📄 cryptacm.h
字号:
const void *dummy )
{
const MECHANISM_WRAP_INFO *mechanismInfo = \
( MECHANISM_WRAP_INFO * ) messageDataPtr;
const MECHANISM_ACL *mechanismACL = \
( ( message & RESOURCE_MESSAGE_MASK ) == RESOURCE_MESSAGE_DEV_EXPORT ) ? \
mechanismWrapACL : mechanismUnwrapACL;
BOOLEAN isRawMechanism;
int contextHandle, i;
/* Precondition */
PRE( isValidObject( objectHandle ) );
PRE( message == RESOURCE_MESSAGE_DEV_EXPORT || \
message == RESOURCE_IMESSAGE_DEV_EXPORT || \
message == RESOURCE_MESSAGE_DEV_IMPORT || \
message == RESOURCE_IMESSAGE_DEV_IMPORT );
PRE( messageDataPtr != NULL );
PRE( messageValue == MECHANISM_PKCS1 || \
messageValue == MECHANISM_PKCS1_PGP || \
messageValue == MECHANISM_PKCS1_RAW || \
messageValue == MECHANISM_CMS || \
messageValue == MECHANISM_KEA || \
messageValue == MECHANISM_PRIVATEKEYWRAP );
/* Find the appropriate ACL for this mechanism */
for( i = 0; mechanismACL[ i ].type != messageValue && \
mechanismACL[ i ].type != MECHANISM_NONE; i++ );
mechanismACL = &mechanismACL[ i ];
isRawMechanism = paramInfo( mechanismACL, 2 ).valueType == MECHPARAM_VALUE_UNUSED;
/* Inner precondition: We have an ACL for this mechanism, and the non-
user-supplied parameters (the ones supplied by cryptlib which must
be OK) are in order */
PRE( mechanismACL->type != MECHANISM_NONE );
PRE( checkMechParamString( paramInfo( mechanismACL, 0 ),
mechanismInfo->wrappedData,
mechanismInfo->wrappedDataLength ) );
PRE( checkMechParamString( paramInfo( mechanismACL, 1 ),
mechanismInfo->keyData,
mechanismInfo->keyDataLength ) );
PRE( checkMechParamObject( paramInfo( mechanismACL, 4 ),
mechanismInfo->auxContext ) );
/* Make sure the user-supplied parameters are in order, part 1: The
session key is a valid object of the correct type, and there's a key
loaded/not loaded as appropriate */
if( !isRawMechanism )
{
if( !isValidObject( mechanismInfo->keyContext ) || \
!isObjectAccessValid( mechanismInfo->keyContext, message ) || \
!checkObjectOwnership( objectTable[ mechanismInfo->keyContext ] ) )
return( CRYPT_ARGERROR_NUM1 );
if( paramInfo( mechanismACL, 2 ).flags & MECHANISM_FLAG_ROUTE_TO_CTX )
{
/* The key being wrapped may be accessed via an object such as a
certificate which isn't the required object type, in order to
perform the following check on it we have to first find the
ultimate target object */
contextHandle = findTargetType( mechanismInfo->keyContext,
OBJECT_TYPE_CONTEXT );
if( cryptStatusError( contextHandle ) )
return( CRYPT_ARGERROR_NUM2 );
}
else
contextHandle = mechanismInfo->keyContext;
if( !checkMechParamObject( paramInfo( mechanismACL, 2 ), contextHandle ) )
return( CRYPT_ARGERROR_NUM1 );
if( ( message & RESOURCE_MESSAGE_MASK ) == RESOURCE_MESSAGE_DEV_EXPORT )
{
if( !( objectTable[ contextHandle ].flags & OBJECT_FLAG_HIGH ) )
return( CRYPT_ARGERROR_NUM1 );
}
else
if( objectTable[ contextHandle ].flags & OBJECT_FLAG_HIGH )
return( CRYPT_ARGERROR_NUM1 );
}
else
/* For raw wrap/unwrap mechanisms the data is supplied as string
data. This is somewhat risky since it allows bypassing of object
ownership checks, however these mechanisms are only accessed from
deep within cryptlib (eg by the SSH and SSL session code, which
needs to handle protocol-specific secret data in special ways) so
there's no chance for problems since the contexts it ends up in
are cryptlib-internal, automatically-created ones belonging to the
owner of the session object */
PRE( checkMechParamObject( paramInfo( mechanismACL, 2 ),
mechanismInfo->keyContext ) );
/* Make sure the user-supplied parameters are in order, part 2: The
wrapping key is a valid object of the correct type with a key loaded */
if( !isValidObject( mechanismInfo->wrapContext ) || \
!isObjectAccessValid( mechanismInfo->wrapContext, message ) || \
!checkObjectOwnership( objectTable[ mechanismInfo->wrapContext ] ) )
return( CRYPT_ARGERROR_NUM2 );
