cryptlib  3.4.1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros
context.h
Go to the documentation of this file.
1 /****************************************************************************
2 * *
3 * cryptlib Encryption Context Header File *
4 * Copyright Peter Gutmann 1992-2009 *
5 * *
6 ****************************************************************************/
7 
8 #ifndef _CRYPTCTX_DEFINED
9 
10 #define _CRYPTCTX_DEFINED
11 
12 /* Various include files needed by contexts. Since the bignum and stream
13  headers are only needed by PKC contexts, we only apply them in modules
14  that use PKC contexts */
15 
16 #ifdef PKC_CONTEXT
17  #ifndef _STREAM_DEFINED
18  #if defined( INC_ALL )
19  #include "stream.h"
20  #else
21  #include "io/stream.h"
22  #endif /* Compiler-specific includes */
23  #endif /* _STREAM_DEFINED */
24  #ifndef HEADER_BN_H
25  #if defined( INC_ALL )
26  #include "bn.h"
27  #else
28  #include "bn/bn.h"
29  #endif /* Compiler-specific includes */
30  #endif /* HEADER_BN_H */
31  #if ( defined( USE_ECDH ) || defined( USE_ECDSA ) ) && !defined( HEADER_EC_H )
32  #if defined( INC_ALL )
33  #include "ec_lcl.h"
34  #else
35  #include "bn/ec_lcl.h"
36  #endif /* Compiler-specific includes */
37  #endif /* ( USE_ECDH || USE_ECDSA ) && HEADER_EC_H */
38 #endif /* Extra eaders needed only for PKC contexts */
39 #ifndef _CRYPTCAP_DEFINED
40  #if defined( INC_ALL )
41  #include "capabil.h"
42  #else
43  #include "device/capabil.h"
44  #endif /* Compiler-specific includes */
45 #endif /* _CRYPTCAP_DEFINED */
46 
47 /****************************************************************************
48 * *
49 * Context Types and Constants *
50 * *
51 ****************************************************************************/
52 
53 /* Context information flags. Most of these flags are context-type-specific,
54  and are only used with some context types:
55 
56  FLAG_DUMMY: The context is a dummy context with actions handled through
57  an external crypto device. When a device context is created, it
58  usually isn't instantiated at the device level until the key
59  (and possibly other parameters) are available because most
60  devices use an atomic created-initialised-context operation
61  rather than allowing incremental parameter setting like cryptlib
62  does. To handle this, we first create a dummy context and then
63  fill in the details on demand.
64 
65  FLAG_DUMMY_INITED: The dummy context has been initialised. Since the
66  context isn't instantiated until required, this flag is needed
67  to keep track of whether any cached parameters retained from the
68  dummy state need to be set when the context is used.
69 
70  FLAG_HASH_INITED: The hash parameters have been inited.
71  FLAG_HASH_DONE: The hash operation is complete, no further hashing can
72  be done
73 
74  FLAG_ISPUBLICKEY: The key is a public or private key.
75  FLAG_ISPRIVATEKEY:
76 
77  FLAG_IV_SET: The IV has been set.
78  FLAG_KEY_SET: The key has been initialised.
79  FLAG_PGPKEYID_SET: The PGP keyID has been set (this is only valid for
80  RSA keys, and may not be enabled if we're not using PGP).
81  FLAG_OPENPGPKEYID_SET: The OpenPGP keyID has been set (this may not be
82  enabled if we're not using PGP).
83 
84  FLAG_PERSISTENT: The context is backed by a keyset or crypto device.
85 
86  FLAG_SIDECHANNELPROTECTION: The context has side-channel protection
87  (additional checking for crypto operations, blinding, and so
88  on) enabled.
89 
90  FLAG_FLAG_STATICCONTEXT: The context data has been instantiated via
91  staticInitContext() for internal use and doesn't correspond to
92  an actual cryptlib object */
93 
94 #define CONTEXT_FLAG_NONE 0x0000 /* No context flag */
95 #define CONTEXT_FLAG_KEY_SET 0x0001 /* Key has been set */
96 #define CONTEXT_FLAG_IV_SET 0x0002 /* IV has been set */
97 #define CONTEXT_FLAG_ISPUBLICKEY 0x0004 /* Key is a public key */
98 #define CONTEXT_FLAG_ISPRIVATEKEY 0x0008 /* Key is a private key */
99 #define CONTEXT_FLAG_DUMMY 0x0010 /* Context actions handled externally */
100 #define CONTEXT_FLAG_DUMMY_INITED 0x0020 /* Dummy context is inited */
101 #define CONTEXT_FLAG_PERSISTENT 0x0040 /* Context is backed by dev.or keyset */
102 #define CONTEXT_FLAG_SIDECHANNELPROTECTION \
103  0x0080 /* Enabled side-channel prot.in ops */
104 #define CONTEXT_FLAG_HASH_INITED 0x0100 /* Hash parameters have been inited */
105 #define CONTEXT_FLAG_HASH_DONE 0x0200 /* Hash operation is complete */
