATH               ENGINE_CMD_BASE
123 static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
124         {UBSEC_CMD_SO_PATH,
125                 "SO_PATH",
126                 "Specifies the path to the 'ubsec' shared library",
127                 ENGINE_CMD_FLAG_STRING},
128         {0, NULL, NULL, 0}
129         };
130
131 #ifndef OPENSSL_NO_RSA
132 /* Our internal RSA_METHOD that we provide pointers to */
133 static RSA_METHOD ubsec_rsa =
134         {
135         "UBSEC RSA method",
136         NULL,
137         NULL,
138         NULL,
139         NULL,
140         ubsec_rsa_mod_exp,
141         ubsec_mod_exp_mont,
142         NULL,
143         NULL,
144         0,
145         NULL,
146         NULL,
147         NULL
148         };
149 #endif
150
151 #ifndef OPENSSL_NO_DSA
152 /* Our internal DSA_METHOD that we provide pointers to */
153 static DSA_METHOD ubsec_dsa =
154         {
155         "UBSEC DSA method",
156         ubsec_dsa_do_sign, /* dsa_do_sign */
157         NULL, /* dsa_sign_setup */
158         ubsec_dsa_verify, /* dsa_do_verify */
159         NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
160         NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
161         NULL, /* init */
162         NULL, /* finish */
163         0, /* flags */
164         NULL /* app_data */
165         };
166 #endif
167
168 #ifndef OPENSSL_NO_DH
169 /* Our internal DH_METHOD that we provide pointers to */
170 static DH_METHOD ubsec_dh =
171         {
172         "UBSEC DH method",
173         ubsec_dh_generate_key,
174         ubsec_dh_compute_key,
175         ubsec_mod_exp_dh,
176         NULL,
177         NULL,
178         0,
179         NULL
180         };
181 #endif
182
183 /* Constants used when creating the ENGINE */
184 static const char *engine_ubsec_id = "ubsec";
185 static const char *engine_ubsec_name = "UBSEC hardware engine support";
186
187 /* This internal function is used by ENGINE_ubsec() and possibly by the
188  * "dynamic" ENGINE support too */
189 static int bind_helper(ENGINE *e)
190         {
191 #ifndef OPENSSL_NO_RSA
192         const RSA_METHOD *meth1;
193 #endif
194 #ifndef OPENSSL_NO_DH
195 #ifndef HAVE_UBSEC_DH
196         const DH_METHOD *meth3;
197 #endif /* HAVE_UBSEC_DH */
198 #endif
199         if(!ENGINE_set_id(e, engine_ubsec_id) ||
200                         !ENGINE_set_name(e, engine_ubsec_name) ||
201 #ifndef OPENSSL_NO_RSA
202                         !ENGINE_set_RSA(e, &ubsec_rsa) ||
203 #endif
204 #ifndef OPENSSL_NO_DSA
205                         !ENGINE_set_DSA(e, &ubsec_dsa) ||
206 #endif
207 #ifndef OPENSSL_NO_DH
208                         !ENGINE_set_DH(e, &ubsec_dh) ||
209 #endif
210                         !ENGINE_set_destroy_function(e, ubsec_destroy) ||
211                         !ENGINE_set_init_function(e, ubsec_init) ||
212                         !ENGINE_set_finish_function(e, ubsec_finish) ||
213                         !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
214                         !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
215                 return 0;
216
217 #ifndef OPENSSL_NO_RSA
218         /* We know that the "PKCS1_SSLeay()" functions hook properly
219          * to the Broadcom-specific mod_exp and mod_exp_crt so we use
220          * those functions. NB: We don't use ENGINE_openssl() or
221          * anything "more generic" because something like the RSAref
222          * code may not hook properly, and if you own one of these
223          * cards then you have the right to do RSA operations on it
224          * anyway! */ 
225         meth1 = RSA_PKCS1_SSLeay();
226         ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
227         ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
228         ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
229         ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
230 #endif
231
232 #ifndef OPENSSL_NO_DH
233 #ifndef HAVE_UBSEC_DH
234         /* Much the same for Diffie-Hellman */
235         meth3 = DH_OpenSSL();
236         ubsec_dh.generate_key = meth3->generate_key;
237         ubsec_dh.compute_key = meth3->compute_key;
238 #endif /* HAVE_UBSEC_DH */
239 #endif
240
241         /* Ensure the ubsec error handling is set up */
242         ERR_load_UBSEC_strings();
243         return 1;
244         }
245
246 static ENGINE *engine_ubsec(void)
247         {
248         ENGINE *ret = ENGINE_new();
249         if(!ret)
250                 return NULL;
251         if(!bind_helper(ret))
252                 {
253                 ENGINE_free(ret);
254                 return NULL;
255                 }
256         return ret;
257         }
258
259 void ENGINE_load_ubsec(void)
260         {
261         /* Copied from eng_[openssl|dyn].c */
262         ENGINE *toadd = engine_ubsec();
263         if(!toadd) return;
264         ENGINE_add(toadd);
265         ENGINE_free(toadd);
266         ERR_clear_error();
267         }
268
269 /* This is a process-global DSO handle used for loading and unloading
270  * the UBSEC library. NB: This is only set (or unset) during an
271  * init() or finish() call (reference counts permitting) and they're
272  * operating with global locks, so this should be thread-safe
273  * implicitly. */
274
275 static DSO *ubsec_dso = NULL;
276
277 /* These are the function pointers that are (un)set when the library has
278  * successfully (un)loaded. */
279
280 static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
281 static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
282 static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
283 static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
284 #ifndef OPENSSL_NO_DH
285 static t_UBSEC_diffie_hellman_generate_ioctl 
286         *p_UBSEC_diffie_hellman_generate_ioctl = NULL;
287 static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
288 #endif
289 /* #ifndef OPENSSL_NO_RSA */
290 static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
291 static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
292 /* #endif */
293 #ifndef OPENSSL_NO_DSA
294 static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
295 static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
296 #endif
297 static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
298 static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
299 static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
300
301 static int max_key_len = 1024;  /* ??? */
302
303 /* 
304  * These are the static string constants for the DSO file name and the function
305  * symbol names to bind to. 
306  */
307
308 static const char *UBSEC_LIBNAME = NULL;
309 static const char *get_UBSEC_LIBNAME(void)
310         {
311         if(UBSEC_LIBNAME)
312                 return UBSEC_LIBNAME;
313         return "ubsec";
314         }
315 static void free_UBSEC_LIBNAME(void)
316         {
317         if(UBSEC_LIBNAME)
318                 OPENSSL_free((void*)UBSEC_LIBNAME);
319         UBSEC_LIBNAME = NULL;
320         }
321 static long set_UBSEC_LIBNAME(const char *name)
322         {
323         free_UBSEC_LIBNAME();
324         return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
325         }
326 static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
327 static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
328 static const char *UBSEC_F3 = "ubsec_open";
329 static const char *UBSEC_F4 = "ubsec_close";
330 #ifndef OPENSSL_NO_DH
331 static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
332 static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
333 #endif
334 /* #ifndef OPENSSL_NO_RSA */
335 static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
336 static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
337 /* #endif */
338 #ifndef OPENSSL_NO_DSA
339 static const char *UBSEC_F9 = "dsa_sign_ioctl";
340 static const char *UBSEC_F10 = "dsa_verify_ioctl";
341 #endif
342 static const char *UBSEC_F11 = "math_accelerate_ioctl";
343 static const char *UBSEC_F12 = "rng_ioctl";
344 static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
345
346 /* Destructor (complements the "ENGINE_ubsec()" constructor) */
347 static int ubsec_destroy(ENGINE *e)
348         {
349         free_UBSEC_LIBNAME();
350         ERR_unload_UBSEC_strings();
351         return 1;
352         }
353
354 /* (de)initialisation functions. */
355 static int ubsec_init(ENGINE *e)
356         {
357         t_UBSEC_ubsec_bytes_to_bits *p1;
358         t_UBSEC_ubsec_bits_to_bytes *p2;
359         t_UBSEC_ubsec_open *p3;
360         t_UBSEC_ubsec_close *p4;
361 #ifndef OPENSSL_NO_DH
362         t_UBSEC_diffie_hellman_generate_ioctl *p5;
363         t_UBSEC_diffie_hellman_agree_ioctl *p6;
364 #endif
365 /* #ifndef OPENSSL_NO_RSA */
366         t_UBSEC_rsa_mod_exp_ioctl *p7;
367         t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
368 /* #endif */
369 #ifndef OPENSSL_NO_DSA
370         t_UBSEC_dsa_sign_ioctl *p9;
371         t_UBSEC_dsa_verify_ioctl *p10;
372 #endif
373         t_UBSEC_math_accelerate_ioctl *p11;
374         t_UBSEC_rng_ioctl *p12;
375         t_UBSEC_max_key_len_ioctl *p13;
376         int fd = 0;
377
378         if(ubsec_dso != NULL)
379                 {
380                 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
381                 goto err;
382                 }
383         /* 
384          * Attempt to load libubsec.so/ubsec.dll/whatever. 
385          */
386         ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
387         if(ubsec_dso == NULL)
388                 {
389                 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
390                 goto err;
391                 }
392
393         if (
394         !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
395         !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
396         !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
397         !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
398 #ifndef OPENSSL_NO_DH
399         !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) 
400                                 DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
401         !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) 
402                                 DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
403 #endif
404 /* #ifndef OPENSSL_NO_RSA */
405         !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
406         !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
407 /* #endif */
408 #ifndef OPENSSL_NO_DSA
409         !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
410         !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
411 #endif
412         !(p11 = (t_UBSEC_math_accelerate_ioctl *) 
413                                 DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
414         !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||
415         !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))
416                 {
417                 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
418                 goto err;
419                 }
420
421         /* Copy the pointers */
422         p_UBSEC_ubsec_bytes_to_bits = p1;
423         p_UBSEC_ubsec_bits_to_bytes = p2;
424         p_UBSEC_ubsec_open = p3;
425         p_UBSEC_ubsec_close = p4;
426 #ifndef OPENSSL_NO_DH
427         p_UBSEC_diffie_hellman_generate_ioctl = p5;
428         p_UBSEC_diffie_hellman_agree_ioctl = p6;
429 #endif
430 #ifndef OPENSSL_NO_RSA
431         p_UBSEC_rsa_mod_exp_ioctl = p7;
432         p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
433 #endif
434 #ifndef OPENSSL_NO_DSA
435         p_UBSEC_dsa_sign_ioctl = p9;
436         p_UBSEC_dsa_verify_ioctl = p10;
437 #endif
438         p_UBSEC_math_accelerate_ioctl = p11;
439         p_UBSEC_rng_ioctl = p12;
440         p_UBSEC_max_key_len_ioctl = p13;
441
442         /* Perform an open to see if there's actually any unit running. */
443         if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))
444         {
445            p_UBSEC_ubsec_close(fd);
446            return 1;
447         }
448         else
449         {
450           UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
451         }
452
453 err:
454         if(ubsec_dso)
455                 DSO_free(ubsec_dso);
456         p_UBSEC_ubsec_bytes_to_bits = NULL;
457         p_UBSEC_ubsec_bits_to_bytes = NULL;
458         p_UBSEC_ubsec_open = NULL;
459         p_UBSEC_ubsec_close = NULL;
460 #ifndef OPENSSL_NO_DH
461         p_UBSEC_diffie_hellman_generate_ioctl = NULL;
462         p_UBSEC_diffie_hellman_agree_ioctl = NULL;
463 #endif
464 #ifndef OPENSSL_NO_RSA
465         p_UBSEC_rsa_mod_exp_ioctl = NULL;
466         p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
467 #endif
468 #ifndef OPENSSL_NO_DSA
469         p_UBSEC_dsa_sign_ioctl = NULL;
470         p_UBSEC_dsa_verify_ioctl = NULL;
471 #endif
472         p_UBSEC_math_accelerate_ioctl = NULL;
473         p_UBSEC_rng_ioctl = NULL;
474         p_UBSEC_max_key_len_ioctl = NULL;
475
476         return 0;
477         }
478
479 static int ubsec_finish(ENGINE *e)
480         {
481         free_UBSEC_LIBNAME();
482         if(ubsec_dso == NULL)
483                 {
484                 UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
485                 return 0;
486                 }
487         if(!DSO_free(ubsec_dso))
488                 {
489                 UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
490                 return 0;
491                 }
492         ubsec_dso = NULL;
493         p_UBSEC_ubsec_bytes_to_bits = NULL;
494         p_UBSEC_ubsec_bits_to_bytes = NULL;
495         p_UBSEC_ubsec_open = NULL;
496         p_UBSEC_ubsec_close = NULL;
497 #ifndef OPENSSL_NO_DH
498         p_UBSEC_diffie_hellman_generate_ioctl = NULL;
499         p_UBSEC_diffie_hellman_agree_ioctl = NULL;
500 #endif
501 #ifndef OPENSSL_NO_RSA
502         p_UBSEC_rsa_mod_exp_ioctl = NULL;
503         p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
504 #endif
505 #ifndef OPENSSL_NO_DSA
506         p_UBSEC_dsa_sign_ioctl = NULL;
507         p_UBSEC_dsa_verify_ioctl = NULL;
508 #endif
509         p_UBSEC_math_accelerate_ioctl = NULL;
510         p_UBSEC_rng_ioctl = NULL;
511         p_UBSEC_max_key_len_ioctl = NULL;
512         return 1;
513         }
514
515 static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
516         {
517         int initialised = ((ubsec_dso == NULL) ? 0 : 1);
518         switch(cmd)
519                 {
520         case UBSEC_CMD_SO_PATH:
521                 if(p == NULL)
522                         {
523                         UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
524                         return 0;
525                         }
526                 if(initialised)
527                         {
528                         UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
529                         return 0;
530                         }
531                 return set_UBSEC_LIBNAME((const char *)p);
532         default:
533                 break;
534                 }
535         UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
536         return 0;
537         }
538
539 static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
540                 const BIGNUM *m, BN_CTX *ctx)
541         {
542         int     y_len = 0;
543         int     fd;
544
545         if(ubsec_dso == NULL)
546         {
547                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
548                 return 0;
549         }
550
551         /* Check if hardware can't handle this argument. */
552         y_len = BN_num_bits(m);
553         if (y_len > max_key_len) {
554                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
555                 return BN_mod_exp(r, a, p, m, ctx);
556         } 
557
558         if(!bn_wexpand(r, m->top))
559         {
560                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
561                 return 0;
562         }
563         memset(r->d, 0, BN_num_bytes(m));
564
565         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
566                 fd = 0;
567                 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
568                 return BN_mod_exp(r, a, p, m, ctx);
569         }
570
571         if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
572                 (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d, 
573                 BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
574         {
575                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
576                 p_UBSEC_ubsec_close(fd);
577
578                 return BN_mod_exp(r, a, p, m, ctx);
579         }
580
581         p_UBSEC_ubsec_close(fd);
582
583         r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
584         return 1;
585         }
586
587 #ifndef OPENSSL_NO_RSA
588 static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
589         {
590         BN_CTX *ctx;
591         int to_return = 0;
592
593         if((ctx = BN_CTX_new()) == NULL)
594                 goto err;
595
596         if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
597                 {
598                 UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
599                 goto err;
600                 }
601
602         to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
603                     rsa->dmq1, rsa->iqmp, ctx);
604         if (to_return == FAIL_TO_SOFTWARE)
605         {
606           /*
607            * Do in software as hardware failed.
608            */
609            const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
610            to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
611         }
612 err:
613         if(ctx)
614                 BN_CTX_free(ctx);
615         return to_return;
616         }
617 #endif
618
619 static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
620                         const BIGNUM *q, const BIGNUM *dp,
621                         const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
622         {
623         int     y_len,
624                 m_len,
625                 fd;
626
627         m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
628         y_len = BN_num_bits(p) + BN_num_bits(q);
629
630         /* Check if hardware can't handle this argument. */
631         if (y_len > max_key_len) {
632                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
633                 return FAIL_TO_SOFTWARE;
634         } 
635
636         if (!bn_wexpand(r, p->top + q->top + 1)) {
637                 UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
638                 return 0;
639         }
640
641         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
642                 fd = 0;
643                 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
644                 return FAIL_TO_SOFTWARE;
645         }
646
647         if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
648                 (unsigned char *)a->d, BN_num_bits(a), 
649                 (unsigned char *)qinv->d, BN_num_bits(qinv),
650                 (unsigned char *)dp->d, BN_num_bits(dp),
651                 (unsigned char *)p->d, BN_num_bits(p),
652                 (unsigned char *)dq->d, BN_num_bits(dq),
653                 (unsigned char *)q->d, BN_num_bits(q),
654                 (unsigned char *)r->d,  &y_len) != 0) {
655                 UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
656                 p_UBSEC_ubsec_close(fd);
657                 return FAIL_TO_SOFTWARE;
658         }
659
660         p_UBSEC_ubsec_close(fd);
661
662         r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
663         return 1;
664 }
665
666 #ifndef OPENSSL_NO_DSA
667 #ifdef NOT_USED
668 static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
669                 BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
670                 BN_CTX *ctx, BN_MONT_CTX *in_mont)
671         {
672         BIGNUM t;
673         int to_return = 0;
674  
675         BN_init(&t);
676         /* let rr = a1 ^ p1 mod m */
677         if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
678         /* let t = a2 ^ p2 mod m */
679         if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
680         /* let rr = rr * t mod m */
681         if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
682         to_return = 1;
683 end:
684         BN_free(&t);
685         return to_return;
686         }
687
688 static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
689                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
690                 BN_MONT_CTX *m_ctx)
691         {
692         return ubsec_mod_exp(r, a, p, m, ctx);
693         }
694 #endif
695 #endif
696
697 /*
698  * This function is aliased to mod_exp (with the mont stuff dropped).
699  */
700 static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
701                 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
702         {
703         int ret = 0;
704
705 #ifndef OPENSSL_NO_RSA
706         /* Do in software if the key is too large for the hardware. */
707         if (BN_num_bits(m) > max_key_len)
708                 {
709                 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
710                 ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
711                 }
712         else
713 #endif
714                 {
715                 ret = ubsec_mod_exp(r, a, p, m, ctx);
716                 }
717         
718         return ret;
719         }
720
721 #ifndef OPENSSL_NO_DH
722 /* This function is aliased to mod_exp (with the dh and mont dropped). */
723 static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
724                 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
725                 BN_MONT_CTX *m_ctx)
726         {
727         return ubsec_mod_exp(r, a, p, m, ctx);
728         }
729 #endif
730
731 #ifndef OPENSSL_NO_DSA
732 static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
733         {
734         DSA_SIG *to_return = NULL;
735         int s_len = 160, r_len = 160, d_len, fd;
736         BIGNUM m, *r=NULL, *s=NULL;
737
738         BN_init(&m);
739
740         s = BN_new();
741         r = BN_new();
742         if ((s == NULL) || (r==NULL))
743                 goto err;
744
745         d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
746
747         if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
748            (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
749                 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
750                 goto err;
751         }
752
753         if (BN_bin2bn(dgst,dlen,&m) == NULL) {
754                 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
755                 goto err;
756         } 
757
758         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
759                 const DSA_METHOD *meth;
760                 fd = 0;
761                 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
762                 meth = DSA_OpenSSL();
763                 to_return =  meth->dsa_do_sign(dgst, dlen, dsa);
764                 goto err;
765         }
766
767         if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
768                 (unsigned char *)dgst, d_len,
769                 NULL, 0,  /* compute random value */
770                 (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
771                 (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
772                 (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
773                 (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
774                 (unsigned char *)r->d, &r_len,
775                 (unsigned char *)s->d, &s_len ) != 0) {
776                 const DSA_METHOD *meth;
777
778                 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED);
779                 p_UBSEC_ubsec_close(fd);
780                 meth = DSA_OpenSSL();
781                 to_return = meth->dsa_do_sign(dgst, dlen, dsa);
782
783                 goto err;
784         }
785
786         p_UBSEC_ubsec_close(fd);
787
788         r->top = (160+BN_BITS2-1)/BN_BITS2;
789         s->top = (160+BN_BITS2-1)/BN_BITS2;
790
791         to_return = DSA_SIG_new();
792         if(to_return == NULL) {
793                 UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
794                 goto err;
795         }
796
797         to_return->r = r;
798         to_return->s = s;
799
800 err:
801         if (!to_return) {
802                 if (r) BN_free(r);
803                 if (s) BN_free(s);
804         }                                 
805         BN_clear_free(&m);
806         return to_return;
807 }
808
809 static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
810                                 DSA_SIG *sig, DSA *dsa)
811         {
812         int v_len, d_len;
813         int to_return = 0;
814         int fd;
815         BIGNUM v;
816
817         BN_init(&v);
818
819         if(!bn_wexpand(&v, dsa->p->top)) {
820                 UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL);
821                 goto err;
822         }
823
824         v_len = BN_num_bits(dsa->p);
825
826         d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
827
828         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
829                 const DSA_METHOD *meth;
830                 fd = 0;
831                 UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
832                 meth = DSA_OpenSSL();
833                 to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
834                 goto err;
835         }
836
837         if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
838                 (unsigned char *)dgst, d_len,
839                 (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
840                 (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
841                 (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
842                 (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
843                 (unsigned char *)sig->r->d, BN_num_bits(sig->r),
844                 (unsigned char *)sig->s->d, BN_num_bits(sig->s),
845                 (unsigned char *)v.d, &v_len) != 0) {
846                 const DSA_METHOD *meth;
847                 UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED);
848                 p_UBSEC_ubsec_close(fd);
849
850                 meth = DSA_OpenSSL();
851                 to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
852
853                 goto err;
854         }
855
856         p_UBSEC_ubsec_close(fd);
857
858         to_return = 1;
859 err:
860         BN_clear_free(&v);
861         return to_return;
862         }
863 #endif
864
865 #ifndef OPENSSL_NO_DH
866 static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh)
867         {
868         int      ret      = -1,
869                  k_len,
870                  fd;
871
872         k_len = BN_num_bits(dh->p);
873
874         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
875                 {
876                 const DH_METHOD *meth;
877                 ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
878                 meth = DH_OpenSSL();
879                 ret = meth->compute_key(key, pub_key, dh);
880                 goto err;
881                 }
882
883         if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
884                                                (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),
885                                                (unsigned char *)pub_key->d, BN_num_bits(pub_key),
886                                                (unsigned char *)dh->p->d, BN_num_bits(dh->p),
887                                                key, &k_len) != 0)
888                 {
889                 /* Hardware's a no go, failover to software */
890                 const DH_METHOD *meth;
891                 ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
892                 p_UBSEC_ubsec_close(fd);
893
894                 meth = DH_OpenSSL();
895                 ret = meth->compute_key(key, pub_key, dh);
896
897                 goto err;
898                 }
899
900         p_UBSEC_ubsec_close(fd);
901
902         ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
903 err:
904         return ret;
905         }
906
907 static int ubsec_dh_generate_key (DH *dh)
908         {
909         int      ret               = 0,
910                  random_bits       = 0,
911                  pub_key_len       = 0,
912                  priv_key_len      = 0,
913                  fd;
914         BIGNUM   *pub_key          = NULL;
915         BIGNUM   *priv_key         = NULL;
916
917         /* 
918          *  How many bits should Random x be? dh_key.c
919          *  sets the range from 0 to num_bits(modulus) ???
920          */
921
922         if (dh->priv_key == NULL)
923                 {
924                 priv_key = BN_new();
925                 if (priv_key == NULL) goto err;
926                 priv_key_len = BN_num_bits(dh->p);
927                 bn_wexpand(priv_key, dh->p->top);
928                 do
929                         if (!BN_rand_range(priv_key, dh->p)) goto err;
930                 while (BN_is_zero(priv_key));
931                 random_bits = BN_num_bits(priv_key);
932                 }
933         else
934                 {
935                 priv_key = dh->priv_key;
936                 }
937
938         if (dh->pub_key == NULL)
939                 {
940                 pub_key = BN_new();
941                 pub_key_len = BN_num_bits(dh->p);
942                 bn_wexpand(pub_key, dh->p->top);
943                 if(pub_key == NULL) goto err;
944                 }
945         else
946                 {
947                 pub_key = dh->pub_key;
948                 }
949
950         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
951                 {
952                 const DH_METHOD *meth;
953                 ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
954                 meth = DH_OpenSSL();
955                 ret = meth->generate_key(dh);
956                 goto err;
957                 }
958
959         if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
960                                                   (unsigned char *)priv_key->d, &priv_key_len,
961                                                   (unsigned char *)pub_key->d,  &pub_key_len,
962                                                   (unsigned char *)dh->g->d, BN_num_bits(dh->g),
963                                                   (unsigned char *)dh->p->d, BN_num_bits(dh->p),
964                                                   0, 0, random_bits) != 0)
965                 {
966                 /* Hardware's a no go, failover to software */
967                 const DH_METHOD *meth;
968
969                 ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
970                 p_UBSEC_ubsec_close(fd);
971
972                 meth = DH_OpenSSL();
973                 ret = meth->generate_key(dh);
974
975                 goto err;
976                 }
977
978         p_UBSEC_ubsec_close(fd);
979
980         dh->pub_key = pub_key;
981         dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;
982         dh->priv_key = priv_key;
983         dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;
984
985         ret = 1;
986 err:
987         return ret;
988         }
989 #endif
990
991 #ifdef NOT_USED
992 static int ubsec_rand_bytes(unsigned char * buf,
993                             int num)
994         {
995         int      ret      = 0,
996                  fd;
997
998         if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
999                 {
1000                 const RAND_METHOD *meth;
1001                 ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
1002                 num = p_UBSEC_ubsec_bits_to_bytes(num);
1003                 meth = RAND_SSLeay();
1004                 meth->seed(buf, num);
1005                 ret = meth->bytes(buf, num);
1006                 goto err;
1007                 }
1008
1009         num *= 8; /* bytes to bits */
1010
1011         if (p_UBSEC_rng_ioctl(fd,
1012                               UBSEC_RNG_DIRECT,
1013                               buf,
1014                               &num) != 0)
1015                 {
1016                 /* Hardware's a no go, failover to software */
1017                 const RAND_METHOD *meth;
1018
1019                 ENGINEerr(UBSEC_F_UBSEC_RNG_BYTES, UBSEC_R_REQUEST_FAILED);
1020                 p_UBSEC_ubsec_close(fd);
1021
1022                 num = p_UBSEC_ubsec_bits_to_bytes(num);
1023                 meth = RAND_SSLeay();
1024                 meth->seed(buf, num);
1025                 ret = meth->bytes(buf, num);
1026
1027                 goto err;
1028                 }
1029
1030         p_UBSEC_ubsec_close(fd);
1031
1032         ret = 1;
1033 err:
1034         return(ret);
1035         }
1036
1037
1038 static int ubsec_rand_status(void)
1039         {
1040         return 0;
1041         }
1042 #endif
1043
1044 /* This stuff is needed if this ENGINE is being compiled into a self-contained
1045  * shared-library. */
1046 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
1047 static int bind_fn(ENGINE *e, const char *id)
1048         {
1049         if(id && (strcmp(id, engine_ubsec_id) != 0))
1050                 return 0;
1051         if(!bind_helper(e))
1052                 return 0;
1053         return 1;
1054         }
1055 IMPLEMENT_DYNAMIC_CHECK_FN()
1056 IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
1057 #endif /* OPENSSL_NO_DYNAMIC_ENGINE */
1058
1059 #endif /* !OPENSSL_NO_HW_UBSEC */
1060 #endif /* !OPENSSL_NO_HW */