static int readProtAlgoInfo( INOUT STREAM *stream,
OUT_ALGO_Z CRYPT_ALGO_TYPE *cryptAlgo,
OUT_INT_SHORT_Z int *keySize )
{
const OID_INFO *oidInfoPtr;
const PKCS12_ALGO_MAP *algoMapInfoPtr;
int status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( cryptAlgo, sizeof( CRYPT_ALGO_TYPE ) ) );
assert( isWritePtr( keySize, sizeof( int ) ) );
/* Clear return values */
*cryptAlgo = CRYPT_ALGO_NONE;
*keySize = 0;
/* Read the wrapper and the protection algorithm OID and extract the
protection information parameters for it */
readSequence( stream, NULL );
status = readOIDEx( stream, encryptionOIDinfo,
FAILSAFE_ARRAYSIZE( encryptionOIDinfo, OID_INFO ),
&oidInfoPtr );
if( cryptStatusError( status ) )
return( status );
algoMapInfoPtr = oidInfoPtr->extraInfo;
*cryptAlgo = algoMapInfoPtr->cryptAlgo;
*keySize = algoMapInfoPtr->keySize;
return( CRYPT_OK );
}
int hwGetCapabilities( const CAPABILITY_INFO **capabilityInfo,
int *noCapabilities )
{
assert( isReadPtr( capabilityInfo, sizeof( CAPABILITY_INFO * ) ) );
assert( isWritePtr( noCapabilities, sizeof( int ) ) );
*capabilityInfo = capabilities;
*noCapabilities = FAILSAFE_ARRAYSIZE( capabilities, CAPABILITY_INFO );
return( CRYPT_OK );
}
static int loadECCparams( INOUT CONTEXT_INFO *contextInfoPtr )
{
PKC_INFO *pkcInfo = contextInfoPtr->ctxPKC;
const ECC_DOMAIN_PARAMS *eccParams = NULL;
int curveSize, i, bnStatus = BN_STATUS;
assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );
/* Find the parameter info for this curve */
for( i = 0; domainParamTbl[ i ].paramType != CRYPT_ECCCURVE_NONE && \
i < FAILSAFE_ARRAYSIZE( domainParamTbl, ECC_DOMAIN_PARAMS );
i++ )
{
if( domainParamTbl[ i ].paramType == pkcInfo->curveType )
{
eccParams = &domainParamTbl[ i ];
break;
}
}
ENSURES( i < FAILSAFE_ARRAYSIZE( domainParamTbl, ECC_DOMAIN_PARAMS ) );
ENSURES( eccParams != NULL );
/* For the named curve the key size is defined by exective fiat based
on the curve type rather than being taken from the public-key value
(which in this case is the magnitude of the point Q on the curve), so
we set it explicitly based on the curve type */
pkcInfo->keySizeBits = eccParams->curveSizeBits;
curveSize = bitsToBytes( eccParams->curveSizeBits );
/* Load the parameters into the context bignums */
CKPTR( BN_bin2bn( eccParams->p, curveSize, &pkcInfo->eccParam_p ) );
CKPTR( BN_bin2bn( eccParams->a, curveSize, &pkcInfo->eccParam_a ) );
CKPTR( BN_bin2bn( eccParams->b, curveSize, &pkcInfo->eccParam_b ) );
CKPTR( BN_bin2bn( eccParams->gx, curveSize, &pkcInfo->eccParam_gx ) );
CKPTR( BN_bin2bn( eccParams->gy, curveSize, &pkcInfo->eccParam_gy ) );
CKPTR( BN_bin2bn( eccParams->n, curveSize, &pkcInfo->eccParam_n ) );
CKPTR( BN_bin2bn( eccParams->h, curveSize, &pkcInfo->eccParam_h ) );
return( getBnStatus( bnStatus ) );
}
int getKeyTypeTag( IN_HANDLE_OPT const CRYPT_CONTEXT cryptContext,
IN_ALGO_OPT const CRYPT_ALGO_TYPE cryptAlgo,
OUT int *tag )
{
static const MAP_TABLE tagMapTbl[] = {
{ CRYPT_ALGO_RSA, 100 },
{ CRYPT_ALGO_DH, CTAG_PK_DH },
{ CRYPT_ALGO_ELGAMAL, CTAG_PK_DH },
{ CRYPT_ALGO_DSA, CTAG_PK_DSA },
{ CRYPT_ALGO_ECDSA, CTAG_PK_ECC },
{ CRYPT_ERROR, CRYPT_ERROR }, { CRYPT_ERROR, CRYPT_ERROR }
};
int keyCryptAlgo, value, status;
REQUIRES( ( isHandleRangeValid( cryptContext ) && \
cryptAlgo == CRYPT_ALGO_NONE ) || \
( cryptContext == CRYPT_UNUSED && \
isPkcAlgo( cryptAlgo ) ) );
/* Clear return value */
*tag = 0;
/* If the caller hasn't already supplied the algorithm details, get them
from the context */
if( cryptAlgo != CRYPT_ALGO_NONE )
keyCryptAlgo = cryptAlgo;
else
{
status = krnlSendMessage( cryptContext, IMESSAGE_GETATTRIBUTE,
&keyCryptAlgo, CRYPT_CTXINFO_ALGO );
if( cryptStatusError( status ) )
return( status );
}
/* Map the algorithm to the corresponding tag. We have to be a bit
careful with the tags because the out-of-band special-case value
DEFAULT_TAG looks like an error value, so we supply a dummy value
of '100' for this tag and map it back to DEFAULT_TAG when we return
it to the caller */
status = mapValue( keyCryptAlgo, &value, tagMapTbl,
FAILSAFE_ARRAYSIZE( tagMapTbl, MAP_TABLE ) );
ENSURES( cryptStatusOK( status ) );
*tag = ( value == 100 ) ? DEFAULT_TAG : value;
return( CRYPT_OK );
}
int setDeviceHardware( INOUT DEVICE_INFO *deviceInfo )
{
assert( isWritePtr( deviceInfo, sizeof( DEVICE_INFO ) ) );
deviceInfo->initFunction = initFunction;
deviceInfo->shutdownFunction = shutdownFunction;
deviceInfo->controlFunction = controlFunction;
deviceInfo->getItemFunction = getItemFunction;
deviceInfo->setItemFunction = setItemFunction;
deviceInfo->deleteItemFunction = deleteItemFunction;
deviceInfo->getFirstItemFunction = getFirstItemFunction;
deviceInfo->getNextItemFunction = getNextItemFunction;
deviceInfo->getRandomFunction = getRandomFunction;
deviceInfo->capabilityInfoList = capabilityInfoList;
deviceInfo->mechanismFunctions = mechanismFunctions;
deviceInfo->mechanismFunctionCount = \
FAILSAFE_ARRAYSIZE( mechanismFunctions, MECHANISM_FUNCTION_INFO );
return( CRYPT_OK );
}
{ CRYPT_IATTRIBUTE_KEY_SPKI, KEYFORMAT_CERT },
{ CRYPT_IATTRIBUTE_KEY_SPKI_PARTIAL, KEYFORMAT_CERT },
{ CRYPT_ERROR, 0 }, { CRYPT_ERROR, 0 }
};
int value, status;
assert( isWritePtr( keyformat, sizeof( KEYFORMAT_TYPE ) ) );
REQUIRES( isAttribute( attribute ) || \
isInternalAttribute( attribute ) );
/* Clear return value */
*keyformat = KEYFORMAT_NONE;
status = mapValue( attribute, &value, attributeMapTbl,
FAILSAFE_ARRAYSIZE( attributeMapTbl, MAP_TABLE ) );
ENSURES( cryptStatusOK( status ) );
*keyformat = value;
return( CRYPT_OK );
}
/****************************************************************************
* *
* Key Parameter Handling Functions *
* *
****************************************************************************/
/* Initialise crypto parameters such as the IV and encryption mode, shared
by most capabilities. This is never called directly, but is accessed
through function pointers in the capability lists */
static int processAdditionalScepRequest( INOUT SESSION_INFO *sessionInfoPtr,
const HTTP_URI_INFO *httpReqInfo )
{
HTTP_URI_INFO rewrittenHttpReqInfo;
MESSAGE_DATA msgData;
int operationType, status;
assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );
assert( isReadPtr( httpReqInfo, sizeof( HTTP_URI_INFO ) ) );
/* If the client has fed us an HTTP GET request, find out what they
want. SCEP's handling of HTTP requests is a bit different from the
"attribute '=' value" lookup that's normally used for HTTP data
retrieval. Instead, it uses the format
"'operation =' value '&' extraData", with the search key buried in
the 'extraData' value. In addition the content of the 'extraData'
value isn't defined outside of "any string which is understood by the
CA". However since 'value' defines what we want, we can determine
what to return based on this and ignore the 'extraData' portion.
