static int getDynData( OUT DYNBUF *dynBuf, IN_HANDLE const CRYPT_HANDLE cryptHandle, IN_MESSAGE const MESSAGE_TYPE message, IN_INT const int messageParam ) { MESSAGE_DATA msgData; void *dataPtr = NULL; int status; assert( isWritePtr( dynBuf, sizeof( DYNBUF ) ) ); REQUIRES( isHandleRangeValid( cryptHandle ) ); REQUIRES( ( message == IMESSAGE_GETATTRIBUTE_S && \ ( isAttribute( messageParam ) || \ isInternalAttribute( messageParam ) ) ) || \ ( message == IMESSAGE_CRT_EXPORT && \ messageParam == CRYPT_CERTFORMAT_CERTIFICATE ) ); /* Clear return values. Note that we don't use the usual memset() to clear the value since the structure contains the storage for the fixed-size portion of the buffer appended to it, and using memset() to clear that is just unnecessary overhead */ dynBuf->data = dynBuf->dataBuffer; dynBuf->length = 0; /* Get the data from the object */ setMessageData( &msgData, NULL, 0 ); status = krnlSendMessage( cryptHandle, message, &msgData, messageParam ); if( cryptStatusError( status ) ) return( status ); if( msgData.length > DYNBUF_SIZE ) { /* The data is larger than the built-in buffer size, dynamically allocate a larger buffer */ if( ( dataPtr = clDynAlloc( "dynCreate", msgData.length ) ) == NULL ) return( CRYPT_ERROR_MEMORY ); msgData.data = dataPtr; status = krnlSendMessage( cryptHandle, message, &msgData, messageParam ); if( cryptStatusError( status ) ) { clFree( "dynCreate", dataPtr ); return( status ); } dynBuf->data = dataPtr; } else { /* The data will fit into the built-in buffer, read it directly into the buffer */ msgData.data = dynBuf->data; status = krnlSendMessage( cryptHandle, message, &msgData, messageParam ); if( cryptStatusError( status ) ) return( status ); } dynBuf->length = msgData.length; return( CRYPT_OK ); }
static void deletePubKey( INOUT PKCS15_INFO *pkcs15infoPtr ) { assert( isWritePtr( pkcs15infoPtr, sizeof( PKCS15_INFO ) ) ); zeroise( pkcs15infoPtr->pubKeyData, pkcs15infoPtr->pubKeyDataSize ); clFree( "deletePubKey", pkcs15infoPtr->pubKeyData ); pkcs15infoPtr->pubKeyData = NULL; pkcs15infoPtr->pubKeyDataSize = 0; }
VOID CLRemoveKeyserver (HWND hWndParent, HWND hWndTree) { CHAR sz0[256]; CHAR sz1[256]; CHAR sz2[256]; TL_TREEITEM tlI; HTLITEM hTParent; if (sIsThisTheOnlyWorldServer (hWndTree)) { PGPclMessageBox (hWndParent, IDS_PROPCAPTION, IDS_MUSTHAVEDEFAULTSERVER, MB_OK|MB_ICONEXCLAMATION); return; } tlI.hItem = hTSelected; tlI.mask = TLIF_TEXT | TLIF_PARAM; tlI.pszText = sz1; tlI.cchTextMax = sizeof(sz1); TreeList_GetItem (hWndTree, &tlI); hTParent = tlI.hItem; LoadString (g_hInst, IDS_DELKSPROMPT, sz0, sizeof(sz0)); wsprintf (sz2, sz0, sz1); LoadString (g_hInst, IDS_PROPCAPTION, sz1, sizeof(sz1)); if (MessageBox (hWndParent, sz2, sz1, MB_YESNO|MB_ICONEXCLAMATION) == IDYES) { // free KEYSERVERSTRUCT clFree ((VOID*)(tlI.lParam)); // delete selected item tlI.hItem = hTSelected; TreeList_DeleteItem (hWndTree, &tlI); hTSelected = NULL; iSelectedType = IDX_NONE; bSelectedRoot = FALSE; // finish up InvalidateRect (hWndTree, NULL, TRUE); EnableWindow (GetDlgItem (hWndParent, IDC_REMOVEKEYSERVER), FALSE); EnableWindow (GetDlgItem (hWndParent, IDC_EDITKEYSERVER), FALSE); EnableWindow (GetDlgItem (hWndParent, IDC_SETASROOT), FALSE); --uNumberOfServers; } else SetFocus (hWndTree); }
void pgpFreeEntry( INOUT PGP_INFO *pgpInfo ) { assert( isWritePtr( pgpInfo, sizeof( PGP_INFO ) ) ); if( pgpInfo->keyData != NULL ) { zeroise( pgpInfo->keyData, pgpInfo->keyDataLen ); clFree( "pgpFreeEntry", pgpInfo->keyData ); pgpInfo->keyData = NULL; pgpInfo->keyDataLen = 0; } zeroise( pgpInfo, sizeof( PGP_INFO ) ); }
static void freeCapabilities( DEVICE_INFO *deviceInfo ) { CAPABILITY_INFO_LIST *capabilityInfoListPtr = \ ( CAPABILITY_INFO_LIST * ) deviceInfo->capabilityInfoList; assert( isWritePtr( deviceInfo, sizeof( DEVICE_INFO ) ) ); /* If the list was empty, return now */ if( capabilityInfoListPtr == NULL ) return; deviceInfo->capabilityInfoList = NULL; while( capabilityInfoListPtr != NULL ) { CAPABILITY_INFO_LIST *listItemToFree = capabilityInfoListPtr; CAPABILITY_INFO *itemToFree = ( CAPABILITY_INFO * ) listItemToFree->info; capabilityInfoListPtr = capabilityInfoListPtr->next; zeroise( itemToFree, sizeof( CAPABILITY_INFO ) ); clFree( "freeCapabilities", itemToFree ); zeroise( listItemToFree, sizeof( CAPABILITY_INFO_LIST ) ); clFree( "freeCapabilities", listItemToFree ); } }
INT CLNewKeyserver (HWND hWndParent, HWND hWndTree) { PKEYSERVERSTRUCT pkss; pkss = (PKEYSERVERSTRUCT)clAlloc (sizeof(KEYSERVERSTRUCT)); if (!pkss) return 1; pkss->hWndTree = hWndTree; pkss->bEdit = FALSE; pkss->szServer[0] = '\0'; pkss->iPort = 0; pkss->iType = kPGPKeyServerType_LDAP; LoadString (g_hInst, IDS_UNKNOWNKEY, pkss->szUserIDAuth, sizeof(pkss->szUserIDAuth)); pkss->szDomain[0] = '\0'; pkss->bListed = TRUE; pkss->bRoot = FALSE; pkss->authAlg = kPGPPublicKeyAlgorithm_Invalid; pkss->pOrigStruct = NULL; if (!DialogBoxParam (g_hInst, MAKEINTRESOURCE(IDD_NEWSERVER), hWndParent, sEditServerDlgProc, (LPARAM)pkss)) { clFree (pkss); SetFocus (hWndTree); return 0; } sSetOneKSItem (hWndTree, pkss); InvalidateRect (hWndTree, NULL, TRUE); ++uNumberOfServers; EnableWindow (GetDlgItem (hWndParent, IDC_REMOVEKEYSERVER), FALSE); EnableWindow (GetDlgItem (hWndParent, IDC_EDITKEYSERVER), FALSE); EnableWindow (GetDlgItem (hWndParent, IDC_SETASROOT), FALSE); return 0; }
INT CLDestroyKeyserverTreeList (HWND hWndTree) { HTLITEM hTServer; TL_TREEITEM tlI; // free all KEYSERVERSTRUCT structures hTServer = TreeList_GetFirstItem (hWndTree); while (hTServer) { tlI.hItem = hTServer; tlI.mask = TLIF_NEXTHANDLE | TLIF_PARAM; TreeList_GetItem (hWndTree, &tlI); clFree ((VOID*)(tlI.lParam)); hTServer = tlI.hItem; } // close treelist SendMessage (hWndTree, WM_CLOSE, 0, 0); return 0; }
static int getCapabilities( DEVICE_INFO *deviceInfo, const PKCS11_MECHANISM_INFO *mechanismInfoPtr, const int maxMechanisms ) { CAPABILITY_INFO_LIST *capabilityInfoListTail = \ ( CAPABILITY_INFO_LIST * ) deviceInfo->capabilityInfoList; int i; assert( isWritePtr( deviceInfo, sizeof( DEVICE_INFO ) ) ); assert( isReadPtr( mechanismInfoPtr, \ maxMechanisms * sizeof( PKCS11_MECHANISM_INFO ) ) ); static_assert( sizeof( CAPABILITY_INFO ) == sizeof( VARIABLE_CAPABILITY_INFO ), "Variable capability-info-struct" ); /* Find the end of the list to add new capabilities */ if( capabilityInfoListTail != NULL ) { while( capabilityInfoListTail->next != NULL ) capabilityInfoListTail = capabilityInfoListTail->next; } /* Add capability information for each recognised mechanism type */ for( i = 0; i < maxMechanisms && \ mechanismInfoPtr[ i ].mechanism != CKM_NONE; i++ ) { CAPABILITY_INFO_LIST *newCapabilityList; CAPABILITY_INFO *newCapability; const CRYPT_ALGO_TYPE cryptAlgo = mechanismInfoPtr[ i ].cryptAlgo; /* If the assertion below triggers then the PKCS #11 driver is broken since it's returning inconsistent information such as illegal key length data, conflicting algorithm information, etc etc. This assertion is included here to detect buggy drivers early on rather than forcing users to step through the PKCS #11 glue code to find out why an operation is failing. Because some tinkertoy implementations support only the bare minimum functionality (e.g.RSA private key ops and nothing else), we allow asymmetric functionality for PKCs */ newCapability = getCapability( deviceInfo, &mechanismInfoPtr[ i ], maxMechanisms - i ); if( newCapability == NULL ) continue; REQUIRES( sanityCheckCapability( newCapability ) ); if( ( newCapabilityList = \ clAlloc( "getCapabilities", \ sizeof( CAPABILITY_INFO_LIST ) ) ) == NULL ) { clFree( "getCapabilities", newCapability ); continue; } newCapabilityList->info = newCapability; newCapabilityList->next = NULL; if( deviceInfo->capabilityInfoList == NULL ) deviceInfo->capabilityInfoList = newCapabilityList; else capabilityInfoListTail->next = newCapabilityList; capabilityInfoListTail = newCapabilityList; /* Since there may be alternative mechanisms to the current one defined, we have to skip mechanisms until we find a ones for a new algorithm */ while( mechanismInfoPtr[ i + 1 ].cryptAlgo == cryptAlgo && \ i < maxMechanisms ) i++; ENSURES( i < maxMechanisms ); } ENSURES( i < maxMechanisms ); return( ( deviceInfo->capabilityInfoList == NULL ) ? CRYPT_ERROR : CRYPT_OK ); }
