📄 hw_ncipher.c
字号:
/* Prepare the params */ bn_expand2(r, m->top); /* Check for error !! */ BN2MPI(m_a, a); BN2MPI(m_p, p); BN2MPI(m_n, m); MPI2BN(r, m_r); /* Perform the operation */ ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg); /* Convert the response */ r->top = m_r.size / sizeof(BN_ULONG); bn_fix_top(r); if (ret < 0) { /* FIXME: When this error is returned, HWCryptoHook is telling us that falling back to software computation might be a good thing. */ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) { HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK); } else { HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED); } ERR_add_error_data(1,rmsg.buf); goto err; } to_return = 1;err: return to_return; }#ifndef OPENSSL_NO_RSA static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) { char tempbuf[1024]; HWCryptoHook_ErrMsgBuf rmsg; HWCryptoHook_RSAKeyHandle *hptr; int to_return = 0, ret; rmsg.buf = tempbuf; rmsg.size = sizeof(tempbuf); if(!hwcrhk_context) { HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED); goto err; } /* This provides support for nForce keys. Since that's opaque data all we do is provide a handle to the proper key and let HWCryptoHook take care of the rest. */ if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa)) != NULL) { HWCryptoHook_MPI m_a, m_r; if(!rsa->n) { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_MISSING_KEY_COMPONENTS); goto err; } /* Prepare the params */ bn_expand2(r, rsa->n->top); /* Check for error !! */ BN2MPI(m_a, I); MPI2BN(r, m_r); /* Perform the operation */ ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg); /* Convert the response */ r->top = m_r.size / sizeof(BN_ULONG); bn_fix_top(r); if (ret < 0) { /* FIXME: When this error is returned, HWCryptoHook is telling us that falling back to software computation might be a good thing. */ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK); } else { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_REQUEST_FAILED); } ERR_add_error_data(1,rmsg.buf); goto err; } } else { HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r; if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_MISSING_KEY_COMPONENTS); goto err; } /* Prepare the params */ bn_expand2(r, rsa->n->top); /* Check for error !! */ BN2MPI(m_a, I); BN2MPI(m_p, rsa->p); BN2MPI(m_q, rsa->q); BN2MPI(m_dmp1, rsa->dmp1); BN2MPI(m_dmq1, rsa->dmq1); BN2MPI(m_iqmp, rsa->iqmp); MPI2BN(r, m_r); /* Perform the operation */ ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg); /* Convert the response */ r->top = m_r.size / sizeof(BN_ULONG); bn_fix_top(r); if (ret < 0) { /* FIXME: When this error is returned, HWCryptoHook is telling us that falling back to software computation might be a good thing. */ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK); } else { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_REQUEST_FAILED); } ERR_add_error_data(1,rmsg.buf); goto err; } } /* If we're here, we must be here with some semblance of success :-) */ to_return = 1;err: return to_return; }#endif/* This function is aliased to mod_exp (with the mont stuff dropped). */static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return hwcrhk_mod_exp(r, a, p, m, ctx); }#ifndef OPENSSL_NO_DH/* This function is aliased to mod_exp (with the dh and mont dropped). */static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return hwcrhk_mod_exp(r, a, p, m, ctx); }#endif/* Random bytes are good */static int hwcrhk_rand_bytes(unsigned char *buf, int num) { char tempbuf[1024]; HWCryptoHook_ErrMsgBuf rmsg; int to_return = 0; /* assume failure */ int ret; rmsg.buf = tempbuf; rmsg.size = sizeof(tempbuf); if(!hwcrhk_context) { HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED); goto err; } ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg); if (ret < 0) { /* FIXME: When this error is returned, HWCryptoHook is telling us that falling back to software computation might be a good thing. */ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) { HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FALLBACK); } else { HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FAILED); } ERR_add_error_data(1,rmsg.buf); goto err; } to_return = 1; err: return to_return; }static int hwcrhk_rand_status(void) { return 1; }/* This cleans up an RSA KM key, called when ex_data is freed */static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int ind,long argl, void *argp){ char tempbuf[1024]; HWCryptoHook_ErrMsgBuf rmsg;#ifndef OPENSSL_NO_RSA HWCryptoHook_RSAKeyHandle *hptr;#endif#if !defined(OPENSSL_NO_RSA) int ret;#endif rmsg.buf = tempbuf; rmsg.size = sizeof(tempbuf);#ifndef OPENSSL_NO_RSA hptr = (HWCryptoHook_RSAKeyHandle *) item; if(hptr) { ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); OPENSSL_free(hptr); }#endif}/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model * these just wrap the POSIX functions and add some logging. */static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt, HWCryptoHook_CallerContext *cactx) { mt->lockid = CRYPTO_get_new_dynlockid(); if (mt->lockid == 0) return 1; /* failure */ return 0; /* success */ }static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt) { CRYPTO_w_lock(mt->lockid); return 0; }static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt) { CRYPTO_w_unlock(mt->lockid); }static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt) { CRYPTO_destroy_dynlockid(mt->lockid); }/* Mutex upcalls to use if the application does not support dynamic locks */static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m, HWCryptoHook_CallerContext *c) { return 0; }static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m) { CRYPTO_w_lock(CRYPTO_LOCK_HWCRHK); return 0; }static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m) { CRYPTO_w_unlock(CRYPTO_LOCK_HWCRHK); }static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m) { }static int hwcrhk_get_pass(const char *prompt_info, int *len_io, char *buf, HWCryptoHook_PassphraseContext *ppctx, HWCryptoHook_CallerContext *cactx) { pem_password_cb *callback = NULL; void *callback_data = NULL; UI_METHOD *ui_method = NULL; if (cactx) { if (cactx->ui_method) ui_method = cactx->ui_method; if (cactx->password_callback) callback = cactx->password_callback; if (cactx->callback_data) callback_data = cactx->callback_data; } if (ppctx) { if (ppctx->ui_method) { ui_method = ppctx->ui_method; callback = NULL; } if (ppctx->callback_data) callback_data = ppctx->callback_data; } if (callback == NULL && ui_method == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK); return -1; } if (ui_method) { UI *ui = UI_new_method(ui_method); if (ui) { int ok; char *prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); ok = UI_add_input_string(ui,prompt, UI_INPUT_FLAG_DEFAULT_PWD, buf,0,(*len_io) - 1); UI_add_user_data(ui, callback_data); UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); if (ok >= 0) do { ok=UI_process(ui); } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); if (ok >= 0) *len_io = strlen(buf); UI_free(ui); OPENSSL_free(prompt); } } else { *len_io = callback(buf, *len_io, 0, callback_data); } if(!*len_io) return -1; return 0; }static int hwcrhk_insert_card(const char *prompt_info, const char *wrong_info, HWCryptoHook_PassphraseContext *ppctx, HWCryptoHook_CallerContext *cactx) { int ok = -1; UI *ui; void *callback_data = NULL; UI_METHOD *ui_method = NULL; if (cactx) { if (cactx->ui_method) ui_method = cactx->ui_method; if (cactx->callback_data) callback_data = cactx->callback_data; } if (ppctx) { if (ppctx->ui_method) ui_method = ppctx->ui_method; if (ppctx->callback_data) callback_data = ppctx->callback_data; } if (ui_method == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, HWCRHK_R_NO_CALLBACK); return -1; } ui = UI_new_method(ui_method); if (ui) { char answer; char buf[BUFSIZ]; if (wrong_info) BIO_snprintf(buf, sizeof(buf)-1, "Current card: \"%s\"\n", wrong_info); ok = UI_dup_info_string(ui, buf); if (ok >= 0 && prompt_info) { BIO_snprintf(buf, sizeof(buf)-1, "Insert card \"%s\"", prompt_info); ok = UI_dup_input_boolean(ui, buf, "\n then hit <enter> or C<enter> to cancel\n", "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer); } UI_add_user_data(ui, callback_data); if (ok >= 0) ok = UI_process(ui); UI_free(ui); if (ok == -2 || (ok >= 0 && answer == 'C')) ok = 1; else if (ok < 0) ok = -1; else ok = 0; } return ok; }static void hwcrhk_log_message(void *logstr, const char *message) { BIO *lstream = NULL; CRYPTO_w_lock(CRYPTO_LOCK_BIO); if (logstr) lstream=*(BIO **)logstr; if (lstream) { BIO_printf(lstream, "%s\n", message); } CRYPTO_w_unlock(CRYPTO_LOCK_BIO); }/* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ #ifdef ENGINE_DYNAMIC_SUPPORTstatic int bind_fn(ENGINE *e, const char *id) { if(id && (strcmp(id, engine_hwcrhk_id) != 0)) return 0; if(!bind_helper(e)) return 0; return 1; } IMPLEMENT_DYNAMIC_CHECK_FN()IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)#endif /* ENGINE_DYNAMIC_SUPPORT */#endif /* !OPENSSL_NO_HW_NCIPHER */#endif /* !OPENSSL_NO_HW */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -