📄 int_api.h
字号:
void getHashParameters( IN_ALGO const CRYPT_ALGO_TYPE hashAlgorithm,
OUT_PTR HASHFUNCTION *hashFunction,
OUT_OPT_LENGTH_SHORT_Z int *hashOutputSize );
STDC_NONNULL_ARG( ( 2 ) ) \
void getHashAtomicParameters( IN_ALGO const CRYPT_ALGO_TYPE hashAlgorithm,
OUT_PTR HASHFUNCTION_ATOMIC *hashFunctionAtomic,
OUT_OPT_LENGTH_SHORT_Z int *hashOutputSize );
/* Sometimes all we need is a quick-reject check, usually performed to
lighten the load before we do a full hash check. The following
function returns an integer checksum that can be used to weed out
non-matches. If the checksum matches, we use the more heavyweight
full hash of the data */
#define HASH_DATA_SIZE 16
RETVAL_RANGE( MAX_ERROR, 0xFFFF ) STDC_NONNULL_ARG( ( 1 ) ) \
int checksumData( IN_BUFFER( dataLength ) const void *data,
IN_LENGTH const int dataLength );
STDC_NONNULL_ARG( ( 1, 3 ) ) \
void hashData( OUT_BUFFER_FIXED( hashMaxLength ) BYTE *hash,
IN_LENGTH_HASH const int hashMaxLength,
IN_BUFFER( dataLength ) const void *data,
IN_LENGTH const int dataLength );
/****************************************************************************
* *
* Dynamic Memory Management Functions *
* *
****************************************************************************/
/* Dynamic buffer management functions. When reading variable-length
object data we can usually fit the data into a small fixed-length buffer,
but occasionally we have to cope with larger data amounts that require a
dynamically-allocated buffer. The following routines manage this
process, dynamically allocating and freeing a larger buffer if required */
#define DYNBUF_SIZE 1024
typedef struct {
BUFFER_FIXED( length ) \
void *data; /* Pointer to data */
int length;
BUFFER( DYNBUF_SIZE, length ) \
BYTE dataBuffer[ DYNBUF_SIZE + 8 ]; /* Data buf.if size <= DYNBUF_SIZE */
} DYNBUF;
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int dynCreate( OUT DYNBUF *dynBuf,
IN_HANDLE const CRYPT_HANDLE cryptHandle,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attributeType );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int dynCreateCert( OUT DYNBUF *dynBuf,
IN_HANDLE const CRYPT_HANDLE cryptHandle,
IN_ENUM( CRYPT_CERTFORMAT ) \
const CRYPT_CERTFORMAT_TYPE formatType );
STDC_NONNULL_ARG( ( 1 ) ) \
void dynDestroy( INOUT DYNBUF *dynBuf );
#define dynLength( dynBuf ) ( dynBuf ).length
#define dynData( dynBuf ) ( dynBuf ).data
/* When allocating many little blocks of memory, especially in resource-
constrained systems, it's better if we pre-allocate a small memory pool
ourselves and grab chunks of it as required, falling back to dynamically
allocating memory later on if we exhaust the pool. To use a custom
memory pool, the caller declares a state variable of type MEMPOOL_STATE,
calls initMemPool() to initialise the pool, and then calls getMemPool()
and freeMemPool() to allocate and free memory blocks. The state pointer
is declared as a void * because to the caller it's an opaque memory block
while to the memPool routines it's structured storage */
typedef BYTE MEMPOOL_STATE[ 32 ];
STDC_NONNULL_ARG( ( 1, 2 ) ) \
void initMemPool( OUT void *statePtr,
IN_BUFFER( memPoolSize ) void *memPool,
IN_LENGTH_SHORT_MIN( 64 ) const int memPoolSize );
CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1 ) ) \
void *getMemPool( INOUT void *statePtr, IN_LENGTH_SHORT const int size );
STDC_NONNULL_ARG( ( 1, 2 ) ) \
void freeMemPool( INOUT void *statePtr, IN void *memblock );
/* Almost all objects require object-subtype-specific amounts of memory to
store object information. In addition some objects such as certificates
contain arbitrary numbers of arbitrary-sized bits and pieces, most of
which are quite small. To avoid having to allocate worst-case sized
blocks of memory for objects (a problem in embedded environments) or large
numbers of tiny little blocks of memory for certificate attributes, we use
variable-length structures in which the payload is stored after the
structure, with a pointer inside the structure pointing into the payload
storage (a convenient side-effect of this is that it provides good
spatial coherence when processing long lists of attributes). To make
this easier to handle, we use macros to set up and tear down the
necessary variables.
