📄 fipsmodule.h
字号:
/* Copyright 2003-2006, Voltage Security, all rights reserved.
*/
#if VOLT_BUILD == VOLT_BUILD_FIPS_STATIC || VOLT_BUILD == VOLT_BUILD_FIPS_SHARED
#include "vibecrypto.h"
#include "vibeserver.h"
#include "environment.h"
#include "base.h"
#include "libctx.h"
#include "keyobj.h"
#include "ictk.h"
#ifndef _FIPS_MODULE_H
#define _FIPS_MODULE_H
#ifdef __cplusplus
extern "C" {
#endif
/* A shared library handle is specific to each platform. For the
* toolkit, it is an opaque type. Each platform implementation of the
* shared library functions will know how to cast a VoltLibHandle into
* the appropriate type.
*/
typedef Pointer VoltLibHandle;
/** This is the MemoryImpl the FIPS module uses on windows. It will load a
* memory implementation that uses the GlobalAlloc, GlobalFree, etc.,
* routines offered by the Win32 Operating System. Furthermore, it will
* keep track of all the Malloc's and Free's so that when destroyed
* (during VtDestroyLibCtxFips or VtDestroyLibCtx), the Impl can check
* to see if there were any allocations for which there were no Free's.
* This implementation will also overwrite all memory before free'ing,
* there is no option to overwrite only sensitive data.
* <p>This MemoryImpl is slower and uses more memory than
* VtMemoryImplWin32.
* <p>The data associated with VtMemoryImplWin32Fips is a NULL pointer:
* (Pointer)0.
*/
VtMemoryImpl VtMemoryImplWin32Fips;
/** This is the MemoryImpl the FIPS module uses on Linux/Unix. It will load a
* memory implementation that uses the malloc, free, etc.
* routines offered by standard C interface. Furthermore, it will
* keep track of all the Malloc's and Free's so that when destroyed
* (during VtDestroyLibCtxFips or VtDestroyLibCtx), the Impl can check
* to see if there were any allocations for which there were no Free's.
* This implementation will also overwrite all memory before free'ing,
* there is no option to overwrite only sensitive data.
* <p>This MemoryImpl is slower and uses more memory than
* VtMemoryImplDefault.
* <p>The data associated with VtMemoryImplLinuxFips is a NULL pointer:
* (Pointer)0.
*/
VtMemoryImpl VtMemoryImplLinuxFips;
/*=========================================================*/
/* */
/* Startup self test functions */
/* */
/*=========================================================*/
/* Run the self-tests.
* <p>This function returns an error code along with a FIPS result. The
* return value is the "regular" error code such as memory error or
* invalid input length error, etc. The fipsResult argument is the
* address where the function will deposit a 0 meaning the FIPS test
* passed or a non-zero FIPS error.
* <p>It is possible to have a regular error (return value) of 0 and a
* FIPS error. The code worked, it did what it was supposed to do, it
* determined if a FIPS test passed or not.
* <p>If there is a regular error, the fipsResult will be an error, but
* the caller should handle the regular error.
* <p>The seed is likely to be the time of day, just something to get
* different random values each startup.
*/
int RunSelfTests (
VoltLibHandle libHandle,
unsigned char *seed,
unsigned int seedLen,
int *fipsResult
);
/* Perform the FIPS integrity check. This integrity check uses DSA. It
* expects to find a sig file in the same directory as the shared
* library. Inside the sig file is the public key and signature. Digest
* the shared library contents using SHA-1, then verify the signature
* using the key from the sig file.
* <p>This function returns an error code along with a FIPS result. The
* return value is the "regular" error code such as memory error or
* invalid input length error, etc. The fipsResult argument is the
* address where the function will deposit a 0 meaning the FIPS test
* passed or a non-zero FIPS error.
* <p>It is possible to have a regular error (return value) of 0 and a
* FIPS error. The code worked, it did what it was supposed to do, it
* determined if a FIPS test passed or not.
* <p>If there is a regular error, the fipsResult will be an error, but
* the caller should handle the regular error.
