Network Working Group                                         V. Smyslov
Request for Comments: 2628                                           TWS
Category: Informational                                        June 1999
        
Network Working Group                                         V. Smyslov
Request for Comments: 2628                                           TWS
Category: Informational                                        June 1999
        

Simple Cryptographic Program Interface (Crypto API)

简单加密程序接口(加密API)

Status of this Memo

本备忘录的状况

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (1999). All Rights Reserved.

版权所有(C)互联网协会(1999年)。版权所有。

Abstract

摘要

This document describes a simple Application Program Interface to cryptographic functions. The main purpose of such an interface is to separate cryptographic libraries from internet applications, thus allowing an independent development of both. It can be used in various internet applications such as [IPsec], [ISAKMP], [IKE], [TLS].

本文档描述了加密函数的简单应用程序接口。这种接口的主要目的是将加密库与internet应用程序分离,从而允许两者的独立开发。它可用于各种internet应用程序,如[IPsec]、[ISAKMP]、[IKE]、[TLS]。

Table of Contents

目录

   1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . .  2
   1.1. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . .  2
   1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . .  2
   1.3. Objectives of Development . . . . . . . . . . . . . . . . . .  3
   2. Cryptoplugin Structure. . . . . . . . . . . . . . . . . . . . .  3
   3. Program Interface . . . . . . . . . . . . . . . . . . . . . . .  4
   3.1. Cryptoplugin Initialization Function. . . . . . . . . . . . .  4
   3.1.1. Description of CryptoPluginInfo structure . . . . . . . . .  6
   3.1.2. Description of CryptoAlgInfo structure. . . . . . . . . . .  6
   3.2. Cryptoplugin Deinitialization Function. . . . . . . . . . . .  9
   3.3. Cryptographic Context Opening Function. . . . . . . . . . . . 10
   3.4. Cryptographic Context Reopening Function. . . . . . . . . . . 11
   3.5. Cryptographic Context Closing Function. . . . . . . . . . . . 12
   3.6. Key Verification Function . . . . . . . . . . . . . . . . . . 12
   3.7. Data Transformation Function. . . . . . . . . . . . . . . . . 13
   3.7.1. For CRYPTO_TYPE_ENCRYPT Algorithm Type. . . . . . . . . . . 13
   3.7.2. For CRYPTO_TYPE_DECRYPT Algorithm Type. . . . . . . . . . . 14
   3.7.3. For CRYPTO_TYPE_SIGN Algorithm Type . . . . . . . . . . . . 15
   3.7.4. For CRYPTO_TYPE_VERIFY Algorithm Type . . . . . . . . . . . 17
   3.7.5. For CRYPTO_TYPE_COMPRESS Algorithm Type . . . . . . . . . . 18
        
   1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . .  2
   1.1. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . .  2
   1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . .  2
   1.3. Objectives of Development . . . . . . . . . . . . . . . . . .  3
   2. Cryptoplugin Structure. . . . . . . . . . . . . . . . . . . . .  3
   3. Program Interface . . . . . . . . . . . . . . . . . . . . . . .  4
   3.1. Cryptoplugin Initialization Function. . . . . . . . . . . . .  4
   3.1.1. Description of CryptoPluginInfo structure . . . . . . . . .  6
   3.1.2. Description of CryptoAlgInfo structure. . . . . . . . . . .  6
   3.2. Cryptoplugin Deinitialization Function. . . . . . . . . . . .  9
   3.3. Cryptographic Context Opening Function. . . . . . . . . . . . 10
   3.4. Cryptographic Context Reopening Function. . . . . . . . . . . 11
   3.5. Cryptographic Context Closing Function. . . . . . . . . . . . 12
   3.6. Key Verification Function . . . . . . . . . . . . . . . . . . 12
   3.7. Data Transformation Function. . . . . . . . . . . . . . . . . 13
   3.7.1. For CRYPTO_TYPE_ENCRYPT Algorithm Type. . . . . . . . . . . 13
   3.7.2. For CRYPTO_TYPE_DECRYPT Algorithm Type. . . . . . . . . . . 14
   3.7.3. For CRYPTO_TYPE_SIGN Algorithm Type . . . . . . . . . . . . 15
   3.7.4. For CRYPTO_TYPE_VERIFY Algorithm Type . . . . . . . . . . . 17
   3.7.5. For CRYPTO_TYPE_COMPRESS Algorithm Type . . . . . . . . . . 18
        
   3.7.6. For CRYPTO_TYPE_UNCOMPRESS Algorithm Type . . . . . . . . . 18
   3.7.7. For CRYPTO_TYPE_HASH Algorithm Type . . . . . . . . . . . . 19
   3.7.8. For CRYPTO_TYPE_RANDOM Algorithm Type.  . . . . . . . . . . 21
   3.8. Cryptographic Context Control Function. . . . . . . . . . . . 22
   4. Cryptoplugin Registration Procedure . . . . . . . . . . . . . . 23
   5. Security Considerations . . . . . . . . . . . . . . . . . . . . 23
   6. References. . . . . . . . . . . . . . . . . . . . . . . . . . . 23
   7. Author's Address  . . . . . . . . . . . . . . . . . . . . . . . 24
   Appendix A. The interface specification as a C header file . . . . 25
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 30
        
   3.7.6. For CRYPTO_TYPE_UNCOMPRESS Algorithm Type . . . . . . . . . 18
   3.7.7. For CRYPTO_TYPE_HASH Algorithm Type . . . . . . . . . . . . 19
   3.7.8. For CRYPTO_TYPE_RANDOM Algorithm Type.  . . . . . . . . . . 21
   3.8. Cryptographic Context Control Function. . . . . . . . . . . . 22
   4. Cryptoplugin Registration Procedure . . . . . . . . . . . . . . 23
   5. Security Considerations . . . . . . . . . . . . . . . . . . . . 23
   6. References. . . . . . . . . . . . . . . . . . . . . . . . . . . 23
   7. Author's Address  . . . . . . . . . . . . . . . . . . . . . . . 24
   Appendix A. The interface specification as a C header file . . . . 25
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 30
        
1. Introduction
1. 介绍
1.1. Summary
1.1. 总结

Nowadays internet applications that require cryptographic functions at the level of operating system kernel, use the method that assumes the libraries must be compiled/linked together with the module (driver) which provides product functionality. For the sake of possibility of independent development of the cryptographic modules and in order to provide a simple, effective and universal (suitable for application and as well kernel level of operating system) solution this specification offers the method to extract encrypting algorithms to the separate cryptographic modules.

如今,在操作系统内核级别需要加密功能的internet应用程序使用的方法假定库必须与提供产品功能的模块(驱动程序)一起编译/链接。为了能够独立开发加密模块,并提供简单、有效和通用(适用于应用程序和操作系统的内核级)的解决方案,本规范提供了将加密算法提取到单独加密模块的方法。

This document describes simple open interface (Crypto API) to external cryptographic libraries optimized both for the application and kernel level of the operating system.

本文档描述了针对操作系统的应用程序和内核级别进行优化的外部加密库的简单开放接口(Crypto API)。

1.2. Terminology
1.2. 术语

Cryptoplugin

加密插件

Operation system unit (driver, shared library, module) that provides cryptographic functions via well-defined (but OS-specific) interface.

操作系统单元(驱动程序、共享库、模块),通过定义良好(但特定于操作系统)的接口提供加密功能。

Cryptolibrary

密码库

Part of cryptoplugin that provides its cryptographic functionality via Crypto API.

cryptoplugin的一部分,通过CryptoAPI提供其加密功能。

Wrapper

包装纸

Part of cryptoplugin that provides interfaces translation between Crypto API and OS-specific interface.

cryptoplugin的一部分,提供CryptoAPI和操作系统特定接口之间的接口转换。

Definition of all cryptography related terms can be found in [Schneier].

所有加密相关术语的定义见[Schneier]。

1.3. Objectives of Development
1.3. 发展目标

The objectives of Simple CryptoAPI development are as follows:

简单CryptoAPI开发的目标如下:

1) To extract program implementations of encryption, one-way hash function, digital signature and random numbers generation algorithms to separate, independently developed modules.

1) 将程序实现的加密提取、单向散列函数、数字签名和随机数生成算法分开,独立开发模块。

2) To provide version independence between using encryption modules and external cryptoplugin.

2) 在使用加密模块和外部加密插件之间提供版本独立性。

3) To ensure platform independent developments of encrypting algorithm modules with portable source code.

3) 确保加密算法模块的平台独立开发,源代码可移植。

4) To enable independent development of modules and compatibility of modules developed independently.

4) 实现模块的独立开发和独立开发模块的兼容性。

2. Cryptoplugin Structure
2. 加密插件结构

In order to provide fast exchange between the cryptoplugin and its client the cryptoplugin is implemented as a separate driver (or module) of the particular operating system (Fig.1). Cryptoplugin consists of two parts (Fig.2):

为了提供cryptoplugin与其客户端之间的快速交换,cryptoplugin被实现为特定操作系统(图1)的单独驱动程序(或模块)。Cryptoplugin由两部分组成(图2):

1) cryptolibrary itself (1)

1) 加密库本身(1)

2) system-dependent module (wrapper) for interaction between cryptolibrary and its client (2)

2) 用于cryptolibrary及其客户端之间交互的系统相关模块(包装器)(2)

                                       Cryptoplugin initialization
                                     / by the operating system
                                     |
                                     |
     +------------------+          +-|-+-------------+
     |                  |          |   |             |
     |  Cryptoplugin's  | -------> |                 |
     |                  |          |  Cryptoplugin   |
     |     client       | <------- |                 |
     |                  |          |   |             |
     +------------------+     |    +---+-------------+
                              |
                              \
                               \ System-dependent CPI
        
                                       Cryptoplugin initialization
                                     / by the operating system
                                     |
                                     |
     +------------------+          +-|-+-------------+
     |                  |          |   |             |
     |  Cryptoplugin's  | -------> |                 |
     |                  |          |  Cryptoplugin   |
     |     client       | <------- |                 |
     |                  |          |   |             |
     +------------------+     |    +---+-------------+
                              |
                              \
                               \ System-dependent CPI
        

Fig. 1 Interaction between cryptoplugin and its client

图1 cryptoplugin与客户端的交互

     +---------------+-------------------------------+
     |               |                               |
     |              -->       Submodule of           |
     |  Submodule -  |                               |
     |               |   encrypting algorithms (1)   |
     |  wrapper (2)  |                               |
     |              <--       (cryptolibrary)        |
     |               |                               |
     +---------------+-------------------------------+
                     |
                     \
                      \ Cryptographic Program Interface
        
     +---------------+-------------------------------+
     |               |                               |
     |              -->       Submodule of           |
     |  Submodule -  |                               |
     |               |   encrypting algorithms (1)   |
     |  wrapper (2)  |                               |
     |              <--       (cryptolibrary)        |
     |               |                               |
     +---------------+-------------------------------+
                     |
                     \
                      \ Cryptographic Program Interface
        

Fig. 2 Cryptoplugin structure

图2加密插件结构

The system-dependent module (wrapper) is delivered by the driver-client developer in the form of source code or in the form of libraries (for example, in the form of object files) for particular operating system. The wrapper is intended for translation of system-independent application interface to the particular system-dependent interface with the cryptoplugin's client. The wrapper context does not include components specific to cryptoplugin's client functionality or to some cryptographic algorithm. The interface described in section 3 is the standard for interaction between the submodules (1) and (2).

系统相关模块(包装器)由驱动程序客户机开发人员以源代码的形式或特定操作系统的库的形式(例如,以对象文件的形式)交付。包装器用于将与系统无关的应用程序接口转换为与cryptoplugin客户端相关的特定系统接口。包装器上下文不包括特定于cryptoplugin的客户端功能或某些加密算法的组件。第3节中描述的接口是子模块(1)和(2)之间交互的标准。

A cryptoplugin can contain a number of different algorithms. Moreover, it can contain some different implementations of one particular algorithm.

加密插件可以包含许多不同的算法。此外,它可以包含一个特定算法的一些不同实现。

3. Program Interface
3. 程序接口

The CPI (Cryptographic Program Interface) consists of a set of functions exported by encrypting algorithm submodule (cryptolibrary). The interface functions are described below (see also Appendix A).

CPI(加密程序接口)由加密算法子模块(加密库)导出的一组函数组成。接口功能如下所述(另见附录A)。

3.1. Cryptoplugin Initialization Function
3.1. 加密插件初始化函数

The function is intended for cryptoplugin initialization and obtaining information about algorithms contained in cryptoplugin. The function is called once before the beginning of cryptoplugin operation.

该函数用于cryptoplugin初始化和获取cryptoplugin中包含的算法信息。函数在cryptoplugin操作开始前调用一次。

   /* CryptoPlugin initialization. Returns pointer to CryptoPluginInfo
   structure on success or NULL on fatal error. */
   CryptoPluginInfo *CryptoPluginInit(
                   void            *param);/* Ptr to OS parameters
                                              (platform-specific) */
        
   /* CryptoPlugin initialization. Returns pointer to CryptoPluginInfo
   structure on success or NULL on fatal error. */
   CryptoPluginInfo *CryptoPluginInit(
                   void            *param);/* Ptr to OS parameters
                                              (platform-specific) */
        

Description of parameters:

参数说明:

param - pointer to system-dependent parameters transmitted to cryptoplugin by the operating system. Intention and format of parameters are specific to each operating system and should be described in documentation on the cryptoplugin wrapper.

param-指向操作系统传输到cryptoplugin的系统相关参数的指针。参数的意图和格式特定于每个操作系统,应该在cryptoplugin包装器的文档中描述。

The function is called at the moment of cryptoplugin initialization. If succeeded it returns the pointer to CryptoPluginInfo structure that describes the module and algorithms implemented in the cryptolibrary. If function call did not succeed, function will return NULL or appropriate error code in CryptoPluginInfo structure status field. If the initialization is partially succeeded then the cryptoplugin either returns CryptoPluginInfo structure transformed so that it contains only successfully initialized algorithms or returns appropriate error code in status field of CryptoAlgInfo structures that describes the reason for the failure.

函数在cryptoplugin初始化时调用。如果成功,它将返回指向CryptoPluginInfo结构的指针,该结构描述在cryptolibrary中实现的模块和算法。若函数调用未成功,函数将在CryptoPluginInfo结构状态字段中返回NULL或相应的错误代码。如果初始化部分成功,则cryptoplugin要么返回CryptoPluginInfo结构转换,使其仅包含成功初始化的算法,要么在CryptoAlInfo结构的状态字段中返回描述失败原因的适当错误代码。

Error codes for the function:

功能的错误代码:

NULL - fatal unsuccessful cryptoplugin initialization. The module is unable even to indicate the reason of failure.

NULL-加密插件初始化失败的致命错误。模块甚至无法指示故障原因。

The pointer to cryptoplugin description structure in the case of full or partial success. The status fields in CryptoPluginInfo structure and in comprised CryptoAlgInfo structures can be set to the following values:

在完全或部分成功的情况下,指向cryptoplugin描述结构的指针。CryptoPluginInfo结构和CryptoAlInfo结构中的状态字段可以设置为以下值:

CRYPTO_OK - cryptoplugin (algorithm) is initialized successfully.

CRYPTO_OK-cryptoplugin(算法)已成功初始化。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_NOT_SUPPORTED - (only for algorithm) - the algorithm is not supported by the module at the moment.

CRYPTO_ERR_NOT_SUPPORTED-(仅适用于算法)-模块目前不支持该算法。

CRYPTO_ERR_HARDWARE - error of hardware initialization.

加密错误硬件-硬件初始化错误。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

加密错误没有内存-内存不足。与一般的加密错误相反,此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

3.1.1. Description of CryptoPluginInfo structure
3.1.1. CryptoPluginInfo结构描述

The CryptoPluginInfo structure consists of header of fixed size that generally describes cryptoplugin and array of CryptoAlgInfo structures following the header. Each structure describes particular algorithm implemented in the cryptolibrary (see Appendix A)

CryptoPluginInfo结构由固定大小的标头(通常描述cryptoplugin)和标头后面的CryptoAlInfo结构数组组成。每个结构描述了加密库中实现的特定算法(见附录A)

Structure fields description:

结构字段说明:

cpi_version - CPI version (should be CRYPTO_VER (1,0)). CPI version determines both functions set and fields layout in CryptoPluginInfo/CryptoAlgInfo structures.

cpi_版本-cpi版本(应为加密版本(1,0))。CPI版本决定CryptoPluginInfo/CryptoAlgInfo结构中的函数集和字段布局。

status - returns the error code if cryptoplugin initialization failed (otherwise should be CRYPTO_OK)

状态-如果cryptoplugin初始化失败,则返回错误代码(否则应为CRYPTO_OK)

name - text cryptoplugin description (ASCII-7 characters only; all unused bytes must be set to 0).

名称-文本加密插件说明(仅限ASCII-7个字符;所有未使用的字节必须设置为0)。

version - cryptoplugin version (CRYPTO_VER(maj,min)).

版本-加密插件版本(加密版本(主要,最低))。

flags - various flags that characterize the cryptoplugin.

标志-表示cryptoplugin特性的各种标志。

number_of_algs - number of algorithms the cryptolibrary comprises of (i.e. the number of consequent CryptoAlgInfo structures).

number_of_algs-密码库包含的算法数量(即后续CryptoAlInfo结构的数量)。

3.1.2. Description of CryptoAlgInfo structure
3.1.2. CryptoAlgInfo结构描述

Structure fields description

结构字段描述

status - returns the error code if particular algorithm initialization failed (otherwise should be CRYPTO_OK).

状态-如果特定算法初始化失败,则返回错误代码(否则应为CRYPTO_OK)。

id - algorithm identifier (CRYPTO_A_XXX). Values in the range of 0..249 are reserved; Values in the range of 250..32767 indicate algorithms not enrolled in standard list. It should be emphasized that algorithm IDs are independent for each algorithm type. But it is considered that pairs of types CRYPTO_TYPE_ENCRYPT and CRYPTO_TYPE_DECRYPT, CRYPTO_TYPE_SIGN and CRYPTO_TYPE_VERIFY, CRYPTO_TYPE_COMPRESS and CRYPTO_TYPE_UNCOMPRESS are equivalent because they define reverse actions of the same nature.

id-算法标识符(CRYPTO_A_XXX)。保留0..249范围内的值;250..32767范围内的值表示未在标准列表中注册的算法。应该强调的是,对于每种算法类型,算法ID都是独立的。但人们认为加密和解密、签名和验证、压缩和解压是等价的,因为它们定义了相同性质的反向动作。

group - algorithm implementation group (variants algorithm implementations with various parameters not covered by CryptoAlgInfo structure). Values in the range of 0..32767 are well-known numbers defined in Appendix A; vendors may arbitrarily use values in the range of 32768..65535.

组-算法实现组(CryptoAlgInfo结构中未包含各种参数的变体算法实现)。0..32767范围内的数值为附录A中定义的已知数值;供应商可以任意使用32768..65535范围内的值。

type - algorithm type (CRYPTO_TYPE_XXX). Unambiguously determines algorithm application.

类型-算法类型(加密类型)。明确地确定算法应用。

version - version of algorithm implementation (CRYPTO_VER (maj,min)).

版本-算法实现的版本(CRYPTO_VER(maj,min))。

flags - flags that characterize the algorithm and its implementation. All bits, that are not defined in Appendix A, must be zeroed.

标志-表征算法及其实现的标志。附录A中未定义的所有位必须归零。

maxcontexts - maximum cryptographic contexts number that are simultaneously supported by the algorithm implementation (0 if the number is unlimited or is limited only by environmental conditions like memory size).

maxcontexts—算法实现同时支持的最大加密上下文数(如果该数字不受限制或仅受环境条件(如内存大小)限制,则为0)。

name - text algorithm name (ASCII characters use only; all unused bytes must be set to 0).

名称-文本算法名称(仅使用ASCII字符;所有未使用的字节必须设置为0)。

The next information depends on algorithm type:

下一个信息取决于算法类型:

For encryption algorithms (CRYPTO_TYPE_ENCRYPT and CRYPTO_TYPE_DECRYPT):

对于加密算法(加密类型加密和加密类型解密):

blocklen - data block length in bytes (value 1 must be used for stream cipher algorithms).

blocklen—以字节为单位的数据块长度(流密码算法必须使用值1)。

keylen - encrypting (or decrypting) key length in bytes.

keylen-加密(或解密)密钥长度(字节)。

outlen - output data size for conversion of one input data block in bytes. Usually it is equal to blocklen. When prediction of this value is impossible zero value must be indicated.

outlen—用于转换一个输入数据块的输出数据大小(以字节为单位)。通常等于blocklen。当无法预测该值时,必须指示零值。

milen - size of initialization vector (for block algorithms) or message indicator (for stream algorithms) in bytes. For block algorithms zero value of the parameter means that the algorithm implements ECB encoding. Non-zero milen parameter means that the algorithm implements CBC encoding. For stream algorithms zero value of the parameter means that the message indicator is not required.

milen—初始化向量(对于块算法)或消息指示器(对于流算法)的大小(以字节为单位)。对于块算法,参数的零值意味着算法实现ECB编码。非零milen参数表示算法实现CBC编码。对于流算法,参数的零值表示不需要消息指示符。

For signature algorithms (CRYPTO_TYPE_SIGN):

对于签名算法(加密类型签名):

blocklen - block size in bytes. The length of input signature data will be padded up to this value. When there is no need in padding the value of 1 must be set.

blocklen—以字节为单位的块大小。输入签名数据的长度将填充到此值。当不需要填充时,必须设置值1。

keylen - private key length in bytes.

keylen—以字节为单位的私钥长度。

outlen - signature length in bytes. When prediction of this value is impossible 0 value must be indicated. If the signature consists of several values then the total length is indicated.

outlen—以字节为单位的签名长度。当无法预测该值时,必须指示0值。如果签名由多个值组成,则表示总长度。

milen - non-zero value specifies signature parameter length (random number), zero value indicates that the parameter is not required.

milen-非零值指定签名参数长度(随机数),零值表示不需要该参数。

For signature verification algorithms (CRYPTO_TYPE_VERIFY):

对于签名验证算法(加密类型验证):

blocklen - is not used.

blocklen-未使用。

keylen - length of public key in bytes.

keylen—公钥的长度(以字节为单位)。

outlen - signature length in bytes. When prediction of this value is impossible 0 value must be indicated. If the signature consists of several values then the total length is indicated.

outlen—以字节为单位的签名长度。当无法预测该值时,必须指示0值。如果签名由多个值组成,则表示总长度。

milen - is not used.

米伦-不使用。

For data compression algorithms (CRYPTO_TYPE_COMPRESS):

对于数据压缩算法(加密类型压缩):

blocklen - see outlen.

blocklen-见outlen。

keylen - is not used.

keylen-未使用。

outlen - if the algorithm provides the fixed compression with known value then it is indicated as blocklen/outlen ratio. The values can be arbitrary. If the compression value is not known then outlen is set to 0 and blocklen is not used.

outlen-如果算法提供已知值的固定压缩,则表示为blocklen/outlen比率。这些值可以是任意的。如果压缩值未知,则outlen设置为0,且不使用blocklen。

milen - is not used.

米伦-不使用。

For data uncompressing algorithms (CRYPTO_TYPE_UNCOMPRESS):

对于数据解压算法(加密类型解压):

blocklen - see outlen.

blocklen-见outlen。

keylen - is not used.

keylen-未使用。

outlen - if the algorithm provides the fixed compression with known value then it is indicated as blocklen/outlen ratio. The values can be arbitrary. It is natural that the ratio will be reverse to the similar value for the same algorithm but of CRYPTO_TYPE_COMPRESS type. If the compression value is not known then outlen is set to 0 and blocklen is not used.

outlen-如果算法提供已知值的固定压缩,则表示为blocklen/outlen比率。这些值可以是任意的。很自然,对于相同的算法,该比率将与相似的值相反,但属于加密类型\压缩类型。如果压缩值未知,则outlen设置为0,且不使用blocklen。

milen - is not used.

米伦-不使用。

For one-way hash function algorithms (CRYPTO_TYPE_HASH):

对于单向散列函数算法(加密类型散列):

blocklen - block size in bytes. The length of input data will be padded up to this value. When there is no need in padding value 1 should be used.

blocklen—以字节为单位的块大小。输入数据的长度将填充到此值。当不需要填充时,应使用值1。

keylen - is not used.

keylen-未使用。

outlen - resulting hash value length in bytes.

outlen—以字节为单位的结果哈希值长度。

milen - is not used.

米伦-不使用。

For random number generation algorithms (CRYPTO_TYPE_RANDOM):

对于随机数生成算法(加密类型随机):

blocklen - is not used.

blocklen-未使用。

keylen - initial seed length (0 - if not required, for example in a physical effects based generators).

keylen-初始种子长度(0-如果不需要,例如在基于物理效果的生成器中)。

outlen - resulting random number length in bytes (0 - arbitrary)

outlen—以字节为单位的结果随机数长度(0—任意)

milen - is not used.

米伦-不使用。

3.2. Cryptoplugin Deinitialization Function
3.2. 加密插件去初始化函数
   /* Plugin deinitialization */
   CRYPTO_STATUS   CryptoPluginFini(void);
        
   /* Plugin deinitialization */
   CRYPTO_STATUS   CryptoPluginFini(void);
        

The function is called before the cryptoplugin operation is to be terminated. Function execution causes closing of all open cryptographic contexts, system resources deallocation and hardware deinitialization. The value returned is informational only.

在cryptoplugin操作终止之前调用该函数。函数执行导致关闭所有打开的加密上下文、系统资源释放和硬件去初始化。返回的值仅供参考。

Return codes for the function:

函数的返回代码:

CRYPTO_OK - cryptoplugin is deinitialized successfully.

CRYPTO_OK-cryptoplugin已成功反初始化。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_UNCLOSED_HANDLES - warning that there were open cryptographic contexts during cryptoplugin deinitialization. The warning is informational only. The open contexts are destroyed anyway.

CRYPTO_ERR_UNCLOSED_句柄-警告在cryptoplugin反初始化期间存在打开的加密上下文。该警告仅供参考。开放的上下文无论如何都会被破坏。

3.3. Cryptographic Context Opening Function
3.3. 密码上下文打开函数

New algorithm instance (cipher state) */ CRYPTO_STATUS CryptoOpen(

新算法实例(密码状态)*/CRYPTO_状态CryptoOpen(

         CRYPTO_HANDLE   *state, /* Pointer to cipher state
                                    handle (filled on exit) */
         long            algnum, /* Algorithm number in
                                    CryptoPluginInfo structure */
         const char      *key);  /* key (in plain) */
        
         CRYPTO_HANDLE   *state, /* Pointer to cipher state
                                    handle (filled on exit) */
         long            algnum, /* Algorithm number in
                                    CryptoPluginInfo structure */
         const char      *key);  /* key (in plain) */
        

The function creates cryptographic context copy inside cryptoplugin and initializes it with the provided key. Later the handle of the context is used in calls of other algorithm functions.

该函数在cryptoplugin内创建加密上下文副本,并使用提供的密钥对其进行初始化。稍后,上下文句柄将用于调用其他算法函数。

Description of parameters:

参数说明:

state - pointer to the variable that will be set to the handle of the context created if succeeded. NULL parameter value should result in the CRYPTO_ERR_BAD_PARAMS code returned by the function.

状态-指向变量的指针,该变量将设置为成功创建的上下文的句柄。NULL参数值应导致函数返回的CRYPTO_ERR_BAD_参数代码。

algnum - algorithm number in the cryptoplugin. It is equal to the number of CryptoAlgInfo structure (that describes the algorithm) in CryptoPluginInfo structure. The number begins with zero value. It should be taken into account that it is not an algorithm identifier but its number in the cryptoplugin.

algnum—加密插件中的算法编号。它等于CryptoPluginInfo结构中CryptoAlInfo结构(描述算法)的数量。数字以零值开始。应该考虑到,它不是算法标识符,而是cryptoplugin中的编号。

key - pointer to the key (if it is required) or to the seed (for random number generation algorithm).

键-指向键(如果需要)或种子(用于随机数生成算法)的指针。

Notes.

笔记。

1. Generated cryptographic context is stored inside the cryptoplugin until it will be destroyed by the CryptoAlgClose function call. The maximum number of cryptographic contexts supported by cryptoplugin can be indicated in algorithm parameters description. If maximum number of cryptographic contexts equals to zero then the cryptographic contexts number is either unlimited (for example, for stateless algorithms like random number generators and one-way hash functions) or it is limited by external factors only (like memory size).

1. 生成的加密上下文存储在cryptoplugin中,直到CryptoAlgClose函数调用将其销毁。cryptoplugin支持的最大加密上下文数可以在算法参数描述中指出。如果最大加密上下文数等于零,则加密上下文数要么是无限的(例如,对于无状态算法,如随机数生成器和单向散列函数),要么仅受外部因素的限制(如内存大小)。

Return codes for the function:

函数的返回代码:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

加密错误没有内存-内存不足。与一般的加密错误相反,此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

CRYPTO_ERR_BAD_PARAMS - invalid parameters (invalid algorithm number, zero pointer to the handle or to key (seed) if it is required.

CRYPTO_ERR_BAD_PARAMS-无效参数(无效的算法编号、指向句柄或密钥(种子)的零指针,如果需要)。

3.4. Cryptographic Context Reopening Function
3.4. 加密上下文重新打开函数
/* Reinitialize algorithm instance */
CRYPTO_STATUS   CryptoReOpen(
                CRYPTO_HANDLE   state, /* current cipher state handle */
                const char      *key);  /* key (in plain) */
        
/* Reinitialize algorithm instance */
CRYPTO_STATUS   CryptoReOpen(
                CRYPTO_HANDLE   state, /* current cipher state handle */
                const char      *key);  /* key (in plain) */
        

The function reinitializes an existing context. This function is used for key change without new system resources allocation. The function parameters are handle of opened earlier context and pointer to a new key.

该函数用于重新初始化现有上下文。此功能用于在不分配新系统资源的情况下更改密钥。函数参数是先前打开的上下文的句柄和指向新键的指针。

Return codes for the function:

函数的返回代码:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_BAD_HANDLE - invalid cryptographic context handle.

加密错误句柄-无效的加密上下文句柄。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general

加密错误没有内存-内存不足。与一般情况相反

CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module may release system memory and try function call once more.

CRYPTO_ERR_NO_RESOURCES error此代码假定调用模块可能释放系统内存并再次尝试函数调用。

CRYPTO_ERR_BAD_PARAMS - invalid parameters (invalid algorithm number, zero pointer to the handle or to key (seed) if it is required.

CRYPTO_ERR_BAD_PARAMS-无效参数(无效的算法编号、指向句柄或密钥(种子)的零指针,如果需要)。

3.5. Cryptographic Context Closing Function
3.5. 密码上下文关闭函数
/* Destroy algorithm instance */
CRYPTO_STATUS   CryptoClose(
                CRYPTO_HANDLE   state); /* Handle of cipher state */
        
/* Destroy algorithm instance */
CRYPTO_STATUS   CryptoClose(
                CRYPTO_HANDLE   state); /* Handle of cipher state */
        

The function provides cryptographic context destruction. The cryptographic context handle is its parameter. The value returned is informational only.

该函数提供加密上下文销毁。加密上下文句柄是其参数。返回的值仅供参考。

Return codes for the function:

函数的返回代码:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_BAD_HANDLE - invalid cryptographic context handle.

加密错误句柄-无效的加密上下文句柄。

3.6. Key Verification Function
3.6. 密钥验证功能
      /* Check key for possible weakness */
      CRYPTO_STATUS   CryptoCheckForWeakKey(
                    long            algnum, /* Algorithm number in
                                    CryptoPluginInfo structure */
                    const char      *key);  /* Proposed key */
        
      /* Check key for possible weakness */
      CRYPTO_STATUS   CryptoCheckForWeakKey(
                    long            algnum, /* Algorithm number in
                                    CryptoPluginInfo structure */
                    const char      *key);  /* Proposed key */
        

The function verifies key material whether it is weak (from the algorithm's point of view). The function is actual for encryption/decryption or signing/verification algorithms only. Algorithm number (similar to CryptoAlgOpen) and pointer to the key to be verified are the parameters.

该函数验证关键材质是否弱(从算法的角度)。该函数仅适用于加密/解密或签名/验证算法。算法编号(类似于CryptoAlgOpen)和指向要验证的密钥的指针是参数。

Return codes for the function:

函数的返回代码:

CRYPTO_O - the key has passed the test.

加密-密钥已通过测试。

CRYPTO_ERR_WEAK_KEY - the key has not passed the test (being weak or possibly weak).

加密错误弱密钥-密钥未通过测试(弱或可能弱)。

CRYPTO_ERR_NOT_SUPPORTED - is not supported.

加密错误不受支持-不受支持。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

加密错误没有内存-内存不足。与一般的加密错误相反,此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

3.7. Data Transformation Function
3.7. 数据转换函数
/* Perform CryptoTransform (depends on cipher state type) */
CRYPTO_STATUS   CryptoTransform(
                CRYPTO_HANDLE   state,  /* Cipher state */
                const char      *inbuff,/* input data */
                long            inlen,  /* input data length */
                char            *outbuff,/* output buffer */
                long            *outlen,/* On entry - output buffer
                                          length, on exit -  number of
                                          bytes written to outbuff */
                char            *mi);   /* Message indicator  */
        
/* Perform CryptoTransform (depends on cipher state type) */
CRYPTO_STATUS   CryptoTransform(
                CRYPTO_HANDLE   state,  /* Cipher state */
                const char      *inbuff,/* input data */
                long            inlen,  /* input data length */
                char            *outbuff,/* output buffer */
                long            *outlen,/* On entry - output buffer
                                          length, on exit -  number of
                                          bytes written to outbuff */
                char            *mi);   /* Message indicator  */
        

This is a cryptographic data transformation function. Function call results and function parameters are dependent on algorithm type. For algorithm types CRYTO_TYPE_ENCRYPT, CRYPTO_TYPE_DECRYPT, CRYPTO_TYPE_SIGN and CRYPTO_TYPE_VERIFY (items 3.7.1 - 3.7.4) function call results are history independent.

这是一个加密数据转换函数。函数调用结果和函数参数取决于算法类型。对于算法类型CRYTO_TYPE_ENCRYPT、CRYPTO_TYPE_DECRYPT、CRYPTO_TYPE_SIGN和CRYPTO_TYPE_VERIFY(项目3.7.1-3.7.4),函数调用结果与历史无关。

Note. Stream encryption algorithms may seem an "exception". However the same cryptoalgorithm handle must hide its history dependence. For algorithm types CRYPTO_TYPE_COMPRESS, CRYPTO_TYPE_UNCOMPRESS and CRYPTO_TYPE_HASH (items 3.7.5 - 3.7.7) function calls are history dependent. For the CRYPTO_TYPE_RANDOM algorithm function call may be for different implementations either dependent or independent on the history.

笔记流加密算法似乎是一个“例外”。但是,相同的加密算法句柄必须隐藏其历史依赖性。对于算法类型CRYPTO_TYPE_COMPRESS、CRYPTO_TYPE_UNCOMPRESS和CRYPTO_TYPE_HASH(第3.7.5-3.7.7项),函数调用依赖于历史。对于CRYPTO_类型,随机算法函数调用可能针对不同的实现,取决于历史或独立于历史。

3.7.1. For CRYPTO_TYPE_ENCRYPT Algorithm Type:

3.7.1. 对于加密类型加密算法类型:

The function encrypts input data. Its parameters are intended for:

该函数用于加密输入数据。其参数用于:

inbuff - pointer to the input data. If this parameter is equal to NULL then the function should return the CRYPTO_ERR_BAD_PARAMS error code.

inbuff-指向输入数据的指针。如果此参数等于NULL,则函数应返回CRYPTO_ERR_BAD_PARAMS错误代码。

inlen - input data size (in bytes). If the size indicated in algorithm description is divisible by blocklen then padding is not carried out. Otherwise the algorithm either caries out padding according to the algorithm standard or returns appropriate error code (CRYPTO_ERR_BAD_PARAMS). The zero parameter is allowed so that the function quits at once and returns CRYPTO_OK code.

inlen—输入数据大小(以字节为单位)。如果算法描述中指示的大小可被blocklen整除,则不执行填充。否则,该算法要么根据算法标准消除填充,要么返回适当的错误代码(CRYPTO_ERR_BAD_PARAMS)。允许使用零参数,以便函数立即退出并返回CRYPTO_OK代码。

outbuff - output data buffer. NULL parameter value results in the outlen parameter setting to output buffer size required to encrypt the input buffer represented. In this case the CRYPTO_ERR_SMALL_BUFFER error should not be returned.

输出数据缓冲区。NULL参数值导致outlen参数设置为加密所表示的输入缓冲区所需的输出缓冲区大小。在这种情况下,不应返回CRYPTO_ERR_SMALL_缓冲区错误。

outlen - Output buffer size is an input function parameter while the number of bytes written in the output buffer is the output parameter. Both the NULL parameter value and the zero value addressed result in CRYPTO_ERR_BAD_PARAMS code returned by the function.

outlen—输出缓冲区大小是一个输入函数参数,而写入输出缓冲区的字节数是输出参数。NULL参数值和寻址的零值都会导致函数返回CRYPTO_ERR_BAD_参数代码。

mi - message indicator. Its content depends on whether the block or stream algorithm is applied. In the block algorithm case it is set to the last block encrypted. When the first block is encrypted mi parameter specifies initial initialization vector. In the stream algorithm case it is set to the offset of the first byte encrypted in the stream. If the algorithm uses the message indicator and the mi parameter value is set to NULL then function should return CRYPTO_ERR_BAD_PARAMS. If the algorithm (ECB Mode encrypting as an example) does not apply the message indicator then NULL value of mi is acceptable while non-NULL value should be ignored.

mi-消息指示器。其内容取决于是应用块算法还是流算法。在块算法的情况下,它被设置为最后一个加密的块。当第一个块被加密时,mi参数指定初始初始化向量。在流算法的情况下,它被设置为流中加密的第一个字节的偏移量。如果算法使用消息指示符且mi参数值设置为NULL,则函数应返回CRYPTO_ERR_BAD_PARAMS。如果算法(例如ECB模式加密)未应用消息指示符,则mi的空值是可接受的,而非空值应忽略。

Returned values:

返回值:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_BAD_HANDLE - invalid cryptographic context handle.

加密错误句柄-无效的加密上下文句柄。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

加密错误没有内存-内存不足。与一般的加密错误相反,此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

CRYPTO_ERR_SMALL_BUFFER - insufficient output buffer size.

加密错误缓冲区小-输出缓冲区大小不足。

CRYPTO_ERR_BAD_PARAMS - invalid parameters.

CRYPTO_ERR_BAD_参数-无效参数。

3.7.2. For CRYPTO_TYPE_DECRYPT Algorithm Type:

3.7.2. 对于加密类型\解密算法类型:

The function decrypts the input data. Its parameters are intended for:

该函数解密输入数据。其参数用于:

inbuff - pointer to the input data. If the parameter is equal to NULL then the function should return the CRYPTO_ERR_BAD_PARAMS error code.

inbuff-指向输入数据的指针。如果参数等于NULL,则函数应返回CRYPTO_ERR_BAD_PARAMS错误代码。

inlen - input data size (in bytes). When the parameter is set to zero the function quits at once and CRYPTO_OK code is returned.

inlen—输入数据大小(以字节为单位)。当参数设置为零时,函数立即退出,并返回CRYPTO_OK代码。

outbuff - output data buffer. NULL parameter value results in the outlen parameter setting to output buffer size required to decrypt the input buffer represented. In this case the CRYPTO_ERR_SMALL_BUFFER error should not be returned.

输出数据缓冲区。NULL参数值导致outlen参数设置为解密所表示的输入缓冲区所需的输出缓冲区大小。在这种情况下,不应返回CRYPTO_ERR_SMALL_缓冲区错误。

outlen - Output buffer size is an input function parameter while the number of bytes written in the output buffer is the output parameter. Both the NULL parameter value and the zero value addressed result in CRYPTO_ERR_BAD_PARAMS code returned by the function.

outlen—输出缓冲区大小是一个输入函数参数,而写入输出缓冲区的字节数是输出参数。NULL参数值和寻址的零值都会导致函数返回CRYPTO_ERR_BAD_参数代码。

mi - message indicator. The content depends on whether the block or stream algorithm is applied. In the block algorithm case it is set to the last block encrypted. When the first block is decrypted mi specifies initial initialization vector. In the stream algorithm case it is set to the offset of the first byte decrypted in the stream. If the algorithm uses the message indicator and the mi parameter is set to NULL then function should return CRYPTO_ERR_BAD_PARAMS. If the algorithm (ECB Mode as an example) does not apply the message indicator then NULL value of mi is acceptable while non-NULL value should be ignored.

mi-消息指示器。内容取决于是应用块算法还是流算法。在块算法的情况下,它被设置为最后一个加密的块。当第一个块被解密时,mi指定初始初始化向量。在流算法的情况下,它被设置为流中解密的第一个字节的偏移量。如果算法使用消息指示符且mi参数设置为NULL,则函数应返回CRYPTO_ERR_BAD_参数。如果算法(以ECB模式为例)未应用消息指示符,则mi的空值可接受,而非空值应忽略。

Returned values:

返回值:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_BAD_HANDLE - invalid cryptographic context handle.

加密错误句柄-无效的加密上下文句柄。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

加密错误没有内存-内存不足。与一般的加密错误相反,此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

CRYPTO_ERR_SMALL_BUFFER - insufficient output buffer size.

加密错误缓冲区小-输出缓冲区大小不足。

CRYPTO_ERR_BAD_PARAMS - invalid parameters.

CRYPTO_ERR_BAD_参数-无效参数。

3.7.3. For CRYPTO_TYPE_SIGN Type Algorithm:

3.7.3. 对于加密类型\符号类型算法:

The function signs the input data. Its parameters are intended for:

该函数对输入数据进行签名。其参数用于:

inbuff - pointer to the input data. If the parameter is equal to NULL then the function should return the CRYPTO_ERR_BAD_PARAMS code error.

inbuff-指向输入数据的指针。如果参数等于NULL,则函数应返回CRYPTO_ERR_BAD_PARAMS代码错误。

inlen - input data size (in bytes). If the size indicated in algorithm description is divisible by blocklen then padding is not carried out. Otherwise the algorithm either caries out padding according to the algorithm standard or returns appropriate error code (CRYPTO_ERR_BAD_PARAMS). The zero parameter is allowed so that the function quits at once and returns CRYPTO_OK code.

inlen—输入数据大小(以字节为单位)。如果算法描述中指示的大小可被blocklen整除,则不执行填充。否则,该算法要么根据算法标准消除填充,要么返回适当的错误代码(CRYPTO_ERR_BAD_PARAMS)。允许使用零参数,以便函数立即退出并返回CRYPTO_OK代码。

outbuff - output data buffer. NULL parameter value results in the outlen parameter setting to output buffer size required to sign the input buffer represented. In this case the CRYPTO_ERR_SMALL_BUFFER error should not be returned.

输出数据缓冲区。NULL参数值导致outlen参数设置为对所表示的输入缓冲区签名所需的输出缓冲区大小。在这种情况下,不应返回CRYPTO_ERR_SMALL_缓冲区错误。

outlen - Output buffer size is an input function parameter while the number of bytes written in the output buffer is the output parameter. Both the NULL parameter value and the zero value addressed result in CRYPTO_ERR_BAD_PARAMS code returned by the function.

outlen—输出缓冲区大小是一个输入函数参数,而写入输出缓冲区的字节数是输出参数。NULL参数值和寻址的零值都会导致函数返回CRYPTO_ERR_BAD_参数代码。

mi - pointer to signature parameter (random number usually) if milen parameter in algorithm description is non-zero. In this case zero mi parameter indicates that the parameter should be chosen (generated) inside the algorithm. If milen parameter in algorithm description is set to zero then mi parameter is ignored.

mi-如果算法描述中的milen参数为非零,则指向签名参数(通常为随机数)的指针。在这种情况下,零mi参数表示应在算法内部选择(生成)该参数。若算法描述中的milen参数设置为零,则忽略mi参数。

Returned values:

返回值:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_BAD_HANDLE - invalid cryptographic context handle.

加密错误句柄-无效的加密上下文句柄。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

加密错误没有内存-内存不足。与一般的加密错误相反,此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

CRYPTO_ERR_SMALL_BUFFER - insufficient output buffer size.

加密错误缓冲区小-输出缓冲区大小不足。

CRYPTO_ERR_BAD_PARAMS - invalid parameters.

CRYPTO_ERR_BAD_参数-无效参数。

3.7.4. For CRYPTO_TYPE_VERIFY Algorithm Type:

3.7.4. 对于加密类型验证算法类型:

The function verifies input data signature. Its parameters are intended for:

该函数验证输入数据签名。其参数用于:

inbuff - pointer to the input data. If the parameter is equal to NULL then the function should return the CRYPTO_ERR_BAD_PARAMS code error.

inbuff-指向输入数据的指针。如果参数等于NULL,则函数应返回CRYPTO_ERR_BAD_PARAMS代码错误。

inlen - input data size (in bytes). The zero parameter is allowed so that the function quits at once and returns CRYPTO_OK code.

inlen—输入数据大小(以字节为单位)。允许使用零参数,以便函数立即退出并返回CRYPTO_OK代码。

outbuff -pointer to the signature. If the parameter is set to NULL then the function returns CRYPTO_ERR_BAD_PARAMS error code. If the signature consists of several parts then they are combined to one array.

exputff-指向签名的指针。如果参数设置为NULL,则函数返回CRYPTO_ERR_BAD_PARAMS错误代码。如果签名由多个部分组成,则将它们组合到一个数组中。

outlen - specifies the signature length if the signature length is set to zero in algorithm description structure. If non-zero value is specified in algorithm description structure then the parameter is ignored. If the signature consists of several parts then the maximum part length multiplied by the number of parts is specified.

outlen-如果在算法描述结构中将签名长度设置为零,则指定签名长度。如果在算法描述结构中指定了非零值,则忽略该参数。如果签名由几个部分组成,则指定最大部分长度乘以部分数量。

mi - is not used.

不使用mi。

Returned values:

返回值:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_INVALID_SIGNATURE - invalid signature.

加密错误无效签名-无效签名。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_BAD_HANDLE - invalid cryptographic context handle.

加密错误句柄-无效的加密上下文句柄。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

加密错误没有内存-内存不足。与一般的加密错误相反,此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

CRYPTO_ERR_SMALL_BUFFER - insufficient output buffer size.

加密错误缓冲区小-输出缓冲区大小不足。

CRYPTO_ERR_BAD_PARAMS - invalid parameters.

CRYPTO_ERR_BAD_参数-无效参数。

3.7.5. For CRYPTO_TYPE_COMPRESS Algorithm Type:

3.7.5. 对于加密类型\u压缩算法类型:

The function compresses the input data. Its parameters are intended for:

该函数压缩输入数据。其参数用于:

inbuff - pointer to the input data.

inbuff-指向输入数据的指针。

inlen - input data size (in bytes). The zero parameter is allowed so that the function quits at once and returns CRYPTO_OK code.

inlen—输入数据大小(以字节为单位)。允许使用零参数,以便函数立即退出并返回CRYPTO_OK代码。

outbuff - output data buffer. NULL parameter value results in the outlen parameter setting to output buffer size required to compress the input buffer represented. In this case the CRYPTO_ERR_SMALL_BUFFER error should not be returned.

输出数据缓冲区。NULL参数值导致outlen参数设置为压缩所表示的输入缓冲区所需的输出缓冲区大小。在这种情况下,不应返回CRYPTO_ERR_SMALL_缓冲区错误。

outlen - Output buffer size is an input function parameter while the number of bytes written in the output buffer is the output parameter. Both the NULL parameter value and the zero value addressed result in CRYPTO_ERR_BAD_PARAMS code returned by the function.

outlen—输出缓冲区大小是一个输入函数参数,而写入输出缓冲区的字节数是输出参数。NULL参数值和寻址的零值都会导致函数返回CRYPTO_ERR_BAD_参数代码。

mi - is not used.

不使用mi。

Returned values:

返回值:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_BAD_HANDLE - invalid cryptographic context handle.

加密错误句柄-无效的加密上下文句柄。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

加密错误无资源-内部资源不足加密错误无内存-内存不足。与一般的加密错误相反,此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

CRYPTO_ERR_SMALL_BUFFER - insufficient output buffer size.

加密错误缓冲区小-输出缓冲区大小不足。

CRYPTO_ERR_BAD_PARAMS - invalid parameters.

CRYPTO_ERR_BAD_参数-无效参数。

3.7.6. For CRYPTO_TYPE_UNCOMPRESS Algorithm Type:

3.7.6. 对于加密类型\解压算法类型:

The function decompresses the input data. Its parameters are intended for:

该函数用于解压缩输入数据。其参数用于:

inbuff - pointer to the input data.

inbuff-指向输入数据的指针。

inlen - input data size (in bytes). The zero parameter is allowed so that the function quits at once and returns CRYPTO_OK code.

inlen—输入数据大小(以字节为单位)。允许使用零参数,以便函数立即退出并返回CRYPTO_OK代码。

outbuff - output data buffer. NULL parameter value results in the outlen parameter setting to output buffer size required to decompress the input buffer represented. In this case the CRYPTO_ERR_SMALL_BUFFER error should not be returned.

输出数据缓冲区。NULL参数值导致outlen参数设置为解压缩所表示的输入缓冲区所需的输出缓冲区大小。在这种情况下,不应返回CRYPTO_ERR_SMALL_缓冲区错误。

outlen - Output buffer size is an input function parameter while the number of bytes written in the output buffer is the output parameter. Both the NULL parameter value and the zero value addressed result in CRYPTO_ERR_BAD_PARAMS code returned by the function.

outlen—输出缓冲区大小是一个输入函数参数,而写入输出缓冲区的字节数是输出参数。NULL参数值和寻址的零值都会导致函数返回CRYPTO_ERR_BAD_参数代码。

mi - is not used.

不使用mi。

Returned values:

返回值:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_BAD_HANDLE - invalid cryptographic context handle.

加密错误句柄-无效的加密上下文句柄。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

加密错误没有内存-内存不足。与一般的加密错误相反,此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

CRYPTO_ERR_SMALL_BUFFER - insufficient output buffer size.

加密错误缓冲区小-输出缓冲区大小不足。

CRYPTO_ERR_BAD_PARAMS - invalid parameters.

CRYPTO_ERR_BAD_参数-无效参数。

3.7.7. For CRYPTO_TYPE_HASH Algorithm Type:

3.7.7. 对于加密类型\u散列算法类型:

The function calculates the hash value of the input data. Its parameters are intended for:

该函数计算输入数据的哈希值。其参数用于:

inbuff - pointer to the input data. If the parameter is of NULL value then the function calculates cumulative hash value for the data represented (taking into account all previous data represented). If total length of all the data represented by the moment is divisible by blocklen and outbuff is non-NULL then it is returned to outbuff. Nothing is written in outbuff when the length is not divisible by blocklen. NULL inbuff indicates the last conversion when the input data is padded up

inbuff-指向输入数据的指针。如果参数为NULL值,则函数将计算所表示数据的累积哈希值(考虑所有以前表示的数据)。如果力矩表示的所有数据的总长度可被blocklen整除,且EXPUFF为非NULL,则返回EXPUFF。当长度不能被blocklen整除时,在EXPUFF中不会写入任何内容。NULL inbuff表示填充输入数据时的最后一次转换

to the blocklen size and the result is written to outbuff address. The padding procedure is defined for the algorithm.

设置为blocklen大小,并将结果写入突发地址。为算法定义了填充过程。

inlen - input data size (in bytes). The zero parameter is allowed when the function quits at once and returns CRYPTO_OK code.

inlen—输入数据大小(以字节为单位)。当函数立即退出并返回CRYPTO_OK代码时,允许使用零参数。

outbuff - output data buffer.

输出数据缓冲区。

outlen - Output buffer size is an input function parameter while the number of bytes written in the output buffer is the output parameter. If intermediate conversion value (inbuff is not NULL) and total length of data represented by the moment are not divisible by blocklen then outlen is set to zero and the hash value is not written in outbuff. Both the NULL parameter value and the zero value addressed result in CRYPTO_ERR_BAD_PARAMS code returned by the function.

outlen—输出缓冲区大小是一个输入函数参数,而写入输出缓冲区的字节数是输出参数。如果中间转换值(inbuff不为NULL)和由该时刻表示的数据的总长度不能被blocklen整除,则outlen设置为零,并且哈希值不写入extruff。NULL参数值和寻址的零值都会导致函数返回CRYPTO_ERR_BAD_参数代码。

mi - is not used.

不使用mi。

Returned values:

返回值:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_BAD_HANDLE - invalid cryptographic context handle.

加密错误句柄-无效的加密上下文句柄。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

加密错误没有内存-内存不足。与一般的加密错误相反,此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

CRYPTO_ERR_SMALL_BUFFER - insufficient output buffer size.

加密错误缓冲区小-输出缓冲区大小不足。

CRYPTO_ERR_BAD_PARAMS - invalid parameters.

CRYPTO_ERR_BAD_参数-无效参数。

3.7.8. For CRYPTO_TYPE_RANDOM Algorithm Type:

3.7.8. 对于加密类型\随机算法类型:

The function generates a random number. Its parameters are intended for:

该函数生成一个随机数。其参数用于:

inbuff - pointer to the input data used for generation (when one of the pseudorandom algorithms is implemented). NULL parameter indicates absence of the input data.

inbuff—指向用于生成的输入数据的指针(当实现一个伪随机算法时)。NULL参数表示缺少输入数据。

inlen - input data size (in bytes).

inlen—输入数据大小(以字节为单位)。

outbuff - output data

输出数据

outlen - Output buffer size is an input function parameter while the number of bytes written in the output buffer is the output parameter. If zero (i.e. arbitrary) generated number size is set in the algorithm description then the outlen value determines the number of random bytes required by the calling procedure.

outlen—输出缓冲区大小是一个输入函数参数,而写入输出缓冲区的字节数是输出参数。如果在算法描述中设置了零(即任意)生成的数字大小,则outlen值确定调用过程所需的随机字节数。

mi - is not used.

不使用mi。

Returned values:

返回值:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_BAD_HANDLE - invalid cryptographic context handle.

加密错误句柄-无效的加密上下文句柄。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

加密错误没有内存-内存不足。与一般的加密错误相反,此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

CRYPTO_ERR_SMALL_BUFFER - insufficient output buffer size.

加密错误缓冲区小-输出缓冲区大小不足。

CRYPTO_ERR_BAD_PARAMS - invalid parameters.

CRYPTO_ERR_BAD_参数-无效参数。

3.8. Cryptographic Context Control Function
3.8. 密码上下文控制函数
/* Algorithm control */
CRYPTO_STATUS   CryptoControl(
                CRYPTO_HANDLE   state,  /* Cipher state handle */
                long            cmd,    /* Control command */
                long            param,  /* Parameter id */
                char            val,    /* Parameter value */
                long            *len);  /* For CRYPTO_GET: on entry -
                                           val buffer length, on exit -
                                           number of bytes written to
                                           val; for CRYPTO_SET: length
                                           of value to set */
        
/* Algorithm control */
CRYPTO_STATUS   CryptoControl(
                CRYPTO_HANDLE   state,  /* Cipher state handle */
                long            cmd,    /* Control command */
                long            param,  /* Parameter id */
                char            val,    /* Parameter value */
                long            *len);  /* For CRYPTO_GET: on entry -
                                           val buffer length, on exit -
                                           number of bytes written to
                                           val; for CRYPTO_SET: length
                                           of value to set */
        

The function provides cryptographic context internal parameters management. It may be used to check context parameters or to change the context state, for example it may return information about cryptoalgorithm (is given context uses hardware encryption facilities), or it may "scroll" stream algorithms context if necessary, etc.

该函数提供加密上下文内部参数管理。它可用于检查上下文参数或更改上下文状态,例如,它可返回有关cryptoalgorithm的信息(给定上下文使用硬件加密设施),或在必要时“滚动”流算法上下文等。

Description of parameters:

参数说明:

state - cryptographic context handle.

状态-加密上下文句柄。

cmd - command (CRYPTO_GET or CRYPTO_SET).

cmd-命令(加密获取或加密设置)。

param - identifier of parameter. Values in the range of 0..32767 are assigned well-known numbers for all algorithms. Values in the range of 32768..65535 mean various variables for various algorithms (may be arbitrarily used by cryptolibrary developer).

param-参数的标识符。0..32767范围内的值被分配给所有算法的已知数字。32768..65535范围内的值表示各种算法的各种变量(cryptolibrary developer可以任意使用)。

val - pointer to the data buffer.

val-指向数据缓冲区的指针。

len - data size (in bytes).

len—数据大小(以字节为单位)。

Returned values:

返回值:

CRYPTO_OK - successful completion.

加密正常-成功完成。

CRYPTO_ERR_GENERAL - internal error.

加密错误常规-内部错误。

CRYPTO_ERR_BAD_HANDLE - invalid cryptographic context handle.

加密错误句柄-无效的加密上下文句柄。

CRYPTO_ERR_NO_RESOURCES - insufficient internal resources.

加密错误无资源-内部资源不足。

CRYPTO_ERR_NO_MEMORY - not enough memory. Contrary to general

加密错误没有内存-内存不足。与一般情况相反

CRYPTO_ERR_NO_RESOURCES error this code assumes that the calling module can release system memory (if it is in position to) and try to call the function once again.

CRYPTO_ERR_NO_RESOURCES error此代码假定调用模块可以释放系统内存(如果可以),并再次尝试调用该函数。

CRYPTO_ERR_SMALL_BUFFER - insufficient output buffer size.

加密错误缓冲区小-输出缓冲区大小不足。

CRYPTO_ERR_BAD_PARAMS - invalid parameters.

CRYPTO_ERR_BAD_参数-无效参数。

4. Cryptoplugin Registration Procedure
4. 加密插件注册程序

Cryptoplugin should be linked together with the cryptoplugin wrapper library delivered by the cryptoplugin's client developer according to the rules specified by the module-client developer for each platform. It should result in a driver (module) of appropriate operating system that implements the cryptolibrary functions. The driver should be one of the drivers loaded during operating system boot. The procedure of cryptoplugin driver installation should be defined, documented, and automated when necessary, by the cryptoplugin developer. At the beginning of operation the driver-client determines cryptoplugin driver availability and establishes interconnection with it. Both module-client configuration and current security policy determine data conversion algorithms to be chosen.

Cryptoplugin应与Cryptoplugin的客户端开发人员根据模块客户端开发人员为每个平台指定的规则提供的Cryptoplugin包装库链接在一起。它应该产生一个实现cryptolibrary函数的适当操作系统的驱动程序(模块)。该驱动程序应该是操作系统引导期间加载的驱动程序之一。cryptoplugin驱动程序的安装过程应由cryptoplugin开发人员定义、记录并在必要时实现自动化。在操作开始时,驱动程序客户端确定cryptoplugin驱动程序的可用性,并与之建立互连。模块客户端配置和当前安全策略都决定了要选择的数据转换算法。

5. Security Considerations
5. 安全考虑

Security issues are addressed throughout this memo.

安全问题贯穿于本备忘录。

6. References
6. 工具书类

[Schneier] Bruce Schneier, Applied Cryptography - Protocols, Algorithms, and Source Code in C (Second Edition), John Wiley & Sons, Inc., 1996.

[Schneier]Bruce Schneier,应用密码学-C语言中的协议、算法和源代码(第二版),John Wiley&Sons,Inc.,1996年。

[IPsec] Kent, S. and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, November 1998.