106 #define CONTEXT_FLAG_PGPKEYID_SET 0x0400 /* PGP keyID is set */
107 #define CONTEXT_FLAG_OPENPGPKEYID_SET 0x0800 /* OpenPGP keyID is set */
108 #define CONTEXT_FLAG_STATICCONTEXT 0x1000 /* Static context */
109 #define CONTEXT_FLAG_MAX 0x1FFF /* Maximum possible flag value */
110 
111 /* DLP PKCs require a random value k that's then reduced mod p or q, however
112  if we make sizeof( k ) == sizeof( p ) then this introduced a bias into k
113  that eventually leaks the private key (see "The Insecurity of the Digital
114  Signature Algorithm with Partially Known Nonces" by Phong Nguyen and Igor
115  Shparlinski). To get around this we generate a k that's slightly larger
116  than required, the following defines the size in bytes of this overflow
117  factor */
118 
119 #define DLP_OVERFLOW_SIZE bitsToBytes( 32 )
120 
121 /****************************************************************************
122 * *
123 * Context Data Structures *
124 * *
125 ****************************************************************************/
126 
127 /* The internal fields in a context that hold data for a conventional,
128  public-key, hash, or MAC algorithm. CONTEXT_CONV and CONTEXT_MAC
129  should be allocated in pagelocked memory since they contain the sensitive
130  userKey data */
131 
132 typedef enum {
133  CONTEXT_NONE, /* No context type */
134  CONTEXT_CONV, /* Conventional encryption context */
135  CONTEXT_PKC, /* PKC context */
136  CONTEXT_HASH, /* Hash context */
137  CONTEXT_MAC, /* MAC context */
138  CONTEXT_GENERIC, /* Generic-secret context */
139  CONTEXT_LAST /* Last valid context type */
140  } CONTEXT_TYPE;
141 
142 #define needsSecureMemory( contextType ) \
143  ( contextType == CONTEXT_CONV || contextType == CONTEXT_MAC || \
144  contextType == CONTEXT_GENERIC )
145 
146 typedef struct {
147  /* General algorithm information */
148  CRYPT_MODE_TYPE mode; /* Encryption mode being used */
149 
150  /* User keying information. The user key is the unprocessed key as
151  entered by the user (rather than the key in the form used by the
152  algorithm), the IV is the initial IV. We keep a copy of the
153  unprocessed key because we usually need to wrap it up in a KEK
154  at some point after it's loaded */
155  BUFFER( CRYPT_MAX_KEYSIZE, userKeyLength ) \
156  BYTE userKey[ CRYPT_MAX_KEYSIZE + 8 ]; /* User encryption key */
157  BUFFER( CRYPT_MAX_IVSIZE, ivLength ) \
158  BYTE iv[ CRYPT_MAX_IVSIZE + 8 ];/* Initial IV */
159  int userKeyLength, ivLength;
160 
161  /* Conventional encryption keying information. The key is the processed
162  encryption key stored in whatever form is required by the algorithm,
163  usually the key-scheduled user key. The IV is the current working IV.
164  The ivCount is the number of bytes of IV that have been used, and is
165  used when a block cipher is used as a stream cipher */
166  void *key; /* Internal working key */
167  BUFFER( CRYPT_MAX_IVSIZE, ivLength ) \
168  BYTE currentIV[ CRYPT_MAX_IVSIZE + 8 ]; /* Internal working IV */
169  int ivCount; /* Internal IV count for chaining modes */
170 
171  /* Information required when a key suitable for use by this algorithm
172  is derived from a longer user key */
173  BUFFER( CRYPT_MAX_HASHSIZE, saltLength ) \
174  BYTE salt[ CRYPT_MAX_HASHSIZE + 8 ];/* Salt */
175  int saltLength;
176  int keySetupIterations; /* Number of times setup was iterated */
177  CRYPT_ALGO_TYPE keySetupAlgorithm; /* Algorithm used for key setup */
178  } CONV_INFO;
179 
180 #ifdef PKC_CONTEXT
181 
182 typedef struct {
183  /* General information on the key: The nominal key size in bits, the key
184  IDs, and key-related meta-info. Since the OpenPGP key ID can't be
185  calculated directly like the other IDs, we have to keep track of
186  whether it's been set or not with a flag */
187  int keySizeBits; /* Nominal key size in bits */
188  BUFFER_FIXED( KEYID_SIZE ) \
189  BYTE keyID[ KEYID_SIZE + 8 ]; /* Key ID for this key */
190  BUFFER_FIXED( PGP_KEYID_SIZE ) \
191  BYTE pgp2KeyID[ PGP_KEYID_SIZE + 8 ];/* PGP 2 key ID for this key */
192  BUFFER_FIXED( PGP_KEYID_SIZE ) \
193  BYTE openPgpKeyID[ PGP_KEYID_SIZE + 8 ];/* OpenPGP key ID for this key */
194  time_t pgpCreationTime; /* Key creation time (for OpenPGP ID) */
195 
196  /* Public-key encryption keying information. Since each algorithm has
197  its own unique parameters, the bignums are given generic names here.
198  The algorithm-specific code refers to them by their actual names,
199  which are implemented as symbolic defines of the form
200  <algo>Param_<param_name>, e.g.rsaParam_e */
201  BIGNUM param1; /* PKC key components */
202  BIGNUM param2;
203  BIGNUM param3;
204  BIGNUM param4;
205  BIGNUM param5;
206  BIGNUM param6;
207  BIGNUM param7;
208  BIGNUM param8;
209 #if defined( USE_ECDH ) || defined( USE_ECDSA )
210  BIGNUM param9;
211  BIGNUM param10;
212 #endif /* USE_ECDH || USE_ECDSA */
213  BN_MONT_CTX montCTX1; /* Precomputed Montgomery values */
214  BN_MONT_CTX montCTX2;
215  BN_MONT_CTX montCTX3;
216 #if defined( USE_ECDH ) || defined( USE_ECDSA )
217  CRYPT_ECCCURVE_TYPE curveType; /* Additional info.needed for ECC ctxs.*/
218  BOOLEAN isECC;
219  EC_GROUP *ecCTX;
220  EC_POINT *ecPoint;
221 #endif /* USE_ECDH || USE_ECDSA */
222  BN_ULONG checksum; /* Checksum for key value */
223 
224  /* Temporary workspace values used to avoid having to allocate and
225  deallocate them on each PKC operation, and to keep better control
226  over the data in them. DLP operations that require extensive
227  temporary vars also reuse the last three general-purpose bignums
228  above, since they're not used for keying material */
229  BIGNUM tmp1, tmp2, tmp3;
230 #if defined( USE_ECDH ) || defined( USE_ECDSA )
231  BIGNUM tmp4, tmp5;
232  EC_POINT *tmpPoint;
233 #endif /* USE_ECDH || USE_ECDSA */
234  BN_CTX *bnCTX;
235  #define CONTEXT_FLAG_PBO 0x08
236 
237  /* If we're using side-channel protection, we also need to store values
238  used to perform extra operations that eliminate timing channels */
239  BIGNUM blind1, blind2;
240 
241  /* If the context is tied to a device the keying info won't be available,
242  however we generally need the public key information for use in cert
243  requests and whatnot so we save a copy as SubjectPublicKeyInfo when
244  the key is loaded/generated */
245  BUFFER_OPT_FIXED( publicKeyInfoSize ) \
246  void *publicKeyInfo; /* X.509 SubjectPublicKeyInfo */
247  int publicKeyInfoSize; /* Key info size */
248 
249  /* Pointers to functions to public-key context access methods. The
250  functions to read and write public and private keys are kept distinct
251  to enforce red/black separation */
252  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
253  int ( *calculateKeyIDFunction )( INOUT struct CI *contextInfoPtr );
254  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
255  int ( *readPublicKeyFunction )( INOUT STREAM *stream,
256  INOUT struct CI *contextInfoPtr,
257  IN_ENUM( KEYFORMAT ) \
258  const KEYFORMAT_TYPE formatType );
259  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
260  int ( *readPrivateKeyFunction )( INOUT STREAM *stream,
261  INOUT struct CI *contextInfoPtr,
262  IN_ENUM( KEYFORMAT ) \
263  const KEYFORMAT_TYPE formatType );
264  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
265  int ( *writePublicKeyFunction )( INOUT STREAM *stream,
266  const struct CI *contextInfoPtr,
267  IN_ENUM( KEYFORMAT ) \
268  const KEYFORMAT_TYPE formatType,
269  IN_BUFFER( accessKeyLen ) \
270  const char *accessKey,
271  IN_LENGTH_SHORT_MIN( 4 ) \
272  const int accessKeyLen );
273  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
274  int ( *writePrivateKeyFunction )( INOUT STREAM *stream,
275  const struct CI *contextInfoPtr,
276  IN_ENUM( KEYFORMAT ) \
277  const KEYFORMAT_TYPE formatType,
278  IN_BUFFER( accessKeyLen ) \
279  const char *accessKey,
280  IN_LENGTH_SHORT_MIN( 4 ) \
281  const int accessKeyLen );
282  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 3, 4, 5 ) ) \
283  int ( *encodeDLValuesFunction )( OUT_BUFFER( bufMaxSize, \
284  *bufSize ) BYTE *buffer,
285  IN_LENGTH_SHORT_MIN( 20 + 20 ) \
286  const int bufMaxSize,
287  OUT_LENGTH_SHORT_Z int *bufSize,
288  const BIGNUM *value1,
289  const BIGNUM *value2,
290  IN_ENUM( CRYPT_FORMAT ) \
291  const CRYPT_FORMAT_TYPE formatType );
292  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 3, 4, 5 ) ) \
293  int ( *decodeDLValuesFunction )( IN_BUFFER( bufSize ) const BYTE *buffer,
294  IN_LENGTH_SHORT_MIN( 32 ) const int bufSize,
295  OUT BIGNUM *value1,
296  OUT BIGNUM *value2,
297  const BIGNUM *maxRange,
298  IN_ENUM( CRYPT_FORMAT_TYPE ) \
299  const CRYPT_FORMAT_TYPE formatType );
300 
301  /* State information needed to allow background key generation */
302 #ifdef USE_THREADS
303 // THREAD_STATE threadState;
304 #endif /* OS's with threads */
305  } PKC_INFO;
306 #endif /* PKC_CONTEXT */
307 
308 typedef struct {
309  /* The current state of the hashing and the result from the last
310  completed hash operation */
311  void *hashInfo; /* Current hash state */
312  BUFFER_FIXED( CRYPT_MAX_HASHSIZE ) \
313  BYTE hash[ CRYPT_MAX_HASHSIZE + 8 ];/* Last hash result */
314  } HASH_INFO;
315 
