dev_sys.c

来自「提供了很多种加密算法和CA认证及相关服务如CMP、OCSP等的开发」· C语言 代码 · 共 1,584 行 · 第 1/5 页

			   previous RANDOMPOOL_SAMPLES outputs */
			x917Sample = mgetLong( x917SamplePtr );
			for( i = 0; i < RANDOMPOOL_SAMPLES; i++ )
				if( randomInfo->x917PrevOutput[ i ] == x917Sample )
					{
					repeatedOutput = TRUE;
					break;
					}
			if( !repeatedOutput )
				/* We aren't repeating any previous output, exit */
				break;
			}

		/* If we ran out of retries, we're repeating the same output data,
		   fail */
		if( noRandomRetries >= RANDOMPOOL_RETRIES )
			{
			zeroise( &exportedRandomInfo, sizeof( RANDOM_INFO ) );

			/* Postcondition: Nulla vestigia retrorsum */
			FORALL( i, 0, RANDOMPOOL_ALLOCSIZE, \
					exportedRandomInfo.randomPool[ i ] == 0 );

			/* We can't trust the pool data any more so we set its quality
			   estimate to zero.  Ideally we should flash lights and sound
			   klaxons as well, this is a catastrophic failure */
			randomInfo->randomQuality = 0;
			assert( NOTREACHED );
			return( CRYPT_ERROR_RANDOM );
			}

		/* Postcondition: We produced output without running out of retries */
		POST( noRandomRetries < RANDOMPOOL_RETRIES );

		/* Save a short sample from the current output for future checks */
		PRE( randomInfo->prevOutputIndex >= 0 && \
				randomInfo->prevOutputIndex < RANDOMPOOL_SAMPLES );
		randomInfo->prevOutput[ randomInfo->prevOutputIndex ] = sample;
		randomInfo->x917PrevOutput[ randomInfo->prevOutputIndex++ ] = x917Sample;
		randomInfo->prevOutputIndex %= RANDOMPOOL_SAMPLES;

		/* Copy the transformed data to the output buffer, folding it in half
		   as we go to mask the original content */
		for( i = 0; i < outputBytes; i++ )
			bufPtr[ i ] = exportedRandomInfo.randomPool[ i ] ^ \
						  exportedRandomInfo.randomPool[ RANDOM_OUTPUTSIZE + i ];
		bufPtr += outputBytes;

		/* Postcondition: We're filling the output buffer, we wrote the
		   output to the correct portion of the output buffer, and we drew at
		   most half the transformed output from the export pool */
		POST( ( bufPtr > ( BYTE * ) buffer ) && \
			  ( bufPtr <= ( BYTE * ) buffer + length ) );
		POST( bufPtr == ORIGINAL_VALUE( bufPtr ) + outputBytes );
		POST( i <= RANDOMPOOL_SIZE / 2 );
		}

	/* Postcondition: We filled the output buffer with the required amount
	   of output */
	POST( bufPtr == ( BYTE * ) buffer + length );

	/* Check whether the process forked while we were generating output.  If
	   it did, force a complete remix of the pool and restart the output
	   generation process */
	if( checkForked() )
		{
		randomInfo->randomPoolMixes = 0;
		bufPtr = buffer;
		goto restartPoint;
		}

	/* Clean up */
	zeroise( &exportedRandomInfo, sizeof( RANDOM_INFO ) );

	/* Postcondition: Nulla vestigia retrorsum */
	FORALL( i, 0, RANDOMPOOL_ALLOCSIZE, \
			exportedRandomInfo.randomPool[ i ] == 0 );

	return( CRYPT_OK );
	}

/****************************************************************************
*																			*
*							Random Pool External Interface					*
*																			*
****************************************************************************/

/* Add random data to the random pool - this is due to be replaced by some
   sort of device control mechanism */

C_RET cryptAddRandom( C_IN void C_PTR randomData, C_IN int randomDataLength )
	{
	BYTE *randomDataPtr = ( BYTE * ) randomData;

	/* Perform basic error checking */
	if( randomData == NULL )
		{
		if( randomDataLength != CRYPT_RANDOM_FASTPOLL && \
			randomDataLength != CRYPT_RANDOM_SLOWPOLL )
			return( CRYPT_ERROR_PARAM1 );
		}
	else
		{
		if( randomDataLength <= 0 )
			return( CRYPT_ERROR_PARAM2 );
		if( checkBadPtrRead( randomData, randomDataLength ) )
			return( CRYPT_ERROR_PARAM1 );
		}

	/* If we're adding data to the pool, add it now and exit.  Since the data
	   is of unknown provenance (and empirical evidence indicates that it
	   won't be random at all) we give it a weight of zero for estimation
	   purposes */
	if( randomData != NULL )
		{
		RESOURCE_DATA msgData;

#ifndef NDEBUG	/* For debugging tests only */
{
int kludge = 100;
#ifndef __MAC__
printf( "Kludging randomness, file " __FILE__ ", line %d.\n", __LINE__ );
#endif /* __MAC__ */
krnlSendMessage( SYSTEM_OBJECT_HANDLE, RESOURCE_IMESSAGE_SETATTRIBUTE,
				 &kludge, CRYPT_IATTRIBUTE_RANDOM_QUALITY );
}
#endif /* NDEBUG */

		setResourceData( &msgData, randomDataPtr, randomDataLength );
		return( krnlSendMessage( SYSTEM_OBJECT_HANDLE,
								 RESOURCE_IMESSAGE_SETATTRIBUTE_S,
								 &msgData, CRYPT_IATTRIBUTE_RANDOM ) );
		}

	/* Perform either a fast or slow poll for random system data */
	if( randomDataLength == CRYPT_RANDOM_FASTPOLL )
		fastPoll();
	else
		slowPoll();

	return( CRYPT_OK );
	}

/****************************************************************************
*																			*
*							Device Capability Routines						*
*																			*
****************************************************************************/

/* The parameters of most encryption algorithms are traditionally specified
   in bits, so we define a shorter form of the bitsToBytes() macro to reduce
   the amount of blackspace */

#define bits(x)	bitsToBytes(x)

/* The loadIV() function is shared among all the built-in capabilities */

int loadIV( CRYPT_INFO *cryptInfoPtr, const void *iv, const int ivLength );

/* The functions used to implement the Blowfish encryption routines */

int blowfishSelfTest( void );
int blowfishInit( CRYPT_INFO *cryptInfo );
int blowfishEnd( CRYPT_INFO *cryptInfo );
int blowfishInitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int blowfishEncryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int blowfishDecryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int blowfishEncryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int blowfishDecryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int blowfishEncryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int blowfishDecryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int blowfishEncryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int blowfishDecryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );

/* The functions used to implement the CAST-128 encryption routines */

int castSelfTest( void );
int castInit( CRYPT_INFO *cryptInfo );
int castEnd( CRYPT_INFO *cryptInfo );
int castInitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int castEncryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int castDecryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int castEncryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int castDecryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int castEncryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int castDecryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int castEncryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int castDecryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );

/* The functions used to implement the DES encryption routines */

int desSelfTest( void );
int desInit( CRYPT_INFO *cryptInfo );
int desEnd( CRYPT_INFO *cryptInfo );
int desInitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int desEncryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int desDecryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int desEncryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int desDecryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int desEncryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int desDecryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int desEncryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int desDecryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );

/* The functions used to implement the triple DES encryption routines */

int des3SelfTest( void );
int des3Init( CRYPT_INFO *cryptInfo );
int des3End( CRYPT_INFO *cryptInfo );
int des3InitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int des3EncryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int des3DecryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int des3EncryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int des3DecryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int des3EncryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int des3DecryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int des3EncryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int des3DecryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );

/* The functions used to implement the IDEA encryption routines */

int ideaSelfTest( void );
int ideaInit( CRYPT_INFO *cryptInfo );
int ideaEnd( CRYPT_INFO *cryptInfo );
int ideaInitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int ideaEncryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int ideaDecryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int ideaEncryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int ideaDecryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int ideaEncryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int ideaDecryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int ideaEncryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int ideaDecryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );

/* The functions used to implement RC2 encryption routines */

int rc2SelfTest( void );
int rc2Init( CRYPT_INFO *cryptInfo );
int rc2End( CRYPT_INFO *cryptInfo );
int rc2InitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int rc2EncryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc2DecryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc2EncryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc2DecryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc2EncryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc2DecryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc2EncryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc2DecryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );

/* The functions used to implement the RC4 encryption routines */

int rc4SelfTest( void );
int rc4Init( CRYPT_INFO *cryptInfo );
int rc4End( CRYPT_INFO *cryptInfo );
int rc4InitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int rc4Encrypt( CRYPT_INFO *cryptInfo, void *buffer, int length );

/* The functions used to implement RC5 encryption routines */

int rc5SelfTest( void );
int rc5Init( CRYPT_INFO *cryptInfo );
int rc5End( CRYPT_INFO *cryptInfo );
int rc5InitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int rc5EncryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc5DecryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc5EncryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc5DecryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc5EncryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc5DecryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc5EncryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int rc5DecryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );

/* The functions used to implement the AES encryption routines */

int aesSelfTest( void );
int aesInit( CRYPT_INFO *cryptInfo );
int aesEnd( CRYPT_INFO *cryptInfo );
int aesInitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int aesEncryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int aesDecryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int aesEncryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int aesDecryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int aesEncryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int aesDecryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int aesEncryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int aesDecryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );

/* The functions used to implement the Skipjack encryption routines */

int skipjackSelfTest( void );
int skipjackInit( CRYPT_INFO *cryptInfo );
int skipjackEnd( CRYPT_INFO *cryptInfo );
int skipjackInitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int skipjackEncryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int skipjackDecryptECB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int skipjackEncryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int skipjackDecryptCBC( CRYPT_INFO *cryptInfo, void *buffer, int length );
int skipjackEncryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int skipjackDecryptCFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int skipjackEncryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );
int skipjackDecryptOFB( CRYPT_INFO *cryptInfo, void *buffer, int length );

/* The functions used to implement the Diffie-Hellman key exchange routines */

int dhSelfTest( void );
int dhInitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int dhGenerateKey( CRYPT_INFO *cryptInfo, const int keySizeBits );
int dhEncrypt( CRYPT_INFO *cryptInfo, void *buffer, int length );
int dhDecrypt( CRYPT_INFO *cryptInfo, void *buffer, int length );

/* The functions used to implement the DSA encryption routines */

int dsaSelfTest( void );
int dsaInitKey( CRYPT_INFO *cryptInfo, const void *key, const int keyLength );
int dsaGenerateKey( CRYPT_INFO *cryptInfo, const int keySizeBits );
int dsaSign( CRYPT_INFO *cryptInfo, void *buffer, int length );
int dsaSigCheck( CRYPT_INFO *cryptInfo, void *buffer, int length );