diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 4d6258871..5b24e1208 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -253,6 +253,7 @@ void ERR_load_ENGINE_strings(void); /* Function codes. */ #define ENGINE_F_CSWIFT_DSA_SIGN 133 +#define ENGINE_F_CSWIFT_DSA_VERIFY 134 #define ENGINE_F_CSWIFT_FINISH 100 #define ENGINE_F_CSWIFT_INIT 101 #define ENGINE_F_CSWIFT_MOD_EXP 102 diff --git a/crypto/engine/engine_err.c b/crypto/engine/engine_err.c index ff58ef2d0..6f7c2c68e 100644 --- a/crypto/engine/engine_err.c +++ b/crypto/engine/engine_err.c @@ -66,12 +66,13 @@ #ifndef NO_ERR static ERR_STRING_DATA ENGINE_str_functs[]= { -{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0), "cswift_dsa_sign"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0), "cswift_finish"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0), "cswift_init"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0), "cswift_mod_exp"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0), "cswift_mod_exp_crt"}, -{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0), "cswift_rsa_mod_exp"}, +{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0), "CSWIFT_DSA_SIGN"}, +{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_VERIFY,0), "CSWIFT_DSA_VERIFY"}, +{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0), "CSWIFT_FINISH"}, +{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0), "CSWIFT_INIT"}, +{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"}, +{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0), "CSWIFT_MOD_EXP_CRT"}, +{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0), "CSWIFT_RSA_MOD_EXP"}, {ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"}, {ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"}, {ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"}, @@ -87,13 +88,13 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_PACK(0,ENGINE_F_ENGINE_GET_RAND,0), "ENGINE_get_RAND"}, {ERR_PACK(0,ENGINE_F_ENGINE_GET_RSA,0), "ENGINE_get_RSA"}, {ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_list_add"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_list_remove"}, +{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"}, +{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"}, {ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"}, {ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"}, {ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0), "ENGINE_set_BN_mod_exp"}, {ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,0), "ENGINE_set_BN_mod_exp_crt"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "engine_set_default_type"}, +{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"}, {ERR_PACK(0,ENGINE_F_ENGINE_SET_DH,0), "ENGINE_set_DH"}, {ERR_PACK(0,ENGINE_F_ENGINE_SET_DSA,0), "ENGINE_set_DSA"}, {ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"}, diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c index 27ff72e50..d0fa7635c 100644 --- a/crypto/engine/hw_cswift.c +++ b/crypto/engine/hw_cswift.c @@ -618,14 +618,99 @@ err: static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { - DSA_METHOD *meth, *tmp_meth; - int ret; - meth = DSA_OpenSSL(); - tmp_meth = ENGINE_get_DSA(dsa->handle); - ENGINE_set_DSA(dsa->handle, meth); - ret = DSA_do_verify(dgst, dgst_len, sig, dsa); - ENGINE_set_DSA(dsa->handle, tmp_meth); - return ret; + SW_CONTEXT_HANDLE hac; + SW_PARAM sw_param; + SW_STATUS sw_status; + SW_LARGENUMBER arg[2], res; + unsigned long sig_result; + BN_CTX *ctx; + BIGNUM *dsa_p = NULL; + BIGNUM *dsa_q = NULL; + BIGNUM *dsa_g = NULL; + BIGNUM *dsa_key = NULL; + BIGNUM *argument = NULL; + int to_return = -1; + int acquired = 0; + + if((ctx = BN_CTX_new()) == NULL) + goto err; + if(!get_context(&hac)) + { + ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_GET_HANDLE_FAILED); + goto err; + } + acquired = 1; + /* Prepare the params */ + dsa_p = BN_CTX_get(ctx); + dsa_q = BN_CTX_get(ctx); + dsa_g = BN_CTX_get(ctx); + dsa_key = BN_CTX_get(ctx); + argument = BN_CTX_get(ctx); + if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !argument) + { + ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL); + goto err; + } + if(!bn_wexpand(dsa_p, dsa->p->top) || + !bn_wexpand(dsa_q, dsa->q->top) || + !bn_wexpand(dsa_g, dsa->g->top) || + !bn_wexpand(dsa_key, dsa->pub_key->top) || + !bn_wexpand(argument, 40)) + { + ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_EXPAND_FAIL); + goto err; + } + sw_param.type = SW_ALG_DSA; + sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, + (unsigned char *)dsa_p->d); + sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d; + sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, + (unsigned char *)dsa_q->d); + sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d; + sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, + (unsigned char *)dsa_g->d); + sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d; + sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key, + (unsigned char *)dsa_key->d); + sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d; + /* Attach the key params */ + if(p_CSwift_AttachKeyParam(hac, &sw_param) != SW_OK) + { + ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_PROVIDE_PARAMETERS); + goto err; + } + /* Prepare the argument and response */ + arg[0].nbytes = dgst_len; + arg[0].value = (unsigned char *)dgst; + arg[1].nbytes = 40; + arg[1].value = (unsigned char *)argument->d; + memset(arg[1].value, 0, 40); + BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r)); + BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s)); + res.nbytes = 4; /* unsigned long */ + res.value = (unsigned char *)(&sig_result); + /* Perform the operation */ + sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2, + &res, 1); + if(sw_status != SW_OK) + { + ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED); + goto err; + } + /* Convert the response */ + to_return = ((sig_result == 0) ? 0 : 1); + +err: + if(acquired) + release_context(hac); + if(dsa_p) ctx->tos--; + if(dsa_q) ctx->tos--; + if(dsa_g) ctx->tos--; + if(dsa_key) ctx->tos--; + if(argument) ctx->tos--; + if(ctx) + BN_CTX_free(ctx); + return to_return; } /* This function is aliased to mod_exp (with the dh and mont dropped). */