316 typedef struct {
317  /* User keying information. The user key is the unprocessed key as
318  entered by the user rather than the key in the form used by the
319  algorithm. We keep a copy of the unprocessed key because we usually
320  need to wrap it up in a KEK at some point after it's loaded */
321  BUFFER( CRYPT_MAX_KEYSIZE, userKeyLength ) \
322  BYTE userKey[ CRYPT_MAX_KEYSIZE + 8 ]; /* User MAC key */
323  int userKeyLength;
324 
325  /* The current state of the MAC'ing and the result from the last
326  completed MAC operation */
327  void *macInfo; /* Current MAC state */
328  BUFFER_FIXED( CRYPT_MAX_HASHSIZE ) \
329  BYTE mac[ CRYPT_MAX_HASHSIZE + 8 ]; /* Last MAC result */
330 
331  /* Information required when a key suitable for use by this algorithm
332  is derived from a longer user key */
333  BUFFER( CRYPT_MAX_HASHSIZE, saltLength ) \
334  BYTE salt[ CRYPT_MAX_HASHSIZE + 8 ];/* Salt */
335  int saltLength;
336  int keySetupIterations; /* Number of times setup was iterated */
337  CRYPT_ALGO_TYPE keySetupAlgorithm; /* Algorithm used for key setup */
338  } MAC_INFO;
339 
340 typedef struct {
341  /* Generic-secret information */
342  BUFFER( CRYPT_MAX_KEYSIZE, genericSecretLength ) \
343  BYTE genericSecret[ CRYPT_MAX_KEYSIZE + 8 ];
344  int genericSecretLength;
345 
346  /* Parameter information for the encryption and MAC contexts that are
347  derived from the generic-secret context */
348  BUFFER( CRYPT_MAX_TEXTSIZE, encAlgoParamSize ) \
349  BYTE encAlgoParams[ CRYPT_MAX_TEXTSIZE + 8 ];
350  int encAlgoParamSize;
351  BUFFER( CRYPT_MAX_TEXTSIZE, macAlgoParamSize ) \
352  BYTE macAlgoParams[ CRYPT_MAX_TEXTSIZE + 8 ];
353  int macAlgoParamSize;
354  } GENERIC_INFO;
355 
356 /* Defines to make access to the union fields less messy */
357 
358 #define ctxConv keyingInfo.convInfo
359 #define ctxPKC keyingInfo.pkcInfo
360 #define ctxHash keyingInfo.hashInfo
361 #define ctxMAC keyingInfo.macInfo
362 #define ctxGeneric keyingInfo.genericInfo
363 
364 /* An encryption context */
365 
366 typedef struct CI {
367  /* Control and status information */
368  CONTEXT_TYPE type; /* The context type */
369  const CAPABILITY_INFO *capabilityInfo; /* Encryption capability info */
370  int flags; /* Context information flags */
371 
372  /* Context type-specific information */
373  union {
374  CONV_INFO *convInfo;
375 #ifdef PKC_CONTEXT
376  PKC_INFO *pkcInfo;
377 #endif /* PKC_CONTEXT */
378  HASH_INFO *hashInfo;
379  MAC_INFO *macInfo;
380  GENERIC_INFO *genericInfo;
381  } keyingInfo;
382 
383 #ifdef USE_DEVICES
384  /* If implemented using a crypto device, the object information is
385  usually stored inside the device. The following value contains the
386  reference to the crypto object inside the device. In addition some
387  objects (specifically, DH) that aren't really public- or private-key
388  objects but a mixture of both require a second handle to the other
389  part of the object in the device */
390  long deviceObject, altDeviceObject;
391 
392  #ifdef USE_HARDWARE
393  /* When data used to instantiate a context is stored in a device we may
394  need a unique ID value to locate the data, the following value
395  contains this storage ID */
396  BUFFER_FIXED( KEYID_SIZE ) \
397  BYTE deviceStorageID[ KEYID_SIZE + 8 ];
398  BOOLEAN deviceStorageIDset;
399  #endif /* USE_HARDWARE */
400 #endif /* USE_DEVICES */
401 
402  /* The label for this object, typically used to identify stored keys */
403  BUFFER( CRYPT_MAX_TEXTSIZE, labelSize ) \
404  char label[ CRYPT_MAX_TEXTSIZE + 8 ];/* Text string identifying key */
405  int labelSize;
406 
407  /* Pointers to context access methods. These are somewhat higher-level
408  than the capability info methods and apply to entire classes of
409  context rather than at a per-algorithm level */
410  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
411  int ( *loadKeyFunction )( INOUT struct CI *contextInfoPtr,
412  IN_BUFFER_OPT( keyLength ) const void *key,
413  IN_LENGTH_SHORT_MIN( MIN_KEYSIZE ) \
414  const int keyLength );
415  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
416  int ( *generateKeyFunction )( INOUT struct CI *contextInfoPtr );
417  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
418  int ( *encryptFunction )( INOUT struct CI *contextInfoPtr,
419  INOUT_BUFFER_FIXED( length ) BYTE *buffer,
420  IN_LENGTH_Z int length );
421  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
422  int ( *decryptFunction )( INOUT struct CI *contextInfoPtr,
423  INOUT_BUFFER_FIXED( length ) BYTE *buffer,
424  IN_LENGTH_Z int length );
425 
426  /* Error information */
427  CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
428  CRYPT_ERRTYPE_TYPE errorType; /* Error type */
429 
430  /* The object's handle and the handle of the user who owns this object.
