cryptacm.h

老外写的加密库cryptlib(版本3.1)

		( paramInfo( mechanismACL, 2 ).valueType == MECHPARAM_VALUE_UNUSED ) ? \
		TRUE : FALSE;

	/* Inner precondition: We have an ACL for this mechanism, and the non-
	   user-supplied parameters (the ones supplied by cryptlib that must
	   be OK) are in order */
	PRE( mechanismACL->type != MECHANISM_NONE );
	PRE( checkMechParamString( paramInfo( mechanismACL, 0 ),
							   mechanismInfo->wrappedData,
							   mechanismInfo->wrappedDataLength ) );
	PRE( checkMechParamString( paramInfo( mechanismACL, 1 ),
							   mechanismInfo->keyData,
							   mechanismInfo->keyDataLength ) );
	PRE( checkMechParamObject( paramInfo( mechanismACL, 4 ),
							   mechanismInfo->auxContext ) );

	/* Make sure the user-supplied parameters are in order, part 1: The
	   session key is a valid object of the correct type, and there's a key
	   loaded/not loaded as appropriate */
	if( !isRawMechanism )
		{
		if( !isValidObject( mechanismInfo->keyContext ) || \
			!isObjectAccessValid( mechanismInfo->keyContext, message ) || \
			!checkObjectOwnership( objectTable[ mechanismInfo->keyContext ] ) )
			return( CRYPT_ARGERROR_NUM1 );
		if( paramInfo( mechanismACL, 2 ).flags & ACL_FLAG_ROUTE_TO_CTX )
			{
			/* The key being wrapped may be accessed via an object such as a
			   certificate that isn't the required object type, in order to
			   perform the following check on it we have to first find the
			   ultimate target object */
			contextHandle = findTargetType( mechanismInfo->keyContext,
											OBJECT_TYPE_CONTEXT );
			if( cryptStatusError( contextHandle ) )
				return( CRYPT_ARGERROR_NUM1 );
			}
		else
			contextHandle = mechanismInfo->keyContext;
		if( !checkMechParamObject( paramInfo( mechanismACL, 2 ), contextHandle ) )
			return( CRYPT_ARGERROR_NUM1 );
		}
	else
		/* For raw wrap/unwrap mechanisms the data is supplied as string
		   data.  In theory this would be somewhat risky since it allows 
		   bypassing of object ownership checks, however these mechanisms 
		   are only accessed from deep within cryptlib (e.g. by the SSH and 
		   SSL/TLS session code, which needs to handle protocol-specific 
		   secret data in special ways) so there's no chance for problems 
		   since the contexts it ends up in are cryptlib-internal, 
		   automatically-created ones belonging to the owner of the session 
		   object */
		PRE( checkMechParamObject( paramInfo( mechanismACL, 2 ),
								   mechanismInfo->keyContext ) );

	/* Make sure the user-supplied parameters are in order, part 2: The
	   wrapping key is a valid object of the correct type with a key loaded */
	if( !isValidObject( mechanismInfo->wrapContext ) || \
		!isObjectAccessValid( mechanismInfo->wrapContext, message ) || \
		!checkObjectOwnership( objectTable[ mechanismInfo->wrapContext ] ) )
		return( CRYPT_ARGERROR_NUM2 );
	if( paramInfo( mechanismACL, 3 ).flags & ACL_FLAG_ROUTE_TO_CTX )
		{
		/* The wrapping key may be accessed via an object such as a
		   certificate that isn't the required object type, in order to
		   perform the following check on it we have to first find the
		   ultimate target object */
		contextHandle = findTargetType( mechanismInfo->wrapContext,
										OBJECT_TYPE_CONTEXT );
		if( cryptStatusError( contextHandle ) )
			return( CRYPT_ARGERROR_NUM2 );
		}
	else
		contextHandle = mechanismInfo->wrapContext;
	if( !checkMechParamObject( paramInfo( mechanismACL, 3 ), contextHandle ) )
		return( CRYPT_ARGERROR_NUM2 );

