cryptlib  3.4.1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros
keyset.h
Go to the documentation of this file.
1 /****************************************************************************
2 * *
3 * cryptlib Keyset Interface Header File *
4 * Copyright Peter Gutmann 1996-2005 *
5 * *
6 ****************************************************************************/
7 
8 #ifndef _KEYSET_DEFINED
9 
10 #define _KEYSET_DEFINED
11 
12 /* Various include files needed by the DBMS libraries */
13 
14 #include <time.h>
15 #ifndef _STREAM_DEFINED
16  #if defined( INC_ALL )
17  #include "stream.h"
18  #else
19  #include "io/stream.h"
20  #endif /* Compiler-specific includes */
21 #endif /* _STREAM_DEFINED */
22 
23 /****************************************************************************
24 * *
25 * Database Keyset Headers *
26 * *
27 ****************************************************************************/
28 
29 /* Handle ODBC support. This gets rather complex, with all sorts of special-
30  case handling of headers and types required across different systems */
31 
32 #ifdef USE_ODBC
33 
34 /* As part of the ever-changing way of identifying Win32, Microsoft changed
35  the predefined constant from WIN32 to _WIN32 in VC++ 2.1. However the
36  ODBC header files still expect to find WIN32 and if this isn't defined
37  will use the default (i.e. C) calling convention instead of the Pascal
38  convention which is actually used by the ODBC functions. This means that
39  both the caller and the callee clean up the stack so that for each ODBC
40  call the stack creeps upwards by a few bytes until eventually the local
41  variables and/or return address get trashed. This problem is usually
42  hidden by the fact that something else defines WIN32 so everything works
43  OK, but the October 1997 development platform upgrade changes this so
44  that compiling the code after this update is installed breaks things. To
45  avoid this problem, we define WIN32 if it isn't defined, which ensures
46  that the ODBC header files work properly */
47 #if defined( __WIN32__ ) && !defined( WIN32 )
48  #define WIN32
49 #endif /* __WIN32__ && !WIN32 */
50 
51 #ifdef __WINDOWS__
52  /* Borland have their own weird place to put ODBC headers */
53  #if defined( __BORLANDC__ )
54  #include <mfc/sqltypes.h>
55  #else
56  /* UnixODBC defines its own version of various Windows types, if we're
57  building under Windows we have to disable this. The UnixODBC headers
58  have a guard ALLREADY_HAVE_WINDOWS_TYPE (sic) but this is all-or-
59  nothing, disabling the defining of Windows *and* SQL types. Defining
60  the guard value fixes most compile problems but in order to build it
61  the commented-out typedefs also need to be defined. These are
62  already defined in the standard (Windows) sqltypes.h so their use
63  needs to be manually enabled for UnixODBC under Windows, which is
64  unlikely to occur given that it's a Unix-only driver */
65  #define ALLREADY_HAVE_WINDOWS_TYPE
66  #if 0
67  typedef signed short RETCODE;
68  typedef short int SWORD;
69  typedef long int SDWORD;
70  typedef signed char SQLSCHAR;
71  typedef HWND SQLHWND;
72  #endif /* 0 */
73 
74  #include <sql.h>
75  #include <sqlext.h>
76  #endif /* Compiler-specific include locations */
77 #else
78  #include <sql.h>
79  #include <sqlext.h>
80 #endif /* Windows vs.everything else */
81 
82 #endif /* USE_ODBC */
83 
84 #ifdef USE_DATABASE
85  #error Need to add database backend-specific includes
86 #endif /* USE_DATABASE */
87 
88 /****************************************************************************
89 * *
90 * Keyset Types and Constants *
91 * *
92 ****************************************************************************/
93 
94 /* The maximum size of a certificate in binary and base64-encoded form. For
95  the first fifteen years of use this was 2048 bytes, but given the
96  increasing tendency to shovel all manner of random junk into a
97  certificate, bringing some dangerously close to 2048 bytes (and even
98  larger in some rare cases for oddball certificates) it's now 4096 bytes.
99 
100  (Another reason for allowing the increase is that an original motivation
101  for capping the value at 2048 bytes was to deal with databases that
102  didn't support BLOBs and/or didn't do VARCHARs (treating them as straight
103  CHARs), but both the massively-increased storage available to databases
104  since then and the high improbability of a PKI of any appreciable size
105  ever being widely deployed (beyond the existing databases of commercial
106  CAs), combined with the near-universal supportof BLOBs in databases,
107  means that we don't need to be so restrictive any more) */
108 
109 #define MAX_CERT_SIZE 4096
110 #define MAX_ENCODED_CERT_SIZE ( ( MAX_CERT_SIZE * 4 ) / 3 )
111 
112 /* Keyset information flags */
113 
114 #define KEYSET_OPEN 0x01 /* Keyset is open */
115 #define KEYSET_EMPTY 0x02 /* Keyset is empty */
116 #define KEYSET_DIRTY 0x04 /* Keyset data has been changed */
117 #define KEYSET_STREAM_OPEN 0x08 /* Underlying file stream is open */
118 
119 /* The precise type of the key file that we're working with. This is used
120  for type checking to make sure we don't try to find private keys in a
121  collection of certificates or whatever */
122 
123 typedef enum {
124  KEYSET_SUBTYPE_NONE, /* Unknown */
125  KEYSET_SUBTYPE_PGP_PUBLIC, /* PGP public keyring */
126  KEYSET_SUBTYPE_PGP_PRIVATE, /* PGP private keyring */
127  KEYSET_SUBTYPE_PKCS12, /* PKCS #12 key mess */
128  KEYSET_SUBTYPE_PKCS15, /* PKCS #15 keys */
129  KEYSET_SUBTYPE_LAST /* Last valid keyset subtype */
130  } KEYSET_SUBTYPE;
131 
132 /* When we perform a DBMS transaction there are several variations on the
133  basic operation type. The following values tell performQuery() and
134  performUpdate() which type of operation to perform */
135 
136 typedef enum {
137  DBMS_QUERY_NONE, /* No DBMS query */
138  DBMS_QUERY_NORMAL, /* Standard data fetch */
139  DBMS_QUERY_CHECK, /* Check-type fetch, don't fetch data */
140  DBMS_QUERY_START, /* Begin an ongoing query */
141  DBMS_QUERY_CONTINUE, /* Continue an ongoing query */
142  DBMS_QUERY_CANCEL, /* Cancel ongoing query */
143  DBMS_QUERY_LAST /* Last valid DBMS query type */
144  } DBMS_QUERY_TYPE;
145 
146 typedef enum {
147  DBMS_UPDATE_NONE, /* No DBMS update */
148  DBMS_UPDATE_NORMAL, /* Standard update */
149  DBMS_UPDATE_BEGIN, /* Begin a transaction */
150  DBMS_UPDATE_CONTINUE, /* Continue an ongoing transaction */
151  DBMS_UPDATE_COMMIT, /* Commit a transaction */
152  DBMS_UPDATE_ABORT, /* Abort a transaction */
153  DBMS_UPDATE_LAST /* Last valid DBMS update type */
154  } DBMS_UPDATE_TYPE;
155 
156 /* To optimise database accesses we use prepared queries that are prepared
157  once and then re-used whenever a new result set is required. The following
158  values are used to refer to the prepared query types */
159 
160 typedef enum {
161  DBMS_CACHEDQUERY_NONE, /* No cached query */
162  DBMS_CACHEDQUERY_CERTID, /* Query on certificate ID */
163  DBMS_CACHEDQUERY_ISSUERID, /* Query on issuer ID */
164  DBMS_CACHEDQUERY_NAMEID, /* Query in name ID */
165  DBMS_CACHEDQUERY_URI, /* Query on URI */
166  DBMS_CACHEDQUERY_LAST /* Last valid cached query type */
167  } DBMS_CACHEDQUERY_TYPE;
168 
169 #define NO_CACHED_QUERIES 5
170 
171 /****************************************************************************
172 * *
173 * Keyset Structures *
174 * *
175 ****************************************************************************/
176 
177 /* Database state information maintained by the database back-end specific
178  code. This storage is logically distinct from the keyset object storage,
179  and may in fact be physically distinct if the back-end is accessed via an
180  RPC mechanism */
181 
182 typedef struct {
183  /* DBMS status information */
184  BOOLEAN needsUpdate; /* Whether data remains to be committed */
185  BOOLEAN hasBinaryBlobs; /* Whether back-end supports binary blobs */
186 
187  /* Error information returned by the back-end. This is copied over to
188  the keyset object as required */
189  ERROR_INFO errorInfo;
190 
191  /* Database-specific information */
192  #ifdef USE_ODBC
193  /* ODBC access information */
194  SQLHENV hEnv; /* Environment handle */
195  SQLHDBC hDbc; /* Connection handle */
196  ARRAY_FIXED( NO_CACHED_QUERIES ) \
197  SQLHSTMT hStmt[ NO_CACHED_QUERIES + 8 ];/* Statement handles */
198  ARRAY_FIXED( NO_CACHED_QUERIES ) \
199  BOOLEAN hStmtPrepared[ NO_CACHED_QUERIES + 8 ];/* Whether stmt is prepared on handle */
200  BOOLEAN transactIsDestructive; /* Whether commit/rollback destroys prep'd queries */
201  SQLSMALLINT blobType; /* SQL type of blob data type */
202  BUFFER( CRYPT_MAX_TEXTSIZE, blobNameLength ) \
203  char blobName[ CRYPT_MAX_TEXTSIZE + 8 ];/* Name of blob data type */
204  int blobNameLength; /* Length of blob data type name */
205  SQLINTEGER dateTimeNameColSize; /* Back-end specific size of datetime column */
206  BUFFER( CRYPT_MAX_TEXTSIZE, dateTimeNameLength ) \
207  char dateTimeName[ CRYPT_MAX_TEXTSIZE + 8 ];/* Name of datetime data type */
208  int dateTimeNameLength; /* Length of datetime data type name */
209  BOOLEAN needLongLength; /* Back-end needs blob length at bind.time */
210  int backendType; /* Back-end type if special handling is req'd */
211  #endif /* USE_ODBC */
212  #ifdef USE_DATABASE
213  #error Need to add database backend-specific state variables
214  #endif /* USE_DATABASE */
215  #ifdef USE_TCP
216  STREAM stream; /* Network I/O stream */
217  #endif /* USE_TCP */
218  } DBMS_STATE_INFO;
219 
220 /* The internal fields in a keyset that hold data for the various keyset
221  types */
222 
223 typedef enum { KEYSET_NONE, KEYSET_FILE, KEYSET_DBMS, KEYSET_LDAP,
224  KEYSET_HTTP } KEYSET_TYPE;
225 
226 struct KI; /* Forward declaration for argument to function pointers */
227 
228 typedef struct {
229  /* The I/O stream and file name */
230  STREAM stream; /* I/O stream for key file */
231  char fileName[ MAX_PATH_LENGTH + 8 ];/* Name of key file */
232 
233  /* If this keyset is being used as a structured storage object for a
234  hardware device then we need to record the device handle so that we
235  can associate any items retrieved from the keyset with the
236  hardware */
237  CRYPT_DEVICE iHardwareDevice;
238  } FILE_INFO;
239 
240 typedef struct DI {
241  /* DBMS status information */
242  int flags; /* General status flags */
243 
244  /* For database types that can use binary blobs we need to bind the
245  locations of variables and use placeholders in the SQL text rather
246  than passing the data as part of the SQL command. We can't leave this
247  on the stack since it can be referenced by the back-end an arbitrary
248  amount of time after we initiate the update, so we copy it to the
249  following staging area before we pass control to the database
250  back-end */
251  char boundData[ MAX_ENCODED_CERT_SIZE + 8 ];
252 
253  /* The data being sent to the back-end can be communicated over a variety
254  of channels. If we're using the RPC API, there's a single dispatch
255  function through which all data is communicated via the RPC mechanism.
256  If we're not using the RPC API, there are a set of function pointers,
257  one for each back-end access type. In addition the state information
258  storage contains the state data needed for the communications
259  channel */
260 #ifdef USE_RPCAPI
261  void ( *dispatchFunction )( void *stateInfo, BYTE *buffer );
262 #else
263  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2, 5 ) ) \
264  int ( *openDatabaseBackend )( INOUT DBMS_STATE_INFO *dbmsStateInfo,
265  IN_BUFFER( nameLen ) const char *name,
266  IN_LENGTH_NAME const int nameLen,
267  IN_ENUM_OPT( CRYPT_KEYOPT ) \
268  const CRYPT_KEYOPT_TYPE options,
269  OUT_FLAGS_Z( DBMS_FEATURE ) int *featureFlags );
270  STDC_NONNULL_ARG( ( 1 ) ) \
271  void ( *closeDatabaseBackend )( INOUT DBMS_STATE_INFO *dbmsStateInfo );
272  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
273  int ( *performUpdateBackend )( INOUT DBMS_STATE_INFO *dbmsStateInfo,
274  IN_BUFFER_OPT( commandLength ) \
275  const char *command,
276  IN_LENGTH_SHORT_Z const int commandLength,
277  IN_ARRAY_OPT( BOUND_DATA_MAXITEMS ) \
278  const void *boundData,
279  IN_ENUM( DBMS_UPDATE ) \
280  const DBMS_UPDATE_TYPE updateType );
281  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
282  int ( *performQueryBackend )( INOUT DBMS_STATE_INFO *dbmsStateInfo,
283  IN_BUFFER_OPT( commandLength ) \
284  const char *command,
285  IN_LENGTH_SHORT_Z const int commandLength,
286  OUT_BUFFER_OPT( dataMaxLength, *dataLength ) \
287  void *data,
288  IN_LENGTH_SHORT_Z const int dataMaxLength,
289  OUT_LENGTH_SHORT_Z int *dataLength,
290  IN_OPT const void *boundData,
291  IN_ENUM_OPT( DBMS_CACHEDQUERY ) \
292  const DBMS_CACHEDQUERY_TYPE queryEntry,
293  IN_ENUM( DBMS_QUERY ) \
294  const DBMS_QUERY_TYPE queryType );
295 #endif /* !USE_RPCAPI */
296  void *stateInfo;
297 
298  /* Database back-end access functions. These use the dispatch function/
299  function pointers above to communicate with the back-end */
300  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2, 5 ) ) \
301  int ( *openDatabaseFunction )( INOUT struct DI *dbmsInfo,
302  IN_BUFFER( nameLen ) const char *name,
303  IN_LENGTH_NAME const int nameLen,
304  IN_ENUM_OPT( CRYPT_KEYOPT ) \
305  const CRYPT_KEYOPT_TYPE options,
306  OUT_FLAGS_Z( DBMS ) int *featureFlags );
307  STDC_NONNULL_ARG( ( 1 ) ) \
308  void ( *closeDatabaseFunction )( INOUT struct DI *dbmsInfo );
309  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
310  int ( *performUpdateFunction )( INOUT struct DI *dbmsInfo,
311  IN_STRING_OPT const char *command,
312  IN_OPT const void *boundData,
313  IN_ENUM( DBMS_UPDATE ) \
314  const DBMS_UPDATE_TYPE updateType );
315  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
316  int ( *performStaticUpdateFunction )( INOUT struct DI *dbmsInfo,
317  IN_STRING const char *command );
318  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
319  int ( *performQueryFunction )( INOUT struct DI *dbmsInfo,
320  IN_STRING_OPT const char *command,
321  OUT_BUFFER_OPT( dataMaxLength, *dataLength ) \
322  void *data,
323  IN_LENGTH_SHORT_Z const int dataMaxLength,
324  OUT_LENGTH_SHORT_Z int *dataLength,
325  IN const void *boundData,
326  IN_ENUM_OPT( DBMS_CACHEDQUERY ) \
327  const DBMS_CACHEDQUERY_TYPE queryEntry,
328  IN_ENUM( DBMS_QUERY ) \
329  const DBMS_QUERY_TYPE queryType );
330  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
331  int ( *performStaticQueryFunction )( INOUT struct DI *dbmsInfo,
332  IN_STRING_OPT const char *command,
333  IN_ENUM_OPT( DBMS_CACHEDQUERY ) \
334  const DBMS_CACHEDQUERY_TYPE queryEntry,
335  IN_ENUM( DBMS_QUERY ) \
336  const DBMS_QUERY_TYPE queryType );
337 
338  /* Pointers to database-specific keyset access methods */
339  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
340  int ( *certMgmtFunction )( INOUT struct KI *keysetInfo,
341  OUT_OPT_HANDLE_OPT CRYPT_CERTIFICATE *iCryptCert,
342  IN_HANDLE_OPT const CRYPT_CERTIFICATE caKey,
343  IN_HANDLE_OPT const CRYPT_CERTIFICATE request,
344  IN_ENUM( CRYPT_CERTACTION ) \
345  const CRYPT_CERTACTION_TYPE action );
346  } DBMS_INFO;
347 
348 typedef struct {
349  /* The I/O stream */
350  STREAM stream; /* I/O stream for HTTP read */
351 
352  /* An HTTP fetch differs from the other types of read in that it can
353  return data in multiple chunks depending on how much comes over the
354  net at once. Because of this we need to track what's come in, and
355  also allocate more buffer space on demand if required. The following
356  variables handle the on-demand re-allocation of buffer space */
357  int bufPos; /* Current position in buffer */
358  } HTTP_INFO;
359 
360 typedef struct {
361  /* LDAP access information */
362  void *ld; /* LDAP connection information */
363  void *result; /* State information for ongoing queries */
364 
365  /* The names of the object class and various attributes. These are
366  stored as part of the keyset context since they may be user-defined */
367  char nameObjectClass[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of object class */
368  char nameFilter[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of query filter */
369  char nameCACert[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of CA certificate attribute */
370  char nameCert[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of certificate attribute */
371  char nameCRL[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of CRL attribute */
372  char nameEmail[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of email addr.attr.*/
373  CRYPT_CERTTYPE_TYPE objectType; /* Preferred obj.type to fetch */
374 
375  /* When storing a certificate we need the certificate DN, email address,
376  and certificate expiry date */
377  char C[ CRYPT_MAX_TEXTSIZE + 8 ], SP[ CRYPT_MAX_TEXTSIZE + 8 ],
378  L[ CRYPT_MAX_TEXTSIZE + 8 ], O[ CRYPT_MAX_TEXTSIZE + 8 ],
379  OU[ CRYPT_MAX_TEXTSIZE + 8 ], CN[ CRYPT_MAX_TEXTSIZE + 8 ];
380  char email[ CRYPT_MAX_TEXTSIZE + 8 ];
381  time_t date;
382  } LDAP_INFO;
383 
384 /* Defines to make access to the union fields less messy */
385 
386 #define keysetFile keysetInfo.fileInfo
387 #define keysetDBMS keysetInfo.dbmsInfo
388 #define keysetHTTP keysetInfo.httpInfo
389 #define keysetLDAP keysetInfo.ldapInfo
390 
391 /* The structure that stores information on a keyset */
392 
393 typedef struct KI {
394  /* General keyset information */
395  KEYSET_TYPE type; /* Keyset type (native, PGP, X.509, etc) */
396  KEYSET_SUBTYPE subType; /* Keyset subtype (public, private, etc) */
397  CRYPT_KEYOPT_TYPE options; /* Keyset options */
398  int flags; /* Keyset information flags */
399 
400  /* Keyset type-specific information */
401  union {
402  FILE_INFO *fileInfo;
403 #ifdef USE_DBMS
404  DBMS_INFO *dbmsInfo;
405 #endif /* USE_DBMS */
406 #ifdef USE_HTTP
407  HTTP_INFO *httpInfo;
408 #endif /* USE_HTTP */
409 #ifdef USE_LDAP
410  LDAP_INFO *ldapInfo;
411 #endif /* USE_LDAP */
412  } keysetInfo;
413 
414  /* Pointers to keyset access methods */
415  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
416  int ( *initFunction )( INOUT struct KI *keysetInfo,
417  IN_BUFFER_OPT( nameLength ) const char *name,
418  IN_LENGTH_NAME_Z const int nameLength,
419  IN_ENUM( CRYPT_KEYOPT ) \
420  const CRYPT_KEYOPT_TYPE options );
421  RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
422  int ( *shutdownFunction )( INOUT struct KI *keysetInfo );
423 #ifdef USE_LDAP
424  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
425  int ( *getAttributeFunction )( INOUT struct KI *keysetInfo,
426  OUT void *data,
427  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE type );
428  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2 ) ) \
429  int ( *setAttributeFunction )( INOUT struct KI *keysetInfo,
430  const void *data,
431  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE type );
432 #endif /* USE_LDAP */
433  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2, 5 ) ) \
434  int ( *getItemFunction )( INOUT struct KI *keysetInfo,
435  OUT_HANDLE_OPT CRYPT_HANDLE *iCryptHandle,
436  IN_ENUM( KEYMGMT_ITEM ) \
437  const KEYMGMT_ITEM_TYPE itemType,
438  IN_KEYID const CRYPT_KEYID_TYPE keyIDtype,
439  IN_BUFFER( keyIDlength ) const void *keyID,
440  IN_LENGTH_KEYID const int keyIDlength,
441  IN_OPT void *auxInfo,
442  INOUT_OPT int *auxInfoLength,
443  IN_FLAGS_Z( KEYMGMT ) const int flags );
444  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 5 ) ) \
445  int ( *getSpecialItemFunction )( INOUT struct KI *keysetInfoPtr,
446  IN_ATTRIBUTE \
447  const CRYPT_ATTRIBUTE_TYPE dataType,
448  OUT_BUFFER( dataMaxLength, *dataLength ) \
449  void *data,
450  IN_LENGTH_SHORT const int dataMaxLength,
451  OUT_LENGTH_SHORT_Z int *dataLength );
452  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
453  int ( *setItemFunction )( INOUT struct KI *deviceInfo,
454  IN_HANDLE const CRYPT_HANDLE iCryptHandle,
455  IN_ENUM( KEYMGMT_ITEM ) \
456  const KEYMGMT_ITEM_TYPE itemType,
457  IN_BUFFER_OPT( passwordLength ) const char *password,
458  IN_LENGTH_NAME_Z const int passwordLength,
459  IN_FLAGS( KEYMGMT ) const int flags );
460  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
461  int ( *setSpecialItemFunction )( INOUT struct KI *deviceInfo,
462  IN_ATTRIBUTE \
463  const CRYPT_ATTRIBUTE_TYPE dataType,
464  IN_BUFFER( dataLength ) const void *data,
465  IN_LENGTH_SHORT const int dataLength );
466  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 4 ) ) \
467  int ( *deleteItemFunction )( INOUT struct KI *keysetInfo,
468  IN_ENUM( KEYMGMT_ITEM ) \
469  const KEYMGMT_ITEM_TYPE itemType,
470  IN_KEYID const CRYPT_KEYID_TYPE keyIDtype,
471  IN_BUFFER( keyIDlength ) const void *keyID,
472  IN_LENGTH_KEYID const int keyIDlength );
473  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2, 3, 6 ) ) \
474  int ( *getFirstItemFunction )( INOUT struct KI *keysetInfo,
475  OUT_HANDLE_OPT CRYPT_CERTIFICATE *iCertificate,
476  OUT int *stateInfo,
477  IN_ENUM( KEYMGMT_ITEM ) \
478  const KEYMGMT_ITEM_TYPE itemType,
479  IN_KEYID const CRYPT_KEYID_TYPE keyIDtype,
480  IN_BUFFER( keyIDlength ) const void *keyID,
481  IN_LENGTH_KEYID const int keyIDlength,
482  IN_FLAGS_Z( KEYMGMT ) const int options );
483  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
484  int ( *getNextItemFunction )( INOUT struct KI *keysetInfo,
485  OUT_HANDLE_OPT CRYPT_CERTIFICATE *iCertificate,
486  INOUT int *stateInfo,
487  IN_FLAGS_Z( KEYMGMT ) const int options );
488  CHECK_RETVAL_FNPTR STDC_NONNULL_ARG( ( 1 ) ) \
489  BOOLEAN ( *isBusyFunction )( INOUT struct KI *keysetInfo );
490 
491  /* Some keysets require keyset-type-specific data storage, which is
492  managed via the following variables. keyDataSize denotes the total
493  size in bytes of the keyData buffer, keyDataNoObjects is the number
494  of objects in the buffer if it's implemented as an array of key data
495  objects */
496  BUFFER_OPT_FIXED( keyDataSize ) \
497  void *keyData; /* Keyset data buffer */
498  int keyDataSize; /* Buffer size */
499  int keyDataNoObjects; /* No.of objects in key data buffer */
500 
501  /* Error information */
502  CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */
503  CRYPT_ERRTYPE_TYPE errorType; /* Error type */
504 
505  /* Low-level error information */
506  ERROR_INFO errorInfo;
507 
508  /* The object's handle and the handle of the user who owns this object.
