keyset.h

老外写的加密库cryptlib(版本3.1)

	   needed for the communications channel */
	void ( *dispatchFunction )( void *stateInfo, BYTE *buffer );
	void *stateInfo;

	/* Pointers to database-specific keyset access methods */
	int ( *certMgmtFunction )( struct KI *keysetInfo, 
							   CRYPT_CERTIFICATE *iCryptCert,
							   const CRYPT_CERTIFICATE caKey,
							   const CRYPT_CERTIFICATE request,
							   const CRYPT_CERTACTION_TYPE action );

	/* Database backend access functions.  These use the dispatch function 
	   above to communicate with the backend */
	int ( *openDatabaseFunction )( struct DI *dbmsInfo, const char *name,
								   const int options );
	void ( *closeDatabaseFunction )( struct DI *dbmsInfo );
	int ( *performUpdateFunction )( struct DI *dbmsInfo, const char *command,
									const void *boundData, 
									const int boundDataLength,
									const time_t boundDate,
									const DBMS_UPDATE_TYPE updateType );
	int ( *performStaticUpdateFunction )( struct DI *dbmsInfo, 
										  const char *command );
	int ( *performQueryFunction )( struct DI *dbmsInfo, const char *command,
								   char *data, int *dataLength, 
								   const time_t date,
								   const DBMS_QUERY_TYPE queryType );
	int ( *performStaticQueryFunction )( struct DI *dbmsInfo, 
										 const char *command,
										 const DBMS_QUERY_TYPE queryType );

	/* Last-error information returned from lower-level code */
	int errorCode;
	char errorMessage[ MAX_ERRMSG_SIZE ];
	} DBMS_INFO;

typedef struct {
	/* The I/O stream */
	STREAM stream;					/* I/O stream for HTTP read */

	/* An HTTP fetch differs from the other types of read in that it can
	   return data in multiple chunks depending on how much comes over the
	   net at once.  Because of this we need to track what's come in, and
	   also allocate more buffer space on demand if required.  The following
	   variables handle the on-demand reallocation of buffer space */
	int bufPos;						/* Current position in buffer */

	/* Last-error information returned from lower-level code */
	int errorCode;
	char errorMessage[ MAX_ERRMSG_SIZE ];
	} HTTP_INFO;

typedef struct {
	/* LDAP status information */
	BOOLEAN queryInProgress;		/* Whether ongoing query is in progress */

	/* LDAP access information */
	void *ld;						/* LDAP connection information */
	void *result;					/* State information for ongoing queries */

	/* The names of the object class and various attributes.  These are
	   stored as part of the keyset context since they may be user-defined or
	   the library-wide definition may change over time */
	char nameObjectClass[ CRYPT_MAX_TEXTSIZE + 1 ];	/* Name of object class */
	char nameFilter[ CRYPT_MAX_TEXTSIZE + 1 ];	/* Name of query filter */
	char nameCACert[ CRYPT_MAX_TEXTSIZE + 1 ];	/* Name of CA cert attribute */
	char nameCert[ CRYPT_MAX_TEXTSIZE + 1 ];	/* Name of cert attribute */
	char nameCRL[ CRYPT_MAX_TEXTSIZE + 1 ];		/* Name of CRL attribute */
	char nameEmail[ CRYPT_MAX_TEXTSIZE + 1 ];	/* Name of email addr.attr.*/
	CRYPT_CERTTYPE_TYPE objectType;				/* Preferred obj.type to fetch */

	/* When storing a cert we need the certificate DN, email address,
	   and cert expiry date */
	char C[ CRYPT_MAX_TEXTSIZE + 1 ], SP[ CRYPT_MAX_TEXTSIZE + 1 ],
		L[ CRYPT_MAX_TEXTSIZE + 1 ], O[ CRYPT_MAX_TEXTSIZE + 1 ],
		OU[ CRYPT_MAX_TEXTSIZE + 1 ], CN[ CRYPT_MAX_TEXTSIZE + 1 ];
	char email[ CRYPT_MAX_TEXTSIZE + 1 ];
	time_t date;

	/* Last-error information returned from lower-level code */
	int errorCode;
	char errorMessage[ MAX_ERRMSG_SIZE ];
	} LDAP_INFO;

/* Defines to make access to the union fields less messy */

#define keysetFile		keysetInfo.fileInfo
#define keysetDBMS		keysetInfo.dbmsInfo
#define keysetHTTP		keysetInfo.httpInfo
#define keysetLDAP		keysetInfo.ldapInfo

/* The structure that stores information on a keyset */

typedef struct KI {
	/* General keyset information */
	KEYSET_TYPE type;				/* Keyset type (native, PGP, X.509, etc) */
	KEYSET_SUBTYPE subType;			/* Keyset subtype (public, private, etc) */
	CRYPT_KEYOPT_TYPE options;		/* Keyset option */
	int flags;						/* Keyset information flags */

	/* Keyset type-specific information */
	union {
		FILE_INFO *fileInfo;
		DBMS_INFO *dbmsInfo;
		HTTP_INFO *httpInfo;
		LDAP_INFO *ldapInfo;
		} keysetInfo;

	/* Pointers to keyset access methods */
	int ( *initFunction )( struct KI *keysetInfo, const char *name,
						   const CRYPT_KEYOPT_TYPE options );
	void ( *shutdownFunction )( struct KI *keysetInfo );
	int ( *getAttributeFunction )( struct KI *keysetInfo, void *data,
								   const CRYPT_ATTRIBUTE_TYPE type );
	int ( *setAttributeFunction )( struct KI *keysetInfo, const void *data,
								   const CRYPT_ATTRIBUTE_TYPE type );
	int ( *getItemFunction )( struct KI *keysetInfo,
							  CRYPT_HANDLE *iCryptHandle,
							  const KEYMGMT_ITEM_TYPE itemType,
							  const CRYPT_KEYID_TYPE keyIDtype,
							  const void *keyID,  const int keyIDlength,
							  void *auxInfo, int *auxInfoLength,
							  const int flags );
	int ( *setItemFunction )( struct KI *deviceInfo,
							  const CRYPT_HANDLE iCryptHandle,
							  const KEYMGMT_ITEM_TYPE itemType,
							  const char *password, const int passwordLength,
							  const int flags );
	int ( *deleteItemFunction )( struct KI *keysetInfo,
								 const KEYMGMT_ITEM_TYPE itemType,
								 const CRYPT_KEYID_TYPE keyIDtype,
								 const void *keyID, const int keyIDlength );
	int ( *getFirstItemFunction )( struct KI *keysetInfo,
								   CRYPT_CERTIFICATE *iCertificate,
								   int *stateInfo,
								   const CRYPT_KEYID_TYPE keyIDtype,
								   const void *keyID, const int keyIDlength,
								   const KEYMGMT_ITEM_TYPE itemType,
								   const int options );
	int ( *getNextItemFunction )( struct KI *keysetInfo,
								  CRYPT_CERTIFICATE *iCertificate,
								  int *stateInfo, const int options );
	BOOLEAN ( *isBusyFunction )( struct KI *keysetInfo );

	/* Some keysets require keyset-type-specific data storage which is
	   managed via the following variables */
	void *keyData;					/* Keyset data buffer */
	int keyDataSize;				/* Buffer size */

	/* Error information */
	CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
	CRYPT_ERRTYPE_TYPE errorType;	/* Error type */

	/* The object's handle and the handle of the user who owns this object.
	   The former is used when sending messages to the object when only the
	   xxx_INFO is available, the latter is used to avoid having to fetch the
	   same information from the system object table */
	CRYPT_HANDLE objectHandle;
	CRYPT_USER ownerHandle;

	/* Variable-length storage for the type-specific data */
	DECLARE_VARSTRUCT_VARS;
	} KEYSET_INFO;

/* Prototypes for various utility functions in cryptdbx.c.  retExt() returns 
   after setting extended error information for the keyset.  We use a macro 
   to make it match the standard return statement, the slightly unusual form 
   is required to handle the fact that the helper function is a varargs
   function */

int retExtFnKeyset( KEYSET_INFO *keysetInfoPtr, const int status, 
					const char *format, ... );
#define retExt	return retExtFnKeyset

/* Prototypes for keyset mapping functions */

#ifdef USE_ODBC
  int dbxInitODBC( void );
  void dbxEndODBC( void );
#else
  #define dbxInitODBC()						CRYPT_OK
  #define dbxEndODBC()
#endif /* USE_ODBC */
#ifdef USE_DBMS
  int setAccessMethodDBMS( KEYSET_INFO *keysetInfo,
						   const CRYPT_KEYSET_TYPE type );
#else
  #define setAccessMethodDBMS( x, y )		CRYPT_ARGERROR_NUM1
#endif /* USE_DBMS */
#ifdef USE_HTTP
  int setAccessMethodHTTP( KEYSET_INFO *keysetInfo );
#else
  #define setAccessMethodHTTP( x )			CRYPT_ARGERROR_NUM1
#endif /* USE_HTTP */
#ifdef USE_LDAP
  int dbxInitLDAP( void );
  void dbxEndLDAP( void );
  int setAccessMethodLDAP( KEYSET_INFO *keysetInfo );
#else
  #define dbxInitLDAP()						CRYPT_OK
  #define dbxEndLDAP()
  #define setAccessMethodLDAP( x )			CRYPT_ARGERROR_NUM1
#endif /* USE_LDAP */
#ifdef USE_PGPKEYS
  int setAccessMethodPGPPublic( KEYSET_INFO *keysetInfo );
  int setAccessMethodPGPPrivate( KEYSET_INFO *keysetInfo );
#else
  #define setAccessMethodPGPPublic( x )		CRYPT_ARGERROR_NUM1
  #define setAccessMethodPGPPrivate( x )	CRYPT_ARGERROR_NUM1
#endif /* USE_PGPKEYS */
#ifdef USE_PKCS12
  int setAccessMethodPKCS12( KEYSET_INFO *keysetInfo );
#else
  #define setAccessMethodPKCS12( x )		CRYPT_ARGERROR_NUM1
#endif /* PKCS #12 */
#ifdef USE_PKCS15
  int setAccessMethodPKCS15( KEYSET_INFO *keysetInfo );
#else
  #define setAccessMethodPKCS15( x )		CRYPT_ARGERROR_NUM1
#endif /* PKCS #15 */
#ifdef USE_PKCS12
  #define isWriteableFileKeyset( type ) \
		  ( ( type ) == KEYSET_SUBTYPE_PKCS12 || \
			( type ) == KEYSET_SUBTYPE_PKCS15 )
#else
  #define isWriteableFileKeyset( type ) \
		  ( ( type ) == KEYSET_SUBTYPE_PKCS15 )
#endif /* Writeable keyset subtypes */
#endif /* _KEYSET_DEFINED */