dev_sys.c

老外写的加密库cryptlib(版本3.1)

			const int bytesToCopy = min( nonceLength, hashSize );

			/* Hash the state and copy the appropriate amount of data to the 
			   output buffer */
			hashFunction( NULL, nonceData, nonceData, hashSize + 8, 
						  HASH_ALL );
			memcpy( noncePtr, nonceData, bytesToCopy );

			/* Move on to the next block of the output buffer */
			noncePtr += bytesToCopy;
			nonceLength -= bytesToCopy;
			}

		return( CRYPT_OK );
		}

	/* Handle algorithm self-test */
	if( type == CRYPT_IATTRIBUTE_SELFTEST )
		{
		const CAPABILITY_INFO *capabilityInfoPtr = deviceInfo->capabilityInfo;

		while( capabilityInfoPtr != NULL )
			{
			const CRYPT_ALGO_TYPE cryptAlgo = capabilityInfoPtr->cryptAlgo;
			int status;

			assert( capabilityInfoPtr->selfTestFunction != NULL );

			/* Perform the self-test for this algorithm type and skip to the
			   next algorithm */
			status = capabilityInfoPtr->selfTestFunction();
			if( cryptStatusError( status ) )
				return( status );
			while( capabilityInfoPtr != NULL && \
				   capabilityInfoPtr->cryptAlgo == cryptAlgo )
				capabilityInfoPtr = capabilityInfoPtr->next;
			}

		return( CRYPT_OK );
		}

	/* Handle high-reliability time */
	if( type == CRYPT_IATTRIBUTE_TIME )
		{
		time_t *timePtr = ( time_t * ) data;

		*timePtr = getTime();
		return( CRYPT_OK );
		}

	assert( NOTREACHED );
	return( CRYPT_ERROR );	/* Get rid of compiler warning */
	}

/****************************************************************************
*																			*
*							Random Pool External Interface					*
*																			*
****************************************************************************/

/* Add random data to the random pool.  This should eventually be replaced 
   by some sort of device control mechanism, the problem with doing this is
   that it's handled by the system device which isn't visible to the user */

C_RET cryptAddRandom( C_IN void C_PTR randomData, C_IN int randomDataLength )
	{
	/* Perform basic error checking */
	if( randomData == NULL )
		{
		if( randomDataLength != CRYPT_RANDOM_FASTPOLL && \
			randomDataLength != CRYPT_RANDOM_SLOWPOLL )
			return( CRYPT_ERROR_PARAM1 );
		}
	else
		{
		if( randomDataLength <= 0 || randomDataLength > MAX_INTLENGTH )
			return( CRYPT_ERROR_PARAM2 );
		if( checkBadPtrRead( randomData, randomDataLength ) )
			return( CRYPT_ERROR_PARAM1 );
		}

	/* If we're adding data to the pool, add it now and exit.  Since the data
	   is of unknown provenance (and empirical evidence indicates that it
	   won't be very random) we give it a weight of zero for estimation 
	   purposes */
	if( randomData != NULL )
		{
		RESOURCE_DATA msgData;

#ifndef NDEBUG	/* For debugging tests only */
if( randomDataLength == 5 && !memcmp( randomData, "xyzzy", 5 ) )
{
BYTE buffer[ 256 ];
int kludge = 100;
#ifndef __MAC__
printf( "Kludging randomness, file " __FILE__ ", line %d.\n", __LINE__ );
#endif /* __MAC__ */
memset( buffer, '*', 256 );
setMessageData( &msgData, buffer, 256 );
krnlSendMessage( SYSTEM_OBJECT_HANDLE, IMESSAGE_SETATTRIBUTE_S, 
				 &msgData, CRYPT_IATTRIBUTE_ENTROPY );
krnlSendMessage( SYSTEM_OBJECT_HANDLE, IMESSAGE_SETATTRIBUTE,
				 &kludge, CRYPT_IATTRIBUTE_ENTROPY_QUALITY );
}
#endif /* NDEBUG */

		setMessageData( &msgData, ( void * ) randomData, randomDataLength );
		return( krnlSendMessage( SYSTEM_OBJECT_HANDLE,
								 IMESSAGE_SETATTRIBUTE_S, &msgData, 
								 CRYPT_IATTRIBUTE_ENTROPY ) );
		}

