envelope.h
来自「提供了很多种加密算法和CA认证及相关服务如CMP、OCSP等的开发」· C头文件 代码 · 共 615 行 · 第 1/2 页
H
615 行
#define ENVELOPE_NOSIGNINGCERTS 0x08 /* Don't include signing certs */
/* The size of the buffer used to handle read-ahead into hold out-of-band
data at the start of the payload */
#define OOB_BUFFER_SIZE 8
/* The structure which stores the information on an envelope */
typedef struct EI {
/* Control and status information */
CRYPT_FORMAT_TYPE type; /* Envelope type */
CRYPT_CONTENT_TYPE contentType; /* Inner content type */
ACTION_TYPE usage; /* Usage (signing, encryption, etc) */
int version; /* Protocol version/subtype */
int flags; /* Envelope information flags */
/* The list of actions to perform on the data. There are three sets of
actions, the preActions (output of encrypted session keys and
whatnot), the main actions (encryption or hashing), and the
postActions (output of signatures) */
ACTION_LIST *preActionList;
ACTION_LIST *actionList;
ACTION_LIST *postActionList;
/* Several action groups produce information which is prepended or
appended to the data. The following variables record the encoded size
of this information. In some cases the size of the appended
information isn't known when the enveloping is started so we have to
use an indefinite-length encoding for the outermost wrapper, if this
is the case then we set the indefinite trailer flag to indicate that
a definite-length encoding shouldn't be used even if the payload size
is known */
int cryptActionSize; /* Size of key exchange actions */
int signActionSize; /* Size of signatures */
int extraDataSize; /* Size of any extra data */
BOOLEAN hasIndefiniteTrailer; /* Whether trailer size is indefinite */
/* When prepending or appending header or trailer information to an
envelope we need to record the current position in the action list so
we can continue later if we run out of room */
ACTION_LIST *lastAction;
/* When de-enveloping we may have objects present which can't be used
until user-supplied de-enveloping information is added to the
envelope. We store these in a linked list in memory until the
information needed to work with them is present. We also store a
pointer to the current position in the list which is used when
traversing the list */
CONTENT_LIST *contentList, *contentListCurrent;
/* The public-key encryption/private-key decryption and signature-check
keysets which are used to look up any keys which are required during
the enveloping/de-enveloping process */
CRYPT_KEYSET iDecryptionKeyset;
CRYPT_KEYSET iEncryptionKeyset;
CRYPT_KEYSET iSigCheckKeyset;
/* When we're encrypting or decrypting the envelope payload, the one
action we'll be performing constantly is encryption. The following
holds the internal bulk data encryption context which saves pulling it
out of the action list when it's needed. Note that since there is a
second reference held in the action list, there's no need to
explicitly delete this when we destroy the envelope object since it's
already been destroyed when the action list is destroyed */
CRYPT_CONTEXT iCryptContext;
/* Similarly, when we're hashing data it's convenient to have direct
confirmation that we have to hash it to save having to check the
action list each time, so we store a flag to indicate that hashing
is taking place here. This is only set while the hashing is taking
place, once there's no more data to be hashed it's cleared to prevent
out-of-band data from being hashed as well */
BOOLEAN hashActionsActive;
/* With some types of key management, we may have originator certs
present. These are held in the following certificate object */
CRYPT_CERTIFICATE iOriginatorChain;
/* The encryption/hashing/signature defaults for this envelope. These
are recorded here for two reasons. Firstly, we need to freeze the
defaults when the envelope is created so that a later change of the
default value won't affect the enveloping process. Secondly,
different envelope types have different defaults, and setting them
once at envelope creation is easier than checking the envelope type
and choosing the appropriate algorithm every time we need to use a
default parameter */
CRYPT_ALGO defaultHash; /* Default hash algorithm */
CRYPT_ALGO defaultAlgo; /* Default encryption algorithm */
CRYPT_ALGO defaultMAC; /* Default MAC algorithm */
#ifndef NO_COMPRESSION
/* zlib stream compression data structure used to hold the compression/
decompression state */
z_stream zStream; /* zlib state variable */
BOOLEAN zStreamInited; /* Whether compression is inited */
#endif /* NO_COMPRESSION */
/* Buffer information */
BYTE *buffer; /* Data buffer */
int bufSize; /* Total buffer size */
int bufPos; /* Last data position in buffer */
/* Auxiliary buffer used as a staging area for holding objects such as
