📄 keyset.h
字号:
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int ( *performQueryFunction )( INOUT struct DI *dbmsInfo,
IN_STRING_OPT const char *command,
OUT_BUFFER_OPT( dataMaxLength, *dataLength ) \
char *data,
IN_LENGTH_SHORT_Z const int dataMaxLength,
OUT_LENGTH_SHORT_Z int *dataLength,
IN const void *boundData,
IN_ENUM_OPT( DBMS_CACHEDQUERY ) \
const DBMS_CACHEDQUERY_TYPE queryEntry,
IN_ENUM( DBMS_QUERY ) \
const DBMS_QUERY_TYPE queryType );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int ( *performStaticQueryFunction )( INOUT struct DI *dbmsInfo,
IN_STRING_OPT const char *command,
IN_ENUM_OPT( DBMS_CACHEDQUERY ) \
const DBMS_CACHEDQUERY_TYPE queryEntry,
IN_ENUM( DBMS_QUERY ) \
const DBMS_QUERY_TYPE queryType );
/* Pointers to database-specific keyset access methods */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int ( *certMgmtFunction )( INOUT struct KI *keysetInfo,
OUT_OPT_HANDLE_OPT CRYPT_CERTIFICATE *iCryptCert,
IN_HANDLE_OPT const CRYPT_CERTIFICATE caKey,
IN_HANDLE_OPT const CRYPT_CERTIFICATE request,
IN_ENUM( CRYPT_CERTACTION ) \
const CRYPT_CERTACTION_TYPE action );
} DBMS_INFO;
typedef struct {
/* The I/O stream */
STREAM stream; /* I/O stream for HTTP read */
/* An HTTP fetch differs from the other types of read in that it can
return data in multiple chunks depending on how much comes over the
net at once. Because of this we need to track what's come in, and
also allocate more buffer space on demand if required. The following
variables handle the on-demand re-allocation of buffer space */
int bufPos; /* Current position in buffer */
} HTTP_INFO;
typedef struct {
/* LDAP access information */
void *ld; /* LDAP connection information */
void *result; /* State information for ongoing queries */
/* The names of the object class and various attributes. These are
stored as part of the keyset context since they may be user-defined */
char nameObjectClass[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of object class */
char nameFilter[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of query filter */
char nameCACert[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of CA certificate attribute */
char nameCert[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of certificate attribute */
char nameCRL[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of CRL attribute */
char nameEmail[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of email addr.attr.*/
CRYPT_CERTTYPE_TYPE objectType; /* Preferred obj.type to fetch */
/* When storing a certificate we need the certificate DN, email address,
and certificate expiry date */
char C[ CRYPT_MAX_TEXTSIZE + 8 ], SP[ CRYPT_MAX_TEXTSIZE + 8 ],
L[ CRYPT_MAX_TEXTSIZE + 8 ], O[ CRYPT_MAX_TEXTSIZE + 8 ],
OU[ CRYPT_MAX_TEXTSIZE + 8 ], CN[ CRYPT_MAX_TEXTSIZE + 8 ];
char email[ CRYPT_MAX_TEXTSIZE + 8 ];
time_t date;
} LDAP_INFO;
/* Defines to make access to the union fields less messy */
#define keysetFile keysetInfo.fileInfo
#define keysetDBMS keysetInfo.dbmsInfo
#define keysetHTTP keysetInfo.httpInfo
#define keysetLDAP keysetInfo.ldapInfo
/* The structure that stores information on a keyset */
typedef struct KI {
/* General keyset information */
KEYSET_TYPE type; /* Keyset type (native, PGP, X.509, etc) */
KEYSET_SUBTYPE subType; /* Keyset subtype (public, private, etc) */
CRYPT_KEYOPT_TYPE options; /* Keyset options */
int flags; /* Keyset information flags */
/* Keyset type-specific information */
union {
FILE_INFO *fileInfo;
#ifdef USE_DBMS
DBMS_INFO *dbmsInfo;
#endif /* USE_DBMS */
#ifdef USE_HTTP
HTTP_INFO *httpInfo;
#endif /* USE_HTTP */
#ifdef USE_LDAP
LDAP_INFO *ldapInfo;
#endif /* USE_LDAP */
} keysetInfo;
/* Pointers to keyset access methods */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int ( *initFunction )( INOUT struct KI *keysetInfo,
IN_BUFFER_OPT( nameLength ) const char *name,
IN_LENGTH_NAME_Z const int nameLength,
IN_ENUM( CRYPT_KEYOPT ) \
