cryptlib.h

来自「提供了很多种加密算法和CA认证及相关服务如CMP、OCSP等的开发」· C头文件 代码 · 共 1,540 行 · 第 1/5 页

/* Whether the PKC key is a public or private key */

#define CRYPT_KEYTYPE_PRIVATE	0
#define CRYPT_KEYTYPE_PUBLIC	1

/* The type of information polling to perform to get random seed information */

#define CRYPT_RANDOM_FASTPOLL	-10
#define CRYPT_RANDOM_SLOWPOLL	-11

/* Cursor positioning codes for certificate/CRL extensions */

#define CRYPT_CURSOR_FIRST		-20
#define CRYPT_CURSOR_PREVIOUS	-21
#define CRYPT_CURSOR_NEXT		-22
#define CRYPT_CURSOR_LAST		-23

/* Options passed to cryptOpenKeyset() */

typedef enum {
	CRYPT_KEYOPT_NONE,				/* No options */
	CRYPT_KEYOPT_READONLY,			/* Open keyset in read-only mode */
	CRYPT_KEYOPT_CREATE,			/* Create a new keyset */
#ifdef _CRYPT_DEFINED
	/* Internal keyset options */
	CRYPT_IKEYOPT_EXCLUSIVEACCESS,	/* As _NONE but open for exclusive access */
#endif /* _CRYPT_DEFINED */
	CRYPT_KEYOPT_LAST				/* Last possible key option type */
#ifdef _CRYPT_DEFINED
	, CRYPT_KEYOPT_LAST_EXTERNAL = CRYPT_IKEYOPT_EXCLUSIVEACCESS
									/* Last external keyset option */
#endif /* _CRYPT_DEFINED */
	} CRYPT_KEYOPT_TYPE;

/* Macros to convert to and from the bit counts used for some encryption
   parameters */

#define bitsToBytes(bits)	( ( ( bits ) + 7 ) >> 3 )
#define bytesToBits(bytes)	( ( bytes ) << 3 )

/* The various cryptlib objects - these are just integer handles */

typedef int CRYPT_CERTIFICATE;
typedef int CRYPT_CONTEXT;
typedef int CRYPT_DEVICE;
typedef int CRYPT_ENVELOPE;
typedef int CRYPT_KEYSET;
typedef int CRYPT_SESSION;
typedef int CRYPT_USER;

/* Sometimes we don't know the exact type of a cryptlib object, so we use a
   generic handle type to identify it */

typedef int CRYPT_HANDLE;

/****************************************************************************
*																			*
*							Encryption Data Structures						*
*																			*
****************************************************************************/

/* Results returned from the encryption capability query */

typedef struct {
	/* Algorithm information */
	char algoName[ CRYPT_MAX_TEXTSIZE ];/* The algorithm name */
	int blockSize;					/* The block size of the algorithm */
	int minKeySize;					/* Minimum key size in bytes */
	int keySize;					/* Recommended key size in bytes */
	int maxKeySize;					/* Maximum key size in bytes */
	} CRYPT_QUERY_INFO;

/* Results returned from the encryption object query.  These provide
   information on the objects created by cryptExportKey()/
   cryptCreateSignature() */

typedef struct {
	/* The object type */
	CRYPT_OBJECT_TYPE objectType;	/* The object type */

	/* The encryption algorithm and mode */
	CRYPT_ALGO cryptAlgo;			/* The encryption algorithm */
	CRYPT_MODE cryptMode;			/* The encryption mode */

	/* The hash algorithm for Signature objects */
	CRYPT_ALGO hashAlgo;			/* Hash algorithm */

	/* The salt for derived keys */
	unsigned char salt[ CRYPT_MAX_HASHSIZE ];
	int saltSize;
	} CRYPT_OBJECT_INFO;

/* Key information for the public-key encryption algorithms.  These fields
   are not accessed directly, but can be manipulated with the init/set/
   destroyComponents() macros */

typedef struct {
	/* Status information */
	int isPublicKey;			/* Whether this is a public or private key */

	/* Public components */
	unsigned char n[ CRYPT_MAX_PKCSIZE ];	/* Modulus */
	int nLen;					/* Length of modulus in bits */
	unsigned char e[ CRYPT_MAX_PKCSIZE ];	/* Public exponent */
	int eLen;					/* Length of public exponent in bits */

	/* Private components */
	unsigned char d[ CRYPT_MAX_PKCSIZE ];	/* Private exponent */
	int dLen;					/* Length of private exponent in bits */
	unsigned char p[ CRYPT_MAX_PKCSIZE ];	/* Prime factor 1 */
	int pLen;					/* Length of prime factor 1 in bits */
	unsigned char q[ CRYPT_MAX_PKCSIZE ];	/* Prime factor 2 */
	int qLen;					/* Length of prime factor 2 in bits */
	unsigned char u[ CRYPT_MAX_PKCSIZE ];	/* Mult.inverse of q, mod p */
	int uLen;					/* Length of private exponent in bits */
	unsigned char e1[ CRYPT_MAX_PKCSIZE ];	/* Private exponent 1 (PKCS) */
	int e1Len;					/* Length of private exponent in bits */
	unsigned char e2[ CRYPT_MAX_PKCSIZE ];	/* Private exponent 2 (PKCS) */
	int e2Len;					/* Length of private exponent in bits */
	} CRYPT_PKCINFO_RSA;

typedef struct {
	/* Status information */
	int isPublicKey;			/* Whether this is a public or private key */

	/* Public components */
	unsigned char p[ CRYPT_MAX_PKCSIZE ];	/* Prime modulus */
	int pLen;					/* Length of prime modulus in bits */
	unsigned char q[ CRYPT_MAX_PKCSIZE ];	/* Prime divisor */
	int qLen;					/* Length of prime divisor in bits */
	unsigned char g[ CRYPT_MAX_PKCSIZE ];	/* h^( ( p - 1 ) / q ) mod p */
	int gLen;					/* Length of g in bits */
	unsigned char y[ CRYPT_MAX_PKCSIZE ];	/* Public random integer */
	int yLen;					/* Length of public integer in bits */

	/* Private components */
	unsigned char x[ CRYPT_MAX_PKCSIZE ];	/* Private random integer */
	int xLen;					/* Length of private integer in bits */
	} CRYPT_PKCINFO_DLP;

/* Macros to initialise and destroy the structure which stores the components
   of a public key */

#define cryptInitComponents( componentInfo, componentKeyType ) \
	{ memset( ( componentInfo ), 0, sizeof( *componentInfo ) ); \
	  ( componentInfo )->isPublicKey = ( ( componentKeyType ) ? 1 : 0 ); }

#define cryptDestroyComponents( componentInfo ) \
	memset( ( componentInfo ), 0, sizeof( *componentInfo ) )

/* Macros to set a component of a public key */

#define cryptSetComponent( destination, source, length ) \
	{ memcpy( ( destination ), ( source ), bitsToBytes( length ) ); \
	  ( destination##Len ) = length; }

/****************************************************************************
*																			*
*								Status Codes								*
*																			*
****************************************************************************/

/* No error in function call */

#define CRYPT_OK					0	/* No error */

/* Error in parameters passed to function */

#define CRYPT_ERROR_PARAM1		-1	/* Bad argument, parameter 1 */
#define CRYPT_ERROR_PARAM2		-2	/* Bad argument, parameter 2 */
#define CRYPT_ERROR_PARAM3		-3	/* Bad argument, parameter 3 */
#define CRYPT_ERROR_PARAM4		-4	/* Bad argument, parameter 4 */
#define CRYPT_ERROR_PARAM5		-5	/* Bad argument, parameter 5 */
#define CRYPT_ERROR_PARAM6		-6	/* Bad argument, parameter 6 */
#define CRYPT_ERROR_PARAM7		-7	/* Bad argument, parameter 7 */

/* Errors due to insufficient resources */

#define CRYPT_ERROR_MEMORY		-10	/* Out of memory */
#define CRYPT_ERROR_NOTINITED	-11	/* Data has not been initialised */
#define CRYPT_ERROR_INITED		-12	/* Data has already been init'd */
#define CRYPT_ERROR_NOSECURE	-13	/* Opn.not avail.at requested sec.level */
#define CRYPT_ERROR_RANDOM		-14	/* No reliable random data available */
#define CRYPT_ERROR_FAILED		-15	/* Operation failed */

/* Security violations */

#define CRYPT_ERROR_NOTAVAIL	-20	/* This type of opn.not available */
#define CRYPT_ERROR_PERMISSION	-21	/* No permiss.to perform this operation */
#define CRYPT_ERROR_WRONGKEY	-22	/* Incorrect key used to decrypt data */
#define CRYPT_ERROR_INCOMPLETE	-23	/* Operation incomplete/still in progress */
#define CRYPT_ERROR_COMPLETE	-24	/* Operation complete/can't continue */
#define CRYPT_ERROR_BUSY		-25	/* Resource in use by async operation */
#define CRYPT_ERROR_INVALID		-26	/* Invalid/inconsistent information */
#define CRYPT_ERROR_SIGNALLED	-27	/* Resource destroyed by extnl.event */

/* High-level function errors */

#define CRYPT_ERROR_OVERFLOW	-30	/* Resources/space exhausted */
#define CRYPT_ERROR_UNDERFLOW	-31	/* Not enough data available */
#define CRYPT_ERROR_BADDATA		-32	/* Bad/unrecognised data format */
#define CRYPT_ERROR_SIGNATURE	-33	/* Signature/integrity check failed */

