forsock.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 816 行 · 第 1/2 页

	break;
    default:
        RemoveKey(newKey);
	MACI_Unlock(hs);
	return NULL;
    }
    MACI_Unlock(hs);
    return newKey;
}

FortezzaKey *NewUnwrappedKey(int inKeyRegister, int id,
			     FortezzaSocket *inSocket) {
    FortezzaKey *newKey;

    newKey = (FortezzaKey*)PORT_Alloc (sizeof(FortezzaKey));
    if (newKey == NULL) {
        return NULL;
    }
 
    newKey->keyRegister = inKeyRegister;
    newKey->keyType     = UNWRAP;
    newKey->keySocket   = inSocket;
    newKey->id          = id;
    newKey->hitCount    = inSocket->hitCount++; 
    MACI_WrapKey(inSocket->maciSession,0 , inKeyRegister, newKey->keyData.mek);
    inSocket->keyRegisters[inKeyRegister] = newKey;

    return newKey;
}

int LoadKeyIntoRegister (FortezzaKey *inKey) {
    int              registerIndex = GetBestKeyRegister(inKey->keySocket);
    FortezzaSocket  *socket        = inKey->keySocket;
    FortezzaKey    **registers     = socket->keyRegisters;
    HSESSION         hs            = socket->maciSession;
    FortezzaTEK     *tek           = &inKey->keyData.tek;
    FortezzaKey     *oldKey;
    int              rv = CI_FAIL;

    if (inKey->keyRegister != KeyNotLoaded) {
        return inKey->keyRegister;
    }

    oldKey = registers[registerIndex];

    MACI_Select(hs, socket->slotID);
    if (oldKey) {
        oldKey->keyRegister = KeyNotLoaded;
    }
    MACI_DeleteKey (hs, registerIndex);

    switch (inKey->keyType) {
    case TEK:
        if (!FortezzaIsRegenerating(inKey)) {
	  return KeyNotLoaded;
	}
        if (MACI_SetPersonality(hs, tek->registerIndex) == CI_OK) {
	    rv = MACI_GenerateTEK (hs, tek->flags, registerIndex, 
				   tek->Ra, tek->Rb, tek->ySize, 
				   tek->pY);   
	} 
	if (rv != CI_OK)
	    return KeyNotLoaded;
	break;
    case MEK:
    case UNWRAP:
        rv = MACI_UnwrapKey (hs, 0, registerIndex, inKey->keyData.mek);
	if (rv != CI_OK) 
	    return KeyNotLoaded;
	break;
    default:
        return KeyNotLoaded;
    }
    inKey->keyRegister = registerIndex;
    registers[registerIndex] = inKey;
 
    return registerIndex;
}

int InitCryptoOperation (FortezzaContext *inContext, 
			 CryptoType inCryptoOperation) {
    inContext->cryptoOperation = inCryptoOperation;
    return SOCKET_SUCCESS;
}

int EndCryptoOperation (FortezzaContext *inContext, 
			CryptoType inCryptoOperation) {
    if (inCryptoOperation != inContext->cryptoOperation) {
      return SOCKET_FAILURE;
    }
    inContext->cryptoOperation = None;
    return SOCKET_SUCCESS;
}

CryptoType GetCryptoOperation (FortezzaContext *inContext) {
    return inContext->cryptoOperation;
}

void InitContext(FortezzaContext *inContext, FortezzaSocket *inSocket,
		 CK_OBJECT_HANDLE hKey) {
    inContext->fortezzaKey     = NULL;
    inContext->fortezzaSocket  = inSocket;
    inContext->session         = NULL;
    inContext->mechanism       = NO_MECHANISM;
    inContext->userRamSize     = 0;
    inContext->cryptoOperation = None;
    inContext->hKey            = hKey;
}

extern PRBool fort11_FortezzaIsUserCert(unsigned char *label);

static int
GetValidPersonality (FortezzaSocket *inSocket) {
    int index;
    int i;
    PRBool unLoadList = PR_FALSE;
    int numPersonalities;

    if (!inSocket->personalitiesLoaded) {
        numPersonalities = inSocket->numPersonalities;
        FetchPersonalityList (inSocket);
	unLoadList = PR_TRUE;
    }

    for (i=0; i<inSocket->numPersonalities; i++) {
        if (fort11_FortezzaIsUserCert(inSocket->personalityList[i].CertLabel)) {
	    index = inSocket->personalityList[i].CertificateIndex;
	    break;
	}
    }

    if (unLoadList) {
        UnloadPersonalityList(inSocket);
	/* UnloadPersonality sets numPersonalities to zero,
	 * so we set it back to what it was when this function
	 * was called.
	 */
	inSocket->numPersonalities = numPersonalities;
    }
    return index;
}

int RestoreState (FortezzaContext *inContext, CryptoType inType) {
    FortezzaKey    *key    = inContext->fortezzaKey;
    FortezzaSocket *socket = inContext->fortezzaSocket;
    HSESSION        hs     = socket->maciSession; 
    CI_IV           bogus_iv;
    int             rv, cryptoType;
    int             personality = inContext->fortezzaKey->id;

    if (key == NULL)
        return SOCKET_FAILURE;

    if (personality == 0) {
        personality = GetValidPersonality (socket);
    }
    rv = MACI_SetPersonality(hs, personality);
    if (rv != CI_OK) {
        return SOCKET_FAILURE;
    }
    /*
     * The cards need to have some state bits set because
     * save and restore don't necessarily save all the state.
     * Instead of fixing the cards, they decided to change the
     * protocol :(.
     */
    switch (inType) {
    case Encrypt:
        rv = MACI_SetKey(hs, key->keyRegister);
	if (rv != CI_OK)
	    break;
	rv = MACI_GenerateIV (hs, bogus_iv);
	cryptoType = CI_ENCRYPT_EXT_TYPE;
	break;
    case Decrypt:
	rv = MACI_SetKey(hs, key->keyRegister);
        rv = MACI_LoadIV (hs, inContext->cardIV);
	cryptoType = CI_DECRYPT_EXT_TYPE;
	break;
    default:
      rv = CI_INV_POINTER;
      break;
    }

    if (rv != CI_OK) {
        return SOCKET_FAILURE;
    }

    rv = MACI_Restore(hs, cryptoType, inContext->cardState);
    if (rv != CI_OK) {
        return SOCKET_FAILURE;
    }

    return SOCKET_SUCCESS;
}

int SaveState (FortezzaContext *inContext, CI_IV inIV, 
	       PK11Session *inSession, FortezzaKey *inKey,
	       int inCryptoType, CK_MECHANISM_TYPE inMechanism){
    int             ciRV;
    FortezzaSocket *socket = inContext->fortezzaSocket;
    HSESSION        hs     = socket->maciSession;
    CI_CONFIG       ciConfig;

    ciRV = MACI_Select (hs, socket->slotID);
    if (ciRV != CI_OK) {
        return SOCKET_FAILURE;
    }
    inContext->session     = inSession;
    inContext->fortezzaKey = inKey;
    inContext->mechanism   = inMechanism;
    PORT_Memcpy (inContext->cardIV, inIV, sizeof (CI_IV));
    ciRV = MACI_Save(hs, inCryptoType, inContext->cardState);
    if (ciRV != CI_OK) {
        return SOCKET_FAILURE;
    }
    ciRV = MACI_GetConfiguration (hs, &ciConfig);
    if (ciRV == CI_OK) {
      inContext->userRamSize = ciConfig.LargestBlockSize;
    }

    if (inContext->userRamSize == 0) inContext->userRamSize = 0x4000;
    
    return SOCKET_SUCCESS;
}

int SocketSaveState (FortezzaContext *inContext, int inCryptoType) {
    int ciRV;

    ciRV = MACI_Save (inContext->fortezzaSocket->maciSession, inCryptoType, 
		      inContext->cardState);
    if (ciRV != CI_OK) {
        return SOCKET_FAILURE;
    }
    return SOCKET_SUCCESS;
}

int DecryptData (FortezzaContext *inContext, 
		 CK_BYTE_PTR inData,
		 CK_ULONG inDataLen, 
		 CK_BYTE_PTR inDest, 
		 CK_ULONG inDestLen) {
    FortezzaSocket *socket = inContext->fortezzaSocket;
    FortezzaKey    *key    = inContext->fortezzaKey;
    HSESSION        hs     = socket->maciSession;
    CK_ULONG        defaultEncryptSize;
    CK_ULONG        left = inDataLen;
    CK_BYTE_PTR    loopin, loopout;
    int             rv = CI_OK;    
    
    MACI_Select (hs, socket->slotID);

    defaultEncryptSize = (inContext->userRamSize > DEF_ENCRYPT_SIZE) 
                          ? DEF_ENCRYPT_SIZE : inContext->userRamSize;

    if (key->keyRegister == KeyNotLoaded) {
        rv = LoadKeyIntoRegister(key);
	if (rv == KeyNotLoaded) {
	    return SOCKET_FAILURE;
	}
    }

    key->hitCount = socket->hitCount++;
    loopin  = inData; 
    loopout = inDest;
    left    = inDataLen;
    rv = CI_OK;

    MACI_Lock(hs, CI_BLOCK_LOCK_FLAG);
    RestoreState (inContext, Decrypt);

    while ((left > 0) && (rv  == CI_OK)) {
        CK_ULONG current = (left > defaultEncryptSize) 
	                         ? defaultEncryptSize : left;
	rv = MACI_Decrypt(hs, current, loopin, loopout);
	loopin  += current;
	loopout += current;
	left    -= current;
    }

    MACI_Unlock(hs);

    if (rv != CI_OK) {
        return SOCKET_FAILURE;
    }


    rv = SocketSaveState (inContext, CI_DECRYPT_EXT_TYPE);
    if (rv != SOCKET_SUCCESS) {
      return rv;
    }


    return SOCKET_SUCCESS;
}

int EncryptData (FortezzaContext *inContext, 
		 CK_BYTE_PTR inData,
		 CK_ULONG inDataLen, 
		 CK_BYTE_PTR inDest, 
		 CK_ULONG inDestLen) {
    FortezzaSocket *socket = inContext->fortezzaSocket;
    FortezzaKey    *key    = inContext->fortezzaKey;
    HSESSION        hs     = socket->maciSession;
    CK_ULONG        defaultEncryptSize;
    CK_ULONG        left = inDataLen;
    CK_BYTE_PTR    loopin, loopout;
    int             rv = CI_OK;
    
    MACI_Select (hs, socket->slotID);

    defaultEncryptSize = (inContext->userRamSize > DEF_ENCRYPT_SIZE) 
                          ? DEF_ENCRYPT_SIZE : inContext->userRamSize;
    if (key->keyRegister == KeyNotLoaded) {
        rv = LoadKeyIntoRegister(key);
	if (rv == KeyNotLoaded) {
	    return rv;
	}
    }

    key->hitCount = socket->hitCount++;
    loopin  = inData;
    loopout = inDest;

    RestoreState (inContext,Encrypt);

    rv = CI_OK;
    while ((left > 0) && (rv == CI_OK)) {
      CK_ULONG current = (left > defaultEncryptSize) ? defaultEncryptSize : 
	                                               left;
      rv = MACI_Encrypt(hs, current, loopin, loopout);
      loopin  += current;
      loopout += current; 
      left    -= current;
    }

    if (rv != CI_OK) {
        return SOCKET_FAILURE;
    }

    rv = SocketSaveState (inContext, CI_ENCRYPT_EXT_TYPE);
    if (rv != SOCKET_SUCCESS) {
      return rv;
    }

    return SOCKET_SUCCESS;
}

int WrapKey (FortezzaKey *wrappingKey, FortezzaKey *srcKey,
	     CK_BYTE_PTR pDest, CK_ULONG ulDestLen) {
    int ciRV;
    HSESSION hs = wrappingKey->keySocket->maciSession;

    if (wrappingKey->keyRegister == KeyNotLoaded) {
      if (LoadKeyIntoRegister(wrappingKey) == KeyNotLoaded) {
	  return SOCKET_FAILURE;
      }
    }

    if (srcKey->id == 0) srcKey->id = wrappingKey->id;

    ciRV = MACI_WrapKey (hs, wrappingKey->keyRegister, 
			 srcKey->keyRegister, pDest);
    if (ciRV != CI_OK) {
        return SOCKET_FAILURE;
    }

    return SOCKET_SUCCESS;
}

int UnwrapKey (CK_BYTE_PTR inWrappedKey, FortezzaKey *inUnwrapKey) {
    int newIndex;
    int ciRV;
    FortezzaSocket *socket = inUnwrapKey->keySocket;
    HSESSION        hs     = socket->maciSession;
    FortezzaKey    *oldKey;

    if (inUnwrapKey->keyRegister == KeyNotLoaded) {
        if (LoadKeyIntoRegister(inUnwrapKey) == KeyNotLoaded) {
	    return KeyNotLoaded;
	}
    }

    ciRV = MACI_Select(hs, socket->slotID);
    if (ciRV != CI_OK) {
        return KeyNotLoaded;
    }

    newIndex = GetBestKeyRegister(inUnwrapKey->keySocket);
    oldKey = socket->keyRegisters[newIndex];

    MACI_Select(hs, socket->slotID);
    if (oldKey) {
        oldKey->keyRegister = KeyNotLoaded;
        socket->keyRegisters[newIndex] = NULL;
    }
    MACI_DeleteKey (hs, newIndex);
    ciRV = MACI_UnwrapKey(hs,inUnwrapKey->keyRegister, newIndex, inWrappedKey);
    if (ciRV != CI_OK) {
        inUnwrapKey->keyRegister = KeyNotLoaded;
	socket->keyRegisters[newIndex] = NULL;
        return KeyNotLoaded;
    }
    
    return newIndex;
}