context.h

cryptlib是功能强大的安全工具集。允许开发人员快速在自己的软件中集成加密和认证服务。

/****************************************************************************
*																			*
*					  cryptlib Encryption Context Header File 				*
*						Copyright Peter Gutmann 1992-2005					*
*																			*
****************************************************************************/

#ifndef _CRYPTCTX_DEFINED

#define _CRYPTCTX_DEFINED

/* Various include files needed by contexts.  Since the bignum and stream
   headers are only needed by PKC contexts, we only apply them in modules 
   that use PKC contexts */

#ifdef PKC_CONTEXT
  #ifndef _STREAM_DEFINED
	#if defined( INC_ALL )
	  #include "stream.h"
	#elif defined( INC_CHILD )
	  #include "../io/stream.h"
	#else
	  #include "io/stream.h"
	#endif /* Compiler-specific includes */
  #endif /* _STREAM_DEFINED */
  #ifndef BN_H
	#if defined( INC_ALL )
	  #include "bn.h"
	#elif defined( INC_CHILD )
	  #include "../bn/bn.h"
	#else
	  #include "bn/bn.h"
	#endif /* Compiler-specific includes */
  #endif /* BN_H */
#endif /* Extra eaders needed only for PKC contexts */
#ifndef _CRYPTCAP_DEFINED
  #if defined( INC_ALL )
	#include "capabil.h"
  #elif defined( INC_CHILD )
	#include "../device/capabil.h"
  #else
	#include "device/capabil.h"
  #endif /* Compiler-specific includes */
#endif /* _CRYPTCAP_DEFINED */

/* Context information flags.  Most of these flags are context-type-specific,
   and are only used with some context types:

	CONTEXT_KEY_SET: The key has been initialised.

	CONTEXT_IV_SET: The IV has been set.

	CONTEXT_ISPUBLICKEY: The key is a public or private key.
	CONTEXT_ISPRIVATEKEY:

	CONTEXT_DUMMY: The context is a dummy context with actions handled 
			through an external crypto device.  When a device context is
			created, it usually isn't instantiated at the device level until 
			the key (and possibly other parameters) are available because
			most devices use an atomic created-initialised-context operation
			rather than allowing incremental parameter setting like cryptlib
			does.  To handle this, we first create a dummy context and then
			fill in the details on demand.

	CONTEXT_DUMMY_INITED: The dummy context has been initialised.  Since
			the context isn't instantiated until required, this flag is 
			needed to keep track of whether any cached parameters retained 
			from the dummy state need to be set when the context is used.

	CONTEXT_EPHEMERAL: The context is ephemeral rather than a long-term
			context backed by a keyset or crypto device.

	CONTEXT_SIDECHANNELPROTECTION: The context has side-channel protection
			(additional checking for crypto operations, blinding, and so
			on) enabled.

	CONTEXT_HASH_INITED: The hash parameters have been inited.

	CONTEXT_HASH_DONE: The hash operation is complete, no further hashing
			can be done 

	CONTEXT_ASYNC_ABORT: Asynchronous operation state management flags
	CONTEXT_ASYNC_DONE: */

#define CONTEXT_KEY_SET			0x0001	/* Key has been set */
#define CONTEXT_IV_SET			0x0002	/* IV has been set */
#define CONTEXT_ISPUBLICKEY		0x0004	/* Key is a public key */
#define CONTEXT_ISPRIVATEKEY	0x0008	/* Key is a private key */
#define CONTEXT_DUMMY			0x0010	/* Context actions handled externally */
#define CONTEXT_DUMMY_INITED	0x0020	/* Dummy context is inited */
#define CONTEXT_EPHEMERAL		0x0040	/* Context is ephemeral */
#define CONTEXT_SIDECHANNELPROTECTION \
								0x0080	/* Enabled side-channel prot.in ops */
#define CONTEXT_HASH_INITED		0x0100	/* Hash parameters have been inited */
#define CONTEXT_HASH_DONE		0x0200	/* Hash operation is complete */
#define CONTEXT_ASYNC_ABORT		0x0400	/* Whether to abort async op.*/
#define CONTEXT_ASYNC_DONE		0x0800	/* Async operation is complete */

/****************************************************************************
*																			*
*								Data Structures								*
*																			*
****************************************************************************/

/* The internal fields in a context that hold data for a conventional,
   public-key, hash, or MAC algorithm.  CONTEXT_CONV and CONTEXT_MAC
   should be allocated in pagelocked memory since they contain the sensitive
   userKey data */

typedef enum { 
	CONTEXT_NONE,					/* No context type */
	CONTEXT_CONV,					/* Conventional encryption context */
	CONTEXT_PKC,					/* PKC context */
	CONTEXT_HASH,					/* Hash context */
	CONTEXT_MAC,					/* MAC context */
	CONTEXT_LAST					/* Last valid context type */
	} CONTEXT_TYPE;

#define needsSecureMemory( contextType ) \
		( contextType == CONTEXT_CONV || contextType == CONTEXT_MAC )

typedef struct {
	/* General algorithm information */
	CRYPT_MODE_TYPE mode;			/* Encryption mode being used */

	/* User keying information.  The user key is the unprocessed key as
	   entered by the user (rather than the key in the form used by the
	   algorithm), the IV is the initial IV.  We keep a copy of the
	   unprocessed key because we usually need to wrap it up in a KEK
	   at some point after it's loaded */
	BYTE userKey[ CRYPT_MAX_KEYSIZE ];		/* User encryption key */
	BYTE iv[ CRYPT_MAX_IVSIZE ];	/* Initial IV */
	int userKeyLength, ivLength;

	/* Conventional encryption keying information.  The key is the processed
	   encryption key stored in whatever form is required by the algorithm,
	   usually the key-scheduled user key.  The IV is the current working IV.
	   The ivCount is the number of bytes of IV that have been used, and is
	   used when a block cipher is used as a stream cipher */
	void *key;						/* Internal working key */
	BYTE currentIV[ CRYPT_MAX_IVSIZE ];	/* Internal working IV */
	int ivCount;					/* Internal IV count for chaining modes */

	/* Information required when a key suitable for use by this algorithm
	   is derived from a longer user key */
	BYTE salt[ CRYPT_MAX_HASHSIZE ];/* Salt */
	int saltLength;
	int keySetupIterations;			/* Number of times setup was iterated */
	CRYPT_ALGO_TYPE keySetupAlgorithm; /* Algorithm used for key setup */
	} CONV_INFO;

#ifdef PKC_CONTEXT

typedef struct {
	/* General information on the key: The nominal key size in bits, the key
	   IDs, and key-related meta-info.  Since the OpenPGP key ID can't be
	   calculated directly like the other IDs, we have to keep track of
	   whether it's been set or not with a flag */
	int keySizeBits;				/* Nominal key size in bits */
	BYTE keyID[ KEYID_SIZE ];		/* Key ID for this key */
	BYTE pgpKeyID[ PGP_KEYID_SIZE ];/* PGP key ID for this key */
	BYTE openPgpKeyID[ PGP_KEYID_SIZE ];/* OpenPGP key ID for this key */
	BOOLEAN openPgpKeyIDSet;		/* Whether the OpenPGP key ID has been set */
	time_t pgpCreationTime;			/* Key creation time (for OpenPGP ID) */

	/* Public-key encryption keying information.  Since each algorithm has
	   its own unique parameters, the bignums are given generic names here.
	   The algorithm-specific code refers to them by their actual names,
	   which are implemented as symbolic defines of the form
	   <algo>Param_<param_name>, e.g.rsaParam_e */
	BIGNUM param1;
	BIGNUM param2;
	BIGNUM param3;
	BIGNUM param4;
	BIGNUM param5;
	BIGNUM param6;
	BIGNUM param7;
	BIGNUM param8;					/* The PKC key components */
	BN_MONT_CTX montCTX1;
	BN_MONT_CTX montCTX2;
	BN_MONT_CTX montCTX3;			/* Precomputed Montgomery values */

	/* Temporary workspace values used to avoid having to allocate and
	   deallocate them on each PKC operation, and to keep better control
	   over the data in them.  DLP operations that require extensive
	   temporary vars also reuse the last three general-purpose bignums
	   above, since they're not used for keying material */
	BIGNUM tmp1, tmp2, tmp3;
/*	BN_CTX bnCTX;					// Temporary workspace */
	BN_CTX *bnCTX;
	#define CONTEXT_PBO	0x08

	/* If we're using side-channel protection, we also need to store values
	   used to perform extra operations that eliminate timing channels */
	BIGNUM blind1, blind2;

	/* If the context is tied to a device the keying info won't be available,
	   however we generally need the public key information for use in cert
	   requests and whatnot so we save a copy as SubjectPublicKeyInfo when
	   the key is loaded/generated */
	void *publicKeyInfo;			/* X.509 SubjectPublicKeyInfo */
	int publicKeyInfoSize;			/* Key info size */

#ifdef USE_KEA
	/* For key agreement keys, we also store domain parameters (which
	   identify the domain of the originator and recipient keys) and the
	   public value used in the key agreement process.  These are just
	   pointers to the encoded data in the publicKeyInfo */
	void *domainParamPtr;			/* Domain parameters within publicKeyInfo */
	int domainParamSize;
	void *publicValuePtr;			/* Public value within publicKeyInfo */
	int publicValueSize;
#endif /* USE_KEA */

	/* Pointers to functions to public-key context access methods.  The
	   functions to read and write public and private keys are kept distinct
	   to enforce red/black separation */
	int ( *readPublicKeyFunction )( STREAM *stream, struct CI *contextInfoPtr,
									const KEYFORMAT_TYPE formatType );
	int ( *readPrivateKeyFunction )( STREAM *stream, struct CI *contextInfoPtr,
									 const KEYFORMAT_TYPE formatType );
	int ( *writePublicKeyFunction )( STREAM *stream,
									 const struct CI *contextInfoPtr,
									 const KEYFORMAT_TYPE formatType,
									 const char *accessKey );
	int ( *writePrivateKeyFunction )( STREAM *stream,
									  const struct CI *contextInfoPtr,
									  const KEYFORMAT_TYPE formatType,