static CAPABILITY_INFO *getCapability( const DEVICE_INFO *deviceInfo, const PKCS11_MECHANISM_INFO *mechanismInfoPtr, const int maxMechanisms ) { VARIABLE_CAPABILITY_INFO *capabilityInfo; CK_MECHANISM_INFO pMechanism; CK_RV status; const CRYPT_ALGO_TYPE cryptAlgo = mechanismInfoPtr->cryptAlgo; const BOOLEAN isPKC = isPkcAlgo( cryptAlgo ) ? TRUE : FALSE; const CK_FLAGS keyGenFlag = isPKC ? CKF_GENERATE_KEY_PAIR : CKF_GENERATE; PKCS11_INFO *pkcs11Info = deviceInfo->devicePKCS11; int hardwareOnly, i, iterationCount; assert( isReadPtr( deviceInfo, sizeof( DEVICE_INFO ) ) ); assert( isReadPtr( mechanismInfoPtr, \ maxMechanisms * sizeof( PKCS11_MECHANISM_INFO ) ) ); /* Set up canary values for the mechanism information in case the driver blindly reports success for every mechanism that we ask for */ memset( &pMechanism, 0, sizeof( CK_MECHANISM_INFO ) ); pMechanism.ulMinKeySize = 0xA5A5; pMechanism.ulMaxKeySize = 0x5A5A; /* Get the information for this mechanism. Since many PKCS #11 drivers implement some of their capabilities using God knows what sort of software implementation, we provide the option to skip emulated mechanisms if required */ status = C_GetMechanismInfo( pkcs11Info->slotID, mechanismInfoPtr->mechanism, &pMechanism ); if( status != CKR_OK ) return( NULL ); if( pMechanism.ulMinKeySize == 0xA5A5 && \ pMechanism.ulMaxKeySize == 0x5A5A ) { /* The driver reported that this mechanism is available but didn't update the mechanism information, it's lying */ DEBUG_DIAG(( "Driver reports that mechanism %X is available even " "though it isn't", mechanismInfoPtr->mechanism )); assert( DEBUG_WARN ); return( NULL ); } status = krnlSendMessage( deviceInfo->ownerHandle, IMESSAGE_GETATTRIBUTE, &hardwareOnly, CRYPT_OPTION_DEVICE_PKCS11_HARDWAREONLY ); if( cryptStatusOK( status ) && hardwareOnly && \ !( pMechanism.flags & CKF_HW ) ) { DEBUG_DIAG(( "Skipping mechanism %X, which is only available in " "software emulation", mechanismInfoPtr->mechanism )); return( NULL ); } if( mechanismInfoPtr->requiredFlags != CKF_NONE ) { /* Make sure that the driver flags indicate support for the specific functionality that we require */ if( ( mechanismInfoPtr->requiredFlags & \ pMechanism.flags ) != mechanismInfoPtr->requiredFlags ) { DEBUG_DIAG(( "Driver reports that mechanism %X only has " "capabilities %lX when we require %lX", mechanismInfoPtr->mechanism, mechanismInfoPtr->requiredFlags & pMechanism.flags, mechanismInfoPtr->requiredFlags )); ////////////////////////////////// // Kludge to allow it to be used ////////////////////////////////// // assert( DEBUG_WARN ); // return( NULL ); } } /* Copy across the template for this capability */ if( ( capabilityInfo = clAlloc( "getCapability", \ sizeof( CAPABILITY_INFO ) ) ) == NULL ) return( NULL ); for( i = 0; capabilityTemplates[ i ].cryptAlgo != cryptAlgo && \ capabilityTemplates[ i ].cryptAlgo != CRYPT_ERROR && \ i < FAILSAFE_ARRAYSIZE( capabilityTemplates, CAPABILITY_INFO ); i++ ); ENSURES_N( i < FAILSAFE_ARRAYSIZE( capabilityTemplates, CAPABILITY_INFO ) ); ENSURES_N( capabilityTemplates[ i ].cryptAlgo != CRYPT_ERROR ); memcpy( capabilityInfo, &capabilityTemplates[ i ], sizeof( CAPABILITY_INFO ) ); /* Set up the keysize information if there's anything useful available */ if( keysizeValid( cryptAlgo ) ) { int minKeySize = ( int ) pMechanism.ulMinKeySize; int maxKeySize = ( int ) pMechanism.ulMaxKeySize; /* Adjust the key size to bytes and make sure that all values are consistent. Some implementations report silly bounds (e.g. 1-bit RSA, "You naughty minKey" or alternatively 4Gbit RSA) so we adjust them to a sane value if necessary. We also limit the maximum key size to match the cryptlib native maximum key size, both for consistency and because cryptlib performs buffer allocation based on the maximum native buffer size */ if( pMechanism.ulMinKeySize < 0 || \ pMechanism.ulMinKeySize >= 10000L ) { DEBUG_DIAG(( "Driver reports invalid minimum key size %lu for " "%s algorithm", pMechanism.ulMinKeySize, capabilityInfo->algoName )); assert( DEBUG_WARN ); minKeySize = 0; } if( pMechanism.ulMaxKeySize < 0 || \ pMechanism.ulMaxKeySize >= 100000L ) { DEBUG_DIAG(( "Driver reports invalid maximum key size %lu for " "%s algorithm", pMechanism.ulMaxKeySize, capabilityInfo->algoName )); assert( DEBUG_WARN ); maxKeySize = 0; } if( !keysizeInBytes( cryptAlgo ) ) { minKeySize = bitsToBytes( minKeySize ); maxKeySize = bitsToBytes( maxKeySize ); } if( minKeySize > capabilityInfo->minKeySize ) capabilityInfo->minKeySize = minKeySize; if( capabilityInfo->keySize < capabilityInfo->minKeySize ) capabilityInfo->keySize = capabilityInfo->minKeySize; capabilityInfo->maxKeySize = min( maxKeySize, capabilityInfo->maxKeySize ); if( capabilityInfo->maxKeySize < capabilityInfo->minKeySize ) { /* Serious braindamage in the driver, we'll just have to make a sensible guess */ DEBUG_DIAG(( "Driver reports maximum key size %d < minimum key " "size %d for %s algorithm", capabilityInfo->maxKeySize, capabilityInfo->minKeySize, capabilityInfo->algoName )); assert( DEBUG_WARN ); if( isPKC ) { capabilityInfo->maxKeySize = \ max( capabilityInfo->minKeySize, bitsToBytes( 2048 ) ); } else capabilityInfo->maxKeySize = 16; } if( capabilityInfo->keySize > capabilityInfo->maxKeySize ) capabilityInfo->keySize = capabilityInfo->maxKeySize; capabilityInfo->endFunction = genericEndFunction; } /* Set up the device-specific handlers */ capabilityInfo->selfTestFunction = selfTestFunction; capabilityInfo->getInfoFunction = getDefaultInfo; if( !isPKC ) capabilityInfo->initParamsFunction = initGenericParams; capabilityInfo->endFunction = mechanismInfoPtr->endFunction; capabilityInfo->initKeyFunction = mechanismInfoPtr->initKeyFunction; if( pMechanism.flags & keyGenFlag ) capabilityInfo->generateKeyFunction = \ mechanismInfoPtr->generateKeyFunction; if( pMechanism.flags & CKF_SIGN ) { /* cryptlib treats hashing as an encrypt/decrypt operation while PKCS #11 treats it as a sign/verify operation, so we have to juggle the function pointers based on the underlying algorithm type */ if( isPKC ) capabilityInfo->signFunction = mechanismInfoPtr->signFunction; else capabilityInfo->encryptFunction = mechanismInfoPtr->encryptFunction; } if( pMechanism.flags & CKF_VERIFY ) { /* See comment above */ if( isPKC ) capabilityInfo->sigCheckFunction = mechanismInfoPtr->sigCheckFunction; else capabilityInfo->decryptFunction = mechanismInfoPtr->decryptFunction; } if( pMechanism.flags & CKF_ENCRYPT ) { /* Not all devices implement all modes, so we have to be careful to set up the pointer for the exact mode that's supported */ switch( mechanismInfoPtr->cryptMode ) { case CRYPT_MODE_CBC: capabilityInfo->encryptCBCFunction = mechanismInfoPtr->encryptFunction; break; case CRYPT_MODE_CFB: capabilityInfo->encryptCFBFunction = mechanismInfoPtr->encryptFunction; break; case CRYPT_MODE_GCM: capabilityInfo->encryptGCMFunction = mechanismInfoPtr->encryptFunction; break; default: /* ECB or a PKC */ capabilityInfo->encryptFunction = mechanismInfoPtr->encryptFunction; break; } } if( pMechanism.flags & CKF_DECRYPT ) { /* Not all devices implement all modes, so we have to be careful to set up the pointer for the exact mode that's supported */ switch( mechanismInfoPtr->cryptMode ) { case CRYPT_MODE_CBC: capabilityInfo->decryptCBCFunction = mechanismInfoPtr->decryptFunction; break; case CRYPT_MODE_CFB: capabilityInfo->decryptCFBFunction = mechanismInfoPtr->decryptFunction; break; case CRYPT_MODE_GCM: capabilityInfo->decryptGCMFunction = mechanismInfoPtr->decryptFunction; break; default: /* ECB or a PKC */ capabilityInfo->decryptFunction = mechanismInfoPtr->decryptFunction; break; } } if( cryptAlgo == CRYPT_ALGO_DH && pMechanism.flags & CKF_DERIVE ) { /* DH is a special-case that doesn't really have an encrypt function and where "decryption" is actually a derivation */ capabilityInfo->encryptFunction = mechanismInfoPtr->encryptFunction; capabilityInfo->decryptFunction = mechanismInfoPtr->decryptFunction; } /* Keygen capabilities are generally present as separate mechanisms, sometimes CKF_GENERATE/CKF_GENERATE_KEY_PAIR is set for the main mechanism and sometimes it's set for the separate one so if it isn't present in the main one we check the alternative one */ if( !( pMechanism.flags & keyGenFlag ) && \ ( mechanismInfoPtr->keygenMechanism != CKM_NONE ) ) { status = C_GetMechanismInfo( pkcs11Info->slotID, mechanismInfoPtr->keygenMechanism, &pMechanism ); if( status == CKR_OK && ( pMechanism.flags & keyGenFlag ) && \ ( !hardwareOnly || ( pMechanism.flags & CKF_HW ) ) ) { /* Some tinkertoy tokens don't implement key generation in hardware but instead do it on the host PC (!!!) and load the key into the token afterwards, so we have to perform another check here to make sure that they're doing things right */ capabilityInfo->generateKeyFunction = \ mechanismInfoPtr->generateKeyFunction; } } /* Record mechanism-specific parameters if required */ if( isConvAlgo( cryptAlgo ) || isMacAlgo( cryptAlgo ) ) { capabilityInfo->paramKeyType = mechanismInfoPtr->keyType; capabilityInfo->paramKeyGen = mechanismInfoPtr->keygenMechanism; capabilityInfo->paramDefaultMech = mechanismInfoPtr->defaultMechanism; } /* Some drivers report bizarre combinations of capabilities like (for RSA) sign, verify, and decrypt but not encrypt, which will fail later sanity checks. If we run into one of these we force the capabilities to be consistent by disabling any for which only partial capabilities are supported */ if( isPkcAlgo( cryptAlgo ) ) { if( capabilityInfo->decryptFunction != NULL && \ capabilityInfo->encryptFunction == NULL ) { DEBUG_DIAG(( "Driver reports decryption but not encryption " "capability for %s algorithm, disabling " "encryption", capabilityInfo->algoName )); capabilityInfo->decryptFunction = NULL; } if( capabilityInfo->signFunction != NULL && \ capabilityInfo->sigCheckFunction == NULL ) { DEBUG_DIAG(( "Driver reports signature-generation but not " "signature-verification capability for %s " "algorithm, disabling signing", capabilityInfo->algoName )); ////////////////////////////////// // Kludge to allow it to be used ////////////////////////////////// if( cryptAlgo == CRYPT_ALGO_ECDSA ) capabilityInfo->sigCheckFunction = capabilityInfo->signFunction; else capabilityInfo->signFunction = NULL; } /* If we've now disabled all capabilities, we can't use this algorithm */ if( capabilityInfo->decryptFunction == NULL && \ capabilityInfo->signFunction == NULL ) { DEBUG_DIAG(( "Use of algorithm %s disabled since no consistent " "set of capabilities is available", capabilityInfo->algoName )); clFree( "getCapability", capabilityInfo ); assert( DEBUG_WARN ); return( NULL ); } } /* If it's not a conventional encryption algo, we're done */ if( !isConvAlgo( cryptAlgo ) ) return( ( CAPABILITY_INFO * ) capabilityInfo ); /* PKCS #11 handles encryption modes by defining a separate mechanism for each one. In order to enumerate all the modes available for a particular algorithm we check for each mechanism in turn and set up the appropriate function pointers if it's available */ for( mechanismInfoPtr++, iterationCount = 0; mechanismInfoPtr->cryptAlgo == cryptAlgo && \ iterationCount < maxMechanisms; mechanismInfoPtr++, iterationCount++ ) { /* There's a different form of the existing mechanism available, check whether the driver implements it */ status = C_GetMechanismInfo( pkcs11Info->slotID, mechanismInfoPtr->mechanism, &pMechanism ); if( status != CKR_OK ) continue; /* Set up the pointer for the appropriate encryption mode */ switch( mechanismInfoPtr->cryptMode ) { case CRYPT_MODE_CBC: if( pMechanism.flags & CKF_ENCRYPT ) capabilityInfo->encryptCBCFunction = \ mechanismInfoPtr->encryptFunction; if( pMechanism.flags & CKF_DECRYPT ) capabilityInfo->decryptCBCFunction = \ mechanismInfoPtr->decryptFunction; break; case CRYPT_MODE_CFB: if( pMechanism.flags & CKF_ENCRYPT ) capabilityInfo->encryptCFBFunction = \ mechanismInfoPtr->encryptFunction; if( pMechanism.flags & CKF_DECRYPT ) capabilityInfo->decryptCFBFunction = \ mechanismInfoPtr->decryptFunction; break; case CRYPT_MODE_GCM: if( pMechanism.flags & CKF_ENCRYPT ) capabilityInfo->encryptGCMFunction = \ mechanismInfoPtr->encryptFunction; if( pMechanism.flags & CKF_DECRYPT ) capabilityInfo->decryptGCMFunction = \ mechanismInfoPtr->decryptFunction; break; default: retIntError_Null(); } } ENSURES_N( iterationCount < maxMechanisms ); return( ( CAPABILITY_INFO * ) capabilityInfo ); }
INT CLSaveKeyserverPrefs (PGPPrefRef PrefRef, HWND hWndParent, HWND hWndTree) { TL_TREEITEM tlI; HTLITEM hTServer; PGPKeyServerEntry* keyserverList; INT iServer, iServerCount; PKEYSERVERSTRUCT pkss; // count number of servers iServerCount = 0; hTServer = TreeList_GetFirstItem (hWndTree); while (hTServer) { ++iServerCount; tlI.hItem = hTServer; tlI.mask = TLIF_NEXTHANDLE; TreeList_GetItem (hWndTree, &tlI); hTServer = tlI.hItem; } keyserverList = clAlloc (iServerCount * sizeof(PGPKeyServerEntry)); if (!keyserverList) return kPGPError_OutOfMemory; iServer = 0; hTServer = TreeList_GetFirstItem (hWndTree); while (hTServer) { // get server structure tlI.hItem = hTServer; tlI.mask = TLIF_PARAM | TLIF_NEXTHANDLE; TreeList_GetItem (hWndTree, &tlI); pkss = (PKEYSERVERSTRUCT)(tlI.lParam); keyserverList[iServer].protocol = pkss->iType; lstrcpy (keyserverList[iServer].domain, pkss->szDomain); lstrcpy (keyserverList[iServer].serverDNS, pkss->szServer); keyserverList[iServer].serverPort = pkss->iPort; // authentication key if (pkss->authAlg != kPGPPublicKeyAlgorithm_Invalid) { keyserverList[iServer].authAlg = pkss->authAlg; lstrcpy (keyserverList[iServer].authKeyIDString, pkss->szKeyIDAuth); } else { keyserverList[iServer].authAlg = kPGPPublicKeyAlgorithm_Invalid; keyserverList[iServer].authKeyIDString[0] = '\0'; } // listed flag keyserverList[iServer].flags = 0; if (pkss->bListed) keyserverList[iServer].flags |= kKeyServerListed; if (pkss->bRoot) keyserverList[iServer].flags |= kKeyServerIsRoot; // step to next server ++iServer; hTServer = tlI.hItem; } // done, set preferences PGPSetKeyServerPrefs (PrefRef, keyserverList, iServerCount); clFree (keyserverList); return 0; }
static int activateConnection( INOUT SESSION_INFO *sessionInfoPtr ) { CRYPT_ATTRIBUTE_TYPE errorAttribute; int status; assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) ); /* Make sure that everything is set up ready to go */ errorAttribute = isServer( sessionInfoPtr ) ? \ checkServerParameters( sessionInfoPtr ) : \ checkClientParameters( sessionInfoPtr ); if( errorAttribute != CRYPT_ATTRIBUTE_NONE ) { setErrorInfo( sessionInfoPtr, errorAttribute, CRYPT_ERRTYPE_ATTR_ABSENT ); return( CRYPT_ERROR_NOTINITED ); } ENSURES( isServer( sessionInfoPtr ) || \ findSessionInfo( sessionInfoPtr->attributeList, CRYPT_SESSINFO_SERVER_NAME ) != NULL || \ sessionInfoPtr->networkSocket != CRYPT_ERROR ); ENSURES( findSessionInfo( sessionInfoPtr->attributeList, CRYPT_SESSINFO_SERVER_PORT ) != NULL || \ sessionInfoPtr->protocolInfo->port > 0 ); /* Allocate the send and receive buffers if necessary. The send buffer isn't used for request-response session types that use the receive buffer for both outgoing and incoming data so we only allocate it if it's actually required */ if( sessionInfoPtr->sendBuffer == NULL ) { REQUIRES( sessionInfoPtr->receiveBufSize >= MIN_BUFFER_SIZE && \ sessionInfoPtr->receiveBufSize < MAX_BUFFER_SIZE ); REQUIRES( ( sessionInfoPtr->sendBufSize >= MIN_BUFFER_SIZE && \ sessionInfoPtr->sendBufSize < MAX_BUFFER_SIZE ) || \ sessionInfoPtr->sendBufSize == CRYPT_UNUSED ); if( ( sessionInfoPtr->receiveBuffer = \ clAlloc( "activateConnection", \ sessionInfoPtr->receiveBufSize + 8 ) ) == NULL ) return( CRYPT_ERROR_MEMORY ); if( sessionInfoPtr->sendBufSize != CRYPT_UNUSED ) { /* When allocating the send buffer we use the size given for the receive buffer since the user may have overridden the default buffer size */ if( ( sessionInfoPtr->sendBuffer = \ clAlloc( "activateConnection", \ sessionInfoPtr->receiveBufSize + 8 ) ) == NULL ) { clFree( "activateConnection", sessionInfoPtr->receiveBuffer ); sessionInfoPtr->receiveBuffer = NULL; return( CRYPT_ERROR_MEMORY ); } sessionInfoPtr->sendBufSize = sessionInfoPtr->receiveBufSize; } } ENSURES( sessionInfoPtr->receiveBuffer != NULL && \ sessionInfoPtr->receiveBufSize >= MIN_BUFFER_SIZE && \ sessionInfoPtr->receiveBufSize < MAX_BUFFER_SIZE ); ENSURES( sessionInfoPtr->sendBufSize == CRYPT_UNUSED || \ sessionInfoPtr->sendBuffer != NULL ); /* Set timeouts if they're not set yet. If there's an error then we use the default value rather than aborting the entire session because of a minor difference in timeout values, although we also warn the caller in debug mode */ if( sessionInfoPtr->connectTimeout == CRYPT_ERROR ) { int timeout; status = krnlSendMessage( sessionInfoPtr->ownerHandle, IMESSAGE_GETATTRIBUTE, &timeout, CRYPT_OPTION_NET_CONNECTTIMEOUT ); if( cryptStatusOK( status ) ) sessionInfoPtr->connectTimeout = timeout; else { DEBUG_DIAG(( "Couldn't get connect timeout config value" )); assert( DEBUG_WARN ); sessionInfoPtr->connectTimeout = 30; } } if( sessionInfoPtr->readTimeout == CRYPT_ERROR ) { int timeout; status = krnlSendMessage( sessionInfoPtr->ownerHandle, IMESSAGE_GETATTRIBUTE, &timeout, CRYPT_OPTION_NET_READTIMEOUT ); if( cryptStatusOK( status ) ) sessionInfoPtr->readTimeout = timeout; else { DEBUG_DIAG(( "Couldn't get read timeout config value" )); assert( DEBUG_WARN ); sessionInfoPtr->readTimeout = 30; } } if( sessionInfoPtr->writeTimeout == CRYPT_ERROR ) { int timeout; status = krnlSendMessage( sessionInfoPtr->ownerHandle, IMESSAGE_GETATTRIBUTE, &timeout, CRYPT_OPTION_NET_WRITETIMEOUT ); if( cryptStatusOK( status ) ) sessionInfoPtr->writeTimeout = timeout; else { DEBUG_DIAG(( "Couldn't get write timeout config value" )); assert( DEBUG_WARN ); sessionInfoPtr->writeTimeout = 30; } } /* Wait for any async driver binding to complete. We can delay this until this very late stage because no networking functionality is used until this point */ if( !krnlWaitSemaphore( SEMAPHORE_DRIVERBIND ) ) { /* The kernel is shutting down, bail out */ return( CRYPT_ERROR_PERMISSION ); } /* If this is the first time that we've got here, activate the session */ if( !( sessionInfoPtr->flags & SESSION_PARTIALOPEN ) ) { REQUIRES( !( sessionInfoPtr->flags & SESSION_ISOPEN ) ) status = sessionInfoPtr->connectFunction( sessionInfoPtr ); if( cryptStatusError( status ) ) return( status ); } /* If it's a secure data transport session, complete the session state setup. Note that some sessions dynamically change the protocol information during the handshake to accommodate parameters negotiated during the handshake so we can only access the protocol information after the handshake has completed */ if( !sessionInfoPtr->protocolInfo->isReqResp ) { /* Complete the session handshake to set up the secure state */ status = sessionInfoPtr->transactFunction( sessionInfoPtr ); if( cryptStatusError( status ) ) { /* If we need feedback from the user before we can complete the handshake (for example checking a user name and password or certificate supplied by the other side) we remain in the handshake state so that the user can re-activate the session after confirming (or denying) the check */ if( status == CRYPT_ENVELOPE_RESOURCE ) sessionInfoPtr->flags |= SESSION_PARTIALOPEN; return( status ); } /* Notify the kernel that the session key context is attached to the session object. Note that we increment its reference count even though it's an internal object used only by the session because otherwise it'll be automatically destroyed by the kernel as a zero-reference dependent object when the session object is destroyed (but before the session object itself since the context is just a dependent object). This automatic cleanup could cause problems for lower-level session management code that tries to work with the (apparently still-valid) handle, for example protocols that need to encrypt a close-channel message on session shutdown */ krnlSendMessage( sessionInfoPtr->objectHandle, IMESSAGE_SETDEPENDENT, &sessionInfoPtr->iCryptInContext, SETDEP_OPTION_INCREF ); /* Set up the buffer management variables */ sessionInfoPtr->receiveBufPos = sessionInfoPtr->receiveBufEnd = 0; sessionInfoPtr->sendBufPos = sessionInfoPtr->sendBufStartOfs; /* For data transport sessions, partial reads and writes (that is, sending and receiving partial packets in the presence of timeouts) are permitted */ sioctlSet( &sessionInfoPtr->stream, STREAM_IOCTL_PARTIALREAD, TRUE ); sioctlSet( &sessionInfoPtr->stream, STREAM_IOCTL_PARTIALWRITE, TRUE ); } /* The handshake has been completed, switch from the handshake timeout to the data transfer timeout and remember that the session has been successfully established */ sioctlSet( &sessionInfoPtr->stream, STREAM_IOCTL_HANDSHAKECOMPLETE, TRUE ); sessionInfoPtr->flags &= ~SESSION_PARTIALOPEN; sessionInfoPtr->flags |= SESSION_ISOPEN; return( CRYPT_OK ); }
void __free_msmc(void *p) { clFree(p, NULL); }
void __free_ddr(void *p) { clFree(p, NULL); }
int main(int argc, char *argv[]) { cl_helper helper; size_t platforms; cl_int error_code; cl_kernel kernel; #ifdef _MSC_VER const char *kernel_file = "cl_kernels\\clVecAddKernel.cl"; #else const char *kernel_file = "cl_kernels/clVecAddKernel.cl"; #endif if (clInitHelpers(&platforms) != CL_SUCCESS) return -1; if (platforms == 0) return -1; helper = clGetHelpers()[0]; error_code = clHelperLoadProgramFromFile(helper, kernel_file); if (error_code != CL_SUCCESS){ clReleaseHelpers(); return -1; } float *a, *b, *c; gmactime_t s, t; setParam<unsigned>(&vecSize, vecSizeStr, vecSizeDefault); fprintf(stdout, "Vector: %f\n", 1.0 * vecSize / 1024 / 1024); // Using program for first device kernel = clCreateKernel(helper.programs[0], "vecAdd", &error_code); assert(error_code == CL_SUCCESS); getTime(&s); // Alloc & init input data error_code = clMalloc(helper.command_queues[0], (void **)&a, vecSize * sizeof(float)); assert(error_code == CL_SUCCESS); error_code = clMalloc(helper.command_queues[0], (void **)&b, vecSize * sizeof(float)); assert(error_code == CL_SUCCESS); // Alloc output data error_code = clMalloc(helper.command_queues[0], (void **)&c, vecSize * sizeof(float)); assert(error_code == CL_SUCCESS); getTime(&t); printTime(&s, &t, "Alloc: ", "\n"); float sum = 0.f; getTime(&s); valueInit(a, 1.f, vecSize); valueInit(b, 1.f, vecSize); getTime(&t); printTime(&s, &t, "Init: ", "\n"); for(unsigned i = 0; i < vecSize; i++) { sum += a[i] + b[i]; } // Call the kernel getTime(&s); size_t global_size = vecSize; cl_mem mem; mem = clGetBuffer(helper.contexts[0], c); error_code = clSetKernelArg(kernel, 0, sizeof(cl_mem), &mem); if (mem == NULL || error_code != CL_SUCCESS) return error_code; mem = clGetBuffer(helper.contexts[0], a); error_code = clSetKernelArg(kernel, 1, sizeof(cl_mem), &mem); if (mem == NULL || error_code != CL_SUCCESS) return error_code; mem = clGetBuffer(helper.contexts[0], b); error_code = clSetKernelArg(kernel, 2, sizeof(cl_mem), &mem); if (mem == NULL || error_code != CL_SUCCESS) return error_code; error_code = clSetKernelArg(kernel, 3, sizeof(vecSize), &vecSize); assert(error_code == CL_SUCCESS); error_code = clEnqueueNDRangeKernel(helper.command_queues[0], kernel, 1, NULL, &global_size, NULL, 0, NULL, NULL); assert(error_code == CL_SUCCESS); error_code = clFinish(helper.command_queues[0]); assert(error_code == CL_SUCCESS); getTime(&t); printTime(&s, &t, "Run: ", "\n"); getTime(&s); float error = 0.f; float check = 0.f; for(unsigned i = 0; i < vecSize; i++) { error += c[i] - (a[i] + b[i]); check += c[i]; } getTime(&t); printTime(&s, &t, "Check: ", "\n"); fprintf(stderr, "Error: %f\n", error); if (sum != check) { printf("Sum: %f vs %f\n", sum, check); abort(); } error_code = clFree(helper.command_queues[0], a); assert(error_code == CL_SUCCESS); error_code = clFree(helper.command_queues[0], b); assert(error_code == CL_SUCCESS); error_code = clFree(helper.command_queues[0], c); assert(error_code == CL_SUCCESS); clReleaseHelpers(); return 0; }