cryptlib  3.4.1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros
mech.h
Go to the documentation of this file.
1 /****************************************************************************
2 * *
3 * Signature/Keyex Mechanism Header File *
4 * Copyright Peter Gutmann 1992-2007 *
5 * *
6 ****************************************************************************/
7 
8 #ifndef _MECHANISM_DEFINED
9 
10 #define _MECHANISM_DEFINED
11 
12 #ifndef _STREAM_DEFINED
13  #if defined( INC_ALL )
14  #include "stream.h"
15  #else
16  #include "io/stream.h"
17  #endif /* Compiler-specific includes */
18 #endif /* _STREAM_DEFINED */
19 
20 /****************************************************************************
21 * *
22 * ASN.1 Constants and Macros *
23 * *
24 ****************************************************************************/
25 
26 /* CMS version numbers for various objects. They're monotonically increasing
27  because it was thought that this was enough to distinguish the record
28  types (see the note about CMS misdesign above). This was eventually fixed
29  but the odd version numbers remain, except for PWRI which was done right */
30 
31 enum { KEYTRANS_VERSION, SIGNATURE_VERSION, KEYTRANS_EX_VERSION,
32  SIGNATURE_EX_VERSION, KEK_VERSION, PWRI_VERSION = 0 };
33 
34 /* Context-specific tags for the RecipientInfo record. KeyTrans has no tag
35  (actually it has an implied 0 tag because of CMS misdesign, so the other
36  tags start at 1). To allow for addition of new RI types we permit (but
37  ignore) objects tagged up to CTAG_RI_MAX */
38 
39 enum { CTAG_RI_KEYAGREE = 1, CTAG_RI_KEKRI, CTAG_RI_PWRI, CTAG_RI_MAX = 9 };
40 
41 /****************************************************************************
42 * *
43 * Mechanism Function Prototypes *
44 * *
45 ****************************************************************************/
46 
47 /* The data formats for key exchange/transport and signature types. These
48  are an extension of the externally-visible cryptlib formats and are needed
49  for things like X.509 signatures and various secure session protocols
50  that wrap stuff other than straight keys up using a KEK. Note the non-
51  orthogonal handling of reading/writing CMS signatures, this is needed
52  because creating a CMS signature involves adding assorted additional data
53  like iAndS and signed attributes that present too much information to
54  pass into a basic writeSignature() call */
55 
56 typedef enum {
57  KEYEX_NONE, /* No recipient type */
58  KEYEX_CMS, /* iAndS + algoID + OCTET STRING */
59  KEYEX_CRYPTLIB, /* keyID + algoID + OCTET STRING */
60  KEYEX_PGP, /* PGP keyID + MPI */
61  KEYEX_LAST /* Last possible recipient type */
62  } KEYEX_TYPE;
63 
64 typedef enum {
65  SIGNATURE_NONE, /* No signature type */
66  SIGNATURE_RAW, /* BIT STRING */
67  SIGNATURE_X509, /* algoID + BIT STRING */
68  SIGNATURE_CMS, /* sigAlgoID + OCTET STRING (write) */
69  /* iAndS + hAlgoID + sAlgoID + OCTET STRING (read) */
70  SIGNATURE_CRYPTLIB, /* keyID + hashAlgoID + sigAlgoID + OCTET STRING */
71  SIGNATURE_PGP, /* PGP MPIs */
72  SIGNATURE_SSH, /* SSHv2 sig.record */
73  SIGNATURE_SSL, /* Raw signature data (no encapsulation) with dual hash */
74  SIGNATURE_TLS12, /* As SSL but with PKCS #1 format */
75  SIGNATURE_LAST /* Last possible signature type */
76  } SIGNATURE_TYPE;
77 
78 /* Signature read/write methods for the different format types. Specifying
79  input ranges gets a bit complicated because the functions are polymorphic
80  so we have to provide the lowest common denominator of all functions */
81 
82 typedef CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
83  int ( *READSIG_FUNCTION )( INOUT STREAM *stream,
84  OUT QUERY_INFO *queryInfo );
85 typedef CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 6 ) ) \
86  int ( *WRITESIG_FUNCTION )( INOUT STREAM *stream,
87  IN_HANDLE_OPT \
88  const CRYPT_CONTEXT iSignContext,
89  IN_ENUM_OPT( CRYPT_ALGO ) \
90  const CRYPT_ALGO_TYPE hashAlgo,
91  IN_INT_SHORT_Z const int hashParam,
92  IN_ENUM_OPT( CRYPT_ALGO ) \
93  const CRYPT_ALGO_TYPE signAlgo,
94  IN_BUFFER( signatureLength ) \
95  const BYTE *signature,
96  IN_LENGTH_SHORT_MIN( 40 ) \
97  const int signatureLength );
98 
99 CHECK_RETVAL_PTR \
100 READSIG_FUNCTION getReadSigFunction( IN_ENUM( SIGNATURE ) \
101  const SIGNATURE_TYPE sigType );
102 CHECK_RETVAL_PTR \
103 WRITESIG_FUNCTION getWriteSigFunction( IN_ENUM( SIGNATURE ) \
104  const SIGNATURE_TYPE sigType );
105 
106 /* Key exchange read/write methods for the different format types. Specifying
107  input ranges gets a bit complicated because the functions are polymorphic
108  so we have to provide the lowest common denominator of all functions */
109 
110 typedef CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
111  int ( *READKEYTRANS_FUNCTION )( INOUT STREAM *stream,
112  OUT QUERY_INFO *queryInfo );
113 typedef CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 3 ) ) \
114  int ( *WRITEKEYTRANS_FUNCTION )( INOUT STREAM *stream,
115  IN_HANDLE const CRYPT_CONTEXT iCryptContext,
116  IN_BUFFER( encryptedKeyLength ) \
117  const BYTE *encryptedKey,
118  IN_LENGTH_SHORT_MIN( MIN_PKCSIZE ) \
119  const int encryptedKeyLength,
120  IN_BUFFER_OPT( auxInfoLength ) \
121  const void *auxInfo,
122  IN_LENGTH_SHORT_Z \
123  const int auxInfoLength );
124 typedef CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
125  int ( *READKEK_FUNCTION )( INOUT STREAM *stream,
126  OUT QUERY_INFO *queryInfo );
127 typedef CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
128  int ( *WRITEKEK_FUNCTION )( STREAM *stream,
129  IN_HANDLE const CRYPT_CONTEXT iCryptContext,
130  IN_BUFFER_OPT( encryptedKeyLength ) \
131  const BYTE *encryptedKey,
132  IN_LENGTH_SHORT_MIN( MIN_KEYSIZE ) \
133  const int encryptedKeyLength );
134 
135 CHECK_RETVAL_PTR \
136 READKEYTRANS_FUNCTION getReadKeytransFunction( IN_ENUM( KEYEX ) \
137  const KEYEX_TYPE keyexType );
138 CHECK_RETVAL_PTR \
139 WRITEKEYTRANS_FUNCTION getWriteKeytransFunction( IN_ENUM( KEYEX ) \
140  const KEYEX_TYPE keyexType );
141 CHECK_RETVAL_PTR \
142 READKEK_FUNCTION getReadKekFunction( IN_ENUM( KEYEX ) \
143  const KEYEX_TYPE keyexType );
144 CHECK_RETVAL_PTR \
145 WRITEKEK_FUNCTION getWriteKekFunction( IN_ENUM( KEYEX ) \
146  const KEYEX_TYPE keyexType );
147 
148 /* Prototypes for keyex functions in keyex_int.c */
149 
150 CHECK_RETVAL STDC_NONNULL_ARG( ( 3 ) ) \
151 int exportConventionalKey( OUT_BUFFER_OPT( encryptedKeyMaxLength, \
152  *encryptedKeyLength ) \
153  void *encryptedKey,
154  IN_LENGTH const int encryptedKeyMaxLength,
155  OUT_LENGTH_Z int *encryptedKeyLength,
156  IN_HANDLE_OPT const CRYPT_CONTEXT iSessionKeyContext,
157  IN_HANDLE const CRYPT_CONTEXT iExportContext,
158  IN_ENUM( KEYEX ) const KEYEX_TYPE keyexType );
159 CHECK_RETVAL STDC_NONNULL_ARG( ( 3 ) ) \
160 int exportPublicKey( OUT_BUFFER_OPT( encryptedKeyMaxLength, \
161  *encryptedKeyLength ) \
162  void *encryptedKey,
163  IN_LENGTH const int encryptedKeyMaxLength,
164  OUT_LENGTH_Z int *encryptedKeyLength,
165  IN_HANDLE const CRYPT_CONTEXT iSessionKeyContext,
166  IN_HANDLE const CRYPT_CONTEXT iExportContext,
167  IN_BUFFER_OPT( auxInfoLength ) \
168  const void *auxInfo,
169  IN_LENGTH_SHORT_Z const int auxInfoLength,
170  IN_ENUM( KEYEX ) const KEYEX_TYPE keyexType );
171 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
172 int importConventionalKey( IN_BUFFER( encryptedKeyLength ) \
173  const void *encryptedKey,
174  IN_LENGTH_SHORT const int encryptedKeyLength,
175  IN_HANDLE const CRYPT_CONTEXT iSessionKeyContext,
176  IN_HANDLE const CRYPT_CONTEXT iImportContext,
177  IN_ENUM( KEYEX ) const KEYEX_TYPE keyexType );
178 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
179 int importPublicKey( IN_BUFFER( encryptedKeyLength ) \
180  const void *encryptedKey,
181  IN_LENGTH_SHORT const int encryptedKeyLength,
182  IN_HANDLE_OPT const CRYPT_CONTEXT iSessionKeyContext,
183  IN_HANDLE const CRYPT_CONTEXT iImportContext,
184  OUT_OPT_HANDLE_OPT CRYPT_CONTEXT *iReturnedContext,
185  IN_ENUM( KEYEX ) const KEYEX_TYPE keyexType );
186 
187 /* Prototypes for signature functions in sign_cms.c */
188 
189 CHECK_RETVAL STDC_NONNULL_ARG( ( 3 ) ) \
190 int createSignatureCMS( OUT_BUFFER_OPT( sigMaxLength, *signatureLength ) \
191  void *signature,
192  IN_LENGTH_Z const int sigMaxLength,
193  OUT_LENGTH_Z int *signatureLength,
194  IN_HANDLE const CRYPT_CONTEXT signContext,
195  IN_HANDLE const CRYPT_CONTEXT iHashContext,
196  const BOOLEAN useDefaultAuthAttr,
197  IN_HANDLE_OPT const CRYPT_CERTIFICATE iAuthAttr,
198  IN_HANDLE_OPT const CRYPT_SESSION iTspSession,
199  IN_ENUM( CRYPT_FORMAT ) \
200  const CRYPT_FORMAT_TYPE formatType );
201 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
202 int checkSignatureCMS( IN_BUFFER( signatureLength ) const void *signature,
203  IN_LENGTH_SHORT const int signatureLength,
204  IN_HANDLE const CRYPT_CONTEXT sigCheckContext,
205  IN_HANDLE const CRYPT_CONTEXT iHashContext,
206  OUT_OPT_HANDLE_OPT CRYPT_CERTIFICATE *iExtraData,
207  IN_HANDLE const CRYPT_HANDLE iSigCheckKey );
208 
209 /* Prototypes for signature functions in sign_pgp.c */
210 
211 CHECK_RETVAL STDC_NONNULL_ARG( ( 3 ) ) \
212 int createSignaturePGP( OUT_BUFFER_OPT( sigMaxLength, *signatureLength ) \
213  void *signature,
214  IN_LENGTH_Z const int sigMaxLength,
215  OUT_LENGTH_Z int *signatureLength,
216  IN_HANDLE const CRYPT_CONTEXT iSignContext,
217  IN_HANDLE const CRYPT_CONTEXT iHashContext,
218  IN_RANGE( PGP_SIG_NONE, PGP_SIG_LAST - 1 ) \
219  const int sigType );
220 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
221 int checkSignaturePGP( IN_BUFFER( signatureLength ) const void *signature,
222  IN_LENGTH_SHORT const int signatureLength,
223  IN_HANDLE const CRYPT_CONTEXT sigCheckContext,
224  IN_HANDLE const CRYPT_CONTEXT iHashContext );
225 
226 /* Prototypes for common low-level signature functions in sign_int.c */
227 
228 CHECK_RETVAL STDC_NONNULL_ARG( ( 3 ) ) \
229 int createSignature( OUT_BUFFER_OPT( sigMaxLength, *signatureLength ) \
230  void *signature,
231  IN_LENGTH_Z const int sigMaxLength,
232  OUT_LENGTH_Z int *signatureLength,
233  IN_HANDLE const CRYPT_CONTEXT iSignContext,
234  IN_HANDLE const CRYPT_CONTEXT iHashContext,
235  IN_HANDLE_OPT const CRYPT_CONTEXT iHashContext2,
236  IN_ENUM( SIGNATURE ) \
237  const SIGNATURE_TYPE signatureType );
238 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
239 int checkSignature( IN_BUFFER( signatureLength ) const void *signature,
240  IN_LENGTH_SHORT const int signatureLength,
241  IN_HANDLE const CRYPT_CONTEXT iSigCheckContext,
242  IN_HANDLE const CRYPT_CONTEXT iHashContext,
243  IN_HANDLE_OPT const CRYPT_CONTEXT iHashContext2,
244  IN_ENUM( SIGNATURE ) \
245  const SIGNATURE_TYPE signatureType );
246 
247 /* Prototypes for functions in sign_rw.c */
248 
249 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
250 int readPgpOnepassSigPacket( INOUT STREAM *stream,
251  INOUT QUERY_INFO *queryInfo );
252 
253 /* Prototypes for functions in obj_qry.c */
254 
255 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
256 int getPgpPacketInfo( INOUT STREAM *stream, OUT QUERY_INFO *queryInfo );
257 
258 #endif /* _MECHANISM_DEFINED */
Generated on Thu Jan 10 2013 10:00:50 for cryptlib by   doxygen 1.8.2