/* Data access function errors */

#define CRYPT_ERROR_OPEN		-40	/* Cannot open object */
#define CRYPT_ERROR_READ		-41	/* Cannot read item from object */
#define CRYPT_ERROR_WRITE		-42	/* Cannot write item to object */
#define CRYPT_ERROR_NOTFOUND	-43	/* Requested item not found in object */
#define CRYPT_ERROR_DUPLICATE	-44	/* Item already present in object */

/* Data enveloping errors */

#define CRYPT_ENVELOPE_RESOURCE	-50	/* Need resource to proceed */

/* Macros to examine return values */

#define cryptStatusError( status )	( ( status ) < CRYPT_OK )
#define cryptStatusOK( status )		( ( status ) == CRYPT_OK )

/****************************************************************************
*																			*
*									General Functions						*
*																			*
****************************************************************************/

/* The following is necessary to stop C++ name mangling */

#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */

/* Initialise and shut down cryptlib */

C_RET cryptInit( void );
C_RET cryptInitEx( void );
C_RET cryptEnd( void );

/* Query cryptlibs capabilities */

C_RET cryptQueryCapability( C_IN CRYPT_ALGO cryptAlgo,
							C_OUT CRYPT_QUERY_INFO C_PTR cryptQueryInfo );

/* Create and destroy an encryption context */

C_RET cryptCreateContext( C_OUT CRYPT_CONTEXT C_PTR cryptContext,
						  C_IN CRYPT_USER cryptUser,
						  C_IN CRYPT_ALGO cryptAlgo );
C_RET cryptDestroyContext( C_IN CRYPT_CONTEXT cryptContext );

/* Generic "destroy an object" function */

C_RET cryptDestroyObject( C_IN CRYPT_HANDLE cryptObject );

/* Generate a key into a context */

C_RET cryptGenerateKey( C_IN CRYPT_CONTEXT cryptContext );
C_RET cryptGenerateKeyAsync( C_IN CRYPT_CONTEXT cryptContext );
C_RET cryptAsyncQuery( C_IN CRYPT_HANDLE cryptObject );
C_RET cryptAsyncCancel( C_IN CRYPT_HANDLE cryptObject );

/* Encrypt/decrypt/hash a block of memory */

C_RET cryptEncrypt( C_IN CRYPT_CONTEXT cryptContext, C_INOUT void C_PTR buffer,
					C_IN int length );
C_RET cryptDecrypt( C_IN CRYPT_CONTEXT cryptContext, C_INOUT void C_PTR buffer,
					C_IN int length );

/* Get/set/delete attribute functions */

C_RET cryptSetAttribute( C_IN CRYPT_HANDLE cryptHandle,
						 C_IN CRYPT_ATTRIBUTE_TYPE attributeType,
						 C_IN int value );
C_RET cryptSetAttributeString( C_IN CRYPT_HANDLE cryptHandle,
							   C_IN CRYPT_ATTRIBUTE_TYPE attributeType,
							   C_IN void C_PTR value, C_IN int valueLength );
C_RET cryptGetAttribute( C_IN CRYPT_HANDLE cryptHandle,
						 C_IN CRYPT_ATTRIBUTE_TYPE attributeType,
						 C_OUT int C_PTR value );
C_RET cryptGetAttributeString( C_IN CRYPT_HANDLE cryptHandle,
							   C_IN CRYPT_ATTRIBUTE_TYPE attributeType,
							   C_OUT void C_PTR value,
							   C_OUT int C_PTR valueLength );
C_RET cryptDeleteAttribute( C_IN CRYPT_HANDLE cryptHandle,
							C_IN CRYPT_ATTRIBUTE_TYPE attributeType );

/* Oddball functions: Add random data to the pool, query an encoded signature
   or key data.  These are due to be replaced once a suitable alternative can
   be found */

C_RET cryptAddRandom( C_IN void C_PTR randomData, C_IN int randomDataLength );
C_RET cryptQueryObject( C_IN void C_PTR objectData,
					    C_OUT CRYPT_OBJECT_INFO C_PTR cryptObjectInfo );

/****************************************************************************
*																			*
*							Mid-level Encryption Functions					*
*																			*
****************************************************************************/

/* Export and import an encrypted session key */

C_RET cryptExportKey( C_OUT void C_PTR encryptedKey,
					  C_OUT int C_PTR encryptedKeyLength,
					  C_IN CRYPT_HANDLE exportKey,
					  C_IN CRYPT_CONTEXT sessionKeyContext );
C_RET cryptExportKeyEx( C_OUT void