The use of 'storage[ 1 ]' means that the only element that's guaranteed
to be valid is 'storage[ 0 ]' under strict C99 definitions, however
declaring it as an unsized array leads to warnings from many compilers of
use of zero-sized arrays, so we leave it as 'storage[ 1 ]' */
#define DECLARE_VARSTRUCT_VARS \
int storageSize; \
BUFFER_FIXED( storageSize ) \
BYTE storage[ 1 ]
#define initVarStruct( structure, structureType, size ) \
memset( structure, 0, sizeof( structureType ) ); \
structure->value = structure->storage; \
structure->storageSize = size
#define copyVarStruct( destStructure, srcStructure, structureType ) \
memcpy( destStructure, srcStructure, \
sizeof( structureType ) + srcStructure->storageSize ); \
destStructure->value = destStructure->storage;
#define endVarStruct( structure, structureType ) \
zeroise( structure, sizeof( structureType ) + structure->storageSize )
#define sizeofVarStruct( structure, structureType ) \
( sizeof( structureType ) + structure->storageSize )
/****************************************************************************
* *
* Envelope Management Functions *
* *
****************************************************************************/
/* General-purpose enveloping functions, used by various high-level
protocols */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 5 ) ) \
int envelopeWrap( IN_BUFFER( inDataLength ) const void *inData,
IN_LENGTH_MIN( 16 ) const int inDataLength,
OUT_BUFFER( outDataMaxLength, *outDataLength ) void *outData,
IN_LENGTH_MIN( 16 ) const int outDataMaxLength,
OUT_LENGTH_Z int *outDataLength,
IN_ENUM( CRYPT_FORMAT ) const CRYPT_FORMAT_TYPE formatType,
IN_ENUM_OPT( CRYPT_CONTENT ) const CRYPT_CONTENT_TYPE contentType,
IN_HANDLE_OPT const CRYPT_HANDLE iPublicKey );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 5 ) ) \
int envelopeUnwrap( IN_BUFFER( inDataLength ) const void *inData,
IN_LENGTH_MIN( 16 ) const int inDataLength,
OUT_BUFFER( outDataMaxLength, *outDataLength ) void *outData,
IN_LENGTH_MIN( 16 ) const int outDataMaxLength,
OUT_LENGTH_Z int *outDataLength,
IN_HANDLE_OPT const CRYPT_CONTEXT iPrivKey );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 5 ) ) \
int envelopeSign( IN_BUFFER( inDataLength ) const void *inData,
IN_LENGTH_MIN( 16 ) const int inDataLength,
OUT_BUFFER( outDataMaxLength, *outDataLength ) void *outData,
IN_LENGTH_MIN( 16 ) const int outDataMaxLength,
OUT_LENGTH_Z int *outDataLength,
IN_ENUM_OPT( CRYPT_CONTENT ) const CRYPT_CONTENT_TYPE contentType,
IN_HANDLE const CRYPT_CONTEXT iSigKey,
IN_HANDLE_OPT const CRYPT_CERTIFICATE iCmsAttributes );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 5, 7 ) ) \
int envelopeSigCheck( IN_BUFFER( inDataLength ) const void *inData,
IN_LENGTH_MIN( 16 ) const int inDataLength,
OUT_BUFFER( outDataMaxLength, *outDataLength ) void *outData,
IN_LENGTH_MIN( 16 ) const int outDataMaxLength,
OUT_LENGTH_Z int *outDataLength,
IN_HANDLE_OPT const CRYPT_CONTEXT iSigCheckKey,
OUT_RANGE( MAX_ERROR, CRYPT_OK ) int *sigResult,
OUT_OPT_HANDLE_OPT CRYPT_CERTIFICATE *iSigningCert,
OUT_OPT_HANDLE_OPT CRYPT_CERTIFICATE *iCmsAttributes );
/****************************************************************************
* *
* Miscellaneous Functions *
* *
****************************************************************************/
/* Miscellaneous functions that need to be prototyped here (or at least in
some globally-visible header) in order for them to be visible in the
external modules that reference them */
/* Prototypes for functions in mechs/sign_x509.c, used by certificates and
sessions. In the standard PKIX tradition there are a whole range of
b0rken PKI protocols that couldn't quite manage a cut & paste of two
lines of text, adding all sorts of unnecessary extra tagging and wrappers
to the signature. The encoding of these odds and handled via the
X509SIG_FORMATINFO. The basic form allows a user-supplied tag and an
indication of whether it's explicitly or implicitly tagged. If the
explicitTag flag is clear the tag is encoded as [n] { ... }. If it's
set, it's encoded as [n] { SEQUENCE { ... }}. In addition the
extraLength field allows the optional insertion of extra data by the
caller, with the wrapper length being written to include the
extraLength, whose payload can then be appended by the caller */
typedef struct {
int tag; /* Tag for signature */
BOOLEAN isExplicit; /* Whether tag is expicit */
int extraLength; /* Optional length for further data */
} X509SIG_FORMATINFO;
#define setX509FormatInfo( formatInfo, formatTag, formatIsExplicit ) \
memset( formatInfo, 0, sizeof( X509SIG_FORMATINFO ) ); \
( formatInfo )->tag = ( formatTag ); \
( formatInfo )->isExplicit = ( formatIsExplicit )
CHECK_RETVAL STDC_NONNULL_ARG( ( 3, 4 ) ) \
int createX509signature( OUT_BUFFER_OPT( sigMaxLength, *signedObjectLength ) \
void *signedObject,
IN_LENGTH_Z const int sigMaxLength,
OUT_LENGTH_Z int *signedObjectLength,
IN_BUFFER( objectLength ) const void *object,
IN_LENGTH const int objectLength,
IN_HANDLE const CRYPT_CONTEXT iSignContext,
IN_ALGO const CRYPT_ALGO_TYPE hashAlgo,
IN_OPT const X509SIG_FORMATINFO *formatInfo );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int checkX509signature( IN_BUFFER( signedObjectLength ) const void *signedObject,
IN_LENGTH const int signedObjectLength,
IN_HANDLE const CRYPT_CONTEXT iSigCheckContext,
IN_OPT const X509SIG_FORMATINFO *formatInfo );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \
int createRawSignature( OUT_BUFFER( sigMaxLength, *signatureLength ) \
void *signature,
IN_LENGTH_SHORT_MIN( MIN_CRYPT_OBJECTSIZE ) \
const int sigMaxLength,
OUT_LENGTH_SHORT_Z int *signatureLength,
IN_HANDLE const CRYPT_CONTEXT iSignContext,
IN_HANDLE const CRYPT_CONTEXT iHashContext );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int checkRawSignature( IN_BUFFER( signatureLength ) const void *signature,
IN_LENGTH_SHORT const int signatureLength,
IN_HANDLE const CRYPT_CONTEXT iSigCheckContext,
IN_HANDLE const CRYPT_CONTEXT iHashContext );
/* Prototypes for functions in context/key_wr.c, used by devices */
CHECK_RETVAL STDC_NONNULL_ARG( ( 3, 5, 7 ) ) \
int writeFlatPublicKey( OUT_BUFFER_OPT( bufMaxSize, *bufSize ) void *buffer,
IN_LENGTH_SHORT_Z const int bufMaxSize,
OUT_LENGTH_SHORT_Z int *bufSize,
IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo,
IN_BUFFER( component1Length ) const void *component1,
IN_LENGTH_PKC const int component1Length,
IN_BUFFER( component2Length ) const void *component2,
IN_LENGTH_PKC const int component2Length,
IN_BUFFER_OPT( component3Length ) const void *component3,
IN_LENGTH_PKC_Z const int component3Length,
IN_BUFFER_OPT( component4Length ) const void *component4,
IN_LENGTH_PKC_Z const int component4Length );
/* Prototypes for functions in cryptcrt.c, used by devices */
#ifdef USE_CERTIFICATES
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
int createCertificateIndirect( INOUT MESSAGE_CREATEOBJECT_INFO *createInfo,
STDC_UNUSED const void *auxDataPtr,
STDC_UNUSED const int auxValue );
#else
#define createCertificateIndirect( createInfo, auxDataPtr, auxValue ) \
CRYPT_ERROR_NOTAVAIL
#endif /* USE_CERTIFICATES */
/* Prototypes for functions in context/ctx_misc.c, used in the ASN.1/misc
read/write routines */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
int extractBignum( INOUT void *bignumPtr,
IN_BUFFER( length ) const void *buffer,
IN_LENGTH_SHORT const int length,
IN_LENGTH_PKC const int minLength,
IN_LENGTH_PKC const int maxLength,
INOUT_OPT const void *maxRangePtr,
const BOOLEAN checkShortKey );
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \
int getBignumData( const void *bignumPtr,
OUT_BUFFER( dataMaxLength, *dataLength ) void *data,
IN_LENGTH_SHORT_MIN( 16 ) const int dataMaxLength,
OUT_LENGTH_SHORT_Z int *dataLength );
#endif /* _INTAPI_DEFINED */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -