1 /**************************************************************************** 2 * * 3 * cryptlib Keyset Interface Header File * 4 * Copyright Peter Gutmann 1996-2005 * 5 * * 6 ****************************************************************************/ 7 8 #ifndef _KEYSET_DEFINED 9 10 #define _KEYSET_DEFINED 11 12 /* Various include files needed by the DBMS libraries */ 13 14 #include <time.h> 15 #ifndef _STREAM_DEFINED 16 #if defined( INC_ALL ) 17 #include "stream.h" 18 #else 19 #include "io/stream.h" 20 #endif /* Compiler-specific includes */ 21 #endif /* _STREAM_DEFINED */ 22 23 /**************************************************************************** 24 * * 25 * Keyset Types and Constants * 26 * * 27 ****************************************************************************/ 28 29 /* The maximum size of a certificate in binary and base64-encoded form. For 30 the first fifteen years of use this was 2048 bytes, but given the 31 increasing tendency to shovel all manner of random junk into a 32 certificate, bringing some dangerously close to 2048 bytes (and even 33 larger in some rare cases for oddball certificates) it's now 4096 bytes. 34 35 (Another reason for allowing the increase is that an original motivation 36 for capping the value at 2048 bytes was to deal with databases that 37 didn't support BLOBs and/or didn't do VARCHARs (treating them as straight 38 CHARs), but both the massively-increased storage available to databases 39 since then and the high improbability of a PKI of any appreciable size 40 ever being widely deployed (beyond the existing databases of commercial 41 CAs), combined with the near-universal supportof BLOBs in databases, 42 means that we don't need to be so restrictive any more) */ 43 44 #define MAX_CERT_SIZE 4096 45 #define MAX_ENCODED_CERT_SIZE ( ( MAX_CERT_SIZE * 4 ) / 3 ) 46 47 /* Keyset information flags */ 48 49 #define KEYSET_OPEN 0x01 /* Keyset is open */ 50 #define KEYSET_EMPTY 0x02 /* Keyset is empty */ 51 #define KEYSET_DIRTY 0x04 /* Keyset data has been changed */ 52 #define KEYSET_STREAM_OPEN 0x08 /* Underlying file stream is open */ 53 54 /* The precise type of the key file that we're working with. This is used 55 for type checking to make sure we don't try to find private keys in a 56 collection of certificates or whatever */ 57 58 typedef enum { 59 KEYSET_SUBTYPE_NONE, /* Unknown */ 60 KEYSET_SUBTYPE_PGP_PUBLIC, /* PGP public keyring */ 61 KEYSET_SUBTYPE_PGP_PRIVATE, /* PGP private keyring */ 62 KEYSET_SUBTYPE_PKCS12, /* PKCS #12 key mess */ 63 KEYSET_SUBTYPE_PKCS15, /* PKCS #15 keys */ 64 KEYSET_SUBTYPE_LAST /* Last valid keyset subtype */ 65 } KEYSET_SUBTYPE; 66 67 /**************************************************************************** 68 * * 69 * Keyset Structures * 70 * * 71 ****************************************************************************/ 72 73 /* The internal fields in a keyset that hold data for the various keyset 74 types */ 75 76 typedef enum { KEYSET_NONE, KEYSET_FILE, KEYSET_DBMS, KEYSET_LDAP, 77 KEYSET_HTTP } KEYSET_TYPE; 78 79 struct KI; /* Forward declaration for argument to function pointers */ 80 81 #ifdef _DBMS_DEFINED 82 83 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 5 ) ) \ 84 int ( *DBX_OPENDATABASEBACKEND_FUNCTION )( INOUT DBMS_STATE_INFO *dbmsStateInfo, 85 IN_BUFFER( nameLen ) const char *name, 86 IN_LENGTH_NAME const int nameLen, 87 IN_ENUM_OPT( CRYPT_KEYOPT ) \ 88 const CRYPT_KEYOPT_TYPE options, 89 OUT_FLAGS_Z( DBMS_FEATURE ) \ 90 int *featureFlags ); 91 typedef STDC_NONNULL_ARG( ( 1 ) ) \ 92 void ( *DBX_CLOSEDATABASEBACKEND_FUNCTION )( INOUT DBMS_STATE_INFO *dbmsStateInfo ); 93 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 94 int ( *DBX_PERFORMUPDATEBACKEND_FUNCTION )( INOUT DBMS_STATE_INFO *dbmsStateInfo, 95 IN_BUFFER_OPT( commandLength ) \ 96 const char *command, 97 IN_LENGTH_SHORT_Z \ 98 const int commandLength, 99 IN_ARRAY_OPT( BOUND_DATA_MAXITEMS ) \ 100 const void *boundData, 101 IN_ENUM( DBMS_UPDATE ) \ 102 const DBMS_UPDATE_TYPE updateType ); 103 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 104 int ( *DBX_PERFORMQUERYBACKEND_FUNCTION )( INOUT DBMS_STATE_INFO *dbmsStateInfo, 105 IN_BUFFER_OPT( commandLength ) \ 106 const char *command, 107 IN_LENGTH_SHORT_Z \ 108 const int commandLength, 109 OUT_BUFFER_OPT( dataMaxLength, \ 110 *dataLength ) \ 111 void *data, 112 IN_LENGTH_SHORT_Z \ 113 const int dataMaxLength, 114 OUT_LENGTH_BOUNDED_Z( dataMaxLength ) \ 115 int *dataLength, 116 IN_OPT const void *boundData, 117 IN_ENUM_OPT( DBMS_CACHEDQUERY ) \ 118 const DBMS_CACHEDQUERY_TYPE queryEntry, 119 IN_ENUM( DBMS_QUERY ) \ 120 const DBMS_QUERY_TYPE queryType ); 121 122 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 5 ) ) \ 123 int ( *DBX_OPENDATABASE_FUNCTION )( INOUT struct DI *dbmsInfo, 124 IN_BUFFER( nameLen ) const char *name, 125 IN_LENGTH_NAME const int nameLen, 126 IN_ENUM_OPT( CRYPT_KEYOPT ) \ 127 const CRYPT_KEYOPT_TYPE options, 128 OUT_FLAGS_Z( DBMS ) \ 129 int *featureFlags ); 130 typedef STDC_NONNULL_ARG( ( 1 ) ) \ 131 void ( *DBX_CLOSEDATABASE_FUNCTION )( INOUT struct DI *dbmsInfo ); 132 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 133 int ( *DBX_PERFORMUPDATE_FUNCTION )( INOUT struct DI *dbmsInfo, 134 IN_STRING_OPT const char *command, 135 IN_OPT const void *boundData, 136 IN_ENUM( DBMS_UPDATE ) \ 137 const DBMS_UPDATE_TYPE updateType ); 138 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 139 int ( *DBX_PERFORMSTATICUPDATE_FUNCTION )( INOUT struct DI *dbmsInfo, 140 IN_STRING const char *command ); 141 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 142 int ( *DBX_PERFORMQUERY_FUNCTION )( INOUT struct DI *dbmsInfo, 143 IN_STRING_OPT const char *command, 144 OUT_BUFFER_OPT( dataMaxLength, \ 145 *dataLength ) \ 146 void *data, 147 IN_LENGTH_SHORT_Z \ 148 const int dataMaxLength, 149 OUT_LENGTH_BOUNDED_Z( dataMaxLength ) \ 150 int *dataLength, 151 IN_OPT const void *boundData, 152 IN_ENUM_OPT( DBMS_CACHEDQUERY ) \ 153 const DBMS_CACHEDQUERY_TYPE queryEntry, 154 IN_ENUM( DBMS_QUERY ) \ 155 const DBMS_QUERY_TYPE queryType ); 156 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 157 int ( *DBX_PERFORMSTATICQUERY_FUNCTION )( INOUT struct DI *dbmsInfo, 158 IN_STRING_OPT const char *command, 159 IN_ENUM_OPT( DBMS_CACHEDQUERY ) \ 160 const DBMS_CACHEDQUERY_TYPE queryEntry, 161 IN_ENUM( DBMS_QUERY ) \ 162 const DBMS_QUERY_TYPE queryType ); 163 #endif /* _DBMS_DEFINED */ 164 165 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 166 int ( *DBX_CERTMGMT_FUNCTION )( INOUT struct KI *keysetInfo, 167 OUT_OPT_HANDLE_OPT \ 168 CRYPT_CERTIFICATE *iCryptCert, 169 IN_HANDLE_OPT \ 170 const CRYPT_CERTIFICATE caKey, 171 IN_HANDLE_OPT \ 172 const CRYPT_CERTIFICATE request, 173 IN_ENUM( CRYPT_CERTACTION ) \ 174 const CRYPT_CERTACTION_TYPE action ); 175 176 typedef struct { 177 /* The I/O stream and file name */ 178 STREAM stream; /* I/O stream for key file */ 179 char fileName[ MAX_PATH_LENGTH + 8 ];/* Name of key file */ 180 181 /* If this keyset is being used as a structured storage object for a 182 hardware device then we need to record the device handle so that we 183 can associate any items retrieved from the keyset with the 184 hardware */ 185 CRYPT_DEVICE iHardwareDevice; 186 } FILE_INFO; 187 188 typedef struct DI { 189 /* DBMS status information */ 190 int flags; /* General status flags */ 191 192 /* For database types that can use binary blobs we need to bind the 193 locations of variables and use placeholders in the SQL text rather 194 than passing the data as part of the SQL command. We can't leave this 195 on the stack since it can be referenced by the back-end an arbitrary 196 amount of time after we initiate the update, so we copy it to the 197 following staging area before we pass control to the database 198 back-end */ 199 char boundData[ MAX_ENCODED_CERT_SIZE + 8 ]; 200 201 /* The data being sent to the back-end can be communicated over a variety 202 of channels. If we're using the RPC API, there's a single dispatch 203 function through which all data is communicated via the RPC mechanism. 204 If we're not using the RPC API, there are a set of function pointers, 205 one for each back-end access type. In addition the state information 206 storage contains the state data needed for the communications 207 channel */ 208 #if defined( USE_RPCAPI ) 209 void ( *dispatchFunction )( void *stateInfo, BYTE *buffer ); 210 #elif defined( _DBMS_DEFINED ) 211 DBX_OPENDATABASEBACKEND_FUNCTION openDatabaseBackend; 212 DBX_CLOSEDATABASEBACKEND_FUNCTION closeDatabaseBackend; 213 DBX_PERFORMUPDATEBACKEND_FUNCTION performUpdateBackend; 214 DBX_PERFORMQUERYBACKEND_FUNCTION performQueryBackend; 215 #else 216 int ( *openDatabaseBackend )( void ); 217 void ( *closeDatabaseBackend )( void ); 218 int ( *performUpdateBackend )( void ); 219 int ( *performQueryBackend )( void ); 220 #endif /* Backend function pointers */ 221 void *stateInfo; 222 223 /* Database back-end access functions. These use the dispatch function/ 224 function pointers above to communicate with the back-end */ 225 #ifdef _DBMS_DEFINED 226 DBX_OPENDATABASE_FUNCTION openDatabaseFunction; 227 DBX_CLOSEDATABASE_FUNCTION closeDatabaseFunction; 228 DBX_PERFORMUPDATE_FUNCTION performUpdateFunction; 229 DBX_PERFORMSTATICUPDATE_FUNCTION performStaticUpdateFunction; 230 DBX_PERFORMQUERY_FUNCTION performQueryFunction; 231 DBX_PERFORMSTATICQUERY_FUNCTION performStaticQueryFunction; 232 #else 233 int ( *openDatabaseFunction )( void ); 234 void ( *closeDatabaseFunction )( void ); 235 int ( *performUpdateFunction )( void ); 236 int ( *performStaticUpdateFunction )( void ); 237 int ( *performQueryFunction )( void ); 238 int ( *performStaticQueryFunction )( void ); 239 #endif /* _DBMS_DEFINED */ 240 241 /* Pointers to database-specific keyset access methods */ 242 DBX_CERTMGMT_FUNCTION certMgmtFunction; 243 } DBMS_INFO; 244 245 typedef struct { 246 /* The I/O stream */ 247 STREAM stream; /* I/O stream for HTTP read */ 248 249 /* An HTTP fetch differs from the other types of read in that it can 250 return data in multiple chunks depending on how much comes over the 251 net at once. Because of this we need to track what's come in, and 252 also allocate more buffer space on demand if required. The following 253 variables handle the on-demand re-allocation of buffer space */ 254 int bufPos; /* Current position in buffer */ 255 } HTTP_INFO; 256 257 typedef struct { 258 /* LDAP access information */ 259 void *ld; /* LDAP connection information */ 260 void *result; /* State information for ongoing queries */ 261 262 /* The names of the object class and various attributes. These are 263 stored as part of the keyset context since they may be user-defined */ 264 char nameObjectClass[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of object class */ 265 char nameFilter[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of query filter */ 266 char nameCACert[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of CA certificate attribute */ 267 char nameCert[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of certificate attribute */ 268 char nameCRL[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of CRL attribute */ 269 char nameEmail[ CRYPT_MAX_TEXTSIZE + 8 ]; /* Name of email addr.attr.*/ 270 CRYPT_CERTTYPE_TYPE objectType; /* Preferred obj.type to fetch */ 271 272 /* When storing a certificate we need the certificate DN, email address, 273 and certificate expiry date */ 274 char C[ CRYPT_MAX_TEXTSIZE + 8 ], SP[ CRYPT_MAX_TEXTSIZE + 8 ], 275 L[ CRYPT_MAX_TEXTSIZE + 8 ], O[ CRYPT_MAX_TEXTSIZE + 8 ], 276 OU[ CRYPT_MAX_TEXTSIZE + 8 ], CN[ CRYPT_MAX_TEXTSIZE + 8 ]; 277 char email[ CRYPT_MAX_TEXTSIZE + 8 ]; 278 time_t date; 279 } LDAP_INFO; 280 281 /* Defines to make access to the union fields less messy */ 282 283 #define keysetFile keysetInfo.fileInfo 284 #define keysetDBMS keysetInfo.dbmsInfo 285 #define keysetHTTP keysetInfo.httpInfo 286 #define keysetLDAP keysetInfo.ldapInfo 287 288 /* The structure that stores information on a keyset */ 289 290 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 291 int ( *KEY_INIT_FUNCTION )( INOUT struct KI *keysetInfo, 292 IN_BUFFER_OPT( nameLength ) const char *name, 293 IN_LENGTH_NAME_Z const int nameLength, 294 IN_ENUM( CRYPT_KEYOPT ) \ 295 const CRYPT_KEYOPT_TYPE options ); 296 typedef RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 297 int ( *KEY_SHUTDOWN_FUNCTION )( INOUT struct KI *keysetInfo ); 298 #ifdef USE_LDAP 299 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 300 int ( *KEY_GETATTRIBUTE_FUNCTION )( INOUT struct KI *keysetInfo, 301 OUT void *data, 302 IN_ATTRIBUTE \ 303 const CRYPT_ATTRIBUTE_TYPE type ); 304 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 305 int ( *KEY_SETATTRIBUTE_FUNCTION )( INOUT struct