keyset.h

提供了很多种加密算法和CA认证及相关服务如CMP、OCSP等的开发

/****************************************************************************
*																			*
*					  cryptlib Keyset Interface Header File 				*
*						Copyright Peter Gutmann 1996-2002					*
*																			*
****************************************************************************/

#ifndef _KEYSET_DEFINED

#define _KEYSET_DEFINED

/* Various include files needed by the DBMS libraries.  To enable the code
   for a particular database interface, define DBX_<database-type> (multiple
   database types can be defined, the required interface is selected at
   runtime).  Currently supported database types and operating systems are:

	DBX_ODBC		Generic ODBC (always enabled under Windows)
	DBX_MYSQL		MySQL
	DBX_LDAP		LDAP (always enabled under Windows)
	NET_TCP			HTTP (always enabled under Unix and Windows) */

#include <time.h>
#ifdef DBX_ODBC
  /* As part of the ever-changing way of identifying Win32, Microsoft changed
	 the predefined constant from WIN32 to _WIN32 in VC++ 2.1.  However the
	 ODBC header files still expect to find WIN32, and if this isn't defined
	 will use the default (ie C) calling convention instead of the Pascal
	 convention which is actually used by the ODBC functions.  This means
	 that both the caller and the callee clean up the stack, so that for each
	 ODBC call the stack creeps upwards by a few bytes until eventually the
	 local variables and/or return address get trashed.  This problem is
	 usually hidden by the fact that something else defines WIN32 so
	 everything works OK, but the October 1997 development platform upgrade
	 changes this so that compiling the code after this update is installed
	 breaks things.

	 To avoid this problem, we define WIN32 if it isn't defined, which
	 ensures that the ODBC header files work properly */
  #if defined( __WIN32__ ) && !defined( WIN32 )
	#define WIN32
  #endif /* __WIN32__ && !WIN32 */
  #if defined( __BORLANDC__ )
	#include <mfc/sqltypes.h>
  #else
	#include <sql.h>
	#include <sqlext.h>
  #endif /* Borland vs Microsoft C */
#endif /* __WINDOWS__ */
#ifdef DBX_MSQL
  #include "msql.h"
#endif /* DBX_MSQL */
#ifdef DBX_MYSQL
  #include <mysql.h>
#endif /* DBX_MYSQL */
#ifdef DBX_ORACLE
  #include "oratypes.h"
  #include "ocidfn.h"
  #include "ociapr.h"
#endif /* DBX_ORACLE */
#ifdef DBX_POSTGRES
  #include "libpq-fe.h"
#endif /* DBX_POSTGRES */
#ifndef _STREAM_DEFINED
  #if defined( INC_ALL )
	#include "stream.h"
  #elif defined( INC_CHILD )
	#include "../keymgmt/stream.h"
  #else
	#include "keymgmt/stream.h"
  #endif /* Compiler-specific includes */
#endif /* _STREAM_DEFINED */

/* The size of various fields, or the maximum size if the exact size is of
   variable length.  The keyID size is based on the size of the base64-encoded
   first 128 bits of an SHA-1 hash (the base64 encoding adds up to 2 bytes of
   padding and a byte of null terminator, we strip the padding after encoding
   so the given encoded size is slightly shorter than normal).  The field
   size value is encoded into the SQL strings and is also given in text form
   for this purpose (without the terminator being included).  The SQL query
   size is the size of the DN and other components, the key ID's, and the key
   itself */

#define DBXKEYID_SIZE				16		/* Full keyID = 128 bits */
#define MAX_ENCODED_DBXKEYID_SIZE	23		/* base64-encoded + '\0' */
#define TEXT_DBXKEYID_SIZE			"22"

#define MAX_CERT_SIZE				1536
#define MAX_ENCODED_CERT_SIZE		2048	/* base64-encoded */
#define TEXT_MAX_ENCODED_CERT_SIZE	"2047"
#define MAX_SQL_QUERY_SIZE			( ( 7 * CRYPT_MAX_TEXTSIZE ) + \
									  ( 3 * MAX_ENCODED_DBXKEYID_SIZE ) + \
									  MAX_ENCODED_CERT_SIZE + 128 )

/* When performing a query the database glue code limits the maximum returned
   data size to a certain size, the following define allows us to declare a
   fixed-size buffer which we know will always be big enough */

#define MAX_QUERY_RESULT_SIZE		MAX_ENCODED_CERT_SIZE

/* Some older compilers don't yet have the ANSI FILENAME_MAX define so we
   define a reasonable value here (the length is checked when we open the
   keyset so there's no chance it'll overflow even if the OS path limit is
   higher than what's defined here) */