In order to fix up the query information into a format that works
with standard HTTP queries, we rewrite the query data from the
"'operation =' value '&' extraData" form into "attribute '=' value"
before we process the query */
memset( &rewrittenHttpReqInfo, 0, sizeof( HTTP_URI_INFO ) );
memcpy( rewrittenHttpReqInfo.attribute, httpReqInfo->value,
httpReqInfo->valueLen );
rewrittenHttpReqInfo.attributeLen = httpReqInfo->valueLen;
if( httpReqInfo->extraDataLen > 0 )
{
memcpy( rewrittenHttpReqInfo.value, httpReqInfo->extraData,
httpReqInfo->extraDataLen );
rewrittenHttpReqInfo.valueLen = httpReqInfo->extraDataLen;
}
status = processCertQuery( sessionInfoPtr, &rewrittenHttpReqInfo,
certstoreReadInfo,
FAILSAFE_ARRAYSIZE( certstoreReadInfo, \
CERTSTORE_READ_INFO ),
&operationType, NULL, 0, NULL );
if( cryptStatusError( status ) )
{
sendCertErrorResponse( sessionInfoPtr, status );
return( status );
}
ENSURES( operationType == SCEP_OPERATION_GETCACAPS || \
operationType == SCEP_OPERATION_GETCACERT || \
operationType == SCEP_OPERATION_GETCACERTCHAIN );
/* If it's a CA capabilities query, return the information as raw text
over HTTP */
if( operationType == SCEP_OPERATION_GETCACAPS )
{
STREAM stream;
sMemOpen( &stream, sessionInfoPtr->receiveBuffer, 1024 );
status = swrite( &stream, "POSTPKIOperation\n", 17 );
if( algoAvailable( CRYPT_ALGO_SHA1 ) )
status = swrite( &stream, "SHA-1\n", 6 );
if( algoAvailable( CRYPT_ALGO_SHA2 ) )
status = swrite( &stream, "SHA-256\n", 8 );
if( algoAvailable( CRYPT_ALGO_SHAng ) )
status = swrite( &stream, "SHAng\n", 6 );
if( algoAvailable( CRYPT_ALGO_3DES ) )
status = swrite( &stream, "DES3\n", 5 );
if( algoAvailable( CRYPT_ALGO_AES ) )
status = swrite( &stream, "AES\n", 4 );
if( cryptStatusOK( status ) )
sessionInfoPtr->receiveBufEnd = stell( &stream );
sMemDisconnect( &stream );
ENSURES( cryptStatusOK( status ) );
return( writePkiDatagram( sessionInfoPtr, SCEP_CONTENT_TYPE,
SCEP_CONTENT_TYPE_LEN ) );
}
/* Export the CA certificate and send it to the client */
setMessageData( &msgData, sessionInfoPtr->receiveBuffer,
sessionInfoPtr->receiveBufSize );
status = krnlSendMessage( sessionInfoPtr->privateKey,
IMESSAGE_CRT_EXPORT, &msgData,
( operationType == SCEP_OPERATION_GETCACERT ) ? \
CRYPT_CERTFORMAT_CERTIFICATE : \
CRYPT_CERTFORMAT_CERTCHAIN );
if( cryptStatusError( status ) )
{
retExt( status,
( status, SESSION_ERRINFO,
"Couldn't export CA certificate%s for '%s' request",
( operationType == SCEP_OPERATION_GETCACERT ) ? \
"" : " chain",
( operationType == SCEP_OPERATION_GETCACERT ) ? \
"GetCACert" : "GetCACertChain" ) );
}
sessionInfoPtr->receiveBufEnd = msgData.length;
if( operationType == SCEP_OPERATION_GETCACERT )
{
return( writePkiDatagram( sessionInfoPtr,
SCEP_CONTENT_TYPE_GETCACERT,
SCEP_CONTENT_TYPE_GETCACERT_LEN ) );
}
return( writePkiDatagram( sessionInfoPtr,
SCEP_CONTENT_TYPE_GETCACERTCHAIN,
SCEP_CONTENT_TYPE_GETCACERTCHAIN_LEN ) );
}
int initKeymgmtACL( INOUT KERNEL_DATA *krnlDataPtr )
{
int i;
assert( isWritePtr( krnlDataPtr, sizeof( KERNEL_DATA ) ) );
/* If we're running a fuzzing build, skip the lengthy self-checks */
#ifdef CONFIG_FUZZ
krnlData = krnlDataPtr;
return( CRYPT_OK );
#endif /* CONFIG_FUZZ */
/* Perform a consistency check on the key management ACLs */
for( i = 0; keyManagementACL[ i ].itemType != KEYMGMT_ITEM_NONE && \
i < FAILSAFE_ARRAYSIZE( keyManagementACL, KEYMGMT_ACL );
i++ )
{
const KEYMGMT_ACL *keyMgmtACL = &keyManagementACL[ i ];
int j;
if( keyMgmtACL->keysetR_subTypeA != ST_NONE || \
( keyMgmtACL->keysetR_subTypeB & ( SUBTYPE_CLASS_A | \
SUBTYPE_CLASS_C ) ) || \
( keyMgmtACL->keysetR_subTypeB & \
~( SUBTYPE_CLASS_B | ST_KEYSET_ANY | ST_DEV_P11 | \
ST_DEV_CAPI | ST_DEV_HW ) ) != 0 || \
keyMgmtACL->keysetR_subTypeC != ST_NONE )
{
DEBUG_DIAG(( "Key management ACLs inconsistent" ));
retIntError();
}
if( keyMgmtACL->keysetR_subTypeA != ST_NONE || \
( keyMgmtACL->keysetW_subTypeB & ( SUBTYPE_CLASS_A | \
SUBTYPE_CLASS_C ) ) || \
( keyMgmtACL->keysetW_subTypeB & \
~( SUBTYPE_CLASS_B | ST_KEYSET_ANY | ST_DEV_P11 | \
ST_DEV_CAPI | ST_DEV_HW ) ) != 0 || \
keyMgmtACL->keysetW_subTypeC != ST_NONE )
{
DEBUG_DIAG(( "Key management ACLs inconsistent" ));
retIntError();
}
if( keyMgmtACL->keysetR_subTypeA != ST_NONE || \
( keyMgmtACL->keysetD_subTypeB & ( SUBTYPE_CLASS_A | \
SUBTYPE_CLASS_C ) ) || \
( keyMgmtACL->keysetD_subTypeB & \
~( SUBTYPE_CLASS_B | ST_KEYSET_ANY | ST_DEV_P11 | \
ST_DEV_CAPI | ST_DEV_HW ) ) != 0 || \
keyMgmtACL->keysetD_subTypeC != ST_NONE )
{
DEBUG_DIAG(( "Key management ACLs inconsistent" ));
retIntError();
}
if( keyMgmtACL->keysetR_subTypeA != ST_NONE || \
( keyMgmtACL->keysetFN_subTypeB & ( SUBTYPE_CLASS_A | \
SUBTYPE_CLASS_C ) ) || \
( keyMgmtACL->keysetFN_subTypeB & \
~( SUBTYPE_CLASS_B | ST_KEYSET_ANY | ST_DEV_P11 | \
ST_DEV_CAPI | ST_DEV_HW ) ) != 0 || \
keyMgmtACL->keysetFN_subTypeC != ST_NONE )
{
DEBUG_DIAG(( "Key management ACLs inconsistent" ));
retIntError();
}
if( keyMgmtACL->keysetR_subTypeA != ST_NONE || \
( keyMgmtACL->keysetQ_subTypeB & ( SUBTYPE_CLASS_A | \
SUBTYPE_CLASS_C ) ) || \
( keyMgmtACL->keysetQ_subTypeB & \
~( SUBTYPE_CLASS_B | ST_KEYSET_ANY ) ) != 0 || \
keyMgmtACL->keysetQ_subTypeC != ST_NONE )
{
DEBUG_DIAG(( "Key management ACLs inconsistent" ));
retIntError();
}
if( ( keyMgmtACL->objSubTypeA & ( SUBTYPE_CLASS_B | \
SUBTYPE_CLASS_C ) ) || \
( keyMgmtACL->objSubTypeA & \
~( SUBTYPE_CLASS_A | ST_CERT_ANY | ST_CTX_PKC | \
ST_CTX_CONV ) ) != 0 || \
keyMgmtACL->objSubTypeB != ST_NONE || \
keyMgmtACL->objSubTypeC != ST_NONE )
{
DEBUG_DIAG(( "Key management ACLs inconsistent" ));
retIntError();
}
ENSURES( keyMgmtACL->allowedKeyIDs != NULL );
for( j = 0; keyMgmtACL->allowedKeyIDs[ j ] != CRYPT_KEYID_NONE && \
j < FAILSAFE_ITERATIONS_SMALL; j++ )
{
ENSURES( keyMgmtACL->allowedKeyIDs[ j ] > CRYPT_KEYID_NONE && \
keyMgmtACL->allowedKeyIDs[ j ] < CRYPT_KEYID_LAST );
}
ENSURES( j < FAILSAFE_ITERATIONS_SMALL );
ENSURES( keyMgmtACL->allowedFlags >= KEYMGMT_FLAG_NONE && \
keyMgmtACL->allowedFlags < KEYMGMT_FLAG_MAX );
if( keyMgmtACL->specificKeysetSubTypeA != ST_NONE || \
( keyMgmtACL->specificKeysetSubTypeB & ( SUBTYPE_CLASS_A | \
SUBTYPE_CLASS_C ) ) || \
( keyMgmtACL->specificKeysetSubTypeB & \
~( SUBTYPE_CLASS_B | ST_KEYSET_ANY | ST_DEV_P11 | \
ST_DEV_CAPI ) ) != 0 || \
keyMgmtACL->specificKeysetSubTypeC != ST_NONE )
{
DEBUG_DIAG(( "Key management ACLs inconsistent" ));
retIntError();
}
if( ( keyMgmtACL->specificObjSubTypeA & ( SUBTYPE_CLASS_B | \
SUBTYPE_CLASS_C ) ) || \
( keyMgmtACL->specificObjSubTypeA & \
~( SUBTYPE_CLASS_A | ST_CERT_ANY ) ) != 0 || \
keyMgmtACL->specificObjSubTypeB != ST_NONE || \
keyMgmtACL->specificObjSubTypeC != ST_NONE )
{
DEBUG_DIAG(( "Key management ACLs inconsistent" ));
retIntError();
}
}
ENSURES( i < FAILSAFE_ARRAYSIZE( keyManagementACL, KEYMGMT_ACL ) );
/* Perform a consistency check on the supplementary ID ACLs */
for( i = 0; idTypeACL[ i ].idType != CRYPT_KEYID_NONE && \
i < FAILSAFE_ARRAYSIZE( idTypeACL, IDTYPE_ACL );
i++ )
{
const IDTYPE_ACL *idACL = &idTypeACL[ i ];
ENSURES( idACL->idType > CRYPT_KEYID_NONE && \
idACL->idType < CRYPT_KEYID_LAST );
if( ( idACL->keysetSubTypeB & \
~( SUBTYPE_CLASS_B | ST_KEYSET_ANY | ST_DEV_P11 | \
ST_DEV_CAPI | ST_DEV_HW ) ) != 0 )
{
DEBUG_DIAG(( "Key management supplementary ACLs inconsistent" ));
retIntError();
}
}
ENSURES( i < FAILSAFE_ARRAYSIZE( idTypeACL, IDTYPE_ACL ) );
/* Set up the reference to the kernel data block */
krnlData = krnlDataPtr;
return( CRYPT_OK );
}
static int processAdditionalScepRequest( INOUT SESSION_INFO *sessionInfoPtr,
const HTTP_URI_INFO *httpReqInfo )
{
HTTP_URI_INFO rewrittenHttpReqInfo;
MESSAGE_DATA msgData;
int operationType, status;
assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );
assert( isReadPtr( httpReqInfo, sizeof( HTTP_URI_INFO ) ) );
/* If the client has fed us an HTTP GET request, find out what they
want. SCEP's handling of HTTP requests is a bit different from the
"attribute '=' value" lookup that's normally used for HTTP data
retrieval. Instead, it uses the format
"'operation =' value '&' extraData", with the search key buried in
the 'extraData' value. In addition the content of the 'extraData'
value isn't defined outside of "any string which is understood by the
CA". However since 'value' defines what we want, we can determine
what to return based on this and ignore the 'extraData' portion.
In order to fix up the query information into a format that works
with standard HTTP queries, we rewrite the query data from the
"'operation =' value '&' extraData" form into "attribute '=' value"
before we process the query */
memset( &rewrittenHttpReqInfo, 0, sizeof( HTTP_URI_INFO ) );
memcpy( rewrittenHttpReqInfo.attribute, httpReqInfo->value,
httpReqInfo->valueLen );
rewrittenHttpReqInfo.attributeLen = httpReqInfo->valueLen;
if( httpReqInfo->extraDataLen > 0 )
{
memcpy( rewrittenHttpReqInfo.value, httpReqInfo->extraData,
httpReqInfo->extraDataLen );
rewrittenHttpReqInfo.valueLen = httpReqInfo->extraDataLen;
}
status = processCertQuery( sessionInfoPtr, &rewrittenHttpReqInfo,
certstoreReadInfo,
FAILSAFE_ARRAYSIZE( certstoreReadInfo, \
CERTSTORE_READ_INFO ),
&operationType, NULL, 0, NULL );
if( cryptStatusError( status ) )
{
sendCertErrorResponse( sessionInfoPtr, status );
return( status );
}
ENSURES( operationType == SCEP_OPERATION_GETCACAPS || \
operationType == SCEP_OPERATION_GETCACERT || \
operationType == SCEP_OPERATION_GETCACERTCHAIN );
/* If it's a CA capabilities query, return the information as raw text
over HTTP */
if( operationType == SCEP_OPERATION_GETCACAPS )
{
STREAM stream;
sMemOpen( &stream, sessionInfoPtr->receiveBuffer, 1024 );
swrite( &stream, "POSTPKIOperation\n", 17 );
#if 0 /* 14/6/14 Too risky to implement given its current state in the
spec, see the discussion on the JSCEP mailing list for
details */
status = swrite( &stream, "Renewal\n", 8 );
#endif /* 0 */
if( algoAvailable( CRYPT_ALGO_SHA1 ) )
status = swrite( &stream, "SHA-1\n", 6 );
if( algoAvailable( CRYPT_ALGO_SHA2 ) )
status = swrite( &stream, "SHA-256\n", 8 );
if( algoAvailable( CRYPT_ALGO_SHAng ) )
status = swrite( &stream, "SHAng\n", 6 );
if( algoAvailable( CRYPT_ALGO_3DES ) )
status = swrite( &stream, "DES3\n", 5 );
if( algoAvailable( CRYPT_ALGO_AES ) )
status = swrite( &stream, "AES\n", 4 );
if( cryptStatusOK( status ) )
sessionInfoPtr->receiveBufEnd = stell( &stream );
sMemDisconnect( &stream );
ENSURES( cryptStatusOK( status ) );
return( writePkiDatagram( sessionInfoPtr, SCEP_CONTENT_TYPE,
SCEP_CONTENT_TYPE_LEN ) );
}
CHECK_RETVAL_BOOL \
BOOLEAN isGeneralNameSelectionComponent( IN_ATTRIBUTE \
const CRYPT_ATTRIBUTE_TYPE certInfoType )
{
static const CRYPT_ATTRIBUTE_TYPE certGeneralNameTbl[] = {
CRYPT_CERTINFO_AUTHORITYINFO_RTCS,
CRYPT_CERTINFO_AUTHORITYINFO_OCSP,
CRYPT_CERTINFO_AUTHORITYINFO_CAISSUERS,
CRYPT_CERTINFO_AUTHORITYINFO_CERTSTORE,
CRYPT_CERTINFO_AUTHORITYINFO_CRLS,
CRYPT_CERTINFO_QCSTATEMENT_REGISTRATIONAUTHORITY,
CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING,
CRYPT_CERTINFO_SUBJECTINFO_CAREPOSITORY,
CRYPT_CERTINFO_SUBJECTINFO_SIGNEDOBJECTREPOSITORY,
CRYPT_CERTINFO_SUBJECTINFO_RPKIMANIFEST,
CRYPT_CERTINFO_SUBJECTINFO_SIGNEDOBJECT,
CRYPT_CERTINFO_SIGG_PROCURE_SIGNINGFOR,
CRYPT_CERTINFO_SIGG_ADMISSIONS_AUTHORITY,
CRYPT_CERTINFO_SUBJECTALTNAME,
CRYPT_CERTINFO_ISSUERALTNAME,
CRYPT_CERTINFO_ISSUINGDIST_FULLNAME,
CRYPT_CERTINFO_CERTIFICATEISSUER,
CRYPT_CERTINFO_PERMITTEDSUBTREES,
CRYPT_CERTINFO_EXCLUDEDSUBTREES,
CRYPT_CERTINFO_CRLDIST_FULLNAME,
CRYPT_CERTINFO_CRLDIST_CRLISSUER,
CRYPT_CERTINFO_AUTHORITY_CERTISSUER,
CRYPT_CERTINFO_FRESHESTCRL_FULLNAME,
CRYPT_CERTINFO_FRESHESTCRL_CRLISSUER,
CRYPT_CERTINFO_DELTAINFO_LOCATION,
CRYPT_CERTINFO_TOBEREVOKED_CERTISSUER,
CRYPT_CERTINFO_REVOKEDGROUPS_CERTISSUER,
CRYPT_CERTINFO_AAISSUINGDIST_FULLNAME,
CRYPT_ATTRIBUTE_NONE, CRYPT_ATTRIBUTE_NONE
};
static const CRYPT_ATTRIBUTE_TYPE cmsGeneralNameTbl[] = {
CRYPT_CERTINFO_CMS_RECEIPT_TO,
CRYPT_CERTINFO_CMS_MLEXP_INSTEADOF,
CRYPT_CERTINFO_CMS_MLEXP_INADDITIONTO,
CRYPT_ATTRIBUTE_NONE, CRYPT_ATTRIBUTE_NONE
};
const CRYPT_ATTRIBUTE_TYPE *generalNameTbl;
int generalNameTblSize, i;
REQUIRES_B( isAttribute( certInfoType ) || \
isInternalAttribute( certInfoType ) );
/* Determine which type of attribute we're dealing with */
if( certInfoType >= CRYPT_CERTINFO_FIRST_EXTENSION && \
certInfoType <= CRYPT_CERTINFO_LAST_EXTENSION )
{
generalNameTbl = certGeneralNameTbl;
generalNameTblSize = FAILSAFE_ARRAYSIZE( certGeneralNameTbl, \
CRYPT_ATTRIBUTE_TYPE );
}
else
{
if( certInfoType >= CRYPT_CERTINFO_FIRST_CMS && \
certInfoType <= CRYPT_CERTINFO_LAST_CMS )
{
generalNameTbl = cmsGeneralNameTbl;
generalNameTblSize = FAILSAFE_ARRAYSIZE( cmsGeneralNameTbl, \
CRYPT_ATTRIBUTE_TYPE );
}
else
{
/* It's neither a certificate nor a CMS attribute extension, it
can't be a GeneralName */
return( FALSE );
}
}
/* Check for membership in the GeneralName set. In theory we could
divide this further via binary search but we're really reaching the
law of diminishing returns here */
for( i = 0; i < generalNameTblSize && \
generalNameTbl[ i ] != CRYPT_ATTRIBUTE_NONE; i++ )
{
if( generalNameTbl[ i ] == certInfoType )
return( TRUE );
}
ENSURES_B( i < generalNameTblSize );
return( FALSE );
}
BOOLEAN checkAttributesConsistent( INOUT SESSION_INFO *sessionInfoPtr,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute )
{
static const MAP_TABLE excludedAttrTbl[] = {
{ CRYPT_SESSINFO_REQUEST,
CHECK_ATTR_REQUEST | CHECK_ATTR_PRIVKEY | CHECK_ATTR_PRIVKEYSET },
{ CRYPT_SESSINFO_PRIVATEKEY,
CHECK_ATTR_PRIVKEY | CHECK_ATTR_PRIVKEYSET },
{ CRYPT_SESSINFO_CACERTIFICATE,
CHECK_ATTR_CACERT | CHECK_ATTR_FINGERPRINT },
{ CRYPT_SESSINFO_SERVER_FINGERPRINT_SHA1,
CHECK_ATTR_FINGERPRINT | CHECK_ATTR_CACERT },
{ CRYPT_ERROR, 0 }, { CRYPT_ERROR, 0 }
};
int flags = 0, status;
assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );
REQUIRES_B( attribute == CRYPT_SESSINFO_REQUEST || \
attribute == CRYPT_SESSINFO_PRIVATEKEY || \
attribute == CRYPT_SESSINFO_CACERTIFICATE || \
attribute == CRYPT_SESSINFO_SERVER_FINGERPRINT_SHA1 );
/* Find the excluded-attribute information for this attribute */
status = mapValue( attribute, &flags, excludedAttrTbl,
FAILSAFE_ARRAYSIZE( excludedAttrTbl, MAP_TABLE ) );
ENSURES( cryptStatusOK( status ) );
/* Make sure that none of the excluded attributes are present */
if( ( flags & CHECK_ATTR_REQUEST ) && \
sessionInfoPtr->iCertRequest != CRYPT_ERROR )
{
setErrorInfo( sessionInfoPtr, CRYPT_SESSINFO_REQUEST,
CRYPT_ERRTYPE_ATTR_PRESENT );
return( FALSE );
}
if( ( flags & CHECK_ATTR_PRIVKEYSET ) && \
sessionInfoPtr->privKeyset != CRYPT_ERROR )
{
setErrorInfo( sessionInfoPtr, CRYPT_SESSINFO_CMP_PRIVKEYSET,
CRYPT_ERRTYPE_ATTR_PRESENT );
return( FALSE );
}
if( ( flags & CHECK_ATTR_CACERT ) && \
sessionInfoPtr->iAuthInContext != CRYPT_ERROR )
{
setErrorInfo( sessionInfoPtr, CRYPT_SESSINFO_CACERTIFICATE,
CRYPT_ERRTYPE_ATTR_PRESENT );
return( FALSE );
}
if( ( flags & CHECK_ATTR_FINGERPRINT ) && \
findSessionInfo( sessionInfoPtr->attributeList,
CRYPT_SESSINFO_SERVER_FINGERPRINT_SHA1 ) != NULL )
{
setErrorInfo( sessionInfoPtr, CRYPT_SESSINFO_SERVER_FINGERPRINT_SHA1,
CRYPT_ERRTYPE_ATTR_PRESENT );
return( FALSE );
}
return( TRUE );
}
option. (GCM with ECC is a variant of this, this is even more
of a fashion statement and really only makes sense with ECC).
DH suites unless PREFER_RSA_TO_DH is defined, since these provide
PFS, are secure against factoring attacks, and in many cases
are the same as RSA when employed in anon-DH-equivalent mode.
RSA suites with strong ciphers.
Misc RSA suites with also-ran ciphers.
Canary used to detect broken older version of MSIE */
typedef struct {
const CIPHERSUITE_INFO *cipherSuites;
const int cipherSuiteCount;
} CIPHERSUITES_LIST;
static const CIPHERSUITES_LIST cipherSuitesList[] = {
{ cipherSuitePSK, FAILSAFE_ARRAYSIZE( cipherSuitePSK, CIPHERSUITE_INFO ) },
#if defined( PREFER_ECC ) && defined( USE_ECDH ) && defined( USE_ECDSA )
#ifdef USE_GCM
{ cipherSuiteGCM, FAILSAFE_ARRAYSIZE( cipherSuiteGCM, CIPHERSUITE_INFO ) },
#endif /* USE_GCM */
{ cipherSuiteECC, FAILSAFE_ARRAYSIZE( cipherSuiteECC, CIPHERSUITE_INFO ) },
#endif /* PREFER_ECC && USE_ECDH && USE_ECDSA */
#ifdef PREFER_RSA_TO_DH
{ cipherSuiteRSA, FAILSAFE_ARRAYSIZE( cipherSuiteRSA, CIPHERSUITE_INFO ) },
{ cipherSuiteDH, FAILSAFE_ARRAYSIZE( cipherSuiteDH, CIPHERSUITE_INFO ) },
#else
{ cipherSuiteDH, FAILSAFE_ARRAYSIZE( cipherSuiteDH, CIPHERSUITE_INFO ) },
{ cipherSuiteRSA, FAILSAFE_ARRAYSIZE( cipherSuiteRSA, CIPHERSUITE_INFO ) },
#endif /* PREFER_RSA_TO_DH */
#if !defined( PREFER_ECC ) && defined( USE_ECDH ) && defined( USE_ECDSA )
#ifdef USE_GCM
static int processCertWrapper( INOUT STREAM *stream,
OUT_LENGTH_SHORT_Z int *objectOffset,
OUT_DATALENGTH_Z int *objectLength,
IN_DATALENGTH_Z const int objectStartPos )
{
static const CMS_CONTENT_INFO FAR_BSS oidInfoSignedData = { 1, 3 };
static const OID_INFO FAR_BSS signedDataOIDinfo[] = {
{ OID_CMS_SIGNEDDATA, CRYPT_OK, &oidInfoSignedData },
{ NULL, 0 }, { NULL, 0 }
};
static const OID_INFO FAR_BSS dataOIDinfo[] = {
{ OID_CMS_DATA, CRYPT_OK, NULL },
{ NULL, 0 }, { NULL, 0 }
};
long length;
int setLength, localLength, offset DUMMY_INIT, status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( objectOffset, sizeof( int ) ) );
assert( isWritePtr( objectLength, sizeof( int ) ) );
REQUIRES( objectStartPos >= 0 && objectStartPos < MAX_BUFFER_SIZE );
/* Clear return values */
*objectOffset = *objectLength = 0;
/* Read the SignedData wrapper */
sseek( stream, objectStartPos );
status = readCMSheader( stream, signedDataOIDinfo,
FAILSAFE_ARRAYSIZE( signedDataOIDinfo, OID_INFO ),
&length, READCMS_FLAG_NONE );
if( cryptStatusError( status ) )
return( status );
/* Read the SET OF DigestAlgorithmIdentifier, empty for a pure
certificate chain, nonempty for signed data or buggy certificate
chains */
status = readSet( stream, &setLength );
if( cryptStatusOK( status ) && setLength > 0 )
status = sSkip( stream, setLength, MAX_INTLENGTH_SHORT );
if( cryptStatusError( status ) )
return( status );
/* Read the ContentInfo information */
status = readCMSheader( stream, dataOIDinfo,
FAILSAFE_ARRAYSIZE( dataOIDinfo, OID_INFO ),
&length, READCMS_FLAG_INNERHEADER );
if( cryptStatusError( status ) )
return( status );
/* If we've been fed signed data (i.e. the ContentInfo has the content
field present), skip the content to get to the certificate chain */
if( length > 0 )
{
status = sSkip( stream, length, MAX_INTLENGTH_SHORT );
if( cryptStatusError( status ) )
return( status );
}
else
{
/* If we have an indefinite length then there could be up to three
EOCs present (one for each of the SEQUENCE, [0], and OCTET
STRING), which we have to skip. In theory there could be content
present as well but at that point we're going to be replicating
large chunks of the de-enveloping code so we only try and process
zero-length content, created by some buggy browser's cert-export
code (possibly Firefox) */
if( length == CRYPT_UNUSED )
{
int i;
for( i = 0; i < 3; i++ )
{
status = checkEOC( stream );
if( cryptStatusError( status ) )
return( status );
if( !status )
break;
}
}
}
/* We've reached the inner content encapsulation, find out how long the
content (i.e. the chain of certificates) is */
status = getStreamObjectLength( stream, &localLength );
if( cryptStatusOK( status ) )
{
offset = stell( stream );
status = readConstructedI( stream, NULL, 0 );
}
if( cryptStatusError( status ) )
return( status );
/* Adjust for the [0] { ... } wrapper that contains the list of
certificate, returning a pointer to the collection of certificates
without any encapsulation */
localLength -= stell( stream ) - offset;
if( localLength < MIN_CERTSIZE || localLength >= MAX_INTLENGTH )
return( CRYPT_ERROR_BADDATA );
*objectOffset = stell( stream );
*objectLength = localLength;
return( CRYPT_OK );
}
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( objectOffset, sizeof( int ) ) );
assert( isWritePtr( objectLength, sizeof( int ) ) );
assert( isWritePtr( objectType, sizeof( CRYPT_CERTTYPE_TYPE ) ) );
REQUIRES( formatHint >= CRYPT_CERTTYPE_NONE && \
formatHint < CRYPT_CERTTYPE_LAST );
/* Clear return values */
*objectOffset = *objectLength = 0;
*objectType = CRYPT_CERTTYPE_NONE;
/* Figure out how much data we need to have for a minimum-length
object */
status = mapValue( formatHint, &minLength, minLengthMapTable,
FAILSAFE_ARRAYSIZE( minLengthMapTable, MAP_TABLE ) );
ENSURES( cryptStatusOK( status ) );
/* If it's an SSL certificate chain then there's no recognisable
tagging, however the caller will have told us what it is */
if( formatHint == CRYPT_ICERTTYPE_SSL_CERTCHAIN )
{
*objectLength = sMemDataLeft( stream );
*objectType = CRYPT_ICERTTYPE_SSL_CERTCHAIN;
return( CRYPT_OK );
}
/* Check whether we need to process the object wrapper using context-
specific tagging rather than the usual SEQUENCE */
status = tag = peekTag( stream );
if( cryptStatusError( status ) )
static CAPABILITY_INFO *getCapability( const DEVICE_INFO *deviceInfo,
const PKCS11_MECHANISM_INFO *mechanismInfoPtr,
const int maxMechanisms )
{
VARIABLE_CAPABILITY_INFO *capabilityInfo;
CK_MECHANISM_INFO pMechanism;
CK_RV status;
const CRYPT_ALGO_TYPE cryptAlgo = mechanismInfoPtr->cryptAlgo;
const BOOLEAN isPKC = isPkcAlgo( cryptAlgo ) ? TRUE : FALSE;
const CK_FLAGS keyGenFlag = isPKC ? CKF_GENERATE_KEY_PAIR : CKF_GENERATE;
PKCS11_INFO *pkcs11Info = deviceInfo->devicePKCS11;
int hardwareOnly, i, iterationCount;
assert( isReadPtr( deviceInfo, sizeof( DEVICE_INFO ) ) );
assert( isReadPtr( mechanismInfoPtr, \
maxMechanisms * sizeof( PKCS11_MECHANISM_INFO ) ) );
/* Set up canary values for the mechanism information in case the driver
blindly reports success for every mechanism that we ask for */
memset( &pMechanism, 0, sizeof( CK_MECHANISM_INFO ) );
pMechanism.ulMinKeySize = 0xA5A5;
pMechanism.ulMaxKeySize = 0x5A5A;
/* Get the information for this mechanism. Since many PKCS #11 drivers
implement some of their capabilities using God knows what sort of
software implementation, we provide the option to skip emulated
mechanisms if required */
status = C_GetMechanismInfo( pkcs11Info->slotID,
mechanismInfoPtr->mechanism,
&pMechanism );
if( status != CKR_OK )
return( NULL );
if( pMechanism.ulMinKeySize == 0xA5A5 && \
pMechanism.ulMaxKeySize == 0x5A5A )
{
/* The driver reported that this mechanism is available but didn't
update the mechanism information, it's lying */
DEBUG_DIAG(( "Driver reports that mechanism %X is available even "
"though it isn't", mechanismInfoPtr->mechanism ));
assert( DEBUG_WARN );
return( NULL );
}
status = krnlSendMessage( deviceInfo->ownerHandle, IMESSAGE_GETATTRIBUTE,
&hardwareOnly,
CRYPT_OPTION_DEVICE_PKCS11_HARDWAREONLY );
if( cryptStatusOK( status ) && hardwareOnly && \
!( pMechanism.flags & CKF_HW ) )
{
DEBUG_DIAG(( "Skipping mechanism %X, which is only available in "
"software emulation", mechanismInfoPtr->mechanism ));
return( NULL );
}
if( mechanismInfoPtr->requiredFlags != CKF_NONE )
{
/* Make sure that the driver flags indicate support for the specific
functionality that we require */
if( ( mechanismInfoPtr->requiredFlags & \
pMechanism.flags ) != mechanismInfoPtr->requiredFlags )
{
DEBUG_DIAG(( "Driver reports that mechanism %X only has "
"capabilities %lX when we require %lX",
mechanismInfoPtr->mechanism,
mechanismInfoPtr->requiredFlags & pMechanism.flags,
mechanismInfoPtr->requiredFlags ));
//////////////////////////////////
// Kludge to allow it to be used
//////////////////////////////////
// assert( DEBUG_WARN );
// return( NULL );
}
}
/* Copy across the template for this capability */
if( ( capabilityInfo = clAlloc( "getCapability", \
sizeof( CAPABILITY_INFO ) ) ) == NULL )
return( NULL );
for( i = 0; capabilityTemplates[ i ].cryptAlgo != cryptAlgo && \
capabilityTemplates[ i ].cryptAlgo != CRYPT_ERROR && \
i < FAILSAFE_ARRAYSIZE( capabilityTemplates, CAPABILITY_INFO );
i++ );
ENSURES_N( i < FAILSAFE_ARRAYSIZE( capabilityTemplates, CAPABILITY_INFO ) );
ENSURES_N( capabilityTemplates[ i ].cryptAlgo != CRYPT_ERROR );
memcpy( capabilityInfo, &capabilityTemplates[ i ],
sizeof( CAPABILITY_INFO ) );
/* Set up the keysize information if there's anything useful available */
if( keysizeValid( cryptAlgo ) )
{
int minKeySize = ( int ) pMechanism.ulMinKeySize;
int maxKeySize = ( int ) pMechanism.ulMaxKeySize;
/* Adjust the key size to bytes and make sure that all values are
consistent. Some implementations report silly bounds (e.g. 1-bit
RSA, "You naughty minKey" or alternatively 4Gbit RSA) so we
adjust them to a sane value if necessary. We also limit the
maximum key size to match the cryptlib native maximum key size,
both for consistency and because cryptlib performs buffer
allocation based on the maximum native buffer size */
if( pMechanism.ulMinKeySize < 0 || \
pMechanism.ulMinKeySize >= 10000L )
{
DEBUG_DIAG(( "Driver reports invalid minimum key size %lu for "
"%s algorithm", pMechanism.ulMinKeySize,
capabilityInfo->algoName ));
assert( DEBUG_WARN );
minKeySize = 0;
}
if( pMechanism.ulMaxKeySize < 0 || \
pMechanism.ulMaxKeySize >= 100000L )
{
DEBUG_DIAG(( "Driver reports invalid maximum key size %lu for "
"%s algorithm", pMechanism.ulMaxKeySize,
capabilityInfo->algoName ));
assert( DEBUG_WARN );
maxKeySize = 0;
}
if( !keysizeInBytes( cryptAlgo ) )
{
minKeySize = bitsToBytes( minKeySize );
maxKeySize = bitsToBytes( maxKeySize );
}
if( minKeySize > capabilityInfo->minKeySize )
capabilityInfo->minKeySize = minKeySize;
if( capabilityInfo->keySize < capabilityInfo->minKeySize )
capabilityInfo->keySize = capabilityInfo->minKeySize;
capabilityInfo->maxKeySize = min( maxKeySize,
capabilityInfo->maxKeySize );
if( capabilityInfo->maxKeySize < capabilityInfo->minKeySize )
{
/* Serious braindamage in the driver, we'll just have to make
a sensible guess */
DEBUG_DIAG(( "Driver reports maximum key size %d < minimum key "
"size %d for %s algorithm",
capabilityInfo->maxKeySize,
capabilityInfo->minKeySize,
capabilityInfo->algoName ));
assert( DEBUG_WARN );
if( isPKC )
{
capabilityInfo->maxKeySize = \
max( capabilityInfo->minKeySize, bitsToBytes( 2048 ) );
}
else
capabilityInfo->maxKeySize = 16;
}
if( capabilityInfo->keySize > capabilityInfo->maxKeySize )
capabilityInfo->keySize = capabilityInfo->maxKeySize;
capabilityInfo->endFunction = genericEndFunction;
}
/* Set up the device-specific handlers */
capabilityInfo->selfTestFunction = selfTestFunction;
capabilityInfo->getInfoFunction = getDefaultInfo;
if( !isPKC )
capabilityInfo->initParamsFunction = initGenericParams;
capabilityInfo->endFunction = mechanismInfoPtr->endFunction;
capabilityInfo->initKeyFunction = mechanismInfoPtr->initKeyFunction;
if( pMechanism.flags & keyGenFlag )
capabilityInfo->generateKeyFunction = \
mechanismInfoPtr->generateKeyFunction;
if( pMechanism.flags & CKF_SIGN )
{
/* cryptlib treats hashing as an encrypt/decrypt operation while
PKCS #11 treats it as a sign/verify operation, so we have to
juggle the function pointers based on the underlying algorithm
type */
if( isPKC )
capabilityInfo->signFunction = mechanismInfoPtr->signFunction;
else
capabilityInfo->encryptFunction = mechanismInfoPtr->encryptFunction;
}
if( pMechanism.flags & CKF_VERIFY )
{
/* See comment above */
if( isPKC )
capabilityInfo->sigCheckFunction = mechanismInfoPtr->sigCheckFunction;
else
capabilityInfo->decryptFunction = mechanismInfoPtr->decryptFunction;
}
if( pMechanism.flags & CKF_ENCRYPT )
{
/* Not all devices implement all modes, so we have to be careful to
set up the pointer for the exact mode that's supported */
switch( mechanismInfoPtr->cryptMode )
{
case CRYPT_MODE_CBC:
capabilityInfo->encryptCBCFunction = mechanismInfoPtr->encryptFunction;
break;
case CRYPT_MODE_CFB:
capabilityInfo->encryptCFBFunction = mechanismInfoPtr->encryptFunction;
break;
case CRYPT_MODE_GCM:
capabilityInfo->encryptGCMFunction = mechanismInfoPtr->encryptFunction;
break;
default: /* ECB or a PKC */
capabilityInfo->encryptFunction = mechanismInfoPtr->encryptFunction;
break;
}
}
if( pMechanism.flags & CKF_DECRYPT )
{
/* Not all devices implement all modes, so we have to be careful to
set up the pointer for the exact mode that's supported */
switch( mechanismInfoPtr->cryptMode )
{
case CRYPT_MODE_CBC:
capabilityInfo->decryptCBCFunction = mechanismInfoPtr->decryptFunction;
break;
case CRYPT_MODE_CFB:
capabilityInfo->decryptCFBFunction = mechanismInfoPtr->decryptFunction;
break;
case CRYPT_MODE_GCM:
capabilityInfo->decryptGCMFunction = mechanismInfoPtr->decryptFunction;
break;
default: /* ECB or a PKC */
capabilityInfo->decryptFunction = mechanismInfoPtr->decryptFunction;
break;
}
}
if( cryptAlgo == CRYPT_ALGO_DH && pMechanism.flags & CKF_DERIVE )
{
/* DH is a special-case that doesn't really have an encrypt function
and where "decryption" is actually a derivation */
capabilityInfo->encryptFunction = mechanismInfoPtr->encryptFunction;
capabilityInfo->decryptFunction = mechanismInfoPtr->decryptFunction;
}
/* Keygen capabilities are generally present as separate mechanisms,
sometimes CKF_GENERATE/CKF_GENERATE_KEY_PAIR is set for the main
mechanism and sometimes it's set for the separate one so if it isn't
present in the main one we check the alternative one */
if( !( pMechanism.flags & keyGenFlag ) && \
( mechanismInfoPtr->keygenMechanism != CKM_NONE ) )
{
status = C_GetMechanismInfo( pkcs11Info->slotID,
mechanismInfoPtr->keygenMechanism,
&pMechanism );
if( status == CKR_OK && ( pMechanism.flags & keyGenFlag ) && \
( !hardwareOnly || ( pMechanism.flags & CKF_HW ) ) )
{
/* Some tinkertoy tokens don't implement key generation in
hardware but instead do it on the host PC (!!!) and load the
key into the token afterwards, so we have to perform another
check here to make sure that they're doing things right */
capabilityInfo->generateKeyFunction = \
mechanismInfoPtr->generateKeyFunction;
}
}
/* Record mechanism-specific parameters if required */
if( isConvAlgo( cryptAlgo ) || isMacAlgo( cryptAlgo ) )
{
capabilityInfo->paramKeyType = mechanismInfoPtr->keyType;
capabilityInfo->paramKeyGen = mechanismInfoPtr->keygenMechanism;
capabilityInfo->paramDefaultMech = mechanismInfoPtr->defaultMechanism;
}
/* Some drivers report bizarre combinations of capabilities like (for
RSA) sign, verify, and decrypt but not encrypt, which will fail later
sanity checks. If we run into one of these we force the capabilities
to be consistent by disabling any for which only partial capabilities
are supported */
if( isPkcAlgo( cryptAlgo ) )
{
if( capabilityInfo->decryptFunction != NULL && \
capabilityInfo->encryptFunction == NULL )
{
DEBUG_DIAG(( "Driver reports decryption but not encryption "
"capability for %s algorithm, disabling "
"encryption", capabilityInfo->algoName ));
capabilityInfo->decryptFunction = NULL;
}
if( capabilityInfo->signFunction != NULL && \
capabilityInfo->sigCheckFunction == NULL )
{
DEBUG_DIAG(( "Driver reports signature-generation but not "
"signature-verification capability for %s "
"algorithm, disabling signing",
capabilityInfo->algoName ));
//////////////////////////////////
// Kludge to allow it to be used
//////////////////////////////////
if( cryptAlgo == CRYPT_ALGO_ECDSA )
capabilityInfo->sigCheckFunction = capabilityInfo->signFunction;
else
capabilityInfo->signFunction = NULL;
}
/* If we've now disabled all capabilities, we can't use this
algorithm */
if( capabilityInfo->decryptFunction == NULL && \
capabilityInfo->signFunction == NULL )
{
DEBUG_DIAG(( "Use of algorithm %s disabled since no consistent "
"set of capabilities is available",
capabilityInfo->algoName ));
clFree( "getCapability", capabilityInfo );
assert( DEBUG_WARN );
return( NULL );
}
}
/* If it's not a conventional encryption algo, we're done */
if( !isConvAlgo( cryptAlgo ) )
return( ( CAPABILITY_INFO * ) capabilityInfo );
/* PKCS #11 handles encryption modes by defining a separate mechanism for
each one. In order to enumerate all the modes available for a
particular algorithm we check for each mechanism in turn and set up
the appropriate function pointers if it's available */
for( mechanismInfoPtr++, iterationCount = 0;
mechanismInfoPtr->cryptAlgo == cryptAlgo && \
iterationCount < maxMechanisms;
mechanismInfoPtr++, iterationCount++ )
{
/* There's a different form of the existing mechanism available,
check whether the driver implements it */
status = C_GetMechanismInfo( pkcs11Info->slotID,
mechanismInfoPtr->mechanism,
&pMechanism );
if( status != CKR_OK )
continue;
/* Set up the pointer for the appropriate encryption mode */
switch( mechanismInfoPtr->cryptMode )
{
case CRYPT_MODE_CBC:
if( pMechanism.flags & CKF_ENCRYPT )
capabilityInfo->encryptCBCFunction = \
mechanismInfoPtr->encryptFunction;
if( pMechanism.flags & CKF_DECRYPT )
capabilityInfo->decryptCBCFunction = \
mechanismInfoPtr->decryptFunction;
break;
case CRYPT_MODE_CFB:
if( pMechanism.flags & CKF_ENCRYPT )
capabilityInfo->encryptCFBFunction = \
mechanismInfoPtr->encryptFunction;
if( pMechanism.flags & CKF_DECRYPT )
capabilityInfo->decryptCFBFunction = \
mechanismInfoPtr->decryptFunction;
break;
case CRYPT_MODE_GCM:
if( pMechanism.flags & CKF_ENCRYPT )
capabilityInfo->encryptGCMFunction = \
mechanismInfoPtr->encryptFunction;
if( pMechanism.flags & CKF_DECRYPT )
capabilityInfo->decryptGCMFunction = \
mechanismInfoPtr->decryptFunction;
break;
default:
retIntError_Null();
}
}
ENSURES_N( iterationCount < maxMechanisms );
return( ( CAPABILITY_INFO * ) capabilityInfo );
}
{ CTAG_PB_KUR, CRYPT_REQUESTTYPE_KEYUPDATE },
{ CTAG_PB_RR, CRYPT_REQUESTTYPE_REVOCATION },
{ CTAG_PB_GENM, CRYPT_REQUESTTYPE_PKIBOOT },
{ CRYPT_ERROR, CRYPT_ERROR }, { CRYPT_ERROR, CRYPT_ERROR }
};
CHECK_RETVAL_RANGE( CRYPT_REQUESTYPE_NONE, CRYPT_REQUESTYPE_LAST ) \
static int reqToClibReq( IN_ENUM_OPT( CTAG_PB ) const CMP_MESSAGE_TYPE reqType )
{
int value, status;
REQUIRES( reqType >= CTAG_PB_IR && reqType < CTAG_PB_LAST );
/* CTAG_PB_IR == 0 so this is the same as _NONE */
status = mapValue( reqType, &value, reqClibReqMapTbl,
FAILSAFE_ARRAYSIZE( reqClibReqMapTbl, MAP_TABLE ) );
return( cryptStatusError( status ) ? status : value );
}
/* Set up user authentication information (either a MAC context or a public
key) based on a request submitted by the client. This is done whenever
the client starts a new transaction with a new user ID or certificate
ID */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int initServerAuthentMAC( INOUT SESSION_INFO *sessionInfoPtr,
INOUT CMP_PROTOCOL_INFO *protocolInfo )
{
CMP_INFO *cmpInfo = sessionInfoPtr->sessionCMP;
MESSAGE_KEYMGMT_INFO getkeyInfo;
MESSAGE_DATA msgData;
int initCertMgmtACL( INOUT KERNEL_DATA *krnlDataPtr )
{
int i;
assert( isWritePtr( krnlDataPtr, sizeof( KERNEL_DATA ) ) );
/* Perform a consistency check on the cert management ACLs */
for( i = 0; certMgmtACLTbl[ i ].action != MECHANISM_NONE && \
i < FAILSAFE_ARRAYSIZE( certMgmtACLTbl, CERTMGMT_ACL ); i++ )
{
const CERTMGMT_ACL *certMgmtACL = &certMgmtACLTbl[ i ];
/* Actions and permissions are consistent */
ENSURES( certMgmtACL->action > CRYPT_CERTACTION_NONE && \
certMgmtACL->action < CRYPT_CERTACTION_LAST );
ENSURES( certMgmtACL->access == ACTION_PERM_NONE || \
certMgmtACL->access == ACTION_PERM_NONE_EXTERNAL || \
certMgmtACL->access == ACTION_PERM_ALL );
/* If it's a no-access ACL, all mechanisms should be blocked */
if( certMgmtACL->access == ACTION_PERM_NONE )
{
ENSURES( paramInfo( certMgmtACL, 0 ).valueType == PARAM_VALUE_NONE );
continue;
}
/* If it's an internal-only ACL, it always needs a request
parameter */
if( certMgmtACL->access == ACTION_PERM_NONE_EXTERNAL )
{
if( paramInfo( certMgmtACL, 1 ).valueType != PARAM_VALUE_OBJECT || \
( paramInfo( certMgmtACL, 1 ).subTypeA & \
~( ST_CERT_CERTREQ | ST_CERT_REQ_CERT | \
ST_CERT_REQ_REV | ST_CERT_CERT ) ) || \
paramInfo( certMgmtACL, 1 ).subTypeB != ST_NONE )
{
DEBUG_DIAG(( "Certificate management ACLs inconsistent" ));
retIntError();
}
}
/* If it requires a CA key parameter, it must be a private-key
context with the key loaded and an attached CA certificate */
if( paramInfo( certMgmtACL, 0 ).valueType == PARAM_VALUE_OBJECT )
{
ENSURES( paramInfo( certMgmtACL, 0 ).subTypeA == ST_CTX_PKC && \
paramInfo( certMgmtACL, 0 ).subTypeB == ST_NONE && \
paramInfo( certMgmtACL, 0 ).flags == ACL_FLAG_HIGH_STATE );
if( ( secParamInfo( certMgmtACL, 0 ).subTypeA & \
~( ST_CERT_CERT | ST_CERT_CERTCHAIN ) ) || \
secParamInfo( certMgmtACL, 0 ).subTypeB != ST_NONE || \
secParamInfo( certMgmtACL, 0 ).flags != ACL_FLAG_HIGH_STATE )
{
DEBUG_DIAG(( "Certificate management ACLs inconsistent" ));
retIntError();
}
continue;
}
ENSURES( paramInfo( certMgmtACL, 0 ).valueType == PARAM_VALUE_UNUSED );
}
ENSURES( i < FAILSAFE_ARRAYSIZE( certMgmtACLTbl, CERTMGMT_ACL ) );
/* Set up the reference to the kernel data block */
krnlData = krnlDataPtr;
return( CRYPT_OK );
}
{ CRYPT_REQUESTTYPE_KEYUPDATE, CTAG_PB_KUR },
{ CRYPT_REQUESTTYPE_REVOCATION, CTAG_PB_RR },
{ CRYPT_REQUESTTYPE_PKIBOOT, CTAG_PB_GENM },
{ CRYPT_ERROR, CRYPT_ERROR }, { CRYPT_ERROR, CRYPT_ERROR }
};
CHECK_RETVAL_RANGE( 0, CTAG_PB_LAST ) \
static int clibReqToReq( IN_ENUM( CRYPT_REQUESTTYPE ) const int reqType )
{
int value, status;
REQUIRES( reqType > CRYPT_REQUESTTYPE_NONE && \
reqType < CRYPT_REQUESTTYPE_LAST );
status = mapValue( reqType, &value, clibReqReqMapTbl,
FAILSAFE_ARRAYSIZE( clibReqReqMapTbl, MAP_TABLE ) );
return( cryptStatusError( status ) ? status : value );
}
/* Set up information needed to perform a client-side transaction */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
static int initClientInfo( INOUT SESSION_INFO *sessionInfoPtr,
INOUT CMP_PROTOCOL_INFO *protocolInfo )
{
CMP_INFO *cmpInfo = sessionInfoPtr->sessionCMP;
const ATTRIBUTE_LIST *userNamePtr = \
findSessionInfo( sessionInfoPtr->attributeList,
CRYPT_SESSINFO_USERNAME );
const ATTRIBUTE_LIST *passwordPtr = \
findSessionInfo( sessionInfoPtr->attributeList,