	/* Perform either a fast or slow poll for random system data */
	if( randomDataLength == CRYPT_RANDOM_FASTPOLL )
		fastPoll();
	else
		slowPoll();

	return( CRYPT_OK );
	}

/****************************************************************************
*																			*
*							Device Capability Routines						*
*																			*
****************************************************************************/

/* The cryptlib intrinsic capability list */

static CAPABILITY_INFO FAR_BSS capabilities[] = {
	/* The DES capabilities */
	{ CRYPT_ALGO_DES, bits( 64 ), "DES",
		bits( 40 ), bits( 64 ), bits( 64 ),
		desSelfTest, desGetInfo, NULL, initKeyParams, desInitKey, NULL,
		desEncryptECB, desDecryptECB, desEncryptCBC, desDecryptCBC,
		desEncryptCFB, desDecryptCFB, desEncryptOFB, desDecryptOFB },

	/* The triple DES capabilities.  Unlike the other algorithms, the minimum
	   key size here is 64 + 8 bits (nominally 56 + 1 bits) because using a
	   key any shorter is (a) no better than single DES, and (b) will result
	   in a key load error since the second key will be an all-zero weak
	   key.  We also give the default key size as 192 bits instead of 128 to
	   make sure that anyone using a key of the default size ends up with
	   three-key 3DES rather than two-key 3DES */
	{ CRYPT_ALGO_3DES, bits( 64 ), "3DES",
		bits( 64 + 8 ), bits( 192 ), bits( 192 ),
		des3SelfTest, des3GetInfo, NULL, initKeyParams, des3InitKey, NULL,
		des3EncryptECB, des3DecryptECB, des3EncryptCBC, des3DecryptCBC,
		des3EncryptCFB, des3DecryptCFB, des3EncryptOFB, des3DecryptOFB },

#ifdef USE_IDEA
	/* The IDEA capabilities */
	{ CRYPT_ALGO_IDEA, bits( 64 ), "IDEA",
		bits( 40 ), bits( 128 ), bits( 128 ),
		ideaSelfTest, ideaGetInfo, NULL, initKeyParams, ideaInitKey, NULL,
		ideaEncryptECB, ideaDecryptECB, ideaEncryptCBC, ideaDecryptCBC,
		ideaEncryptCFB, ideaDecryptCFB, ideaEncryptOFB, ideaDecryptOFB },
#endif /* USE_IDEA */

#ifdef USE_CAST
	/* The CAST-128 capabilities */
	{ CRYPT_ALGO_CAST, bits( 64 ), "CAST-128",
		bits( 40 ), bits( 128 ), bits( 128 ),
		castSelfTest, castGetInfo, NULL, initKeyParams, castInitKey, NULL,
		castEncryptECB, castDecryptECB, castEncryptCBC, castDecryptCBC,
		castEncryptCFB, castDecryptCFB, castEncryptOFB, castDecryptOFB },
#endif /* USE_CAST */

#ifdef USE_RC2
	/* The RC2 capabilities */
	{ CRYPT_ALGO_RC2, bits( 64 ), "RC2",
		bits( 40 ), bits( 128 ), bits( 1024 ),
		rc2SelfTest, rc2GetInfo, NULL, initKeyParams, rc2InitKey, NULL,
		rc2EncryptECB, rc2DecryptECB, rc2EncryptCBC, rc2DecryptCBC,
		rc2EncryptCFB, rc2DecryptCFB, rc2EncryptOFB, rc2DecryptOFB },
#endif /* USE_RC2 */

#ifdef USE_RC4
	/* The RC4 capabilities */
	{ CRYPT_ALGO_RC4, bits( 8 ), "RC4",
		bits( 40 ), bits( 128 ), 256,
		rc4SelfTest, rc4GetInfo, NULL, initKeyParams, rc4InitKey, NULL,
		NULL, NULL, NULL, NULL, NULL, NULL, rc4Encrypt, rc4Encrypt },
#endif /* USE_RC4 */

#ifdef USE_RC5
	/* The RC5 capabilities */
	{ CRYPT_ALGO_RC5, bits( 64 ), "RC5",
		bits( 40 ), bits( 128 ), bits( 832 ),
		rc5SelfTest, rc5GetInfo, NULL, initKeyParams, rc5InitKey, NULL,
		rc5EncryptECB, rc5DecryptECB, rc5EncryptCBC, rc5DecryptCBC,
		rc5EncryptCFB, rc5DecryptCFB, rc5EncryptOFB, rc5DecryptOFB },
#endif /* USE_RC5 */

	/* The AES capabilities */
	{ CRYPT_ALGO_AES, bits( 128 ), "AES",
		bits( 128 ), bits( 128 ), bits( 256 ),
		aesSelfTest, aesGetInfo, NULL, initKeyParams, aesInitKey, NULL,
		aesEncryptECB, aesDecryptECB, aesEncryptCBC, aesDecryptCBC,
		aesEncryptCFB, aesDecryptCFB, aesEncryptOFB, aesDecryptOFB },

	/* The Blowfish capabilities */
	{ CRYPT_ALGO_BLOWFISH, bits( 64 ), "Blowfish",
		bits( 40 ), bits( 128 ), bits( 448 ),
		blowfishSelfTest, blowfishGetInfo, NULL, initKeyParams, blowfishInitKey, NULL,
		blowfishEncryptECB, blowfishDecryptECB, blowfishEncryptCBC, blowfishDecryptCBC,
		blowfishEncryptCFB, blowfishDecryptCFB, blowfishEncryptOFB, blowfishDecryptOFB },

#ifdef USE_SKIPJACK
	/* The Skipjack capabilities */
	{ CRYPT_ALGO_SKIPJACK, bits( 64 ), "Skipjack",
		bits( 80 ), bits( 80 ), bits( 80 ),
		skipjackSelfTest, skipjackGetInfo, NULL, initKeyParams, skipjackInitKey, NULL,
		skipjackEncryptECB, skipjackDecryptECB, skipjackEncryptCBC, skipjackDecryptCBC,
		skipjackEncryptCFB, skipjackDecryptCFB, skipjackEncryptOFB, skipjackDecryptOFB },
#endif /* USE_SKIPJACK */

#ifdef USE_MD2
	/* The MD2 capabilities */
	{ CRYPT_ALGO_MD2, bits( 128 ), "MD2",
		bits( 0 ), bits( 0 ), bits( 0 ),
		md2SelfTest, md2GetInfo, NULL, NULL, NULL, NULL, md2Hash, md2Hash },
#endif /* USE_MD2 */

#ifdef USE_MD4
	/* The MD4 capabilities */
	{ CRYPT_ALGO_MD4, bits( 128 ), "MD4",
		bits( 0 ), bits( 0 ), bits( 0 ),
		md4SelfTest, md4GetInfo, NULL, NULL, NULL, NULL, md4Hash, md4Hash },
#endif /* USE_MD4 */

	/* The MD5 capabilities */
	{ CRYPT_ALGO_MD5, bits( 128 ), "MD5",
		bits( 0 ), bits( 0 ), bits( 0 ),
		md5SelfTest, md5GetInfo, NULL, NULL, NULL, NULL, md5Hash, md5Hash },

	/* The SHA1 capabilities */
	{ CRYPT_ALGO_SHA, bits( 160 ), "SHA",
		bits( 0 ), bits( 0 ), bits( 0 ),
		shaSelfTest, shaGetInfo, NULL, NULL, NULL, NULL, shaHash, shaHash },

#ifdef USE_RIPEMD160
	/* The RIPEMD-160 capabilities */
	{ CRYPT_ALGO_RIPEMD160, bits( 160 ), "RIPEMD-160",
		bits( 0 ), bits( 0 ), bits( 0 ),
		ripemd160SelfTest, ripemd160GetInfo, NULL, NULL, NULL, NULL,
		ripemd160Hash, ripemd160Hash },
#endif /* USE_RIPEMD160 */

#ifdef USE_SHA2
	/* The SHA2 capabilities */
	{ CRYPT_ALGO_SHA2, bits( 256 ), "SHA2",
		bits( 0 ), bits( 0 ), bits( 0 ),
		sha2SelfTest, sha2GetInfo, NULL, NULL, NULL, NULL, sha2Hash, sha2Hash },
#endif /* USE_SHA2 */