	/* Postcondition: The wrapping key and session key are of the appropriate
	   type, there are keys loaded/not loaded as appropriate, and the access
	   is valid.  We don't explicitly state this since it's just
	   regurgitating the checks already performed above */

	/* Make sure all the objects have the same owner */
	if( isRawMechanism )
		{
		if( !isSameOwningObject( objectHandle, mechanismInfo->wrapContext ) )
			return( CRYPT_ARGERROR_NUM2 );
		}
	else
		{
		if( !isSameOwningObject( objectHandle, mechanismInfo->keyContext ) )
			return( CRYPT_ARGERROR_NUM1 );
		if( !isSameOwningObject( mechanismInfo->keyContext,
								 mechanismInfo->wrapContext ) )
			return( CRYPT_ARGERROR_NUM2 );
		}

	/* Postcondition: All objects have the same owner */
	POST( ( isRawMechanism && \
			isSameOwningObject( objectHandle, mechanismInfo->wrapContext ) ) || \
		  ( !isRawMechanism && \
			isSameOwningObject( objectHandle, mechanismInfo->keyContext ) && \
			isSameOwningObject( mechanismInfo->keyContext, \
								mechanismInfo->wrapContext ) ) );

	return( CRYPT_OK );
	}

static int preDispatchCheckMechanismSignAccess( const int objectHandle,
												const MESSAGE_TYPE message,
												const void *messageDataPtr,
												const int messageValue,
												const void *dummy )
	{
	const MECHANISM_SIGN_INFO *mechanismInfo = \
				( MECHANISM_SIGN_INFO * ) messageDataPtr;
	const MECHANISM_ACL *mechanismACL = \
				( ( message & MESSAGE_MASK ) == MESSAGE_DEV_SIGN ) ? \
				mechanismSignACL : mechanismSigCheckACL;
	int contextHandle, i;

	/* Precondition */
	PRE( isValidObject( objectHandle ) );
	PRE( message == MESSAGE_DEV_SIGN || message == IMESSAGE_DEV_SIGN || \
		 message == MESSAGE_DEV_SIGCHECK || message == IMESSAGE_DEV_SIGCHECK );
	PRE( messageDataPtr != NULL );
	PRE( messageValue == MECHANISM_PKCS1 );

	/* Find the appropriate ACL for this mechanism */
	for( i = 0; mechanismACL[ i ].type != messageValue && \
				mechanismACL[ i ].type != MECHANISM_NONE; i++ );
	mechanismACL = &mechanismACL[ i ];

	/* Inner precondition: We have an ACL for this mechanism, and the non-
	   user-supplied parameters (the ones supplied by cryptlib that must
	   be OK) are in order */
	PRE( mechanismACL->type != MECHANISM_NONE );
	PRE( checkMechParamString( paramInfo( mechanismACL, 0 ),
							   mechanismInfo->signature,
							   mechanismInfo->signatureLength ) );

	/* Make sure the user-supplied parameters are in order, part 1: The
	   hash context is a valid object of the correct type */
	if( !isValidObject( mechanismInfo->hashContext ) || \
		!isObjectAccessValid( mechanismInfo->hashContext, message ) || \
		!checkObjectOwnership( objectTable[ mechanismInfo->hashContext ] ) )
		return( CRYPT_ARGERROR_NUM1 );
	if( !checkMechParamObject( paramInfo( mechanismACL, 1 ),
							   mechanismInfo->hashContext ) )
		return( CRYPT_ARGERROR_NUM1 );

	/* Make sure the user-supplied parameters are in order, part 2: The
	   sig/sig check context is a valid object of the correct type, and
	   there's a key loaded */
	if( !isValidObject( mechanismInfo->signContext ) || \
		!isObjectAccessValid( mechanismInfo->signContext, message ) || \
		!checkObjectOwnership( objectTable[ mechanismInfo->signContext ] ) )
		return( CRYPT_ARGERROR_NUM2 );
	if( paramInfo( mechanismACL, 2 ).flags & ACL_FLAG_ROUTE_TO_CTX )
		{
		/* The sig.check key may be accessed via an object such as a
		   certificate that isn't the required object type, in order to
		   perform the following check on it we have to first find the
		   ultimate target object */
		contextHandle = findTargetType( mechanismInfo->signContext,
										OBJECT_TYPE_CONTEXT );
		if( cryptStatusError( contextHandle ) )
			return( CRYPT_ARGERROR_NUM2 );
		}
	else
		contextHandle = mechanismInfo->signContext;
	if( !checkMechParamObject( paramInfo( mechanismACL, 2 ), contextHandle ) )
		return( CRYPT_ARGERROR_NUM2 );

	/* Postcondition: The hash and sig/sig check contexts are of the
	   appropriate type, there's a key loaded in the sig/sig check context,
	   and the access is valid.  We don't explicitly state this since it's
	   just regurgitating the checks already performed above */

	/* Make sure all the objects have the same owner */
	if( !isSameOwningObject( objectHandle, mechanismInfo->hashContext ) )
		return( CRYPT_ARGERROR_NUM1 );
	if( !isSameOwningObject( mechanismInfo->hashContext, \
							 mechanismInfo->signContext ) )
		return( CRYPT_ARGERROR_NUM2 );

	/* Postcondition: All the objects have the same owner */
	POST( isSameOwningObject( objectHandle, mechanismInfo->hashContext ) && \
		  isSameOwningObject( mechanismInfo->hashContext, \
							  mechanismInfo->signContext ) );

	return( CRYPT_OK );
	}

static int preDispatchCheckMechanismDeriveAccess( const int objectHandle,
												  const MESSAGE_TYPE message,
												  const void *messageDataPtr,
												  const int messageValue,
												  const void *dummy )
	{
	const MECHANISM_ACL *mechanismACL = mechanismDeriveACL;
	int i;
	TEMP_VAR( const MECHANISM_DERIVE_INFO *mechanismInfo = \
					( MECHANISM_DERIVE_INFO * ) messageDataPtr );

	/* Precondition */
	PRE( isValidObject( objectHandle ) );
	PRE( message == MESSAGE_DEV_DERIVE || message == IMESSAGE_DEV_DERIVE );
	PRE( messageDataPtr != NULL );
	PRE( messageValue == MECHANISM_PKCS5 || \
		 messageValue == MECHANISM_PKCS12 || \
		 messageValue == MECHANISM_SSL || \
		 messageValue == MECHANISM_TLS || \
		 messageValue == MECHANISM_CMP || \
		 messageValue == MECHANISM_PGP );

	/* Find the appropriate ACL for this mechanism */
	for( i = 0; mechanismACL[ i ].type != messageValue && \
				mechanismACL[ i ].type != MECHANISM_NONE; i++ );
	mechanismACL = &mechanismACL[ i ];

	/* Inner precondition: We have an ACL for this mechanism, and the non-
	   user-supplied parameters (the ones supplied by cryptlib that must
	   be OK) are in order */
	PRE( mechanismACL->type != MECHANISM_NONE );
	PRE( checkMechParamString( paramInfo( mechanismACL, 0 ),
							   mechanismInfo->dataOut,
							   mechanismInfo->dataOutLength ) );
	PRE( checkMechParamString( paramInfo( mechanismACL, 1 ),
							   mechanismInfo->dataIn,
							   mechanismInfo->dataInLength ) );
	PRE( checkMechParamNumeric( paramInfo( mechanismACL, 2 ),
								mechanismInfo->hashAlgo ) );
	PRE( checkMechParamString( paramInfo( mechanismACL, 3 ),
							   mechanismInfo->salt,
							   mechanismInfo->saltLength ) );
	PRE( checkMechParamNumeric( paramInfo( mechanismACL, 4 ),
								mechanismInfo->iterations ) );

	/* This is a pure data-transformation mechanism, there are no objects
	   used so there are no further checks to perform */

	return( CRYPT_OK );
	}
#endif /* _CRYPTACM_DEFINED */