derhelp.h

IBE是一种非对称密码技术

/* Copyright 2003-2006, Voltage Security, all rights reserved.
 */

/* This file contains definitions for the DER helper routines.
 */

#include "vibe.h"
#include "environment.h"
#include "base.h"
#include "libctx.h"
#include "openssl/asn1t.h"
#include "openssl/asn1_mac.h"

#ifndef _DER_HELP_H
#define _DER_HELP_H

#ifdef __cplusplus
extern "C" {
#endif

/* A data type for Voltage-defined Asn1 types that are the "same" as
 * ASN1_STRING.
 */
typedef struct
{
  ASN1_STRING base;
  UInt32 vFlags;
} VoltAsn1String;

typedef VoltAsn1String Asn1ObjectId;

typedef VoltAsn1String Asn1Encoded;

#define VOLT_ENC_CONTENT_STATE_MASK    0x0f
#define VOLT_ENC_CONTENT_STATE_CREATE  0x00
#define VOLT_ENC_CONTENT_STATE_SET     0x01
#define VOLT_ENC_CONTENT_STATE_INIT_E  0x02
#define VOLT_ENC_CONTENT_STATE_INIT_D  0x04

/* If the ALG or KEY bits are set, destroy the object during _clear. If
 * not, the internal alg and/or key objects are references.
 */
#define VOLT_ENC_CONTENT_STATE_ALG     0x40
#define VOLT_ENC_CONTENT_STATE_KEY     0x80

/* Make sure the first two fields are ASN1_STRING and UInt32 so a
 * pointer to this type can be dereferenced as a pointer to a
 * VoltAsn1String.
 */
typedef struct
{
  ASN1_STRING base;
  UInt32 vFlags;
  unsigned int state;
  VtAlgorithmObject cipherObj;
  VtKeyObject keyObj;
  VtRandomObject random;
} Asn1EncryptedContent;

/* Make sure the first two fields are ASN1_STRING and UInt32 so a
 * pointer to this type can be dereferenced as a pointer to a
 * VoltAsn1String.
 */
typedef struct
{
  ASN1_STRING base;
  UInt32 vFlags;
  unsigned int primeLen;
  VtItem xCoord;
  VtItem yCoord;
} Asn1EcPoint;

/* Define the functions to fill out EXTERN types for the OpenSSL ASN.1
 * engine.
 *  d2i is DER-decode
 *  i2d is DER-encode
 *
 *   typedef struct ASN1_EXTERN_FUNCS_st {
 *     void *app_data;
 *     ASN1_ex_new_func *asn1_ex_new;
 *     ASN1_ex_free_func *asn1_ex_free;
 *     ASN1_ex_free_func *asn1_ex_clear;
 *     ASN1_ex_d2i *asn1_ex_d2i;
 *     ASN1_ex_i2d *asn1_ex_i2d;
 *   } ASN1_EXTERN_FUNCS;
 */
int Asn1CommonNew (ASN1_VALUE **obj, const ASN1_ITEM *asn1Item);
void Asn1CommonFree (ASN1_VALUE **obj, const ASN1_ITEM *asn1Item);
void Asn1CommonClear (ASN1_VALUE **obj, const ASN1_ITEM *asn1Item);
int Asn1CommonDecode
   (ASN1_VALUE **obj, const unsigned char **input, long length,
    const ASN1_ITEM *asn1Item, int tag, int aclass, char opt, ASN1_TLC *ctx);
int Asn1CommonEncode
   (ASN1_VALUE **obj, unsigned char **output, const ASN1_ITEM *asn1Item,
    int tag, int aclass);
int Asn1CommonSet (
   VoltAsn1String *value, unsigned char *data, unsigned int len);

Asn1Encoded *Asn1Encoded_new (void);
void Asn1Encoded_free (Asn1Encoded *a);
Asn1Encoded *d2i_Asn1Encoded (Asn1Encoded **a, unsigned char **in, long len);
int i2d_Asn1Encoded (Asn1Encoded *a, unsigned char **out);

#ifdef  OPENSSL_EXPORT_VAR_AS_FUNCTION
const ASN1_ITEM *Asn1Encoded_it(void);
#else
extern const ASN1_ITEM Asn1Encoded_it;
#endif

int Asn1Encoded_set (Asn1Encoded *obj, unsigned char *data, unsigned int len);
/* If there is no obj, this creates a new one and then sets it. If
 * there already is an object, this is the same as Asn1Encoded_set.
 */
int Asn1Encoded_setCreate (
   Asn1Encoded **obj, unsigned char *data, unsigned int len);

