fthielen/nginx-custom
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
root
2017-02-25 23:55:24 +01:00
commit 1fe2e8ab62
4868 changed files with 1487355 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

235
openssl-1.0.2f/engines/vendor_defns/aep.h Normal file
View File

@@ -0,0 +1,235 @@
/*
* This header declares the necessary definitions for using the
* exponentiation acceleration capabilities, and rnd number generation of the
* AEP card.
*/
/*
*
* Some AEP defines
*
*/
/*
* Successful return value
*/
#define AEP_R_OK 0x00000000
/*
* Miscelleanous unsuccessful return value
*/
#define AEP_R_GENERAL_ERROR 0x10000001
/*
* Insufficient host memory
*/
#define AEP_R_HOST_MEMORY 0x10000002
#define AEP_R_FUNCTION_FAILED 0x10000006
/*
* Invalid arguments in function call
*/
#define AEP_R_ARGUMENTS_BAD 0x10020000
#define AEP_R_NO_TARGET_RESOURCES 0x10030000
/*
* Error occuring on socket operation
*/
#define AEP_R_SOCKERROR 0x10000010
/*
* Socket has been closed from the other end
*/
#define AEP_R_SOCKEOF 0x10000011
/*
* Invalid handles
*/
#define AEP_R_CONNECTION_HANDLE_INVALID 0x100000B3
#define AEP_R_TRANSACTION_HANDLE_INVALID 0x10040000
/*
* Transaction has not yet returned from accelerator
*/
#define AEP_R_TRANSACTION_NOT_READY 0x00010000
/*
* There is already a thread waiting on this transaction
*/
#define AEP_R_TRANSACTION_CLAIMED 0x10050000
/*
* The transaction timed out
*/
#define AEP_R_TIMED_OUT 0x10060000
#define AEP_R_FXN_NOT_IMPLEMENTED 0x10070000
#define AEP_R_TARGET_ERROR 0x10080000
/*
* Error in the AEP daemon process
*/
#define AEP_R_DAEMON_ERROR 0x10090000
/*
* Invalid ctx id
*/
#define AEP_R_INVALID_CTX_ID 0x10009000
#define AEP_R_NO_KEY_MANAGER 0x1000a000
/*
* Error obtaining a mutex
*/
#define AEP_R_MUTEX_BAD 0x000001A0
/*
* Fxn call before AEP_Initialise ot after AEP_Finialise
*/
#define AEP_R_AEPAPI_NOT_INITIALIZED 0x10000190
/*
* AEP_Initialise has already been called
*/
#define AEP_R_AEPAPI_ALREADY_INITIALIZED 0x10000191
/*
* Maximum number of connections to daemon reached
*/
#define AEP_R_NO_MORE_CONNECTION_HNDLS 0x10000200
/*
*
* Some AEP Type definitions
*
*/
/* an unsigned 8-bit value */
typedef unsigned char AEP_U8;
/* an unsigned 8-bit character */
typedef char AEP_CHAR;
/* a BYTE-sized Boolean flag */
typedef AEP_U8 AEP_BBOOL;
/*
* Unsigned value, at least 16 bits long
*/
typedef unsigned short AEP_U16;
/* an unsigned value, at least 32 bits long */
#ifdef SIXTY_FOUR_BIT_LONG
typedef unsigned int AEP_U32;
#else
typedef unsigned long AEP_U32;
#endif
#ifdef SIXTY_FOUR_BIT_LONG
typedef unsigned long AEP_U64;
#else
typedef struct {
unsigned long l1, l2;
} AEP_U64;
#endif
/* at least 32 bits; each bit is a Boolean flag */
typedef AEP_U32 AEP_FLAGS;
typedef AEP_U8 *AEP_U8_PTR;
typedef AEP_CHAR *AEP_CHAR_PTR;
typedef AEP_U32 *AEP_U32_PTR;
typedef AEP_U64 *AEP_U64_PTR;
typedef void *AEP_VOID_PTR;
/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR;
/*
* Used to identify an AEP connection handle
*/
typedef AEP_U32 AEP_CONNECTION_HNDL;
/*
* Pointer to an AEP connection handle
*/
typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR;
/*
* Used by an application (in conjunction with the apps process id) to
* identify an individual transaction
*/
typedef AEP_U32 AEP_TRANSACTION_ID;
/*
* Pointer to an applications transaction identifier
*/
typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR;
/*
* Return value type
*/
typedef AEP_U32 AEP_RV;
#define MAX_PROCESS_CONNECTIONS 256
#define RAND_BLK_SIZE 1024
typedef enum {
NotConnected = 0,
Connected = 1,
InUse = 2
} AEP_CONNECTION_STATE;
typedef struct AEP_CONNECTION_ENTRY {
AEP_CONNECTION_STATE conn_state;
AEP_CONNECTION_HNDL conn_hndl;
} AEP_CONNECTION_ENTRY;
typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
AEP_VOID_PTR pA, AEP_VOID_PTR pP,
AEP_VOID_PTR pN,
AEP_VOID_PTR pResult,
AEP_TRANSACTION_ID *pidTransID);
typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
AEP_VOID_PTR pA, AEP_VOID_PTR pP,
AEP_VOID_PTR pQ,
AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
AEP_VOID_PTR pIqmp,
AEP_VOID_PTR pResult,
AEP_TRANSACTION_ID *pidTransID);
#ifdef AEPRAND
typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
AEP_U32 Len,
AEP_U32 Type,
AEP_VOID_PTR pResult,
AEP_TRANSACTION_ID *pidTransID);
#endif
typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
typedef AEP_RV t_AEP_Finalize(void);
typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)
(AEP_VOID_PTR ArbBigNum,
AEP_U32 *BigNumSize),
AEP_RV (*MakeAEPBigNumFunc) (AEP_VOID_PTR
ArbBigNum,
AEP_U32
BigNumSize,
unsigned char
*AEP_BigNum),
AEP_RV (*ConverAEPBigNumFunc) (void
*ArbBigNum,
AEP_U32
BigNumSize,
unsigned
char
*AEP_BigNum));

44
openssl-1.0.2f/engines/vendor_defns/atalla.h Normal file
View File

@@ -0,0 +1,44 @@
/*
* This header declares the necessary definitions for using the
* exponentiation acceleration capabilities of Atalla cards. The only
* cryptographic operation is performed by "ASI_RSAPrivateKeyOpFn" and this
* takes a structure that defines an "RSA private key". However, it is really
* only performing a regular mod_exp using the supplied modulus and exponent
* - no CRT form is being used. Hence, it is a generic mod_exp function in
* disguise, and we use it as such. Thanks to the people at Atalla for
* letting me know these definitions are fine and that they can be reproduced
* here. Geoff.
