📄 e_ubsec.c
字号:
#ifndef OPENSSL_NO_RSA /* Do in software if the key is too large for the hardware. */ if (BN_num_bits(m) > max_key_len) { const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx); } else#endif { ret = ubsec_mod_exp(r, a, p, m, ctx); } return ret; }#ifndef OPENSSL_NO_DH/* This function is aliased to mod_exp (with the dh and mont dropped). */static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { return ubsec_mod_exp(r, a, p, m, ctx); }#endif#ifndef OPENSSL_NO_DSAstatic DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { DSA_SIG *to_return = NULL; int s_len = 160, r_len = 160, d_len, fd; BIGNUM m, *r=NULL, *s=NULL; BN_init(&m); s = BN_new(); r = BN_new(); if ((s == NULL) || (r==NULL)) goto err; d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen); if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) || (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) { UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL); goto err; } if (BN_bin2bn(dgst,dlen,&m) == NULL) { UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL); goto err; } if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { const DSA_METHOD *meth; fd = 0; UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE); meth = DSA_OpenSSL(); to_return = meth->dsa_do_sign(dgst, dlen, dsa); goto err; } if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */ (unsigned char *)dgst, d_len, NULL, 0, /* compute random value */ (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), (unsigned char *)dsa->q->d, BN_num_bits(dsa->q), (unsigned char *)dsa->g->d, BN_num_bits(dsa->g), (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key), (unsigned char *)r->d, &r_len, (unsigned char *)s->d, &s_len ) != 0) { const DSA_METHOD *meth; UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED); p_UBSEC_ubsec_close(fd); meth = DSA_OpenSSL(); to_return = meth->dsa_do_sign(dgst, dlen, dsa); goto err; } p_UBSEC_ubsec_close(fd); r->top = (160+BN_BITS2-1)/BN_BITS2; s->top = (160+BN_BITS2-1)/BN_BITS2; to_return = DSA_SIG_new(); if(to_return == NULL) { UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL); goto err; } to_return->r = r; to_return->s = s;err: if (!to_return) { if (r) BN_free(r); if (s) BN_free(s); } BN_clear_free(&m); return to_return;}static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { int v_len, d_len; int to_return = 0; int fd; BIGNUM v; BN_init(&v); if(!bn_wexpand(&v, dsa->p->top)) { UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL); goto err; } v_len = BN_num_bits(dsa->p); d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len); if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { const DSA_METHOD *meth; fd = 0; UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE); meth = DSA_OpenSSL(); to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa); goto err; } if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */ (unsigned char *)dgst, d_len, (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), (unsigned char *)dsa->q->d, BN_num_bits(dsa->q), (unsigned char *)dsa->g->d, BN_num_bits(dsa->g), (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key), (unsigned char *)sig->r->d, BN_num_bits(sig->r), (unsigned char *)sig->s->d, BN_num_bits(sig->s), (unsigned char *)v.d, &v_len) != 0) { const DSA_METHOD *meth; UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED); p_UBSEC_ubsec_close(fd); meth = DSA_OpenSSL(); to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa); goto err; } p_UBSEC_ubsec_close(fd); to_return = 1;err: BN_clear_free(&v); return to_return; }#endif#ifndef OPENSSL_NO_DHstatic int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh) { int ret = -1, k_len, fd; k_len = BN_num_bits(dh->p); if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { const DH_METHOD *meth; UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_UNIT_FAILURE); meth = DH_OpenSSL(); ret = meth->compute_key(key, pub_key, dh); goto err; } if (p_UBSEC_diffie_hellman_agree_ioctl(fd, (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key), (unsigned char *)pub_key->d, BN_num_bits(pub_key), (unsigned char *)dh->p->d, BN_num_bits(dh->p), key, &k_len) != 0) { /* Hardware's a no go, failover to software */ const DH_METHOD *meth; UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED); p_UBSEC_ubsec_close(fd); meth = DH_OpenSSL(); ret = meth->compute_key(key, pub_key, dh); goto err; } p_UBSEC_ubsec_close(fd); ret = p_UBSEC_ubsec_bits_to_bytes(k_len);err: return ret; }static int ubsec_dh_generate_key(DH *dh) { int ret = 0, random_bits = 0, pub_key_len = 0, priv_key_len = 0, fd; BIGNUM *pub_key = NULL; BIGNUM *priv_key = NULL; /* * How many bits should Random x be? dh_key.c * sets the range from 0 to num_bits(modulus) ??? */ if (dh->priv_key == NULL) { priv_key = BN_new(); if (priv_key == NULL) goto err; priv_key_len = BN_num_bits(dh->p); bn_wexpand(priv_key, dh->p->top); do if (!BN_rand_range(priv_key, dh->p)) goto err; while (BN_is_zero(priv_key)); random_bits = BN_num_bits(priv_key); } else { priv_key = dh->priv_key; } if (dh->pub_key == NULL) { pub_key = BN_new(); pub_key_len = BN_num_bits(dh->p); bn_wexpand(pub_key, dh->p->top); if(pub_key == NULL) goto err; } else { pub_key = dh->pub_key; } if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { const DH_METHOD *meth; UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_UNIT_FAILURE); meth = DH_OpenSSL(); ret = meth->generate_key(dh); goto err; } if (p_UBSEC_diffie_hellman_generate_ioctl(fd, (unsigned char *)priv_key->d, &priv_key_len, (unsigned char *)pub_key->d, &pub_key_len, (unsigned char *)dh->g->d, BN_num_bits(dh->g), (unsigned char *)dh->p->d, BN_num_bits(dh->p), 0, 0, random_bits) != 0) { /* Hardware's a no go, failover to software */ const DH_METHOD *meth; UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_REQUEST_FAILED); p_UBSEC_ubsec_close(fd); meth = DH_OpenSSL(); ret = meth->generate_key(dh); goto err; } p_UBSEC_ubsec_close(fd); dh->pub_key = pub_key; dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2; dh->priv_key = priv_key; dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2; ret = 1;err: return ret; }#endif#ifdef NOT_USEDstatic int ubsec_rand_bytes(unsigned char * buf, int num) { int ret = 0, fd; if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { const RAND_METHOD *meth; UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE); num = p_UBSEC_ubsec_bits_to_bytes(num); meth = RAND_SSLeay(); meth->seed(buf, num); ret = meth->bytes(buf, num); goto err; } num *= 8; /* bytes to bits */ if (p_UBSEC_rng_ioctl(fd, UBSEC_RNG_DIRECT, buf, &num) != 0) { /* Hardware's a no go, failover to software */ const RAND_METHOD *meth; UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED); p_UBSEC_ubsec_close(fd); num = p_UBSEC_ubsec_bits_to_bytes(num); meth = RAND_SSLeay(); meth->seed(buf, num); ret = meth->bytes(buf, num); goto err; } p_UBSEC_ubsec_close(fd); ret = 1;err: return(ret); }static int ubsec_rand_status(void) { return 0; }#endif/* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */#ifndef OPENSSL_NO_DYNAMIC_ENGINEstatic int bind_fn(ENGINE *e, const char *id) { if(id && (strcmp(id, engine_ubsec_id) != 0)) return 0; if(!bind_helper(e)) return 0; return 1; }IMPLEMENT_DYNAMIC_CHECK_FN()IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)#endif /* OPENSSL_NO_DYNAMIC_ENGINE */#endif /* !OPENSSL_NO_HW_UBSEC */#endif /* !OPENSSL_NO_HW */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -