dev_fort.c

老外写的加密库cryptlib(版本3.1)

/****************************************************************************
*																			*
*							cryptlib Fortezza Routines						*
*						Copyright Peter Gutmann 1998-2003					*
*																			*
****************************************************************************/

/* This file contains its own version of the various Fortezza definitions and
   values to avoid potential copyright problems with redistributing the
   Fortezza interface library header files, and because they were typed in
   from the (exportable) printed manuals rather than through access to any
   original code */

#include <stdlib.h>
#include <string.h>
#if defined( INC_ALL )
  #include "crypt.h"
  #include "device.h"
  #include "asn1_rw.h"
  #include "asn1s_rw.h"
  #include "context.h"
#elif defined( INC_CHILD )
  #include "../crypt.h"
  #include "device.h"
  #include "../misc/asn1_rw.h"
  #include "../misc/asn1s_rw.h"
  #include "../misc/context.h"
#else
  #include "crypt.h"
  #include "device/device.h"
  #include "misc/asn1_rw.h"
  #include "misc/asn1s_rw.h"
  #include "misc/context.h"
#endif /* Compiler-specific includes */

/* Uncomment the following to fake out writes to the card.  This makes 
   testing easier since it allows the code to be debugged without messing up 
   data stored on the card when the program is terminated halfway through an 
   update */

/*#define NO_UPDATE	/**/

/* Return codes */

#define CI_OK				0	/* OK */
#define CI_FAIL				1	/* Generic failure */
#define CI_INV_STATE		9	/* Device in invalid state for this fn.*/
#define CI_EXEC_FAIL		10	/* Command execution failed */
#define CI_NO_KEY			11	/* No key loaded */
#define CI_NO_IV			12	/* No IV loaded */
#define CI_NO_X				13	/* No DSA x value loaded */
#define CI_NO_CARD			-20	/* Card not present */
#define CI_BAD_CARD			-30	/* Invalid or malfunctioning card */
#define CI_BAD_TUPLES		-44	/* Bad information in card */

/* Constants */

#define CI_NULL_FLAG		0	/* No operation */

#define CI_PIN_SIZE			12	/* Maximum size of PIN */
#define CI_NAME_SIZE		32	/* Maximum size of name */
#define CI_CERT_SIZE		2048/* Maximum size of certificate */
#define CI_CERT_NAME_SIZE	32	/* Maximum size of cert label */

#define CI_SSO_PIN			37	/* SSO PIN */
#define CI_USER_PIN			42	/* User PIN */

#define CI_KEA_TYPE			5	/* KEA algorithm */
#define CI_DSA_TYPE			10	/* DSA algorithm */
#define CI_DSA_KEA_TYPE		15	/* DSA+KEA algorithm */

#define CI_INITIATOR_FLAG	0	/* Flag for KEA initiator */
#define CI_RECIPIENT_FLAG	1	/* Flag for KEA responder */

#define CI_ENCRYPT_TYPE		0	/* Cipher mode = encryption */
#define CI_DECRYPT_TYPE		1	/* Cipher mode = decryption */

#define CI_ECB64_MODE		0	/* Skipjack/ECB */
#define CI_CBC64_MODE		1	/* Skipjack/CBC */
#define CI_OFB64_MODE		2	/* Skipjack/OFB */
#define CI_CFB64_MODE		3	/* Skipjack/CFB */

#define CI_POWER_UP			0	/* Initialising card */
#define CI_UNINITIALIZED	1	/* Uninitialized/zeroized with z/PIN entered */
#define CI_INITIALIZED		2	/* Initialized card */
#define CI_SSO_INITIALIZED	3	/* SSO PIN loaded */
#define CI_LAW_INITIALIZED	4	/* LAW/CAW init'd (i.e. user certs loaded) */
#define CI_USER_INITIALIZED	5	/* User PIN loaded */
#define CI_STANDBY			6	/* Wait for personality to be set */
#define CI_READY			7	/* Ready for use */
#define CI_ZEROIZED			8	/* Zeroized */
#define CI_INTERNAL_FAILURE	-1	/* Bang */

/* Data types */

typedef BYTE *CI_DATA;				/* Pointer to plaintext/ciphertext */
typedef BYTE CI_PIN[ CI_PIN_SIZE + 4];	/* Longword-padded PIN */
typedef BYTE CI_CERT_STR[ CI_CERT_NAME_SIZE + 4 ];	/* Certificate label */
typedef BYTE CI_CERTIFICATE[ 2048 ];/* Certificate */
typedef BYTE CI_IV[ 24 ];			/* LEAF + IV */
typedef BYTE CI_P[ 128 ];			/* DSA p parameter */
typedef BYTE CI_Q[ 20 ];			/* DSA q parameter */
typedef BYTE CI_G[ 128 ];			/* DSA g paramter */
typedef BYTE CI_Y[ 128 ];			/* DSA y value */
typedef BYTE CI_HASHVALUE[ 20 ];	/* SHA-1 hash value */
typedef BYTE CI_SIGNATURE[ 40 ];	/* DSA signature value */
typedef BYTE CI_RA[ 128 ];			/* KSA Ra value */
typedef BYTE CI_RB[ 128 ];			/* KSA Rb value */
typedef BYTE CI_KEY[ 12 ];			/* KEA-wrapped Skipjack key */
typedef BYTE CI_RANDOM[ 20 ];		/* Random data */
typedef BYTE CI_RANDSEED[ 8 ];		/* Random seed value */
typedef BYTE CI_KS[ 10 ];			/* Storage key */
typedef BYTE CI_TIME[ 16 ];			/* Time value */
typedef unsigned int CI_STATE, *CI_STATE_PTR;	/* Device state */
typedef struct {
	int CertificateIndex;			/* Cert.number */
	CI_CERT_STR CertLabel;			/* Personality label */
	} CI_PERSON, *CI_PERSON_PTR;
typedef struct {
	int LibraryVersion;				/* CI lib.version */
	int ManufacturerVersion;		/* Hardware version */
	char ManufacturerName[ CI_NAME_SIZE + 4 ];	/* Manuf.name */
	char ProductName[ CI_NAME_SIZE + 4 ];	/* Product name */
	char ProcessorType[ CI_NAME_SIZE + 4 ];	/* CPU type */
	unsigned long UserRAMSize;		/* Bytes of user RAM */
	unsigned long LargestBlockSize;	/* Max.single data block size */
	int KeyRegisterCount;			/* Number of key registers */
	int CertificateCount;			/* Max.number of certificates */
	int CryptoCardFlag;				/* Card present if nonzero */
	int ICDVersion;					/* ICD compliance level */
	int ManufacturerSWVer;			/* Device's firmware version */
	int DriverVersion;				/* Device driver version */
	} CI_CONFIG, *CI_CONFIG_PTR;

/* Various constants not defined in the Fortezza driver code */

#define FORTEZZA_IVSIZE		24			/* Size of LEAF+IV */

#ifdef USE_FORTEZZA

/* Return a pointer to the n-th personality in a personality list */

#define getPersonality( fortezzaInfo, index ) \
		( &( ( ( CI_PERSON * ) fortezzaInfo->personalities )[ index ] ) )

/* Prototypes for functions in cryptcap.c */

const void FAR_BSS *findCapabilityInfo( const void FAR_BSS *capabilityInfoPtr,
										const CRYPT_ALGO_TYPE cryptAlgo );

/****************************************************************************
*																			*
*						 		Init/Shutdown Routines						*
*																			*
****************************************************************************/

/* The number of sockets present in the system */

static int noSockets;

/* Global function pointers.  These are necessary because the functions need
   to be dynamically linked since not all systems contain the necessary
   DLL's.  Explicitly linking to them will make cryptlib unloadable on most
   systems */

