From 4ad4c0129e226e25f4c337b29db03c39fd89a2db Mon Sep 17 00:00:00 2001 From: ahodgkinson Date: Thu, 21 Sep 2006 22:40:46 +0000 Subject: [PATCH] XFLAIM change. Cleanup and re-structuring of the internal cryptographic interfaces. git-svn-id: https://svn.code.sf.net/p/flaim/code/trunk@896 0109f412-320b-0410-ab79-c3e0c5ffbbe6 --- xflaim/src/f_nici.cpp | 2095 ++++++++++++++++----------------------- xflaim/src/f_nici.h | 279 ------ xflaim/src/fdict.cpp | 107 +- xflaim/src/fdict.h | 4 +- xflaim/src/fdom.cpp | 12 +- xflaim/src/flaimsys.h | 12 +- xflaim/src/flbackup.cpp | 18 +- xflaim/src/flblddb.cpp | 18 +- xflaim/src/flconvrt.cpp | 14 +- xflaim/src/flcreate.cpp | 52 +- xflaim/src/fldbglog.cpp | 18 +- xflaim/src/flopen.cpp | 17 +- xflaim/src/fslfileu.cpp | 2 +- xflaim/src/fstructs.h | 2 +- xflaim/src/scache.cpp | 174 ++-- xflaim/src/xflaim.h | 13 +- 16 files changed, 1040 insertions(+), 1797 deletions(-) delete mode 100644 xflaim/src/f_nici.h diff --git a/xflaim/src/f_nici.cpp b/xflaim/src/f_nici.cpp index 0e7693e..543524b 100644 --- a/xflaim/src/f_nici.cpp +++ b/xflaim/src/f_nici.cpp @@ -27,17 +27,209 @@ #include "flaimsys.h" #ifdef FLM_USE_NICI -FSTATIC void GetIV( - FLMBYTE * pucIV, - FLMUINT uiLen); + +#ifdef FLM_NLM + #define N_PLAT_NLM #endif -/*----------------------------------------------------------------------------- - * Desc: DTOR - Destroy an F_CCS object. - *---------------------------------------------------------------------------*/ -F_CCS::~F_CCS() +#include "nwccs.h" + +#ifndef IDV_NOV_AES128CBCPad + #define IDV_NOV_AES128CBCPad NICI_AlgorithmPrefix(1), 97 +#endif + +/**************************************************************************** +Desc: +****************************************************************************/ + +#define IV_SZ 16 +#define IV_SZ8 8 +#define SALT_SZ 8 +#define SALT_COUNT 895 + +/**************************************************************************** +Desc: +****************************************************************************/ +typedef struct +{ + FLMUINT uiKeyType; + FLMUINT uiFormatLen; + FLMUINT uiKeyLen; + FLMUINT uiKeySize; +} EXTRACTED_KEY; + +/**************************************************************************** +Desc: +****************************************************************************/ +class F_NICICCS : public IF_CCS +{ +public: + + F_NICICCS() + { + m_bInitCalled = FALSE; + m_bKeyVerified = FALSE; + f_memset( m_ucIV, 0, IV_SZ); + m_keyHandle = 0; + m_hContext = 0; + m_uiEncKeySize = 0; + m_hMutex = F_MUTEX_NULL; + } + + ~F_NICICCS(); + + RCODE init( + FLMBOOL bKeyIsWrappingKey, + FLMUINT uiAlgType); + + RCODE generateEncryptionKey( + FLMUINT uiEncKeySize); + + RCODE generateWrappingKey( + FLMUINT uiEncKeySize); + + RCODE encryptToStore( + FLMBYTE * pucIn, + FLMUINT uiInLen, + FLMBYTE * pucOut, + FLMUINT * puiOutLen, + FLMBYTE * pucIV = NULL); + + RCODE decryptFromStore( + FLMBYTE * pucIn, + FLMUINT uiInLen, + FLMBYTE * pucOut, + FLMUINT * puiOutLen, + FLMBYTE * pucIV = NULL); + + RCODE getKeyToStore( + FLMBYTE ** ppucKeyInfo, + FLMUINT32 * pui32BufLen, + FLMBYTE * pzEncKeyPasswd, + IF_CCS * pWrappingCcs); + + RCODE setKeyFromStore( + FLMBYTE * pucKeyInfo, + FLMBYTE * pszEncKeyPasswd = NULL, + IF_CCS * pWrappingCcs = NULL); + + FINLINE FLMBOOL keyVerified( void) + { + return( m_bKeyVerified); + } + + FINLINE FLMUINT getEncType( void) + { + return( m_uiAlgType); + } + + FLMUINT getIVLen( void); + + RCODE generateIV( + FLMUINT uiIVLen, + FLMBYTE * pucIV); + + RCODE getWrappingKey( + NICI_OBJECT_HANDLE * pWrappingKeyHandle); + + RCODE wrapKey( + FLMBYTE ** ppucWrappedKey, + FLMUINT32 * pui32Length, + NICI_OBJECT_HANDLE masterWrappingKey = 0 ); + + RCODE unwrapKey( + FLMBYTE * pucWrappedKey, + FLMUINT32 ui32WrappedKeyLength, + NICI_OBJECT_HANDLE masterWrappingKey = 0); + + RCODE extractKey( + FLMBYTE ** ppucShroudedKey, + FLMUINT32 * pui32Length, + FLMUNICODE * puzEncKeyPasswd ); + + RCODE injectKey( + FLMBYTE * pucBuffer, + FLMUINT32 ui32Length, + FLMUNICODE * puzEncKeyPasswd ); + + RCODE encryptToStoreAES( + FLMBYTE * pucIn, + FLMUINT uiInLen, + FLMBYTE * pucOut, + FLMUINT * puiOutLen, + FLMBYTE * pucIV); + + RCODE encryptToStoreDES3( + FLMBYTE * pucIn, + FLMUINT uiInLen, + FLMBYTE * pucOut, + FLMUINT * puiOutLen, + FLMBYTE * pucIV); + + RCODE encryptToStoreDES( + FLMBYTE * pucIn, + FLMUINT uiInLen, + FLMBYTE * pucOut, + FLMUINT * puiOutLen, + FLMBYTE * pucIV); + + RCODE decryptFromStoreAES( + FLMBYTE * pucIn, + FLMUINT uiInLen, + FLMBYTE * pucOut, + FLMUINT * puiOutLen, + FLMBYTE * pucIV); + + RCODE decryptFromStoreDES3( + FLMBYTE * pucIn, + FLMUINT uiInLen, + FLMBYTE * pucOut, + FLMUINT * puiOutLen, + FLMBYTE * pucIV); + + RCODE decryptFromStoreDES( + FLMBYTE * pucIn, + FLMUINT uiInLen, + FLMBYTE * pucOut, + FLMUINT * puiOutLen, + FLMBYTE * pucIV); + + RCODE generateEncryptionKeyAES( + FLMUINT uiEncKeySize); + + RCODE generateEncryptionKeyDES3( + FLMUINT uiEncKeySize); + + RCODE generateEncryptionKeyDES( + FLMUINT uiEncKeySize); + + RCODE generateWrappingKeyAES( + FLMUINT uiEncKeySize); + + RCODE generateWrappingKeyDES3( + FLMUINT uiEncKeySize); + + RCODE generateWrappingKeyDES( + FLMUINT uiEncKeySize); + + FLMUINT m_uiAlgType; + FLMBOOL m_bInitCalled; + FLMBOOL m_bKeyIsWrappingKey; + FLMBOOL m_bKeyVerified; + NICI_OBJECT_HANDLE m_keyHandle; // Handle to the clear key - we don't ever get the actual key. + FLMBYTE m_ucIV[ IV_SZ]; // Used when the algorithm type is DES, 3DES or AES + FLMBYTE m_ucRndIV[ IV_SZ]; // Used when the IV is stored with the data. + FLMUINT m_uiIVFactor; + NICI_CC_HANDLE m_hContext; + FLMUINT m_uiEncKeySize; + F_MUTEX m_hMutex; +}; + +/**************************************************************************** +Desc: +****************************************************************************/ +F_NICICCS::~F_NICICCS() { -#ifdef FLM_USE_NICI if( m_keyHandle) { if( !m_hContext) @@ -50,11 +242,9 @@ F_CCS::~F_CCS() // Get rid of the key handle. - if ( m_hContext) + if( m_hContext) { - CCS_DestroyObject( m_hContext, - m_keyHandle); - + CCS_DestroyObject( m_hContext, m_keyHandle); CCS_DestroyContext( m_hContext); } } @@ -63,27 +253,18 @@ F_CCS::~F_CCS() { f_mutexDestroy( &m_hMutex); } -#endif } -/*----------------------------------------------------------------------------- - * Desc: wrapNiciKey - Save the wrapped key in m_pKey. NOTE: Make sure - * there is a buffer allocated for the wrapped key (m_pucWrappedKey). - *---------------------------------------------------------------------------*/ -RCODE F_CCS::wrapKey( +/**************************************************************************** +Desc: Save the wrapped key in m_pKey. +Note: Make sure there is a buffer allocated for the wrapped key. +****************************************************************************/ +RCODE F_NICICCS::wrapKey( FLMBYTE ** ppucWrappedKey, FLMUINT32 * pui32Length, NICI_OBJECT_HANDLE masterWrappingKey) { RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( ppucWrappedKey); - F_UNREFERENCED_PARM( pui32Length); - F_UNREFERENCED_PARM( masterWrappingKey); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else NICI_ATTRIBUTE wKey[2]; NICI_ALGORITHM algorithm; NICI_PARAMETER_INFO parm[1]; @@ -109,11 +290,11 @@ RCODE F_CCS::wrapKey( f_mutexLock( m_hMutex); bLocked = TRUE; - /* Create NICI Context */ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -126,50 +307,51 @@ RCODE F_CCS::wrapKey( wKey[0].type = NICI_A_KEY_TYPE; wKey[1].type = NICI_A_KEY_SIZE; - if (RC_BAD( rc = CCS_GetAttributeValue( - m_hContext, - wrappingKeyHandle, - &wKey[0], - 2))) + if( RC_BAD( rc = CCS_GetAttributeValue( m_hContext, wrappingKeyHandle, + &wKey[0], 2))) { rc = RC_SET( NE_XFLM_NICI_ATTRIBUTE_VALUE); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - if (!wKey[0].u.f.hasValue || !wKey[1].u.f.hasValue) + if( !wKey[0].u.f.hasValue || !wKey[1].u.f.hasValue) { rc = RC_SET( NE_XFLM_NICI_BAD_ATTRIBUTE); goto Exit; } - switch (wKey[0].u.f.value) + switch( wKey[0].u.f.value) { case NICI_K_AES: { - switch (wKey[1].u.f.value) + switch( wKey[1].u.f.value) { case XFLM_NICI_AES128: { algorithm.algorithm = (nuint8 *)oid_aes128; break; } + case XFLM_NICI_AES192: { algorithm.algorithm = (nuint8 *)oid_aes192; break; } + case XFLM_NICI_AES256: { algorithm.algorithm = (nuint8 *)oid_aes256; break; } + default: { rc = RC_SET( NE_XFLM_INVALID_ENC_KEY_SIZE); goto Exit; } } + algorithm.parameter = parm; algorithm.parameterLen = sizeof(algorithm.parameter->parms[0])+ sizeof(algorithm.parameter->count); @@ -200,77 +382,51 @@ RCODE F_CCS::wrapKey( } } - // We should be able to call this with NULL for the wrapped key, to get the length. + // We should be able to call this with NULL for the + // wrapped key, to get the length. - if (RC_BAD( rc = CCS_WrapKey( - m_hContext, - &algorithm, - NICI_KM_UNSPECIFIED, - 0, - wrappingKeyHandle, - m_keyHandle, - (nuint8 *)NULL, - (pnuint32)pui32Length))) + if( RC_BAD( rc = CCS_WrapKey( m_hContext, &algorithm, NICI_KM_UNSPECIFIED, + 0, wrappingKeyHandle, m_keyHandle, (nuint8 *)NULL, + (pnuint32)pui32Length))) { rc = RC_SET( NE_XFLM_NICI_WRAPKEY_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - if (RC_BAD( rc = f_calloc( *pui32Length, ppucWrappedKey))) + if( RC_BAD( rc = f_calloc( *pui32Length, ppucWrappedKey))) { goto Exit; } - - if (RC_BAD( rc = CCS_WrapKey( - m_hContext, - &algorithm, - NICI_KM_UNSPECIFIED, - 0, - wrappingKeyHandle, - m_keyHandle, - (nuint8 *)*ppucWrappedKey, - (pnuint32)pui32Length))) + if( RC_BAD( rc = CCS_WrapKey( m_hContext, &algorithm, NICI_KM_UNSPECIFIED, + 0, wrappingKeyHandle, m_keyHandle, (nuint8 *)*ppucWrappedKey, + (pnuint32)pui32Length))) { rc = RC_SET( NE_XFLM_NICI_WRAPKEY_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } -#endif - Exit: -#ifdef FLM_USE_NICI if (bLocked) { f_mutexUnlock( m_hMutex); } -#endif - return(rc); } - -/*----------------------------------------------------------------------------- - * Desc: - unwrapKey - *---------------------------------------------------------------------------*/ -RCODE F_CCS::unwrapKey( +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::unwrapKey( FLMBYTE * pucWrappedKey, FLMUINT32 ui32WrappedKeyLength, NICI_OBJECT_HANDLE masterWrappingKey) { RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pucWrappedKey); - F_UNREFERENCED_PARM( ui32WrappedKeyLength); - F_UNREFERENCED_PARM( masterWrappingKey); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else NICI_ATTRIBUTE wKey; NICI_OBJECT_HANDLE wrappingKeyHandle; FLMBOOL bLocked = FALSE; @@ -290,10 +446,11 @@ RCODE F_CCS::unwrapKey( f_mutexLock( m_hMutex); bLocked = TRUE; - /* Create NICI Context */ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -301,36 +458,28 @@ RCODE F_CCS::unwrapKey( } } - if (RC_BAD( rc = CCS_UnwrapKey( - m_hContext, - wrappingKeyHandle, - (nuint8 *)pucWrappedKey, - ui32WrappedKeyLength, - &m_keyHandle))) + if( RC_BAD( rc = CCS_UnwrapKey( m_hContext, wrappingKeyHandle, + (nuint8 *)pucWrappedKey, ui32WrappedKeyLength, &m_keyHandle))) { rc = RC_SET( NE_XFLM_NICI_UNWRAPKEY_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } // We need to get the key size... - f_memset( &wKey, 0, sizeof(NICI_ATTRIBUTE)); + f_memset( &wKey, 0, sizeof( NICI_ATTRIBUTE)); wKey.type = NICI_A_KEY_SIZE; - if (RC_BAD( rc = CCS_GetAttributeValue( - m_hContext, - m_keyHandle, - &wKey, - 1))) + if( RC_BAD( rc = CCS_GetAttributeValue( m_hContext, m_keyHandle, &wKey, 1))) { rc = RC_SET( NE_XFLM_NICI_ATTRIBUTE_VALUE); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - if (!wKey.u.f.hasValue) + if( !wKey.u.f.hasValue) { rc = RC_SET( NE_XFLM_NICI_BAD_ATTRIBUTE); goto Exit; @@ -338,36 +487,24 @@ RCODE F_CCS::unwrapKey( m_uiEncKeySize = wKey.u.f.value; -#endif - Exit: -#ifdef FLM_USE_NICI - if (bLocked) + if( bLocked) { f_mutexUnlock( m_hMutex); } -#endif - return(rc); } -/*----------------------------------------------------------------------------- - * Desc: generateEncryptionKey - *---------------------------------------------------------------------------*/ -RCODE F_CCS::generateEncryptionKey( - FLMUINT uiEncKeySize - ) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::generateEncryptionKey( + FLMUINT uiEncKeySize) { RCODE rc = NE_XFLM_OK; -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( uiEncKeySize); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - switch( m_uiAlgType) { case FLM_NICI_AES: @@ -375,11 +512,13 @@ RCODE F_CCS::generateEncryptionKey( rc = generateEncryptionKeyAES( uiEncKeySize); break; } + case FLM_NICI_DES3: { rc = generateEncryptionKeyDES3( uiEncKeySize); break; } + default: { flmAssert( 0); @@ -388,42 +527,32 @@ RCODE F_CCS::generateEncryptionKey( } } -#endif - Exit: - return rc; - + return( rc); } -/*----------------------------------------------------------------------------- - * Desc: generateEncryptionKey - *---------------------------------------------------------------------------*/ -RCODE F_CCS::generateEncryptionKeyAES( - FLMUINT uiEncKeySize - ) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::generateEncryptionKeyAES( + FLMUINT uiEncKeySize) { - RCODE rc = NE_XFLM_OK; - - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( uiEncKeySize); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - NICI_ALGORITHM algorithm; - NICI_ATTRIBUTE keyAttr[3]; - nbool8 keySizeChanged; - FLMBYTE oid_aes128[] = {IDV_AES128CBC}; - FLMBYTE oid_aes192[] = {IDV_AES192CBC}; - FLMBYTE oid_aes256[] = {IDV_AES256CBC}; + RCODE rc = NE_XFLM_OK; + NICI_ALGORITHM algorithm; + NICI_ATTRIBUTE keyAttr[3]; + nbool8 keySizeChanged; + FLMBYTE oid_aes128[] = {IDV_AES128CBC}; + FLMBYTE oid_aes192[] = {IDV_AES192CBC}; + FLMBYTE oid_aes256[] = {IDV_AES256CBC}; f_mutexLock( m_hMutex); - /* Create NICI Context */ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -431,34 +560,40 @@ RCODE F_CCS::generateEncryptionKeyAES( } } - /* Set up AES Algorithm*/ - switch (uiEncKeySize) + // Set up AES Algorithm + + switch( uiEncKeySize) { case XFLM_NICI_AES128: { algorithm.algorithm = (nuint8 *)oid_aes128; break; } + case XFLM_NICI_AES192: { algorithm.algorithm = (nuint8 *)oid_aes192; break; } + case XFLM_NICI_AES256: { algorithm.algorithm = (nuint8 *)oid_aes256; break; } + default: { rc = RC_SET( NE_XFLM_INVALID_ENC_KEY_SIZE); goto Exit; } } + algorithm.parameterLen = 0; algorithm.parameter = NULL; - /* Set up key attributes */ + // Set up key attributes + keyAttr[0].type = NICI_A_KEY_USAGE; keyAttr[0].u.f.hasValue = 1; keyAttr[0].u.f.value = NICI_F_DATA_ENCRYPT | NICI_F_DATA_DECRYPT | NICI_F_EXTRACT; @@ -474,84 +609,60 @@ RCODE F_CCS::generateEncryptionKeyAES( keyAttr[2].u.f.value = N_TRUE; keyAttr[2].u.f.valueInfo = 0; - /*Generate a AES key */ + // Generate a AES key - if (RC_BAD( rc = CCS_GenerateKey( - m_hContext, - &algorithm, - keyAttr, - 3, - &keySizeChanged, - &m_keyHandle, - NICI_H_INVALID))) + if( RC_BAD( rc = CCS_GenerateKey( m_hContext, &algorithm, keyAttr, 3, + &keySizeChanged, &m_keyHandle, NICI_H_INVALID))) { rc = RC_SET( NE_XFLM_NICI_GENKEY_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } // Generate some IV to use with this key. - if (RC_BAD( rc = CCS_GetRandom( - m_hContext, - (nuint8 *)m_ucIV, - IV_SZ))) + if( RC_BAD( rc = CCS_GetRandom( m_hContext, (nuint8 *)m_ucIV, IV_SZ))) { rc = RC_SET( NE_XFLM_NICI_BAD_RANDOM); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } m_uiEncKeySize = uiEncKeySize; -#endif - Exit: -#ifdef FLM_USE_NICI - f_mutexUnlock( m_hMutex); - -#endif - return(rc); - } -/*----------------------------------------------------------------------------- - * Desc: generateEncryptionKey - DES3 - *---------------------------------------------------------------------------*/ -RCODE F_CCS::generateEncryptionKeyDES3( - FLMUINT uiEncKeySize - ) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::generateEncryptionKeyDES3( + FLMUINT uiEncKeySize) { - RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( uiEncKeySize); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - NICI_ALGORITHM algorithm; - NICI_ATTRIBUTE keyAttr[3]; - nbool8 keySizeChanged; - FLMBYTE oid_des3[] = {IDV_DES_EDE3_CBC_IV8}; + RCODE rc = NE_XFLM_OK; + NICI_ALGORITHM algorithm; + NICI_ATTRIBUTE keyAttr[3]; + nbool8 keySizeChanged; + FLMBYTE oid_des3[] = {IDV_DES_EDE3_CBC_IV8}; f_mutexLock( m_hMutex); // Only one DES3 key size supported. - if (uiEncKeySize != XFLM_NICI_DES3X) + if( uiEncKeySize != XFLM_NICI_DES3X) { rc = RC_SET( NE_XFLM_INVALID_ENC_KEY_SIZE); goto Exit; } - /* Create NICI Context */ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -559,12 +670,14 @@ RCODE F_CCS::generateEncryptionKeyDES3( } } - /* Set up AES Algorithm*/ + // Set up AES Algorithm + algorithm.algorithm = (nuint8 *)oid_des3; algorithm.parameterLen = 0; algorithm.parameter = NULL; - /* Set up key attributes */ + // Set up key attributes + keyAttr[0].type = NICI_A_KEY_USAGE; keyAttr[0].u.f.hasValue = 1; keyAttr[0].u.f.value = NICI_F_DATA_ENCRYPT | NICI_F_DATA_DECRYPT | NICI_F_EXTRACT; @@ -580,64 +693,40 @@ RCODE F_CCS::generateEncryptionKeyDES3( keyAttr[2].u.f.value = N_TRUE; keyAttr[2].u.f.valueInfo = 0; - /*Generate a AES key */ + // Generate a AES key - if (RC_BAD( rc = CCS_GenerateKey( - m_hContext, - &algorithm, - keyAttr, - 3, - &keySizeChanged, - &m_keyHandle, - NICI_H_INVALID))) + if( RC_BAD( rc = CCS_GenerateKey( m_hContext, &algorithm, keyAttr, + 3, &keySizeChanged, &m_keyHandle, NICI_H_INVALID))) { rc = RC_SET( NE_XFLM_NICI_GENKEY_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } // Generate some IV to use with this key. - if (RC_BAD( rc = CCS_GetRandom( - m_hContext, - (nuint8 *)m_ucIV, - IV_SZ))) + if( RC_BAD( rc = CCS_GetRandom( m_hContext, (nuint8 *)m_ucIV, IV_SZ))) { rc = RC_SET( NE_XFLM_NICI_BAD_RANDOM); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } m_uiEncKeySize = uiEncKeySize; -#endif - Exit: -#ifdef FLM_USE_NICI - f_mutexUnlock( m_hMutex); - -#endif - - return(rc); - + return( rc); } -/*----------------------------------------------------------------------------- - * Desc: generateWrappingKey - *---------------------------------------------------------------------------*/ -RCODE F_CCS::generateWrappingKey( - FLMUINT uiEncKeySize - ) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::generateWrappingKey( + FLMUINT uiEncKeySize) { - RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( uiEncKeySize); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else + RCODE rc = NE_XFLM_OK; switch( m_uiAlgType) { @@ -646,54 +735,46 @@ RCODE F_CCS::generateWrappingKey( rc = generateWrappingKeyAES( uiEncKeySize); break; } + case FLM_NICI_DES3: { rc = generateWrappingKeyDES3( uiEncKeySize); break; } + default: { - flmAssert( 0); - rc = RC_SET( NE_XFLM_NICI_INVALID_ALGORITHM); + rc = RC_SET_AND_ASSERT( NE_XFLM_NICI_INVALID_ALGORITHM); goto Exit; } } -#endif - Exit: - return rc; - + return( rc); } -/*----------------------------------------------------------------------------- - * Desc: generateWrappingKeyAES - generates an AES wrapping key - *---------------------------------------------------------------------------*/ -RCODE F_CCS::generateWrappingKeyAES( - FLMUINT uiEncKeySize) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::generateWrappingKeyAES( + FLMUINT uiEncKeySize) { - RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( uiEncKeySize); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - NICI_ALGORITHM algorithm; - NICI_ATTRIBUTE keyAttr[6]; - nbool8 keySizeChanged; - FLMBYTE oid_aes128[] = {IDV_AES128CBC}; - FLMBYTE oid_aes192[] = {IDV_AES192CBC}; - FLMBYTE oid_aes256[] = {IDV_AES256CBC}; + RCODE rc = NE_XFLM_OK; + NICI_ALGORITHM algorithm; + NICI_ATTRIBUTE keyAttr[6]; + nbool8 keySizeChanged; + FLMBYTE oid_aes128[] = {IDV_AES128CBC}; + FLMBYTE oid_aes192[] = {IDV_AES192CBC}; + FLMBYTE oid_aes256[] = {IDV_AES256CBC}; f_mutexLock( m_hMutex); - /* Create NICI Context */ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -701,8 +782,9 @@ RCODE F_CCS::generateWrappingKeyAES( } } - /* Set up AES Algorithm*/ - switch (uiEncKeySize) + // Set up AES Algorithm + + switch( uiEncKeySize) { case XFLM_NICI_AES128: { @@ -711,6 +793,7 @@ RCODE F_CCS::generateWrappingKeyAES( keyAttr[1].u.v.valueLen = (nuint32)sizeof( oid_aes128); break; } + case XFLM_NICI_AES192: { algorithm.algorithm = (nuint8 *)oid_aes192; @@ -718,6 +801,7 @@ RCODE F_CCS::generateWrappingKeyAES( keyAttr[1].u.v.valueLen = (nuint32)sizeof( oid_aes192); break; } + case XFLM_NICI_AES256: { algorithm.algorithm = (nuint8 *)oid_aes256; @@ -725,16 +809,19 @@ RCODE F_CCS::generateWrappingKeyAES( keyAttr[1].u.v.valueLen = (nuint32)sizeof( oid_aes256); break; } + default: { rc = RC_SET( NE_XFLM_INVALID_ENC_KEY_SIZE); goto Exit; } } + algorithm.parameterLen = 0; algorithm.parameter = NULL; - /* Set up key attributes */ + // Set up key attributes + keyAttr[0].type = NICI_A_KEY_TYPE; keyAttr[0].u.f.hasValue = 1; keyAttr[0].u.f.value = NICI_K_AES; @@ -745,7 +832,9 @@ RCODE F_CCS::generateWrappingKeyAES( keyAttr[2].type = NICI_A_KEY_USAGE; keyAttr[2].u.f.hasValue = 1; - keyAttr[2].u.f.value = NICI_F_WRAP | NICI_F_UNWRAP | NICI_F_KM_ENCRYPT | NICI_F_KM_DECRYPT | NICI_F_EXTRACT | NICI_F_DATA_ENCRYPT | NICI_F_DATA_DECRYPT; + keyAttr[2].u.f.value = NICI_F_WRAP | NICI_F_UNWRAP | NICI_F_KM_ENCRYPT | + NICI_F_KM_DECRYPT | NICI_F_EXTRACT | + NICI_F_DATA_ENCRYPT | NICI_F_DATA_DECRYPT; keyAttr[2].u.f.valueInfo = 0; keyAttr[3].type = NICI_A_KEY_SIZE; @@ -763,87 +852,63 @@ RCODE F_CCS::generateWrappingKeyAES( keyAttr[5].u.f.value = NICI_O_SECRET_KEY; keyAttr[5].u.f.valueInfo = 0; - /*Generate an AES wrapping key */ + // Generate an AES wrapping key - if (RC_BAD( rc = CCS_GenerateKey( - m_hContext, - &algorithm, - keyAttr, - 6, - &keySizeChanged, - &m_keyHandle, - NICI_H_INVALID))) + if( RC_BAD( rc = CCS_GenerateKey( m_hContext, &algorithm, keyAttr, 6, + &keySizeChanged, &m_keyHandle, NICI_H_INVALID))) { rc = RC_SET( NE_XFLM_NICI_GENKEY_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } // Generate some IV to use with this key. - if (RC_BAD( rc = CCS_GetRandom( - m_hContext, - (nuint8 *)m_ucIV, - IV_SZ))) + if( RC_BAD( rc = CCS_GetRandom( m_hContext, (nuint8 *)m_ucIV, IV_SZ))) { rc = RC_SET( NE_XFLM_NICI_BAD_RANDOM); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - // If we generated a wrapping key, then this object's key handle is actually a - // wrapping key. This means that we will use it to wrap the other keys in the - // system. + // If we generated a wrapping key, then this object's key handle is + // actually a wrapping key. This means that we will use it to wrap the + // other keys in the system. m_bKeyIsWrappingKey = TRUE; m_uiEncKeySize = uiEncKeySize; -#endif - Exit: -#ifdef FLM_USE_NICI - f_mutexUnlock( m_hMutex); - -#endif - return(rc); - } - -/*----------------------------------------------------------------------------- - * Desc: generateWrappingKeyDES3 - generates a triple DES (DES3) wrapping key - *---------------------------------------------------------------------------*/ -RCODE F_CCS::generateWrappingKeyDES3( - FLMUINT uiEncKeySize) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::generateWrappingKeyDES3( + FLMUINT uiEncKeySize) { - RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( uiEncKeySize); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - NICI_ALGORITHM algorithm; - NICI_ATTRIBUTE keyAttr[6]; - nbool8 keySizeChanged; - FLMBYTE oid_des3[] = {IDV_DES_EDE3_CBC_IV8}; + RCODE rc = NE_XFLM_OK; + NICI_ALGORITHM algorithm; + NICI_ATTRIBUTE keyAttr[ 6]; + nbool8 keySizeChanged; + FLMBYTE oid_des3[] = {IDV_DES_EDE3_CBC_IV8}; f_mutexLock( m_hMutex); - if (uiEncKeySize != XFLM_NICI_DES3X) + if( uiEncKeySize != XFLM_NICI_DES3X) { rc = RC_SET( NE_XFLM_INVALID_ENC_KEY_SIZE); goto Exit; } - /* Create NICI Context */ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -851,12 +916,13 @@ RCODE F_CCS::generateWrappingKeyDES3( } } - /* Set up AES Algorithm*/ + // Set up AES Algorithm + algorithm.algorithm = (nuint8 *)oid_des3; algorithm.parameterLen = 0; algorithm.parameter = NULL; - /* Set up key attributes */ + // Set up key attributes keyAttr[0].type = NICI_A_KEY_TYPE; keyAttr[0].u.f.hasValue = 1; @@ -870,7 +936,9 @@ RCODE F_CCS::generateWrappingKeyDES3( keyAttr[2].type = NICI_A_KEY_USAGE; keyAttr[2].u.f.hasValue = 1; - keyAttr[2].u.f.value = NICI_F_WRAP | NICI_F_UNWRAP | NICI_F_KM_ENCRYPT | NICI_F_KM_DECRYPT | NICI_F_EXTRACT | NICI_F_DATA_ENCRYPT | NICI_F_DATA_DECRYPT; + keyAttr[2].u.f.value = NICI_F_WRAP | NICI_F_UNWRAP | NICI_F_KM_ENCRYPT | + NICI_F_KM_DECRYPT | NICI_F_EXTRACT | + NICI_F_DATA_ENCRYPT | NICI_F_DATA_DECRYPT; keyAttr[2].u.f.valueInfo = 0; keyAttr[3].type = NICI_A_KEY_SIZE; @@ -888,98 +956,64 @@ RCODE F_CCS::generateWrappingKeyDES3( keyAttr[5].u.f.value = NICI_O_SECRET_KEY; keyAttr[5].u.f.valueInfo = 0; - /*Generate an AES wrapping key */ + // Generate an AES wrapping key - if (RC_BAD( rc = CCS_GenerateKey( - m_hContext, - &algorithm, - keyAttr, - 6, - &keySizeChanged, - &m_keyHandle, - NICI_H_INVALID))) + if( RC_BAD( rc = CCS_GenerateKey( m_hContext, &algorithm, keyAttr, 6, + &keySizeChanged, &m_keyHandle, NICI_H_INVALID))) { rc = RC_SET( NE_XFLM_NICI_GENKEY_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } // Generate some IV to use with this key. - if (RC_BAD( rc = CCS_GetRandom( - m_hContext, - (nuint8 *)m_ucIV, - IV_SZ))) + if( RC_BAD( rc = CCS_GetRandom( m_hContext, (nuint8 *)m_ucIV, IV_SZ))) { rc = RC_SET( NE_XFLM_NICI_BAD_RANDOM); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - // If we generated a wrapping key, then this object's key handle is actually a - // wrapping key. This means that we will use it to wrap the other keys in the - // system. + // If we generated a wrapping key, then this object's key handle is + // actually a wrapping key. This means that we will use it to wrap the + // other keys in the system. + m_bKeyIsWrappingKey = TRUE; m_uiEncKeySize = uiEncKeySize; -#endif - Exit: -#ifdef FLM_USE_NICI - f_mutexUnlock( m_hMutex); - -#endif - return(rc); - } -/*----------------------------------------------------------------------------- - * Desc: encryptToStore (public) - *---------------------------------------------------------------------------*/ -RCODE F_CCS::encryptToStore( +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::encryptToStore( FLMBYTE * pucIn, FLMUINT uiInLen, FLMBYTE * pucOut, FLMUINT * puiOutLen, FLMBYTE * pucIV) { - RCODE rc = NE_XFLM_OK; + RCODE rc = NE_XFLM_OK; -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pucIn); - F_UNREFERENCED_PARM( uiInLen); - F_UNREFERENCED_PARM( pucOut); - F_UNREFERENCED_PARM( puiOutLen); - F_UNREFERENCED_PARM( pucIV); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - - switch (m_uiAlgType) + switch( m_uiAlgType) { case FLM_NICI_AES: { - rc = encryptToStoreAES( - pucIn, - uiInLen, - pucOut, - puiOutLen, - pucIV); + rc = encryptToStoreAES( pucIn, uiInLen, pucOut, puiOutLen, pucIV); break; } + case FLM_NICI_DES3: { - rc = encryptToStoreDES3( - pucIn, - uiInLen, - pucOut, - puiOutLen, - pucIV); + rc = encryptToStoreDES3( pucIn, uiInLen, pucOut, puiOutLen, pucIV); break; } + default: { flmAssert( 0); @@ -988,108 +1022,74 @@ RCODE F_CCS::encryptToStore( } } -#endif - Exit: return rc; - } -/*----------------------------------------------------------------------------- - * Desc: decryptFromStore (public) - *---------------------------------------------------------------------------*/ -RCODE F_CCS::decryptFromStore( +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::decryptFromStore( + FLMBYTE * pucIn, + FLMUINT uiInLen, + FLMBYTE * pucOut, + FLMUINT * puiOutLen, + FLMBYTE * pucIV) +{ + RCODE rc = NE_XFLM_OK; + + switch( m_uiAlgType) + { + case FLM_NICI_AES: + { + rc = decryptFromStoreAES( pucIn, uiInLen, pucOut, puiOutLen, pucIV); + break; + } + + case FLM_NICI_DES3: + { + rc = decryptFromStoreDES3( pucIn, uiInLen, pucOut, puiOutLen, pucIV); + break; + } + + default: + { + rc = RC_SET_AND_ASSERT( NE_XFLM_NICI_INVALID_ALGORITHM); + goto Exit; + } + } + +Exit: + + return( rc); +} + +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::encryptToStoreAES( FLMBYTE * pucIn, FLMUINT uiInLen, FLMBYTE * pucOut, FLMUINT * puiOutLen, FLMBYTE * pucIV) { - RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pucIn); - F_UNREFERENCED_PARM( uiInLen); - F_UNREFERENCED_PARM( pucOut); - F_UNREFERENCED_PARM( puiOutLen); - F_UNREFERENCED_PARM( pucIV); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - - switch( m_uiAlgType) - { - case FLM_NICI_AES: - { - rc = decryptFromStoreAES( - pucIn, - uiInLen, - pucOut, - puiOutLen, - pucIV); - break; - } - case FLM_NICI_DES3: - { - rc = decryptFromStoreDES3( - pucIn, - uiInLen, - pucOut, - puiOutLen, - pucIV); - break; - } - default: - { - flmAssert( 0); - rc = RC_SET( NE_XFLM_NICI_INVALID_ALGORITHM); - goto Exit; - } - } - -#endif - -Exit: - - return rc; - -} - -/*----------------------------------------------------------------------------- - * Desc: encryptToStore - Using AES - *---------------------------------------------------------------------------*/ -RCODE F_CCS::encryptToStoreAES( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV) -{ - RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pucIn); - F_UNREFERENCED_PARM( uiInLen); - F_UNREFERENCED_PARM( pucOut); - F_UNREFERENCED_PARM( puiOutLen); - F_UNREFERENCED_PARM( pucIV); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - NICI_ALGORITHM algorithm; - NICI_PARAMETER_INFO parm[1]; - FLMBYTE oid_aes128[] = {IDV_AES128CBC}; - FLMBYTE oid_aes192[] = {IDV_AES192CBC}; - FLMBYTE oid_aes256[] = {IDV_AES256CBC}; + RCODE rc = NE_XFLM_OK; + NICI_ALGORITHM algorithm; + NICI_PARAMETER_INFO parm[1]; + FLMBYTE oid_aes128[] = {IDV_AES128CBC}; + FLMBYTE oid_aes192[] = {IDV_AES192CBC}; + FLMBYTE oid_aes256[] = {IDV_AES256CBC}; f_mutexLock( m_hMutex); - /* Create NICI Context*/ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -1097,36 +1097,40 @@ RCODE F_CCS::encryptToStoreAES( } } - switch (m_uiEncKeySize) + switch( m_uiEncKeySize) { case XFLM_NICI_AES128: { algorithm.algorithm = (nuint8 *)oid_aes128; break; } + case XFLM_NICI_AES192: { algorithm.algorithm = (nuint8 *)oid_aes192; break; } + case XFLM_NICI_AES256: { algorithm.algorithm = (nuint8 *)oid_aes256; break; } + default: { rc = RC_SET( NE_XFLM_INVALID_ENC_KEY_SIZE); goto Exit; } } + algorithm.parameterLen = sizeof(algorithm.parameter->parms[0])+ sizeof(algorithm.parameter->count); algorithm.parameter = parm; algorithm.parameter->count = 1; algorithm.parameter->parms[0].parmType = NICI_P_IV; - if (pucIV) + if( pucIV) { algorithm.parameter->parms[0].u.b.ptr = (nuint8 *)pucIV; } @@ -1137,75 +1141,53 @@ RCODE F_CCS::encryptToStoreAES( algorithm.parameter->parms[0].u.b.len = IV_SZ; - /* init encryption */ + // Init encryption - if (RC_BAD( rc = CCS_DataEncryptInit( m_hContext, &algorithm, m_keyHandle))) + if( RC_BAD( rc = CCS_DataEncryptInit( m_hContext, &algorithm, m_keyHandle))) { rc = RC_SET_AND_ASSERT( NE_XFLM_NICI_ENC_INIT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - if (RC_BAD( rc = CCS_Encrypt( - m_hContext, - (nuint8 *)pucIn, - uiInLen, - (nuint8 *)pucOut, - puiOutLen))) + if( RC_BAD( rc = CCS_Encrypt( m_hContext, (nuint8 *)pucIn, uiInLen, + (nuint8 *)pucOut, puiOutLen))) { rc = RC_SET( NE_XFLM_NICI_ENCRYPT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } -#endif - Exit: -#ifdef FLM_USE_NICI - f_mutexUnlock( m_hMutex); - -#endif - - return(rc); - + return( rc); } - -/*----------------------------------------------------------------------------- - * Desc: decryptFromStore - using the AES algorithm - *---------------------------------------------------------------------------*/ -RCODE F_CCS::decryptFromStoreAES( +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::decryptFromStoreAES( FLMBYTE * pucIn, FLMUINT uiInLen, FLMBYTE * pucOut, FLMUINT * puiOutLen, FLMBYTE * pucIV) { - RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pucIn); - F_UNREFERENCED_PARM( uiInLen); - F_UNREFERENCED_PARM( pucOut); - F_UNREFERENCED_PARM( puiOutLen); - F_UNREFERENCED_PARM( pucIV); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - NICI_ALGORITHM algorithm; - NICI_PARAMETER_INFO parm[1]; - FLMBYTE oid_aes128[] = {IDV_AES128CBC}; - FLMBYTE oid_aes192[] = {IDV_AES192CBC}; - FLMBYTE oid_aes256[] = {IDV_AES256CBC}; + RCODE rc = NE_XFLM_OK; + NICI_ALGORITHM algorithm; + NICI_PARAMETER_INFO parm[1]; + FLMBYTE oid_aes128[] = {IDV_AES128CBC}; + FLMBYTE oid_aes192[] = {IDV_AES192CBC}; + FLMBYTE oid_aes256[] = {IDV_AES256CBC}; f_mutexLock( m_hMutex); - /* Create NICI Context */ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -1213,36 +1195,40 @@ RCODE F_CCS::decryptFromStoreAES( } } - switch (m_uiEncKeySize) + switch( m_uiEncKeySize) { case XFLM_NICI_AES128: { algorithm.algorithm = (nuint8 *)oid_aes128; break; } + case XFLM_NICI_AES192: { algorithm.algorithm = (nuint8 *)oid_aes192; break; } + case XFLM_NICI_AES256: { algorithm.algorithm = (nuint8 *)oid_aes256; break; } + default: { rc = RC_SET( NE_XFLM_INVALID_ENC_KEY_SIZE); goto Exit; } } + algorithm.parameterLen = sizeof(algorithm.parameter->parms[0])+ sizeof(algorithm.parameter->count); algorithm.parameter = parm; algorithm.parameter->count = 1; algorithm.parameter->parms[0].parmType = NICI_P_IV; - if (pucIV) + if( pucIV) { algorithm.parameter->parms[0].u.b.ptr = (nuint8 *)pucIV; } @@ -1251,78 +1237,53 @@ RCODE F_CCS::decryptFromStoreAES( algorithm.parameter->parms[0].u.b.ptr = (nuint8 *)m_ucIV; } - algorithm.parameter->parms[0].u.b.len = IV_SZ; /* 16-byte IV */ + algorithm.parameter->parms[0].u.b.len = IV_SZ; - /* init encryption */ + // Init encryption - if (RC_BAD( rc = CCS_DataDecryptInit( - m_hContext, - &algorithm, - m_keyHandle))) + if( RC_BAD( rc = CCS_DataDecryptInit( m_hContext, &algorithm, m_keyHandle))) { rc = RC_SET( NE_XFLM_NICI_DECRYPT_INIT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - if (RC_BAD( rc = CCS_Decrypt( - m_hContext, - (nuint8 *)pucIn, - uiInLen, - (nuint8 *)pucOut, - puiOutLen))) + if( RC_BAD( rc = CCS_Decrypt( m_hContext, (nuint8 *)pucIn, uiInLen, + (nuint8 *)pucOut, puiOutLen))) { rc = RC_SET( NE_XFLM_NICI_DECRYPT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } -#endif - Exit: -#ifdef FLM_USE_NICI - f_mutexUnlock( m_hMutex); - -#endif - - return(rc); - + return( rc); } - -/*----------------------------------------------------------------------------- - * Desc: encryptToStore - Using DES3 - *---------------------------------------------------------------------------*/ -RCODE F_CCS::encryptToStoreDES3( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::encryptToStoreDES3( + FLMBYTE * pucIn, + FLMUINT uiInLen, + FLMBYTE * pucOut, + FLMUINT * puiOutLen, + FLMBYTE * pucIV) { - RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pucIn); - F_UNREFERENCED_PARM( uiInLen); - F_UNREFERENCED_PARM( pucOut); - F_UNREFERENCED_PARM( puiOutLen); - F_UNREFERENCED_PARM( pucIV); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - NICI_ALGORITHM algorithm; - NICI_PARAMETER_INFO parm[1]; - FLMBYTE oid_des3[] = {IDV_DES_EDE3_CBC_IV8}; + RCODE rc = NE_XFLM_OK; + NICI_ALGORITHM algorithm; + NICI_PARAMETER_INFO parm[1]; + FLMBYTE oid_des3[] = {IDV_DES_EDE3_CBC_IV8}; f_mutexLock( m_hMutex); - /* Create NICI Context*/ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -1337,7 +1298,7 @@ RCODE F_CCS::encryptToStoreDES3( algorithm.parameter->count = 1; algorithm.parameter->parms[0].parmType = NICI_P_IV; - if (pucIV) + if( pucIV) { algorithm.parameter->parms[0].u.b.ptr = (nuint8 *)pucIV; } @@ -1346,75 +1307,53 @@ RCODE F_CCS::encryptToStoreDES3( algorithm.parameter->parms[0].u.b.ptr = (nuint8 *)m_ucIV; } - algorithm.parameter->parms[0].u.b.len = IV_SZ8; /* 8-byte IV */ + algorithm.parameter->parms[0].u.b.len = IV_SZ8; - /* init encryption */ + // Init encryption - if (RC_BAD( rc = CCS_DataEncryptInit(m_hContext, &algorithm, m_keyHandle))) + if( RC_BAD( rc = CCS_DataEncryptInit( m_hContext, &algorithm, m_keyHandle))) { rc = RC_SET_AND_ASSERT( NE_XFLM_NICI_ENC_INIT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - if (RC_BAD( rc = CCS_Encrypt( - m_hContext, - (nuint8 *)pucIn, - uiInLen, - (nuint8 *)pucOut, - puiOutLen))) + if( RC_BAD( rc = CCS_Encrypt( m_hContext, (nuint8 *)pucIn, uiInLen, + (nuint8 *)pucOut, puiOutLen))) { rc = RC_SET( NE_XFLM_NICI_ENCRYPT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } -#endif - Exit: -#ifdef FLM_USE_NICI - f_mutexUnlock( m_hMutex); - -#endif - - return(rc); - + return( rc); } - -/*----------------------------------------------------------------------------- - * Desc: decryptFromStore - using the Triple DES (DES3) algorithm - *---------------------------------------------------------------------------*/ -RCODE F_CCS::decryptFromStoreDES3( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::decryptFromStoreDES3( + FLMBYTE * pucIn, + FLMUINT uiInLen, + FLMBYTE * pucOut, + FLMUINT * puiOutLen, + FLMBYTE * pucIV) { - RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pucIn); - F_UNREFERENCED_PARM( uiInLen); - F_UNREFERENCED_PARM( pucOut); - F_UNREFERENCED_PARM( puiOutLen); - F_UNREFERENCED_PARM( pucIV); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - NICI_ALGORITHM algorithm; - NICI_PARAMETER_INFO parm[1]; - FLMBYTE oid_des3[] = {IDV_DES_EDE3_CBC_IV8}; + RCODE rc = NE_XFLM_OK; + NICI_ALGORITHM algorithm; + NICI_PARAMETER_INFO parm[1]; + FLMBYTE oid_des3[] = {IDV_DES_EDE3_CBC_IV8}; f_mutexLock( m_hMutex); - /* Create NICI Context */ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -1422,7 +1361,8 @@ RCODE F_CCS::decryptFromStoreDES3( } } - /*Set up alogrithm now to do triple des decryption */ + // Set up alogrithm now to do triple des decryption + algorithm.algorithm = (nuint8 *)oid_des3; algorithm.parameterLen = sizeof(algorithm.parameter->parms[0])+ sizeof(algorithm.parameter->count); @@ -1430,7 +1370,7 @@ RCODE F_CCS::decryptFromStoreDES3( algorithm.parameter->count = 1; algorithm.parameter->parms[0].parmType = NICI_P_IV; - if (pucIV) + if( pucIV) { algorithm.parameter->parms[0].u.b.ptr = (nuint8 *)pucIV; } @@ -1439,62 +1379,40 @@ RCODE F_CCS::decryptFromStoreDES3( algorithm.parameter->parms[0].u.b.ptr = (nuint8 *)m_ucIV; } - algorithm.parameter->parms[0].u.b.len = IV_SZ8; /* 8-byte IV */ + algorithm.parameter->parms[0].u.b.len = IV_SZ8; - /* init encryption */ + // Init encryption - if (RC_BAD( rc = CCS_DataDecryptInit( - m_hContext, - &algorithm, - m_keyHandle))) + if( RC_BAD( rc = CCS_DataDecryptInit( m_hContext, &algorithm, m_keyHandle))) { rc = RC_SET( NE_XFLM_NICI_DECRYPT_INIT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - if (RC_BAD( rc = CCS_Decrypt( - m_hContext, - (nuint8 *)pucIn, - uiInLen, - (nuint8 *)pucOut, - puiOutLen))) + if( RC_BAD( rc = CCS_Decrypt( m_hContext, (nuint8 *)pucIn, uiInLen, + (nuint8 *)pucOut, puiOutLen))) { rc = RC_SET( NE_XFLM_NICI_DECRYPT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } -#endif - Exit: -#ifdef FLM_USE_NICI - f_mutexUnlock( m_hMutex); - -#endif - - return(rc); - + return( rc); } -/*----------------------------------------------------------------------------- - * Desc: init - Initialize the context. - *---------------------------------------------------------------------------*/ -RCODE F_CCS::init( +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::init( FLMBOOL bKeyIsWrappingKey, FLMUINT uiAlgType) { - RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( bKeyIsWrappingKey); - F_UNREFERENCED_PARM( uiAlgType); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - FLMBOOL bLocked = FALSE; + RCODE rc = NE_XFLM_OK; + FLMBOOL bLocked = FALSE; if (m_bInitCalled) { @@ -1504,8 +1422,7 @@ RCODE F_CCS::init( m_bKeyIsWrappingKey = bKeyIsWrappingKey; - if (uiAlgType != FLM_NICI_AES && - uiAlgType != FLM_NICI_DES3) + if( uiAlgType != FLM_NICI_AES && uiAlgType != FLM_NICI_DES3) { flmAssert( 0); rc = RC_SET( NE_XFLM_INVALID_ENC_ALGORITHM); @@ -1515,7 +1432,8 @@ RCODE F_CCS::init( m_uiAlgType = uiAlgType; // Create a mutex to control access to the nici operations. - if (RC_BAD( rc = f_mutexCreate( &m_hMutex))) + + if( RC_BAD( rc = f_mutexCreate( &m_hMutex))) { goto Exit; } @@ -1525,9 +1443,9 @@ RCODE F_CCS::init( // Create NICI Context - if ( !m_hContext) + if( !m_hContext) { - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -1536,72 +1454,57 @@ RCODE F_CCS::init( } else { - flmAssert( 0); // Should not have a context yet! + flmAssert( 0); } // Generate the Random IV - if (RC_BAD( rc = CCS_GetRandom( - m_hContext, - (nuint8 *)&m_ucRndIV, - IV_SZ))) + + if( RC_BAD( rc = CCS_GetRandom( m_hContext, (nuint8 *)&m_ucRndIV, IV_SZ))) { rc = RC_SET( NE_XFLM_NICI_BAD_RANDOM); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } // Generate an adjustment factor for the IV - if (RC_BAD( rc = CCS_GetRandom( - m_hContext, - (nuint8 *)&m_uiIVFactor, - sizeof(FLMUINT)))) + + if( RC_BAD( rc = CCS_GetRandom( m_hContext, (nuint8 *)&m_uiIVFactor, + sizeof( FLMUINT)))) { rc = RC_SET( NE_XFLM_NICI_BAD_RANDOM); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - m_bInitCalled = TRUE; -#endif - Exit: -#ifdef FLM_USE_NICI if (bLocked) { f_mutexUnlock( m_hMutex); } -#endif - - return rc; + return( rc); } -/*----------------------------------------------------------------------------- - * Desc: selectWrappingKey - pick a wrapping key that we can use to wrap & - * unwrap the encryption key with. - *---------------------------------------------------------------------------*/ -RCODE F_CCS::getWrappingKey( +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::getWrappingKey( NICI_OBJECT_HANDLE * pWrappingKeyHandle) { RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pWrappingKeyHandle); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else NICI_ATTRIBUTE find[2]; FLMUINT uiCount; f_mutexLock( m_hMutex); - /* Create NICI Context */ - if ( !m_hContext) + // Create NICI context + + if( !m_hContext) { - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -1619,66 +1522,44 @@ RCODE F_CCS::getWrappingKey( find[1].u.f.value = NICI_AV_STORAGE; find[1].u.f.valueInfo = 0; - if (RC_BAD( rc = CCS_FindObjectsInit(m_hContext, find, 2))) + if( RC_BAD( rc = CCS_FindObjectsInit( m_hContext, find, 2))) { rc = RC_SET( NE_XFLM_NICI_FIND_INIT); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } uiCount = 1; - if (RC_BAD( rc = CCS_FindObjects( - m_hContext, - pWrappingKeyHandle, - &uiCount))) + if( RC_BAD( rc = CCS_FindObjects( m_hContext, pWrappingKeyHandle, &uiCount))) { rc = RC_SET( NE_XFLM_NICI_FIND_OBJECT); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - if (uiCount < 1) + if( uiCount < 1) { rc = RC_SET( NE_XFLM_NICI_WRAPKEY_NOT_FOUND); goto Exit; } -#endif - Exit: -#ifdef FLM_USE_NICI - f_mutexUnlock( m_hMutex); - -#endif - - return(rc); + return( rc); } - -/*----------------------------------------------------------------------------- - * Desc: getKeyToStore - Function used to obtain the key information in the - * format that will be stored on disk. A buffer will be allocated by this - * function that **MUST** be freed when no longer needed. - *---------------------------------------------------------------------------*/ -RCODE F_CCS::getKeyToStore( - FLMBYTE ** ppucKeyInfo, - FLMUINT32 * pui32BufLen, - FLMBYTE * pszEncKeyPasswd, - F_CCS * pWrappingCcs) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::getKeyToStore( + FLMBYTE ** ppucKeyInfo, + FLMUINT32 * pui32BufLen, + FLMBYTE * pszEncKeyPasswd, + IF_CCS * pWrappingCcs) { RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( ppucKeyInfo); - F_UNREFERENCED_PARM( pui32BufLen); - F_UNREFERENCED_PARM( pszEncKeyPasswd); - F_UNREFERENCED_PARM( pWrappingCcs); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else FLMBYTE * pucTmp = NULL; FLMBYTE * pucPtr = NULL; FLMUINT32 ui32PaddedLength; @@ -1688,73 +1569,73 @@ RCODE F_CCS::getKeyToStore( NICI_OBJECT_HANDLE wrappingKeyHandle = 0; *ppucKeyInfo = NULL; - *pui32BufLen = 0; - if (pWrappingCcs) + if( pWrappingCcs) { flmAssert(m_bKeyIsWrappingKey == FALSE); wrappingKeyHandle = pWrappingCcs->m_keyHandle; } - else if (!pszEncKeyPasswd) + else if( !pszEncKeyPasswd) { flmAssert( m_bKeyIsWrappingKey); } // Either extract the key or wrap the key. - if (pszEncKeyPasswd && pszEncKeyPasswd[0]) + + if( pszEncKeyPasswd && pszEncKeyPasswd[ 0]) { // The password that is passed in to CCS_pbeEncrypt is NOT actually // unicode. It must be treated as a sequence of bytes that that is // terminated with 2 nulls and has an even length. If we treat it // as unicode, then we'll have endian issues if we move the database // to machines with different byte ordering. - if (RC_BAD( rc = f_calloc( f_strlen(pszEncKeyPasswd) + - (f_strlen(pszEncKeyPasswd) % 2) + 2, - &pszFormattedEncKeyPasswd))) + + if( RC_BAD( rc = f_calloc( f_strlen(pszEncKeyPasswd) + + (f_strlen(pszEncKeyPasswd) % 2) + 2, &pszFormattedEncKeyPasswd))) { goto Exit; } + f_strcpy( pszFormattedEncKeyPasswd, pszEncKeyPasswd); - if (RC_BAD( rc = extractKey( &pucWrappedKey, - &ui32WrappedKeyLen, - (FLMUNICODE *)pszFormattedEncKeyPasswd))) + if( RC_BAD( rc = extractKey( &pucWrappedKey, &ui32WrappedKeyLen, + (FLMUNICODE *)pszFormattedEncKeyPasswd))) { goto Exit; } } else { - if (RC_BAD( rc = wrapKey( &pucWrappedKey, - &ui32WrappedKeyLen, - wrappingKeyHandle))) + if( RC_BAD( rc = wrapKey( &pucWrappedKey, &ui32WrappedKeyLen, + wrappingKeyHandle))) { goto Exit; } } - // The shrouded or wrapped key will be stored in m_pKey. - ui32PaddedLength = (ui32WrappedKeyLen + - sizeof( FLMBOOL) + - sizeof (FLMUINT32) + - IV_SZ ); + // The shrouded or wrapped key will be stored in m_pKey + + ui32PaddedLength = (ui32WrappedKeyLen + sizeof( FLMBOOL) + + sizeof (FLMUINT32) + IV_SZ ); // Make sure our buffer size is padded to a 16 byte boundary. - if ((ui32PaddedLength % 16) != 0) + + if( (ui32PaddedLength % 16) != 0) { ui32PaddedLength += (16 - (ui32PaddedLength % 16)); } // Add one extra byte for a NULL terminator - if (RC_BAD(rc = f_alloc( ui32PaddedLength + 1, &pucTmp))) + + if( RC_BAD(rc = f_alloc( ui32PaddedLength + 1, &pucTmp))) { goto Exit; } - if ( !m_hContext) + if( !m_hContext) { - if (CCS_CreateContext( 0, &m_hContext)) + if( CCS_CreateContext( 0, &m_hContext)) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -1766,28 +1647,35 @@ RCODE F_CCS::getKeyToStore( // Save a flag indicating whether the key is wrapped or encoded in // a password. - UD2FBA( (pszEncKeyPasswd && pszEncKeyPasswd[0]) ? (FLMUINT)TRUE : (FLMUINT)FALSE, pucPtr); + + UD2FBA( (pszEncKeyPasswd && pszEncKeyPasswd[0]) + ? (FLMUINT)TRUE + : (FLMUINT)FALSE, pucPtr); + pucPtr += sizeof(FLMBOOL); // Copy the key length. + UD2FBA(ui32WrappedKeyLen, pucPtr); pucPtr += sizeof(FLMUINT32); // Copy the IV too. + f_memcpy( pucPtr, m_ucIV, IV_SZ); pucPtr += IV_SZ; // Copy the wrapped key value + f_memcpy( pucPtr, pucWrappedKey, ui32WrappedKeyLen); pucPtr += ui32WrappedKeyLen; // Fill the remainder of the buffer with random data. - if (CCS_GetRandom(m_hContext, - (nuint8 *)pucPtr, - ((FLMUINT)pucTmp + ui32PaddedLength) - (FLMUINT)pucPtr)) + + if( CCS_GetRandom( m_hContext, (nuint8 *)pucPtr, + ((FLMUINT)pucTmp + ui32PaddedLength) - (FLMUINT)pucPtr)) { rc = RC_SET( NE_XFLM_NICI_BAD_RANDOM); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } @@ -1796,48 +1684,35 @@ RCODE F_CCS::getKeyToStore( *pui32BufLen = ui32PaddedLength; pucTmp = NULL; -#endif - Exit: -#ifdef FLM_USE_NICI - if (pucTmp) + if( pucTmp) { f_free(&pucTmp); } - if (pucWrappedKey) + if( pucWrappedKey) { f_free( &pucWrappedKey); } - if (pszFormattedEncKeyPasswd) + if( pszFormattedEncKeyPasswd) { f_free( &pszFormattedEncKeyPasswd); } -#endif - return rc; + return( rc); } -/*----------------------------------------------------------------------------- - * Desc: setKeyFromStore - Function used to set the key info using the binary - * key stored on the disk. - *---------------------------------------------------------------------------*/ -RCODE F_CCS::setKeyFromStore( - FLMBYTE * pucKeyInfo, - FLMBYTE * pszEncKeyPasswd, - F_CCS * pWrappingCcs) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::setKeyFromStore( + FLMBYTE * pucKeyInfo, + FLMBYTE * pszEncKeyPasswd, + IF_CCS * pWrappingCcs) { RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pucKeyInfo); - F_UNREFERENCED_PARM( pszEncKeyPasswd); - F_UNREFERENCED_PARM( pWrappingCcs); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else FLMBYTE * pucTmp = pucKeyInfo; FLMBYTE * pucBuffer = NULL; FLMBOOL bShrouded = FALSE; @@ -1846,36 +1721,39 @@ RCODE F_CCS::setKeyFromStore( FLMBYTE * pszFormattedEncKeyPasswd = NULL; NICI_OBJECT_HANDLE wrappingKeyHandle = 0; - if (pWrappingCcs) + if( pWrappingCcs) { flmAssert(m_bKeyIsWrappingKey == FALSE); wrappingKeyHandle = pWrappingCcs->m_keyHandle; } // Extract the fields from the buffer - // Is the key shrouded? + bShrouded = FB2UD( pucTmp); pucTmp += sizeof(FLMUINT); // Actual length - note that the passed buffer is padded to 16 byte boundary. + ui32Length = FB2UD( pucTmp); pucTmp += sizeof(FLMUINT32); // Get the IV + f_memcpy( m_ucIV, pucTmp, IV_SZ); pucTmp += IV_SZ; // Need another temporary buffer to hold the encrypted / shrouded key. - if (RC_BAD( rc = f_alloc( ui32Length, &pucBuffer))) + + if( RC_BAD( rc = f_alloc( ui32Length, &pucBuffer))) { goto Exit; } f_memcpy( pucBuffer, pucTmp, ui32Length); - if (bShrouded) + if( bShrouded) { - if (pszEncKeyPasswd == NULL || pszEncKeyPasswd[0] == '\0') + if( pszEncKeyPasswd == NULL || pszEncKeyPasswd[0] == '\0') { rc = RC_SET( NE_XFLM_EXPECTING_PASSWORD); goto Exit; @@ -1886,28 +1764,29 @@ RCODE F_CCS::setKeyFromStore( // terminated with 2 nulls and has an even length. If we treat it // as unicode, then we'll have endian issues if we move the database // to machines with different byte ordering. - if (RC_BAD( rc = f_calloc( f_strlen(pszEncKeyPasswd) + - (f_strlen(pszEncKeyPasswd) % 2) + 2, - &pszFormattedEncKeyPasswd))) + + if( RC_BAD( rc = f_calloc( f_strlen(pszEncKeyPasswd) + + (f_strlen(pszEncKeyPasswd) % 2) + 2, &pszFormattedEncKeyPasswd))) { goto Exit; } + f_strcpy( pszFormattedEncKeyPasswd, pszEncKeyPasswd); // Unshroud the key using the password. // Key handle is always kept in m_keyHandle. - if (RC_BAD( rc = injectKey( pucBuffer, - ui32Length, - (FLMUNICODE *)pszFormattedEncKeyPasswd))) + + if( RC_BAD( rc = injectKey( pucBuffer, ui32Length, + (FLMUNICODE *)pszFormattedEncKeyPasswd))) { goto Exit; } } else { - if (pszEncKeyPasswd) + if( pszEncKeyPasswd) { - if ( pszEncKeyPasswd[0] != '\0') + if( pszEncKeyPasswd[0] != '\0') { rc = RC_SET( NE_XFLM_NOT_EXPECTING_PASSWORD); goto Exit; @@ -1915,9 +1794,8 @@ RCODE F_CCS::setKeyFromStore( } // Unwrap the key. The Key handle is always store in m_keyHandle. - if (RC_BAD( rc = unwrapKey( pucBuffer, - ui32Length, - wrappingKeyHandle))) + + if( RC_BAD( rc = unwrapKey( pucBuffer, ui32Length, wrappingKeyHandle))) { goto Exit; } @@ -1925,59 +1803,35 @@ RCODE F_CCS::setKeyFromStore( m_bKeyVerified = TRUE; -#endif - Exit: -#ifdef FLM_USE_NICI - if (pucBuffer) + if( pucBuffer) { f_free( &pucBuffer); } - if (pucKeyBuf) + if( pucKeyBuf) { f_free( &pucKeyBuf); } - if (pszFormattedEncKeyPasswd) + if( pszFormattedEncKeyPasswd) { f_free( &pszFormattedEncKeyPasswd); } -#endif - - return rc; - + return( rc); } -typedef struct -{ - FLMUINT uiKeyType; - FLMUINT uiFormatLen; - FLMUINT uiKeyLen; - FLMUINT uiKeySize; -} EXTRACTED_KEY; - -/*----------------------------------------------------------------------------- - * Desc: extractKey - Extract the key by encrypting it in a supplied password. The - * buffer ppucExtractedKey buffer is allocated and returned, thus *MUST* be released - * after it is no longer needed. - *---------------------------------------------------------------------------*/ -RCODE F_CCS::extractKey( - FLMBYTE ** ppucExtractedKey, - FLMUINT32 * pui32Length, - FLMUNICODE * puzEncKeyPasswd) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::extractKey( + FLMBYTE ** ppucExtractedKey, + FLMUINT32 * pui32Length, + FLMUNICODE * puzEncKeyPasswd) { RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( ppucExtractedKey); - F_UNREFERENCED_PARM( pui32Length); - F_UNREFERENCED_PARM( puzEncKeyPasswd); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else NICI_ALGORITHM algorithm; NICI_ATTRIBUTE keyAttr[2]; NICI_ATTRIBUTE attr[2]; @@ -1999,10 +1853,11 @@ RCODE F_CCS::extractKey( f_mutexLock( m_hMutex); - /* Create NICI Context */ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -2014,18 +1869,15 @@ RCODE F_CCS::extractKey( attr[0].type = NICI_A_KEY_TYPE; attr[1].type = NICI_A_KEY_FORMAT; - if (RC_BAD( rc = CCS_GetAttributeValue( - m_hContext, - m_keyHandle, - &attr[0], - 2))) + if( RC_BAD( rc = CCS_GetAttributeValue( m_hContext, + m_keyHandle, &attr[0], 2))) { rc = RC_SET( NE_XFLM_NICI_ATTRIBUTE_VALUE); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - if (!attr[0].u.f.hasValue) + if( !attr[0].u.f.hasValue) { rc = RC_SET( NE_XFLM_NICI_BAD_ATTRIBUTE); goto Exit; @@ -2033,24 +1885,27 @@ RCODE F_CCS::extractKey( f_memset( &keyAttr[0], 0, sizeof(NICI_ATTRIBUTE) * 2); - switch (attr[0].u.f.value) + switch( attr[0].u.f.value) { case NICI_K_AES: { uiIndx = 0; keyAttr[uiIndx].type = NICI_A_KEY_VALUE; - switch (m_uiEncKeySize) + + switch( m_uiEncKeySize) { case XFLM_NICI_AES128: { keyAttr[uiIndx].u.v.valueLen = 16; break; } + case XFLM_NICI_AES192: { keyAttr[uiIndx].u.v.valueLen = 24; break; } + case XFLM_NICI_AES256: { keyAttr[uiIndx].u.v.valueLen = 32; @@ -2061,9 +1916,9 @@ RCODE F_CCS::extractKey( uiIndx++; keyAttr[uiIndx].type = NICI_A_KEY_FORMAT; keyAttr[uiIndx].u.v.valueLen = attr[1].u.v.valueLen; - break; } + case NICI_K_DES3X: { uiIndx = 0; @@ -2074,8 +1929,8 @@ RCODE F_CCS::extractKey( keyAttr[uiIndx].type = NICI_A_KEY_FORMAT; keyAttr[uiIndx].u.v.valueLen = attr[1].u.v.valueLen; break; - } + case NICI_K_DES: { uiIndx = 0; @@ -2086,7 +1941,6 @@ RCODE F_CCS::extractKey( keyAttr[uiIndx].type = NICI_A_KEY_FORMAT; keyAttr[uiIndx].u.v.valueLen = attr[1].u.v.valueLen; break; - } default: @@ -2099,13 +1953,11 @@ RCODE F_CCS::extractKey( // Make one allocation that we can then use to hold several different things. - uiBufferSize = sizeof( EXTRACTED_KEY) + // pExtractedKey - attr[1].u.v.valueLen + // pucFormat - keyAttr[0].u.v.valueLen + // pucKey - sizeof (ucDigest); // pucDigest - uiAllocSize = uiBufferSize + - SALT_SZ + // Salt (not encrypted) - (sizeof(NICI_PARAMETER_DATA) * 2) + sizeof(FLMUINT32); // Parameter data (not encrypted) + uiBufferSize = sizeof( EXTRACTED_KEY) + attr[1].u.v.valueLen + + keyAttr[0].u.v.valueLen + sizeof (ucDigest); + + uiAllocSize = uiBufferSize + SALT_SZ + + (sizeof( NICI_PARAMETER_DATA) * 2) + sizeof( FLMUINT32); // Make sure the allocation size is on a 8 byte boundary @@ -2114,7 +1966,7 @@ RCODE F_CCS::extractKey( uiAllocSize += (8 - (uiAllocSize % 8)); } - if (RC_BAD( rc = f_calloc( uiAllocSize, &pExtractedKey))) + if( RC_BAD( rc = f_calloc( uiAllocSize, &pExtractedKey))) { goto Exit; } @@ -2123,30 +1975,25 @@ RCODE F_CCS::extractKey( pucFormat = (FLMBYTE *)keyAttr[1].u.v.valuePtr; keyAttr[0].u.v.valuePtr = pucFormat + attr[1].u.v.valueLen; pucKey = (FLMBYTE *)keyAttr[0].u.v.valuePtr; - pucSalt = (FLMBYTE *)pExtractedKey + uiBufferSize; - pParmInfo = (NICI_PARAMETER_INFO *)(pucSalt + SALT_SZ); // Make sure that pParmInfo is 8 byte alligned. - if ((FLMUINT)pParmInfo % 8) + if( (FLMUINT)pParmInfo % 8) { - FLMBYTE * pucTemp = (FLMBYTE *)pParmInfo + - (8 - ((FLMUINT)pParmInfo % 8)); + FLMBYTE * pucTemp; + + pucTemp = (FLMBYTE *)pParmInfo + (8 - ((FLMUINT)pParmInfo % 8)); pParmInfo = (NICI_PARAMETER_INFO *)pucTemp; } // Extracted the key value now - if (RC_BAD( rc = CCS_ExtractKey( - m_hContext, - m_keyHandle, - &keyAttr[0], - 2))) + if( RC_BAD( rc = CCS_ExtractKey( m_hContext, m_keyHandle, &keyAttr[0], 2))) { rc = RC_SET( NE_XFLM_EXTRACT_KEY_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } @@ -2156,24 +2003,19 @@ RCODE F_CCS::extractKey( algorithm.parameter = NULL; algorithm.parameterLen = 0; - if (RC_BAD( rc = CCS_DigestInit( - m_hContext, - &algorithm))) + if( RC_BAD( rc = CCS_DigestInit( m_hContext, &algorithm))) { rc = RC_SET( NE_XFLM_DIGEST_INIT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - if (RC_BAD( rc = CCS_Digest( - m_hContext, - (nuint8 *)pucFormat, - keyAttr[0].u.v.valueLen + attr[1].u.v.valueLen, - (nuint8 *)ucDigest, - &uiDigestLen))) + if( RC_BAD( rc = CCS_Digest( m_hContext, (nuint8 *)pucFormat, + keyAttr[0].u.v.valueLen + attr[1].u.v.valueLen, (nuint8 *)ucDigest, + &uiDigestLen))) { rc = RC_SET( NE_XFLM_DIGEST_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } @@ -2181,41 +2023,38 @@ RCODE F_CCS::extractKey( pucTempPtr = (FLMBYTE *)pExtractedKey; - UD2FBA( attr[0].u.f.value, pucTempPtr); //pExtractedKey->uiKeyType = attr[0].u.f.value; + UD2FBA( attr[0].u.f.value, pucTempPtr); pucTempPtr += 4; - UD2FBA( attr[1].u.v.valueLen, pucTempPtr); //pExtractedKey->uiFormatLen = attr[1].u.v.valueLen; + UD2FBA( attr[1].u.v.valueLen, pucTempPtr); pucTempPtr += 4; - UD2FBA( keyAttr[0].u.v.valueLen, pucTempPtr); //pExtractedKey->uiKeyLen = keyAttr[0].u.v.valueLen; + UD2FBA( keyAttr[0].u.v.valueLen, pucTempPtr); pucTempPtr += 4; - UD2FBA( m_uiEncKeySize, pucTempPtr); // pEncKey->uiKeySize = m_uiEncKeySize; + UD2FBA( m_uiEncKeySize, pucTempPtr); // Point to the Digest... - pTemp = (FLMBYTE *)&pExtractedKey[1] + - attr[1].u.v.valueLen + // Format length - keyAttr[0].u.v.valueLen; // Key length + pTemp = (FLMBYTE *)&pExtractedKey[1] + attr[1].u.v.valueLen + + keyAttr[0].u.v.valueLen; f_memcpy( pTemp, ucDigest, uiDigestLen); - // Generate some salt. + // Generate some salt - if (RC_BAD( rc = CCS_GetRandom( m_hContext, - (nuint8 *)pucSalt, - SALT_SZ))) + if( RC_BAD( rc = CCS_GetRandom( m_hContext, (nuint8 *)pucSalt, SALT_SZ))) { rc = RC_SET( NE_XFLM_NICI_BAD_RANDOM); - m_hContext = 0; // Context has been destroyed - pTemp = NULL; // don't want this to be freed + m_hContext = 0; + pTemp = NULL; goto Exit; } - // This buffer needs to be a separate allocation because it is returned to the caller. We will - // be returning the value of the SALT with the encrypted key. The call to CCS_pbeEncrypt - // may return an extra 8 bytes. + // This buffer needs to be a separate allocation because it is returned to + // the caller. We will be returning the value of the SALT with the + // encrypted key. The call to CCS_pbeEncrypt may return an extra 8 bytes. - if (RC_BAD( rc = f_alloc( uiBufferSize + SALT_SZ + 8, &pTemp))) + if( RC_BAD( rc = f_alloc( uiBufferSize + SALT_SZ + 8, &pTemp))) { goto Exit; } @@ -2223,8 +2062,7 @@ RCODE F_CCS::extractKey( // Now to encrypt the buffer. algorithm.algorithm = (nuint8 *)oid_pbe; - - pParmInfo->count = 2; // Two parameters + pParmInfo->count = 2; pParmInfo->parms[0].parmType = NICI_P_SALT; pParmInfo->parms[0].u.b.len = SALT_SZ; @@ -2234,21 +2072,15 @@ RCODE F_CCS::extractKey( pParmInfo->parms[1].u.value = SALT_COUNT; algorithm.parameter = pParmInfo; - algorithm.parameterLen = sizeof(NICI_PARAMETER_DATA) * 2 + sizeof(FLMUINT32); + algorithm.parameterLen = sizeof( NICI_PARAMETER_DATA) * 2 + sizeof( FLMUINT32); uiEncLen = uiBufferSize + 8; - if (RC_BAD( rc = CCS_pbeEncrypt( - m_hContext, - &algorithm, - puzEncKeyPasswd, - (nuint8 *)pExtractedKey, - uiBufferSize, - (nuint8 *)pTemp, - &uiEncLen))) + if( RC_BAD( rc = CCS_pbeEncrypt( m_hContext, &algorithm, puzEncKeyPasswd, + (nuint8 *)pExtractedKey, uiBufferSize, (nuint8 *)pTemp, &uiEncLen))) { rc = RC_SET( NE_XFLM_PBE_ENCRYPT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } @@ -2257,51 +2089,36 @@ RCODE F_CCS::extractKey( // Now add the salt to the end of the buffer. pTemp += uiEncLen; - f_memcpy( pTemp, pucSalt, SALT_SZ); - + pTemp = NULL; - *pui32Length = uiEncLen + SALT_SZ; -#endif - Exit: -#ifdef FLM_USE_NICI - if (pTemp) + + if( pTemp) { f_free( &pTemp); } - if (pucKey) + if( pucKey) { f_free( &pExtractedKey); } f_mutexUnlock( m_hMutex); - -#endif return(rc); } - -/*----------------------------------------------------------------------------- - * Desc: injectKey - Inject the encrypting key using the supplied password. - *---------------------------------------------------------------------------*/ -RCODE F_CCS::injectKey( - FLMBYTE * pszExtractedKey, - FLMUINT32 ui32Length, - FLMUNICODE * puzEncKeyPasswd) +/**************************************************************************** +Desc: +****************************************************************************/ +RCODE F_NICICCS::injectKey( + FLMBYTE * pszExtractedKey, + FLMUINT32 ui32Length, + FLMUNICODE * puzEncKeyPasswd) { - RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pszExtractedKey); - F_UNREFERENCED_PARM( ui32Length); - F_UNREFERENCED_PARM( puzEncKeyPasswd); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else + RCODE rc = NE_XFLM_OK; NICI_ALGORITHM algorithm; NICI_ATTRIBUTE keyAttr[7]; FLMBYTE oid_sha1[] = {IDV_SHA1}; @@ -2322,10 +2139,11 @@ RCODE F_CCS::injectKey( f_mutexLock( m_hMutex); - /* Create NICI Context */ - if ( !m_hContext) + // Create NICI Context + + if( !m_hContext) { - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -2334,27 +2152,25 @@ RCODE F_CCS::injectKey( } // Extract the SALT from the key buffer. + pucSalt = pszExtractedKey + (ui32Length - SALT_SZ); ui32Length -= SALT_SZ; // Make one allocation and point into it for the different buffers we need. - uiAllocSize = ui32Length + - sizeof(NICI_PARAMETER_DATA) * 2 + sizeof(FLMUINT32); + uiAllocSize = ui32Length + sizeof( NICI_PARAMETER_DATA) * 2 + sizeof( FLMUINT32); - if (RC_BAD( rc = f_calloc( uiAllocSize, &pucBuffer))) + if( RC_BAD( rc = f_calloc( uiAllocSize, &pucBuffer))) { goto Exit; } pParmInfo = (NICI_PARAMETER_INFO *)(pucBuffer + ui32Length); - // Now to decrypt the buffer. algorithm.algorithm = (nuint8 *)oid_pbe; - - pParmInfo->count = 2; // Two parameters + pParmInfo->count = 2; pParmInfo->parms[0].parmType = NICI_P_SALT; pParmInfo->parms[0].u.b.len = SALT_SZ; @@ -2368,17 +2184,11 @@ RCODE F_CCS::injectKey( uiEncLen = ui32Length; - if (RC_BAD( rc = CCS_pbeDecrypt( - m_hContext, - &algorithm, - puzEncKeyPasswd, - (nuint8 *)pszExtractedKey, - ui32Length, - (nuint8 *)pucBuffer, - &uiEncLen))) + if( RC_BAD( rc = CCS_pbeDecrypt( m_hContext, &algorithm, puzEncKeyPasswd, + (nuint8 *)pszExtractedKey, ui32Length, (nuint8 *)pucBuffer, &uiEncLen))) { rc = RC_SET( NE_XFLM_PBE_DECRYPT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } @@ -2407,52 +2217,46 @@ RCODE F_CCS::injectKey( algorithm.parameter = NULL; algorithm.parameterLen = 0; - if (RC_BAD( rc = CCS_DigestInit( - m_hContext, - &algorithm))) + if( RC_BAD( rc = CCS_DigestInit( m_hContext, &algorithm))) { rc = RC_SET( NE_XFLM_DIGEST_INIT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } pTemp = (FLMBYTE *)&pExtractedKey[ 1]; - if (RC_BAD( rc = CCS_Digest( - m_hContext, - (nuint8 *)pTemp, - pExtractedKey->uiFormatLen + - pExtractedKey->uiKeyLen, - (nuint8 *)ucDigest, - &uiDigestLen))) + if( RC_BAD( rc = CCS_Digest( m_hContext, (nuint8 *)pTemp, + pExtractedKey->uiFormatLen + pExtractedKey->uiKeyLen, (nuint8 *)ucDigest, + &uiDigestLen))) { rc = RC_SET( NE_XFLM_DIGEST_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } flmAssert( uiDigestLen == sizeof( ucDigest)); // Now compare the two digests. They must be equal! + pTemp += pExtractedKey->uiKeyLen + pExtractedKey->uiFormatLen; - if (f_memcmp( pTemp, ucDigest, uiDigestLen)) + if( f_memcmp( pTemp, ucDigest, uiDigestLen)) { rc = RC_SET( NE_XFLM_INVALID_ENCKEY_CRC); goto Exit; } - pucFormat = (FLMBYTE *)&pExtractedKey[1]; // Point to the format - pKey = pucFormat + pExtractedKey->uiFormatLen; // Point to the key. + pucFormat = (FLMBYTE *)&pExtractedKey[ 1]; + pKey = pucFormat + pExtractedKey->uiFormatLen; uiIndx = 0; f_memset( &keyAttr[0], 0, sizeof(NICI_ATTRIBUTE) * 7); - switch (pExtractedKey->uiKeyType) + switch( pExtractedKey->uiKeyType) { case NICI_K_AES: { - /* Set key attributes */ uiIndx = 0; keyAttr[uiIndx].type = NICI_A_KEY_TYPE; keyAttr[uiIndx].u.f.hasValue = 1; @@ -2468,7 +2272,10 @@ RCODE F_CCS::injectKey( uiIndx++; keyAttr[uiIndx].type = NICI_A_KEY_USAGE; keyAttr[uiIndx].u.f.hasValue = 1; - keyAttr[uiIndx].u.f.value = NICI_F_WRAP | NICI_F_UNWRAP | NICI_F_KM_ENCRYPT | NICI_F_KM_DECRYPT | NICI_F_EXTRACT | NICI_F_DATA_ENCRYPT | NICI_F_DATA_DECRYPT; + keyAttr[uiIndx].u.f.value = NICI_F_WRAP | NICI_F_UNWRAP | + NICI_F_KM_ENCRYPT | NICI_F_KM_DECRYPT | + NICI_F_EXTRACT | NICI_F_DATA_ENCRYPT | + NICI_F_DATA_DECRYPT; keyAttr[uiIndx].u.f.valueInfo = 0; uiIndx++; @@ -2496,9 +2303,9 @@ RCODE F_CCS::injectKey( keyAttr[uiIndx].u.f.valueInfo = 0; break; } + case NICI_K_DES3X: { - /* Set key attributes */ uiIndx = 0; keyAttr[uiIndx].type = NICI_A_KEY_TYPE; keyAttr[uiIndx].u.f.hasValue = 1; @@ -2514,7 +2321,10 @@ RCODE F_CCS::injectKey( uiIndx++; keyAttr[uiIndx].type = NICI_A_KEY_USAGE; keyAttr[uiIndx].u.f.hasValue = 1; - keyAttr[uiIndx].u.f.value = NICI_F_WRAP | NICI_F_UNWRAP | NICI_F_KM_ENCRYPT | NICI_F_KM_DECRYPT | NICI_F_EXTRACT | NICI_F_DATA_ENCRYPT | NICI_F_DATA_DECRYPT; + keyAttr[uiIndx].u.f.value = NICI_F_WRAP | NICI_F_UNWRAP | + NICI_F_KM_ENCRYPT | NICI_F_KM_DECRYPT | + NICI_F_EXTRACT | NICI_F_DATA_ENCRYPT | + NICI_F_DATA_DECRYPT; keyAttr[uiIndx].u.f.valueInfo = 0; uiIndx++; @@ -2542,6 +2352,7 @@ RCODE F_CCS::injectKey( keyAttr[uiIndx].u.f.valueInfo = 0; break; } + default: { flmAssert( 0); @@ -2550,71 +2361,57 @@ RCODE F_CCS::injectKey( } } - if (RC_BAD( rc = CCS_InjectKey( - m_hContext, - &keyAttr[0], - 7, - &m_keyHandle))) + if( RC_BAD( rc = CCS_InjectKey( m_hContext, &keyAttr[0], 7, &m_keyHandle))) { rc = RC_SET( NE_XFLM_INJECT_KEY_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } -#endif - Exit: -#ifdef FLM_USE_NICI - if (pucBuffer) + + if( pucBuffer) { f_free( &pucBuffer); } f_mutexUnlock( m_hMutex); - -#endif - - return(rc); + return( rc); } - /**************************************************************************** Desc: getIVLen returns the correct length of the IV for the type of algorithm. ****************************************************************************/ -FLMUINT F_CCS::getIVLen() +FLMUINT F_NICICCS::getIVLen() { - -#ifndef FLM_USE_NICI - return 0; -#else - switch (m_uiAlgType) + switch( m_uiAlgType) { case FLM_NICI_AES: - return IV_SZ; + { + return( IV_SZ); + } + case FLM_NICI_DES3: - return IV_SZ8; + { + return( IV_SZ8); + } + default: - return 0; + { + return( 0); + } } -#endif } /**************************************************************************** Desc: generateIV will generate a random set of bytes to be used as IV. ****************************************************************************/ -RCODE F_CCS::generateIV( +RCODE F_NICICCS::generateIV( FLMUINT uiIVLen, FLMBYTE * pucIV) { RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( uiIVLen); - F_UNREFERENCED_PARM( pucIV); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else FLMUINT uiLoop; NICI_ALGORITHM algorithm; FLMBYTE oid_sha1[] = {IDV_SHA1}; @@ -2623,7 +2420,7 @@ RCODE F_CCS::generateIV( FLMBYTE ucIVBuffer[ IV_SZ * 2]; FLMUINT uiIVBufferLen = sizeof(ucIVBuffer); - if (!uiIVLen) + if( !uiIVLen) { goto Exit; } @@ -2631,11 +2428,11 @@ RCODE F_CCS::generateIV( f_mutexLock( m_hMutex); bLocked = TRUE; - /* Create NICI Context */ + // Create NICI Context - if ( !m_hContext) + if( !m_hContext) { - if (RC_BAD( rc = CCS_CreateContext(0, &m_hContext))) + if( RC_BAD( rc = CCS_CreateContext( 0, &m_hContext))) { rc = RC_SET( NE_XFLM_NICI_CONTEXT); m_hContext = 0; @@ -2645,34 +2442,28 @@ RCODE F_CCS::generateIV( // See if it is time to reinitialize the Random IV. - if ((m_uiIVFactor & 0x07FF) == 0) + if( (m_uiIVFactor & 0x07FF) == 0) { // Generate the Random IV - if (RC_BAD( rc = CCS_GetRandom( - m_hContext, - (nuint8 *)&m_ucRndIV, - IV_SZ))) + if( RC_BAD( rc = CCS_GetRandom( m_hContext, (nuint8 *)&m_ucRndIV, IV_SZ))) { rc = RC_SET( NE_XFLM_NICI_BAD_RANDOM); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } // Generate an adjustment factor for the IV - if (RC_BAD( rc = CCS_GetRandom( - m_hContext, - (nuint8 *)&m_uiIVFactor, - sizeof(FLMUINT)))) + if( RC_BAD( rc = CCS_GetRandom( m_hContext, (nuint8 *)&m_uiIVFactor, + sizeof( FLMUINT)))) { rc = RC_SET( NE_XFLM_NICI_BAD_RANDOM); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } } - // Increment each byte of the IV by the IV Factor for( uiLoop = 0; uiLoop < IV_SZ; uiLoop++) @@ -2687,305 +2478,87 @@ RCODE F_CCS::generateIV( algorithm.parameter = NULL; algorithm.parameterLen = 0; - if (RC_BAD( rc = CCS_DigestInit( - m_hContext, - &algorithm))) + if( RC_BAD( rc = CCS_DigestInit( m_hContext, &algorithm))) { rc = RC_SET( NE_XFLM_DIGEST_INIT_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } - if (RC_BAD( rc = CCS_Digest( - m_hContext, - (nuint8 *)m_ucRndIV, - uiIVLen, - (nuint8 *)ucIVBuffer, - &uiIVBufferLen))) + if( RC_BAD( rc = CCS_Digest( m_hContext, (nuint8 *)m_ucRndIV, uiIVLen, + (nuint8 *)ucIVBuffer, &uiIVBufferLen))) { rc = RC_SET( NE_XFLM_DIGEST_FAILED); - m_hContext = 0; // Context has been destroyed + m_hContext = 0; goto Exit; } // Return the new IV! f_memcpy( pucIV, ucIVBuffer, uiIVLen); - m_uiIVFactor++; -#endif - Exit: -#ifdef FLM_USE_NICI - if (bLocked) + if( bLocked) { f_mutexUnlock( m_hMutex); } -#endif - - return rc; -} - - -/**************************************************************************** -Desc: flmDecryptBuffer - assumes aes -****************************************************************************/ -RCODE flmDecryptBuffer( - FLMBYTE * pucBuffer, - FLMUINT * puiBufLen) -{ - RCODE rc = NE_XFLM_OK; - - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pucBuffer); - F_UNREFERENCED_PARM( puiBufLen); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - NICI_CC_HANDLE context = 0; - NICI_ATTRIBUTE find[2]; - NICI_OBJECT_HANDLE serverKeyHdl = 0; - FLMUINT uiCount; - NICI_ALGORITHM algorithm; - NICI_PARAMETER_INFO parm[1]; - FLMBYTE oid_aes[] = {IDV_AES128CBC}; - FLMBYTE pucIV[ IV_SZ]; - - /* Create NICI Context */ - - if (RC_BAD( rc = CCS_CreateContext(0, &context))) - { - rc = RC_SET( NE_XFLM_NICI_CONTEXT); - goto Exit; - } - - find[0].type = NICI_A_GLOBAL; - find[0].u.f.hasValue = 1; - find[0].u.f.value = 1; - find[0].u.f.valueInfo = 0; - - find[1].type = NICI_A_FEATURE; - find[1].u.f.hasValue = 1; - find[1].u.f.value = NICI_F_DATA_ENCRYPT | NICI_F_DATA_DECRYPT; - find[1].u.f.valueInfo = 0; - - if (RC_BAD( rc = CCS_FindObjectsInit(context, find, 2))) - { - rc = RC_SET( NE_XFLM_NICI_FIND_INIT); - goto Exit; - } - - uiCount = 1; - - if (RC_BAD( rc = CCS_FindObjects( - context, - &serverKeyHdl, - &uiCount))) - { - rc = RC_SET( NE_XFLM_NICI_FIND_OBJECT); - goto Exit; - } - - if (uiCount < 1) - { - rc = RC_SET( NE_XFLM_NICI_KEY_NOT_FOUND); - goto ExitCtx; - } - - /*Set up alogrithm now to do AES and pading for encryption */ - algorithm.algorithm = (nuint8 *)oid_aes; - algorithm.parameterLen = sizeof(algorithm.parameter->parms[0])+ - sizeof(algorithm.parameter->count); - algorithm.parameter = parm; - algorithm.parameter->count = 1; - algorithm.parameter->parms[0].parmType = NICI_P_IV; - algorithm.parameter->parms[0].u.b.len = IV_SZ; /* 16-byte IV */ - algorithm.parameter->parms[0].u.b.ptr = (nuint8 *)pucIV; - - /* init encryption */ - - if (RC_BAD( rc = CCS_DataDecryptInit( - context, - &algorithm, - serverKeyHdl))) - { - rc = RC_SET( NE_XFLM_NICI_DECRYPT_INIT_FAILED); - goto Exit; - } - - if (RC_BAD( rc = CCS_Decrypt( - context, - (nuint8 *)pucBuffer, - *puiBufLen, - (nuint8 *)pucBuffer, - puiBufLen))) - { - rc = RC_SET( NE_XFLM_NICI_DECRYPT_FAILED); - goto Exit; - } - -ExitCtx: - - CCS_DestroyContext( context); - -#endif - -Exit: - - return rc; + return( rc); } /**************************************************************************** -Desc: flmEncryptBuffer - assumes aes +Desc: ****************************************************************************/ -RCODE flmEncryptBuffer( - FLMBYTE * pucBuffer, - FLMUINT * puiBufLen) +RCODE flmAllocCCS( + IF_CCS ** ppCCS) { RCODE rc = NE_XFLM_OK; - -#ifndef FLM_USE_NICI - F_UNREFERENCED_PARM( pucBuffer); - F_UNREFERENCED_PARM( puiBufLen); - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; -#else - NICI_CC_HANDLE context = 0; - NICI_ATTRIBUTE find[2]; - NICI_OBJECT_HANDLE serverKeyHdl = 0; - FLMUINT uiCount; - NICI_ALGORITHM algorithm; - NICI_PARAMETER_INFO parm[1]; - FLMBYTE oid_aes[] = {IDV_AES128CBC}; - FLMBYTE pucIV[ IV_SZ]; - - /* Create NICI Context */ - if (RC_BAD( rc = CCS_CreateContext(0, &context))) + F_NICICCS * pCCS = NULL; + + f_assert( (*ppCCS) == NULL); + + if( (pCCS = f_new F_NICICCS) == NULL) { - rc = RC_SET( NE_XFLM_NICI_CONTEXT); + rc = RC_SET( NE_XFLM_MEM); goto Exit; } - - find[0].type = NICI_A_GLOBAL; - find[0].u.f.hasValue = 1; - find[0].u.f.value = 1; - find[0].u.f.valueInfo = 0; - - find[1].type = NICI_A_FEATURE; - find[1].u.f.hasValue = 1; - find[1].u.f.value = NICI_F_DATA_ENCRYPT | NICI_F_DATA_DECRYPT; - find[1].u.f.valueInfo = 0; - - if (RC_BAD( rc = CCS_FindObjectsInit(context, find, 2))) - { - rc = RC_SET( NE_XFLM_NICI_FIND_INIT); - goto Exit; - } - - uiCount = 1; - - if (RC_BAD( rc = CCS_FindObjects( - context, - &serverKeyHdl, - &uiCount))) - { - rc = RC_SET( NE_XFLM_NICI_FIND_OBJECT); - goto Exit; - } - - if (uiCount < 1) - { - rc = RC_SET( NE_XFLM_NICI_KEY_NOT_FOUND); - goto ExitCtx; - } - - - algorithm.algorithm = (nuint8 *)oid_aes; - algorithm.parameterLen = sizeof(algorithm.parameter->parms[0])+ - sizeof(algorithm.parameter->count); - algorithm.parameter = parm; - algorithm.parameter->count = 1; - algorithm.parameter->parms[0].parmType = NICI_P_IV; - algorithm.parameter->parms[0].u.b.len = IV_SZ; /* 16-byte IV */ - algorithm.parameter->parms[0].u.b.ptr = (nuint8 *)pucIV; - - GetIV(pucIV, IV_SZ); - - /* init encryption */ - - if (RC_BAD( rc = CCS_DataEncryptInit( - context, - &algorithm, - serverKeyHdl))) - { - rc = RC_SET_AND_ASSERT( NE_XFLM_NICI_ENC_INIT_FAILED); - goto Exit; - } - - if (RC_BAD( rc = CCS_Encrypt( - context, - (nuint8 *)pucBuffer, - *puiBufLen, - (nuint8 *)pucBuffer, - puiBufLen))) - { - rc = RC_SET( NE_XFLM_NICI_ENCRYPT_FAILED); - goto Exit; - } - -ExitCtx: - - CCS_DestroyContext( context); - -#endif - + + *ppCCS = pCCS; + pCCS = NULL; + Exit: - - return rc; - -} - -#ifdef FLM_USE_NICI -FSTATIC void GetIV( - FLMBYTE * pucIV, - FLMUINT //uiLen - ) -{ - FLMUINT uiLoop; - FLMUINT uiLoop2; - - f_sprintf( (char *)pucIV, "3587903781145935"); - - for (uiLoop = 0; uiLoop < 100; uiLoop++) + + if( pCCS) { - for ( uiLoop2 = 0; uiLoop2 < IV_SZ; uiLoop2++) - { - pucIV[IV_SZ - uiLoop2] ^= pucIV[ uiLoop2]; - pucIV[IV_SZ - uiLoop2] += pucIV[ uiLoop2]; - pucIV[IV_SZ - uiLoop2] ^= pucIV[ uiLoop2]; - } - + pCCS->Release(); } - + + return( rc); } -#endif - -#ifdef FLM_USE_NICI -#ifndef FLM_UNIX -int CCSX_SetNewIV( - int ,//MODULEID, - FLMUINT32 ,//hContext, - pnuint8 ,//IV, - nuint32 //IVLen - ) +/**************************************************************************** +Desc: +****************************************************************************/ +#if !defined( FLM_UNIX) +int CCSX_SetNewIV( + int, // MODULEID + FLMUINT32, // hContext + pnuint8, // IV + nuint32) // IVLen { - return(NICI_E_FUNCTION_NOT_SUPPORTED); + return( NICI_E_FUNCTION_NOT_SUPPORTED); } #endif + #endif +/**************************************************************************** +Desc: +****************************************************************************/ +#ifndef FLM_USE_NICI +void f_nici_dummy( void) +{ +} +#endif diff --git a/xflaim/src/f_nici.h b/xflaim/src/f_nici.h deleted file mode 100644 index 27aa1d0..0000000 --- a/xflaim/src/f_nici.h +++ /dev/null @@ -1,279 +0,0 @@ -//------------------------------------------------------------------------------ -// Desc: This file contains the definitions needed for the NICI interface -// functions. -// -// Tabs: 3 -// -// Copyright (c) 2004-2006 Novell, Inc. All Rights Reserved. -// -// This program is free software; you can redistribute it and/or -// modify it under the terms of version 2 of the GNU General Public -// License as published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program; if not, contact Novell, Inc. -// -// To contact Novell about this file by physical or electronic mail, -// you may find current contact information at www.novell.com -// -// $Id: f_nici.h 3108 2006-01-19 13:05:19 -0700 (Thu, 19 Jan 2006) dsanders $ -//------------------------------------------------------------------------------ - -#ifndef _F_NICI_HPP -#define _F_NICI_HPP - -#ifdef FLM_USE_NICI - #ifdef FLM_NLM - #define N_PLAT_NLM - #endif - - #include "nwccs.h" - - #ifndef IDV_NOV_AES128CBCPad - #define IDV_NOV_AES128CBCPad NICI_AlgorithmPrefix(1), 97 /* 0x61 */ - #endif -#else - #define NICI_OBJECT_HANDLE void * - #define NICI_CC_HANDLE FLMUINT32 -#endif - -/*-------------------------------------------------------------------------- - * Definitions - *------------------------------------------------------------------------*/ - -#define IV_SZ 16 -#define IV_SZ8 8 -#define SALT_SZ 8 -#define SALT_COUNT 895 - -// These values are used to identify the algorithm for encryption. They map to indexes in the DDEncOpts -// table defined in ddprep.c. -#define FLM_NICI_AES 0 -#define FLM_NICI_DES3 1 -#define FLM_NICI_UNDEFINED 0xFF - -#define XFLM_NICI_AES128 128 -#define XFLM_NICI_AES192 192 -#define XFLM_NICI_AES256 256 -#define XFLM_NICI_DES3X 168 - -/*----------------------------------------------------------------------- - * CCS Interface. - *-----------------------------------------------------------------------*/ -class IF_CCS : public F_Object -{ -public: - - virtual ~IF_CCS() - { - } - - virtual RCODE generateEncryptionKey( - FLMUINT uiEncKeySize) = 0; - - virtual RCODE generateWrappingKey( - FLMUINT uiEncKeySize) = 0; - - virtual RCODE encryptToStore( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV = NULL) = 0; - - virtual RCODE decryptFromStore( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV = NULL) = 0; - -}; // IF_CCS - - - -class F_CCS : public IF_CCS -{ -public: - - // Constructor & destructor - F_CCS() - { - m_bInitCalled = FALSE; - m_bKeyVerified = FALSE; - f_memset( m_ucIV, 0, IV_SZ); - //m_bKeyIsWrappingKey = FALSE; - //m_uiAlgType = FLM_NICI_UNDEFINED; - m_keyHandle = 0; - m_hContext = 0; - m_uiEncKeySize = 0; - m_hMutex = F_MUTEX_NULL; - - } - - ~F_CCS(); - - RCODE init( - FLMBOOL bKeyIsWrappingKey, - FLMUINT uiAlgType); - - RCODE generateEncryptionKey( - FLMUINT uiEncKeySize); - - RCODE generateWrappingKey( - FLMUINT uiEncKeySize); - - RCODE encryptToStore( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV = NULL); - - RCODE decryptFromStore( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV = NULL); - - RCODE getKeyToStore( - FLMBYTE ** ppucKeyInfo, - FLMUINT32 * pui32BufLen, - FLMBYTE * pzEncKeyPasswd = NULL, - F_CCS * pWrappingCcs = NULL); - - RCODE setKeyFromStore( - FLMBYTE * pucKeyInfo, - FLMBYTE * pszEncKeyPasswd = NULL, - F_CCS * pWrappingCcs = NULL); - - FINLINE FLMBOOL keyVerified() - { - return m_bKeyVerified; - } - - FINLINE FLMUINT getEncType( void) - { - return m_uiAlgType; - } - - FLMUINT getIVLen(); - - RCODE generateIV( - FLMUINT uiIVLen, - FLMBYTE * pucIV); - -private: - - RCODE getWrappingKey( - NICI_OBJECT_HANDLE * pWrappingKeyHandle); - - RCODE wrapKey( - FLMBYTE ** ppucWrappedKey, - FLMUINT32 * pui32Length, - NICI_OBJECT_HANDLE masterWrappingKey = 0 ); - - RCODE unwrapKey( - FLMBYTE * pucWrappedKey, - FLMUINT32 ui32WrappedKeyLength, - NICI_OBJECT_HANDLE masterWrappingKey = 0); - - RCODE extractKey( - FLMBYTE ** ppucShroudedKey, - FLMUINT32 * pui32Length, - FLMUNICODE * puzEncKeyPasswd ); - - RCODE injectKey( - FLMBYTE * pucBuffer, - FLMUINT32 ui32Length, - FLMUNICODE * puzEncKeyPasswd ); - - RCODE encryptToStoreAES( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV); - - RCODE encryptToStoreDES3( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV); - - RCODE encryptToStoreDES( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV); - - RCODE decryptFromStoreAES( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV); - - RCODE decryptFromStoreDES3( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV); - - RCODE decryptFromStoreDES( - FLMBYTE * pucIn, - FLMUINT uiInLen, - FLMBYTE * pucOut, - FLMUINT * puiOutLen, - FLMBYTE * pucIV); - - RCODE generateEncryptionKeyAES( - FLMUINT uiEncKeySize); - - RCODE generateEncryptionKeyDES3( - FLMUINT uiEncKeySize); - - RCODE generateEncryptionKeyDES( - FLMUINT uiEncKeySize); - - RCODE generateWrappingKeyAES( - FLMUINT uiEncKeySize); - - RCODE generateWrappingKeyDES3( - FLMUINT uiEncKeySize); - - RCODE generateWrappingKeyDES( - FLMUINT uiEncKeySize); - - FLMUINT m_uiAlgType; - FLMBOOL m_bInitCalled; - FLMBOOL m_bKeyIsWrappingKey; - FLMBOOL m_bKeyVerified; - NICI_OBJECT_HANDLE m_keyHandle; // Handle to the clear key - we don't ever get the actual key. - FLMBYTE m_ucIV[ IV_SZ]; // Used when the algorithm type is DES, 3DES or AES - FLMBYTE m_ucRndIV[ IV_SZ]; // Used when the IV is stored with the data. - FLMUINT m_uiIVFactor; - NICI_CC_HANDLE m_hContext; - FLMUINT m_uiEncKeySize; - F_MUTEX m_hMutex; - -}; // F_CCS - -RCODE flmDecryptBuffer( - FLMBYTE * pucBuffer, - FLMUINT * puiBufLen); - -RCODE flmEncryptBuffer( - FLMBYTE * pucBuffer, - FLMUINT * puiBufLen); - -#endif /* _F_NICI_HPP */ diff --git a/xflaim/src/fdict.cpp b/xflaim/src/fdict.cpp index 878bdfc..31cee70 100644 --- a/xflaim/src/fdict.cpp +++ b/xflaim/src/fdict.cpp @@ -222,17 +222,16 @@ void F_Dict::resetDict( void) m_uiLowestPrefixNum = 0; m_uiHighestPrefixNum = 0; - for ( uiLoop = 0; - uiLoop <= (m_uiHighestEncDefNum - m_uiLowestEncDefNum); - uiLoop++ ) + for( uiLoop = 0; + uiLoop <= (m_uiHighestEncDefNum - m_uiLowestEncDefNum); uiLoop++) { - if (m_ppEncDefTbl && - m_ppEncDefTbl[ uiLoop] && - (*m_ppEncDefTbl[ uiLoop]).pCcs) + if (m_ppEncDefTbl && m_ppEncDefTbl[ uiLoop] && + (*m_ppEncDefTbl[ uiLoop]).pCcs) { (*m_ppEncDefTbl[ uiLoop]).pCcs->Release(); } } + f_free( &m_ppEncDefTbl); m_uiLowestEncDefNum = 0; m_uiHighestEncDefNum = 0; @@ -2606,9 +2605,9 @@ FSTATIC RCODE fdictCopyEncDef( pSrcEncDef->puzEncDefName, (uiEncDefLen + 1) * sizeof( FLMUNICODE)); - (*ppDestEncDef)->pCcs = pSrcEncDef->pCcs; - (*ppDestEncDef)->uiEncKeySize = pSrcEncDef->uiEncKeySize; - (*ppDestEncDef)->pCcs->AddRef(); + (*ppDestEncDef)->pCcs = pSrcEncDef->pCcs; + (*ppDestEncDef)->pCcs->AddRef(); + (*ppDestEncDef)->uiEncKeySize = pSrcEncDef->uiEncKeySize; } Exit: @@ -4916,8 +4915,7 @@ Desc: Determine if a specified encryption key size is legal ***************************************************************************/ FINLINE RCODE fdictLegalEncKeySize( FLMUINT uiEncType, - FLMUINT uiEncKeySize - ) + FLMUINT uiEncKeySize) { RCODE rc = NE_XFLM_OK; @@ -7430,8 +7428,7 @@ RCODE F_Db::getEncDefDef( FLMUNICODE ** ppuzEncDefName, FLMUINT * puiEncDefNumber, FLMUINT * puiEncDefKeySize, - F_CCS ** ppCcs - ) + IF_CCS ** ppCcs) { RCODE rc = NE_XFLM_OK; F_DOMNode * pNode = NULL; @@ -7464,10 +7461,12 @@ RCODE F_Db::getEncDefDef( } flmAssert( ppCcs); + if (*ppCcs) { (*ppCcs)->Release(); } + *ppCcs = NULL; // Retrieve the root element of the encDef definition @@ -7659,14 +7658,13 @@ RCODE F_Db::getEncDefDef( goto Exit; } - if (bHadEncKey) + if( bHadEncKey) { - if ((*ppCcs = f_new( F_CCS)) == NULL) + if( RC_BAD( rc = flmAllocCCS( ppCcs))) { - rc = RC_SET( NE_XFLM_MEM); goto Exit; } - + if (RC_BAD( rc = (*ppCcs)->init( FALSE, uiEncType))) { goto Exit; @@ -7680,9 +7678,10 @@ RCODE F_Db::getEncDefDef( } else { - if (!bHadEncKeySize) + if( !bHadEncKeySize) { // Pick a key size based on the encryption algorithm. + (void)fdictGetLegalKeySize( uiEncType, &uiEncKeySize); } @@ -7692,49 +7691,51 @@ RCODE F_Db::getEncDefDef( // We will need an update transaction before we can proceed. - if ( getTransType() == XFLM_READ_TRANS) + if( getTransType() == XFLM_READ_TRANS) { // End this transaction - if (RC_BAD( rc = transCommit())) + + if( RC_BAD( rc = transCommit())) { goto Exit; } + bRestartReadTrans = TRUE; } - if ( getTransType() == XFLM_NO_TRANS) + if( getTransType() == XFLM_NO_TRANS) { - if (RC_BAD( rc = transBegin( XFLM_UPDATE_TRANS))) + if( RC_BAD( rc = transBegin( XFLM_UPDATE_TRANS))) { goto Exit; } bStartedUpdateTrans = TRUE; } - - if ((*ppCcs = f_new( F_CCS)) == NULL) + + if( RC_BAD( rc = flmAllocCCS( ppCcs))) { - rc = RC_SET( NE_XFLM_MEM); goto Exit; } - if (RC_BAD( rc = (*ppCcs)->init( FALSE, uiEncType))) + if( RC_BAD( rc = (*ppCcs)->init( FALSE, uiEncType))) { goto Exit; } TryNewKeySize: - if (RC_BAD( rc = (*ppCcs)->generateEncryptionKey( uiEncKeySize))) + if( RC_BAD( rc = (*ppCcs)->generateEncryptionKey( uiEncKeySize))) { - if (!fdictGetLegalKeySize( uiEncType, &uiEncKeySize)) + if( !fdictGetLegalKeySize( uiEncType, &uiEncKeySize)) { goto Exit; } + rc = NE_XFLM_OK; goto TryNewKeySize; } - if (RC_BAD( rc = (*ppCcs)->getKeyToStore( + if( RC_BAD( rc = (*ppCcs)->getKeyToStore( (FLMBYTE **)&pvEncKeyBuf, &ui32EncKeyLen, NULL, m_pDatabase->m_pWrappingKey))) { @@ -7742,77 +7743,77 @@ TryNewKeySize: } // Set the key in the DOM node as a binary string. - if (RC_BAD( rc = pNode->createAttribute( this, - ATTR_ENCRYPTION_KEY_TAG, + + if( RC_BAD( rc = pNode->createAttribute( this, ATTR_ENCRYPTION_KEY_TAG, (IF_DOMNode **)&pAttr))) { goto Exit; } - if (RC_BAD( rc = pAttr->setBinary( this, pvEncKeyBuf, ui32EncKeyLen))) + if( RC_BAD( rc = pAttr->setBinary( this, pvEncKeyBuf, ui32EncKeyLen))) { goto Exit; } - if (RC_BAD( rc = pAttr->addModeFlags( this, + if( RC_BAD( rc = pAttr->addModeFlags( this, FDOM_READ_ONLY | FDOM_CANNOT_DELETE))) { goto Exit; } - if (!bHadEncKeySize) + if( !bHadEncKeySize) { // Set the key size - if (RC_BAD( rc = pNode->createAttribute( this, - ATTR_ENCRYPTION_KEY_SIZE_TAG, - (IF_DOMNode **)&pAttr))) + + if( RC_BAD( rc = pNode->createAttribute( this, + ATTR_ENCRYPTION_KEY_SIZE_TAG, (IF_DOMNode **)&pAttr))) { goto Exit; } - if (RC_BAD( rc = pAttr->setUINT( this, uiEncKeySize))) + if( RC_BAD( rc = pAttr->setUINT( this, uiEncKeySize))) { goto Exit; } } else { - if (RC_BAD( rc = pNode->getAttribute( this, - ATTR_ENCRYPTION_KEY_SIZE_TAG, - (IF_DOMNode **)&pAttr))) + if( RC_BAD( rc = pNode->getAttribute( this, + ATTR_ENCRYPTION_KEY_SIZE_TAG, (IF_DOMNode **)&pAttr))) { goto Exit; } } - if (RC_BAD( rc = pAttr->addModeFlags( this, - FDOM_READ_ONLY | FDOM_CANNOT_DELETE))) + if( RC_BAD( rc = pAttr->addModeFlags( this, + FDOM_READ_ONLY | FDOM_CANNOT_DELETE))) { goto Exit; } // End the transaction - if (bStartedUpdateTrans) + + if( bStartedUpdateTrans) { - if (RC_BAD( rc = transCommit())) + if( RC_BAD( rc = transCommit())) { goto Exit; } + bStartedUpdateTrans = FALSE; } - } - if (puiEncDefKeySize) + if( puiEncDefKeySize) { *puiEncDefKeySize = uiEncKeySize; } Exit: - if (RC_BAD( rc)) + if( RC_BAD( rc)) { - if (*ppCcs) + if( *ppCcs) { (*ppCcs)->Release(); *ppCcs = NULL; @@ -7825,7 +7826,7 @@ Exit: { // Commit the update transaction - if (RC_BAD( rc = transCommit())) + if( RC_BAD( rc = transCommit())) { (void)transAbort(); } @@ -7880,8 +7881,8 @@ RCODE F_Dict::updateEncDef( FLMUNICODE * puzEncDefName = NULL; FLMUINT uiTmp; void * pvMark = m_dictPool.poolMark(); - F_CCS * pCcs = NULL; FLMUINT uiEncKeySize = 0; + IF_CCS * pCcs = NULL; if (bOpeningDict) { @@ -8005,12 +8006,12 @@ Exit: } } - if (pCcs) + if( pCcs) { pCcs->Release(); } - return( rc ); + return( rc); } /*************************************************************************** diff --git a/xflaim/src/fdict.h b/xflaim/src/fdict.h index 3131bd1..d60ce7d 100644 --- a/xflaim/src/fdict.h +++ b/xflaim/src/fdict.h @@ -38,8 +38,8 @@ struct IXD; struct ICD; class F_Database; -class F_CCS; class F_AttrItem; +class IF_CCS; /**************************************************************************** Desc: Attribute/Element definition structure. @@ -251,7 +251,7 @@ typedef struct FLMUINT64 ui64DocumentId; FLMUNICODE * puzEncDefName; FLMUINT uiEncKeySize; - F_CCS * pCcs; + IF_CCS * pCcs; } F_ENCDEF; /**************************************************************************** diff --git a/xflaim/src/fdom.cpp b/xflaim/src/fdom.cpp index a9b21ca..fe1741c 100644 --- a/xflaim/src/fdom.cpp +++ b/xflaim/src/fdom.cpp @@ -14312,7 +14312,7 @@ RCODE F_Db::flushNode( goto Exit; } - uiDataOutputSize = getEncLen( uiNodeDataLength); + uiDataOutputSize = getEncLen( uiNodeDataLength); } if( RC_BAD( rc = dynaBuf.allocSpace( uiDataOutputSize, @@ -17897,11 +17897,11 @@ Exit: Desc: ****************************************************************************/ RCODE F_AttrItem::setupAttribute( - F_Db * pDb, - FLMUINT uiEncDefId, - FLMUINT uiDataSizeNeeded, - FLMBOOL bOkToGenerateIV, - FLMBOOL bMutexAlreadyLocked) + F_Db * pDb, + FLMUINT uiEncDefId, + FLMUINT uiDataSizeNeeded, + FLMBOOL bOkToGenerateIV, + FLMBOOL bMutexAlreadyLocked) { RCODE rc = NE_XFLM_OK; FLMUINT uiTotalNeeded = uiDataSizeNeeded; diff --git a/xflaim/src/flaimsys.h b/xflaim/src/flaimsys.h index 8bc48f4..95f6373 100644 --- a/xflaim/src/flaimsys.h +++ b/xflaim/src/flaimsys.h @@ -27,10 +27,14 @@ #ifndef FLAIMSYS_H #define FLAIMSYS_H -// Public includes - #include "xflaim.h" +#undef FLM_HAS_ENCRYPTION + +#ifdef FLM_USE_NICI + #define FLM_HAS_ENCRYPTION +#endif + #ifdef HAVE_CONFIG_H #include "../config.h" #endif @@ -102,7 +106,7 @@ class F_RebuildNodeIStream; #include "rfl.h" #include "filesys.h" #include "flog.h" -#include "f_nici.h" +#include "f_ccs.h" RCODE MapErrnoToFlaimErr( int err, @@ -2545,7 +2549,7 @@ public: FLMUNICODE ** ppuzEncDefName, FLMUINT * puiEncDefNumber, FLMUINT * puiEncDefKeySize, - F_CCS ** ppCcs); + IF_CCS ** ppCcs); RCODE getIndexDef( FLMUINT64 ui64DocumentID, diff --git a/xflaim/src/flbackup.cpp b/xflaim/src/flbackup.cpp index 5fb36b4..e767fbf 100644 --- a/xflaim/src/flbackup.cpp +++ b/xflaim/src/flbackup.cpp @@ -394,6 +394,7 @@ RCODE F_Backup::backup( IF_BackupStatus * ifpStatus, FLMUINT * puiIncSeqNum) { + RCODE rc = NE_XFLM_OK; FLMBOOL bFullBackup = TRUE; FLMINT iFileNum; FLMUINT uiBlkAddr; @@ -415,7 +416,6 @@ RCODE F_Backup::backup( FLMUINT uiMaxFileSize; FLMBOOL bReleaseClient = FALSE; FLMBOOL bMustUnlock = FALSE; - RCODE rc = NE_XFLM_OK; if( puiIncSeqNum) { @@ -601,15 +601,14 @@ RCODE F_Backup::backup( pDbHdr->ui32RblFirstCPBlkAddr = 0; // If a password was used, wrap the database key in that password - if (pszPassword && *pszPassword) + + if( pszPassword && *pszPassword) { FLMBYTE * pucTmp = NULL; // Need to get a lock on the database - mostly to prevent the very // unlikely possibility of another thread attempting to use the // database key at the same time we are. - // (Carson found this in his random testing when one thread did - // a wrapKey while another did a backup.) if ((m_pDb->m_uiFlags & FDB_HAS_FILE_LOCK) == 0) { @@ -618,22 +617,26 @@ RCODE F_Backup::backup( { goto Exit; } + bMustUnlock = TRUE; } + rc = m_pDb->getDatabase()->m_pWrappingKey->getKeyToStore( &pucTmp, &pDbHdr->ui32DbKeyLen, (FLMBYTE *)pszPassword, NULL); - if (bMustUnlock) + if( bMustUnlock) { m_pDb->dbUnlock(); bMustUnlock = FALSE; } - if (RC_BAD( rc)) + + if( RC_BAD( rc)) { - if (pucTmp) + if( pucTmp) { f_free( &pucTmp); } + goto Exit; } @@ -844,7 +847,6 @@ Exit: } /**************************************************************************** -Area : MISC Desc : Ends the backup, updating the log header if needed. ****************************************************************************/ RCODE F_Backup::endBackup( void) diff --git a/xflaim/src/flblddb.cpp b/xflaim/src/flblddb.cpp index 2ae6cb9..68377af 100644 --- a/xflaim/src/flblddb.cpp +++ b/xflaim/src/flblddb.cpp @@ -343,10 +343,10 @@ RCODE F_DbRebuild::dbRebuild( FLMBOOL bUsedDatabase = FALSE; FLMBOOL bWaited; FLMBYTE * pucWrappingKey = NULL; - FLMUINT32 ui32KeyLen; F_SEM hWaitSem = F_SEM_NULL; FLMUINT uiRflToken = 0; - F_CCS * pWrappingKey = NULL; + IF_CCS * pWrappingKey = NULL; + FLMUINT32 ui32KeyLen; F_SuperFileClient SFileClient; if( RC_BAD( rc = f_semCreate( &hWaitSem))) @@ -580,19 +580,11 @@ Retry: if( m_dbHdr.ui32DbKeyLen) { -#ifndef FLM_USE_NICI - - rc = RC_SET( NE_XFLM_UNSUPPORTED_FEATURE); - goto Exit; - -#else - - if( (pWrappingKey = f_new F_CCS) == NULL) + if( RC_BAD( rc = flmAllocCCS( &pWrappingKey))) { - rc = RC_SET( NE_XFLM_MEM); goto Exit; } - + if( RC_BAD( rc = pWrappingKey->init( TRUE, FLM_NICI_AES))) { goto Exit; @@ -607,8 +599,6 @@ Retry: { goto Exit; } - -#endif } // Delete the destination database in case it already exists. diff --git a/xflaim/src/flconvrt.cpp b/xflaim/src/flconvrt.cpp index 6506daf..356afbe 100644 --- a/xflaim/src/flconvrt.cpp +++ b/xflaim/src/flconvrt.cpp @@ -498,9 +498,8 @@ RCODE F_Db::createDbKey( void) m_pDatabase->m_pWrappingKey = NULL; } - if( (m_pDatabase->m_pWrappingKey = f_new F_CCS) == NULL) + if( RC_BAD( rc = flmAllocCCS( &m_pDatabase->m_pWrappingKey))) { - rc = RC_SET( NE_XFLM_MEM); goto Exit; } @@ -522,14 +521,15 @@ RCODE F_Db::createDbKey( void) XFLM_NICI_AES128))) { // Try using DES3 - m_pDatabase->m_pWrappingKey->Release(); - if ((m_pDatabase->m_pWrappingKey = f_new F_CCS) == NULL) + m_pDatabase->m_pWrappingKey->Release(); + m_pDatabase->m_pWrappingKey = NULL; + + if( RC_BAD( rc = flmAllocCCS( &m_pDatabase->m_pWrappingKey))) { - rc = RC_SET( NE_XFLM_MEM); goto Exit; } - + if (RC_BAD( rc = m_pDatabase->m_pWrappingKey->init( TRUE, FLM_NICI_DES3))) { @@ -547,8 +547,10 @@ RCODE F_Db::createDbKey( void) } Exit: + return rc; } + /**************************************************************************** Desc : Generate a new database key and re-wrap all existing keys in it NOTE: New database key will be wrapped in NICI server key, diff --git a/xflaim/src/flcreate.cpp b/xflaim/src/flcreate.cpp index e0a9a20..afe6afc 100644 --- a/xflaim/src/flcreate.cpp +++ b/xflaim/src/flcreate.cpp @@ -281,9 +281,7 @@ RCODE F_Db::initDbFiles( F_BLK_HDR * pBlkHdr; F_CachedBlock * pSCache = NULL; FLMBYTE * pucWrappingKey = NULL; -#ifdef FLM_USE_NICI FLMUINT32 ui32KeyLen = 0; -#endif // Determine what size of buffer to allocate. @@ -319,36 +317,38 @@ RCODE F_Db::initDbFiles( } } -#ifdef FLM_USE_NICI - if (RC_BAD( rc = createDbKey())) + if( RC_OK( rc = createDbKey())) { - goto Exit; - } + if (RC_BAD( rc = m_pDatabase->m_pWrappingKey->getKeyToStore( + &pucWrappingKey, + &ui32KeyLen, + m_pDatabase->m_pszDbPasswd, + NULL))) + { + goto Exit; + } - if (RC_BAD( rc = m_pDatabase->m_pWrappingKey->getKeyToStore( - &pucWrappingKey, - &ui32KeyLen, - m_pDatabase->m_pszDbPasswd, - NULL))) + f_memcpy( m_pDatabase->m_lastCommittedDbHdr.DbKey, + pucWrappingKey, + ui32KeyLen); + m_pDatabase->m_lastCommittedDbHdr.ui32DbKeyLen = ui32KeyLen; + + m_pDatabase->m_rcLimitedCode = NE_XFLM_OK; + m_pDatabase->m_bInLimitedMode = FALSE; + m_pDatabase->m_bHaveEncKey = TRUE; + } + else if( rc == NE_XFLM_ENCRYPTION_UNAVAILABLE) + { + rc = NE_XFLM_OK; + m_pDatabase->m_rcLimitedCode = NE_XFLM_ENCRYPTION_UNAVAILABLE; + m_pDatabase->m_bInLimitedMode = TRUE; + m_pDatabase->m_bHaveEncKey = FALSE; + } + else { goto Exit; } - f_memcpy( m_pDatabase->m_lastCommittedDbHdr.DbKey, - pucWrappingKey, - ui32KeyLen); - m_pDatabase->m_lastCommittedDbHdr.ui32DbKeyLen = ui32KeyLen; - - m_pDatabase->m_rcLimitedCode = NE_XFLM_OK; - m_pDatabase->m_bInLimitedMode = FALSE; - m_pDatabase->m_bHaveEncKey = TRUE; - -#else - m_pDatabase->m_rcLimitedCode = NE_XFLM_ENCRYPTION_UNAVAILABLE; - m_pDatabase->m_bInLimitedMode = TRUE; - m_pDatabase->m_bHaveEncKey = FALSE; -#endif - // Write out the log header if (RC_BAD( rc = m_pDatabase->writeDbHdr( m_pDbStats, m_pSFileHdl, diff --git a/xflaim/src/fldbglog.cpp b/xflaim/src/fldbglog.cpp index 1212f2f..d192b88 100644 --- a/xflaim/src/fldbglog.cpp +++ b/xflaim/src/fldbglog.cpp @@ -311,15 +311,13 @@ void flmDbgLogUpdate( f_mutexUnlock( g_hDbgLogMutex); } -#else +#endif // FLM_DBG_LOG -// Must have something here for the Netware platform, or it won't build. - -#if defined( FLM_WATCOM_NLM) - void gv_fldbglog() - { - } +/**************************************************************************** +Desc: +****************************************************************************/ +#ifndef FLM_DBG_LOG +void fldbglog_dummy() +{ +} #endif - - -#endif // #ifdef FLM_DBG_LOG diff --git a/xflaim/src/flopen.cpp b/xflaim/src/flopen.cpp index 150898a..981fabe 100644 --- a/xflaim/src/flopen.cpp +++ b/xflaim/src/flopen.cpp @@ -1270,13 +1270,16 @@ F_Database::~F_Database() f_free( &m_pszDbPath); // Encryption stuff + if (m_pszDbPasswd) { f_free( &m_pszDbPasswd); } + if (m_pWrappingKey) { - delete m_pWrappingKey; + m_pWrappingKey->Release(); + m_pWrappingKey = NULL; } flmAssert( !m_pFirstNode && !m_pLastNode && !m_pLastDirtyNode); @@ -1533,13 +1536,12 @@ RCODE F_Database::readDbHdr( f_strcpy( (char *)m_pszDbPasswd, (const char *)pszPassword); } - - if ((m_pWrappingKey = f_new F_CCS()) == NULL) + + if( RC_BAD( rc = flmAllocCCS( &m_pWrappingKey))) { - RC_SET( rc = NE_XFLM_MEM); goto Exit; } - + if( RC_OK( rc = m_pWrappingKey->init( TRUE, FLM_NICI_AES))) { // If the key was encrypted in a password, then the pszPassword parameter better @@ -1553,10 +1555,7 @@ RCODE F_Database::readDbHdr( if( RC_BAD( rc)) { - // NE_XFLM_UNSUPPORTED_FEATURE is returned when we've been compiled - // without NICI support - - if ((rc == NE_XFLM_UNSUPPORTED_FEATURE) || bAllowLimited) + if ((rc == NE_XFLM_ENCRYPTION_UNAVAILABLE) || bAllowLimited) { m_bInLimitedMode = TRUE; rc = NE_XFLM_OK; diff --git a/xflaim/src/fslfileu.cpp b/xflaim/src/fslfileu.cpp index 15ae240..8d9eace 100644 --- a/xflaim/src/fslfileu.cpp +++ b/xflaim/src/fslfileu.cpp @@ -106,7 +106,7 @@ RCODE F_Db::checkDictDefInfo( uiMaxTagNum = XFLM_MAX_COLLECTION_NUM; break; case ELM_ENCDEF_TAG: -#ifndef FLM_USE_NICI +#ifndef FLM_HAS_ENCRYPTION rc = RC_SET( NE_XFLM_ENCRYPTION_UNAVAILABLE); goto Exit; #else diff --git a/xflaim/src/fstructs.h b/xflaim/src/fstructs.h index a684818..744ef89 100644 --- a/xflaim/src/fstructs.h +++ b/xflaim/src/fstructs.h @@ -1265,7 +1265,7 @@ private: IF_Thread * m_pMaintThrd; // Background maintenance thread F_SEM m_hMaintSem; // Maintenance thread "work-to-do" semaphore FLMBYTE * m_pszDbPasswd; // The database encryption password - F_CCS * m_pWrappingKey; // The database wrapping key + IF_CCS * m_pWrappingKey; // The database wrapping key FLMBOOL m_bHaveEncKey; // FLMBOOL m_bAllowLimitedMode; // Is this database allowed to be opened in limited mode? FLMBOOL m_bInLimitedMode; // Has this database been opened in limited mode? diff --git a/xflaim/src/scache.cpp b/xflaim/src/scache.cpp index 4d77729..e0a4828 100644 --- a/xflaim/src/scache.cpp +++ b/xflaim/src/scache.cpp @@ -34,10 +34,10 @@ FSTATIC void ScaNotify( RCODE NotifyRc); #ifdef SCACHE_LINK_CHECKING -FSTATIC void scaVerify( - int iPlace); + FSTATIC void scaVerify( + int iPlace); #else -#define scaVerify(iPlace) + #define scaVerify(iPlace) #endif /*************************************************************************** @@ -7361,8 +7361,7 @@ Desc: This function will encrypt the block of data passed in. This function ****************************************************************************/ RCODE F_Database::encryptBlock( F_Dict * pDict, - FLMBYTE * pucBuffer - ) + FLMBYTE * pucBuffer) { RCODE rc = NE_XFLM_OK; IXD * pIxd; @@ -7372,13 +7371,10 @@ RCODE F_Database::encryptBlock( F_ENCDEF * pEncDef = NULL; FLMUINT uiEncId; FLMUINT uiEncLen = m_uiBlockSize - sizeofBTreeBlkHdr( pBlkHdr); -#ifdef FLM_USE_NICI - F_CCS * pCcs = NULL; -#endif + IF_CCS * pCcs = NULL; if (!blkIsBTree( (F_BLK_HDR *)pucBuffer)) { - // Nothing to do. We are only interested in btree blocks. goto Exit; } @@ -7410,12 +7406,8 @@ RCODE F_Database::encryptBlock( { uiLfNum = pBlkHdr->ui16LogicalFile; - // Get the index. - if (RC_BAD( rc = pDict->getCollection( uiLfNum, - &pCollection, - TRUE))) + if (RC_BAD( rc = pDict->getCollection( uiLfNum, &pCollection, TRUE))) { - // Not a collection. if (rc == NE_XFLM_BAD_COLLECTION) { rc = NE_XFLM_OK; @@ -7423,52 +7415,40 @@ RCODE F_Database::encryptBlock( goto Exit; } - // The collection may not be encrypted. - // We can just exit here. - - if (!pCollection || !pCollection->lfInfo.uiEncId) + if( !pCollection || !pCollection->lfInfo.uiEncId) { - goto Exit; // NE_XFLM_OK; + goto Exit; } - // Need to get the encryption object. - if (RC_BAD( rc = pDict->getEncDef( pCollection->lfInfo.uiEncId, - &pEncDef))) + if( RC_BAD( rc = pDict->getEncDef( + pCollection->lfInfo.uiEncId, &pEncDef))) { goto Exit; } } } - else if (isIndexBlk( pBlkHdr)) + else if( isIndexBlk( pBlkHdr)) { - if (!m_bTempDb) + if( !m_bTempDb) { uiLfNum = pBlkHdr->ui16LogicalFile; - // Get the index. - if (RC_BAD( rc = pDict->getIndex( uiLfNum, - NULL, - &pIxd, - TRUE))) + if( RC_BAD( rc = pDict->getIndex( uiLfNum, NULL, &pIxd, TRUE))) { - // Not an index. if (rc == NE_XFLM_BAD_IX) { rc = NE_XFLM_OK; } + goto Exit; } - // The index may not be encrypted. - // We can just exit here. - if (!pIxd || !pIxd->lfInfo.uiEncId) + if( !pIxd || !pIxd->lfInfo.uiEncId) { - goto Exit; // NE_XFLM_OK; + goto Exit; } - // Need to get the encryption object. - if (RC_BAD( rc = pDict->getEncDef( pIxd->lfInfo.uiEncId, - &pEncDef))) + if( RC_BAD( rc = pDict->getEncDef( pIxd->lfInfo.uiEncId, &pEncDef))) { goto Exit; } @@ -7476,21 +7456,16 @@ RCODE F_Database::encryptBlock( } else { - goto Exit; // NE_XFLM_OK + goto Exit; } -#ifndef FLM_USE_NICI - rc = RC_SET( NE_XFLM_ENCRYPTION_UNAVAILABLE); - goto Exit; -#else - - if (m_bInLimitedMode) + if( m_bInLimitedMode) { rc = RC_SET( NE_XFLM_ENCRYPTION_UNAVAILABLE); goto Exit; } - if (!m_bTempDb) + if( !m_bTempDb) { flmAssert( pEncDef); pCcs = pEncDef->pCcs; @@ -7506,12 +7481,11 @@ RCODE F_Database::encryptBlock( // Encrypt the buffer in place. - if (pBlkHdr->stdBlkHdr.ui8BlkType == BT_DATA_ONLY) + if( pBlkHdr->stdBlkHdr.ui8BlkType == BT_DATA_ONLY) { - if (RC_BAD( rc = pCcs->encryptToStore( &pucBuffer[ sizeofDOBlkHdr( (F_BLK_HDR *)pBlkHdr)], - uiEncLen, - &pucBuffer[ sizeofDOBlkHdr( (F_BLK_HDR *)pBlkHdr)], - &uiEncLen))) + if( RC_BAD( rc = pCcs->encryptToStore( + &pucBuffer[ sizeofDOBlkHdr( (F_BLK_HDR *)pBlkHdr)], uiEncLen, + &pucBuffer[ sizeofDOBlkHdr( (F_BLK_HDR *)pBlkHdr)], &uiEncLen))) { goto Exit; } @@ -7521,10 +7495,9 @@ RCODE F_Database::encryptBlock( } else { - if (RC_BAD( rc = pCcs->encryptToStore( &pucBuffer[ sizeofBTreeBlkHdr( pBlkHdr)], - uiEncLen, - &pucBuffer[ sizeofBTreeBlkHdr( pBlkHdr)], - &uiEncLen))) + if( RC_BAD( rc = pCcs->encryptToStore( + &pucBuffer[ sizeofBTreeBlkHdr( pBlkHdr)], uiEncLen, + &pucBuffer[ sizeofBTreeBlkHdr( pBlkHdr)], &uiEncLen))) { goto Exit; } @@ -7532,19 +7505,18 @@ RCODE F_Database::encryptBlock( flmAssert( uiEncLen == (m_uiBlockSize - sizeofBTreeBlkHdr( pBlkHdr))); } -#endif Exit: - return rc; + return( rc); } /**************************************************************************** Desc: This function will decrypt the block of data passed in. ****************************************************************************/ RCODE F_Database::decryptBlock( - F_Dict * pDict, - FLMBYTE * pucBuffer) + F_Dict * pDict, + FLMBYTE * pucBuffer) { RCODE rc = NE_XFLM_OK; IXD * pIxd; @@ -7553,17 +7525,14 @@ RCODE F_Database::decryptBlock( F_BTREE_BLK_HDR * pBlkHdr = (F_BTREE_BLK_HDR *)pucBuffer; FLMUINT uiEncLen; F_ENCDEF * pEncDef = NULL; -#ifdef FLM_USE_NICI - F_CCS * pCcs = NULL; -#endif + IF_CCS * pCcs = NULL; - if (!blkIsBTree( (F_BLK_HDR *)pucBuffer)) + if( !blkIsBTree( (F_BLK_HDR *)pucBuffer)) { - // Nothing to do. We are only interested in btree blocks. goto Exit; } - if (!isEncryptedBlk( (F_BLK_HDR *)pBlkHdr)) + if( !isEncryptedBlk( (F_BLK_HDR *)pBlkHdr)) { goto Exit; } @@ -7573,20 +7542,16 @@ RCODE F_Database::decryptBlock( uiEncLen = m_uiBlockSize - sizeofDOBlkHdr( (F_BLK_HDR *)pBlkHdr); - if (!m_bTempDb) + if( !m_bTempDb) { - - // Need to get the encryption object. - - if (RC_BAD( rc = pDict->getEncDef( - (FLMUINT)(((F_ENC_DO_BLK_HDR *)pBlkHdr)->ui32EncId), - &pEncDef))) + if( RC_BAD( rc = pDict->getEncDef( + (FLMUINT)(((F_ENC_DO_BLK_HDR *)pBlkHdr)->ui32EncId), &pEncDef))) { goto Exit; } } } - else if (isContainerBlk( pBlkHdr)) + else if( isContainerBlk( pBlkHdr)) { uiEncLen = m_uiBlockSize - sizeofBTreeBlkHdr( pBlkHdr); @@ -7594,71 +7559,56 @@ RCODE F_Database::decryptBlock( { uiLfNum = pBlkHdr->ui16LogicalFile; - // Get the index. - if (RC_BAD( rc = pDict->getCollection( uiLfNum, - &pCollection, - TRUE))) + if( RC_BAD( rc = pDict->getCollection( uiLfNum, &pCollection, TRUE))) { - // Not a collection. - if (rc == NE_XFLM_BAD_COLLECTION) + if( rc == NE_XFLM_BAD_COLLECTION) { rc = NE_XFLM_OK; } + goto Exit; } - // The collection may not be encrypted. - // We can just exit here. - - if (!pCollection || !pCollection->lfInfo.uiEncId) + if( !pCollection || !pCollection->lfInfo.uiEncId) { - goto Exit; // NE_XFLM_OK; + goto Exit; } // Need to get the encryption object. - if (RC_BAD( rc = pDict->getEncDef( pCollection->lfInfo.uiEncId, - &pEncDef))) + if( RC_BAD( rc = pDict->getEncDef( + pCollection->lfInfo.uiEncId, &pEncDef))) { goto Exit; } } } - else if (isIndexBlk( pBlkHdr)) + else if( isIndexBlk( pBlkHdr)) { uiEncLen = m_uiBlockSize - sizeofBTreeBlkHdr( pBlkHdr); - if (!m_bTempDb) + if( !m_bTempDb) { uiLfNum = pBlkHdr->ui16LogicalFile; // Get the index. - if (RC_BAD( rc = pDict->getIndex( uiLfNum, - NULL, - &pIxd, - TRUE))) + if( RC_BAD( rc = pDict->getIndex( uiLfNum, NULL, &pIxd, TRUE))) { - // Not an index. - if (rc == NE_XFLM_BAD_IX) + if( rc == NE_XFLM_BAD_IX) { rc = NE_XFLM_OK; } + goto Exit; } - // The index may not be encrypted. - // We can just exit here. - - if (!pIxd || !pIxd->lfInfo.uiEncId) + if( !pIxd || !pIxd->lfInfo.uiEncId) { - goto Exit; // NE_XFLM_OK; + goto Exit; } - // Need to get the encryption object. - - if (RC_BAD( rc = pDict->getEncDef( pIxd->lfInfo.uiEncId, - &pEncDef))) + if( RC_BAD( rc = pDict->getEncDef( pIxd->lfInfo.uiEncId, &pEncDef))) { goto Exit; } @@ -7666,22 +7616,16 @@ RCODE F_Database::decryptBlock( } else { - goto Exit; // NE_XFLM_OK + goto Exit; } - -#ifndef FLM_USE_NICI - rc = RC_SET( NE_XFLM_ENCRYPTION_UNAVAILABLE); - goto Exit; -#else - - if (m_bInLimitedMode) + if( m_bInLimitedMode) { rc = RC_SET( NE_XFLM_ENCRYPTION_UNAVAILABLE); goto Exit; } - if (!m_bTempDb) + if( !m_bTempDb) { flmAssert( pEncDef); pCcs = pEncDef->pCcs; @@ -7695,7 +7639,7 @@ RCODE F_Database::decryptBlock( flmAssert( pCcs); flmAssert( !(uiEncLen % 16)); - if (pBlkHdr->stdBlkHdr.ui8BlkType == BT_DATA_ONLY) + if( pBlkHdr->stdBlkHdr.ui8BlkType == BT_DATA_ONLY) { if (RC_BAD( rc = pCcs->decryptFromStore( &pucBuffer[ sizeofDOBlkHdr( (F_BLK_HDR *)pBlkHdr)], uiEncLen, @@ -7709,7 +7653,7 @@ RCODE F_Database::decryptBlock( } else { - if (RC_BAD( rc = pCcs->decryptFromStore( + if( RC_BAD( rc = pCcs->decryptFromStore( &pucBuffer[ sizeofBTreeBlkHdr( pBlkHdr)], uiEncLen, &pucBuffer[ sizeofBTreeBlkHdr( pBlkHdr)], &uiEncLen))) { @@ -7719,11 +7663,9 @@ RCODE F_Database::decryptBlock( flmAssert( uiEncLen == (m_uiBlockSize - sizeofBTreeBlkHdr( pBlkHdr))); } -#endif - Exit: - return rc; + return( rc); } #undef new diff --git a/xflaim/src/xflaim.h b/xflaim/src/xflaim.h index 1dd669a..2cf1ae4 100644 --- a/xflaim/src/xflaim.h +++ b/xflaim/src/xflaim.h @@ -414,7 +414,18 @@ XFLM_INCREMENTAL_BACKUP } eDbBackupType; - // FLAIM Data types. + // Encryption + + #define FLM_NICI_AES 0 + #define FLM_NICI_DES3 1 + #define FLM_NICI_UNDEFINED 0xFF + + #define XFLM_NICI_AES128 128 + #define XFLM_NICI_AES192 192 + #define XFLM_NICI_AES256 256 + #define XFLM_NICI_DES3X 168 + + // Data types. #define XFLM_NODATA_TYPE 0 #define XFLM_TEXT_TYPE 1