*/
typedef struct ItemStr {
unsigned char *data;
int len;
} Item;
typedef struct RSAPrivateKeyStr {
void *reserved;
Item version;
Item modulus;
Item publicExponent;
Item privateExponent;
Item prime[2];
Item exponent[2];
Item coefficient;
} RSAPrivateKey;
/*
* Predeclare the function pointer types that we dynamically load from the
* DSO. These use the same names and form that Ben's original support code
* had (in crypto/bn/bn_exp.c) unless of course I've inadvertently changed
* the style somewhere along the way!
*/
typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
unsigned int *ret_buf);
typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
unsigned char *output,
unsigned char *input,
unsigned int modulus_len);

235
openssl-1.0.2f/engines/vendor_defns/cswift.h Normal file
View File

@@ -0,0 +1,235 @@
/*
* Attribution notice: Rainbow have generously allowed me to reproduce the
* necessary definitions here from their API. This means the support can
* build independently of whether application builders have the API or
* hardware. This will allow developers to easily produce software that has
* latent hardware support for any users that have accelertors installed,
* without the developers themselves needing anything extra. I have only
* clipped the parts from the CryptoSwift header files that are (or seem)
* relevant to the CryptoSwift support code. This is simply to keep the file
* sizes reasonable. [Geoff]
*/
/*
* NB: These type widths do *not* seem right in general, in particular
* they're not terribly friendly to 64-bit architectures (unsigned long) will
* be 64-bit on IA-64 for a start. I'm leaving these alone as they agree with
* Rainbow's API and this will only be called into question on platforms with
* Rainbow support anyway! ;-)
*/
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
typedef long SW_STATUS; /* status */
typedef unsigned char SW_BYTE; /* 8 bit byte */
typedef unsigned short SW_U16; /* 16 bit number */
#if defined(_IRIX)
# include <sgidefs.h>
typedef __uint32_t SW_U32;
#else
typedef unsigned long SW_U32; /* 32 bit integer */
#endif
#if defined(OPENSSL_SYS_WIN32)
typedef struct _SW_U64 {
SW_U32 low32;
SW_U32 high32;
} SW_U64; /* 64 bit integer */
#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
typedef longlong SW_U64
#else /* Unix variants */
typedef struct _SW_U64 {
SW_U32 low32;
SW_U32 high32;
} SW_U64; /* 64 bit integer */
#endif
/* status codes */
#define SW_OK (0L)
#define SW_ERR_BASE (-10000L)
#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */
#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
/* up yet */
#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */
/* time out */
#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */
/* execute the command */
#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
/* NULL */
#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */
/* small, too large. */
#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
/* handle */
#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */
/* standing at this */
/* context handle */
#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */
#define SW_ERR_NO_PENDING (SW_ERR_BASE-10) /* No request is pending. */
#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11) /* Not enough memory */
#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12) /* Invalid algorithm type */
/* in SW_PARAM structure */
#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13) /* No key is associated with */
/* context. */
/* swAttachKeyParam() is */
/* not called. */
#define SW_ERR_KEY_CMD_MISMATCH \
(SW_ERR_BASE-14) /* Cannot perform requested */
/* SW_COMMAND_CODE since */
/* key attached via */
/* swAttachKeyParam() */
/* cannot be used for this */
/* SW_COMMAND_CODE. */
#define SW_ERR_NOT_IMPLEMENTED \
(SW_ERR_BASE-15) /* Not implemented */
#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16) /* Bad command code */
#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17) /* too small or too large in */
/* the "initems" or */
/* "outitems". */
#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18) /* Bad accelerator number */
#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19) /* At least one of the self */
/* test fail, look at the */
/* selfTestBitmap in */
/* SW_ACCELERATOR_INFO for */
/* details. */
#define SW_ERR_MISALIGN (SW_ERR_BASE-20) /* Certain alogrithms require */
/* key materials aligned */
/* in certain order, e.g. */
/* 128 bit for CRT */
#define SW_ERR_OUTPUT_NULL_PTR \
(SW_ERR_BASE-21) /* a required pointer is */
/* NULL */
#define SW_ERR_OUTPUT_SIZE \
(SW_ERR_BASE-22) /* size is invalid, too */
/* small, too large. */
#define SW_ERR_FIRMWARE_CHECKSUM \
(SW_ERR_BASE-23) /* firmware checksum mismatch */
/* download failed. */
#define SW_ERR_UNKNOWN_FIRMWARE \
(SW_ERR_BASE-24) /* unknown firmware error */
#define SW_ERR_INTERRUPT (SW_ERR_BASE-25) /* request is abort when */
/* it's waiting to be */
/* completed. */
#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26) /* error in writing to Non- */
/* volatile memory */
#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27) /* out of range error in */
/* writing to NV memory */
#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28) /* Random Number Generation */
/* failure */
#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29) /* DSS Sign or Verify failure */
#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30) /* Failure in various math */
/* calculations */
#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31) /* Error in accessing on - */
/* board memory */
#define SW_ERR_FIRMWARE_VERSION \
(SW_ERR_BASE-32) /* Wrong version in firmware */
/* update */
#define SW_ERR_ZERO_WORKING_ACCELERATOR \
(SW_ERR_BASE-44) /* All accelerators are bad */
/* algorithm type */
#define SW_ALG_CRT 1
#define SW_ALG_EXP 2
#define SW_ALG_DSA 3
#define SW_ALG_NVDATA 4
/* command code */
#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */
/* Chinese Remainder Theorem (CRT) */
#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */
#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */
#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */
#define SW_CMD_RAND 5 /* perform random number generation */
#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */
#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */
typedef SW_U32 SW_ALGTYPE; /* alogrithm type */
typedef SW_U32 SW_STATE; /* state */
typedef SW_U32 SW_COMMAND_CODE; /* command code */
typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
typedef struct _SW_LARGENUMBER {
SW_U32 nbytes; /* number of bytes in the buffer "value" */
SW_BYTE *value; /* the large integer as a string of */
/* bytes in network (big endian) order */
} SW_LARGENUMBER;
#if defined(OPENSSL_SYS_WIN32)
# include <windows.h>
typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
# define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE
# define SW_CALLCONV _stdcall
#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
/* async callback mechanisms */
/* swiftCallbackLevel */
# define SW_MAC_CALLBACK_LEVEL_NO 0
# define SW_MAC_CALLBACK_LEVEL_HARDWARE 1/* from the hardware ISR */
# define SW_MAC_CALLBACK_LEVEL_SECONDARY 2/* as secondary ISR */
typedef int SW_MAC_CALLBACK_LEVEL;
typedef int SW_OSHANDLE;
# define SW_OS_INVALID_HANDLE (-1)
# define SW_CALLCONV
#else /* Unix variants */
typedef int SW_OSHANDLE; /* handle to driver */
# define SW_OS_INVALID_HANDLE (-1)
# define SW_CALLCONV
#endif
typedef struct _SW_CRT {
SW_LARGENUMBER p; /* prime number p */
SW_LARGENUMBER q; /* prime number q */
SW_LARGENUMBER dmp1; /* exponent1 */
SW_LARGENUMBER dmq1; /* exponent2 */
SW_LARGENUMBER iqmp; /* CRT coefficient */
} SW_CRT;
typedef struct _SW_EXP {
SW_LARGENUMBER modulus; /* modulus */
SW_LARGENUMBER exponent; /* exponent */
} SW_EXP;
typedef struct _SW_DSA {
SW_LARGENUMBER p; /* */
SW_LARGENUMBER q; /* */
SW_LARGENUMBER g; /* */
SW_LARGENUMBER key; /* private/public key */
} SW_DSA;
typedef struct _SW_NVDATA {
SW_U32 accnum; /* accelerator board number */
SW_U32 offset; /* offset in byte */
} SW_NVDATA;
typedef struct _SW_PARAM {
SW_ALGTYPE type; /* type of the alogrithm */
union {
SW_CRT crt;
SW_EXP exp;
SW_DSA dsa;
SW_NVDATA nvdata;
} up;
} SW_PARAM;
typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
/*
* Now the OpenSSL bits, these function types are the for the function
* pointers that will bound into the Rainbow shared libraries.
*/
typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE
*hac);
typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
SW_PARAM *key_params);
typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
SW_COMMAND_CODE cmd,
SW_LARGENUMBER pin[],
SW_U32 pin_count,
SW_LARGENUMBER pout[],
SW_U32 pout_count);
typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE
hac);
#ifdef __cplusplus
}
#endif /* __cplusplus */

150
openssl-1.0.2f/engines/vendor_defns/hw_4758_cca.h Normal file
View File

@@ -0,0 +1,150 @@
/**********************************************************************/
/* */
/* Prototypes of the CCA verbs used by the 4758 CCA openssl driver */
/* */
/* Maurice Gittens <maurice@gittens.nl> */
/* */
/**********************************************************************/
#ifndef __HW_4758_CCA__
# define __HW_4758_CCA__
/*
* Only WIN32 support for now
*/
# if defined(WIN32)
# define CCA_LIB_NAME "CSUNSAPI"
# define CSNDPKX "CSNDPKX_32"
# define CSNDKRR "CSNDKRR_32"
# define CSNDPKE "CSNDPKE_32"
# define CSNDPKD "CSNDPKD_32"
# define CSNDDSV "CSNDDSV_32"
# define CSNDDSG "CSNDDSG_32"
# define CSNBRNG "CSNBRNG_32"
# define SECURITYAPI __stdcall
# else
/*
* Fixme!! Find out the values of these constants for other platforms.
*/
# define CCA_LIB_NAME "CSUNSAPI"
# define CSNDPKX "CSNDPKX"
# define CSNDKRR "CSNDKRR"
# define CSNDPKE "CSNDPKE"
# define CSNDPKD "CSNDPKD"
# define CSNDDSV "CSNDDSV"
# define CSNDDSG "CSNDDSG"
# define CSNBRNG "CSNBRNG"
# define SECURITYAPI
# endif
/*
* security API prototypes
*/
/* PKA Key Record Read */
typedef void (SECURITYAPI * F_KEYRECORDREAD)
(long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
long *rule_array_count,
unsigned char *rule_array,
unsigned char *key_label, long *key_token_length, unsigned char *key_token);
/* Random Number Generate */
typedef void (SECURITYAPI * F_RANDOMNUMBERGENERATE)
(long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
unsigned char *form, unsigned char *random_number);
/* Digital Signature Generate */
typedef void (SECURITYAPI * F_DIGITALSIGNATUREGENERATE)
(long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
long *rule_array_count,
unsigned char *rule_array,
long *PKA_private_key_id_length,
unsigned char *PKA_private_key_id,
long *hash_length,
unsigned char *hash,
long *signature_field_length,
long *signature_bit_length, unsigned char *signature_field);
/* Digital Signature Verify */
typedef void (SECURITYAPI * F_DIGITALSIGNATUREVERIFY) (long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char
*exit_data,
long *rule_array_count,
unsigned char
*rule_array,
long
*PKA_public_key_id_length,
unsigned char
*PKA_public_key_id,
long *hash_length,
unsigned char *hash,
long
*signature_field_length,
unsigned char
*signature_field);
/* PKA Public Key Extract */
typedef void (SECURITYAPI * F_PUBLICKEYEXTRACT) (long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
long *rule_array_count,
unsigned char *rule_array,
long
*source_key_identifier_length,
unsigned char
*source_key_identifier,
long
*target_key_token_length,
unsigned char
*target_key_token);
/* PKA Encrypt */
typedef void (SECURITYAPI * F_PKAENCRYPT)
(long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
long *rule_array_count,
unsigned char *rule_array,
long *key_value_length,
unsigned char *key_value,
long *data_struct_length,
unsigned char *data_struct,
long *RSA_public_key_length,
unsigned char *RSA_public_key,
long *RSA_encipher_length, unsigned char *RSA_encipher);
/* PKA Decrypt */
typedef void (SECURITYAPI * F_PKADECRYPT)
(long *return_code,
long *reason_code,
long *exit_data_length,
unsigned char *exit_data,
long *rule_array_count,
unsigned char *rule_array,
long *enciphered_key_length,
unsigned char *enciphered_key,
long *data_struct_length,
unsigned char *data_struct,
long *RSA_private_key_length,
unsigned char *RSA_private_key,
long *key_value_length, unsigned char *key_value);
#endif

124
openssl-1.0.2f/engines/vendor_defns/hw_ubsec.h Normal file
View File

@@ -0,0 +1,124 @@
/******************************************************************************
*
* Copyright 2000
* Broadcom Corporation
* 16215 Alton Parkway
* PO Box 57013
* Irvine CA 92619-7013
*
*****************************************************************************/
/*
* Broadcom Corporation uBSec SDK
*/
/*
* Character device header file.
*/
/*
* Revision History:
*
* October 2000 JTT Created.
*/
#define MAX_PUBLIC_KEY_BITS (1024)
#define MAX_PUBLIC_KEY_BYTES (1024/8)
#define SHA_BIT_SIZE (160)
#define MAX_CRYPTO_KEY_LENGTH 24
#define MAX_MAC_KEY_LENGTH 64
#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
/* Math command types. */
#define UBSEC_MATH_MODADD 0x0001
#define UBSEC_MATH_MODSUB 0x0002
#define UBSEC_MATH_MODMUL 0x0004
#define UBSEC_MATH_MODEXP 0x0008
#define UBSEC_MATH_MODREM 0x0010
#define UBSEC_MATH_MODINV 0x0020
typedef long ubsec_MathCommand_t;
typedef long ubsec_RNGCommand_t;
typedef struct ubsec_crypto_context_s {
unsigned int flags;
unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
unsigned char auth[MAX_MAC_KEY_LENGTH];
} ubsec_crypto_context_t, *ubsec_crypto_context_p;
/*
* Predeclare the function pointer types that we dynamically load from the DSO.
*/
typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
typedef int t_UBSEC_ubsec_open(unsigned char *device);
typedef int t_UBSEC_ubsec_close(int fd);
typedef int t_UBSEC_diffie_hellman_generate_ioctl(int fd,
unsigned char *x,
int *x_len,
unsigned char *y,
int *y_len,
unsigned char *g, int g_len,
unsigned char *m, int m_len,
unsigned char *userX,
int userX_len,
int random_bits);
typedef int t_UBSEC_diffie_hellman_agree_ioctl(int fd,
unsigned char *x, int x_len,
unsigned char *y, int y_len,
unsigned char *m, int m_len,
unsigned char *k, int *k_len);
typedef int t_UBSEC_rsa_mod_exp_ioctl(int fd,
unsigned char *x, int x_len,
unsigned char *m, int m_len,
unsigned char *e, int e_len,
unsigned char *y, int *y_len);
typedef int t_UBSEC_rsa_mod_exp_crt_ioctl(int fd,
unsigned char *x, int x_len,
unsigned char *qinv, int qinv_len,
unsigned char *edq, int edq_len,
unsigned char *q, int q_len,
unsigned char *edp, int edp_len,
unsigned char *p, int p_len,
unsigned char *y, int *y_len);
typedef int t_UBSEC_dsa_sign_ioctl(int fd,
int hash, unsigned char *data,
int data_len, unsigned char *rndom,
int random_len, unsigned char *p,
int p_len, unsigned char *q, int q_len,
unsigned char *g, int g_len,
unsigned char *key, int key_len,
unsigned char *r, int *r_len,
unsigned char *s, int *s_len);
typedef int t_UBSEC_dsa_verify_ioctl(int fd,
int hash, unsigned char *data,
int data_len, unsigned char *p,
int p_len, unsigned char *q, int q_len,
unsigned char *g, int g_len,
unsigned char *key, int key_len,
unsigned char *r, int r_len,
unsigned char *s, int s_len,
unsigned char *v, int *v_len);
typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
unsigned char *ModN, int *ModN_len,
unsigned char *ExpE, int *ExpE_len,
unsigned char *ParamA,
int *ParamA_len,
unsigned char *ParamB,
int *ParamB_len,
unsigned char *Result,
int *Result_len);
typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
unsigned char *Result, int *Result_len);
typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);

502
openssl-1.0.2f/engines/vendor_defns/hwcryptohook.h Normal file
View File

@@ -0,0 +1,502 @@
/*-
* ModExp / RSA (with/without KM) plugin API
*
* The application will load a dynamic library which
* exports entrypoint(s) defined in this file.
*
* This set of entrypoints provides only a multithreaded,
* synchronous-within-each-thread, facility.
*
*
* This file is Copyright 1998-2000 nCipher Corporation Limited.
*
* Redistribution and use in source and binary forms, with opr without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the copyright notice,
* this list of conditions, and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions, and the following
* disclaimer, in the documentation and/or other materials provided
* with the distribution
*
* IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
* ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
* damages arising directly or indirectly from this file, its use or
* this licence. Without prejudice to the generality of the
* foregoing: all liability shall be excluded for direct, indirect,
* special, incidental, consequential or other damages or any loss of
* profits, business, revenue goodwill or anticipated savings;
* liability shall be excluded even if nCipher or anyone else has been
* advised of the possibility of damage. In any event, if the
* exclusion of liability is not effective, the liability of nCipher
* or any author or distributor shall be limited to the lesser of the
* price paid and 1,000 pounds sterling. This licence only fails to
* exclude or limit liability for death or personal injury arising out
* of negligence, and only to the extent that such an exclusion or
* limitation is not effective.
*
* NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
* AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
* limited to, any implied warranties of merchantability, fitness for
* a particular purpose, satisfactory quality, and/or non-infringement
* of any third party rights.
*
* US Government use: This software and documentation is Commercial
* Computer Software and Computer Software Documentation, as defined in
* sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
* Noncommercial Computer Software and Noncommercial Computer Software
* Documentation." Use, duplication or disclosure by the Government is
* subject to the terms and conditions specified here.
*
* By using or distributing this file you will be accepting these
* terms and conditions, including the limitation of liability and
* lack of warranty. If you do not wish to accept these terms and
* conditions, DO NOT USE THE FILE.
*
*
* The actual dynamically loadable plugin, and the library files for
* static linking, which are also provided in some distributions, are
* not covered by the licence described above. You should have
* received a separate licence with terms and conditions for these
* library files; if you received the library files without a licence,
* please contact nCipher.
*
*
* $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
*/
#ifndef HWCRYPTOHOOK_H
# define HWCRYPTOHOOK_H
# include <sys/types.h>
# include <stdio.h>
# ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
# define HWCRYPTOHOOK_DECLARE_APPTYPES 1
# endif
# define HWCRYPTOHOOK_ERROR_FAILED -1
# define HWCRYPTOHOOK_ERROR_FALLBACK -2
# define HWCRYPTOHOOK_ERROR_MPISIZE -3
# if HWCRYPTOHOOK_DECLARE_APPTYPES
/*-
* These structs are defined by the application and opaque to the
* crypto plugin. The application may define these as it sees fit.
* Default declarations are provided here, but the application may
* #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
* to prevent these declarations, and instead provide its own
* declarations of these types. (Pointers to them must still be
* ordinary pointers to structs or unions, or the resulting combined
* program will have a type inconsistency.)
*/
typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
typedef struct HWCryptoHook_PassphraseContextValue
HWCryptoHook_PassphraseContext;
typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
# endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
/*-
* These next two structs are opaque to the application. The crypto
* plugin will return pointers to them; the caller simply manipulates
* the pointers.
*/
typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
typedef struct {
char *buf;
size_t size;
} HWCryptoHook_ErrMsgBuf;
/*-
* Used for error reporting. When a HWCryptoHook function fails it
* will return a sentinel value (0 for pointer-valued functions, or a
* negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
* integer-valued ones). It will, if an ErrMsgBuf is passed, also put
* an error message there.
*
* size is the size of the buffer, and will not be modified. If you
* pass 0 for size you must pass 0 for buf, and nothing will be
* recorded (just as if you passed 0 for the struct pointer).
* Messages written to the buffer will always be null-terminated, even
* when truncated to fit within size bytes.
*
* The contents of the buffer are not defined if there is no error.
*/
typedef struct HWCryptoHook_MPIStruct {
unsigned char *buf;
size_t size;
} HWCryptoHook_MPI;
/*-
* When one of these is returned, a pointer is passed to the function.
* At call, size is the space available. Afterwards it is updated to
* be set to the actual length (which may be more than the space available,
* if there was not enough room and the result was truncated).
* buf (the pointer) is not updated.
*
* size is in bytes and may be zero at call or return, but must be a
* multiple of the limb size. Zero limbs at the MS end are not
* permitted.
*/
# define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
# define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
/*-
* Enable requesting fallback to software in case of problems with the
* hardware support. This indicates to the crypto provider that the
* application is prepared to fall back to software operation if the
* ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
* Without this flag those calls will never return
* HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
* provider to avoid repeatedly attempting to contact dead hardware
* within a short interval, if appropriate.
*/
# define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
/*-
* Without _SimpleForkCheck the library is allowed to assume that the
* application will not fork and call the library in the child(ren).
*
* When it is specified, this is allowed. However, after a fork
* neither parent nor child may unload any loaded keys or call
* _Finish. Instead, they should call exit (or die with a signal)
* without calling _Finish. After all the children have died the
* parent may unload keys or call _Finish.
*
* This flag only has any effect on UN*X platforms.
*/
typedef struct {
unsigned long flags;
void *logstream; /* usually a FILE*. See below. */
size_t limbsize; /* bignum format - size of radix type, must
* be power of 2 */
int mslimbfirst; /* 0 or 1 */
int msbytefirst; /* 0 or 1; -1 = native */
/*-
* All the callback functions should return 0 on success, or a
* nonzero integer (whose value will be visible in the error message
* put in the buffer passed to the call).
*
* If a callback is not available pass a null function pointer.
*
* The callbacks may not call down again into the crypto plugin.
*/
/*-
* For thread-safety. Set everything to 0 if you promise only to be
* singlethreaded. maxsimultaneous is the number of calls to
* ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
* put there then say 0 and the hook library will use a default.
*
* maxmutexes is a small limit on the number of simultaneous mutexes
* which will be requested by the library. If there is no small
* limit, set it to 0. If the crypto plugin cannot create the
* advertised number of mutexes the calls to its functions may fail.
* If a low number of mutexes is advertised the plugin will try to
* do the best it can. Making larger numbers of mutexes available
* may improve performance and parallelism by reducing contention
* over critical sections. Unavailability of any mutexes, implying
* single-threaded operation, should be indicated by the setting
* mutex_init et al to 0.
*/
int maxmutexes;
int maxsimultaneous;
size_t mutexsize;
int (*mutex_init) (HWCryptoHook_Mutex *,
HWCryptoHook_CallerContext * cactx);
int (*mutex_acquire) (HWCryptoHook_Mutex *);
void (*mutex_release) (HWCryptoHook_Mutex *);
void (*mutex_destroy) (HWCryptoHook_Mutex *);
/*-
* For greater efficiency, can use condition vars internally for
* synchronisation. In this case maxsimultaneous is ignored, but
* the other mutex stuff must be available. In singlethreaded
* programs, set everything to 0.
*/
size_t condvarsize;
int (*condvar_init) (HWCryptoHook_CondVar *,
HWCryptoHook_CallerContext * cactx);
int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *);
void (*condvar_signal) (HWCryptoHook_CondVar *);
void (*condvar_broadcast) (HWCryptoHook_CondVar *);
void (*condvar_destroy) (HWCryptoHook_CondVar *);
/*-
* The semantics of acquiring and releasing mutexes and broadcasting
* and waiting on condition variables are expected to be those from
* POSIX threads (pthreads). The mutexes may be (in pthread-speak)
* fast mutexes, recursive mutexes, or nonrecursive ones.
*
* The _release/_signal/_broadcast and _destroy functions must
* always succeed when given a valid argument; if they are given an
* invalid argument then the program (crypto plugin + application)
* has an internal error, and they should abort the program.
*/
int (*getpassphrase) (const char *prompt_info,
int *len_io, char *buf,
HWCryptoHook_PassphraseContext * ppctx,
HWCryptoHook_CallerContext * cactx);
/*-
* Passphrases and the prompt_info, if they contain high-bit-set
* characters, are UTF-8. The prompt_info may be a null pointer if
* no prompt information is available (it should not be an empty
* string). It will not contain text like `enter passphrase';
* instead it might say something like `Operator Card for John
* Smith' or `SmartCard in nFast Module #1, Slot #1'.
*
* buf points to a buffer in which to return the passphrase; on
* entry *len_io is the length of the buffer. It should be updated
* by the callback. The returned passphrase should not be
* null-terminated by the callback.
*/
int (*getphystoken) (const char *prompt_info,
const char *wrong_info,
HWCryptoHook_PassphraseContext * ppctx,
HWCryptoHook_CallerContext * cactx);
/*-
* Requests that the human user physically insert a different
* smartcard, DataKey, etc. The plugin should check whether the
* currently inserted token(s) are appropriate, and if they are it
* should not make this call.
*
* prompt_info is as before. wrong_info is a description of the
* currently inserted token(s) so that the user is told what
* something is. wrong_info, like prompt_info, may be null, but
* should not be an empty string. Its contents should be
* syntactically similar to that of prompt_info.
*/
/*-
* Note that a single LoadKey operation might cause several calls to
* getpassphrase and/or requestphystoken. If requestphystoken is
* not provided (ie, a null pointer is passed) then the plugin may
* not support loading keys for which authorisation by several cards
* is required. If getpassphrase is not provided then cards with
* passphrases may not be supported.
*
* getpassphrase and getphystoken do not need to check that the
* passphrase has been entered correctly or the correct token
* inserted; the crypto plugin will do that. If this is not the
* case then the crypto plugin is responsible for calling these
* routines again as appropriate until the correct token(s) and
* passphrase(s) are supplied as required, or until any retry limits
* implemented by the crypto plugin are reached.
*
* In either case, the application must allow the user to say `no'
* or `cancel' to indicate that they do not know the passphrase or
* have the appropriate token; this should cause the callback to
* return nonzero indicating error.
*/
void (*logmessage) (void *logstream, const char *message);
/*-
* A log message will be generated at least every time something goes
* wrong and an ErrMsgBuf is filled in (or would be if one was
* provided). Other diagnostic information may be written there too,
* including more detailed reasons for errors which are reported in an
* ErrMsgBuf.
*
* When a log message is generated, this callback is called. It
* should write a message to the relevant logging arrangements.
*
* The message string passed will be null-terminated and may be of arbitrary
* length. It will not be prefixed by the time and date, nor by the
* name of the library that is generating it - if this is required,
* the logmessage callback must do it. The message will not have a
* trailing newline (though it may contain internal newlines).
*
* If a null pointer is passed for logmessage a default function is
* used. The default function treats logstream as a FILE* which has
* been converted to a void*. If logstream is 0 it does nothing.
* Otherwise it prepends the date and time and library name and
* writes the message to logstream. Each line will be prefixed by a
* descriptive string containing the date, time and identity of the
* crypto plugin. Errors on the logstream are not reported
* anywhere, and the default function doesn't flush the stream, so
* the application must set the buffering how it wants it.