509  The former is used when sending messages to the object when only the
510  xxx_INFO is available, the latter is used to avoid having to fetch the
511  same information from the system object table */
512  CRYPT_HANDLE objectHandle;
513  CRYPT_USER ownerHandle;
514 
515  /* Variable-length storage for the type-specific data */
516  DECLARE_VARSTRUCT_VARS;
517  } KEYSET_INFO;
518 
519 /****************************************************************************
520 * *
521 * Keyset Functions *
522 * *
523 ****************************************************************************/
524 
525 /* Keyset attribute handling functions */
526 
527 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
528 int getKeysetAttribute( INOUT KEYSET_INFO *keysetInfoPtr,
529  OUT_INT_Z int *valuePtr,
530  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
531 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
532 int getKeysetAttributeS( INOUT KEYSET_INFO *keysetInfoPtr,
533  INOUT MESSAGE_DATA *msgData,
534  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
535 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
536 int setKeysetAttribute( INOUT KEYSET_INFO *keysetInfoPtr,
537  IN_INT_Z const int value,
538  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
539 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
540 int setKeysetAttributeS( INOUT KEYSET_INFO *keysetInfoPtr,
541  IN_BUFFER( dataLength ) const void *data,
542  IN_LENGTH const int dataLength,
543  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute );
544 
545 /* Prototypes for keyset mapping functions */
546 
547 #ifdef USE_ODBC
548  CHECK_RETVAL \
549  int dbxInitODBC( void );
550  void dbxEndODBC( void );
551 #else
552  #define dbxInitODBC() CRYPT_OK
553  #define dbxEndODBC()
554 #endif /* USE_ODBC */
555 #ifdef USE_DBMS
556  CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
557  int setAccessMethodDBMS( INOUT KEYSET_INFO *keysetInfo,
558  IN_ENUM( CRYPT_KEYSET ) \
559  const CRYPT_KEYSET_TYPE type );
560 #else
561  #define setAccessMethodDBMS( x, y ) CRYPT_ARGERROR_NUM1
562 #endif /* USE_DBMS */
563 #ifdef USE_HTTP
564  CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
565  int setAccessMethodHTTP( INOUT KEYSET_INFO *keysetInfo );
566 #else
567  #define setAccessMethodHTTP( x ) CRYPT_ARGERROR_NUM1
568 #endif /* USE_HTTP */
569 #ifdef USE_LDAP
570  int dbxInitLDAP( void );
571  void dbxEndLDAP( void );
572  CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
573  int setAccessMethodLDAP( INOUT KEYSET_INFO *keysetInfo );
574 #else
575  #define dbxInitLDAP() CRYPT_OK
576  #define dbxEndLDAP()
577  #define setAccessMethodLDAP( x ) CRYPT_ARGERROR_NUM1
578 #endif /* USE_LDAP */
579 #ifdef USE_PGPKEYS
580  CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
581  int setAccessMethodPGPPublic( INOUT KEYSET_INFO *keysetInfo );
582  CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
583  int setAccessMethodPGPPrivate( INOUT KEYSET_INFO *keysetInfo );
584 #else
585  #define setAccessMethodPGPPublic( x ) CRYPT_ARGERROR_NUM1
586  #define setAccessMethodPGPPrivate( x ) CRYPT_ARGERROR_NUM1
587 #endif /* USE_PGPKEYS */
588 #ifdef USE_PKCS12
589  CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
590  int setAccessMethodPKCS12( INOUT KEYSET_INFO *keysetInfo );
591 #else
592  #define setAccessMethodPKCS12( x ) CRYPT_ARGERROR_NUM1
593 #endif /* PKCS #12 */
594 #ifdef USE_PKCS15
595  CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
596  int setAccessMethodPKCS15( INOUT KEYSET_INFO *keysetInfo );
597 #else
598  #define setAccessMethodPKCS15( x ) CRYPT_ARGERROR_NUM1
599 #endif /* PKCS #15 */
600 #ifdef USE_PKCS12
601  #define isWriteableFileKeyset( type ) \
602  ( ( type ) == KEYSET_SUBTYPE_PKCS12 || \
603  ( type ) == KEYSET_SUBTYPE_PKCS15 )
604 #else
605  #define isWriteableFileKeyset( type ) \
606  ( ( type ) == KEYSET_SUBTYPE_PKCS15 )
607 #endif /* Writeable keyset subtypes */
608 #endif /* _KEYSET_DEFINED */
Generated on Thu Jan 10 2013 10:00:49 for cryptlib by   doxygen 1.8.2