KI *keysetInfo, 306 const void *data, 307 IN_ATTRIBUTE \ 308 const CRYPT_ATTRIBUTE_TYPE type ); 309 #endif /* USE_LDAP */ 310 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 5 ) ) \ 311 int ( *KEY_GETITEM_FUNCTION )( INOUT struct KI *keysetInfo, 312 OUT_HANDLE_OPT CRYPT_HANDLE *iCryptHandle, 313 IN_ENUM( KEYMGMT_ITEM ) \ 314 const KEYMGMT_ITEM_TYPE itemType, 315 IN_KEYID const CRYPT_KEYID_TYPE keyIDtype, 316 IN_BUFFER( keyIDlength ) const void *keyID, 317 IN_LENGTH_KEYID const int keyIDlength, 318 IN_OPT void *auxInfo, 319 INOUT_OPT int *auxInfoLength, 320 IN_FLAGS_Z( KEYMGMT ) const int flags ); 321 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 5 ) ) \ 322 int ( *KEY_GETSPECIALITEM_FUNCTION )( INOUT struct KI *keysetInfoPtr, 323 IN_ATTRIBUTE \ 324 const CRYPT_ATTRIBUTE_TYPE dataType, 325 OUT_BUFFER( dataMaxLength, \ 326 *dataLength ) \ 327 void *data, 328 IN_LENGTH_SHORT \ 329 const int dataMaxLength, 330 OUT_LENGTH_BOUNDED_Z( dataMaxLength ) \ 331 int *dataLength ); 332 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 333 int ( *KEY_SETITEM_FUNCTION )( INOUT struct KI *deviceInfo, 334 IN_HANDLE const CRYPT_HANDLE iCryptHandle, 335 IN_ENUM( KEYMGMT_ITEM ) \ 336 const KEYMGMT_ITEM_TYPE itemType, 337 IN_BUFFER_OPT( passwordLength ) \ 338 const char *password, 339 IN_LENGTH_NAME_Z const int passwordLength, 340 IN_FLAGS( KEYMGMT ) const int flags ); 341 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 342 int ( *KEY_SETSPECIALITEM_FUNCTION )( INOUT struct KI *deviceInfo, 343 IN_ATTRIBUTE \ 344 const CRYPT_ATTRIBUTE_TYPE dataType, 345 IN_BUFFER( dataLength ) const void *data, 346 IN_LENGTH_SHORT const int dataLength ); 347 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 4 ) ) \ 348 int ( *KEY_DELETEITEM_FUNCTION )( INOUT struct KI *keysetInfo, 349 IN_ENUM( KEYMGMT_ITEM ) \ 350 const KEYMGMT_ITEM_TYPE itemType, 351 IN_KEYID const CRYPT_KEYID_TYPE keyIDtype, 352 IN_BUFFER( keyIDlength ) const void *keyID, 353 IN_LENGTH_KEYID const int keyIDlength ); 354 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 6 ) ) \ 355 int ( *KEY_GETFIRSTITEM_FUNCTION )( INOUT struct KI *keysetInfo, 356 OUT_HANDLE_OPT \ 357 CRYPT_CERTIFICATE *iCertificate, 358 OUT int *stateInfo, 359 IN_ENUM( KEYMGMT_ITEM ) \ 360 const KEYMGMT_ITEM_TYPE itemType, 361 IN_KEYID \ 362 const CRYPT_KEYID_TYPE keyIDtype, 363 IN_BUFFER( keyIDlength ) \ 364 const void *keyID, 365 IN_LENGTH_KEYID const int keyIDlength, 366 IN_FLAGS_Z( KEYMGMT ) \ 367 const int options ); 368 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \ 369 int ( *KEY_GETNEXTITEM_FUNCTION )( INOUT struct KI *keysetInfo, 370 OUT_HANDLE_OPT \ 371 CRYPT_CERTIFICATE *iCertificate, 372 INOUT_OPT int *stateInfo, 373 /* May be absent for an ongoing query run as 374 { getItem, getNext, getNext, ... } */ 375 IN_FLAGS_Z( KEYMGMT ) const int options ); 376 typedef CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 377 BOOLEAN ( *KEY_ISBUSY_FUNCTION )( INOUT struct KI *keysetInfo ); 378 379 typedef struct KI { 380 /* General keyset information */ 381 KEYSET_TYPE type; /* Keyset type (native, PGP, X.509, etc) */ 382 KEYSET_SUBTYPE subType; /* Keyset subtype (public, private, etc) */ 383 CRYPT_KEYOPT_TYPE