*/
int IntegrityCheckDsa (
VtLibCtx libraryCtx,
VoltLibHandle libHandle,
VtMpIntCtx mpCtx,
int *fipsResult
);
/* This is used to read the contents of a sig file (the file
* accompanying the shared library that contains that library's
* signature and public key).
* <p>Read the key data from the source buffer, set the data and len
* fields of the dest VtItem to point to the beginning of the data and
* the length of that data.
* <p>The source should begin with a byte indicating how many bytes
* make up the length, then the length bytes, then the data.
* <p>The caller passes the totalLength of the source buffer to make
* sure the routine does not read beyond the end.
* <p>The caller passes the offset into the source buffer where the
* routine is to begin reading.
* <p>The routine returns the number of bytes read.
* <p>If there is an error, the routine returns 0, no bytes read.
*
* @param source The buffer to read from.
* @param totalLen The total length, in bytes, of the buffer.
* @param offset The offset into the buffer where the routine will
* begin reading.
* @param dest The VtItem the routine will set with a pointer to the data
* and the length.
* @return an unsigned int, the number of bytes read.
*/
unsigned int VoltReadSigFileKeyData (
unsigned char *source,
unsigned int totalLen,
unsigned int offset,
VtItem *dest
);
/*=========================================================*/
/* */
/* Function pointer definitions */
/* */
/*=========================================================*/
/* The CreateLibCtx definition for FIPS.
* <p>When creating a FIPS libCtx (shared library, FIPS module),
* there's no choice on Memory or Thread.
* <p>Upon return, the localCtx will point to a VoltFipsLibCtx. If the
* underlying implementation wants more material, then it can create
* more, however, it must make sure that anyone can cast the localCtx
* to a pointer to VoltFipsLibCtx and it will find the appropriate
* material.
* <p>In addition, the function will allocate space for the libHandle
* field of the fipsCtx, if the caller requests it. That is, the caller
* passes in a number. The implementation will make sure the libHandle
* field points to that much space. If the caller passes in 0 for
* libHandleSpace, the implementation will leave the libHandle field
* NULL.
*
* @param libHandleSpace How much space the function should allocate
* for the libHandle field of the fipsCtx. This can be 0.
*/
typedef int VOLT_CALLING_CONV (*VFCreateLibCtxFips) VOLT_PROTO_LIST ((
unsigned int libHandleSpace,
VtLibCtx *libCtx
));
/* This is the DestroyLibCtx definition for the function list.
*/
typedef int VOLT_CALLING_CONV (*VFDestroyLibCtxFips) VOLT_PROTO_LIST ((
VtLibCtx *libCtx
));
/* This is the SetLibCtxParam definition for the function list.
*/
typedef int VOLT_CALLING_CONV (*VFSetLibCtxParam) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
VtLibCtxParam libCtxParam,
Pointer associatedInfo
));
/* This is the GetLibCtxParam definition for the function list.
*/
typedef int VOLT_CALLING_CONV (*VFGetLibCtxParam) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
VtLibCtxParam libCtxParam,
Pointer *getInfo
));
/* This is the GetFipsError definition for the function list.
*/
typedef int VOLT_CALLING_CONV (*VFGetFipsError) VOLT_PROTO_LIST ((
));
/* A function in vibefips (the partner static library) will call into
* vibecryptofips (the shared library) for its version of the function.
* <p>For example, if the toolkit has a function called VtSomething,
* there's a VtSomething in vibefips that simply obtains the
* VtSomething in vibecryptofips, then calls it. This function is how
* the vibefips version gets the vibecryptofips version.
* <p>This function begins by determining whether the module goes into
* Command Processing state or Limited Processing state. Once it
* determines which, it goes into that state. Once in the chosen state,
* the library will then be able to determine whether the operation
* requested is allowed to execute. If so, it will set the function
* pointer arg to the valid pointer. If not, it will set the arg to
* NULL and return an error.
* <p>All calls except CreateLibCtxFips, DestroyLibCtxFips, and
* GetFipsError start here.
* <p>The implementation will return a zero meaning continue with the
* operation (either there is no FIPS error, or there is a FIPS error,
* but this is a function that operates even if there is one), or a
* non-zero value meaining the module is in FIPS error and the
* operation requested is not allowed to execute when there is a FIPS
* error.
* <p>The callFlag indicates which function is requested. It is one of
* the VOLT_FIPS_FNCT_FLAGs.
*/
typedef int VOLT_CALLING_CONV (*VFProcessFunction) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
unsigned int flag,
VFnctPointer *theFunction
));
/* The VtGetVersionNumber definition for getting a function pointer.
*/
typedef int VOLT_CALLING_CONV (*VFGetVersionNumber) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
VtLibraryVersion whichLib,
int *versionNumber,
char **versionString
));
/* The VoltAddLibCtxInfo definition for getting a function pointer.
*/
typedef int VOLT_CALLING_CONV (*VFVoltAddLibCtxInfo) VOLT_PROTO_LIST ((
VoltLibCtx *libCtx,
unsigned int infoType,
int maxCount,
Pointer info,
VCtxDestroy InfoDestroy
));
/* The VoltGetLibCtxInfo definition for getting a function pointer.
*/
typedef Pointer VOLT_CALLING_CONV (*VFVoltGetLibCtxInfo) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
unsigned int infoType
));
/* The VoltGetLibCtxInfoStruct definition for getting a function pointer.
*/
typedef VoltLibCtxInfo VOLT_CALLING_CONV *(*VFVoltGetLibCtxInfoStruct) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
unsigned int infoType
));
/* The VtLibCtxParam definition for getting a function pointer.
*/
typedef int (*VFLibCtxParam) VOLT_PROTO_LIST ((
VtLibCtx libraryCtx,
Pointer info,
unsigned int flag
));
/* The VtMalloc definition for getting a function pointer.
*/
typedef int VOLT_CALLING_CONV (*VFMalloc) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
unsigned int size,
unsigned int flag,
Pointer *buffer
));
/* The VtRealloc definition for getting a function pointer.
*/
typedef int VOLT_CALLING_CONV (*VFRealloc) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
unsigned int size,
unsigned int flag,
Pointer *buffer
));
/* The VtFree definition for getting a function pointer.
*/
typedef void VOLT_CALLING_CONV (*VFFree) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
Pointer *buffer
));
/* The VtMemset definition for getting a function pointer.
*/
typedef int VOLT_CALLING_CONV (*VFMemset) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
Pointer buffer,
unsigned int value,
unsigned int count
));
/* The VtMemcpy definition for getting a function pointer.
*/
typedef int VOLT_CALLING_CONV (*VFMemcpy) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
Pointer dest,
Pointer source,
unsigned int count
));
/* The VtMemmove definition for getting a function pointer.
*/
typedef int VOLT_CALLING_CONV (*VFMemmove) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
Pointer dest,
Pointer source,
unsigned int count
));
/* The VtMemcmp definition for getting a function pointer.
*/
typedef int VOLT_CALLING_CONV (*VFMemcmp) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
Pointer buffer1,
Pointer buffer2,
unsigned int count,
int *cmpResult
));
/* The VoltCreateObject definition for getting a function pointer.
*/
typedef int VOLT_CALLING_CONV (*VFVoltCreateObject) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
VoltObject **voltObj,
unsigned int objectSize,
unsigned int objectType
));
/* The VoltDestroyObject definition for getting a function pointer.
*/
typedef void VOLT_CALLING_CONV (*VFVoltDestroyObject) VOLT_PROTO_LIST ((
VoltObject **voltObj
));
/* The VtCreateMpIntCtx definition for getting a function pointer.
*/
typedef int VOLT_CALLING_CONV (*VFCreateMpIntCtx) VOLT_PROTO_LIST ((
VtLibCtx libCtx,
VtMpIntImpl mpIntImpl,
Pointer associatedInfo,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -