keyset.h

cryptlib是功能强大的安全工具集。允许开发人员快速在自己的软件中集成加密和认证服务。

	int ( *performQueryBackend )( void *dbmsStateInfo, const char *command,
								  char *data, int *dataLength, 
								  const char *boundData, 
								  const int boundDataLength, 
								  const time_t boundDate,
								  const DBMS_CACHEDQUERY_TYPE queryEntry,
								  const DBMS_QUERY_TYPE queryType );
	void ( *performErrorQueryBackend )( void *dbmsStateInfo, int *errorCode,
										char *errorMessage );
#endif /* !USE_RPCAPI */
	void *stateInfo;

	/* Database back-end access functions.  These use the dispatch function/
	   function pointers above to communicate with the back-end */
	int ( *openDatabaseFunction )( struct DI *dbmsInfo, const char *name,
								   const int options, int *featureFlags );
	void ( *closeDatabaseFunction )( struct DI *dbmsInfo );
	int ( *performUpdateFunction )( struct DI *dbmsInfo, const char *command,
									const void *boundData, 
									const int boundDataLength,
									const time_t boundDate,
									const DBMS_UPDATE_TYPE updateType );
	int ( *performStaticUpdateFunction )( struct DI *dbmsInfo, 
										  const char *command );
	int ( *performQueryFunction )( struct DI *dbmsInfo, const char *command,
								   char *data, int *dataLength, 
								   const char *queryData,
								   const int queryDataLength, 
								   const time_t queryDate,
								   const DBMS_CACHEDQUERY_TYPE queryEntry, 
								   const DBMS_QUERY_TYPE queryType );
	int ( *performStaticQueryFunction )( struct DI *dbmsInfo, 
										 const char *command,
										 const DBMS_CACHEDQUERY_TYPE queryEntry, 
										 const DBMS_QUERY_TYPE queryType );

	/* Pointers to database-specific keyset access methods */
	int ( *certMgmtFunction )( struct KI *keysetInfo, 
							   CRYPT_CERTIFICATE *iCryptCert,
							   const CRYPT_CERTIFICATE caKey,
							   const CRYPT_CERTIFICATE request,
							   const CRYPT_CERTACTION_TYPE action );

	/* Last-error information returned from lower-level code */
	int errorCode;
	char errorMessage[ MAX_ERRMSG_SIZE ];
	} DBMS_INFO;

typedef struct {
	/* The I/O stream */
	STREAM stream;					/* I/O stream for HTTP read */

	/* An HTTP fetch differs from the other types of read in that it can
	   return data in multiple chunks depending on how much comes over the
	   net at once.  Because of this we need to track what's come in, and
	   also allocate more buffer space on demand if required.  The following
	   variables handle the on-demand re-allocation of buffer space */
	int bufPos;						/* Current position in buffer */

	/* Last-error information returned from lower-level code */
	int errorCode;
	char errorMessage[ MAX_ERRMSG_SIZE ];
	} HTTP_INFO;

typedef struct {
	/* LDAP status information */
	BOOLEAN queryInProgress;		/* Whether ongoing query is in progress */

	/* LDAP access information */
	void *ld;						/* LDAP connection information */
	void *result;					/* State information for ongoing queries */

	/* The names of the object class and various attributes.  These are
	   stored as part of the keyset context since they may be user-defined */
	char nameObjectClass[ CRYPT_MAX_TEXTSIZE + 1 ];	/* Name of object class */
	char nameFilter[ CRYPT_MAX_TEXTSIZE + 1 ];	/* Name of query filter */
	char nameCACert[ CRYPT_MAX_TEXTSIZE + 1 ];	/* Name of CA cert attribute */
	char nameCert[ CRYPT_MAX_TEXTSIZE + 1 ];	/* Name of cert attribute */
	char nameCRL[ CRYPT_MAX_TEXTSIZE + 1 ];		/* Name of CRL attribute */
	char nameEmail[ CRYPT_MAX_TEXTSIZE + 1 ];	/* Name of email addr.attr.*/
	CRYPT_CERTTYPE_TYPE objectType;				/* Preferred obj.type to fetch */

	/* When storing a cert we need the certificate DN, email address,
	   and cert expiry date */
	char C[ CRYPT_MAX_TEXTSIZE + 1 ], SP[ CRYPT_MAX_TEXTSIZE + 1 ],
		L[ CRYPT_MAX_TEXTSIZE + 1 ], O[ CRYPT_MAX_TEXTSIZE + 1 ],
		OU[ CRYPT_MAX_TEXTSIZE + 1 ], CN[ CRYPT_MAX_TEXTSIZE + 1 ];
	char email[ CRYPT_MAX_TEXTSIZE + 1 ];
	time_t date;

	/* Last-error information returned from lower-level code */
	int errorCode;
	char errorMessage[ MAX_ERRMSG_SIZE ];
	} LDAP_INFO;

/* Defines to make access to the union fields less messy */

#define keysetFile		keysetInfo.fileInfo
#define keysetDBMS		keysetInfo.dbmsInfo
#define keysetHTTP		keysetInfo.httpInfo
#define keysetLDAP		keysetInfo.ldapInfo

/* The structure that stores information on a keyset */

typedef struct KI {
	/* General keyset information */
	KEYSET_TYPE type;				/* Keyset type (native, PGP, X.509, etc) */
	KEYSET_SUBTYPE subType;			/* Keyset subtype (public, private, etc) */
	CRYPT_KEYOPT_TYPE options;		/* Keyset options */
	int flags;						/* Keyset information flags */

	/* Keyset type-specific information */
	union {
		FILE_INFO *fileInfo;
		DBMS_INFO *dbmsInfo;
		HTTP_INFO *httpInfo;
		LDAP_INFO *ldapInfo;
		} keysetInfo;

	/* Pointers to keyset access methods */
	int ( *initFunction )( struct KI *keysetInfo, const char *name,
						   const CRYPT_KEYOPT_TYPE options );
	void ( *shutdownFunction )( struct KI *keysetInfo );
	int ( *getAttributeFunction )( struct KI *keysetInfo, void *data,
								   const CRYPT_ATTRIBUTE_TYPE type );
	int ( *setAttributeFunction )( struct KI *keysetInfo, const void *data,
								   const CRYPT_ATTRIBUTE_TYPE type );
	int ( *getItemFunction )( struct KI *keysetInfo,
							  CRYPT_HANDLE *iCryptHandle,
							  const KEYMGMT_ITEM_TYPE itemType,
							  const CRYPT_KEYID_TYPE keyIDtype,
							  const void *keyID,  const int keyIDlength,
							  void *auxInfo, int *auxInfoLength,
							  const int flags );
	int ( *setItemFunction )( struct KI *deviceInfo,
							  const CRYPT_HANDLE iCryptHandle,
							  const KEYMGMT_ITEM_TYPE itemType,
							  const char *password, const int passwordLength,
							  const int flags );
	int ( *deleteItemFunction )( struct KI *keysetInfo,
								 const KEYMGMT_ITEM_TYPE itemType,
								 const CRYPT_KEYID_TYPE keyIDtype,
								 const void *keyID, const int keyIDlength );
	int ( *getFirstItemFunction )( struct KI *keysetInfo,
								   CRYPT_CERTIFICATE *iCertificate,
								   int *stateInfo,
								   const CRYPT_KEYID_TYPE keyIDtype,
								   const void *keyID, const int keyIDlength,
								   const KEYMGMT_ITEM_TYPE itemType,
								   const int options );
	int ( *getNextItemFunction )( struct KI *keysetInfo,
								  CRYPT_CERTIFICATE *iCertificate,
								  int *stateInfo, const int options );
	BOOLEAN ( *isBusyFunction )( struct KI *keysetInfo );

	/* Some keysets require keyset-type-specific data storage, which is
	   managed via the following variables */
	void *keyData;					/* Keyset data buffer */
	int keyDataSize;				/* Buffer size */

	/* Error information */
	CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
	CRYPT_ERRTYPE_TYPE errorType;	/* Error type */

	/* The object's handle and the handle of the user who owns this object.
	   The former is used when sending messages to the object when only the
	   xxx_INFO is available, the latter is used to avoid having to fetch the
	   same information from the system object table */
	CRYPT_HANDLE objectHandle;
	CRYPT_USER ownerHandle;

	/* Variable-length storage for the type-specific data */
	DECLARE_VARSTRUCT_VARS;
	} KEYSET_INFO;

/****************************************************************************
*																			*
*								Keyset Functions							*
*																			*
****************************************************************************/

/* Prototypes for various utility functions in cryptdbx.c.  retExt() returns 
   after setting extended error information for the keyset.  We use a macro 
   to make it match the standard return statement, the slightly unusual form 
   is required to handle the fact that the helper function is a varargs
   function */

int retExtFnKeyset( KEYSET_INFO *keysetInfoPtr, const int status, 
					const char *format, ... ) PRINTF_FN;
#define retExt	return retExtFnKeyset

/* Prototypes for keyset mapping functions */

#ifdef USE_ODBC
  int dbxInitODBC( void );
  void dbxEndODBC( void );
#else
  #define dbxInitODBC()						CRYPT_OK
  #define dbxEndODBC()
#endif /* USE_ODBC */
#ifdef USE_DBMS
  int setAccessMethodDBMS( KEYSET_INFO *keysetInfo,
						   const CRYPT_KEYSET_TYPE type );
#else
  #define setAccessMethodDBMS( x, y )		CRYPT_ARGERROR_NUM1
#endif /* USE_DBMS */
#ifdef USE_HTTP
  int setAccessMethodHTTP( KEYSET_INFO *keysetInfo );
#else
  #define setAccessMethodHTTP( x )			CRYPT_ARGERROR_NUM1
#endif /* USE_HTTP */
#ifdef USE_LDAP
  int dbxInitLDAP( void );
  void dbxEndLDAP( void );
  int setAccessMethodLDAP( KEYSET_INFO *keysetInfo );
#else
  #define dbxInitLDAP()						CRYPT_OK
  #define dbxEndLDAP()
  #define setAccessMethodLDAP( x )			CRYPT_ARGERROR_NUM1
#endif /* USE_LDAP */
#ifdef USE_PGPKEYS
  int setAccessMethodPGPPublic( KEYSET_INFO *keysetInfo );
  int setAccessMethodPGPPrivate( KEYSET_INFO *keysetInfo );
#else
  #define setAccessMethodPGPPublic( x )		CRYPT_ARGERROR_NUM1
  #define setAccessMethodPGPPrivate( x )	CRYPT_ARGERROR_NUM1
#endif /* USE_PGPKEYS */
#ifdef USE_PKCS12
  int setAccessMethodPKCS12( KEYSET_INFO *keysetInfo );
#else
  #define setAccessMethodPKCS12( x )		CRYPT_ARGERROR_NUM1
#endif /* PKCS #12 */
#ifdef USE_PKCS15
  int setAccessMethodPKCS15( KEYSET_INFO *keysetInfo );
#else
  #define setAccessMethodPKCS15( x )		CRYPT_ARGERROR_NUM1
#endif /* PKCS #15 */
#ifdef USE_PKCS12
  #define isWriteableFileKeyset( type ) \
		  ( ( type ) == KEYSET_SUBTYPE_PKCS12 || \
			( type ) == KEYSET_SUBTYPE_PKCS15 )
#else
  #define isWriteableFileKeyset( type ) \
		  ( ( type ) == KEYSET_SUBTYPE_PKCS15 )
#endif /* Writeable keyset subtypes */
#endif /* _KEYSET_DEFINED */