Asn1ObjectId *Asn1ObjectId_new (void);
void Asn1ObjectId_free (Asn1ObjectId *a);
Asn1ObjectId *d2i_Asn1ObjectId (Asn1ObjectId **a, unsigned char **in, long len);
int i2d_Asn1ObjectId (Asn1ObjectId *a, unsigned char **out);

#ifdef  OPENSSL_EXPORT_VAR_AS_FUNCTION
const ASN1_ITEM *Asn1ObjectId_it(void);
#else
extern const ASN1_ITEM Asn1ObjectId_it;
#endif

int Asn1ObjectId_set (Asn1ObjectId *obj, unsigned char *data, unsigned int len);

int Asn1EcPointNew (ASN1_VALUE **obj, const ASN1_ITEM *asn1Item);
void Asn1EcPointFree (ASN1_VALUE **obj, const ASN1_ITEM *asn1Item);
void Asn1EcPointClear (ASN1_VALUE **obj, const ASN1_ITEM *asn1Item);
int Asn1EcPointDecode
   (ASN1_VALUE **obj, const unsigned char **input, long length,
    const ASN1_ITEM *asn1Item, int tag, int aclass, char opt, ASN1_TLC *ctx);
int Asn1EcPointEncode
   (ASN1_VALUE **obj, unsigned char **output, const ASN1_ITEM *asn1Item,
    int tag, int aclass);

Asn1EcPoint *Asn1EcPoint_new (void);
void Asn1EcPoint_free (Asn1EcPoint *a);
Asn1EcPoint *d2i_Asn1EcPoint (Asn1EcPoint **a, unsigned char **in, long len);
int i2d_Asn1EcPoint (Asn1EcPoint *a, unsigned char **out);

#ifdef  OPENSSL_EXPORT_VAR_AS_FUNCTION
const ASN1_ITEM *Asn1EcPoint_it(void);
#else
extern const ASN1_ITEM Asn1EcPoint_it;
#endif

int Asn1EcPoint_set (
   Asn1EcPoint *obj, unsigned int primeLen,
   unsigned char *xCoord, unsigned int xLen,
   unsigned char *yCoord, unsigned int yLen
);

int Asn1EncryptedContentNew (ASN1_VALUE **obj, const ASN1_ITEM *asn1Item);
void Asn1EncryptedContentFree (ASN1_VALUE **obj, const ASN1_ITEM *asn1Item);
void Asn1EncryptedContentClear (ASN1_VALUE **obj, const ASN1_ITEM *asn1Item);
int Asn1EncryptedContentDecode
   (ASN1_VALUE **obj, const unsigned char **input, long length,
   const ASN1_ITEM *asn1Item, int tag, int aclass, char opt, ASN1_TLC *ctx);
int Asn1EncryptedContentEncode
   (ASN1_VALUE **obj, unsigned char **output, const ASN1_ITEM *asn1Item,
   int tag, int aclass);

Asn1EncryptedContent *Asn1EncryptedContent_new (void);
void Asn1EncryptedContent_free (Asn1EncryptedContent *a);
Asn1EncryptedContent *d2i_Asn1EncryptedContent
   (Asn1EncryptedContent **a, unsigned char **in, long len);
int i2d_Asn1EncryptedContent (Asn1EncryptedContent *a, unsigned char **out);

#ifdef  OPENSSL_EXPORT_VAR_AS_FUNCTION
const ASN1_ITEM *Asn1EncryptedContent_it(void);
#else
extern const ASN1_ITEM Asn1EncryptedContent_it;
#endif

/* If the AlgImpl is NULL, the algImplInfo is an algorithm object
 * and the Asn1EncryptedContent object will copy a reference to it.
 * Similarly, if the KeyParam is NULL, the keyParamInfo is a key
 * object and the Asn1EncryptedContent object will copy a reference. If
 * the object copies a reference, it will not destroy the referenced
 * object during the _free call. However, if the ASN.1 object builds an
 * object from the AlgImpl and KeyParam, it will destroy it.
 * <p>The _set function will copy a reference to the random object and
 * will never destroy it, but it will pass it on to the encryption
 * functions. Hence, the random object passed in should not be destroyed
 * before the Asn1EncryptedContent object is destroyed.
 * <p>The data is the data to encrypt (not decrypt, that is passed in
 * during the d2i_ call). The _set function will copy a reference to this
 * data, not copy it. Hence, the buffer containing the data should not be
 * freed or altered before the Asn1EncryptedContent object has completed
 * its task.
 * <p>If decoding, call this _set routine to pass in the decryption and
 * key Param's (or objects), pass NULL and 0 for data and dataLen.
 */
int Asn1EncryptedContent_set (
   Asn1EncryptedContent *obj, VtLibCtx libCtx,
   VtAlgorithmImpl *AlgImpl, Pointer algImplInfo,
   VtKeyParam *KeyParam, Pointer keyParamInfo,
   VtRandomObject random, unsigned char *data, unsigned int dataLen);

