envelope.h

cryptlib安全工具包

	   the OOB data that indicates that there's more data present), the 
	   event-count variable records how many of these events still need to 
	   be handled before we can return data to the caller.  Finally, some 
	   content types (e.g. compressed data) don't allow lookahead reads, 
	   which are necessary in some cases to determine how the payload needs 
	   to be handled.  To handle this we have to remember the returned OOB 
	   data (if it's read via a lookahead read) so that we can reinsert it 
	   into the output stream on the next read call */
	int oobDataLeft;				/* Remaining out-of-band data in payload */
	int oobEventCount;				/* No.events left to process */
	BUFFER( OOB_BUFFER_SIZE, oobBufPos ) \
	BYTE oobBuffer[ OOB_BUFFER_SIZE + 8 ];	/* Buffered OOB data */
	int oobBufPos;

	/* Information on the current OCTET STRING segment in the buffer during
	   the de-enveloping process.  We keep track of the segment start point 
	   (the byte after the OCTET STRING tag), the segment data start point 
	   (which may move when the segment is terminated if the length encoding 
	   shrinks due to a short segment), and whether we've just completed a 
	   segment (which we need to do before we can pop any data from the 
	   envelope, this is tracked via the ENVDATA_SEGMENTCOMPLETE flag).  In 
	   addition we track where the last completed segment ends, as the buffer 
	   may contain one or more completed segments followed by an incomplete 
	   segment, and any attempt to read into the incomplete segment will 
	   require it to be completed first */
	int segmentStart;				/* Segment len+data start point */
	int segmentDataStart;			/* Segment data start point */
	int segmentDataEnd;				/* End of completed data */

	/* The remaining data in the current OCTET STRING segment, explicitly 
	   declared as a long since we may be processing data that came from a 
	   32-bit machine on a 16-bit machine.  During enveloping this is used
	   to track the amount of data left from the user-declared payloadSize
	   that can still be added to the envelope.  During de-enveloping, it's 
	   used to record how much data is left in the current segment */
	long segmentSize;				/* Remaining data in segment */

	/* Once the low-level segment-processing code sees the end-of-contents
	   octets for the payload, we need to notify the higher-level code that
	   anything that follows is out-of-band data that needs to be processed
	   at a higher level.  We do this by setting the ENVDATA_ENDOFCONTENTS
	   flag to record the fact that we've seen the payload EOC and have 
	   moved to trailing out-of-band data.  Since the post-payload data
	   isn't directly retrievable by the user, we use the dataLeft variable 
	   to keep track of how much of what's left in the envelope is payload 
	   that can be copied out */
	int dataLeft;

	/* Block cipher buffer for leftover bytes.  This contains any bytes
	   remaining to be en/decrypted when the input data size isn't a
	   multiple of the cipher block size */
	BUFFER( CRYPT_MAX_IVSIZE, blockBufferPos ) \
	BYTE blockBuffer[ CRYPT_MAX_IVSIZE + 8 ];/* Leftover byte buffer */
	int blockBufferPos;				/* Position in buffer */
	int blockSize;					/* Cipher block size */
	int blockSizeMask;				/* Mask for blockSize-sized blocks */

	/* The overall envelope status.  Some error states (underflow/overflow
	   enveloping information errors, randomness errors, and a few others)
	   are recoverable whereas other states (bad data) aren't recoverable.
	   If we run into a nonrecoverable error, we remember the status here so
	   that any further attempts to work with the envelope will return this
	   status */
	int errorState;

	/* Error information */
	CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
	CRYPT_ERRTYPE_TYPE errorType;	/* Error type */

#ifdef USE_ERRMSGS
	/* Low-level error information */
	ERROR_INFO errorInfo;
#endif /* USE_ERRMSGS */

	/* Pointers to the enveloping/de-enveloping functions */
	CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
	int ( *addInfo )( INOUT struct EI *envelopeInfoPtr,
					  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE envInfo,
					  IN_INT_Z const int value );
	CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \
	int ( *addInfoString )( INOUT struct EI *envelopeInfoPtr,
							IN_RANGE( CRYPT_ENVINFO_PASSWORD, \
									  CRYPT_ENVINFO_PASSWORD ) \
							const CRYPT_ATTRIBUTE_TYPE envInfo,
							IN_BUFFER( valueLength ) const void *value, 
							IN_RANGE( 1, CRYPT_MAX_TEXTSIZE ) \
							const int valueLength );
	CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
	int ( *checkMissingInfo )( INOUT struct EI *envelopeInfoPtr );
	CHECK_RETVAL \
	BOOLEAN ( *checkAlgo )( IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo, 
							IN_MODE_OPT const CRYPT_MODE_TYPE cryptMode );
	CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
	int ( *processPreambleFunction )( INOUT struct EI *envelopeInfoPtr );
	CHECK_RETVAL_SPECIAL STDC_NONNULL_ARG( ( 1 ) ) \
	int ( *processPostambleFunction )( INOUT struct EI *envelopeInfoPtr );
	CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
	int ( *copyToEnvelopeFunction )( INOUT struct EI *envelopeInfoPtr, 
									 IN_BUFFER_OPT( length ) const BYTE *buffer, 
									 IN_LENGTH_Z const int length );
	CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
	int ( *copyFromEnvelopeFunction )( INOUT struct EI *envelopeInfoPtr, 
									   OUT_BUFFER( maxLength, length ) BYTE *buffer, 
									   IN_LENGTH const int maxLength, 
									   OUT_LENGTH_Z int *length, 
									   IN_FLAGS( ENVCOPY ) const int flags );
	CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
	int ( *processExtraData )( INOUT struct EI *envelopeInfoPtr, 
							   IN_BUFFER( length ) const void *buffer, 
							   IN_LENGTH const int length );
	CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
	int ( *syncDeenvelopeData )( INOUT struct EI *envelopeInfoPtr, 
								 INOUT STREAM *stream );

	/* The object's handle and the handle of the user who owns this object.
	   The former is used when sending messages to the object when only the 
	   xxx_INFO is available, the latter is used to avoid having to fetch the
	   same information from the system object table */
	CRYPT_HANDLE objectHandle;
	CRYPT_USER ownerHandle;

	/* The local memory pool used to allocate small data objects attached to 
	   the envelope */
	MEMPOOL_STATE memPoolState;

	/* Variable-length storage for the type-specific data */
	DECLARE_VARSTRUCT_VARS;
	} ENVELOPE_INFO;

/****************************************************************************
*																			*
*								Enveloping Functions						*
*																			*
****************************************************************************/

/* Envelope attribute handling functions */

CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int getEnvelopeAttribute( INOUT ENVELOPE_INFO *envelopeInfoPtr,
						  OUT_INT_Z int *valuePtr, 
						  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int getEnvelopeAttributeS( INOUT ENVELOPE_INFO *envelopeInfoPtr,
						   INOUT MESSAGE_DATA *msgData, 
						   IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int setEnvelopeAttribute( INOUT ENVELOPE_INFO *envelopeInfoPtr,
						  IN_INT_Z const int value, 
						  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int setEnvelopeAttributeS( INOUT ENVELOPE_INFO *envelopeInfoPtr,
						   IN_BUFFER( dataLength ) const void *data,
						   IN_LENGTH const int dataLength,
						   IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );


/* Prototypes for envelope action management functions */

CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
typedef int ( *CHECKACTIONFUNCTION )( const ACTION_LIST *actionListPtr,
									  IN_INT_Z const int intParam );

CHECK_RETVAL_BOOL STDC_NONNULL_ARG( ( 1 ) ) \
BOOLEAN moreActionsPossible( const ACTION_LIST *actionListPtr );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int addAction( OUT_PTR ACTION_LIST **actionListHeadPtrPtr,
			   INOUT MEMPOOL_STATE memPoolState,
			   IN_ENUM( ACTION ) const ACTION_TYPE actionType,
			   IN_HANDLE const CRYPT_HANDLE cryptHandle );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
int addActionEx( OUT_PTR ACTION_LIST **newActionPtrPtr,
				 OUT_PTR ACTION_LIST **actionListHeadPtrPtr,
				 INOUT MEMPOOL_STATE memPoolState,
				 IN_ENUM( ACTION ) const ACTION_TYPE actionType,
				 IN_HANDLE const CRYPT_HANDLE cryptHandle );
CHECK_RETVAL_ENUM( ACTION ) STDC_NONNULL_ARG( ( 1 ) ) \
ACTION_RESULT checkAction( const ACTION_LIST *actionListStart,
						   IN_ENUM( ACTION ) const ACTION_TYPE actionType, 
						   IN_HANDLE const CRYPT_HANDLE cryptHandle );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int checkActionIndirect( const ACTION_LIST *actionListStart,
						 IN CHECKACTIONFUNCTION checkActionFunction,
						 IN_INT_Z const int intParam );
CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1 ) ) \
ACTION_LIST *findAction( const ACTION_LIST *actionListPtr,
						 IN_ENUM( ACTION ) const ACTION_TYPE actionType );
CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1 ) ) \
ACTION_LIST *findLastAction( const ACTION_LIST *actionListPtr,
							 IN_ENUM( ACTION ) \
							 const ACTION_TYPE actionType );
CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
ACTION_LIST *findActionIndirect( const ACTION_LIST *actionListStart,
								 IN CHECKACTIONFUNCTION checkActionFunction,
								 IN_INT_Z const int intParam );
STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
void deleteAction( INOUT_PTR ACTION_LIST **actionListHeadPtrPtr, 
				   INOUT MEMPOOL_STATE memPoolState,	
				   INOUT ACTION_LIST *actionListItem );
STDC_NONNULL_ARG( ( 1, 2 ) ) \
void deleteActionList( INOUT MEMPOOL_STATE memPoolState,
					   INOUT ACTION_LIST *actionListPtr );
STDC_NONNULL_ARG( ( 1 ) ) \
void deleteUnusedActions( INOUT ENVELOPE_INFO *envelopeInfoPtr );
CHECK_RETVAL_BOOL STDC_NONNULL_ARG( ( 1 ) ) \
BOOLEAN checkActions( INOUT ENVELOPE_INFO *envelopeInfoPtr );

/* Prototypes for content list management functions */

CHECK_RETVAL_BOOL STDC_NONNULL_ARG( ( 1 ) ) \
BOOLEAN moreContentItemsPossible( const CONTENT_LIST *contentListPtr );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int createContentListItem( OUT_PTR CONTENT_LIST **newContentListItemPtrPtr,
						   INOUT MEMPOOL_STATE memPoolState, 
						   IN_ENUM( CRYPT_FORMAT ) \
						   const CRYPT_FORMAT_TYPE formatType,
						   IN_BUFFER_OPT( objectSize ) const void *object, 
						   IN_LENGTH_Z const int objectSize,
						   const BOOLEAN isSigObject );
STDC_NONNULL_ARG( ( 1, 2 ) ) \
void appendContentListItem( INOUT ENVELOPE_INFO *envelopeInfoPtr,
							INOUT CONTENT_LIST *contentListItem );
STDC_NONNULL_ARG( ( 1, 2 ) ) \
void deleteContentList( INOUT MEMPOOL_STATE memPoolState,
						INOUT_PTR CONTENT_LIST **contentListHeadPtrPtr );

/* Prototypes for misc.management functions */

CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int addKeysetInfo( INOUT ENVELOPE_INFO *envelopeInfoPtr,
				   IN_RANGE( CRYPT_ENVINFO_KEYSET_ENCRYPT, \
							 CRYPT_ENVINFO_KEYSET_SIGCHECK ) \
				   const CRYPT_ATTRIBUTE_TYPE keysetFunction,
				   IN_HANDLE const CRYPT_KEYSET keyset );
CHECK_RETVAL_BOOL \
BOOLEAN cmsCheckAlgo( IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo,
					  IN_MODE_OPT const CRYPT_MODE_TYPE cryptMode );
CHECK_RETVAL_BOOL \
BOOLEAN pgpCheckAlgo( IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo, 
					  IN_MODE_OPT const CRYPT_MODE_TYPE cryptMode );

/* Prepare the envelope for data en/decryption */

CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int initEnvelopeEncryption( INOUT ENVELOPE_INFO *envelopeInfoPtr,
							IN_HANDLE const CRYPT_CONTEXT cryptContext,
							IN_ALGO_OPT const CRYPT_ALGO_TYPE algorithm, 
							IN_MODE_OPT const CRYPT_MODE_TYPE mode,
							IN_BUFFER_OPT( ivLength ) const BYTE *iv, 
							IN_LENGTH_IV_Z const int ivLength,
							const BOOLEAN copyContext );

/* Prototypes for enveloping internal functions */

CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int cmsPreEnvelopeEncrypt( INOUT ENVELOPE_INFO *envelopeInfoPtr );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int cmsPreEnvelopeSign( INOUT ENVELOPE_INFO *envelopeInfoPtr );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int hashEnvelopeData( const ACTION_LIST *hashActionPtr,
					  IN_BUFFER( dataLength ) const void *data, 
					  IN_LENGTH const int dataLength );

/* Prototypes for envelope mapping functions */

#ifdef USE_CMS
  STDC_NONNULL_ARG( ( 1 ) ) \
  void initCMSEnveloping( INOUT ENVELOPE_INFO *envelopeInfoPtr );
  STDC_NONNULL_ARG( ( 1 ) ) \
  void initCMSDeenveloping( INOUT ENVELOPE_INFO *envelopeInfoPtr );
#else
  #define initCMSEnveloping( envelopeInfoPtr )
  #define initCMSDeenveloping( envelopeInfoPtr )
#endif /* USE_CMS */
#ifdef USE_PGP
  STDC_NONNULL_ARG( ( 1 ) ) \
  void initPGPEnveloping( INOUT ENVELOPE_INFO *envelopeInfoPtr );
  STDC_NONNULL_ARG( ( 1 ) ) \
  void initPGPDeenveloping( INOUT ENVELOPE_INFO *envelopeInfoPtr );
#else
  #define initPGPEnveloping( envelopeInfoPtr )
  #define initPGPDeenveloping( envelopeInfoPtr )
#endif /* USE_PGP */
STDC_NONNULL_ARG( ( 1 ) ) \
void initEnvelopeStreaming( INOUT ENVELOPE_INFO *envelopeInfoPtr );
STDC_NONNULL_ARG( ( 1 ) ) \
void initEnvResourceHandling( INOUT ENVELOPE_INFO *envelopeInfoPtr );
STDC_NONNULL_ARG( ( 1 ) ) \
void initDeenvelopeStreaming( INOUT ENVELOPE_INFO *envelopeInfoPtr );
STDC_NONNULL_ARG( ( 1 ) ) \
void initDenvResourceHandling( INOUT ENVELOPE_INFO *envelopeInfoPtr );

#endif /* _ENV_DEFINED */