crypt.h

老外写的加密库cryptlib(版本3.1)

int attributeCopy( RESOURCE_DATA *msgData, const void *attribute,
				   const int attributeLength );

/* Check whether a password is valid or not.  Currently this just checks that
   it contains at least one character, but stronger checking can be
   substituted if required */

#define checkBadPassword( password ) \
		( checkBadPtrRead( password, 1 ) || ( strlen( password ) < 1 ) )

/* Check whether a given algorithm is available for use.  This is performed
   frequently enough that we have a special function for it rather than
   querying the system object */

BOOLEAN algoAvailable( const CRYPT_ALGO_TYPE cryptAlgo );

/* In exceptional circumstances an attempt to read the time can fail,
   returning either a garbage value (unsigned time_t) or -1 (signed time_t).
   This can be problematic because many crypto protocols and operations use
   the time at some point.  In order to protect against this, we provide a
   safe time-read function that returns either a sane time value or zero,
   and for situations where the absolute time isn't critical an approximate
   current-time function that returns either a sane time value or an
   approximate value hardcoded in at compile time.  Finally, we provide a
   reliable time function used for operations such as signing certs and 
   timestamping that tries to get the time from a hardware time source if 
   one is available.

   The following two values define the minimum time value that's regarded as
   being a valid time (we have to allow dates slightly before the current
   time because of things like backdated cert revocations, as a rule of
   thumb we allow a date up to five years in the past) and an approximation
   of the current time, with the constraint that it's not after the current
   date */

#define MIN_TIME_VALUE			( ( 1998 - 1970 ) * 365 * 86400L )
#define CURRENT_TIME_VALUE		( MIN_TIME_VALUE + ( 86400 * 365 * 4 ) )

#include <time.h>

time_t getTime( void );
time_t getApproxTime( void );
time_t getReliableTime( const CRYPT_HANDLE cryptHandle );

/* Compare two strings in a case-insensitive manner for those systems that
   don't have this function */

#if defined( __UNIX__ ) && !defined( __CYGWIN__ )
  #define strnicmp	strncasecmp
  #define stricmp	strcasecmp
#elif defined( __xxxOS___ )
  int strnicmp( const char *src, const char *dest, const int length );
  int stricmp( const char *src, const char *dest );
#endif /* OS-specific case-insensitive string compares */

/* Hash state information.  We can either call the hash function with
   HASH_ALL to process an entire buffer at a time, or HASH_START/
   HASH_CONTINUE/HASH_END to process it in parts */

typedef enum { HASH_START, HASH_CONTINUE, HASH_END, HASH_ALL } HASH_STATE;

/* The hash functions are used quite a bit so we provide an internal API for
   them to avoid the overhead of having to set up an encryption context
   every time they're needed.  These take a block of input data and hash it,
   leaving the result in the output buffer.  If the hashState parameter is
   HASH_ALL the hashInfo parameter may be NULL, in which case the function
   will use its own memory for the hashInfo */

#ifdef _BIG_WORDS
  typedef BYTE HASHINFO[ 280 ];	/* RIPEMD160: 24 * sizeof( long64 ) + 64 */
#else
  typedef BYTE HASHINFO[ 100 ];	/* RIPEMD160: 24 * sizeof( long ) */
#endif /* _BIG_WORDS */

typedef void ( *HASHFUNCTION )( HASHINFO hashInfo, BYTE *outBuffer, \
								const BYTE *inBuffer, const int length, \
								const HASH_STATE hashState );

void getHashParameters( const CRYPT_ALGO_TYPE hashAlgorithm,
						HASHFUNCTION *hashFunction, int *hashOutputSize );

/* Sometimes all we want is a quick-reject check (usually performed to
   lighten the load when we need to do a full hash check), the following
   function returns an integer checksum that can be used to weed out
   non-matches */

int checksumData( const void *data, const int dataLength );

/* Dynamic buffer management functions.  When reading variable-length
   attribute data we can usually fit the data in a small, fixed-length
   buffer, but occasionally we have to cope with larger data amounts that
   require a dynamically-allocated buffer.  The following routines manage
   this process, dynamically allocating and freeing a larger buffer if
   required */

#define DYNBUF_SIZE		1024

typedef struct {
	void *data;						/* Pointer to data */
	int length;
	BYTE dataBuffer[ DYNBUF_SIZE ];	/* Data buf.if size <= DYNBUF_SIZE */
	} DYNBUF;

int dynCreate( DYNBUF *dynBuf, const CRYPT_HANDLE cryptHandle,
			   const CRYPT_ATTRIBUTE_TYPE attributeType );
void dynDestroy( DYNBUF *dynBuf );

#define dynLength( dynBuf )		( dynBuf ).length
#define dynData( dynBuf )		( dynBuf ).data

/* Export data to a stream without the overhead of going via a dynbuf.  The
   first parameter for this function is actually a STREAM *, but we can't
   use this here since STREAM * hasn't been defined yet */

int exportAttributeToStream( void *streamPtr, const CRYPT_HANDLE cryptHandle,
							 const CRYPT_ATTRIBUTE_TYPE attributeType );
int exportCertToStream( void *streamPtr,
						const CRYPT_CERTIFICATE cryptCertificate,
						const CRYPT_CERTTYPE_TYPE certType );

/* In order to make it easier to add lots of arbitrary-sized random data
   values, we make the following functions available to the polling code to
   implement a clustered-write mechanism for small data quantities.  These
   add an integer, long, or (short) string value to a buffer and send it
   through to the system device when the buffer is full.  The caller
   declares a state variable of type RANDOM_STATE, calls initRandomData() to
   initialise it, calls addRandomData() for each consecutive piece of data
   to add to the buffer, and finally calls endRandomData() to flush the data
   through to the system device.  We also provide an addRandomValue() to make
   it easier to add function return values, for which we can't pass an
   address to addRandomData() unless we copy it to a temporary var first.
   Using the intermediate buffer ensures that we don't have to send a
   message to the device for every bit of data added */

typedef BYTE RANDOM_STATE[ 128 ];

#define addRandomValue( statePtr, value ) \
		addRandomLong( statePtr, ( long ) value )

void initRandomData( void *statePtr, void *buffer, const int maxSize );
int addRandomData( void *statePtr, const void *value,
				   const int valueLength );
int addRandomLong( void *statePtr, const long value );
int endRandomData( void *statePtr, const int quality );

/* MIME header-line parsing routines.  The caller declares a state variable
   of type MIME_STATE, calls initMIMEstate() to initialise it, calls
   addMIMEchar() for each consecutive char to add to the line buffer, and
   finally calls endMIMEstate() to retrive the total character count */

typedef BYTE MIME_STATE[ 128 ];

void initMIMEstate( MIME_STATE *mimeState, const int maxSize );
int addMIMEchar( MIME_STATE *mimeState, char *buffer, int ch );
int endMIMEstate( MIME_STATE *mimeState );

/* When allocating many little blocks of memory, especially in resource-
   constrained systems, it's better if we pre-allocate a small memory pool
   ourselves and grab chunks of it as required, falling back to dynamically
   allocating memory later on if we exhaust the pool.  To use a custom 
   memory pool, the caller declares a state varible of type MEMPOOL_STATE,
   calls initMemPool() to initialise the pool, and then calls getMemPool()
   and freeMemPool() to allocate and free memory blocks */

typedef BYTE MEMPOOL_STATE[ 32 ];

void initMemPool( void *statePtr, void *memPool, const int memPoolSize );
void *getMemPool( void *statePtr, const int size );
void freeMemPool( void *statePtr, void *memblock );

/* base64/SMIME-en/decode routines */

CRYPT_CERTFORMAT_TYPE base64checkHeader( const char *data,
										 const int dataLength, int *startPos );
int base64encodeLen( const int dataLength,
					 const CRYPT_CERTTYPE_TYPE certType );
int base64encode( char *outBuffer, const void *inBuffer, const int count,
				  const CRYPT_CERTTYPE_TYPE certType );
int base64decodeLen( const char *data, const int dataLength );
int base64decode( void *outBuffer, const char *inBuffer, const int count,
				  const CRYPT_CERTFORMAT_TYPE format );

/* User data en/decode routines */

BOOLEAN isPKIUserValue( const char *encVal, const int encValueLength );
int adjustPKIUserValue( BYTE *value, const int noCodeGroups );
int encodePKIUserValue( char *encVal, const BYTE *value,
						const int noCodeGroups );
int decodePKIUserValue( BYTE *value, const char *encVal,
						const int encValueLength );

/* General-purpose enveloping functions, used by various high-level
   protocols */

int envelopeWrap( const void *inData, const int inDataLength, void *outData,
				  int *outDataLength, const int outDataMaxLength,
				  const CRYPT_FORMAT_TYPE formatType,
				  const CRYPT_CONTENT_TYPE contentType,
				  const CRYPT_HANDLE iCryptKey );
int envelopeUnwrap( const void *inData, const int inDataLength,
					void *outData, int *outDataLength,
					const int outDataMaxLength,
					const CRYPT_CONTEXT iDecryptKey );
int envelopeSign( const void *inData, const int inDataLength,
				  void *outData, int *outDataLength,
				  const int outDataMaxLength,
				  const CRYPT_CONTENT_TYPE contentType,
				  const CRYPT_CONTEXT iSigKey,
				  const CRYPT_CERTIFICATE iCmsAttributes );
int envelopeSigCheck( const void *inData, const int inDataLength,
					  void *outData, int *outDataLength,
					  const int outDataMaxLength,
					  const CRYPT_CONTEXT iSigCheckKey,
					  int *sigResult, CRYPT_CERTIFICATE *iSigningCert,
					  CRYPT_CERTIFICATE *iCmsAttributes );

/* Hardware timer read routine used for performance evaluation */

#if defined( __WIN32__ ) && !defined( NDEBUG )

unsigned long getTickCount( unsigned long startTime );

#endif /* __WIN32__ debug build */

/****************************************************************************
*																			*
*								Debugging Functions							*
*																			*
****************************************************************************/

/* When we encounter an internal consistency check failure, we usually want
   to display some sort of message telling the user that something has gone
   catastrophically wrong, however people probably don't want klaxons going
   off when there's a problem in production code so we only enable it in
   debug versions.  The command-line makefiles by default build release
   versions, so in practice the warn-the-user action is only taken under
   Windows unless the user explicitly enables the use of assertions */

#include <assert.h>
#define NOTREACHED	0	/* Force an assertion failure via assert( NOTREACHED ) */

/* The following macro can be used to enable dumping of PDUs to disk.  As a
   safeguard, this only works in the Win32 debug version to prevent it from
   being accidentally enabled in any release version */

#if defined( __WIN32__ ) && !defined( NDEBUG )
  #define DEBUG_DUMP( name, data, length ) \
	{ \
	FILE *filePtr; \
	char fileName[ 1024 ]; \
	\
	GetTempPath( 512, fileName ); \
	strcat( fileName, name ); \
	strcat( fileName, ".der" ); \
	\
	filePtr = fopen( fileName, "wb" ); \
	if( filePtr != NULL ) \
		{ \
		if( length > 0 ) \
			fwrite( data, 1, length, filePtr ); \
		fclose( filePtr ); \
		} \
	}
#else
  #define DEBUG_DUMP( name, data, length )
#endif /* Win32 debug */

/* In order to debug memory usage, we can define CONFIG_DEBUG_MALLOC to dump 
   memory usage diagnostics to stdout (this would usually be done in the
   makefile rather than hardcoding it in here).  Without this, the debug 
   malloc just becomes a standard malloc.  Note that crypt/osconfig.h 
   contains its own debug-malloc() handling for the OpenSSL-derived code 
   enabled via USE_BN_DEBUG_MALLOC in osconfig.h, and zlib also has its own 
   allocation code (which isn't instrumented for diagnostic purposes).
   
   In addition in order to control on-demand allocation of buffers for 
   larger-than-normal data items, we can define CONFIG_NO_DYNALLOC to 
   disable this allocation.  This is useful in memory-constrained 
   environments where we can't afford to grab chunks of memory at random */

#ifdef CONFIG_DEBUG_MALLOC
  #undef clAlloc
  #undef clFree
  #define clAlloc( string, size ) \
		  clAllocFn( __FILE__, ( string ), __LINE__, ( size ) )
  #define clFree( string, memblock ) \
		  clFreeFn( __FILE__, ( string ), __LINE__, ( memblock ) )
  void *clAllocFn( const char *fileName, const char *fnName, 
				   const int lineNo, size_t size );
  void clFreeFn( const char *fileName, const char *fnName, 
				 const int lineNo, void *memblock );
#else
  #define clAlloc( string, size )		malloc( size )
  #define clFree( string, memblock )	free( memblock )
#endif /* !CONFIG_DEBUG_MALLOC */
#ifdef CONFIG_NO_DYNALLOC
  #define clDynAlloc( string, size )	NULL
#else
  #define clDynAlloc( string, size )	clAlloc( string, size )
#endif /* CONFIG_NO_DYNALLOC */
#endif /* _CRYPT_DEFINED */