blob: 2e6df42502d554973d1756c6d0ea18bab20a558e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/*
* All the data structures for Software fortezza are internal only.
* The external API for Software fortezza is MACI (which is only used by
* the PKCS #11 module.
*/
#ifndef _SWFORTTI_H_
#define _SWFORTTI_H_
#include "maci.h"
#include "seccomon.h"
#include "mcom_db.h" /* really should be included by certt.h */
#include "certt.h"
#include "keyt.h"
#include "swfortt.h"
/* the following parameters are tunable. The bigger the key registers are,
* the less likely the PKCS #11 module will thrash. */
#define KEY_REGISTERS 100
#define MAX_RA_SLOTS 20
/* SKIPJACK algorithm constants */
#define SKIPJACK_KEY_SIZE 10
#define SKIPJACK_BLOCK_SIZE 8
#define SKIPJACK_LEAF_SIZE 16
/* private typedefs */
typedef unsigned char FORTSkipjackKey[SKIPJACK_KEY_SIZE];
typedef unsigned char *FORTSkipjackKeyPtr;
typedef unsigned char fortRaPrivate[20];
typedef unsigned char *fortRaPrivatePtr;
/* save a public/private key pair */
struct FORTRaRegistersStr {
CI_RA public;
fortRaPrivate private;
};
/* FORTEZZA Key Register */
struct FORTKeySlotStr {
FORTSkipjackKey data;
PRBool present;
};
/* structure to hole private key information */
struct fortKeyInformationStr {
SECItem keyFlags;
SECItem privateKeyWrappedWithKs;
SECItem derPublicKey;
SECItem p;
SECItem g;
SECItem q;
};
/* struture to hole Ks wrapped data */
struct fortProtectedDataStr {
SECItem length;
SECItem dataIV;
SECItem dataEncryptedWithKs;
};
/* This structure represents a fortezza personality */
struct fortSlotEntryStr {
SECItem trusted;
SECItem certificateIndex;
int certIndex;
fortProtectedData certificateLabel;
fortProtectedData certificateData;
fortKeyInformation *exchangeKeyInformation;
fortKeyInformation *signatureKeyInformation;
};
/* this structure represents a K value wrapped by a protected pin */
struct fortProtectedPhraseStr {
SECItem kValueIV;
SECItem wrappedKValue;
SECItem memPhraseIV;
SECItem hashedEncryptedMemPhrase;
};
/* This structure represents all the relevant data stored in a der encoded
* fortezza slot file. */
struct FORTSWFileStr {
PRArenaPool *arena;
SECItem version;
SECItem derIssuer;
SECItem serialID;
fortProtectedPhrase initMemPhrase;
#define fortezzaPhrase initMemPhrase
fortProtectedPhrase ssoMemPhrase;
fortProtectedPhrase userMemPhrase;
fortProtectedPhrase ssoPinPhrase;
fortProtectedPhrase userPinPhrase;
SECItem wrappedRandomSeed;
fortSlotEntry **slotEntries;
};
/* This data structed represents a signed data structure */
struct FORTSignedSWFileStr {
FORTSWFile file;
CERTSignedData signatureWrap;
FORTSkipjackKeyPtr Kinit;
FORTSkipjackKeyPtr Ks;
};
/* collect all the data that makes up a token */
struct FORTSWTokenStr {
PRBool login; /* has this token been logged in? */
int lock; /* the current lock state */
int certIndex; /* index of the current personality */
int key; /* currently selected key */
int nextRa; /* where the next Ra/ra pair will go */
FORTSWFile *config_file; /* parsed Fortezza Config file */
unsigned char IV[SKIPJACK_BLOCK_SIZE];
FORTKeySlot keyReg[KEY_REGISTERS]; /* sw fortezza key slots */
FORTRaRegisters RaValues[MAX_RA_SLOTS]; /* Ra/ra values */
};
#endif
|