#define NULL_HINSTANCE	( HINSTANCE ) NULL

static HINSTANCE hFortezza = NULL_HINSTANCE;

typedef int ( *CI_CHANGEPIN )( int PINType, CI_PIN pOldPIN, CI_PIN pNewPIN );
typedef int ( *CI_CHECKPIN )( int PINType, CI_PIN pPIN );
typedef int ( *CI_CLOSE )( unsigned int Flags, int SocketIndex );
typedef int ( *CI_DECRYPT )( unsigned int CipherSize, CI_DATA pCipher,
							 CI_DATA pPlain );
typedef int ( *CI_DELETECERTIFICATE )( int CertificateIndex );
typedef int ( *CI_DELETEKEY )( int RegisterIndex );
typedef int ( *CI_ENCRYPT )( unsigned int PlainSize, CI_DATA pPlain,
							 CI_DATA pCipher );
typedef int ( *CI_GENERATEIV )( CI_IV pIV );
typedef int ( *CI_GENERATEMEK )( int RegisterIndex, int Reserved );
typedef int ( *CI_GENERATERA )( CI_RA pRa );
typedef int ( *CI_GENERATERANDOM )( CI_RANDOM pRandom );
typedef int ( *CI_GENERATETEK )( int Flags, int RegisterIndex, CI_RA Ra, 
								 CI_RB Rb, unsigned int YSize, CI_Y pY );
typedef int ( *CI_GENERATEX )( int CertificateIndex, int AlgorithmType,
							   unsigned int PAndGSize, unsigned int QSize,
							   CI_P pP, CI_Q pQ, CI_G pG, unsigned int YSize,
							   CI_Y pY );
typedef int ( *CI_GETCERTIFICATE )( int CertificateIndex, 
									CI_CERTIFICATE pCertificate );
typedef int ( *CI_GETCONFIGURATION )( CI_CONFIG_PTR pConfiguration );
typedef int ( *CI_GETPERSONALITYLIST )( int EntryCount, 
										CI_PERSON pPersonalityList[] );
typedef int ( *CI_GETSTATE )( CI_STATE_PTR pState );
typedef int ( *CI_GETTIME )( CI_TIME pTime );
typedef int ( *CI_INITIALIZE )( int *SocketCount );
typedef int ( *CI_LOADCERTIFICATE )( int CertificateIndex, CI_CERT_STR pLabel, 
									 CI_CERTIFICATE pCertificate, long Reserved );
typedef int ( *CI_LOADINITVALUES )( CI_RANDSEED pRandSeed, CI_KS pKs );
typedef int ( *CI_LOADIV )( CI_IV pIV );
typedef int ( *CI_LOCK )( int Flags );
typedef int ( *CI_OPEN )( unsigned int *Flags, int SocketIndex );
typedef int ( *CI_RESET )( void );
typedef int ( *CI_SETKEY )( int RegisterIndex );
typedef int ( *CI_SETMODE )( int CryptoType, int CryptoMode );
typedef int ( *CI_SETPERSONALITY )( int CertificateIndex );
typedef int ( *CI_SIGN )( CI_HASHVALUE pHashValue, CI_SIGNATURE pSignature );
typedef int ( *CI_TERMINATE )( void );
typedef int ( *CI_UNLOCK )( void );
typedef int ( *CI_UNWRAPKEY )( int UnwrapIndex, int KeyIndex, CI_KEY pKey );
typedef int ( *CI_VERIFYSIGNATURE )( CI_HASHVALUE pHashValue, unsigned int YSize,
									 CI_Y pY, CI_SIGNATURE pSignature );
typedef int ( *CI_WRAPKEY )( int WrapIndex, int KeyIndex, CI_KEY pKey );
typedef int ( *CI_ZEROIZE )( void );
static CI_CHANGEPIN pCI_ChangePIN = NULL;
static CI_CHECKPIN pCI_CheckPIN = NULL;
static CI_CLOSE pCI_Close = NULL;
static CI_DECRYPT pCI_Decrypt = NULL;
static CI_DELETECERTIFICATE pCI_DeleteCertificate = NULL;
static CI_DELETEKEY pCI_DeleteKey = NULL;
static CI_ENCRYPT pCI_Encrypt = NULL;
static CI_GENERATEIV pCI_GenerateIV = NULL;
static CI_GENERATEMEK pCI_GenerateMEK = NULL;
static CI_GENERATERA pCI_GenerateRa = NULL;
static CI_GENERATERANDOM pCI_GenerateRandom = NULL;
static CI_GENERATETEK pCI_GenerateTEK = NULL;
static CI_GENERATEX pCI_GenerateX = NULL;
static CI_GETCERTIFICATE pCI_GetCertificate = NULL;
static CI_GETCONFIGURATION pCI_GetConfiguration = NULL;
static CI_GETPERSONALITYLIST pCI_GetPersonalityList = NULL;
static CI_GETSTATE pCI_GetState = NULL;
static CI_GETTIME pCI_GetTime = NULL;
static CI_INITIALIZE pCI_Initialize = NULL;
static CI_LOADCERTIFICATE pCI_LoadCertificate = NULL;
static CI_LOADINITVALUES pCI_LoadInitValues = NULL;
static CI_LOADIV pCI_LoadIV = NULL;
static CI_LOCK pCI_Lock = NULL;
static CI_OPEN pCI_Open = NULL;
static CI_RESET pCI_Reset = NULL;
static CI_SETKEY pCI_SetKey = NULL;
static CI_SETMODE pCI_SetMode = NULL;
static CI_SETPERSONALITY pCI_SetPersonality = NULL;
static CI_SIGN pCI_Sign = NULL;
static CI_TERMINATE pCI_Terminate = NULL;
static CI_UNLOCK pCI_Unlock = NULL;
static CI_UNWRAPKEY pCI_UnwrapKey = NULL;
static CI_VERIFYSIGNATURE pCI_VerifySignature = NULL;
static CI_WRAPKEY pCI_WrapKey = NULL;
static CI_ZEROIZE pCI_Zeroize = NULL;

/* Depending on whether we're running under Win16 or Win32 we load the device
   driver under a different name */

#ifdef __WIN16__
  #define FORTEZZA_LIBNAME	"TSSP.DLL"
#else
  #define FORTEZZA_LIBNAME	"TSSP32.DLL"
#endif /* __WIN16__ */

/* Dynamically load and unload any necessary card drivers */

int deviceInitFortezza( void )
	{
	void initCapabilities( void );
#ifdef __WIN16__
	UINT errorMode;
#endif /* __WIN16__ */
	static BOOLEAN initCalled = FALSE;

	/* If we've previously tried to init the drivers, don't try it again */
	if( initCalled )
		return( CRYPT_OK );
	initCalled = TRUE;
	initCapabilities();

	/* Obtain a handle to the device driver module */
#ifdef __WIN16__
	errorMode = SetErrorMode( SEM_NOOPENFILEERRORBOX );
	hFortezza = LoadLibrary( FORTEZZA_LIBNAME );
	SetErrorMode( errorMode );
	if( hFortezza < HINSTANCE_ERROR )
		{
		hFortezza = NULL_HINSTANCE;
		return( CRYPT_ERROR );
		}
#else
	if( ( hFortezza = LoadLibrary( FORTEZZA_LIBNAME ) ) == NULL_HINSTANCE )
		return( CRYPT_ERROR );
#endif /* __WIN32__ */