options; /* Keyset options */ 384 int flags; /* Keyset information flags */ 385 386 /* Keyset type-specific information */ 387 union { 388 FILE_INFO *fileInfo; 389 #ifdef USE_DBMS 390 DBMS_INFO *dbmsInfo; 391 #endif /* USE_DBMS */ 392 #ifdef USE_HTTP 393 HTTP_INFO *httpInfo; 394 #endif /* USE_HTTP */ 395 #ifdef USE_LDAP 396 LDAP_INFO *ldapInfo; 397 #endif /* USE_LDAP */ 398 } keysetInfo; 399 400 /* Pointers to keyset access methods */ 401 FNPTR_DECLARE( KEY_INIT_FUNCTION, initFunction ); 402 FNPTR_DECLARE( KEY_SHUTDOWN_FUNCTION, shutdownFunction ); 403 #ifdef USE_LDAP 404 FNPTR_DECLARE( KEY_GETATTRIBUTE_FUNCTION, getAttributeFunction ); 405 FNPTR_DECLARE( KEY_SETATTRIBUTE_FUNCTION, setAttributeFunction ); 406 #endif /* USE_LDAP */ 407 FNPTR_DECLARE( KEY_GETITEM_FUNCTION, getItemFunction ); 408 FNPTR_DECLARE( KEY_GETSPECIALITEM_FUNCTION, getSpecialItemFunction ); 409 FNPTR_DECLARE( KEY_SETITEM_FUNCTION, setItemFunction ); 410 FNPTR_DECLARE( KEY_SETSPECIALITEM_FUNCTION, setSpecialItemFunction ); 411 FNPTR_DECLARE( KEY_DELETEITEM_FUNCTION, deleteItemFunction ); 412 FNPTR_DECLARE( KEY_GETFIRSTITEM_FUNCTION, getFirstItemFunction ); 413 FNPTR_DECLARE( KEY_GETNEXTITEM_FUNCTION, getNextItemFunction ); 414 FNPTR_DECLARE( KEY_ISBUSY_FUNCTION, isBusyFunction ); 415 416 /* Some keysets require keyset-type-specific data storage, which is 417 managed via the following variables. keyDataSize denotes the total 418 size in bytes of the keyData buffer, keyDataNoObjects is the number 419 of objects in the buffer if it's implemented as an array of key data 420 objects */ 421 BUFFER_OPT_FIXED( keyDataSize ) \ 422 void *keyData; /* Keyset data buffer */ 423 int keyDataSize; /* Buffer size */ 424 int keyDataNoObjects; /* No.of objects in key data buffer */ 425 426 /* Error information */ 427 CRYPT_ATTRIBUTE_TYPE errorLocus;/* Error locus */ 428 CRYPT_ERRTYPE_TYPE errorType; /* Error type */ 429 430 /* Low-level error information */ 431 ERROR_INFO errorInfo; 432 433 /* The object's handle and the handle of the user who owns this object. 434 The former is used when sending messages to the object when only the 435 xxx_INFO is available, the latter is used to avoid having to fetch the 436 same information from the system object table */ 437 CRYPT_HANDLE objectHandle; 438 CRYPT_USER ownerHandle; 439 440 /* Variable-length storage for the type-specific data */ 441 DECLARE_VARSTRUCT_VARS; 442 } KEYSET_INFO; 443 444 /**************************************************************************** 445 * * 446 * Keyset Functions * 447 * * 448 ****************************************************************************/ 449 450 /* Keyset attribute handling functions */ 451 452 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 453 int getKeysetAttribute( INOUT KEYSET_INFO *keysetInfoPtr, 454 OUT_INT_Z int *valuePtr, 455 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute ); 456 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 457 int getKeysetAttributeS( INOUT KEYSET_INFO *keysetInfoPtr, 458 INOUT MESSAGE_DATA *msgData, 459 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute ); 460 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 461 int setKeysetAttribute( INOUT KEYSET_INFO *keysetInfoPtr, 462 IN_INT_Z const int value, 463 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute ); 464 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 465 int setKeysetAttributeS( INOUT KEYSET_INFO *keysetInfoPtr, 466 IN_BUFFER( dataLength ) const void *data, 467 IN_LENGTH const int dataLength, 468 IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attribute ); 469 470 /* Prototypes for keyset mapping functions */ 471 472 #ifdef USE_ODBC 473 CHECK_RETVAL \ 474 int dbxInitODBC( void ); 475 void dbxEndODBC( void ); 476 #else 477 #define dbxInitODBC() CRYPT_OK 478 #define dbxEndODBC() 479 #endif /* USE_ODBC */ 480 #ifdef USE_DBMS 481 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 482 int setAccessMethodDBMS( INOUT KEYSET_INFO *keysetInfo, 483 IN_ENUM( CRYPT_KEYSET ) \ 484 const CRYPT_KEYSET_TYPE type ); 485 #else 486 #define setAccessMethodDBMS( x, y ) CRYPT_ARGERROR_NUM1 487 #endif /* USE_DBMS */ 488 #ifdef USE_HTTP 489 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 490 int setAccessMethodHTTP( INOUT KEYSET_INFO *keysetInfo ); 491 #else 492 #define setAccessMethodHTTP( x ) CRYPT_ARGERROR_NUM1 493 #endif /* USE_HTTP */ 494 #ifdef USE_LDAP 495 CHECK_RETVAL \ 496 int dbxInitLDAP( void ); 497 void dbxEndLDAP( void ); 498 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 499 int setAccessMethodLDAP( INOUT KEYSET_INFO *keysetInfo ); 500 #else 501 #define dbxInitLDAP() CRYPT_OK 502 #define dbxEndLDAP() 503 #define setAccessMethodLDAP( x ) CRYPT_ARGERROR_NUM1 504 #endif /* USE_LDAP */ 505 #ifdef USE_PGPKEYS 506 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 507 int setAccessMethodPGPPublic( INOUT KEYSET_INFO *keysetInfo ); 508 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 509 int setAccessMethodPGPPrivate( INOUT KEYSET_INFO *keysetInfo ); 510 #else 511 #define setAccessMethodPGPPublic( x ) CRYPT_ARGERROR_NUM1 512 #define setAccessMethodPGPPrivate( x ) CRYPT_ARGERROR_NUM1 513 #endif /* USE_PGPKEYS */ 514 #ifdef USE_PKCS12 515 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 516 int setAccessMethodPKCS12( INOUT KEYSET_INFO *keysetInfo ); 517 #else 518 #define setAccessMethodPKCS12( x ) CRYPT_ARGERROR_NUM1 519 #endif /* PKCS #12 */ 520 #ifdef USE_PKCS15 521 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 522 int setAccessMethodPKCS15( INOUT KEYSET_INFO *keysetInfo ); 523 #else 524 #define setAccessMethodPKCS15( x ) CRYPT_ARGERROR_NUM1 525 #endif /* PKCS #15 */ 526 #if defined( USE_PGPKEYS ) && defined( USE_PKCS12 ) 527 #define isWriteableFileKeyset( type ) \ 528 ( ( type ) == KEYSET_SUBTYPE_PGP_PUBLIC || \ 529 ( type ) == KEYSET_SUBTYPE_PKCS12 || \ 530 ( type ) == KEYSET_SUBTYPE_PKCS15 ) 531 #elif defined( USE_PGPKEYS ) 532 #define isWriteableFileKeyset( type ) \ 533 ( ( type ) == KEYSET_SUBTYPE_PGP_PUBLIC || \ 534 ( type ) == KEYSET_SUBTYPE_PKCS15 ) 535 #elif defined( USE_PKCS12 ) 536 #define isWriteableFileKeyset( type ) \ 537 ( ( type ) == KEYSET_SUBTYPE_PKCS12 || \ 538 ( type ) == KEYSET_SUBTYPE_PKCS15 ) 539 #else 540 #define isWriteableFileKeyset( type ) \ 541 ( ( type ) == KEYSET_SUBTYPE_PKCS15 ) 542 #endif /* Writeable keyset subtypes */ 543 #endif /* _KEYSET_DEFINED */ 544