1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil -*- */
/*
* Functions and types used by https servers to send (download) pre-encrypted
* files over SSL connections that use Fortezza ciphersuites.
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id$
*/
#include "seccomon.h"
#include "prio.h"
typedef struct PEHeaderStr PEHeader;
#define PE_MIME_TYPE "application/pre-encrypted"
/*
* unencrypted header. The 'top' half of this header is generic. The union
* is type specific, and may include bulk cipher type information
* (Fortezza supports only Fortezza Bulk encryption). Only fortezza
* pre-encrypted is defined.
*/
typedef struct PEFortezzaHeaderStr PEFortezzaHeader;
typedef struct PEFortezzaGeneratedHeaderStr PEFortezzaGeneratedHeader;
typedef struct PEFixedKeyHeaderStr PEFixedKeyHeader;
typedef struct PERSAKeyHeaderStr PERSAKeyHeader;
struct PEFortezzaHeaderStr {
unsigned char key[12]; /* Ks wrapped MEK */
unsigned char iv[24]; /* iv for this MEK */
unsigned char hash[20]; /* SHA hash of file */
unsigned char serial[8]; /* serial number of the card that owns
* Ks */
};
struct PEFortezzaGeneratedHeaderStr {
unsigned char key[12]; /* TEK wrapped MEK */
unsigned char iv[24]; /* iv for this MEK */
unsigned char hash[20]; /* SHA hash of file */
unsigned char Ra[128]; /* RA to generate TEK */
unsigned char Y[128]; /* Y to generate TEK */
};
struct PEFixedKeyHeaderStr {
unsigned char pkcs11Mech[4]; /* Symetric key operation */
unsigned char labelLen[2]; /* length of the token label */
unsigned char keyIDLen[2]; /* length of the token Key ID */
unsigned char ivLen[2]; /* length of IV */
unsigned char keyLen[2]; /* length of key (DES3_ECB encrypted) */
unsigned char data[1]; /* start of data */
};
struct PERSAKeyHeaderStr {
unsigned char pkcs11Mech[4]; /* Symetric key operation */
unsigned char issuerLen[2]; /* length of cert issuer */
unsigned char serialLen[2]; /* length of the cert serial */
unsigned char ivLen[2]; /* length of IV */
unsigned char keyLen[2]; /* length of key (RSA encrypted) */
unsigned char data[1]; /* start of data */
};
/* macros to get at the variable length data fields */
#define PEFIXED_Label(header) (header->data)
#define PEFIXED_KeyID(header) (&header->data[GetInt2(header->labelLen)])
#define PEFIXED_IV(header) (&header->data[GetInt2(header->labelLen)\
+GetInt2(header->keyIDLen)])
#define PEFIXED_Key(header) (&header->data[GetInt2(header->labelLen)\
+GetInt2(header->keyIDLen)+GetInt2(header->keyLen)])
#define PERSA_Issuer(header) (header->data)
#define PERSA_Serial(header) (&header->data[GetInt2(header->issuerLen)])
#define PERSA_IV(header) (&header->data[GetInt2(header->issuerLen)\
+GetInt2(header->serialLen)])
#define PERSA_Key(header) (&header->data[GetInt2(header->issuerLen)\
+GetInt2(header->serialLen)+GetInt2(header->keyLen)])
struct PEHeaderStr {
unsigned char magic [2]; /* always 0xC0DE */
unsigned char len [2]; /* length of PEHeader */
unsigned char type [2]; /* FORTEZZA, DIFFIE-HELMAN, RSA */
unsigned char version[2]; /* version number: 1.0 */
union {
PEFortezzaHeader fortezza;
PEFortezzaGeneratedHeader g_fortezza;
PEFixedKeyHeader fixed;
PERSAKeyHeader rsa;
} u;
};
#define PE_CRYPT_INTRO_LEN 8
#define PE_INTRO_LEN 4
#define PE_BASE_HEADER_LEN 8
#define PRE_BLOCK_SIZE 8 /* for decryption blocks */
/*
* Platform neutral encode/decode macros.
*/
#define GetInt2(c) ((c[0] << 8) | c[1])
#define GetInt4(c) (((unsigned long)c[0] << 24)|((unsigned long)c[1] << 16)\
|((unsigned long)c[2] << 8)| ((unsigned long)c[3]))
#define PutInt2(c,i) ((c[1] = (i) & 0xff), (c[0] = ((i) >> 8) & 0xff))
#define PutInt4(c,i) ((c[0]=((i) >> 24) & 0xff),(c[1]=((i) >> 16) & 0xff),\
(c[2] = ((i) >> 8) & 0xff), (c[3] = (i) & 0xff))
/*
* magic numbers.
*/
#define PRE_MAGIC 0xc0de
#define PRE_VERSION 0x1010
#define PRE_FORTEZZA_FILE 0x00ff /* pre-encrypted file on disk */
#define PRE_FORTEZZA_STREAM 0x00f5 /* pre-encrypted file in stream */
#define PRE_FORTEZZA_GEN_STREAM 0x00f6 /* Generated pre-encrypted file */
#define PRE_FIXED_FILE 0x000f /* fixed key on disk */
#define PRE_RSA_FILE 0x001f /* RSA in file */
#define PRE_FIXED_STREAM 0x0005 /* fixed key in stream */
/*
* internal implementation info
*/
/* convert an existing stream header to a version with local parameters */
PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *,
int *headerSize);
/* convert an existing file header to one suitable for streaming out */
PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *,
int *headerSize);
|
