1 /* crypto/engine/hw_nuron.c */
3 * Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
4 * Thorpe's Atalla implementation.
6 /* ====================================================================
7 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
35 * 6. Redistributions of any form whatsoever must retain the following
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
62 #include <openssl/crypto.h>
63 #include <openssl/buffer.h>
64 #include <openssl/dso.h>
65 #include <openssl/engine.h>
66 #ifndef OPENSSL_NO_RSA
67 # include <openssl/rsa.h>
69 #ifndef OPENSSL_NO_DSA
70 # include <openssl/dsa.h>
73 # include <openssl/dh.h>
75 #include <openssl/bn.h>
78 # ifndef OPENSSL_NO_HW_NURON
80 # define NURON_LIB_NAME "nuron engine"
81 # include "e_nuron_err.c"
83 static const char *NURON_LIBNAME
= NULL
;
84 static const char *get_NURON_LIBNAME(void)
91 static void free_NURON_LIBNAME(void)
94 OPENSSL_free((void *)NURON_LIBNAME
);
98 static long set_NURON_LIBNAME(const char *name
)
100 free_NURON_LIBNAME();
101 return (((NURON_LIBNAME
= BUF_strdup(name
)) != NULL
) ? 1 : 0);
104 static const char *NURON_F1
= "nuron_mod_exp";
106 /* The definitions for control commands specific to this engine */
107 # define NURON_CMD_SO_PATH ENGINE_CMD_BASE
108 static const ENGINE_CMD_DEFN nuron_cmd_defns
[] = {
111 "Specifies the path to the 'nuronssl' shared library",
112 ENGINE_CMD_FLAG_STRING
},
116 typedef int tfnModExp(BIGNUM
*r
, const BIGNUM
*a
, const BIGNUM
*p
,
118 static tfnModExp
*pfnModExp
= NULL
;
120 static DSO
*pvDSOHandle
= NULL
;
122 static int nuron_destroy(ENGINE
*e
)
124 free_NURON_LIBNAME();
125 ERR_unload_NURON_strings();
129 static int nuron_init(ENGINE
*e
)
131 if (pvDSOHandle
!= NULL
) {
132 NURONerr(NURON_F_NURON_INIT
, NURON_R_ALREADY_LOADED
);
136 pvDSOHandle
= DSO_load(NULL
, get_NURON_LIBNAME(), NULL
,
137 DSO_FLAG_NAME_TRANSLATION_EXT_ONLY
);
139 NURONerr(NURON_F_NURON_INIT
, NURON_R_DSO_NOT_FOUND
);
143 pfnModExp
= (tfnModExp
*) DSO_bind_func(pvDSOHandle
, NURON_F1
);
145 NURONerr(NURON_F_NURON_INIT
, NURON_R_DSO_FUNCTION_NOT_FOUND
);
152 static int nuron_finish(ENGINE
*e
)
154 free_NURON_LIBNAME();
155 if (pvDSOHandle
== NULL
) {
156 NURONerr(NURON_F_NURON_FINISH
, NURON_R_NOT_LOADED
);
159 if (!DSO_free(pvDSOHandle
)) {
160 NURONerr(NURON_F_NURON_FINISH
, NURON_R_DSO_FAILURE
);
168 static int nuron_ctrl(ENGINE
*e
, int cmd
, long i
, void *p
, void (*f
) (void))
170 int initialised
= ((pvDSOHandle
== NULL
) ? 0 : 1);
172 case NURON_CMD_SO_PATH
:
174 NURONerr(NURON_F_NURON_CTRL
, ERR_R_PASSED_NULL_PARAMETER
);
178 NURONerr(NURON_F_NURON_CTRL
, NURON_R_ALREADY_LOADED
);
181 return set_NURON_LIBNAME((const char *)p
);
185 NURONerr(NURON_F_NURON_CTRL
, NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED
);
189 static int nuron_mod_exp(BIGNUM
*r
, const BIGNUM
*a
, const BIGNUM
*p
,
190 const BIGNUM
*m
, BN_CTX
*ctx
)
193 NURONerr(NURON_F_NURON_MOD_EXP
, NURON_R_NOT_LOADED
);
196 return pfnModExp(r
, a
, p
, m
);
199 # ifndef OPENSSL_NO_RSA
200 static int nuron_rsa_mod_exp(BIGNUM
*r0
, const BIGNUM
*I
, RSA
*rsa
,
203 return nuron_mod_exp(r0
, I
, rsa
->d
, rsa
->n
, ctx
);
207 # ifndef OPENSSL_NO_DSA
209 * This code was liberated and adapted from the commented-out code in
210 * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it
211 * doesn't have a CRT form for RSA), this function means that an Atalla
212 * system running with a DSA server certificate can handshake around 5 or 6
213 * times faster/more than an equivalent system running with RSA. Just check
214 * out the "signs" statistics from the RSA and DSA parts of "openssl speed
215 * -engine atalla dsa1024 rsa1024".