[IPsec]Kent,S.和R.Atkinson,“互联网协议的安全架构”,RFC 2401,1998年11月。

[ISAKMP] Maughhan, D., Schertler, M. Schneider, M. and J. Turner, "Internet Security Association and Key Management Protocol (ISAKMP)", RFC 2408, November 1998.

[ISAKMP]Maughan,D.,Schertler,M.Schneider,M.和J.Turner,“互联网安全协会和密钥管理协议(ISAKMP)”,RFC 2408,1998年11月。

[IKE] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November 1998.

[IKE]Harkins,D.和D.Carrel,“互联网密钥交换(IKE)”,RFC 2409,1998年11月。

[TLS] Dierks, T. and C. Allen, "The TLS protocol Version 1.0", RFC 2246, January 1999.

[TLS]Dierks,T.和C.Allen,“TLS协议版本1.0”,RFC 2246,1999年1月。

7. Author's Address
7. 作者地址

Valery Smyslov TWS Centralny prospekt, 11, Moscow, Russia

Valery Smyslov TWS Centralny prospekt,11号,俄罗斯莫斯科

   Phone: +7 (095) 531 4633
   Fax:   +7 (095) 531 2403
   EMail: svan@trustworks.com
        
   Phone: +7 (095) 531 4633
   Fax:   +7 (095) 531 2403
   EMail: svan@trustworks.com
        
Appendix A. The interface specification as a C header file
附录A.作为C头文件的接口规范
#ifndef __CRYPTPI_H
#define __CRYPTPI_H
        
#ifndef __CRYPTPI_H
#define __CRYPTPI_H
        
#define CRYPTO_VER(maj,min)     (((maj & 0xff) << 8) | (min & 0xff))
#define CRYPTO_MAJ_VER(ver)     ((ver >> 8) & 0xff)
#define CRYPTO_MIN_VER(ver)     (ver & 0xff)
        
#define CRYPTO_VER(maj,min)     (((maj & 0xff) << 8) | (min & 0xff))
#define CRYPTO_MAJ_VER(ver)     ((ver >> 8) & 0xff)
#define CRYPTO_MIN_VER(ver)     (ver & 0xff)
        
#define CRYPTO_PLUGIN_NAME_LEN  64      /* Must be multiple of 4 to */
#define CRYPTO_ALG_NAME_LEN     32      /* avoid alignment problems */
        
#define CRYPTO_PLUGIN_NAME_LEN  64      /* Must be multiple of 4 to */
#define CRYPTO_ALG_NAME_LEN     32      /* avoid alignment problems */
        
#ifndef CRYPTO_HANDLE
#define CRYPTO_HANDLE           void*   /* cipher state handle */
#endif
        
#ifndef CRYPTO_HANDLE
#define CRYPTO_HANDLE           void*   /* cipher state handle */
#endif
        
typedef enum tag_CRYPTO_STATUS {
        CRYPTO_OK = 1,                  /* success */
        CRYPTO_ERR_GENERAL,             /* undefined (internal) error */
        CRYPTO_ERR_NOT_SUPPORTED,       /* unsupported */
        CRYPTO_ERR_BAD_HANDLE,          /* invalid handle */
        CRYPTO_ERR_SMALL_BUFFER,        /* insufficient output buffer
                                           size */
        CRYPTO_ERR_WEAK_KEY,            /* key is considered to be weak
                                           (semiweak, pseudoweak) */
        CRYPTO_ERR_NO_RESOURCES,        /* insufficient resources to
                                           perform operation */
        CRYPTO_ERR_NO_MEMORY,           /* insufficient memory to
                                           perform operation */
        CRYPTO_ERR_BAD_PARAMS,          /* invalid parameters */
        CRYPTO_ERR_HARDWARE,            /* hardware error */
        CRYPTO_ERR_INVALID_SIGNATURE,   /* invalid signature */
        CRYPTO_ERR_UNCLOSED_HANDLES     /* unclosed handles exist while
                                           plugin deinitializises */
} CRYPTO_STATUS;
        
typedef enum tag_CRYPTO_STATUS {
        CRYPTO_OK = 1,                  /* success */
        CRYPTO_ERR_GENERAL,             /* undefined (internal) error */
        CRYPTO_ERR_NOT_SUPPORTED,       /* unsupported */
        CRYPTO_ERR_BAD_HANDLE,          /* invalid handle */
        CRYPTO_ERR_SMALL_BUFFER,        /* insufficient output buffer
                                           size */
        CRYPTO_ERR_WEAK_KEY,            /* key is considered to be weak
                                           (semiweak, pseudoweak) */
        CRYPTO_ERR_NO_RESOURCES,        /* insufficient resources to
                                           perform operation */
        CRYPTO_ERR_NO_MEMORY,           /* insufficient memory to
                                           perform operation */
        CRYPTO_ERR_BAD_PARAMS,          /* invalid parameters */
        CRYPTO_ERR_HARDWARE,            /* hardware error */
        CRYPTO_ERR_INVALID_SIGNATURE,   /* invalid signature */
        CRYPTO_ERR_UNCLOSED_HANDLES     /* unclosed handles exist while
                                           plugin deinitializises */
} CRYPTO_STATUS;
        
/* CryptoControl commands */
#define CRYPTO_GET                      1       /* get parameter */
#define CRYPTO_SET                      2       /* set parameter */
        
/* CryptoControl commands */
#define CRYPTO_GET                      1       /* get parameter */
#define CRYPTO_SET                      2       /* set parameter */
        
/* Currently defined algorithm types */
#define CRYPTO_TYPE_ENCRYPT             1
#define CRYPTO_TYPE_DECRYPT             2
#define CRYPTO_TYPE_SIGN                3
#define CRYPTO_TYPE_VERIFY              4
#define CRYPTO_TYPE_COMPRESS            5
#define CRYPTO_TYPE_UNCOMPRESS          6
#define CRYPTO_TYPE_HASH                7
        
/* Currently defined algorithm types */
#define CRYPTO_TYPE_ENCRYPT             1
#define CRYPTO_TYPE_DECRYPT             2
#define CRYPTO_TYPE_SIGN                3
#define CRYPTO_TYPE_VERIFY              4
#define CRYPTO_TYPE_COMPRESS            5
#define CRYPTO_TYPE_UNCOMPRESS          6
#define CRYPTO_TYPE_HASH                7
        

#define CRYPTO_TYPE_RANDOM 8

#定义加密类型随机8

/* Currently defined algorithm IDs (for types
   CRYPTO_TYPE_ENCRYPT & CRYPTO_TYPE_DECRYPT) */
#define CRYPTO_AE_DUMMY                 1       /* no encryption */
#define CRYPTO_AE_DES                   2       /* DES-CBC */
#define CRYPTO_AE_3DES_EDE              3       /* Triple DES-EDE-CBC */
#define CRYPTO_AE_IDEA                  4       /* IDEA-CBC */
#define CRYPTO_AE_RC2                   5       /* RC2 */
#define CRYPTO_AE_RC4                   6       /* RC4 */
#define CRYPTO_AE_RC5                   7       /* RC5 */
#define CRYPTO_AE_SAFER                 8       /* SAFER */
#define CRYPTO_AE_CAST                  9       /* CAST */
#define CRYPTO_AE_BLOWFISH              10      /* Blowfish */
#define CRYPTO_AE_RSA                   11      /* RSA */
#define CRYPTO_AE_GOST                  12      /* GOST */
        
/* Currently defined algorithm IDs (for types
   CRYPTO_TYPE_ENCRYPT & CRYPTO_TYPE_DECRYPT) */
#define CRYPTO_AE_DUMMY                 1       /* no encryption */
#define CRYPTO_AE_DES                   2       /* DES-CBC */
#define CRYPTO_AE_3DES_EDE              3       /* Triple DES-EDE-CBC */
#define CRYPTO_AE_IDEA                  4       /* IDEA-CBC */
#define CRYPTO_AE_RC2                   5       /* RC2 */
#define CRYPTO_AE_RC4                   6       /* RC4 */
#define CRYPTO_AE_RC5                   7       /* RC5 */
#define CRYPTO_AE_SAFER                 8       /* SAFER */
#define CRYPTO_AE_CAST                  9       /* CAST */
#define CRYPTO_AE_BLOWFISH              10      /* Blowfish */
#define CRYPTO_AE_RSA                   11      /* RSA */
#define CRYPTO_AE_GOST                  12      /* GOST */
        
/* Currently defined algorithm IDs (for types
   CRYPTO_TYPE_SIGN & CRYPTO_TYPE_VERIFY) */
#define CRYPTO_AS_RSA                   2       /* RSA */
#define CRYPTO_AS_DSA                   3       /* DSA */
#define CRYPTO_AS_GOST                  4       /* GOST */
        
/* Currently defined algorithm IDs (for types
   CRYPTO_TYPE_SIGN & CRYPTO_TYPE_VERIFY) */
#define CRYPTO_AS_RSA                   2       /* RSA */
#define CRYPTO_AS_DSA                   3       /* DSA */
#define CRYPTO_AS_GOST                  4       /* GOST */
        
/* Currently defined algorithm IDs (for types
   CRYPTO_TYPE_COMPRESS & CRYPTO_TYPE_UNCOMPRESS) */
#define CRYPTO_AC_DUMMY                 1       /* no compression */
#define CRYPTO_AC_DEFLATE               2       /* Deflate */
#define CRYPTO_AC_LZS                   3       /* LZS */
        
/* Currently defined algorithm IDs (for types
   CRYPTO_TYPE_COMPRESS & CRYPTO_TYPE_UNCOMPRESS) */
#define CRYPTO_AC_DUMMY                 1       /* no compression */
#define CRYPTO_AC_DEFLATE               2       /* Deflate */
#define CRYPTO_AC_LZS                   3       /* LZS */
        
/* Currently defined algorithm IDs (for type CRYPTO_TYPE_HASH) */
#define CRYPTO_AH_MD5                   1       /* MD5 */
#define CRYPTO_AH_SHA                   2       /* SHA-1 */
#define CRYPTO_AH_GOST                  3       /* GOST */
        
/* Currently defined algorithm IDs (for type CRYPTO_TYPE_HASH) */
#define CRYPTO_AH_MD5                   1       /* MD5 */
#define CRYPTO_AH_SHA                   2       /* SHA-1 */
#define CRYPTO_AH_GOST                  3       /* GOST */
        
/* Currently defined algorithm IDs (for type CRYPTO_TYPE_RANDOM) */
#define         CRYPTO_AR_UNKNOWN       1
        
/* Currently defined algorithm IDs (for type CRYPTO_TYPE_RANDOM) */
#define         CRYPTO_AR_UNKNOWN       1
        
/* Currently defined plugin flags */
#define CRYPTO_PLUGIN_HARDWARE          1       /* plugin uses hdw */
/* TBD more */
        
/* Currently defined plugin flags */
#define CRYPTO_PLUGIN_HARDWARE          1       /* plugin uses hdw */
/* TBD more */
        
/* Currently defined algorithm flags */
#define CRYPTO_ALG_HARDWARE             1       /* algorithm implemented
                                                   in hardware */
#define CRYPTO_ALG_MULTITHREADED        2       /* implementation allows
                                                   multithreading */
/* TBD more */
        
/* Currently defined algorithm flags */
#define CRYPTO_ALG_HARDWARE             1       /* algorithm implemented
                                                   in hardware */
#define CRYPTO_ALG_MULTITHREADED        2       /* implementation allows
                                                   multithreading */
/* TBD more */
        
/* Currently defined parameters identifiers for CryptoControl */
#define CRYPTO_PARAM_KEY                1       /* Only for CRYPTO_GET -
                                                   get current key */
/* TBD more */
        
/* Currently defined parameters identifiers for CryptoControl */
#define CRYPTO_PARAM_KEY                1       /* Only for CRYPTO_GET -
                                                   get current key */
/* TBD more */
        
typedef struct  tag_CryptoAlgInfo {
        long    status;                 /* Algorithm status */
        long    type;                   /* algorithm type (One of
                                           CRYPTO_TYPE_XXX) */
        long    id;                     /* algorithm ID */
        long    group;                  /* algorithm group */
        long    version;                /* algorithm version
                                           (CRYPTO_VER) */
        long    flags;                  /* algorithm flags
                                           (CRYPTO_ALG_XXX) */
        long    maxcontexts;            /* max number of cipher states
                                           supported (0 - any) */
        char    name[CRYPTO_ALG_NAME_LEN];      /* algorithm name */
                          /* CRYPT   SIGN    COMPRESS HASH    RANDOM  */
                          /* DECRYPT VERIFY                           */
        long    blocklen; /* blklen (blklen)  inlen   blklen    -     */
        long    keylen;   /* keylen  keylen     -       -     seedlen */
        long    outlen;   /* outlen (signlen) outlen  hashlen randlen */
        long    milen;    /* milen   (param)    -       -       -     */
} CryptoAlgInfo;
        
typedef struct  tag_CryptoAlgInfo {
        long    status;                 /* Algorithm status */
        long    type;                   /* algorithm type (One of
                                           CRYPTO_TYPE_XXX) */
        long    id;                     /* algorithm ID */
        long    group;                  /* algorithm group */
        long    version;                /* algorithm version
                                           (CRYPTO_VER) */
        long    flags;                  /* algorithm flags
                                           (CRYPTO_ALG_XXX) */
        long    maxcontexts;            /* max number of cipher states
                                           supported (0 - any) */
        char    name[CRYPTO_ALG_NAME_LEN];      /* algorithm name */
                          /* CRYPT   SIGN    COMPRESS HASH    RANDOM  */
                          /* DECRYPT VERIFY                           */
        long    blocklen; /* blklen (blklen)  inlen   blklen    -     */
        long    keylen;   /* keylen  keylen     -       -     seedlen */
        long    outlen;   /* outlen (signlen) outlen  hashlen randlen */
        long    milen;    /* milen   (param)    -       -       -     */
} CryptoAlgInfo;
        
typedef struct  tag_CryptoPluginInfo {
        long    cpi_version;            /* Crypto PI version (currently
                                           CRYPTO_VER(1,0)) */
        long    status;                 /* Plugin status */
        char    name[CRYPTO_PLUGIN_NAME_LEN];   /* plugin text
                                                   description */
        long    version;                /* plugin version
                                           (CRYPTO_VER) */
        long    flags;                  /* plugin flags
                                           (CRYPTO_PLUGIN_XXX) */
        long    number_of_algs;         /* number of AlgInfo structures
                                           followed (min 1) */
        CryptoAlgInfo   algs[1];        /* array of AlgInfo structures
                                           (min 1) */
} CryptoPluginInfo;
        
typedef struct  tag_CryptoPluginInfo {
        long    cpi_version;            /* Crypto PI version (currently
                                           CRYPTO_VER(1,0)) */
        long    status;                 /* Plugin status */
        char    name[CRYPTO_PLUGIN_NAME_LEN];   /* plugin text
                                                   description */
        long    version;                /* plugin version
                                           (CRYPTO_VER) */
        long    flags;                  /* plugin flags
                                           (CRYPTO_PLUGIN_XXX) */
        long    number_of_algs;         /* number of AlgInfo structures
                                           followed (min 1) */
        CryptoAlgInfo   algs[1];        /* array of AlgInfo structures
                                           (min 1) */
} CryptoPluginInfo;
        
#ifdef __cplusplus
extern "C" {
#endif
        
#ifdef __cplusplus
extern "C" {
#endif
        
/* CryptoPlugin initialization. Returns pointer to CryptoPluginInfo
structure on success or NULL on fatal error. */
        
/* CryptoPlugin initialization. Returns pointer to CryptoPluginInfo
structure on success or NULL on fatal error. */
        
CryptoPluginInfo *CryptoPluginInit(
                void            *param);/* Ptr to OS parameters
                                           (platform-specific) */
        
CryptoPluginInfo *CryptoPluginInit(
                void            *param);/* Ptr to OS parameters
                                           (platform-specific) */
        
/* Plugin deinitialization */
CRYPTO_STATUS   CryptoPluginFini(void);
        
/* Plugin deinitialization */
CRYPTO_STATUS   CryptoPluginFini(void);
        
/* Get new algorithm instance (cipher state) */
CRYPTO_STATUS   CryptoOpen(
                CRYPTO_HANDLE   *state, /* Pointer to cipher state
                                            handle (filled on exit) */
                 long            algnum, /* Algorithm number in
                                            CryptoPluginInfo structure */
                 const char      *key);  /* key (in plain) */
        
/* Get new algorithm instance (cipher state) */
CRYPTO_STATUS   CryptoOpen(
                CRYPTO_HANDLE   *state, /* Pointer to cipher state
                                            handle (filled on exit) */
                 long            algnum, /* Algorithm number in
                                            CryptoPluginInfo structure */
                 const char      *key);  /* key (in plain) */
        
 /* Reinitialize algorithm instance */
 CRYPTO_STATUS   CryptoReOpen(
                 CRYPTO_HANDLE   state, /* current cipher state handle */
                 const char      *key);  /* key (in plain) */
        
 /* Reinitialize algorithm instance */
 CRYPTO_STATUS   CryptoReOpen(
                 CRYPTO_HANDLE   state, /* current cipher state handle */
                 const char      *key);  /* key (in plain) */
        
 /* Destroy algorithm instance */
 CRYPTO_STATUS   CryptoClose(
                 CRYPTO_HANDLE   state); /* Handle of cipher state */
        
 /* Destroy algorithm instance */
 CRYPTO_STATUS   CryptoClose(
                 CRYPTO_HANDLE   state); /* Handle of cipher state */
        
 /* Check key for possible weakness */
 CRYPTO_STATUS   CryptoCheckForWeakKey(
                 long            algnum, /* Algorithm number in
                                            CryptoPluginInfo structure */
                 const char      *key);  /* Proposed key */
        
 /* Check key for possible weakness */
 CRYPTO_STATUS   CryptoCheckForWeakKey(
                 long            algnum, /* Algorithm number in
                                            CryptoPluginInfo structure */
                 const char      *key);  /* Proposed key */
        
 /* Perform CryptoTransform (depends on cipher state type) */
 CRYPTO_STATUS   CryptoTransform(
                 CRYPTO_HANDLE   state,  /* Cipher state handle */
                 const char      *inbuff,/* input data */
                 long            inlen,  /* input data length */
                 char            *outbuff,/* output buffer */
                 long            *outlen,/* On entry - output buffer
                                           length, on exit -  number of
                                           bytes written to outbuff */
                 char            *mi);   /* Message indicator  */
        
 /* Perform CryptoTransform (depends on cipher state type) */
 CRYPTO_STATUS   CryptoTransform(
                 CRYPTO_HANDLE   state,  /* Cipher state handle */
                 const char      *inbuff,/* input data */
                 long            inlen,  /* input data length */
                 char            *outbuff,/* output buffer */
                 long            *outlen,/* On entry - output buffer
                                           length, on exit -  number of
                                           bytes written to outbuff */
                 char            *mi);   /* Message indicator  */
        
 /* Algorithm control */
 CRYPTO_STATUS   CryptoControl(
                 CRYPTO_HANDLE   state,  /* Cipher state handle */
                 long            cmd,    /* Control command */
                 long            param,  /* Parameter id */
                 char            val,    /* Parameter value */
                 long            *len);  /* For CRYPTO_GET: on entry -
        
 /* Algorithm control */
 CRYPTO_STATUS   CryptoControl(
                 CRYPTO_HANDLE   state,  /* Cipher state handle */
                 long            cmd,    /* Control command */
                 long            param,  /* Parameter id */
                 char            val,    /* Parameter value */
                 long            *len);  /* For CRYPTO_GET: on entry -
        
                                            val buffer length, on exit -
                                            number of bytes written to
                                            val; for CRYPTO_SET: length
                                            of value to set */
        
                                            val buffer length, on exit -
                                            number of bytes written to
                                            val; for CRYPTO_SET: length
                                            of value to set */
        
 #ifdef __cplusplus
 }
 #endif
        
 #ifdef __cplusplus
 }
 #endif
        
 #endif  /* __CRYPTPI_H */
        
 #endif  /* __CRYPTPI_H */
        

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (1999). All Rights Reserved.

版权所有(C)互联网协会(1999年)。版权所有。

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.

上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。

This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。