const CRYPT_KEYOPT_TYPE options );
RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int ( *shutdownFunction )( INOUT struct KI *keysetInfo );
#ifdef USE_LDAP
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int ( *getAttributeFunction )( INOUT struct KI *keysetInfo,
OUT void *data,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE type );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int ( *setAttributeFunction )( INOUT struct KI *keysetInfo,
const void *data,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE type );
#endif /* USE_LDAP */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 5 ) ) \
int ( *getItemFunction )( INOUT struct KI *keysetInfo,
OUT_HANDLE_OPT CRYPT_HANDLE *iCryptHandle,
IN_ENUM( KEYMGMT_ITEM ) \
const KEYMGMT_ITEM_TYPE itemType,
IN_KEYID const CRYPT_KEYID_TYPE keyIDtype,
IN_BUFFER( keyIDlength ) const void *keyID,
IN_LENGTH_KEYID const int keyIDlength,
IN_OPT void *auxInfo,
INOUT_OPT int *auxInfoLength,
IN_FLAGS_Z( KEYMGMT ) const int flags );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 5 ) ) \
int ( *getSpecialItemFunction )( INOUT struct KI *keysetInfoPtr,
IN_ATTRIBUTE \
const CRYPT_ATTRIBUTE_TYPE dataType,
OUT_BUFFER( dataMaxLength, *dataLength ) \
void *data,
IN_LENGTH_SHORT const int dataMaxLength,
OUT_LENGTH_SHORT_Z int *dataLength );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int ( *setItemFunction )( INOUT struct KI *deviceInfo,
IN_HANDLE const CRYPT_HANDLE iCryptHandle,
IN_ENUM( KEYMGMT_ITEM ) \
const KEYMGMT_ITEM_TYPE itemType,
IN_BUFFER_OPT( passwordLength ) const char *password,
IN_LENGTH_NAME_Z const int passwordLength,
IN_FLAGS( KEYMGMT ) const int flags );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int ( *setSpecialItemFunction )( INOUT struct KI *deviceInfo,
IN_ATTRIBUTE \
const CRYPT_ATTRIBUTE_TYPE dataType,
IN_BUFFER( dataLength ) const void *data,
IN_LENGTH_SHORT const int dataLength );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 4 ) ) \
int ( *deleteItemFunction )( INOUT struct KI *keysetInfo,
IN_ENUM( KEYMGMT_ITEM ) \
const KEYMGMT_ITEM_TYPE itemType,
IN_KEYID const CRYPT_KEYID_TYPE keyIDtype,
IN_BUFFER( keyIDlength ) const void *keyID,
IN_LENGTH_KEYID const int keyIDlength );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 6 ) ) \
int ( *getFirstItemFunction )( INOUT struct KI *keysetInfo,
OUT_HANDLE_OPT CRYPT_CERTIFICATE *iCertificate,
OUT int *stateInfo,
IN_ENUM( KEYMGMT_ITEM ) \
const KEYMGMT_ITEM_TYPE itemType,
IN_KEYID const CRYPT_KEYID_TYPE keyIDtype,
IN_BUFFER( keyIDlength ) const void *keyID,
IN_LENGTH_KEYID const int keyIDlength,
IN_FLAGS_Z( KEYMGMT ) const int options );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
int ( *getNextItemFunction )( INOUT struct KI *keysetInfo,
OUT_HANDLE_OPT CRYPT_CERTIFICATE *iCertificate,
INOUT int *stateInfo,
IN_FLAGS_Z( KEYMGMT ) const int options );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
BOOLEAN ( *isBusyFunction )( INOUT struct KI *keysetInfo );
/* Some keysets require keyset-type-specific data storage, which is
managed via the following variables. keyDataSize denotes the total
size in bytes of the keyData buffer, keyDataNoObjects is the number
of objects in the buffer if it's implemented as an array of key data
objects */
BUFFER_OPT_FIXED( keyDataSize ) \
void *keyData; /* Keyset data buffer */
int keyDataSize; /* Buffer size */
int keyDataNoObjects; /* No.of objects in key data buffer */
/* Error information */
CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
CRYPT_ERRTYPE_TYPE errorType; /* Error type */
/* Low-level error information. Since this is fairly space-consuming, we
only use it if we're using one of the heavyweight keyset types that
require it */
#if defined( USE_DBMS ) || defined( USE_HTTP ) || defined( USE_LDAP )
#define KEYSET_HAS_ERRORINFO
ERROR_INFO errorInfo;
#endif /* USE_DBMS || USE_HTTP || USE_LDAP */
/* The object's handle and the handle of the user who owns this object.
The former is used when sending messages to the object when only the
xxx_INFO is available, the latter is used to avoid having to fetch the
same information from the system object table */
CRYPT_HANDLE objectHandle;
CRYPT_USER ownerHandle;
/* Variable-length storage for the type-specific data */
DECLARE_VARSTRUCT_VARS;
} KEYSET_INFO;
/****************************************************************************
* *
* Keyset Functions *
* *
****************************************************************************/
/* Keyset attribute handling functions */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int getKeysetAttribute( INOUT KEYSET_INFO *keysetInfoPtr,
OUT_INT_Z int *valuePtr,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int getKeysetAttributeS( INOUT KEYSET_INFO *keysetInfoPtr,
INOUT MESSAGE_DATA *msgData,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int setKeysetAttribute( INOUT KEYSET_INFO *keysetInfoPtr,
IN_INT_Z const int value,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int setKeysetAttributeS( INOUT KEYSET_INFO *keysetInfoPtr,
IN_BUFFER( dataLength ) const void *data,
IN_LENGTH const int dataLength,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
/* Prototypes for keyset mapping functions */
#ifdef USE_ODBC
CHECK_RETVAL \
int dbxInitODBC( void );
void dbxEndODBC( void );
#else
#define dbxInitODBC() CRYPT_OK
#define dbxEndODBC()
#endif /* USE_ODBC */
#ifdef USE_DBMS
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int setAccessMethodDBMS( INOUT KEYSET_INFO *keysetInfo,
IN_ENUM( CRYPT_KEYSET ) \
const CRYPT_KEYSET_TYPE type );
#else
#define setAccessMethodDBMS( x, y ) CRYPT_ARGERROR_NUM1
#endif /* USE_DBMS */
#ifdef USE_HTTP
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int setAccessMethodHTTP( INOUT KEYSET_INFO *keysetInfo );
#else
#define setAccessMethodHTTP( x ) CRYPT_ARGERROR_NUM1
#endif /* USE_HTTP */
#ifdef USE_LDAP
int dbxInitLDAP( void );
void dbxEndLDAP( void );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int setAccessMethodLDAP( INOUT KEYSET_INFO *keysetInfo );
#else
#define dbxInitLDAP() CRYPT_OK
#define dbxEndLDAP()
#define setAccessMethodLDAP( x ) CRYPT_ARGERROR_NUM1
#endif /* USE_LDAP */
#ifdef USE_PGPKEYS
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int setAccessMethodPGPPublic( INOUT KEYSET_INFO *keysetInfo );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int setAccessMethodPGPPrivate( INOUT KEYSET_INFO *keysetInfo );
#else
#define setAccessMethodPGPPublic( x ) CRYPT_ARGERROR_NUM1
#define setAccessMethodPGPPrivate( x ) CRYPT_ARGERROR_NUM1
#endif /* USE_PGPKEYS */
#ifdef USE_PKCS12
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int setAccessMethodPKCS12( INOUT KEYSET_INFO *keysetInfo );
#else
#define setAccessMethodPKCS12( x ) CRYPT_ARGERROR_NUM1
#endif /* PKCS #12 */
#ifdef USE_PKCS15
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int setAccessMethodPKCS15( INOUT KEYSET_INFO *keysetInfo );
#else
#define setAccessMethodPKCS15( x ) CRYPT_ARGERROR_NUM1
#endif /* PKCS #15 */
#ifdef USE_PKCS12
#define isWriteableFileKeyset( type ) \
( ( type ) == KEYSET_SUBTYPE_PKCS12 || \
( type ) == KEYSET_SUBTYPE_PKCS15 )
#else
#define isWriteableFileKeyset( type ) \
( ( type ) == KEYSET_SUBTYPE_PKCS15 )
#endif /* Writeable keyset subtypes */
#endif /* _KEYSET_DEFINED */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -