cryptusr.c

cryptlib安全工具包

/****************************************************************************
*																			*
*							cryptlib User Routines							*
*						Copyright Peter Gutmann 1999-2007					*
*																			*
****************************************************************************/

/* cryptlib's role-based access control mechanisms are present only for
   forwards-compatibility with future cryptlib versions that will include
   role-based access control if there's user demand for it.  The following
   code implements basic user management routines, but the full role-based
   access control functionality isn't present.  Some of the code related to
   this is therefore present only in template form */

#include <stdio.h>		/* For sprintf_s() */
#include "crypt.h"
#ifdef INC_ALL
  #include "trustmgr.h"
  #include "user.h"
#else
  #include "cert/trustmgr.h"
  #include "misc/user.h"
#endif /* Compiler-specific includes */

/* Default user info.  The default user is a special type that has both 
   normal user and SO privileges.  This is because in its usual usage mode 
   where cryptlib is functioning as a single-user system the user doesn't 
   know about the existence of user objects and just wants everything to 
   work the way that they expect.  Because of this the default user has to 
   be able to perform the full range of available operations, requiring that 
   they appear as both a normal user and an SO.

   For now the default user is marked as an SO user because the kernel checks
   don't allow dual-type objects and some operations require that the user be
   at least an SO user, once a distinction is made between SOs and users this
   will need to be fixed */

static const USER_FILE_INFO FAR_BSS defaultUserInfo = {
#if 0	/* 18/05/02 Disabled since ACL checks are messed up by the existence
		   of dual-user roles */
	CRYPT_USER_NONE,				/* Special-case SO+normal user */
#else
	CRYPT_USER_SO,					/* Special-case SO user */
#endif /* 0 */
	USER_STATE_USERINITED,			/* Initialised, ready for use */
	"Default cryptlib user", 21,	/* Pre-set user name */
	"<<<<DEFAULT_USER>>>>", "<<<<DEFAULT_USER>>>>",
	CRYPT_UNUSED					/* No corresponding user file */
	};

/****************************************************************************
*																			*
*								Utility Functions							*
*																			*
****************************************************************************/

/* Process user-object-specific messages */

CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
static int processUserManagement( INOUT USER_INFO *userInfoPtr, 
								  STDC_UNUSED void *userMgtInfo, 
								  IN_ENUM( MESSAGE_USERMGMT ) \
									const MESSAGE_USERMGMT_TYPE userMgtType )
	{
	assert( isWritePtr( userInfoPtr, sizeof( USER_INFO ) ) );
	
	REQUIRES( userMgtType > MESSAGE_USERMGMT_NONE && \
			  userMgtType < MESSAGE_USERMGMT_LAST );

	switch( userMgtType )
		{
		case MESSAGE_USERMGMT_ZEROISE:
			userInfoPtr->flags |= USER_FLAG_ZEROISE;
			return( CRYPT_OK );
		}

	retIntError();
	}

CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
static int processTrustManagement( INOUT USER_INFO *userInfoPtr, 
								   INOUT_HANDLE CRYPT_HANDLE *iCertificate, 
								   IN_ENUM( MESSAGE_TRUSTMGMT ) \
									const MESSAGE_TRUSTMGMT_TYPE trustMgtType )
	{
	int status;

	assert( isWritePtr( userInfoPtr, sizeof( USER_INFO ) ) );
	assert( isWritePtr( iCertificate, sizeof( CRYPT_HANDLE ) ) );

	REQUIRES( trustMgtType > MESSAGE_TRUSTMGMT_NONE && \
			  trustMgtType < MESSAGE_TRUSTMGMT_LAST );

	switch( trustMgtType )
		{
		case MESSAGE_TRUSTMGMT_ADD:
			/* Add the cert to the trust info */
			status = addTrustEntry( userInfoPtr->trustInfoPtr, 
									*iCertificate, NULL, 0, TRUE );
			if( cryptStatusError( status ) )
				return( status );
			userInfoPtr->trustInfoChanged = TRUE;
			return( setOption( userInfoPtr->configOptions,
							   CRYPT_OPTION_CONFIGCHANGED, TRUE ) );

		case MESSAGE_TRUSTMGMT_DELETE:
			{
			void *entryToDelete;

			/* Find the entry to delete and remove it */
			if( ( entryToDelete = findTrustEntry( userInfoPtr->trustInfoPtr,
												  *iCertificate, FALSE ) ) == NULL )
				return( CRYPT_ERROR_NOTFOUND );
			deleteTrustEntry( userInfoPtr->trustInfoPtr, entryToDelete );
			userInfoPtr->trustInfoChanged = TRUE;
			return( setOption( userInfoPtr->configOptions,
							   CRYPT_OPTION_CONFIGCHANGED, TRUE ) );
			}

		case MESSAGE_TRUSTMGMT_CHECK:
			/* Check whether the cert is present in the trusted certs
			   collection */
			return( ( findTrustEntry( userInfoPtr->trustInfoPtr, 
									  *iCertificate, FALSE ) != NULL ) ? \
					CRYPT_OK : CRYPT_ERROR_INVALID );

		case MESSAGE_TRUSTMGMT_GETISSUER:
			{
			void *trustedIssuerInfo;
			int trustedCert;

			/* Get the trusted issuer of this certificate */
			trustedIssuerInfo = findTrustEntry( userInfoPtr->trustInfoPtr,
												*iCertificate, TRUE );
			if( trustedIssuerInfo == NULL )
				return( CRYPT_ERROR_NOTFOUND );

			/* Get the issuer cert and return it to the caller */
			trustedCert = getTrustedCert( trustedIssuerInfo );
			if( cryptStatusError( trustedCert ) )
				return( trustedCert );
			ENSURES( trustedCert != *iCertificate );
			*iCertificate = trustedCert;

			return( CRYPT_OK );
			}
		}

	retIntError();
	}

/****************************************************************************
*																			*
*							General User Object Functions					*
*																			*
****************************************************************************/

/* Handle a message sent to a user object */

CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
static int userMessageFunction( INOUT TYPECAST( USER_INFO * ) \
									void *objectInfoPtr,
								IN_MESSAGE const MESSAGE_TYPE message,
								void *messageDataPtr, 
								IN_INT_Z const int messageValue )
	{
	USER_INFO *userInfoPtr = ( USER_INFO * ) objectInfoPtr;

	assert( isWritePtr( objectInfoPtr, sizeof( USER_INFO ) ) );

	REQUIRES( message > MESSAGE_NONE && message < MESSAGE_LAST );
	REQUIRES( messageValue >= 0 && messageValue < MAX_INTLENGTH );

	/* Process destroy object messages */
	if( message == MESSAGE_DESTROY )
		{
		/* Clean up any user-related crypto objects if necessary */
		if( userInfoPtr->iCryptContext != CRYPT_ERROR )
			krnlSendNotifier( userInfoPtr->iCryptContext,
							  IMESSAGE_DECREFCOUNT );
		if( userInfoPtr->iKeyset != CRYPT_ERROR )
			krnlSendNotifier( userInfoPtr->iKeyset, IMESSAGE_DECREFCOUNT );

		/* If we're doing a zeroise, clear any persistent user data.  It's a
		   bit unclear what to do in case of an error at this point since 
		   we're in the middle of a shutdown anyway.  We can't really cancel
		   the shutdown because the zeroise fails (what do you do if there's
		   an exception in the exception handler?) so we just have to 
		   continue and ignore the failure */
		if( userInfoPtr->flags & USER_FLAG_ZEROISE )
			( void ) zeroiseUsers( userInfoPtr );