217 static int nuron_dsa_mod_exp(DSA
*dsa
, BIGNUM
*rr
, BIGNUM
*a1
,
218 BIGNUM
*p1
, BIGNUM
*a2
, BIGNUM
*p2
, BIGNUM
*m
,
219 BN_CTX
*ctx
, BN_MONT_CTX
*in_mont
)
225 /* let rr = a1 ^ p1 mod m */
226 if (!nuron_mod_exp(rr
, a1
, p1
, m
, ctx
))
228 /* let t = a2 ^ p2 mod m */
229 if (!nuron_mod_exp(&t
, a2
, p2
, m
, ctx
))
231 /* let rr = rr * t mod m */
232 if (!BN_mod_mul(rr
, rr
, &t
, m
, ctx
))
240 static int nuron_mod_exp_dsa(DSA
*dsa
, BIGNUM
*r
, BIGNUM
*a
,
241 const BIGNUM
*p
, const BIGNUM
*m
, BN_CTX
*ctx
,
244 return nuron_mod_exp(r
, a
, p
, m
, ctx
);
248 /* This function is aliased to mod_exp (with the mont stuff dropped). */
249 # ifndef OPENSSL_NO_RSA
250 static int nuron_mod_exp_mont(BIGNUM
*r
, const BIGNUM
*a
, const BIGNUM
*p
,
251 const BIGNUM
*m
, BN_CTX
*ctx
,
254 return nuron_mod_exp(r
, a
, p
, m
, ctx
);
258 # ifndef OPENSSL_NO_DH
259 /* This function is aliased to mod_exp (with the dh and mont dropped). */
260 static int nuron_mod_exp_dh(const DH
*dh
, BIGNUM
*r
,
261 const BIGNUM
*a
, const BIGNUM
*p
,
262 const BIGNUM
*m
, BN_CTX
*ctx
, BN_MONT_CTX
*m_ctx
)
264 return nuron_mod_exp(r
, a
, p
, m
, ctx
);
268 # ifndef OPENSSL_NO_RSA
269 static RSA_METHOD nuron_rsa
= {
287 # ifndef OPENSSL_NO_DSA
288 static DSA_METHOD nuron_dsa
= {
290 NULL
, /* dsa_do_sign */
291 NULL
, /* dsa_sign_setup */
292 NULL
, /* dsa_do_verify */
293 nuron_dsa_mod_exp
, /* dsa_mod_exp */
294 nuron_mod_exp_dsa
, /* bn_mod_exp */
299 NULL
, /* dsa_paramgen */
300 NULL
/* dsa_keygen */
304 # ifndef OPENSSL_NO_DH
305 static DH_METHOD nuron_dh
= {
318 /* Constants used when creating the ENGINE */
319 static const char *engine_nuron_id
= "nuron";
320 static const char *engine_nuron_name
= "Nuron hardware engine support";
323 * This internal function is used by ENGINE_nuron() and possibly by the
324 * "dynamic" ENGINE support too
326 static int bind_helper(ENGINE
*e
)
328 # ifndef OPENSSL_NO_RSA
329 const RSA_METHOD
*meth1
;
331 # ifndef OPENSSL_NO_DSA
332 const DSA_METHOD
*meth2
;
334 # ifndef OPENSSL_NO_DH
335 const DH_METHOD
*meth3
;
337 if (!ENGINE_set_id(e
, engine_nuron_id
) ||
338 !ENGINE_set_name(e
, engine_nuron_name
) ||
339 # ifndef OPENSSL_NO_RSA
340 !ENGINE_set_RSA(e
, &nuron_rsa
) ||
342 # ifndef OPENSSL_NO_DSA
343 !ENGINE_set_DSA(e
, &nuron_dsa
) ||
345 # ifndef OPENSSL_NO_DH
346 !ENGINE_set_DH(e
, &nuron_dh
) ||
348 !ENGINE_set_destroy_function(e
, nuron_destroy
) ||
349 !ENGINE_set_init_function(e
, nuron_init
) ||
350 !ENGINE_set_finish_function(e
, nuron_finish
) ||
351 !ENGINE_set_ctrl_function(e
, nuron_ctrl
) ||
352 !ENGINE_set_cmd_defns(e
, nuron_cmd_defns
))
355 # ifndef OPENSSL_NO_RSA
357 * We know that the "PKCS1_SSLeay()" functions hook properly to the
358 * nuron-specific mod_exp and mod_exp_crt so we use those functions. NB:
359 * We don't use ENGINE_openssl() or anything "more generic" because
360 * something like the RSAref code may not hook properly, and if you own
361 * one of these cards then you have the right to do RSA operations on it
364 meth1
= RSA_PKCS1_SSLeay();
365 nuron_rsa
.rsa_pub_enc
= meth1
->rsa_pub_enc
;
366 nuron_rsa
.rsa_pub_dec
= meth1
->rsa_pub_dec
;
367 nuron_rsa
.rsa_priv_enc
= meth1
->rsa_priv_enc
;
368 nuron_rsa
.rsa_priv_dec
= meth1
->rsa_priv_dec
;
371 # ifndef OPENSSL_NO_DSA
373 * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
375 meth2
= DSA_OpenSSL();
376 nuron_dsa
.dsa_do_sign
= meth2
->dsa_do_sign
;
377 nuron_dsa
.dsa_sign_setup
= meth2
->dsa_sign_setup
;
378 nuron_dsa
.dsa_do_verify
= meth2
->dsa_do_verify
;
381 # ifndef OPENSSL_NO_DH
382 /* Much the same for Diffie-Hellman */
383 meth3
= DH_OpenSSL();
384 nuron_dh
.generate_key
= meth3
->generate_key
;
385 nuron_dh
.compute_key
= meth3
->compute_key
;
388 /* Ensure the nuron error handling is set up */
389 ERR_load_NURON_strings();
393 # ifdef OPENSSL_NO_DYNAMIC_ENGINE
394 static ENGINE
*engine_nuron(void)
396 ENGINE
*ret
= ENGINE_new();
399 if (!bind_helper(ret
)) {
406 void ENGINE_load_nuron(void)
408 /* Copied from eng_[openssl|dyn].c */
409 ENGINE
*toadd
= engine_nuron();
419 * This stuff is needed if this ENGINE is being compiled into a
420 * self-contained shared-library.
422 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
423 static int bind_fn(ENGINE
*e
, const char *id
)
425 if (id
&& (strcmp(id
, engine_nuron_id
) != 0))
432 IMPLEMENT_DYNAMIC_CHECK_FN()
433 IMPLEMENT_DYNAMIC_BIND_FN(bind_fn
)
434 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
435 # endif /* !OPENSSL_NO_HW_NURON */
436 #endif /* !OPENSSL_NO_HW */