cryptkrn.h

cryptlib安全工具包

/****************************************************************************
*																			*
*							Action Message Types							*
*																			*
****************************************************************************/

/* Action messages come in two types, direct action messages and mechanism-
   action messages.  Action messages apply directly to action objects (for
   example transform a block of data) while mechanism-action messages apply
   to device objects and involve extra formatting above and beyond the direct
   action (for example perform PKCS #1 padding and then transform a block of
   data).

   Each object that processes direct action messages can can have a range of
   permission settings that control how action messages sent to it are
   handled.  The most common case is that the action isn't available for
   this object, ACTION_PERM_NOTAVAIL.  This is an all-zero permission, so
   the default is deny-all unless the action is explicitly permitted.  The
   other permissions are ACTION_PERM_NONE, which means that the action is in
   theory available but has been turned off, ACTION_PERM_NONE_EXTERNAL,
   which means that the action is only valid if the message is coming from
   inside cryptlib, and ACTION_PERM_ALL, which means that the action is
   available for anyone.  In order to set all permissions to a certain value
   (e.g. NONE_EXTERNAL), we define overall values xxx_ALL that (in
   combination with the kernel-enforced ratchet) can be used to set all
   settings to (at most) the given value.

   The order of the action bits is:

	  hash   sign  encr
		|	  |		|
	xx xx xx xx xx xx
	 |	   |	 |
	kgen sigch  decr

    x. .x|x. .x|x. .x	Hex digits

   Common settings are 0xCFF (new PKC, all operations), 0x0F (key-loaded
   conv., all operations), and 0xAA (key-loaded PKC, internal-only
   operations).

   The kernel enforces a ratchet for these setting that only allows them to
   be set to a more restrictive value than their existing one.  If a setting
   starts out as not available on object creation, it can never be enabled.
   If a setting starts as 'none-external', it can only be set to a straight
   'none', but never to 'all' */

#define ACTION_PERM_NOTAVAIL		0x00
#define ACTION_PERM_NONE			0x01
#define ACTION_PERM_NONE_EXTERNAL	0x02
#define ACTION_PERM_ALL				0x03

#define ACTION_PERM_NONE_ALL			0x000
#define ACTION_PERM_NONE_EXTERNAL_ALL	0xAAA
#define ACTION_PERM_ALL_MAX				0xFFF

#define ACTION_PERM_BASE	MESSAGE_CTX_ENCRYPT
#define ACTION_PERM_MASK	0x03
#define ACTION_PERM_BITS	2
#define ACTION_PERM_COUNT	( MESSAGE_CTX_GENKEY - \
							  MESSAGE_CTX_ENCRYPT + 1 )
#define ACTION_PERM_LAST	\
		( 1 << ( ( ( ACTION_PERM_COUNT ) * ACTION_PERM_BITS ) + 1 ) )
#define ACTION_PERM_SHIFT( action ) \
		( ( ( action ) - ACTION_PERM_BASE ) * ACTION_PERM_BITS )
#define MK_ACTION_PERM( action, perm ) \
		( ( perm ) << ACTION_PERM_SHIFT( action ) )
#define MK_ACTION_PERM_NONE_EXTERNAL( action ) \
		( ( action ) & ACTION_PERM_NONE_EXTERNAL_ALL )

/* Symbolic defines to allow the action flags to be range-checked alongside 
   all of the other flag types */

#define ACTION_PERM_FLAG_NONE		0x000
#define ACTION_PERM_FLAG_MAX		0xFFF

/* The mechanism types.  The distinction between the PKCS #1 and raw PKCS #1
   mechanisms is somewhat artificial in that they do the same thing, however
   it's easier for the kernel to perform security checks on parameters if
   the two are distinct */

typedef enum {
	MECHANISM_NONE,				/* No mechanism */
	MECHANISM_ENC_PKCS1,		/* PKCS #1 en/decrypt */
	MECHANISM_ENC_PKCS1_PGP,	/* PKCS #1 using PGP formatting */
	MECHANISM_ENC_PKCS1_RAW,	/* PKCS #1 returning uninterpreted data */
	MECHANISM_ENC_OAEP,			/* OAEP en/decrypt */
	MECHANISM_ENC_CMS,			/* CMS key wrap */
	MECHANISM_ENC_KEA,			/* KEA key agreement */
	MECHANISM_SIG_PKCS1,		/* PKCS #1 sign */
	MECHANISM_SIG_SSL,			/* SSL sign with dual hashes */
	MECHANISM_DERIVE_PKCS5,		/* PKCS #5 derive */
	MECHANISM_DERIVE_PKCS12,	/* PKCS #12 derive */
	MECHANISM_DERIVE_SSL,		/* SSL derive */
	MECHANISM_DERIVE_TLS,		/* TLS derive */
	MECHANISM_DERIVE_CMP,		/* CMP/Entrust derive */
	MECHANISM_DERIVE_PGP,		/* OpenPGP S2K derive */
	MECHANISM_PRIVATEKEYWRAP,	/* Private key wrap */
	MECHANISM_PRIVATEKEYWRAP_PKCS8,	/* PKCS #8 private key wrap */
	MECHANISM_PRIVATEKEYWRAP_PGP2,	/* PGP 2.x private key wrap */
	MECHANISM_PRIVATEKEYWRAP_OPENPGP_OLD,/* Legacy OpenPGP private key wrap */
	MECHANISM_PRIVATEKEYWRAP_OPENPGP,/* OpenPGP private key wrap */
	MECHANISM_LAST				/* Last valid mechanism type */
	} MECHANISM_TYPE;

/* A structure to hold information needed by the key export/import mechanism.
   The key can be passed as raw key data or as a context if tied to hardware
   that doesn't allow keying material outside the hardware's security
   perimeter:

	PKCS #1,	wrappedData = wrapped key
	PKCS #1 PGP	keyData = -
				keyContext = context containing key
				wrapContext = wrap/unwrap PKC context
				auxContext = CRYPT_UNUSED
				auxInfo = CRYPT_UNUSED
	PKCS #1	raw	wrappedData = wrapped raw data
				keyData = raw data
				keyContext = CRYPT_UNUSED
				wrapContext = wrap/unwrap PKC context
				auxContext = CRYPT_UNUSED
				auxInfo = CRYPT_UNUSED
	OAEP		wrappedData = wrapped key
				keyData = -
				keyContext = context containing key
				wrapContext = wrap/unwrap PKC context
				auxContext = CRYPT_UNUSED
				auxInfo = MGF1 algorithm
	CMS			wrappedData = wrapped key
				keyData = -
				keyContext = context containing key
				wrapContext = wrap/unwrap conventional context
				auxContext = CRYPT_UNUSED
				auxInfo = CRYPT_UNUSED
	KEA			wrappedData = len + TEK( MEK ), len + UKM
				keyData = -
				keyContext = MEK
				wrapContext = recipient KEA public key
				auxContext = originator KEA private key
				auxInfo = CRYPT_UNUSED
	Private		wrappedData = padded encrypted private key components
	key wrap	keyData = -
				keyContext = context containing private key
				wrapContext = wrap/unwrap conventional context
				auxContext = CRYPT_UNUSED 
				auxInfo = CRYPT_UNUSED */

typedef struct {
	BUFFER_OPT_FIXED( wrappedDataLength ) \
	void *wrappedData;			/* Wrapped key */
	int wrappedDataLength;
	BUFFER_FIXED( keyDataLength ) \
	void *keyData;				/* Raw key */
	int keyDataLength;
	CRYPT_HANDLE keyContext;	/* Context containing raw key */
	CRYPT_HANDLE wrapContext;	/* Wrap/unwrap context */
	CRYPT_HANDLE auxContext;	/* Auxiliary context */
	int auxInfo;				/* Auxiliary info */
	} MECHANISM_WRAP_INFO;

/* A structure to hold information needed by the sign/sig check mechanism:

	PKCS #1		signature = signature
				hashContext = hash to sign
				signContext = signing key

	SSL			signature = signature
				hashContext, hashContext2 = dual hashes to sign
				signContext = signing key */

typedef struct {
	BUFFER_OPT_FIXED( signatureLength ) \
	void *signature;			/* Signature */
	int signatureLength;
	CRYPT_CONTEXT hashContext;	/* Hash context */
	CRYPT_CONTEXT hashContext2;	/* Secondary hash context */
	CRYPT_HANDLE signContext;	/* Signing context */
	} MECHANISM_SIGN_INFO;

/* A structure to hold information needed by the key derive mechanism:

	PKCS #5,	dataOut = key data
	CMP, PGP	dataIn = password
				hashAlgo = hash algorithm
				salt = salt
				iterations = iteration count
	SSL/TLS		dataOut = key data/master secret
				dataIn = master secret/premaster secret
				hashAlgo = CRYPT_USE_DEFAULT
				salt = client || server random/server || client random
				iterations = 1 */

typedef struct {
	BUFFER_OPT_FIXED( dataOutLength ) \
	void *dataOut;				/* Output keying information */
	int dataOutLength;
	BUFFER_FIXED( dataInLength ) \
	const void *dataIn;			/* Input keying information */
	int dataInLength;
	CRYPT_ALGO_TYPE hashAlgo;	/* Hash algorithm */
	BUFFER_OPT_FIXED( saltLength ) \
	const void *salt;			/* Salt/randomiser */
	int saltLength;
	int iterations;				/* Iterations of derivation function */
	} MECHANISM_DERIVE_INFO;

/* Macros to make it easier to work with the mechanism info types.  The
   shortened name forms in the macro args are necessary to avoid clashes with
   the struct members.  The long lines are necessary because older Borland
   compilers can't handle line breaks at this point in a macro definition */

#define clearMechanismInfo( mechanismInfo ) \
		memset( mechanismInfo, 0, sizeof( *mechanismInfo ) )

#define setMechanismWrapInfo( mechanismInfo, wrapped, wrappedLen, key, keyLen, keyCtx, wrapCtx ) \
		{ \
		( mechanismInfo )->wrappedData = ( wrapped ); \
		( mechanismInfo )->wrappedDataLength = ( wrappedLen ); \
		( mechanismInfo )->keyData = ( key ); \
		( mechanismInfo )->keyDataLength = ( keyLen ); \
		( mechanismInfo )->keyContext = ( keyCtx ); \
		( mechanismInfo )->wrapContext = ( wrapCtx ); \
		( mechanismInfo )->auxContext = \
			( mechanismInfo )->auxInfo = CRYPT_UNUSED; \
		}

#define setMechanismWrapInfoEx( mechanismInfo, wrapped, wrappedLen, key, keyLen, keyCtx, wrapCtx, auxCtx, auxInf ) \
		{ \
		( mechanismInfo )->wrappedData = ( wrapped ); \
		( mechanismInfo )->wrappedDataLength = ( wrappedLen ); \
		( mechanismInfo )->keyData = ( key ); \
		( mechanismInfo )->keyDataLength = ( keyLen ); \
		( mechanismInfo )->keyContext = ( keyCtx ); \
		( mechanismInfo )->wrapContext = ( wrapCtx ); \
		( mechanismInfo )->auxContext = ( auxCtx ); \
		( mechanismInfo )->auxInfo = ( auxInf ); \
		}

#define setMechanismSignInfo( mechanismInfo, sig, sigLen, hashCtx, hashCtx2, signCtx ) \
		{ \
		( mechanismInfo )->signature = ( sig ); \
		( mechanismInfo )->signatureLength = ( sigLen ); \
		( mechanismInfo )->hashContext = ( hashCtx ); \
		( mechanismInfo )->hashContext2 = ( hashCtx2 ); \
		( mechanismInfo )->signContext = ( signCtx ); \
		}

#define setMechanismDeriveInfo( mechanismInfo, out, outLen, in, inLen, hAlgo, slt, sltLen, iters ) \
		{ \
		( mechanismInfo )->dataOut = ( out ); \
		( mechanismInfo )->dataOutLength = ( outLen ); \
		( mechanismInfo )->dataIn = ( in ); \
		( mechanismInfo )->dataInLength = ( inLen ); \
		( mechanismInfo )->hashAlgo = ( hAlgo ); \
		( mechanismInfo )->salt = ( slt ); \
		( mechanismInfo )->saltLength = ( sltLen ); \
		( mechanismInfo )->iterations = ( iters ); \
		}

/****************************************************************************
*																			*
*								Misc Message Types							*
*																			*
****************************************************************************/

/* Beside the general value+length and mechanism messages, we also have a
   number of special-purposes messages that require their own parameter
   data structures.  These are:

   Create object messages, used to create objects via a device, either
   directly or indirectly by instantiating the object from encoded data (for
   example a certificate object from a certificate).  Usually the device is
   the system object, but it can also be used to create contexts in hardware
   devices.  In addition to the creation parameters we also pass in the
   owner's user object to be stored with the object data for use when
   needed */

typedef struct {
	CRYPT_HANDLE cryptHandle;	/* Handle to created object */
	CRYPT_USER cryptOwner;		/* New object's owner */
	int arg1, arg2;				/* Integer args */
	BUFFER_OPT_FIXED( strArgLen1 ) \
	const void *strArg1;
	BUFFER_OPT_FIXED( strArgLen2 ) \
	const void *strArg2;	/* String args */
	int strArgLen1, strArgLen2;
	} MESSAGE_CREATEOBJECT_INFO;

#define setMessageCreateObjectInfo( createObjectInfo, a1 ) \
		{ \
		memset( createObjectInfo, 0, sizeof( MESSAGE_CREATEOBJECT_INFO ) ); \
		( createObjectInfo )->cryptHandle = CRYPT_ERROR; \
		( createObjectInfo )->cryptOwner = CRYPT_ERROR; \
		( createObjectInfo )->arg1 = ( a1 ); \