envelope.h

老外写的加密库cryptlib(版本3.1)

	   and choosing the appropriate algorithm every time we need to use a
	   default parameter */
	CRYPT_ALGO_TYPE defaultHash;		/* Default hash algorithm */
	CRYPT_ALGO_TYPE defaultAlgo;		/* Default encryption algorithm */
	CRYPT_ALGO_TYPE defaultMAC;			/* Default MAC algorithm */

#ifdef USE_COMPRESSION
	/* zlib stream compression data structure used to hold the compression/
	   decompression state */
	z_stream zStream;				/* zlib state variable */
#endif /* USE_COMPRESSION */

	/* Buffer information */
	BYTE *buffer;					/* Data buffer */
	int bufSize;					/* Total buffer size */
	int bufPos;						/* Last data position in buffer */

	/* Auxiliary buffer used as a staging area for holding signature data 
	   that may not currently fit into the main buffer.  These are generated 
	   into the auxiliary buffer and then copied into the main buffer as 
	   required */
	BYTE *auxBuffer;				/* Buffer for sig.data */
	int auxBufPos, auxBufSize;		/* Current pos and total aux.buf.size */

	/* When the caller knows in advance how large the payload will be, they 
	   can advise the enveloping code of this, which allows a more efficient 
	   encoding of the data.  The following variable records the payload 
	   size */
	long payloadSize;

	/* The current state of header processing.  The cryptlib/CMS and PGP
	   processing states are kept seperate (although they could be merged
	   into the same variable) because they are conceptually seperate and
	   shouldn't really be treated as the same thing */
	ENVELOPE_STATE state;			/* Current state of processing */
	ENV_STATE envState;				/* Current state of env.non-data proc.*/
	DEENV_STATE deenvState;			/* Current state of de-env.non-data proc.*/
#ifdef USE_PGP
	PGP_DEENV_STATE pgpDeenvState;	/* Current state of PGP de-env.n-d proc.*/
#endif /* USE_PGP */
	int hdrSetLength;				/* Remaining bytes in SET OF EKeyInfo */

	/* Some data formats place out-of-band data at the start of the payload
	   rather than putting it in the header, the data-left variable keeps
	   track of how many bytes of data still need to be removed before we
	   can return actual payload data to the caller.  In some cases the 
	   amount of data can't be specified as a simple byte count but involves 
	   format-specific events (e.g. the presence of a flag or data count in 
	   the OOB data that indicates that there's more data present), the 
	   event-count variable records how many of these events still need to 
	   be handled before we can return data to the caller.  Finally, some 
	   content types (e.g. compressed data) don't allow lookahead reads, 
	   which are necessary in some cases to determine how the payload needs 
	   to be handled.  To handle this we have to remember the returned OOB 
	   data (if it's read via a lookahead read) so that we can reinsert it 
	   into the output stream on the next read call */
	int oobDataLeft;				/* Remaining out-of-band data in payload */
	int oobEventCount;				/* No.events left to process */
	BYTE oobBuffer[ OOB_BUFFER_SIZE ];	/* Buffered OOB data */
	int oobBufPos;

	/* Information on the current OCTET STRING segment in the buffer during
	   the enveloping process.  We keep track of the segment start point 
	   (the byte after the OCTET STRING tag), the segment data start point 
	   (which may move when the segment is terminated if the length encoding 
	   shrinks due to a short segment), the remaining data in the current 
	   segment (explicitly declared as a long since we may be processing 
	   data that came from a 32-bit machine on a 16-bit machine), and 
	   whether we've just completed a segment (which we need to do before we 
	   can pop any data from the envelope, this is tracked via the
	   ENVDATA_SEGMENTCOMPLETE flag).  In addition we track where the last
	   completed segment ends, as the buffer may contain one or more 
	   completed segments followed by an incomplete segment, and any attempt 
	   to read into the incomplete segment will require it to be completed 
	   first */
	int segmentStart;				/* Segment len+data start point */
	int segmentDataStart;			/* Segment data start point */
	long segmentSize;				/* Remaining data in segment */
	int segmentDataEnd;				/* End of completed data */

	/* If the amount of data pushed in results in only part of a segment
	   header being available during the decoding process, we need to record
	   the state information so we can continue parsing the header when more
	   data is pushed.  The following variables record the state information
	   so that processing can be interrupted and resumed at any point */
	SEGHDR_STATE segHdrState;		/* State of segment header processing */
	long segHdrSegLength;			/* Current len.of seg.being processed */
	int segHdrCount;				/* Current length-of-length for seg.*/

	/* Once the low-level segment-processing code sees the end-of-contents
	   octets for the payload, we need to notify the higher-level code that
	   anything that follows is out-of-band data that needs to be processed
	   at a higher level.  We do this by setting the ENVDATA_ENDOFCONTENTS
	   flag to record the fact that we've seen the payload EOC and have 
	   moved to trailing out-of-band data.  Since the post-payload data
	   isn't directly retrievable by the user, we use the dataLeft variable 
	   to keep track of how much of what's left in the envelope is payload 
	   that can be copied out */
	int dataLeft;

	/* Block cipher buffer for leftover bytes.  This contains any bytes
	   remaining to be en/decrypted when the input data size isn't a
	   multiple of the cipher block size */
	BYTE blockBuffer[ CRYPT_MAX_IVSIZE ];	/* Buffer of bytes */
	int blockBufferPos;				/* Position in buffer */
	int blockSize;					/* Cipher block size */
	int blockSizeMask;				/* Mask for blockSize-sized blocks */

	/* The overall envelope status.  Some error states (underflow/overflow
	   enveloping information errors, randomness errors, and a few others)
	   are recoverable whereas other states (bad data) aren't recoverable.
	   If we run into a nonrecoverable error, we remember the status here so
	   that any further attempts to work with the envelope will return this
	   status */
	int errorState;

	/* Error information */
	CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
	CRYPT_ERRTYPE_TYPE errorType;	/* Error type */

	/* Pointers to the enveloping/de-enveloping functions */
	int ( *addInfo )( struct EI *envelopeInfoPtr,
					  const CRYPT_ATTRIBUTE_TYPE envInfo,
					  const void *value, const int valueLength );
	CRYPT_ATTRIBUTE_TYPE ( *checkMissingInfo )( struct EI *envelopeInfoPtr );
	int ( *checkCryptAlgo )( const CRYPT_ALGO_TYPE cryptAlgo, 
							 const CRYPT_ALGO_TYPE cryptMode );
	int ( *checkHashAlgo )( const CRYPT_ALGO_TYPE hashAlgo );
	int ( *processPreambleFunction )( struct EI *envelopeInfoPtr );
	int ( *processPostambleFunction )( struct EI *envelopeInfoPtr );
	int ( *copyToEnvelopeFunction )( struct EI *envelopeInfoPtr, 
									 const BYTE *buffer, const int length );
	int ( *copyFromEnvelopeFunction )( struct EI *envelopeInfoPtr, 
									   BYTE *buffer, int length );
	int ( *processExtraData )( struct EI *envelopeInfoPtr, const void *buffer,
							   const int length );
	int ( *syncDeenvelopeData )( struct EI *envelopeInfoPtr, 
								 STREAM *stream );

	/* The object's handle and the handle of the user who owns this object.
	   The former is used when sending messages to the object when only the 
	   xxx_INFO is available, the latter is used to avoid having to fetch the
	   same information from the system object table */
	CRYPT_HANDLE objectHandle;
	CRYPT_USER ownerHandle;

	/* The local memory pool used to allocate small data objects attached to 
	   the envelope */
	MEMPOOL_STATE memPoolState;

	/* Variable-length storage for the type-specific data */
	DECLARE_VARSTRUCT_VARS;
	} ENVELOPE_INFO;

/* Prototypes for envelope action management functions */

ACTION_LIST *addAction( ACTION_LIST **actionListHeadPtrPtr,
						MEMPOOL_STATE memPoolState,
						const ACTION_TYPE actionType,
						const CRYPT_HANDLE cryptHandle );
ACTION_LIST *findAction( ACTION_LIST *actionListPtr,
						 const ACTION_TYPE actionType );
void deleteAction( ACTION_LIST **actionListHead, 
				   MEMPOOL_STATE memPoolState,	
				   ACTION_LIST *actionListItem );
void deleteActionList( MEMPOOL_STATE memPoolState,
					   ACTION_LIST *actionListPtr );
void deleteUnusedActions( ENVELOPE_INFO *envelopeInfoPtr );
#ifndef NDEBUG
  BOOLEAN actionsOK( ENVELOPE_INFO *envelopeInfoPtr );
#endif /* !NDEBUG */

/* Prototypes for content list management functions */

CONTENT_LIST *createContentListItem( MEMPOOL_STATE memPoolState, 
									 const CRYPT_FORMAT_TYPE formatType,
									 const void *object, const int objectSize,
									 const BOOLEAN isSigObject );
void appendContentListItem( ENVELOPE_INFO *envelopeInfoPtr,
							const CONTENT_LIST *contentListItem );
void deleteContentList( MEMPOOL_STATE memPoolState,
						CONTENT_LIST *contentListPtr );

/* Prepare the envelope for data en/decryption */

int initEnvelopeEncryption( ENVELOPE_INFO *envelopeInfoPtr,
							const CRYPT_CONTEXT cryptContext,
							const CRYPT_ALGO_TYPE algorithm, 
							const CRYPT_MODE_TYPE mode,
							const BYTE *iv, const int ivLength,
							const BOOLEAN copyContext );

/* Prototypes for envelope mapping functions */

#ifdef USE_CMS
  void initCMSEnveloping( ENVELOPE_INFO *envelopeInfoPtr );
  void initCMSDeenveloping( ENVELOPE_INFO *envelopeInfoPtr );
#else
  #define initCMSEnveloping( envelopeInfoPtr )
  #define initCMSDeenveloping( envelopeInfoPtr )
#endif /* USE_CMS */
#ifdef USE_PGP
  void initPGPEnveloping( ENVELOPE_INFO *envelopeInfoPtr );
  void initPGPDeenveloping( ENVELOPE_INFO *envelopeInfoPtr );
#else
  #define initPGPEnveloping( envelopeInfoPtr )
  #define initPGPDeenveloping( envelopeInfoPtr )
#endif /* USE_PGP */
void initEnvelopeStreaming( ENVELOPE_INFO *envelopeInfoPtr );
void initDeenvelopeStreaming( ENVELOPE_INFO *envelopeInfoPtr );
void initResourceHandling( ENVELOPE_INFO *envelopeInfoPtr );
#endif /* _ENV_DEFINED */