This adds DSA signature verification to the CryptoSwift support.

2000-05-29 13:01:34 +00:00
parent 974e22704d
commit 96d7e0ece7
3 changed files with 104 additions and 17 deletions
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -253,6 +253,7 @@ void ERR_load_ENGINE_strings(void);
 /* Function codes. */
 #define ENGINE_F_CSWIFT_DSA_SIGN			 133
 #define ENGINE_F_CSWIFT_DSA_VERIFY			 134
 #define ENGINE_F_CSWIFT_FINISH				 100
 #define ENGINE_F_CSWIFT_INIT				 101
 #define ENGINE_F_CSWIFT_MOD_EXP				 102
--- a/crypto/engine/engine_err.c
+++ b/crypto/engine/engine_err.c
@@ -66,12 +66,13 @@
 #ifndef NO_ERR
 static ERR_STRING_DATA ENGINE_str_functs[]=
 	{
-{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0),	"cswift_dsa_sign"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_SIGN,0),	"CSWIFT_DSA_SIGN"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0),	"cswift_finish"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_DSA_VERIFY,0),	"CSWIFT_DSA_VERIFY"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0),	"cswift_init"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_FINISH,0),	"CSWIFT_FINISH"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0),	"cswift_mod_exp"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_INIT,0),	"CSWIFT_INIT"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0),	"cswift_mod_exp_crt"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP,0),	"CSWIFT_MOD_EXP"},
-{ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0),	"cswift_rsa_mod_exp"},
+{ERR_PACK(0,ENGINE_F_CSWIFT_MOD_EXP_CRT,0),	"CSWIFT_MOD_EXP_CRT"},
 {ERR_PACK(0,ENGINE_F_CSWIFT_RSA_MOD_EXP,0),	"CSWIFT_RSA_MOD_EXP"},
 {ERR_PACK(0,ENGINE_F_ENGINE_ADD,0),	"ENGINE_add"},
 {ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0),	"ENGINE_by_id"},
 {ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0),	"ENGINE_finish"},
@@ -87,13 +88,13 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_RAND,0),	"ENGINE_get_RAND"},
 {ERR_PACK(0,ENGINE_F_ENGINE_GET_RSA,0),	"ENGINE_get_RSA"},
 {ERR_PACK(0,ENGINE_F_ENGINE_INIT,0),	"ENGINE_init"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),	"ENGINE_list_add"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),	"ENGINE_LIST_ADD"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),	"ENGINE_list_remove"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),	"ENGINE_LIST_REMOVE"},
 {ERR_PACK(0,ENGINE_F_ENGINE_NEW,0),	"ENGINE_new"},
 {ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0),	"ENGINE_remove"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP,0),	"ENGINE_set_BN_mod_exp"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT,0),	"ENGINE_set_BN_mod_exp_crt"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),	"engine_set_default_type"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),	"ENGINE_SET_DEFAULT_TYPE"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_DH,0),	"ENGINE_set_DH"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_DSA,0),	"ENGINE_set_DSA"},
 {ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0),	"ENGINE_set_id"},
--- a/crypto/engine/hw_cswift.c
+++ b/crypto/engine/hw_cswift.c
@@ -618,14 +618,99 @@ err:
 static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
 				DSA_SIG *sig, DSA *dsa)
 	{
-	DSA_METHOD *meth, *tmp_meth;
+	SW_CONTEXT_HANDLE hac;
-	int ret;
+	SW_PARAM sw_param;
-	meth = DSA_OpenSSL();
+	SW_STATUS sw_status;
-	tmp_meth = ENGINE_get_DSA(dsa->handle);
+	SW_LARGENUMBER arg[2], res;
-	ENGINE_set_DSA(dsa->handle, meth);
+	unsigned long sig_result;
-	ret = DSA_do_verify(dgst, dgst_len, sig, dsa);
+	BN_CTX *ctx;
-	ENGINE_set_DSA(dsa->handle, tmp_meth);
+	BIGNUM *dsa_p = NULL;
-	return ret;
+	BIGNUM *dsa_q = NULL;
 	BIGNUM *dsa_g = NULL;
 	BIGNUM *dsa_key = NULL;
 	BIGNUM *argument = NULL;
 	int to_return = -1;
 	int acquired = 0;
 	if((ctx = BN_CTX_new()) == NULL)
 		goto err;
 	if(!get_context(&hac))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_GET_HANDLE_FAILED);
 		goto err;
 		}
 	acquired = 1;
 	/* Prepare the params */
 	dsa_p = BN_CTX_get(ctx);
 	dsa_q = BN_CTX_get(ctx);
 	dsa_g = BN_CTX_get(ctx);
 	dsa_key = BN_CTX_get(ctx);
 	argument = BN_CTX_get(ctx);
 	if(!dsa_p || !dsa_q || !dsa_g || !dsa_key || !argument)
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_CTX_FULL);
 		goto err;
 		}
 	if(!bn_wexpand(dsa_p, dsa->p->top) ||
 			!bn_wexpand(dsa_q, dsa->q->top) ||
 			!bn_wexpand(dsa_g, dsa->g->top) ||
 			!bn_wexpand(dsa_key, dsa->pub_key->top) ||
 			!bn_wexpand(argument, 40))
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_BN_EXPAND_FAIL);
 		goto err;
 		}
 	sw_param.type = SW_ALG_DSA;
 	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
 				(unsigned char *)dsa_p->d);
 	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
 	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
 				(unsigned char *)dsa_q->d);
 	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
 	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
 				(unsigned char *)dsa_g->d);
 	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
 	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
 				(unsigned char *)dsa_key->d);
 	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
 	/* Attach the key params */
 	if(p_CSwift_AttachKeyParam(hac, &sw_param) != SW_OK)
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_PROVIDE_PARAMETERS);
 		goto err;
 		}
 	/* Prepare the argument and response */
 	arg[0].nbytes = dgst_len;
 	arg[0].value = (unsigned char *)dgst;
 	arg[1].nbytes = 40;
 	arg[1].value = (unsigned char *)argument->d;
 	memset(arg[1].value, 0, 40);
 	BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
 	BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
 	res.nbytes = 4; /* unsigned long */
 	res.value = (unsigned char *)(&sig_result);
 	/* Perform the operation */
 	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
 			&res, 1);
 	if(sw_status != SW_OK)
 		{
 		ENGINEerr(ENGINE_F_CSWIFT_DSA_VERIFY,ENGINE_R_REQUEST_FAILED);
 		goto err;
 		}
 	/* Convert the response */
 	to_return = ((sig_result == 0) ? 0 : 1);
 err:
 	if(acquired)
 		release_context(hac);
 	if(dsa_p) ctx->tos--;
 	if(dsa_q) ctx->tos--;
 	if(dsa_g) ctx->tos--;
 	if(dsa_key) ctx->tos--;
 	if(argument) ctx->tos--;
 	if(ctx)
 		BN_CTX_free(ctx);
 	return to_return;
 	}
 /* This function is aliased to mod_exp (with the dh and mont dropped). */