431  The former is used when sending messages to the object when only the
432  xxx_INFO is available, the latter is used to avoid having to fetch the
433  same information from the system object table */
434  CRYPT_HANDLE objectHandle;
435  CRYPT_USER ownerHandle;
436  } CONTEXT_INFO;
437 
438 /* Symbolic defines for the various PKC components for different PKC
439  algorithms. All of the DLP algorithms actually use the same parameters,
440  so we define generic DLP names for them */
441 
442 #define dlpParam_p param1
443 #define dlpParam_g param2
444 #define dlpParam_q param3
445 #define dlpParam_y param4
446 #define dlpParam_x param5
447 #define dlpTmp1 param6
448 #define dlpTmp2 param7
449 #define dlpTmp3 param8 /* More temp.values for DLP PKCs */
450 #define dhParam_yPrime param8 /* Special value for DH */
451 #define dlpParam_mont_p montCTX1
452 
453 #define rsaParam_n param1
454 #define rsaParam_e param2
455 #define rsaParam_d param3
456 #define rsaParam_p param4
457 #define rsaParam_q param5
458 #define rsaParam_u param6
459 #define rsaParam_exponent1 param7
460 #define rsaParam_exponent2 param8
461 #define rsaParam_blind_k blind1
462 #define rsaParam_blind_kInv blind2
463 #define rsaParam_mont_n montCTX1
464 #define rsaParam_mont_p montCTX2
465 #define rsaParam_mont_q montCTX3
466 
467 #define eccParam_p param1
468 #define eccParam_a param2
469 #define eccParam_b param3
470 #define eccParam_gx param4
471 #define eccParam_gy param5
472 #define eccParam_n param6
473 #define eccParam_h param7
474 #define eccParam_qx param8
475 #define eccParam_qy param9
476 #define eccParam_d param10
477 #define eccParam_mont_p montCTX1
478 #define eccParam_mont_n montCTX2
479 
480 /* Minimum and maximum permitted lengths for various PKC components. These
481  can be loaded in various ways (read from ASN.1 data, read from
482  PGP/SSH/SSL data, loaded by the user, and so on) so we define permitted
483  length values in a central location for use in the different read
484  routines */
485 
486 #define RSAPARAM_MIN_N MIN_PKCSIZE
487 #define RSAPARAM_MAX_N CRYPT_MAX_PKCSIZE
488 #define RSAPARAM_MIN_E 1
489 #define RSAPARAM_MAX_E 4
490 #define RSAPARAM_MIN_D MIN_PKCSIZE
491 #define RSAPARAM_MAX_D CRYPT_MAX_PKCSIZE
492 #define RSAPARAM_MIN_P MIN_PKCSIZE / 2
493 #define RSAPARAM_MAX_P CRYPT_MAX_PKCSIZE
494 #define RSAPARAM_MIN_Q MIN_PKCSIZE / 2
495 #define RSAPARAM_MAX_Q CRYPT_MAX_PKCSIZE
496 #define RSAPARAM_MIN_U MIN_PKCSIZE / 2
497 #define RSAPARAM_MAX_U CRYPT_MAX_PKCSIZE
498 #define RSAPARAM_MIN_EXP1 MIN_PKCSIZE / 2
499 #define RSAPARAM_MAX_EXP1 CRYPT_MAX_PKCSIZE
500 #define RSAPARAM_MIN_EXP2 MIN_PKCSIZE / 2
501 #define RSAPARAM_MAX_EXP2 CRYPT_MAX_PKCSIZE
502 
503 #define DLPPARAM_MIN_P MIN_PKCSIZE
504 #define DLPPARAM_MAX_P CRYPT_MAX_PKCSIZE
505 #define DLPPARAM_MIN_G 1
506 #define DLPPARAM_MAX_G CRYPT_MAX_PKCSIZE
507 #define DLPPARAM_MIN_Q bitsToBytes( 128 )
508 #define DLPPARAM_MAX_Q CRYPT_MAX_PKCSIZE
509 #define DLPPARAM_MIN_Y MIN_PKCSIZE
510 #define DLPPARAM_MAX_Y CRYPT_MAX_PKCSIZE
511 #define DLPPARAM_MIN_X bitsToBytes( 128 )
512 #define DLPPARAM_MAX_X CRYPT_MAX_PKCSIZE
513 
514 #define DLPPARAM_MIN_SIG_R DLPPARAM_MIN_Q /* For DSA sigs */
515 #define DLPPARAM_MIN_SIG_S DLPPARAM_MIN_Q /* For DSA sigs */
516 
517 #define ECCPARAM_MIN_P MIN_PKCSIZE_ECC
518 #define ECCPARAM_MAX_P CRYPT_MAX_PKCSIZE_ECC
519 #define ECCPARAM_MIN_A MIN_PKCSIZE_ECC / 2
520 #define ECCPARAM_MAX_A CRYPT_MAX_PKCSIZE_ECC
521 #define ECCPARAM_MIN_B MIN_PKCSIZE_ECC / 2
522 #define ECCPARAM_MAX_B CRYPT_MAX_PKCSIZE_ECC
523 #define ECCPARAM_MIN_GX 1
524 #define ECCPARAM_MAX_GX CRYPT_MAX_PKCSIZE_ECC
525 #define ECCPARAM_MIN_GY 1
526 #define ECCPARAM_MAX_GY CRYPT_MAX_PKCSIZE_ECC
527 #define ECCPARAM_MIN_N MIN_PKCSIZE_ECC
528 #define ECCPARAM_MAX_N CRYPT_MAX_PKCSIZE_ECC
529 #define ECCPARAM_MIN_H MIN_PKCSIZE_ECC
530 #define ECCPARAM_MAX_H CRYPT_MAX_PKCSIZE_ECC
531 #define ECCPARAM_MIN_QX MIN_PKCSIZE_ECC / 2
532 #define ECCPARAM_MAX_QX CRYPT_MAX_PKCSIZE_ECC