#ifndef FILENAME_MAX
  #if defined( __MSDOS16__ )
	#define FILENAME_MAX	80
  #elif defined( __hpux )
	#include <sys/param.h>	/* HPUX's stdio.h defines this to be 14 (!!) */
	#define FILENAME_MAX	MAXPATHLEN
  #else
	#define FILENAME_MAX	256
  #endif /* __MSDOS16__ */
#endif /* FILENAME_MAX */

/* The precise type of the key file we're working with.  This is used for
   type checking to make sure we don't try to find private keys in a
   collection of public-key certificates or whatever */

typedef enum {
	KEYSET_SUBTYPE_NONE,			/* Unknown */
	KEYSET_SUBTYPE_ERROR,			/* Bad keyset format */
	KEYSET_SUBTYPE_PGP_PUBLIC,		/* PGP public keyring */
	KEYSET_SUBTYPE_PGP_PRIVATE,		/* PGP private keyring */
	KEYSET_SUBTYPE_PKCS12,			/* PKCS #12 key mess */
	KEYSET_SUBTYPE_PKCS15			/* PKCS #15 keys */
	} KEYSET_SUBTYPE;

/* When perform a DBMS transaction there are several variations on the basic
   operation type.  The following values tell performQuery() and
   performUpdate() which type of operation to perform */

typedef enum {
	DBMS_QUERY_NORMAL,				/* Standard data fetch */
	DBMS_QUERY_CHECK,				/* Check-type fetch, don't fetch data */
	DBMS_QUERY_START,				/* Begin an ongoing query */
	DBMS_QUERY_CONTINUE,			/* Continue an ongoing query */
	DBMS_QUERY_CANCEL				/* Cancel ongoing query */
	} DBMS_QUERY_TYPE;

typedef enum {
	DBMS_UPDATE_NORMAL,				/* Standard update */
	DBMS_UPDATE_BEGIN,				/* Begin a transaction */
	DBMS_UPDATE_CONTINUE,			/* Continue an ongoing transaction */
	DBMS_UPDATE_COMMIT,				/* Commit a transaction */
	DBMS_UPDATE_ABORT				/* Abort a transaction */
	} DBMS_UPDATE_TYPE;

/* Database feature information returned when the keyset is opened */

#define DBMS_FLAG_NONE		0x00
#define DBMS_FLAG_BINARYBLOBS 0x01	/* DBMS supports binary blobs */

/* Database state information maintained by the database backed-specific
   code */

typedef struct {
	/* DBMS status information */
	BOOLEAN needsUpdate;			/* Whether key DBX needs to be committed */
	BOOLEAN hasBinaryBlobs;			/* Whether DBMS supports binary blobs */
	char blobName[ 64 ];			/* Name of blob data type */

	/* Pointers to error information returned by the database.  The data
	   itself is stored in a common location in the KEYSET_INFO struct */
	int errorCode;
	char errorMessage[ MAX_ERRMSG_SIZE ];

	/* Database-specific information */
  #ifdef __WINDOWS__
	/* ODBC access information */
	HENV hEnv;						/* Environment handle */
	HDBC hDbc;						/* Connection handle */
	HSTMT hStmt;					/* Statement handle */
	SWORD blobType;					/* SQL type of blob data type */
	SDWORD cbBlobLength;			/* Length of key (blob) data */
	char dateTimeName[ 64 ];		/* Name of datetime data type */
	char escapeChar;				/* SQL query escape char */
  #endif /* __WINDOWS__ */
  #ifdef DBX_MYSQL
	MYSQL *connection;				/* Connection handle */
	MYSQL_RES *result;				/* Result set */
  #endif /* DBX_MYSQL */
  #ifdef DBX_ORACLE
	Lda_Def lda;					/* Logon data area */
	ub1 hda[ 256 ];					/* Host data area */
	Cda_Def cda;					/* Cursor data area */
  #endif /* DBX_ORACLE */
  #ifdef DBX_POSTGRES
	PGconn *pgConnection;			/* Connection handle */
	PGresult *pgResult;				/* Query result handle */
  #endif /* DBX_POSTGRES */
  #ifdef NET_TCP
	STREAM stream;					/* Network I/O stream */
  #endif /* NET_TCP */
	} DBMS_STATE_INFO;

/* The internal fields in a keyset which hold data for the various keyset
   types.   These are implemented as a union to allow keyset-type-specific