	/* Now get pointers to the functions */
	pCI_ChangePIN = ( CI_CHANGEPIN ) GetProcAddress( hFortezza, "CI_ChangePIN" );
	pCI_CheckPIN = ( CI_CHECKPIN ) GetProcAddress( hFortezza, "CI_CheckPIN" );
	pCI_Close = ( CI_CLOSE ) GetProcAddress( hFortezza, "CI_Close" );
	pCI_Decrypt = ( CI_DECRYPT ) GetProcAddress( hFortezza, "CI_Decrypt" );
	pCI_DeleteCertificate = ( CI_DELETECERTIFICATE ) GetProcAddress( hFortezza, "CI_DeleteCertificate" );
	pCI_DeleteKey = ( CI_DELETEKEY ) GetProcAddress( hFortezza, "CI_DeleteKey" );
	pCI_Encrypt = ( CI_ENCRYPT ) GetProcAddress( hFortezza, "CI_Encrypt" );
	pCI_GenerateIV = ( CI_GENERATEIV ) GetProcAddress( hFortezza, "CI_GenerateIV" );
	pCI_GenerateMEK = ( CI_GENERATEMEK ) GetProcAddress( hFortezza, "CI_GenerateMEK" );
	pCI_GenerateRa = ( CI_GENERATERA ) GetProcAddress( hFortezza, "CI_GenerateRa" );
	pCI_GenerateRandom = ( CI_GENERATERANDOM ) GetProcAddress( hFortezza, "CI_GenerateRandom" );
	pCI_GenerateTEK = ( CI_GENERATETEK ) GetProcAddress( hFortezza, "CI_GenerateTEK" );
	pCI_GenerateX = ( CI_GENERATEX ) GetProcAddress( hFortezza, "CI_GenerateX" );
	pCI_GetCertificate = ( CI_GETCERTIFICATE ) GetProcAddress( hFortezza, "CI_GetCertificate" );
	pCI_GetConfiguration = ( CI_GETCONFIGURATION ) GetProcAddress( hFortezza, "CI_GetConfiguration" );
	pCI_GetPersonalityList = ( CI_GETPERSONALITYLIST ) GetProcAddress( hFortezza, "CI_GetPersonalityList" );
	pCI_GetState = ( CI_GETSTATE ) GetProcAddress( hFortezza, "CI_GetState" );
	pCI_GetTime = ( CI_GETTIME ) GetProcAddress( hFortezza, "CI_GetTime" );
	pCI_Initialize = ( CI_INITIALIZE ) GetProcAddress( hFortezza, "CI_Initialize" );
	pCI_LoadCertificate = ( CI_LOADCERTIFICATE ) GetProcAddress( hFortezza, "CI_LoadCertificate" );
	pCI_LoadInitValues = ( CI_LOADINITVALUES ) GetProcAddress( hFortezza, "CI_LoadInitValues" );
	pCI_LoadIV = ( CI_LOADIV ) GetProcAddress( hFortezza, "CI_LoadIV" );
	pCI_Lock = ( CI_LOCK ) GetProcAddress( hFortezza, "CI_Lock" );
	pCI_Open = ( CI_OPEN ) GetProcAddress( hFortezza, "CI_Open" );
	pCI_Reset = ( CI_RESET ) GetProcAddress( hFortezza, "CI_Reset" );
	pCI_SetKey = ( CI_SETKEY ) GetProcAddress( hFortezza, "CI_SetKey" );
	pCI_SetMode = ( CI_SETMODE ) GetProcAddress( hFortezza, "CI_SetMode" );
	pCI_SetPersonality = ( CI_SETPERSONALITY ) GetProcAddress( hFortezza, "CI_SetPersonality" );
	pCI_Sign = ( CI_SIGN ) GetProcAddress( hFortezza, "CI_Sign" );
	pCI_Terminate = ( CI_TERMINATE ) GetProcAddress( hFortezza, "CI_Terminate" );
	pCI_Unlock = ( CI_UNLOCK ) GetProcAddress( hFortezza, "CI_Unlock" );
	pCI_UnwrapKey = ( CI_UNWRAPKEY ) GetProcAddress( hFortezza, "CI_UnwrapKey" );
	pCI_VerifySignature = ( CI_VERIFYSIGNATURE ) GetProcAddress( hFortezza, "CI_VerifySignature" );
	pCI_WrapKey = ( CI_WRAPKEY ) GetProcAddress( hFortezza, "CI_WrapKey" );
	pCI_Zeroize = ( CI_ZEROIZE ) GetProcAddress( hFortezza, "CI_Zeroize" );

	/* Make sure that we got valid pointers for every device function */
	if( pCI_ChangePIN == NULL || pCI_CheckPIN == NULL || pCI_Close == NULL ||
		pCI_Decrypt == NULL || pCI_DeleteCertificate == NULL || 
		pCI_DeleteKey == NULL || pCI_Encrypt == NULL || 
		pCI_GenerateIV == NULL || pCI_GenerateMEK == NULL || 
		pCI_GenerateRa == NULL || pCI_GenerateRandom == NULL || 
		pCI_GenerateTEK == NULL || pCI_GenerateX == NULL || 
		pCI_GetCertificate == NULL || pCI_GetConfiguration == NULL || 
		pCI_GetPersonalityList == NULL || pCI_GetState == NULL || 
		pCI_GetTime == NULL || pCI_Initialize == NULL || 
		pCI_LoadCertificate == NULL || pCI_LoadInitValues == NULL || 
		pCI_LoadIV == NULL || pCI_Lock == NULL || pCI_Open == NULL || 
		pCI_Reset == NULL || pCI_SetKey == NULL || pCI_SetMode == NULL ||