cc015c48db
Atalla card, you should be able to compile with the "hw-atalla" switch
with "./config" or "perl Configure", and then you can use the command-
line switch "-engine atalla" inside speed, s_cient and s_server (after
checking out note (1)).
Notes:
(1) I've turned on native name translation when loading the shared-
library, but this means that the Unix shared library needs to be
libatasi.so rather than atasi.so. I got around this in my testing
by creating a symbollic link from /usr/lib/libatasi.so to the real
library, but something better will be needed. It also assumes in
win32 that the DLL will be called atasi.dll - but as I don't have
a win32/atalla environment to try I have no idea yet if this is
the case.
(2) Currently DSA verifies are not accelerated because I haven't yet
got a mod_exp-based variant of BN_mod_exp2_mont() that yields
correct results.
(3) Currently the "init()" doesn't fail if the shared library can
load successfully but the card is not operational. In this case,
the ENGINE_init() call will succeed, but all RSA, DSA, DH, and
the two BN_*** operations will fail until the ENGINE is switched
back to something that does work. I expect to correct this next.
(4) Although the API for the Atalla card just has the one crypto
function suggesting an RSA private key operation - this is in
fact just a straight mod_exp function that ignores all the RSA
key parameters except the (private) exponent and modulus. This is
why the only accelerator work is taking place inside the mod_exp
function and there's no optimisation of RSA private key operations
based on CRT etc.
62 lines
2.2 KiB
C
62 lines
2.2 KiB
C
/* This header declares the necessary definitions for using the exponentiation
|
|
* acceleration capabilities of Atalla cards. The only cryptographic operation
|
|
* is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
|
|
* defines an "RSA private key". However, it is really only performing a
|
|
* regular mod_exp using the supplied modulus and exponent - no CRT form is
|
|
* being used. Hence, it is a generic mod_exp function in disguise, and we use
|
|
* it as such.
|
|
*
|
|
* Thanks to the people at Atalla for letting me know these definitions are
|
|
* fine and that they can be reproduced here.
|
|
*
|
|
* Geoff.
|
|
*/
|
|
|
|
typedef struct ItemStr
|
|
{
|
|
unsigned char *data;
|
|
int len;
|
|
} Item;
|
|
|
|
typedef struct RSAPrivateKeyStr
|
|
{
|
|
void *reserved;
|
|
Item version;
|
|
Item modulus;
|
|
Item publicExponent;
|
|
Item privateExponent;
|
|
Item prime[2];
|
|
Item exponent[2];
|
|
Item coefficient;
|
|
} RSAPrivateKey;
|
|
|
|
/* Predeclare the function pointer types that we dynamically load from the DSO.
|
|
* These use the same names and form that Ben's original support code had (in
|
|
* crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
|
|
* somewhere along the way!
|
|
*/
|
|
|
|
typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
|
|
unsigned int *ret_buf);
|
|
|
|
typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
|
|
|
|
typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
|
|
unsigned char *output,
|
|
unsigned char *input,
|
|
unsigned int modulus_len);
|
|
|
|
/* These are the static string constants for the DSO file name and the function
|
|
* symbol names to bind to. Regrettably, the DSO name on *nix appears to be
|
|
* "atasi.so" rather than something more consistent like "libatasi.so". At the
|
|
* time of writing, I'm not sure what the file name on win32 is but clearly
|
|
* native name translation is not possible (eg libatasi.so on *nix, and
|
|
* atasi.dll on win32). For the purposes of testing, I have created a symbollic
|
|
* link called "libatasi.so" so that we can use native name-translation - a
|
|
* better solution will be needed. */
|
|
static const char *ATALLA_LIBNAME = "atasi";
|
|
static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
|
|
static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
|
|
static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
|
|
|