context.h

老外写的加密库cryptlib(版本3.1)

/****************************************************************************
*																			*
*					  cryptlib Encryption Context Header File 				*
*						Copyright Peter Gutmann 1992-2003					*
*																			*
****************************************************************************/

#ifndef _CRYPTCTX_DEFINED

#define _CRYPTCTX_DEFINED

/* Various include files needed by contexts */

#ifndef _STREAM_DEFINED
  #if defined( INC_ALL ) || defined( INC_CHILD )
	#include "stream.h"
  #else
	#include "misc/stream.h"
  #endif /* Compiler-specific includes */
#endif /* _STREAM_DEFINED */
#ifndef BN_H
  #if defined( INC_ALL )
	#include "bn.h"
  #elif defined( INC_CHILD )
	#include "../bn/bn.h"
  #else
	#include "bn/bn.h"
  #endif /* Compiler-specific includes */
#endif /* BN_H */
#ifndef _CRYPTCAP_DEFINED
  #if defined( INC_ALL )
	#include "capabil.h"
  #elif defined( INC_CHILD )
	#include "../device/capabil.h"
  #else
	#include "device/capabil.h"
  #endif /* Compiler-specific includes */
#endif /* _CRYPTCAP_DEFINED */

/* We need to include the following because the encryption context stores
   validity information for private keys */

#include <time.h>

/* Context information flags.  Most of these flags are context-type-specific,
   and are only used with some context types */

#define CONTEXT_KEY_SET			0x0001	/* Key has been set */
#define CONTEXT_KEYINFO_INITED	0x0002	/* Algo-specific keying info is inited */
#define CONTEXT_IV_SET			0x0004	/* IV has been set */
#define CONTEXT_ISPUBLICKEY		0x0008	/* Key is a public key */
#define CONTEXT_ISPRIVATEKEY	0x0010	/* Key is a private key */
#define CONTEXT_DUMMY			0x0020	/* Context actions handled externally */
#define CONTEXT_EPHEMERAL		0x0040	/* Context is ephemeral */
#define CONTEXT_SIDECHANNELPROTECTION \
								0x0080	/* Enabled side-channel prot.in ops */
#define CONTEXT_HASH_INITED		0x0100	/* Hash parameters have been inited */
#define CONTEXT_HASH_DONE		0x0200	/* Hash operation is complete */
#define CONTEXT_ASYNC_ABORT		0x0400	/* Whether to abort async op.*/
#define CONTEXT_ASYNC_DONE		0x0800	/* Async operation is complete */

/****************************************************************************
*																			*
*								Data Structures								*
*																			*
****************************************************************************/

/* The internal fields in a context that hold data for a conventional,
   public-key, hash, or MAC algorithm.  CONTEXT_CONV and CONTEXT_MAC
   should be allocated in pagelocked memory since they contain the sensitive
   userKey data */

typedef enum { CONTEXT_NONE, CONTEXT_CONV, CONTEXT_PKC, CONTEXT_HASH,
			   CONTEXT_MAC } CONTEXT_TYPE;

#define needsSecureMemory( contextType ) \
		( contextType == CONTEXT_CONV || contextType == CONTEXT_MAC )

typedef struct {
	/* General algorithm information */
	CRYPT_MODE_TYPE mode;			/* Encryption mode being used */

	/* User keying information.  The user key is the unprocessed key as
	   entered by the user (rather than the key in the form used by the
	   algorithm), the IV is the initial IV.  We keep a copy of the
	   unprocessed key because we usually need to wrap it up in a KEK
	   at some point after it's loaded */
	BYTE userKey[ CRYPT_MAX_KEYSIZE ];		/* User encryption key */
	BYTE iv[ CRYPT_MAX_IVSIZE ];	/* Initial IV */
	int userKeyLength, ivLength;

	/* Conventional encryption keying information.  The key is the processed
	   encryption key stored in whatever form is required by the algorithm,
	   usually the key-scheduled user key.  The IV is the current working IV.
	   The ivCount is the number of bytes of IV that have been used, and is
	   used when a block cipher is used as a stream cipher */
	void *key;						/* Internal working key */
	BYTE currentIV[ CRYPT_MAX_IVSIZE ];	/* Internal working IV */
	int ivCount;					/* Internal IV count for chaining modes */

	/* Information required when a key suitable for use by this algorithm
	   is derived from a longer user key */
	BYTE salt[ CRYPT_MAX_HASHSIZE ];/* Salt */
	int saltLength;
	int keySetupIterations;			/* Number of times setup was iterated */
	CRYPT_ALGO_TYPE keySetupAlgorithm; /* Algorithm used for key setup */
	} CONV_INFO;

typedef struct {
	/* General information on the key: The nominal key size in bits, the key
	   IDs, and key-related meta-info.  Since the OpenPGP key ID can't be
	   calculated directly like the other IDs, we have to keep track of
	   whether it's been set or not with a flag */
	int keySizeBits;				/* Nominal key size in bits */
	BYTE keyID[ KEYID_SIZE ];		/* Key ID for this key */
	BYTE pgpKeyID[ PGP_KEYID_SIZE ];/* PGP key ID for this key */
	BYTE openPgpKeyID[ PGP_KEYID_SIZE ];/* OpenPGP key ID for this key */
	BOOLEAN openPgpKeyIDSet;		/* Whether the OpenPGP key ID has been set */
	time_t pgpCreationTime;			/* Key creation time (for OpenPGP ID) */

	/* Public-key encryption keying information.  Since each algorithm has
	   its own unique parameters, the bignums are given generic names here.
	   The algorithm-specific code refers to them by their actual names,
	   which are implemented as symbolic defines of the form
	   <algo>Param_<param_name>, e.g.rsaParam_e */
	BIGNUM param1;
	BIGNUM param2;
	BIGNUM param3;
	BIGNUM param4;
	BIGNUM param5;
	BIGNUM param6;
	BIGNUM param7;
	BIGNUM param8;					/* The PKC key components */
	BN_MONT_CTX montCTX1;
	BN_MONT_CTX montCTX2;
	BN_MONT_CTX montCTX3;			/* Precomputed Montgomery values */

	/* Temporary workspace values used to avoid having to allocate and
	   deallocate them on each PKC operation, and to keep better control
	   over the data in them.  DLP operations that require extensive
	   temporary vars also reuse the last three general-purpose bignums
	   above, since they're not used for keying material */
	BIGNUM tmp1, tmp2, tmp3;
	BN_CTX bnCTX;					/* Temporary workspace */
	#define CONTEXT_PBO	0x10

	/* If we're using side-channel protection, we also need to store values
	   used to perform extra operations that eliminate timing channels */
	BIGNUM blind1, blind2;

	/* If the context is tied to a device the keying info won't be available,
	   however we generally need the public key information for use in cert
	   requests and whatnot so we save a copy as SubjectPublicKeyInfo when
	   the key is loaded/generated */
	void *publicKeyInfo;			/* X.509 SubjectPublicKeyInfo */
	int publicKeyInfoSize;			/* Key info size */

#ifdef USE_KEA
	/* For key agreement keys, we also store domain parameters (which
	   identify the domain of the originator and recipient keys) and the
	   public value used in the key agreement process.  These are just
	   pointers to the encoded data in the publicKeyInfo */
	void *domainParamPtr;			/* Domain parameters within publicKeyInfo */
	int domainParamSize;
	void *publicValuePtr;			/* Public value within publicKeyInfo */
	int publicValueSize;
#endif /* USE_KEA */

	/* Pointers to functions to public-key context access methods.  The
	   functions to read and write public and private keys are kept distinct
	   to enforce red/black separation */
	int ( *readPublicKeyFunction )( STREAM *stream, struct CI *contextInfoPtr,
									const KEYFORMAT_TYPE formatType );
	int ( *readPrivateKeyFunction )( STREAM *stream, struct CI *contextInfoPtr,
									 const KEYFORMAT_TYPE formatType );
	int ( *writePublicKeyFunction )( STREAM *stream,
									 const struct CI *contextInfoPtr,
									 const KEYFORMAT_TYPE formatType,
									 const char *accessKey );
	int ( *writePrivateKeyFunction )( STREAM *stream,
									  const struct CI *contextInfoPtr,
									  const KEYFORMAT_TYPE formatType,
									  const char *accessKey );
	} PKC_INFO;

typedef struct {
	/* The current state of the hashing and the result from the last
	   completed hash operation */
	void *hashInfo;					/* Current hash state */
	BYTE hash[ CRYPT_MAX_HASHSIZE ];/* Last hash result */