📄 rfc2628.txt
字号:
Security issues are addressed throughout this memo.6. References [Schneier] Bruce Schneier, Applied Cryptography - Protocols, Algorithms, and Source Code in C (Second Edition), John Wiley & Sons, Inc., 1996. [IPsec] Kent, S. and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, November 1998. [ISAKMP] Maughhan, D., Schertler, M. Schneider, M. and J. Turner, "Internet Security Association and Key Management Protocol (ISAKMP)", RFC 2408, November 1998. [IKE] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November 1998. [TLS] Dierks, T. and C. Allen, "The TLS protocol Version 1.0", RFC 2246, January 1999.Smyslov Informational [Page 23]
RFC 2628 Crypto API June 19997. Author's Address Valery Smyslov TWS Centralny prospekt, 11, Moscow, Russia Phone: +7 (095) 531 4633 Fax: +7 (095) 531 2403 EMail: svan@trustworks.comSmyslov Informational [Page 24]
RFC 2628 Crypto API June 1999Appendix A. The interface specification as a C header file#ifndef __CRYPTPI_H#define __CRYPTPI_H#define CRYPTO_VER(maj,min) (((maj & 0xff) << 8) | (min & 0xff))#define CRYPTO_MAJ_VER(ver) ((ver >> 8) & 0xff)#define CRYPTO_MIN_VER(ver) (ver & 0xff)#define CRYPTO_PLUGIN_NAME_LEN 64 /* Must be multiple of 4 to */#define CRYPTO_ALG_NAME_LEN 32 /* avoid alignment problems */#ifndef CRYPTO_HANDLE#define CRYPTO_HANDLE void* /* cipher state handle */#endiftypedef enum tag_CRYPTO_STATUS { CRYPTO_OK = 1, /* success */ CRYPTO_ERR_GENERAL, /* undefined (internal) error */ CRYPTO_ERR_NOT_SUPPORTED, /* unsupported */ CRYPTO_ERR_BAD_HANDLE, /* invalid handle */ CRYPTO_ERR_SMALL_BUFFER, /* insufficient output buffer size */ CRYPTO_ERR_WEAK_KEY, /* key is considered to be weak (semiweak, pseudoweak) */ CRYPTO_ERR_NO_RESOURCES, /* insufficient resources to perform operation */ CRYPTO_ERR_NO_MEMORY, /* insufficient memory to perform operation */ CRYPTO_ERR_BAD_PARAMS, /* invalid parameters */ CRYPTO_ERR_HARDWARE, /* hardware error */ CRYPTO_ERR_INVALID_SIGNATURE, /* invalid signature */ CRYPTO_ERR_UNCLOSED_HANDLES /* unclosed handles exist while plugin deinitializises */} CRYPTO_STATUS;/* CryptoControl commands */#define CRYPTO_GET 1 /* get parameter */#define CRYPTO_SET 2 /* set parameter *//* Currently defined algorithm types */#define CRYPTO_TYPE_ENCRYPT 1#define CRYPTO_TYPE_DECRYPT 2#define CRYPTO_TYPE_SIGN 3#define CRYPTO_TYPE_VERIFY 4#define CRYPTO_TYPE_COMPRESS 5#define CRYPTO_TYPE_UNCOMPRESS 6#define CRYPTO_TYPE_HASH 7Smyslov Informational [Page 25]
RFC 2628 Crypto API June 1999#define CRYPTO_TYPE_RANDOM 8/* Currently defined algorithm IDs (for types CRYPTO_TYPE_ENCRYPT & CRYPTO_TYPE_DECRYPT) */#define CRYPTO_AE_DUMMY 1 /* no encryption */#define CRYPTO_AE_DES 2 /* DES-CBC */#define CRYPTO_AE_3DES_EDE 3 /* Triple DES-EDE-CBC */#define CRYPTO_AE_IDEA 4 /* IDEA-CBC */#define CRYPTO_AE_RC2 5 /* RC2 */#define CRYPTO_AE_RC4 6 /* RC4 */#define CRYPTO_AE_RC5 7 /* RC5 */#define CRYPTO_AE_SAFER 8 /* SAFER */#define CRYPTO_AE_CAST 9 /* CAST */#define CRYPTO_AE_BLOWFISH 10 /* Blowfish */#define CRYPTO_AE_RSA 11 /* RSA */#define CRYPTO_AE_GOST 12 /* GOST *//* Currently defined algorithm IDs (for types CRYPTO_TYPE_SIGN & CRYPTO_TYPE_VERIFY) */#define CRYPTO_AS_RSA 2 /* RSA */#define CRYPTO_AS_DSA 3 /* DSA */#define CRYPTO_AS_GOST 4 /* GOST *//* Currently defined algorithm IDs (for types CRYPTO_TYPE_COMPRESS & CRYPTO_TYPE_UNCOMPRESS) */#define CRYPTO_AC_DUMMY 1 /* no compression */#define CRYPTO_AC_DEFLATE 2 /* Deflate */#define CRYPTO_AC_LZS 3 /* LZS *//* Currently defined algorithm IDs (for type CRYPTO_TYPE_HASH) */#define CRYPTO_AH_MD5 1 /* MD5 */#define CRYPTO_AH_SHA 2 /* SHA-1 */#define CRYPTO_AH_GOST 3 /* GOST *//* Currently defined algorithm IDs (for type CRYPTO_TYPE_RANDOM) */#define CRYPTO_AR_UNKNOWN 1/* Currently defined plugin flags */#define CRYPTO_PLUGIN_HARDWARE 1 /* plugin uses hdw *//* TBD more *//* Currently defined algorithm flags */#define CRYPTO_ALG_HARDWARE 1 /* algorithm implemented in hardware */#define CRYPTO_ALG_MULTITHREADED 2 /* implementation allows multithreading *//* TBD more */Smyslov Informational [Page 26]
RFC 2628 Crypto API June 1999/* Currently defined parameters identifiers for CryptoControl */#define CRYPTO_PARAM_KEY 1 /* Only for CRYPTO_GET - get current key *//* TBD more */typedef struct tag_CryptoAlgInfo { long status; /* Algorithm status */ long type; /* algorithm type (One of CRYPTO_TYPE_XXX) */ long id; /* algorithm ID */ long group; /* algorithm group */ long version; /* algorithm version (CRYPTO_VER) */ long flags; /* algorithm flags (CRYPTO_ALG_XXX) */ long maxcontexts; /* max number of cipher states supported (0 - any) */ char name[CRYPTO_ALG_NAME_LEN]; /* algorithm name */ /* CRYPT SIGN COMPRESS HASH RANDOM */ /* DECRYPT VERIFY */ long blocklen; /* blklen (blklen) inlen blklen - */ long keylen; /* keylen keylen - - seedlen */ long outlen; /* outlen (signlen) outlen hashlen randlen */ long milen; /* milen (param) - - - */} CryptoAlgInfo;typedef struct tag_CryptoPluginInfo { long cpi_version; /* Crypto PI version (currently CRYPTO_VER(1,0)) */ long status; /* Plugin status */ char name[CRYPTO_PLUGIN_NAME_LEN]; /* plugin text description */ long version; /* plugin version (CRYPTO_VER) */ long flags; /* plugin flags (CRYPTO_PLUGIN_XXX) */ long number_of_algs; /* number of AlgInfo structures followed (min 1) */ CryptoAlgInfo algs[1]; /* array of AlgInfo structures (min 1) */} CryptoPluginInfo;#ifdef __cplusplusextern "C" {#endif/* CryptoPlugin initialization. Returns pointer to CryptoPluginInfostructure on success or NULL on fatal error. */Smyslov Informational [Page 27]
RFC 2628 Crypto API June 1999CryptoPluginInfo *CryptoPluginInit( void *param);/* Ptr to OS parameters (platform-specific) *//* Plugin deinitialization */CRYPTO_STATUS CryptoPluginFini(void);/* Get new algorithm instance (cipher state) */CRYPTO_STATUS CryptoOpen( CRYPTO_HANDLE *state, /* Pointer to cipher state handle (filled on exit) */ long algnum, /* Algorithm number in CryptoPluginInfo structure */ const char *key); /* key (in plain) */ /* Reinitialize algorithm instance */ CRYPTO_STATUS CryptoReOpen( CRYPTO_HANDLE state, /* current cipher state handle */ const char *key); /* key (in plain) */ /* Destroy algorithm instance */ CRYPTO_STATUS CryptoClose( CRYPTO_HANDLE state); /* Handle of cipher state */ /* Check key for possible weakness */ CRYPTO_STATUS CryptoCheckForWeakKey( long algnum, /* Algorithm number in CryptoPluginInfo structure */ const char *key); /* Proposed key */ /* Perform CryptoTransform (depends on cipher state type) */ CRYPTO_STATUS CryptoTransform( CRYPTO_HANDLE state, /* Cipher state handle */ const char *inbuff,/* input data */ long inlen, /* input data length */ char *outbuff,/* output buffer */ long *outlen,/* On entry - output buffer length, on exit - number of bytes written to outbuff */ char *mi); /* Message indicator */ /* Algorithm control */ CRYPTO_STATUS CryptoControl( CRYPTO_HANDLE state, /* Cipher state handle */ long cmd, /* Control command */ long param, /* Parameter id */ char val, /* Parameter value */ long *len); /* For CRYPTO_GET: on entry -Smyslov Informational [Page 28]
RFC 2628 Crypto API June 1999 val buffer length, on exit - number of bytes written to val; for CRYPTO_SET: length of value to set */ #ifdef __cplusplus } #endif #endif /* __CRYPTPI_H */Smyslov Informational [Page 29]
RFC 2628 Crypto API June 1999Full Copyright Statement Copyright (C) The Internet Society (1999). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.Smyslov Informational [Page 30]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -