cryptctx.h

提供了很多种加密算法和CA认证及相关服务如CMP、OCSP等的开发

	   identify the domain of the originator and recipient keys) and the
	   public value used in the key agreement process.  These are just 
	   pointers to the encoded data in the publicKeyInfo */
	void *domainParamPtr;			/* Domain parameters within publicKeyInfo */
	int domainParamSize;
	void *publicValuePtr;			/* Public value within publicKeyInfo */
	int publicValueSize;
	} PKC_INFO;

typedef struct {
	/* Data required to store the current state of the hashing */
	void *hashInfo;					/* Current hash state */

	/* Hash information.  This is the result of the hash operation, which has
	   to be stored in the context for certain implementations which return
	   the hash result immediately as part of the final part of the hashing
	   operation.  This also means we can destroy the algorithm-specific
	   information as soon as the hashing has completed */
	BYTE hash[ CRYPT_MAX_HASHSIZE ];

	/* A flag which is set if processing has completed and can't be resumed */
	BOOLEAN done;					/* Whether the operation is complete */
	} HASH_INFO;

typedef struct {
	/* User keying information */
	BYTE userKey[ CRYPT_MAX_KEYSIZE ];	/* User MAC key */
	int userKeyLength;				/* User MAC key length in bytes */
	BOOLEAN keySet;					/* Whether the key is set up */

	/* Data required to store the current state of the MACing */
	void *macInfo;					/* Current MAC state */

	/* MAC information.  This is the result of the hash operation, which has
	   to be stored in the context for certain implementations which return
	   the hash result immediately as part of the final part of the hashing
	   operation.  This also means we can destroy the algorithm-specific
	   information as soon as the hashing has completed */
	BYTE mac[ CRYPT_MAX_HASHSIZE ];

	/* A flag which is set if processing has completed and can't be resumed */
	BOOLEAN done;					/* Whether the operation is complete */

	/* Information obtained when a key suitable for use by this algorithm
	   is derived from a longer user key */
	BYTE salt[ CRYPT_MAX_HASHSIZE ];/* Salt */
	int saltLength;					/* Salt size */
	int keySetupIterations;			/* Number of times setup was iterated */
	CRYPT_ALGO keySetupAlgorithm;	/* Algorithm used for key setup */
	} MAC_INFO;

/* Defines to make access to the union fields less messy */

#define ctxConv		keyingInfo.convInfo
#define ctxPKC		keyingInfo.pkcInfo
#define ctxHash		keyingInfo.hashInfo
#define ctxMAC		keyingInfo.macInfo

/* An encryption context */

typedef struct CI {
	/* Basic information on the encryption we're using */
	const CAPABILITY_INFO *capabilityInfo;	/* Encryption capability info */

	/* The algorithm-type-specific information */
	CONTEXT_TYPE type;				/* The context type */
	union {
		CONV_INFO convInfo;
		PKC_INFO pkcInfo;
		HASH_INFO hashInfo;
		MAC_INFO macInfo;
		} keyingInfo;				/* Algorithm-specific information */
	BOOLEAN keyingInfoInited;		/* Whether algo-specific info is inited */

	/* If implemented using a crypto device, the object information is
	   usually stored inside the device.  The following value contains the
	   reference to the crypto object inside the device */
	long deviceObject;

	/* The label for this object, typically used to identify stored keys */
	char label[ CRYPT_MAX_TEXTSIZE ];/* Text string identifying key */
	int labelSize;					/* Size of label */

	/* Whether the context is being used for an asynchronous operation such
	   as key generation, and whether to abort the asynchronous operation.
	   If the object status is set to CRYPT_BUSY, any attempt to access it
	   will return CRYPT_BUSY.  The doAbort flag is used by cryptAsyncAbort()
	   to signal to the async operation that it should finish processing and
	   clean up.  The done flag is used to indicate that the async operation
	   has completed, so that further status change operations have no
	   effect.  The asyncStatus records the result of the operation, which is
	   returned from cryptAsyncQuery() */
	BOOLEAN doAbort;				/* Whether to abort async operation */
	BOOLEAN done;					/* Whether async operation is complete */
	int asyncStatus;				/* Exit status of the async operation */

	/* Error information */
	CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
	CRYPT_ERRTYPE_TYPE errorType;	/* Error type */

	/* When we clone an object, there are certain per-instance fields which
	   don't get cloned.  These fields are located after the following
	   member, and must be initialised by the cloning function */
	int _sharedEnd;					/* Dummy used for end of shared fields */

	/* The object's handle and the handle of the user who owns this object.
	   The former is used when sending messages to the object when only the 
	   xxx_INFO is available, the latter is used to avoid having to fetch the
	   same information from the system object table */
	CRYPT_HANDLE objectHandle;
	CRYPT_USER ownerHandle;

	/* In multithreaded environments we need to protect the information from
	   access by other threads while we use it.  The following macro declares
	   the actual variables required to handle the object locking (the actual 
	   values are defined in cryptos.h) */
	DECLARE_OBJECT_LOCKING_VARS
	} CRYPT_INFO;

/* Symbolic defines for the various PKC components for different PKC
   algorithms.  All of the DLP algorithms actually use the same parameters,
   so we define generic DLP names for them */

#define isDLPAlgorithm( algo ) \
		( ( algo ) == CRYPT_ALGO_DH || ( algo ) == CRYPT_ALGO_DSA || \
		  ( algo ) == CRYPT_ALGO_ELGAMAL )

#define dlpParam_p			param1
#define dlpParam_g			param2
#define dlpParam_q			param3
#define dlpParam_y			param4
#define dlpParam_x			param5
#define dhParam_yPrime		param6		/* Special value for DH */

#define rsaParam_n			param1
#define rsaParam_e			param2
#define rsaParam_d			param3
#define rsaParam_p			param4
#define rsaParam_q			param5
#define rsaParam_u			param6
#define rsaParam_exponent1	param7
#define rsaParam_exponent2	param8
#define rsaParam_mont_n		montCTX1
#define rsaParam_mont_p		montCTX2
#define rsaParam_mont_q		montCTX3

/* Because there's no really clean way to throw an exception in C and the
   bnlib routines don't carry around state information like the stream
   library does, we need to perform an error check for most of the routines
   we call.  To make this slightly less ugly we define the following macro
   which performs the check for us by updating a variable called `status'
   with the result of a bnlib call */

#define CK( x )	status |= x

/****************************************************************************
*																			*
*								Internal API Functions						*
*																			*
****************************************************************************/

/* Low-level capability checking and context-creation functions used when 
   creating a context in a device */

int checkCapability( const CAPABILITY_INFO FAR_BSS *capabilityInfoPtr );
int createContextFromCapability( CRYPT_CONTEXT *cryptContext,
						const CRYPT_USER cryptOwner,
						const CAPABILITY_INFO FAR_BSS *capabilityInfoPtr,
						const int objectFlags );

/* Key-generation and related routines */

int generateDLPKey( CRYPT_INFO *cryptInfo, const int keyBits, 
					const int qBits, const BOOLEAN generateDomainParameters );
int checkDLParams( const CRYPT_INFO *cryptInfo, const BOOLEAN isPKCS3 );
int generateBignum( BIGNUM *bn, const int noBits, const BYTE high,
					const BYTE low );
int calculateKeyID( CRYPT_INFO *cryptInfo );
int encodeDLValues( BYTE *buffer, const int bufSize, BIGNUM *value1, 
					BIGNUM *value2, const CRYPT_FORMAT_TYPE formatType );
int decodeDLValues( const BYTE *buffer, const int bufSize, BIGNUM **value1, 
					BIGNUM **value2, const CRYPT_FORMAT_TYPE formatType );
int keygenCallback( void *callbackArg );

#endif /* _CRYPTCTX_DEFINED */