#ifdef USE_HMAC_MD5
	/* The HMAC-MD5 capabilities */
	{ CRYPT_ALGO_HMAC_MD5, bits( 128 ), "HMAC-MD5",
		bits( 40 ), bits( 128 ), CRYPT_MAX_KEYSIZE,
		hmacMD5SelfTest, hmacMD5GetInfo, NULL, NULL, hmacMD5InitKey,
		NULL, hmacMD5Hash, hmacMD5Hash },
#endif /* USE_HMAC_MD5 */

	/* The HMAC-SHA capabilities */
	{ CRYPT_ALGO_HMAC_SHA, bits( 160 ), "HMAC-SHA",
		bits( 40 ), bits( 128 ), CRYPT_MAX_KEYSIZE,
		hmacSHASelfTest, hmacSHAGetInfo, NULL, NULL, hmacSHAInitKey,
		NULL, hmacSHAHash, hmacSHAHash },

#ifdef USE_HMAC_RIPEMD160
	/* The HMAC-RIPEMD160 capabilities */
	{ CRYPT_ALGO_HMAC_RIPEMD160, bits( 160 ), "HMAC-RIPEMD160",
		bits( 40 ), bits( 128 ), CRYPT_MAX_KEYSIZE,
		hmacRIPEMD160SelfTest, hmacRIPEMD160GetInfo, NULL, NULL, hmacRIPEMD160InitKey,
		NULL, hmacRIPEMD160Hash, hmacRIPEMD160Hash },
#endif /* USE_HMAC_RIPEMD160 */

	/* The Diffie-Hellman capabilities */
	{ CRYPT_ALGO_DH, bits( 0 ), "Diffie-Hellman",
		bits( 512 ), bits( 1024 ), CRYPT_MAX_PKCSIZE,
		dhSelfTest, getInfo, NULL, NULL, dhInitKey, dhGenerateKey,
		dhEncrypt, dhDecrypt },

	/* The RSA capabilities */
	{ CRYPT_ALGO_RSA, bits( 0 ), "RSA",
		bits( 512 ), bits( 1024 ), CRYPT_MAX_PKCSIZE,
		rsaSelfTest, getInfo, NULL, NULL, rsaInitKey, rsaGenerateKey,
		rsaEncrypt, rsaDecrypt, NULL, NULL, NULL, NULL, NULL, NULL,
		rsaDecrypt, rsaEncrypt },

	/* The DSA capabilities */
	{ CRYPT_ALGO_DSA, bits( 0 ), "DSA",
		bits( 512 ), bits( 1024 ), CRYPT_MAX_PKCSIZE,
		dsaSelfTest, getInfo, NULL, NULL, dsaInitKey, dsaGenerateKey,
		NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
		dsaSign, dsaSigCheck },

#ifdef USE_ELGAMAL
	/* The ElGamal capabilities */
	{ CRYPT_ALGO_ELGAMAL, bits( 0 ), "Elgamal",
		bits( 512 ), bits( 1024 ), CRYPT_MAX_PKCSIZE,
		elgamalSelfTest, getInfo, NULL, NULL, elgamalInitKey, elgamalGenerateKey,
		elgamalEncrypt, elgamalDecrypt, NULL, NULL, NULL, NULL, NULL, NULL,
		NULL, NULL },
#endif /* USE_ELGAMAL */

	/* Vendors may want to use their own algorithms which aren't part of the
	   general cryptlib suite.  The following provides the ability to include
	   vendor-specific algorithm capabilities defined in the file
	   vendalgo.c */
#ifdef USE_VENDOR_ALGOS
	#include "vendalgo.c"
#endif /* USE_VENDOR_ALGOS */

	/* The end-of-list marker.  This value isn't linked into the
	   capabilities list when we call initCapabilities() */
	{ CRYPT_ALGO_NONE }
	};

/* Initialise the capability info */

static void initCapabilities( void )
	{
	CAPABILITY_INFO *prevCapabilityInfoPtr = NULL;
	int i;

	/* Perform a consistency check on the encryption mode values, which
	   are used to index a table of per-mode function pointers */
	assert( CRYPT_MODE_CBC == CRYPT_MODE_ECB + 1 && \
			CRYPT_MODE_CFB == CRYPT_MODE_CBC + 1 && \
			CRYPT_MODE_OFB == CRYPT_MODE_CFB + 1 && \
			CRYPT_MODE_LAST == CRYPT_MODE_OFB + 1 );

	for( i = 0; capabilities[ i ].cryptAlgo != CRYPT_ALGO_NONE; i++ )
		{