*
* The crypto plugin may also provide a facility to have copies of
* log messages sent elsewhere, and or for adjusting the verbosity
* of the log messages; any such facilities will be configured by
* external means.
*/
} HWCryptoHook_InitInfo;
typedef
HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *
initinfo, size_t initinfosize,
const HWCryptoHook_ErrMsgBuf *
errors,
HWCryptoHook_CallerContext *
cactx);
extern HWCryptoHook_Init_t HWCryptoHook_Init;
/*-
* Caller should set initinfosize to the size of the HWCryptoHook struct,
* so it can be extended later.
*
* On success, a message for display or logging by the server,
* including the name and version number of the plugin, will be filled
* in into *errors; on failure *errors is used for error handling, as
* usual.
*/
/*-
* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
* on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
* the output MPI buffer(s) was too small; the sizes of all have been
* set to the desired size (and for those where the buffer was large
* enough, the value may have been copied in), and no error message
* has been recorded.
*
* You may pass 0 for the errors struct. In any case, unless you set
* _NoStderr at init time then messages may be reported to stderr.
*/
/*-
* The RSAImmed* functions (and key managed RSA) only work with
* modules which have an RSA patent licence - currently that means KM
* units; the ModExp* ones work with all modules, so you need a patent
* licence in the software in the US. They are otherwise identical.
*/
typedef
void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
/* You must not have any calls going or keys loaded when you call this. */
typedef
int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
unsigned char *buf, size_t len,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
typedef
int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI a,
HWCryptoHook_MPI p,
HWCryptoHook_MPI n,
HWCryptoHook_MPI * r,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
typedef
int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI m,
HWCryptoHook_MPI e,
HWCryptoHook_MPI n,
HWCryptoHook_MPI * r,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
typedef
int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI a,
HWCryptoHook_MPI p,
HWCryptoHook_MPI q,
HWCryptoHook_MPI dmp1,
HWCryptoHook_MPI dmq1,
HWCryptoHook_MPI iqmp,
HWCryptoHook_MPI * r,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
typedef
int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI m,
HWCryptoHook_MPI p,
HWCryptoHook_MPI q,
HWCryptoHook_MPI dmp1,
HWCryptoHook_MPI dmq1,
HWCryptoHook_MPI iqmp,
HWCryptoHook_MPI * r,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
/*-
* The RSAImmed* and ModExp* functions may return E_FAILED or
* E_FALLBACK for failure.
*
* E_FAILED means the failure is permanent and definite and there
* should be no attempt to fall back to software. (Eg, for some
* applications, which support only the acceleration-only
* functions, the `key material' may actually be an encoded key
* identifier, and doing the operation in software would give wrong
* answers.)
*
* E_FALLBACK means that doing the computation in software would seem
* reasonable. If an application pays attention to this and is
* able to fall back, it should also set the Fallback init flags.
*/
typedef
int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
const char *key_ident,
HWCryptoHook_RSAKeyHandle * keyhandle_r,
const HWCryptoHook_ErrMsgBuf * errors,
HWCryptoHook_PassphraseContext * ppctx);
extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
/*-
* The key_ident is a null-terminated string configured by the
* user via the application's usual configuration mechanisms.
* It is provided to the user by the crypto provider's key management
* system. The user must be able to enter at least any string of between
* 1 and 1023 characters inclusive, consisting of printable 7-bit
* ASCII characters. The provider should avoid using
* any characters except alphanumerics and the punctuation
* characters _ - + . / @ ~ (the user is expected to be able
* to enter these without quoting). The string may be case-sensitive.
* The application may allow the user to enter other NULL-terminated strings,
* and the provider must cope (returning an error if the string is not
* valid).
*
* If the key does not exist, no error is recorded and 0 is returned;
* keyhandle_r will be set to 0 instead of to a key handle.
*/
typedef
int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
HWCryptoHook_MPI * n,
HWCryptoHook_MPI * e,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
/*-
* The crypto plugin will not store certificates.
*
* Although this function for acquiring the public key value is
* provided, it is not the purpose of this API to deal fully with the
* handling of the public key.
*
* It is expected that the crypto supplier's key generation program
* will provide general facilities for producing X.509
* self-certificates and certificate requests in PEM format. These
* will be given to the user so that they can configure them in the
* application, send them to CAs, or whatever.
*
* In case this kind of certificate handling is not appropriate, the
* crypto supplier's key generation program should be able to be
* configured not to generate such a self-certificate or certificate
* request. Then the application will need to do all of this, and
* will need to store and handle the public key and certificates
* itself.
*/
typedef
int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
/* Might fail due to locking problems, or other serious internal problems. */
typedef
int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
HWCryptoHook_RSAKeyHandle k,
HWCryptoHook_MPI * r,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
/* RSA private key operation (sign or decrypt) - raw, unpadded. */
#endif /* HWCRYPTOHOOK_H */

250
openssl-1.0.2f/engines/vendor_defns/sureware.h Normal file
View File

@@ -0,0 +1,250 @@
/*-
* Written by Corinne Dive-Reclus(cdive@baltimore.com)
*
* Copyright@2001 Baltimore Technologies Ltd.
*
* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef WIN32
# define SW_EXPORT __declspec ( dllexport )
#else
# define SW_EXPORT
#endif
/*
* List of exposed SureWare errors
*/
#define SUREWAREHOOK_ERROR_FAILED -1
#define SUREWAREHOOK_ERROR_FALLBACK -2
#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
#define SUREWAREHOOK_ERROR_DATA_SIZE -4
#define SUREWAREHOOK_ERROR_INVALID_PAD -5
/*-
* -----------------WARNING-----------------------------------
* In all the following functions:
* msg is a string with at least 24 bytes free.
