cryptlib  3.4.1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros
device.h
Go to the documentation of this file.
1 /****************************************************************************
2 * *
3 * cryptlib Device Interface Header File *
4 * Copyright Peter Gutmann 1998-2002 *
5 * *
6 ****************************************************************************/
7 
8 #ifndef _DEVICE_DEFINED
9 
10 #define _DEVICE_DEFINED
11 
12 /* The maximum length of error message we can store */
13 
14 #define MAX_ERRMSG_SIZE 512
15 
16 /* Device information flags. The "needs login" flag is a general device
17  flag which indicates that this type of device needs a user login before
18  it can be used and is set when the device is first opened, the "logged in"
19  flag is an ephemeral flag which indicates whether the user is currently
20  logged in. The "device active" flag indicates that a session with the
21  device is currently active and needs to be shut down when the device
22  object is destroyed */
23 
24 #define DEVICE_NEEDSLOGIN 0x0001 /* User must log in to use dev.*/
25 #define DEVICE_READONLY 0x0002 /* Device can't be written to */
26 #define DEVICE_REMOVABLE 0x0004 /* Device is removable */
27 #define DEVICE_ACTIVE 0x0008 /* Device is currently active */
28 #define DEVICE_LOGGEDIN 0x0010 /* User is logged into device */
29 #define DEVICE_TIME 0x0020 /* Device has on-board time source */
30 
31 /* Devices implement mechanisms in the same way that contexts implement
32  actions. Since the mechanism space is sparse, dispatching is handled by
33  looking up the required mechanism in a table of (action, mechanism,
34  function) triples. The table is sorted by order of most-frequently-used
35  mechanisms to speed things up, although the overhead is vanishingly small
36  anyway */
37 
38 typedef CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 2 ) ) \
39  int ( *MECHANISM_FUNCTION )( IN_OPT void *deviceInfoPtr,
40  INOUT void *mechanismInfo );
41 typedef struct {
42  const MESSAGE_TYPE action;
43  const MECHANISM_TYPE mechanism;
44  const MECHANISM_FUNCTION function;
45  } MECHANISM_FUNCTION_INFO;
46 
47 /* Devices can also be used to create further objects. Most can only create
48  contexts, but the system object can create any kind of object */
49 
50 typedef CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
51  int ( *CREATEOBJECT_FUNCTION )( INOUT \
52  MESSAGE_CREATEOBJECT_INFO *objectInfo,
53  const void *auxDataPtr,
54  const int auxValue );
55 typedef struct {
56  const OBJECT_TYPE type;
57  const CREATEOBJECT_FUNCTION function;
58  } CREATEOBJECT_FUNCTION_INFO;
59 
60 /****************************************************************************
61 * *
62 * Data Structures *
63 * *
64 ****************************************************************************/
65 
66 /* The internal fields in a deviec that hold data for the various keyset
67  types. These are implemented as a union to conserve memory with some of
68  the more data-intensive types. In addition the structures provide a
69  convenient way to group the device type-specific parameters */
70 
71 typedef struct {
72  /* Nonce PRNG information */
73  BUFFER_FIXED( CRYPT_MAX_HASHSIZE ) \
74  BYTE nonceData[ ( CRYPT_MAX_HASHSIZE + 8 ) + 8 ];/* Nonce RNG state */
75  HASHFUNCTION_ATOMIC hashFunctionAtomic; /* Nonce hash function */
76  int hashSize;
77  BOOLEAN nonceDataInitialised; /* Whether nonce RNG initialised */
78  } SYSTEMDEV_INFO;
79 
80 typedef struct {
81  /* General device information */
82  int minPinSize, maxPinSize; /* Minimum, maximum PIN lengths */
83  BUFFER( CRYPT_MAX_TEXTSIZE, labelLen ) \
84  char label[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Device label */
85  int labelLen;
86 
87  /* Device type-specific information */
88  unsigned long hSession; /* Session handle */
89  long slotID; /* Slot ID for multi-slot device */
90  int deviceNo; /* Index into PKCS #11 token table */
91  void *functionListPtr; /* PKCS #11 driver function list pointer */
92  BUFFER( CRYPT_MAX_TEXTSIZE, defaultSSOPinLen ) \
93  char defaultSSOPin[ CRYPT_MAX_TEXTSIZE + 8 ]; /* SSO PIN from dev.init */
94  int defaultSSOPinLen;
95 
96  /* Device state information. This records the active object for multi-
97  part operations where we can only perform one per hSession. Because
98  we have to set this to CRYPT_ERROR if there's none active, we make
99  it a signed long rather than the unsigned long that's usually used
100  for PKCS #11 handles */
101  long hActiveSignObject; /* Currently active sig.object */
102 
103  /* Last-error information returned from lower-level code */
104  ERROR_INFO errorInfo;
105  } PKCS11_INFO;
106 
107 #if defined( __WIN32__ ) && VC_GE_2005( _MSC_VER )
108  #define CAPI_HANDLE ULONG_PTR /* May be 64 bits on Win64 */
109 #else
110  #define CAPI_HANDLE unsigned long /* Always 32 bits on Win32 */
111 #endif /* Older vs.newer CryptoAPI types */
112 
113 typedef struct {
114  /* General device information */
115  BUFFER( CRYPT_MAX_TEXTSIZE, labelLen ) \
116  char label[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Device label */
117  int labelLen;
118 
119  /* Device type-specific information */
120  CAPI_HANDLE hProv; /* CryptoAPI provider handle */
121  void *hCertStore; /* Cert store for key/cert storage */
122  CAPI_HANDLE hPrivateKey; /* Key for session key import/export */
123  int privateKeySize; /* Size of import/export key */
124  const void *hCertChain; /* Cached copy of current cert chain */
125 
126  /* Last-error information returned from lower-level code */
127  ERROR_INFO errorInfo;
128  } CRYPTOAPI_INFO;
129 
130 typedef struct {
131  /* General device information */
132  BUFFER( CRYPT_MAX_TEXTSIZE, labelLen ) \
133  char label[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Device label */
134  int labelLen;
135 
136  /* Device type-specific information */
137  CRYPT_KEYSET iCryptKeyset; /* Key storage */
138 
139  /* Last-error information returned from lower-level code */
140  ERROR_INFO errorInfo;
141  } HARDWARE_INFO;
142 
143 /* Defines to make access to the union fields less messy */
144 
145 #define deviceSystem deviceInfo.systemInfo
146 #define devicePKCS11 deviceInfo.pkcs11Info
147 #define deviceCryptoAPI deviceInfo.cryptoapiInfo
148 #define deviceHardware deviceInfo.hardwareInfo
149 
150 /* The structure which stores information on a device */
151 
152 typedef struct DI {
153  /* General device information. Alongside various handles used to access
154  the device we also record whether the user has authenticated
155  themselves to the device since some devices have multiple user-access
156  states and the user needs to be logged out of one state before they
157  can log in to another state. In addition we also record the device
158  label which the caller can query for use in prompts displayed to the
159  user */
160  CRYPT_DEVICE_TYPE type; /* Device type */
161  int flags; /* Device information flags */
162  BUFFER_FIXED( labelLen ) \
163  char *label; /* Device label */
164  int labelLen;
165 
166  /* Each device provides various capabilities which are held in the
167  following list. When we need to create an object via the device, we
168  look up the requirements in the capability info and feed it to
169  createObjectFromCapability() */
170  const void *capabilityInfoList;
171 
172  /* Device type-specific information */
173  union {
174  SYSTEMDEV_INFO *systemInfo;
175  PKCS11_INFO *pkcs11Info;
176  CRYPTOAPI_INFO *cryptoapiInfo;
177  HARDWARE_INFO *hardwareInfo;
178  } deviceInfo;
179 
180  /* Pointers to device access methods */
181  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
182  int ( *initFunction )( INOUT struct DI *deviceInfo,
183  STDC_UNUSED const char *name,
184  STDC_UNUSED const int nameLength );
185  STDC_NONNULL_ARG( ( 1 ) ) \
186  void ( *shutdownFunction )( INOUT struct DI *deviceInfo );
187  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
188  int ( *controlFunction )( INOUT struct DI *deviceInfo,
189  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE type,
190  IN_BUFFER_OPT( dataLength ) void *data,
191  IN_LENGTH_SHORT_Z const int dataLength,
192  INOUT_OPT MESSAGE_FUNCTION_EXTINFO *messageExtInfo );
193  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
194  int ( *selftestFunction )( INOUT struct DI *deviceInfo,
195  INOUT \
196  MESSAGE_FUNCTION_EXTINFO *messageExtInfo );
197  int ( *getItemFunction )( INOUT struct DI *deviceInfo,
198  CRYPT_CONTEXT *iCryptContext,
199  const KEYMGMT_ITEM_TYPE itemType,
200  const CRYPT_KEYID_TYPE keyIDtype,
201  IN_BUFFER( keyIDlength ) \
202  const void *keyID, const int keyIDlength,
203  IN_BUFFER_OPT( *auxInfoLength ) \
204  void *auxInfo, int *auxInfoLength,
205  const int flags ) \
206  STDC_NONNULL_ARG( ( 1, 2, 5 ) );
207  int ( *setItemFunction )( INOUT struct DI *deviceInfo,
208  const CRYPT_HANDLE iCryptHandle ) \
209  STDC_NONNULL_ARG( ( 1 ) );
210  int ( *deleteItemFunction )( INOUT struct DI *deviceInfo,
211  const KEYMGMT_ITEM_TYPE itemType,
212  const CRYPT_KEYID_TYPE keyIDtype,
213  IN_BUFFER( keyIDlength ) \
214  const void *keyID, const int keyIDlength ) \
215  STDC_NONNULL_ARG( ( 1, 4 ) );
216  int ( *getFirstItemFunction )( INOUT struct DI *deviceInfo,
217  OUT CRYPT_CERTIFICATE *iCertificate,
218  INOUT int *stateInfo,
219  const CRYPT_KEYID_TYPE keyIDtype,
220  IN_BUFFER( keyIDlength ) \
221  const void *keyID, const int keyIDlength,
222  const KEYMGMT_ITEM_TYPE itemType,
223  const int options ) \
224  STDC_NONNULL_ARG( ( 1, 2, 3, 5 ) );
225  int ( *getNextItemFunction )( INOUT struct DI *deviceInfo,
226  OUT CRYPT_CERTIFICATE *iCertificate,
227  INOUT int *stateInfo, const int options ) \
228  STDC_NONNULL_ARG( ( 1, 2, 3 ) );
229  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
230  int ( *getRandomFunction)( INOUT struct DI *deviceInfo,
231  OUT_BUFFER_FIXED( length ) \
232  void *buffer, IN_LENGTH_SHORT const int length,
233  INOUT_OPT \
234  MESSAGE_FUNCTION_EXTINFO *messageExtInfo );
235 
236  /* Information for the system device */
237  const MECHANISM_FUNCTION_INFO *mechanismFunctions;
238  const CREATEOBJECT_FUNCTION_INFO *createObjectFunctions;
239  void *randomInfo;
240  int mechanismFunctionCount, createObjectFunctionCount;
241 
242  /* Error information */
243  CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
244  CRYPT_ERRTYPE_TYPE errorType; /* Error type */
245 
246  /* The object's handle and the handle of the user who owns this object.
247  The former is used when sending messages to the object when only the
248  xxx_INFO is available, the latter is used to avoid having to fetch the
249  same information from the system object table */
250  CRYPT_HANDLE objectHandle;
251  CRYPT_USER ownerHandle;
252 
253  /* Variable-length storage for the type-specific data */
254  DECLARE_VARSTRUCT_VARS;
255  } DEVICE_INFO;
256 
257 /****************************************************************************
258 * *
259 * Internal API Functions *
260 * *
261 ****************************************************************************/
262 
263 /* Device attribute handling functions */
264 
265 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
266 int getDeviceAttribute( INOUT DEVICE_INFO *deviceInfoPtr,
267  OUT_INT_Z int *valuePtr,
268  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute,
269  INOUT MESSAGE_FUNCTION_EXTINFO *messageExtInfo );
270 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
271 int getDeviceAttributeS( INOUT DEVICE_INFO *deviceInfoPtr,
272  INOUT MESSAGE_DATA *msgData,
273  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute,
274  MESSAGE_FUNCTION_EXTINFO *messageExtInfo );
275 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 4 ) ) \
276 int setDeviceAttribute( INOUT DEVICE_INFO *deviceInfoPtr,
277  IN_INT_Z const int value,
278  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute,
279  MESSAGE_FUNCTION_EXTINFO *messageExtInfo );
280 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 5 ) ) \
281 int setDeviceAttributeS( INOUT DEVICE_INFO *deviceInfoPtr,
282  IN_BUFFER( dataLength ) const void *data,
283  IN_LENGTH const int dataLength,
284  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute,
285  MESSAGE_FUNCTION_EXTINFO *messageExtInfo );
286 
287 /* Prototypes for device mapping functions */
288 
289 #ifdef USE_PKCS11
290  CHECK_RETVAL \
291  int deviceInitPKCS11( void );
292  void deviceEndPKCS11( void );
293  CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
294  int setDevicePKCS11( INOUT DEVICE_INFO *deviceInfo,
295  IN_BUFFER( nameLength ) \
296  const char *name,
297  IN_LENGTH_ATTRIBUTE const int nameLength );
298 #else
299  #define deviceInitPKCS11() CRYPT_OK
300  #define deviceEndPKCS11()
301  #define setDevicePKCS11( x, y, z ) CRYPT_ARGERROR_NUM1
302 #endif /* USE_PKCS11 */
303 #ifdef USE_CRYPTOAPI
304  CHECK_RETVAL \
305  int deviceInitCryptoAPI( void );
306  void deviceEndCryptoAPI( void );
307  CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
308  int setDeviceCryptoAPI( INOUT DEVICE_INFO *deviceInfo );
309 #else
310  #define deviceInitCryptoAPI() CRYPT_OK
311  #define deviceEndCryptoAPI()
312  #define setDeviceCryptoAPI( x ) CRYPT_ARGERROR_NUM1
313 #endif /* USE_CRYPTOAPI */
314 #ifdef USE_HARDWARE
315  CHECK_RETVAL \
316  int deviceInitHardware( void );
317  void deviceEndHardware( void );
318  CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
319  int setDeviceHardware( INOUT DEVICE_INFO *deviceInfo );
320 #else
321  #define deviceInitHardware() CRYPT_OK
322  #define deviceEndHardware()
323  #define setDeviceHardware( x ) CRYPT_ARGERROR_NUM1
324 #endif /* USE_HARDWARE */
325 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
326 int setDeviceSystem( INOUT DEVICE_INFO *deviceInfo );
327 
328 #endif /* _DEVICE_DEFINED */
Generated on Thu Jan 10 2013 10:00:46 for cryptlib by   doxygen 1.8.2