key exchange information and signatures which may not currently fit
into the main buffer. These are generated into the auxiliary buffer
and then copied into the main buffer as required */
BYTE *auxBuffer; /* Buffer for various objects */
int auxBufSize; /* Total aux.buffer size */
int auxBufPos; /* Current position in auxiliary buffer */
STREAM auxStream; /* Auxiliary buffer I/O stream */
/* When the caller knows how large the payload will be, they can advise
the enveloping code of this, which allows a more efficient encoding of
the data. The following variable records the payload size */
long payloadSize;
/* The current state of header processing. The cryptlib/CMS and PGP
processing states are kept seperate (although they could be merged
into the same variable) because they are conceptually seperate and
shouldn't really be treated as the same thing */
ENVELOPE_STATE state; /* Current state of processing */
ENV_STATE envState; /* Current state of env.non-data proc.*/
DEENV_STATE deenvState; /* Current state of deenv.non-data proc.*/
#ifndef NO_PGP
PGP_ENV_STATE pgpEnvState; /* Current state of PGP env.n-d proc. */
PGP_DEENV_STATE pgpDeenvState; /* Current state of PGP deenv.n-d proc.*/
#endif /* NO_PGP */
int hdrSetLength; /* Remaining bytes in SET OF EKeyInfo */
/* Some data formats place out-of-band data at the start of the payload
rather than putting it in the header, the data-left variable keeps
track of how many bytes of data still need to be removed before we
can return data to the caller. In some cases the amount of data
can't be specified as a simple byte count but involves format-
specific events (eg the presence of a flag or data count in the OOB
data which indicates that there's more data present), the event-count
variable records how many of these events still need to be handled
before we can return data to the caller. Finally, some content types
(eg compressed data) don't allow lookahead reads, which are necessary
in some cases to determine how the payload needs to be handled, so we
have to remember the returned OOB data (if it's read via a lookahead
read) so we can reinsert it into the output stream on the next read
call */
int oobDataLeft; /* Remaining out-of-band data in payload */
int oobEventCount; /* No.events left to process */
BYTE oobBuffer[ OOB_BUFFER_SIZE ]; /* Buffered OOB data */
int oobBufPos;
/* The overall envelope status. Some error states (underflow/overflow
enveloping information errors, randomness errors, and a few others)
are recoverable whereas other states (bad data) aren't recoverable.
If we run into a nonrecoverable error, we remember the status here so
that any further attempts to work with the envelope will return this
status */
int errorState;
/* Information on the current OCTET STRING segment in the buffer during
the enveloping process. We keep track of the segment start point (the
byte after the OCTET STRING tag), the segment data start point (which
may move when the segment is terminated if the length encoding shrinks
due to a short segment), the remaining data in the current segment
(explicitly declared as a longint since we may be processing data
which came from a 32-bit machine on a 16-bit machine), and whether
we've just completed a segment (which we need to do before we can pop
any data from the envelope). In addition we track where the last
completed segment ends, as the buffer may contain one or more completed
segments followed by an incomplete segment, and any attempt to read
into the incomplete segment will require it to be completed first */
int segmentStart; /* Segment len+data start point */
int segmentDataStart; /* Segment data start point */
long segmentSize; /* Remaining data in segment */
BOOLEAN segmentComplete; /* Whether we've just completed a seg.*/
int segmentDataEnd; /* End of completed data */
/* If the amount of data pushed in results in only part of a segment
header being available during the decoding process, we need to record
the state information so we can continue parsing the header when more
data is pushed. The following variables record the state information
so that processing can be interrupted and resumed at any point */
SEGHDR_STATE segHdrState; /* State of segment header processing */
long segHdrSegLength; /* Current len.of seg.being processed */
int segHdrCount; /* Current length-of-length for seg.*/
/* Once the low-level segment-processing code sees the end-of-contents
octets for the payload, we need to notify the higher-level code that
anything which follows is out-of-band data which needs to be processed
at a higher level. The following flag records the fact that we've
seen the payload EOC and have moved to trailing out-of-band data.
Since the data after the EOC isn't directly retrievable by the user,
we use the dataLeft variable to keep track of how much of what's left
in the envelope is payload which can be copied out */
BOOLEAN endOfContents;
int dataLeft;
/* If we're encrypting data using a block cipher mode we need to add
PKCS #5 padding to the last segment to make it a multiple of the block
size */
BOOLEAN needsPadding; /* Whether to add PKCS #5 padding */
/* Block cipher buffer for leftover bytes. This contains any bytes
remaining to be en/decrypted when the input data size isn't a
multiple of the cipher block size */
BYTE blockBuffer[ CRYPT_MAX_IVSIZE ]; /* Buffer of bytes */
int blockBufferPos; /* Position in buffer */
int blockSize; /* Cipher block size */
int blockSizeMask; /* Mask for blockSize-sized blocks */
/* Error information */
CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
CRYPT_ERRTYPE_TYPE errorType; /* Error type */
/* Pointers to the enveloping/deenveloping functions */
int ( *addInfo )( struct EI *envelopeInfoPtr,
const CRYPT_ATTRIBUTE_TYPE envInfo,
const void *value, const int valueLength );
int ( *checkCryptAlgo )( const CRYPT_ALGO cryptAlgo,
const CRYPT_ALGO cryptMode );
int ( *checkHashAlgo )( const CRYPT_ALGO hashAlgo );
int ( *emitPreamble )( struct EI *envelopeInfoPtr );
int ( *emitPostamble )( struct EI *envelopeInfoPtr );
int ( *processPreamble )( struct EI *envelopeInfoPtr );
int ( *processPostamble )( struct EI *envelopeInfoPtr );
int ( *processExtraData )( struct EI *envelopeInfoPtr, const void *buffer,
const int length );
int ( *copyToEnvelope )( struct EI *envelopeInfoPtr, const BYTE *buffer,
const int length );
int ( *copyFromEnvelope )( struct EI *envelopeInfoPtr, BYTE *buffer,
int length );
int ( *copyToDeenvelope )( struct EI *envelopeInfoPtr,
const BYTE *buffer, int length );
int ( *copyFromDeenvelope )( struct EI *envelopeInfoPtr, BYTE *buffer,
int length );
int ( *syncDeenvelopeData )( struct EI *envelopeInfoPtr,
STREAM *stream );
/* When we clone an object, there are certain per-instance fields which
don't get cloned. These fields are located after the following
member, and must be initialised by the cloning function */
int _sharedEnd; /* Dummy used for end of shared fields */
/* The object's handle and the handle of the user who owns this object.
The former is used when sending messages to the object when only the
xxx_INFO is available, the latter is used to avoid having to fetch the
same information from the system object table */
CRYPT_HANDLE objectHandle;
CRYPT_USER ownerHandle;
/* In multithreaded environments we need to protect the information from
access by other threads while we use it. The following macro declares
the actual variables required to handle the object locking (the actual
values are defined in cryptos.h) */
DECLARE_OBJECT_LOCKING_VARS
} ENVELOPE_INFO;
/* Determine the size of the envelope payload after PKCS #5 block padding if
necessary. This isn't just the size rounded up to the nearest multiple of
the block size since if the size is already a multiple of the block size,
it expands by another block, so we make the payload look one byte longer
before rounding to the block size to ensure the one-block expansion */
#define paddedSize( size, blockSize ) \
( ( blockSize > 1 ) ? roundUp( payloadSize + 1, blockSize ) : size )
/* Prototypes for envelope action management functions */
ACTION_LIST *addAction( ACTION_LIST **actionListHeadPtrPtr,
const ACTION_TYPE actionType,
const CRYPT_HANDLE cryptHandle );
ACTION_LIST *findAction( ACTION_LIST *actionListPtr,
const ACTION_TYPE actionType );
void deleteAction( ACTION_LIST **actionListHead,
ACTION_LIST *actionListItem );
void deleteActionList( ACTION_LIST *actionListPtr );
void deleteUnusedActions( ENVELOPE_INFO *envelopeInfoPtr );
#ifndef NDEBUG
BOOLEAN actionsOK( ENVELOPE_INFO *envelopeInfoPtr );
#endif /* !NDEBUG */
/* Prototypes for content list management functions */
CONTENT_LIST *createContentListItem( const CRYPT_FORMAT_TYPE formatType,
const void *object, const int objectSize );
void appendContentListItem( ENVELOPE_INFO *envelopeInfoPtr,
const CONTENT_LIST *contentListItem );
void deleteContentList( CONTENT_LIST *contentListPtr );
/* Prepare the envelope for data en/decryption */
int initEnvelopeEncryption( ENVELOPE_INFO *envelopeInfoPtr,
const CRYPT_CONTEXT cryptContext,
const CRYPT_ALGO algorithm, const CRYPT_MODE mode,
const BYTE *iv, const int ivLength,
const BOOLEAN copyContext );
/* Prototypes for envelope mapping functions */
void initCMSEnveloping( ENVELOPE_INFO *envelopeInfoPtr );
void initPGPEnveloping( ENVELOPE_INFO *envelopeInfoPtr );
void initCMSDeenveloping( ENVELOPE_INFO *envelopeInfoPtr );
void initPGPDeenveloping( ENVELOPE_INFO *envelopeInfoPtr );
void initDataStreaming( ENVELOPE_INFO *envelopeInfoPtr );
void initResourceHandling( ENVELOPE_INFO *envelopeInfoPtr );
#endif /* _ENV_DEFINED */
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?