* A 24 bytes string will be concatenated to the existing content of msg.
*/
/*-
* SureWare Initialisation function
* in param threadsafe, if !=0, thread safe enabled
* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
*/
typedef int SureWareHook_Init_t(char *const msg, int threadsafe);
extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
/*-
* SureWare Finish function
*/
typedef void SureWareHook_Finish_t(void);
extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
/*-
* PRE_CONDITION:
* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
*/
/*-
* SureWare RAND Bytes function
* In case of failure, the content of buf is unpredictable.
* return 1 if success
* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* in/out param buf : a num bytes long buffer where random bytes will be put
* in param num : the number of bytes into buf
*/
typedef int SureWareHook_Rand_Bytes_t(char *const msg, unsigned char *buf,
int num);
extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
/*-
* SureWare RAND Seed function
* Adds some seed to the Hardware Random Number Generator
* return 1 if success
* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* in param buf : the seed to add into the HRNG
* in param num : the number of bytes into buf
*/
typedef int SureWareHook_Rand_Seed_t(char *const msg, const void *buf,
int num);
extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
/*-
* SureWare Load Private Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* No hardware is contact for this function.
*
* in param key_id :the name of the private protected key file without the extension
".sws"
* out param hptr : a pointer to a buffer allocated by SureWare_Hook
* out param num: the effective key length in bytes
* out param keytype: 1 if RSA 2 if DSA
*/
typedef int SureWareHook_Load_Privkey_t(char *const msg, const char *key_id,
char **hptr, unsigned long *num,
char *keytype);
extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
/*-
* SureWare Info Public Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* No hardware is contact for this function.
*
* in param key_id :the name of the private protected key file without the extension
".swp"
* out param hptr : a pointer to a buffer allocated by SureWare_Hook
* out param num: the effective key length in bytes
* out param keytype: 1 if RSA 2 if DSA
*/
typedef int SureWareHook_Info_Pubkey_t(char *const msg, const char *key_id,
unsigned long *num, char *keytype);
extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
/*-
* SureWare Load Public Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* No hardware is contact for this function.
*
* in param key_id :the name of the public protected key file without the extension
".swp"
* in param num : the bytes size of n and e
* out param n: where to write modulus in bn format
* out param e: where to write exponent in bn format
*/
typedef int SureWareHook_Load_Rsa_Pubkey_t(char *const msg,
const char *key_id,
unsigned long num,
unsigned long *n,
unsigned long *e);
extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
/*-
* SureWare Load DSA Public Key function
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* No hardware is contact for this function.
*
* in param key_id :the name of the public protected key file without the extension
".swp"
* in param num : the bytes size of n and e
* out param pub: where to write pub key in bn format
* out param p: where to write prime in bn format
* out param q: where to write sunprime (length 20 bytes) in bn format
* out param g: where to write base in bn format
*/
typedef int SureWareHook_Load_Dsa_Pubkey_t(char *const msg,
const char *key_id,
unsigned long num,
unsigned long *pub,
unsigned long *p, unsigned long *q,
unsigned long *g);
extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
/*-
* SureWare Free function
* Destroy the key into the hardware if destroy==1
*/
typedef void SureWareHook_Free_t(char *p, int destroy);
extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
#define SUREWARE_PKCS1_PAD 1
#define SUREWARE_ISO9796_PAD 2
#define SUREWARE_NO_PAD 0
/*-
* SureWare RSA Private Decryption
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* in param flen : byte size of from and to
* in param from : encrypted data buffer, should be a not-null valid pointer
* out param tlen: byte size of decrypted data, if error, unexpected value
* out param to : decrypted data buffer, should be a not-null valid pointer
* in param prsa: a protected key pointer, should be a not-null valid pointer
* int padding: padding id as follow
* SUREWARE_PKCS1_PAD
* SUREWARE_NO_PAD
*
*/
typedef int SureWareHook_Rsa_Priv_Dec_t(char *const msg, int flen,
unsigned char *from, int *tlen,
unsigned char *to, char *prsa,
int padding);
extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
/*-
* SureWare RSA Signature
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* in param flen : byte size of from and to
* in param from : encrypted data buffer, should be a not-null valid pointer
* out param tlen: byte size of decrypted data, if error, unexpected value
* out param to : decrypted data buffer, should be a not-null valid pointer
* in param prsa: a protected key pointer, should be a not-null valid pointer
* int padding: padding id as follow
* SUREWARE_PKCS1_PAD
* SUREWARE_ISO9796_PAD
*
*/
typedef int SureWareHook_Rsa_Sign_t(char *const msg, int flen,
unsigned char *from, int *tlen,
unsigned char *to, char *prsa,
int padding);
extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
/*-
* SureWare DSA Signature
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* in param flen : byte size of from and to
* in param from : encrypted data buffer, should be a not-null valid pointer
* out param to : decrypted data buffer, should be a 40bytes valid pointer
* in param pdsa: a protected key pointer, should be a not-null valid pointer
*
*/
typedef int SureWareHook_Dsa_Sign_t(char *const msg, int flen,
const unsigned char *from,
unsigned long *r, unsigned long *s,
char *pdsa);
extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
/*-
* SureWare Mod Exp
* return 1 if success
* SureWareHOOK_ERROR_FAILED if error while processing
* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
*
* mod and res are mlen bytes long.
* exp is elen bytes long
* data is dlen bytes long
* mlen,elen and dlen are all multiple of sizeof(unsigned long)
*/
typedef int SureWareHook_Mod_Exp_t(char *const msg, int mlen,
const unsigned long *mod, int elen,
const unsigned long *exponent, int dlen,
unsigned long *data, unsigned long *res);
extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;