/* Call this routine to let an ASN.1 object know whether it should copy
 * data when setting or decoding. This is only valid with the
 * Voltage-created types such as Asn1Encoded or Asn1EncryptedContent.
 * <p>The following are the possible values for copyFlag.
 *
 *    VOLT_ASN1_COPY_REFERENCE
 *    VOLT_ASN1_COPY_DATA
 *
 * <p>It is possible to call this routine after creation (a _new call),
 * but if you call _set, d2i_, or i2d_, this call will do nothing.
 * <p>The regular _set routine will copy the input data. That is, there
 * will be two copies of the data, the caller's buffer and the buffer
 * inside the ASN.1 object. However, if the app first calls
 * Asn1SetObjectCopyFlag with VOLT_ASN1_COPY_REFERENCE, the _set routine
 * will simply copy a reference to the input data.
 * <p>Normally, when decoding, a subroutine will allocate space for a
 * copy of the relevant data (the value part of a TLV, a "subset" of
 * the total encoding), copy the data out of the encoding into this new
 * buffer and store the pointer to this buffer in the data field of the
 * ASN.1 object. The memory is freed when the object is destroyed.
 * <p>However, a particular app, in order to save memory, may want to
 * simply copy a reference to the place inside the encoding where the
 * value starts. If this routine had been called with
 * VOLT_ASN1_COPY_REFERENCE as the copyFlag, the decoder will set the
 * data field or fields to the appropriate location in the encoding.
 * When destroyed, the data will not be freed.
 * <p>NOTE: This will only work on Voltage toolkit "extra" types that
 * are either ASN1_STRING types (Asn1ObjectId and Asn1Encoded) or
 * contain ASN1_STRING as the "base" struct (Asn1EcPoint and
 * Asn1EncryptedContent). Do not use this call on any other ASN1_ type.
 */
void Asn1SetObjectCopyFlag (VoltAsn1String *asn1Obj, unsigned int copyFlag);

#define VOLT_ASN1_COPY_DATA        0x0000
#define VOLT_ASN1_COPY_REFERENCE   0x8000
#define VOLT_ASN1_COPY_MASK        0x8000

#define VOLT_ASN1_COPY_FLAG_FIXED  0x1000

/* Call this routine to set an OpenSSL ASN1_GENERALIZEDTIME object.
 * This function will call the OpenSSL function
 * ASN1_GENERALIZEDTIME_set, which takes as the time argument a time_t,
 * which is platform-dependent. The Voltage version of the set function
 * takes the platform-independent VoltTime. For each platform, create
 * an implementation of this function to convert VoltTime to the
 * appropriate time_t and call the OpenSSL routine.
 * <p>The return value is the return value from the OpenSSL function.
 *
 * @param genTimeObj The OpenSSL generalized time object to set.
 * @param theTime The time to which the object is to be set.
 * @return If successful, the input object, if not, NULL.
 */
ASN1_GENERALIZEDTIME *VoltOpenSslSetGenTime VOLT_PROTO_LIST ((
   ASN1_GENERALIZEDTIME *genTimeObj,
   VoltTime *theTime
));

/* Utility function, decode a tag and len.
 * <p>This function will read the tag and return it at the address
 * given by theTag. It will determine the length of the length octets
 * and return that value at the address given by lengthLen. Finally, it
 * will determine what the length is and return it at the address given
 * by valueLenLo. If the length is >= 2^32 (lengthLen >= 5), then the
 * function will return the length in two UInt32s, the valueLenLo and
 * the valueLenHi (if the length fits in 4 bytes, the function will set
 * valueLenHi to 0).
 * <p>If there is not enough data to complete a tag and len, the
 * routine will return VT_ERROR_INVALID_INPUT_LEN. If the function
 * determines that the data at encoding is not a tag and len, it will
 * return VT_ERROR_INVALID_ENCODING. This can happen if the length is
 * represented by a number that would not fit into 8 bytes (a length >=
 * 2^64, more than 18 quintillion, which would be data of length 18