if( paramInfo( mechanismACL, 3 ).flags & MECHANISM_FLAG_ROUTE_TO_CTX )
{
/* The wrapping key may be accessed via an object such as a
certificate which isn't the required object type, in order to
perform the following check on it we have to first find the
ultimate target object */
contextHandle = findTargetType( mechanismInfo->wrapContext,
OBJECT_TYPE_CONTEXT );
if( cryptStatusError( contextHandle ) )
return( CRYPT_ARGERROR_NUM2 );
}
else
contextHandle = mechanismInfo->wrapContext;
if( !checkMechParamObject( paramInfo( mechanismACL, 3 ), contextHandle ) )
return( CRYPT_ARGERROR_NUM2 );
if( !( objectTable[ mechanismInfo->wrapContext ].flags & OBJECT_FLAG_HIGH ) )
return( CRYPT_ARGERROR_NUM2 );
/* Make sure all the objects have the same owner. Note that we have to
be careful how we apply the three-way ownership test since the message
target is usually the system object which is unowned, so we have to
perform the ownership comparison across the two objects which we know
will always be owned */
if( isRawMechanism )
{
if( !isSameOwner( objectHandle, mechanismInfo->wrapContext ) )
return( CRYPT_ARGERROR_NUM2 );
}
else
{
if( !isSameOwner( objectHandle, mechanismInfo->keyContext ) )
return( CRYPT_ARGERROR_NUM1 );
if( !isSameOwner( mechanismInfo->keyContext,
mechanismInfo->wrapContext ) )
return( CRYPT_ARGERROR_NUM2 );
}
/* Postcondition: The wrapping key and session key are of the appropriate
type, there are keys loaded/not loaded as appropriate, and the access
is valid. We don't explicitly state this since it's just
regurgitating the checks already performed above */
/* Postcondition: All objects have the same owner */
POST( ( isRawMechanism && \
isSameOwner( objectHandle, mechanismInfo->wrapContext ) ) || \
( !isRawMechanism && \
isSameOwner( objectHandle, mechanismInfo->keyContext ) && \
isSameOwner( mechanismInfo->keyContext, \
mechanismInfo->wrapContext ) ) );
return( CRYPT_OK );
}
static int preDispatchCheckMechanismSignAccess( const int objectHandle,
const RESOURCE_MESSAGE_TYPE message,
const void *messageDataPtr,
const int messageValue,
const void *dummy )
{
const MECHANISM_SIGN_INFO *mechanismInfo = \
( MECHANISM_SIGN_INFO * ) messageDataPtr;
const MECHANISM_ACL *mechanismACL = \
( ( message & RESOURCE_MESSAGE_MASK ) == RESOURCE_MESSAGE_DEV_SIGN ) ? \
mechanismSignACL : mechanismSigCheckACL;
int contextHandle, i;
/* Precondition */
PRE( isValidObject( objectHandle ) );
PRE( message == RESOURCE_MESSAGE_DEV_SIGN || \
message == RESOURCE_IMESSAGE_DEV_SIGN || \
message == RESOURCE_MESSAGE_DEV_SIGCHECK || \
message == RESOURCE_IMESSAGE_DEV_SIGCHECK );
PRE( messageDataPtr != NULL );
PRE( messageValue == MECHANISM_PKCS1 );
/* Find the appropriate ACL for this mechanism */
for( i = 0; mechanismACL[ i ].type != messageValue && \
mechanismACL[ i ].type != MECHANISM_NONE; i++ );
mechanismACL = &mechanismACL[ i ];
/* Inner precondition: We have an ACL for this mechanism, and the non-
user-supplied parameters (the ones supplied by cryptlib which must
be OK) are in order */
PRE( mechanismACL->type != MECHANISM_NONE );
PRE( checkMechParamString( paramInfo( mechanismACL, 0 ),
mechanismInfo->signature,
mechanismInfo->signatureLength ) );
/* Make sure the user-supplied parameters are in order, part 1: The
hash context is a valid object of the correct type */
if( !isValidObject( mechanismInfo->hashContext ) || \
!isObjectAccessValid( mechanismInfo->hashContext, message ) || \
!checkObjectOwnership( objectTable[ mechanismInfo->hashContext ] ) )
return( CRYPT_ARGERROR_NUM1 );
if( !checkMechParamObject( paramInfo( mechanismACL, 1 ),
mechanismInfo->hashContext ) )
return( CRYPT_ARGERROR_NUM1 );
if( !( objectTable[ mechanismInfo->hashContext ].flags & OBJECT_FLAG_HIGH ) )
return( CRYPT_ARGERROR_NUM1 );
/* Make sure the user-supplied parameters are in order, part 2: The
sig/sig check context is a valid object of the correct type, and
there's a key loaded */
if( !isValidObject( mechanismInfo->signContext ) || \
!isObjectAccessValid( mechanismInfo->signContext, message ) || \
!checkObjectOwnership( objectTable[ mechanismInfo->signContext ] ) )
return( CRYPT_ARGERROR_NUM2 );
if( paramInfo( mechanismACL, 2 ).flags & MECHANISM_FLAG_ROUTE_TO_CTX )
{
/* The sig.check key may be accessed via an object such as a
certificate which isn't the required object type, in order to
perform the following check on it we have to first find the
ultimate target object */
contextHandle = findTargetType( mechanismInfo->signContext,
OBJECT_TYPE_CONTEXT );
if( cryptStatusError( contextHandle ) )
return( CRYPT_ARGERROR_NUM2 );
}
else
contextHandle = mechanismInfo->signContext;
if( !checkMechParamObject( paramInfo( mechanismACL, 2 ), contextHandle ) )
return( CRYPT_ARGERROR_NUM2 );
if( !( objectTable[ mechanismInfo->signContext ].flags & OBJECT_FLAG_HIGH ) )
return( CRYPT_ARGERROR_NUM2 );
/* Make sure all the objects have the same owner */
if( !isSameOwner( objectHandle, mechanismInfo->hashContext ) )
return( CRYPT_ARGERROR_NUM1 );
if( !isSameOwner( mechanismInfo->hashContext, mechanismInfo->signContext ) )
return( CRYPT_ARGERROR_NUM2 );
/* Postcondition: The hash and sig/sig check contexts are of the
appropriate type, there's a key loaded in the sig/sig check context,
and the access is valid. We don't explicitly state this since it's
just regurgitating the checks already performed above */
/* Make sure all the objects have the same owner. Note that we have to
be careful how we apply the three-way ownership test since the message
target is usually the system object which is unowned, so we have to
perform the ownership comparison across the two objects which we know
will always be owned */
POST( isSameOwner( objectHandle, mechanismInfo->hashContext ) && \
isSameOwner( mechanismInfo->hashContext, mechanismInfo->signContext ) );
return( CRYPT_OK );
}
static int preDispatchCheckMechanismDeriveAccess( const int objectHandle,
const RESOURCE_MESSAGE_TYPE message,
const void *messageDataPtr,
const int messageValue,
const void *dummy )
{
const MECHANISM_DERIVE_INFO *mechanismInfo = \
( MECHANISM_DERIVE_INFO * ) messageDataPtr;
const MECHANISM_ACL *mechanismACL = mechanismDeriveACL;
int i;
/* Precondition */
PRE( isValidObject( objectHandle ) );
PRE( message == RESOURCE_MESSAGE_DEV_DERIVE || \
message == RESOURCE_IMESSAGE_DEV_DERIVE );
PRE( messageDataPtr != NULL );
PRE( messageValue == MECHANISM_PKCS5 || \
messageValue == MECHANISM_SSL || \
messageValue == MECHANISM_TLS || \
messageValue == MECHANISM_CMP || \
messageValue == MECHANISM_PGP );
/* Find the appropriate ACL for this mechanism */
for( i = 0; mechanismACL[ i ].type != messageValue && \
mechanismACL[ i ].type != MECHANISM_NONE; i++ );
mechanismACL = &mechanismACL[ i ];
/* Inner precondition: We have an ACL for this mechanism, and the non-
user-supplied parameters (the ones supplied by cryptlib which must
be OK) are in order */
PRE( mechanismACL->type != MECHANISM_NONE );
PRE( checkMechParamString( paramInfo( mechanismACL, 0 ),
mechanismInfo->dataOut,
mechanismInfo->dataOutLength ) );
PRE( checkMechParamString( paramInfo( mechanismACL, 1 ),
mechanismInfo->dataIn,
mechanismInfo->dataInLength ) );
PRE( checkMechParamNumeric( paramInfo( mechanismACL, 2 ),
mechanismInfo->hashAlgo ) );
PRE( checkMechParamString( paramInfo( mechanismACL, 3 ),
mechanismInfo->salt,
mechanismInfo->saltLength ) );
PRE( checkMechParamNumeric( paramInfo( mechanismACL, 4 ),
mechanismInfo->iterations ) );
/* This is a pure data-transformation mechanism, there are no objects
used so there are no further checks to perform */
return( CRYPT_OK );
}
/****************************************************************************
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -