hw_zencod.c

开源的ssl算法openssl,版本0.9.8H

		goto FAILED;
	}

	bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
	BIGNUM2ZEN ( &p, dsa->p ) ;
	BIGNUM2ZEN ( &q, dsa->q ) ;
	BIGNUM2ZEN ( &g, dsa->g ) ;
	BIGNUM2ZEN ( &x, dsa->priv_key ) ;
	BIGNUM2ZEN ( &y, dsa->pub_key ) ;
	BIGNUM2ZEN ( &r, bn_r ) ;
	BIGNUM2ZEN ( &s, bn_s ) ;
	q.len = x.len = 160;

	ypcmem(msg, dgst, 20);
	ptr_zencod_init_number ( &data, 160, msg ) ;

	if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) {
		PERROR("zenbridge_dsa_do_sign");
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
		goto FAILED;
	}

	if ( !( sig = DSA_SIG_new () ) ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
		goto FAILED;
	}
	sig->r = bn_r;
	sig->s = bn_s;
	return sig;

 FAILED:
	if (bn_r)
		BN_free(bn_r);
	if (bn_s)
		BN_free(bn_s);
	return NULL;
}


static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa )
{
	zen_nb_t data, p, q, g, y, r, s, v;
	char msg[20];
	char v_data[20];
	int ret;

	CHEESE();

	if ( !zencod_dso ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);
		return 0;
	}

	if ( dlen > 160 ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
		return 0;
	}

	/* Do in software if argument is too large for hardware */
	if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
		BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
		const DSA_METHOD *meth;
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
		meth = DSA_OpenSSL();
		return meth->dsa_do_verify(dgst, dlen, sig, dsa);
	}

	BIGNUM2ZEN ( &p, dsa->p ) ;
	BIGNUM2ZEN ( &q, dsa->q ) ;
	BIGNUM2ZEN ( &g, dsa->g ) ;
	BIGNUM2ZEN ( &y, dsa->pub_key ) ;
	BIGNUM2ZEN ( &r, sig->r ) ;
	BIGNUM2ZEN ( &s, sig->s ) ;
	ptr_zencod_init_number ( &v, 160, v_data ) ;
	ypcmem(msg, dgst, 20);
	ptr_zencod_init_number ( &data, 160, msg ) ;

	if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) {
		PERROR("zenbridge_dsa_do_verify");
		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);
		return 0;
	}

	return ( ( ret == 0 ) ? 1 : ret ) ;
}


static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
			     BN_CTX *ctx, BN_MONT_CTX *m_ctx )
{
	CHEESE () ;

	return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
}
#endif /* !OPENSSL_NO_DSA */


#ifndef OPENSSl_NO_DH
/* DH stuff Functions
 */
static int DH_zencod_generate_key ( DH *dh )
{
	BIGNUM *bn_prv = NULL;
	BIGNUM *bn_pub = NULL;
	zen_nb_t y, x, g, p;
	int generate_x;

	CHEESE();

	if ( !zencod_dso ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_NOT_LOADED);
		return 0;
	}

	/* Private key */
	if ( dh->priv_key ) {
		bn_prv = dh->priv_key;
		generate_x = 0;
	} else {
		if (!(bn_prv = BN_new())) {
			ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
			goto FAILED;
		}
		generate_x = 1;
	}

	/* Public key */
	if ( dh->pub_key )
		bn_pub = dh->pub_key;
	else
		if ( !( bn_pub = BN_new () ) ) {
			ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
			goto FAILED;
		}

	/* Expand */
	if ( !bn_wexpand ( bn_prv, dh->p->dmax ) ||
	    !bn_wexpand ( bn_pub, dh->p->dmax ) ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
		goto FAILED;
	}
	bn_prv->top = dh->p->top;
	bn_pub->top = dh->p->top;

	/* Convert all keys */
	BIGNUM2ZEN ( &p, dh->p ) ;
	BIGNUM2ZEN ( &g, dh->g ) ;
	BIGNUM2ZEN ( &y, bn_pub ) ;
	BIGNUM2ZEN ( &x, bn_prv ) ;
	x.len = DH_size(dh) * 8;

	/* Adjust the lengths of P and G */
	p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
	g.len = ptr_zencod_bytes2bits ( g.data, ZEN_BYTES ( g.len ) ) ;

	/* Send the request to the driver */
	if ( ptr_zencod_dh_generate_key ( &y, &x, &g, &p, generate_x ) < 0 ) {
		perror("zenbridge_dh_generate_key");
		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_REQUEST_FAILED);
		goto FAILED;
	}

	dh->priv_key = bn_prv;
	dh->pub_key  = bn_pub;

	return 1;

 FAILED:
	if (!dh->priv_key && bn_prv)
		BN_free(bn_prv);
	if (!dh->pub_key && bn_pub)
		BN_free(bn_pub);

	return 0;
}


static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh )
{
	zen_nb_t y, x, p, k;

	CHEESE();

	if ( !zencod_dso ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_NOT_LOADED);
		return 0;
	}

	if ( !dh->priv_key ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_BAD_KEY_COMPONENTS);
		return 0;
	}

	/* Convert all keys */
	BIGNUM2ZEN ( &y, pub_key ) ;
	BIGNUM2ZEN ( &x, dh->priv_key ) ;
	BIGNUM2ZEN ( &p, dh->p ) ;
	ptr_zencod_init_number ( &k, p.len, key ) ;

	/* Adjust the lengths */
	p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
	y.len = ptr_zencod_bytes2bits ( y.data, ZEN_BYTES ( y.len ) ) ;
	x.len = ptr_zencod_bytes2bits ( x.data, ZEN_BYTES ( x.len ) ) ;

	/* Call the hardware */
	if ( ptr_zencod_dh_compute_key ( &k, &y, &x, &p ) < 0 ) {
		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_REQUEST_FAILED);
		return 0;
	}

	/* The key must be written MSB -> LSB */
	k.len = ptr_zencod_bytes2bits ( k.data, ZEN_BYTES ( k.len ) ) ;
	esrever ( key, ZEN_BYTES ( k.len ) ) ;

	return ZEN_BYTES ( k.len ) ;
}


static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
		BN_MONT_CTX *m_ctx )
{
	CHEESE () ;

	return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
}
#endif	/* !OPENSSL_NO_DH */


/* RAND stuff Functions
 */
static void RAND_zencod_seed ( const void *buf, int num )
{
	/* Nothing to do cause our crypto accelerator provide a true random generator */
}


static int RAND_zencod_rand_bytes ( unsigned char *buf, int num )
{
	zen_nb_t r;

	CHEESE();

	if ( !zencod_dso ) {
		ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_NOT_LOADED);
		return 0;
	}

	ptr_zencod_init_number ( &r, num * 8, buf ) ;

	if ( ptr_zencod_rand_bytes ( &r, ZENBRIDGE_RNG_DIRECT ) < 0 ) {
		PERROR("zenbridge_rand_bytes");
		ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_REQUEST_FAILED);
		return 0;
	}

	return 1;
}


static int RAND_zencod_rand_status ( void )
{
	CHEESE () ;

	return 1;
}


/* This stuff is needed if this ENGINE is being compiled into a self-contained
 * shared-library.
 */
#ifdef ENGINE_DYNAMIC_SUPPORT
static int bind_fn ( ENGINE *e, const char *id )
{

	if ( id && ( strcmp ( id, engine_zencod_id ) != 0 ) ) {
		return 0 ;
	}
	if ( !bind_helper ( e ) )  {
		return 0 ;
	}

	return 1 ;
}

IMPLEMENT_DYNAMIC_CHECK_FN ()
IMPLEMENT_DYNAMIC_BIND_FN ( bind_fn )
#endif /* ENGINE_DYNAMIC_SUPPORT */




/*
 * Adding "Digest" and "Cipher" tools ...
 * This is in development ... ;-)
 * In orfer to code this, i refer to hw_openbsd_dev_crypto and openssl engine made by Geoff Thorpe (if i'm rigth),
 * and evp, sha md5 definitions etc ...
 */
/* First add some include ... */
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
#include <openssl/rc4.h>
#include <openssl/des.h>


/* Some variables declaration ... */
/* DONS:
 * Disable symetric computation except DES and 3DES, but let part of the code
 */
/* static int engine_digest_nids [ ] = { NID_sha1, NID_md5 } ; */
static int engine_digest_nids [ ] = {  } ;
static int engine_digest_nids_num = 0 ;
/* static int engine_cipher_nids [ ] = { NID_rc4, NID_rc4_40, NID_des_cbc, NID_des_ede3_cbc } ; */
static int engine_cipher_nids [ ] = { NID_des_cbc, NID_des_ede3_cbc } ;
static int engine_cipher_nids_num = 2 ;


/* Function prototype ... */
/*  SHA stuff */
static int engine_sha1_init ( EVP_MD_CTX *ctx ) ;
static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;

/*  MD5 stuff */
static int engine_md5_init ( EVP_MD_CTX *ctx ) ;
static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;

static int engine_md_cleanup ( EVP_MD_CTX *ctx ) ;
static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from ) ;


/* RC4 Stuff */
static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;

/* DES Stuff */
static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;

/*  3DES Stuff */
static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out,const unsigned char *in, unsigned int inl ) ;

static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx ) ;	/* cleanup ctx */


/* The one for SHA ... */
static const EVP_MD engine_sha1_md =
{
	NID_sha1,
	NID_sha1WithRSAEncryption,
	SHA_DIGEST_LENGTH,
	EVP_MD_FLAG_ONESHOT,
	/* 0, */			/* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
				* XXX: set according to device info ... */
	engine_sha1_init,
	engine_sha1_update,
	engine_sha1_final,
	engine_md_copy,		/* dev_crypto_sha_copy */
	engine_md_cleanup,		/* dev_crypto_sha_cleanup */
	EVP_PKEY_RSA_method,
	SHA_CBLOCK,
	/* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */
	sizeof ( ZEN_MD_DATA )
	/* sizeof ( MD_CTX_DATA )	The message digest data structure ... */
} ;

/* The one for MD5 ... */
static const EVP_MD engine_md5_md =
{
	NID_md5,
	NID_md5WithRSAEncryption,
	MD5_DIGEST_LENGTH,
	EVP_MD_FLAG_ONESHOT,
	/* 0, */			/* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
				* XXX: set according to device info ... */
	engine_md5_init,
	engine_md5_update,
	engine_md5_final,
	engine_md_copy,		/* dev_crypto_md5_copy */
	engine_md_cleanup,		/* dev_crypto_md5_cleanup */
	EVP_PKEY_RSA_method,
	MD5_CBLOCK,
	/* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */
	sizeof ( ZEN_MD_DATA )
	/* sizeof ( MD_CTX_DATA )	The message digest data structure ... */
} ;


/* The one for RC4 ... */
#define EVP_RC4_KEY_SIZE			16

/* Try something static ... */
typedef struct
{
	unsigned int len ;
	unsigned int first ;
	unsigned char rc4_state [ 260 ] ;
} NEW_ZEN_RC4_KEY ;

#define rc4_data(ctx)				( (EVP_RC4_KEY *) ( ctx )->cipher_data )

static const EVP_CIPHER engine_rc4 =
{
	NID_rc4,
	1,
	16,				/* EVP_RC4_KEY_SIZE should be 128 bits */
	0,				/* FIXME: key should be up to 256 bytes */
	EVP_CIPH_VARIABLE_LENGTH,
	engine_rc4_init_key,
	engine_rc4_cipher,
	engine_cipher_cleanup,
	sizeof ( NEW_ZEN_RC4_KEY ),
	NULL,
	NULL,
	NULL
} ;

/* The one for RC4_40 ... */
static const EVP_CIPHER engine_rc4_40 =
{
	NID_rc4_40,
	1,
	5,				/* 40 bits */
	0,
	EVP_CIPH_VARIABLE_LENGTH,
	engine_rc4_init_key,
	engine_rc4_cipher,
	engine_cipher_cleanup,
	sizeof ( NEW_ZEN_RC4_KEY ),
	NULL,
	NULL,
	NULL
} ;