		/* Clean up the trust info and config options */
		if( userInfoPtr->trustInfoPtr != NULL )
			endTrustInfo( userInfoPtr->trustInfoPtr );
		if( userInfoPtr->configOptions != NULL )
			endOptions( userInfoPtr->configOptions );
		if( userInfoPtr->userIndexPtr != NULL )
			endUserIndex( userInfoPtr->userIndexPtr );

		return( CRYPT_OK );
		}

	/* If we're doing a zeroise, don't process any further messages except a 
	   destroy */
	if( userInfoPtr->flags & USER_FLAG_ZEROISE )
		return( CRYPT_ERROR_PERMISSION );

	/* Process attribute get/set/delete messages */
	if( isAttributeMessage( message ) )
		{
		REQUIRES( message == MESSAGE_GETATTRIBUTE || \
				  message == MESSAGE_GETATTRIBUTE_S || \
				  message == MESSAGE_SETATTRIBUTE || \
				  message == MESSAGE_SETATTRIBUTE_S || \
				  message == MESSAGE_DELETEATTRIBUTE );
		REQUIRES( isAttribute( messageValue ) || \
				  isInternalAttribute( messageValue ) );

		if( message == MESSAGE_GETATTRIBUTE )
			return( getUserAttribute( userInfoPtr, 
									  ( int * ) messageDataPtr,
									  messageValue ) );
		if( message == MESSAGE_GETATTRIBUTE_S )
			return( getUserAttributeS( userInfoPtr, 
									   ( MESSAGE_DATA * ) messageDataPtr,
									   messageValue ) );
		if( message == MESSAGE_SETATTRIBUTE )
			{
			/* CRYPT_IATTRIBUTE_INITIALISED is purely a notification message 
			   with no parameters so we don't pass it down to the attribute-
			   handling code */
			if( messageValue == CRYPT_IATTRIBUTE_INITIALISED )
				{
				REQUIRES( userInfoPtr->objectHandle == \
								DEFAULTUSER_OBJECT_HANDLE );
				return( CRYPT_OK );
				}

			return( setUserAttribute( userInfoPtr, 
									  *( ( int * ) messageDataPtr ),
									  messageValue ) );
			}
		if( message == MESSAGE_SETATTRIBUTE_S )
			{
			const MESSAGE_DATA *msgData = ( MESSAGE_DATA * ) messageDataPtr;

			return( setUserAttributeS( userInfoPtr, msgData->data, 
									   msgData->length, messageValue ) );
			}
		if( message == MESSAGE_DELETEATTRIBUTE )
			return( deleteUserAttribute( userInfoPtr, messageValue ) );

		retIntError();
		}

	/* Process object-specific messages */
	if( message == MESSAGE_USER_USERMGMT )
		return( processUserManagement( userInfoPtr, messageDataPtr,
									   messageValue ) );
	if( message == MESSAGE_USER_TRUSTMGMT )
		return( processTrustManagement( userInfoPtr, messageDataPtr,
									    messageValue ) );

	retIntError();
	}

/* Open a user object.  This is a low-level function encapsulated by
   createUser() and used to manage error exits */

CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 4 ) ) \
static int openUser( OUT_HANDLE_OPT CRYPT_USER *iCryptUser, 
					 IN_HANDLE const CRYPT_USER iCryptOwner,
					 const USER_FILE_INFO *userInfoTemplate,
					 OUT_PTR USER_INFO **userInfoPtrPtr )
	{
	USER_INFO *userInfoPtr;
	USER_FILE_INFO *userFileInfo;
	static const MAP_TABLE subtypeMapTbl[] = {
		{ CRYPT_USER_SO, SUBTYPE_USER_SO },
		{ CRYPT_USER_CA, SUBTYPE_USER_CA },
		{ CRYPT_USER_NORMAL, SUBTYPE_USER_NORMAL },
		{ CRYPT_ERROR, CRYPT_ERROR }, { CRYPT_ERROR, CRYPT_ERROR }
		};