context.h

cryptlib是功能强大的安全工具集。允许开发人员快速在自己的软件中集成加密和认证服务。

									  const char *accessKey );

	/* State information needed to allow background key generation */
#ifdef USE_THREADS
	THREAD_FUNCTION_PARAMS threadParams;
#endif /* OS's with threads */
	} PKC_INFO;
#endif /* PKC_CONTEXT */

typedef struct {
	/* The current state of the hashing and the result from the last
	   completed hash operation */
	void *hashInfo;					/* Current hash state */
	BYTE hash[ CRYPT_MAX_HASHSIZE ];/* Last hash result */
	} HASH_INFO;

typedef struct {
	/* User keying information.  The user key is the unprocessed key as
	   entered by the user rather than the key in the form used by the
	   algorithm.  We keep a copy of the unprocessed key because we usually 
	   need to wrap it up in a KEK at some point after it's loaded */
	BYTE userKey[ CRYPT_MAX_KEYSIZE ];	/* User MAC key */
	int userKeyLength;

	/* The current state of the MAC'ing and the result from the last
	   completed MAC operation */
	void *macInfo;					/* Current MAC state */
	BYTE mac[ CRYPT_MAX_HASHSIZE ];	/* Last MAC result */

	/* Information required when a key suitable for use by this algorithm
	   is derived from a longer user key */
	BYTE salt[ CRYPT_MAX_HASHSIZE ];/* Salt */
	int saltLength;
	int keySetupIterations;			/* Number of times setup was iterated */
	CRYPT_ALGO_TYPE keySetupAlgorithm; /* Algorithm used for key setup */
	} MAC_INFO;

/* Defines to make access to the union fields less messy */

#define ctxConv		keyingInfo.convInfo
#define ctxPKC		keyingInfo.pkcInfo
#define ctxHash		keyingInfo.hashInfo
#define ctxMAC		keyingInfo.macInfo

/* An encryption context */

typedef struct CI {
	/* Control and status information */
	CONTEXT_TYPE type;				/* The context type */
	const CAPABILITY_INFO *capabilityInfo;	/* Encryption capability info */
	int flags;						/* Context information flags */

	/* Context type-specific information */
	union {
		CONV_INFO *convInfo;
#ifdef PKC_CONTEXT
		PKC_INFO *pkcInfo;
#endif /* PKC_CONTEXT */
		HASH_INFO *hashInfo;
		MAC_INFO *macInfo;
		} keyingInfo;

#ifdef USE_DEVICES
	/* If implemented using a crypto device, the object information is
	   usually stored inside the device.  The following value contains the
	   reference to the crypto object inside the device.  In addition some
	   objects (specifically, DH) that aren't really public- or private-key
	   objects but a mixture of both require a second handle to the other 
	   part of the object in the device */
	long deviceObject, altDeviceObject;
#endif /* USE_DEVICES */

	/* The label for this object, typically used to identify stored keys */
	char label[ CRYPT_MAX_TEXTSIZE ];/* Text string identifying key */
	int labelSize;

#ifdef USE_THREADS
	/* Whether the context is being used for an asynchronous operation such
	   as key generation, and whether to abort the asynchronous operation.
	   If the overall object status (maintained by the kernel) is set to
	   CRYPT_ERROR_TIMEOUT, any attempt to access it will return
	   CRYPT_ERROR_TIMEOUT.  In the flags field the CONTEXT_ASYNC_ABORT flag
	   is used by cryptAsyncAbort() to signal to the async operation that it
	   should finish processing and clean up.  The CONTEXT_ASYNC_DONE flag
	   is used to indicate that the async operation has completed, so that
	   further status change operations have no effect.  The asyncStatus
	   records the result of the operation, which is returned from
	   cryptAsyncQuery() */
	int asyncStatus;				/* Exit status of the async operation */
#endif /* USE_THREADS */

	/* Pointers to context access methods.  These are somewhat higher-level
	   than the capability info methods and apply to entire classes of
	   context rather than at a per-algorithm level */
	int ( *loadKeyFunction )( struct CI *contextInfoPtr, const void *key,
							  const int keyLength );
	int ( *generateKeyFunction )( struct CI *contextInfoPtr,
								  const BOOLEAN isAsync );
	int ( *encryptFunction )( struct CI *contextInfoPtr, BYTE *buffer,
							  int length );
	int ( *decryptFunction )( struct CI *contextInfoPtr, BYTE *buffer,
							  int length );

	/* Error information */
	CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
	CRYPT_ERRTYPE_TYPE errorType;	/* Error type */

	/* The object's handle and the handle of the user who owns this object.
	   The former is used when sending messages to the object when only the
	   xxx_INFO is available, the latter is used to avoid having to fetch the
	   same information from the system object table */
	CRYPT_HANDLE objectHandle;
	CRYPT_USER ownerHandle;

	/* Variable-length storage for the type-specific data */
	DECLARE_VARSTRUCT_VARS;
	} CONTEXT_INFO;

/* Symbolic defines for the various PKC components for different PKC
   algorithms.  All of the DLP algorithms actually use the same parameters,
   so we define generic DLP names for them */

#define dlpParam_p			param1
#define dlpParam_g			param2
#define dlpParam_q			param3
#define dlpParam_y			param4
#define dlpParam_x			param5
#define dlpTmp1				param6
#define dlpTmp2				param7
#define dlpTmp3				param8		/* More temp.values for DLP PKCs */
#define dhParam_yPrime		param8		/* Special value for DH */
#define dlpParam_mont_p		montCTX1

#define rsaParam_n			param1
#define rsaParam_e			param2
#define rsaParam_d			param3
#define rsaParam_p			param4
#define rsaParam_q			param5
#define rsaParam_u			param6
#define rsaParam_exponent1	param7
#define rsaParam_exponent2	param8
#define rsaParam_blind_k	blind1
#define rsaParam_blind_kInv	blind2
#define rsaParam_mont_n		montCTX1
#define rsaParam_mont_p		montCTX2
#define rsaParam_mont_q		montCTX3

/* Because there's no really clean way to throw an exception in C and the
   bnlib routines don't carry around state information like cryptlib objects
   do, we need to perform an error check for most of the routines we call.
   To make this slightly less ugly we define the following macro that
   performs the check for us by updating a variable called `bnStatus' with
   the result of a bnlib call, which returns 1 for OK and 0 for error.
   Annoyingly, this interface isn't quite consistent and some calls return
   pointers rather than integer values, so we define a second macro that
   checks for pointer values rather than integers */

#define CK( x )				bnStatus &= x
#define CKPTR( x )			bnStatus &= ( ( x ) == NULL ? 0 : 1 )
#define BN_STATUS			1
#define bnStatusOK( x )		bnStatus
#define bnStatusError( x )	( !bnStatus )
#define getBnStatus( x )	( bnStatus ? CRYPT_OK : CRYPT_ERROR_FAILED )

/****************************************************************************
*																			*
*								Internal API Functions						*
*																			*
****************************************************************************/

/* Determine whether a context needs to have a key loaded */

#define needsKey( contextInfoPtr ) \
		!( ( contextInfoPtr )->flags & CONTEXT_KEY_SET )

/* Low-level capability checking and context-creation functions used when
   creating a context in a device */

int checkCapability( const CAPABILITY_INFO FAR_BSS *capabilityInfoPtr );
int createContextFromCapability( CRYPT_CONTEXT *cryptContext,
						const CRYPT_USER cryptOwner,
						const CAPABILITY_INFO FAR_BSS *capabilityInfoPtr,
						const int objectFlags );

/* Statically init/destroy a context for the self-check */

void staticInitContext( CONTEXT_INFO *contextInfoPtr, 
						const CONTEXT_TYPE type, 
						const CAPABILITY_INFO *capabilityInfoPtr,
						void *contextData, const int contextDataSize,
						void *keyData );
void staticDestroyContext( CONTEXT_INFO *contextInfoPtr );

/* Shared functions.  These are used for all native contexts and also by 
   some device types */

int initKeyParams( CONTEXT_INFO *contextInfoPtr, const void *iv,
				   const int ivLength, const CRYPT_MODE_TYPE mode );

/* Key-generation and related routines */

#ifdef PKC_CONTEXT

int initDLPkey( CONTEXT_INFO *contextInfoPtr, const BOOLEAN isDH );
int checkDLPkey( const CONTEXT_INFO *contextInfoPtr, const BOOLEAN isPKCS3 );
int generateDLPkey( CONTEXT_INFO *contextInfoPtr, const int keyBits,
					const int qBits, const BOOLEAN generateDomainParameters );
int initCheckRSAkey( CONTEXT_INFO *contextInfoPtr );
int generateRSAkey( CONTEXT_INFO *contextInfoPtr, const int keySizeBits );
int generateBignum( BIGNUM *bn, const int noBits, const BYTE high,
					const BYTE low );
int calculateKeyID( CONTEXT_INFO *contextInfoPtr );
int encodeDLValues( BYTE *buffer, const int bufSize, BIGNUM *value1,
					BIGNUM *value2, const CRYPT_FORMAT_TYPE formatType );
int decodeDLValues( const BYTE *buffer, const int bufSize, BIGNUM **value1,
					BIGNUM **value2, const CRYPT_FORMAT_TYPE formatType );
int keygenCallback( void *callbackArg );

#endif /* PKC_CONTEXT */

/* Key read/write routines */

void initKeyRead( CONTEXT_INFO *contextInfoPtr );
void initKeyWrite( CONTEXT_INFO *contextInfoPtr );

#endif /* _CRYPTCTX_DEFINED */