533 #define ECCPARAM_MIN_QY MIN_PKCSIZE_ECC / 2
534 #define ECCPARAM_MAX_QY CRYPT_MAX_PKCSIZE_ECC
535 #define ECCPARAM_MIN_D MIN_PKCSIZE_ECC / 2
536 #define ECCPARAM_MAX_D CRYPT_MAX_PKCSIZE_ECC
537 
538 #define ECCPARAM_MIN_SIG_R ECCPARAM_MIN_QX /* For ECDSA sigs */
539 #define ECCPARAM_MIN_SIG_S ECCPARAM_MIN_QX /* For ECDSA sigs */
540 
541 /* Because there's no really clean way to throw an exception in C and the
542  bnlib routines don't carry around state information like cryptlib objects
543  do, we need to perform an error check for most of the routines we call.
544  To make this slightly less ugly we define the following macro that
545  performs the check for us by updating a variable called `bnStatus' with
546  the result of a bnlib call, which returns 1 for OK and 0 for error.
547  Annoyingly, this interface isn't quite consistent and some calls return
548  pointers rather than integer values, so we define a second macro that
549  checks for pointer values rather than integers */
550 
551 #define CK( x ) bnStatus &= x
552 #define CKPTR( x ) bnStatus &= ( ( x ) == NULL ? 0 : 1 )
553 #define BN_STATUS 1
554 #define bnStatusOK( x ) bnStatus
555 #define bnStatusError( x ) ( !bnStatus )
556 #define getBnStatus( x ) ( bnStatus ? CRYPT_OK : CRYPT_ERROR_FAILED )
557 
558 /****************************************************************************
559 * *
560 * Internal API Functions *
561 * *
562 ****************************************************************************/
563 
564 /* Determine whether a context needs to have a key loaded */
565 
566 #define needsKey( contextInfoPtr ) \
567  !( ( contextInfoPtr )->flags & CONTEXT_FLAG_KEY_SET )
568 
569 /* Low-level capability checking and context-creation functions used when
570  creating a context in a device */
571 
572 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
573 int checkCapability( const CAPABILITY_INFO FAR_BSS *capabilityInfoPtr );
574 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \
575 int createContextFromCapability( OUT_HANDLE_OPT CRYPT_CONTEXT *iCryptContext,
576  IN_HANDLE const CRYPT_USER iCryptOwner,
577  const CAPABILITY_INFO *capabilityInfoPtr,
578  IN_FLAGS_Z( CREATEOBJECT ) const int objectFlags );
579 
580 /* Statically init/destroy a context for the self-check, and perform various
581  types of self-check */
582 
583 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 4 ) ) \
584 int staticInitContext( OUT CONTEXT_INFO *contextInfoPtr,
585  IN_ENUM( CONTEXT_TYPE ) const CONTEXT_TYPE type,
586  const CAPABILITY_INFO *capabilityInfoPtr,
587  OUT_BUFFER_FIXED( contextDataSize ) void *contextData,
588  IN_LENGTH_SHORT_MIN( 32 ) const int contextDataSize,
589  IN_OPT void *keyData );
590 STDC_NONNULL_ARG( ( 1 ) ) \
591 void staticDestroyContext( INOUT CONTEXT_INFO *contextInfoPtr );
592 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 5, 6 ) ) \
593 int testCipher( const CAPABILITY_INFO *capabilityInfo,
594  INOUT void *keyDataStorage,
595  IN_BUFFER( keySize ) const void *key,
596  IN_LENGTH_SHORT_MIN( MIN_KEYSIZE ) const int keySize,
597  const void *plaintext,
598  const void *ciphertext );
599 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 5 ) ) \
600 int testHash( const CAPABILITY_INFO *capabilityInfo,
601  INOUT void *hashDataStorage,
602  IN_BUFFER_OPT( dataLength ) const void *data,
603  IN_LENGTH_SHORT_Z const int dataLength,
604  const void *hashValue );
605 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 5, 7 ) ) \
606 int testMAC( const CAPABILITY_INFO *capabilityInfo,
607  INOUT void *macDataStorage,
608  IN_BUFFER( keySize ) const void *key,
609  IN_LENGTH_SHORT_MIN( MIN_KEYSIZE ) const int keySize,
610  IN_BUFFER( dataLength ) const void *data,
611  IN_LENGTH_SHORT_MIN( 8 ) const int dataLength,
612  const void *hashValue );
613 
614 /* Context attribute handling functions */
615 
616 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
617 int getContextAttribute( INOUT CONTEXT_INFO *contextInfoPtr,
618  OUT_INT_Z int *valuePtr,
619  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
620 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
621 int getContextAttributeS( INOUT CONTEXT_INFO *contextInfoPtr,
622  INOUT MESSAGE_DATA *msgData,
623  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
624 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
625 int setContextAttribute( INOUT CONTEXT_INFO *contextInfoPtr,
626  IN_INT_Z const int value,
627  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
628 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
629 int setContextAttributeS( INOUT CONTEXT_INFO *contextInfoPtr,
630  IN_BUFFER( dataLength ) const void *data,
631  IN_LENGTH const int dataLength,
632  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
633 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
634 int deleteContextAttribute( INOUT CONTEXT_INFO *contextInfoPtr,
635  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
636 
637 /* General key load/generation routines */
638 
639 STDC_NONNULL_ARG( ( 1 ) ) \
640 void initKeyHandling( INOUT CONTEXT_INFO *contextInfoPtr );
641 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \
642 int setEncodedKey( INOUT CONTEXT_INFO *contextInfoPtr,
643  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE keyType,
644  IN_BUFFER( keyDataLen ) const void *keyData,
645  IN_LENGTH_SHORT const int keyDataLen );
646 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
647 int setKeyComponents( INOUT CONTEXT_INFO *contextInfoPtr,
648  IN_BUFFER( keyDataLen ) const void *keyData,
649  IN_LENGTH_SHORT_MIN( 32 ) const int keyDataLen );
650 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
651 int deriveKey( INOUT CONTEXT_INFO *contextInfoPtr,
652  IN_BUFFER( keyValueLen ) const void *keyValue,
653  IN_LENGTH_SHORT const int keyValueLen );
654 
655 /* PKC key-generation and related routines */
656 
657 #ifdef PKC_CONTEXT
658 
659 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
660 int initCheckDLPkey( INOUT CONTEXT_INFO *contextInfoPtr,
661  const BOOLEAN isDH, const BOOLEAN isPKCS3 );
662 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
663 int generateDLPkey( INOUT CONTEXT_INFO *contextInfoPtr,
664  IN_LENGTH_SHORT_MIN( MIN_PKCSIZE * 8 ) const int keyBits );
665 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
666 int initCheckRSAkey( INOUT CONTEXT_INFO *contextInfoPtr );
667 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
668 int generateRSAkey( INOUT CONTEXT_INFO *contextInfoPtr,
669  IN_LENGTH_SHORT_MIN( MIN_PKCSIZE * 8 ) const int keyBits );
670 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
671 int initCheckECCkey( INOUT CONTEXT_INFO *contextInfoPtr,
672  const BOOLEAN isECDH );
673 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
674 int generateECCkey( INOUT CONTEXT_INFO *contextInfoPtr,
675  IN_LENGTH_SHORT_MIN( MIN_PKCSIZE_ECC * 8 ) \
676  const int keyBits );
677 CHECK_RETVAL STDC_NONNULL_ARG( ( 2 ) ) \
678 int getECCFieldSize( IN_ENUM( CRYPT_ECCCURVE ) const CRYPT_ECCCURVE_TYPE fieldID,
679  OUT_INT_Z int *fieldSize );
680 
681 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
682 int generateBignum( OUT BIGNUM *bn,
683  IN_LENGTH_SHORT_MIN( 120 ) const int noBits,
684  IN_BYTE const int high, IN_BYTE const int low );
685 STDC_NONNULL_ARG( ( 1 ) ) \
686 void clearTempBignums( INOUT PKC_INFO *pkcInfo );
687 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
688 int initContextBignums( INOUT PKC_INFO *pkcInfo,
689  IN_RANGE( 0, 3 ) const int sideChannelProtectionLevel,
690  const BOOLEAN isECC );
691 STDC_NONNULL_ARG( ( 1 ) ) \
692 void freeContextBignums( INOUT PKC_INFO *pkcInfo,
693  IN_FLAGS( CONTEXT ) const int contextFlags );
694 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
695 int calculateBignumChecksum( INOUT PKC_INFO *pkcInfo,
696  IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo );
697 #endif /* PKC_CONTEXT */
698 
699 /* Key read/write routines */
700 
701 STDC_NONNULL_ARG( ( 1 ) ) \
702 void initKeyID( INOUT CONTEXT_INFO *contextInfoPtr );
703 STDC_NONNULL_ARG( ( 1 ) ) \
704 void initKeyRead( INOUT CONTEXT_INFO *contextInfoPtr );
705 STDC_NONNULL_ARG( ( 1 ) ) \
706 void initKeyWrite( INOUT CONTEXT_INFO *contextInfoPtr );
707 
708 /* Internal functions shared across a small number of modules, declared via
709  a header to allow type checking (attributeToFormatType() from keyload.c,
710  hash functions from ctx_XXX.c accessed via the universal interface in
711  ctx_misc.c) */
712 
713 CHECK_RETVAL \
714 int attributeToFormatType( IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute,
715  OUT_ENUM_OPT( KEYFORMAT ) KEYFORMAT_TYPE *keyformat );
716 
717 STDC_NONNULL_ARG( ( 1 ) ) \
718 void md5HashBuffer( INOUT_OPT HASHINFO hashInfo,
719  OUT_BUFFER_OPT_C( outBufMaxLength, 16 ) BYTE *outBuffer,
720  IN_LENGTH_SHORT_Z const int outBufMaxLength,
721  IN_BUFFER_OPT( inLength ) const void *inBuffer,
722  IN_LENGTH_SHORT_Z const int inLength,
723  IN_ENUM( HASH_STATE ) const HASH_STATE hashState );
724 STDC_NONNULL_ARG( ( 1 ) ) \
725 void ripemd160HashBuffer( INOUT_OPT HASHINFO hashInfo,
726  OUT_BUFFER_OPT_C( outBufMaxLength, 20 ) BYTE *outBuffer,
727  IN_LENGTH_SHORT_Z const int outBufMaxLength,
728  IN_BUFFER_OPT( inLength ) const void *inBuffer,
729  IN_LENGTH_SHORT_Z const int inLength,
730  IN_ENUM( HASH_STATE ) const HASH_STATE hashState );
731 STDC_NONNULL_ARG( ( 1 ) ) \
732 void shaHashBuffer( INOUT_OPT HASHINFO hashInfo,
733  OUT_BUFFER_OPT_C( outBufMaxLength, 20 ) BYTE *outBuffer,
734  IN_LENGTH_SHORT_Z const int outBufMaxLength,
735  IN_BUFFER_OPT( inLength ) const void *inBuffer,
736  IN_LENGTH_SHORT_Z const int inLength,
737  IN_ENUM( HASH_STATE ) const HASH_STATE hashState );
738 STDC_NONNULL_ARG( ( 1 ) ) \
739 void sha2HashBuffer( INOUT_OPT HASHINFO hashInfo,
740  OUT_BUFFER_OPT_C( outBufMaxLength, 32 ) BYTE *outBuffer,
741  IN_LENGTH_SHORT_Z const int outBufMaxLength,
742  IN_BUFFER_OPT( inLength ) const void *inBuffer,
743  IN_LENGTH_SHORT_Z const int inLength,
744  IN_ENUM( HASH_STATE ) const HASH_STATE hashState );
745 STDC_NONNULL_ARG( ( 1 ) ) \
746 void sha2_ExtHashBuffer( INOUT_OPT HASHINFO hashInfo,
747  OUT_BUFFER_OPT_C( outBufMaxLength, 64 ) BYTE *outBuffer,
748  IN_LENGTH_SHORT_Z const int outBufMaxLength,
749  IN_BUFFER_OPT( inLength ) const void *inBuffer,
750  IN_LENGTH_SHORT_Z const int inLength,
751  IN_ENUM( HASH_STATE ) const HASH_STATE hashState );
752 
753 STDC_NONNULL_ARG( ( 1, 3 ) ) \
754 void md5HashBufferAtomic( OUT_BUFFER_C( outBufMaxLength, 16 ) BYTE *outBuffer,
755  IN_LENGTH_SHORT_MIN( 16 ) const int outBufMaxLength,
756  IN_BUFFER( inLength ) const void *inBuffer,
757  IN_LENGTH_SHORT const int inLength );
758 STDC_NONNULL_ARG( ( 1, 3 ) ) \
759 void ripemd160HashBufferAtomic( OUT_BUFFER_C( outBufMaxLength, 20 ) BYTE *outBuffer,
760  IN_LENGTH_SHORT_MIN( 20 ) const int outBufMaxLength,
761  IN_BUFFER( inLength ) const void *inBuffer,
762  IN_LENGTH_SHORT const int inLength );
763 STDC_NONNULL_ARG( ( 1, 3 ) ) \
764 void shaHashBufferAtomic( OUT_BUFFER_C( outBufMaxLength, 20 ) BYTE *outBuffer,
765  IN_LENGTH_SHORT_MIN( 20 ) const int outBufMaxLength,
766  IN_BUFFER( inLength ) const void *inBuffer,
767  IN_LENGTH_SHORT const int inLength );
768 STDC_NONNULL_ARG( ( 1, 3 ) ) \
769 void sha2HashBufferAtomic( OUT_BUFFER_C( outBufMaxLength, 32 ) BYTE *outBuffer,
770  IN_LENGTH_SHORT_MIN( 32 ) const int outBufMaxLength,
771  IN_BUFFER( inLength ) const void *inBuffer,
772  IN_LENGTH_SHORT const int inLength );
773 STDC_NONNULL_ARG( ( 1, 3 ) ) \
774 void sha2_ExtHashBufferAtomic( OUT_BUFFER_C( outBufMaxLength, 64 ) BYTE *outBuffer,
775  IN_LENGTH_SHORT_MIN( 64 ) const int outBufMaxLength,
776  IN_BUFFER( inLength ) const void *inBuffer,
777  IN_LENGTH_SHORT const int inLength );
778 
779 #endif /* _CRYPTCTX_DEFINED */
Generated on Thu Jan 10 2013 10:00:45 for cryptlib by   doxygen 1.8.2