Powered by Google www.ChineseStandard.net Database: 189760 (25 May 2024)

GM/T 0055-2018 PDF in English


GM/T 0055-2018 (GM/T0055-2018, GMT 0055-2018, GMT0055-2018)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GM/T 0055-2018English490 Add to Cart 0-9 seconds. Auto-delivery. File cryptographic technical specification Valid


Standards related to: GM/T 0055-2018

GM/T 0055-2018: PDF in English (GMT 0055-2018)

GM/T 0055-2018
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Registration number: 62990-2018
GB/T 0055-2018
File cryptographic technical specification
ISSUED ON: MAY 02, 2018
IMPLEMENTED ON: MAY 02, 2018
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 4 
Introduction ... 5 
1 Scope ... 6 
2 Normative references ... 6 
3 Terms and definitions ... 6 
4 Abbreviations ... 8 
5 Labeling mechanism ... 8 
5.1 Overall description ... 8 
5.2 System architecture of label-based secured file ... 8 
5.3 Label-based security mechanisms ... 10 
5.4 Middleware’s processing of secured files ... 10 
5.5 Storage method of secured files ... 11 
5.6 Binding mechanism of label and file ... 12 
6 Cryptographic algorithm and cryptographic service ... 14 
6.1 Cryptographic mechanism ... 14 
6.3 Basic cryptographic services ... 15 
6.4 Personalized cryptographic service ... 15 
6.5 Key object ... 16 
7 Labels ... 16 
7.1 Label structure ... 16 
7.2 Label attributes ... 21 
8 Basic cryptographic operation ... 31 
8.1 Overview ... 31 
8.2 Label integrity and establishment of binding relationship ... 31 
8.3 Label integrity and verification of binding relationship ... 31 
8.4 File signature ... 32 
8.5 Adding a file signature ... 32 
8.6 Verification of file signature ... 33 
8.7 File encryption ... 33 
8.8 File decryption ... 33 
9 Cryptographic service interface of secured file ... 34 
9.1 Definition of constant ... 34 
9.2 Definition of structure ... 36 
9.3 Composition of interface function and function description ... 44 
9.4 Definition of interface function ... 44 
Appendix A (Informative) Digital watermark ... 86 
Appendix B (Informative) Fingerprint recognition ... 87 
File cryptographic technical specification
1 Scope
This standard neither standardize the security of the application system, nor
specify specific file types.
This standard is applicable to the relevant standard specifications and
applications that focus on the security of file objects. It is also applicable to the
development and testing of the middleware of cryptographic service of security
electronic files, which can be used to guide the development of application
systems using this middleware.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GM/T 0009 SM2 Cryptography algorithm application specification
GM/T 0015 Digital certificate format based on SM2 algorithm
GM/T 0017 Smart token cryptography application interface data format
specification
GM/T 0019 Universal cryptography service interface specification
GM/T 0031 Secure electronic stamp cryptography technical specification
PKCS # 1 RSA Cryptography Standard
PKCS # 5 Password-based Encryption Standard
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
Application system
file circulation, rights management; security management services such as
behavior records.
4 Abbreviations
The following abbreviations apply to this document.
API: Application Programming Interface
ASN.1: Abstract Syntax Notation One
CBC: Cipher-book Chain
CFB: Cipher Feedback
ECB: Electronic Codebook
FAR: False Accept Rate
OFB: Output Feedback
PKCS: The Public-Key Cryptography Standard
PKI: Public Key Infrastructure
5 Labeling mechanism
5.1 Overall description
This standard uses cryptographic techniques to ensure the confidentiality,
integrity, validity, non-repudiation of files; abstracts and integrates the
cryptographic services required by the application system. A labeling
mechanism has been designed in this standard, to address security issues
throughout the life cycle of the file.
5.2 System architecture of label-based secured file
The label-based secured file system includes application systems, middleware,
basic cryptographic services, personalized cryptographic services, as shown in
Figure 1. The basic cryptographic services are divided into two categories
according to the usage environment. One is the cryptographic service which
complies with GM/T 0019, the cryptographic service is provided for the
application layer. The other is the cryptographic service which complies with
GM/T 0017. The service is provided for the kernel layer.
fingerprint recognition are implemented by the personalized cryptographic
service. The service interface provided by the middleware is as detailed in
Chapter 9.
5.3 Label-based security mechanisms
In the label-based security mechanism, a secured file consists of two parts: a
file and a label. A file is the result of the original file or the cryptographic
processing of the original file. The label refers to the original label or the result
of cryptographic processing of the original label. There is a unique binding
between files and labels throughout the lifecycle of a secured file. Labels can
only be processed by middleware. The label consists of a label header and a
label body that can be encrypted.
Labels are the basis for the operation of secured files. They describe the
attributes of secured files, including mainly the signature attributes, privilege
attributes, stamp attributes, watermark attributes, fingerprint attributes,
identification attributes, content attributes, extension attributes, log attributes,
etc.
The privilege attribute specifies the cryptographic processing and operation
privileges of the secured file, such as the cryptographic processing method
including encryption, signature, adding stamp, adding watermark, fingerprint
recognition, as well as operation privileges including reading, writing, printing,
etc.
The identification attribute describes the number, creator, creation time of the
secured file. The identification attribute cannot be changed when the label is
created.
The content attribute describes the basic information of a secured file, such as
the basic information including the original file name, original file date, file type,
file modification time.
The extension attributes are reserved attributes that are used by the application
system to define its own various attributes.
The log attribute records the actions the operator has made on the secured file,
such as the type of operation, the operator, the time of operation, and so on.
5.4 Middleware’s processing of secured files
The middleware provides services to the application system according to the
request/response mode. After the application system issues an operation
request to the middleware, the middleware performs processing as follows:
creator: The serial number of the encryption certificate of the label creator;
createTime: The time when the label was created, which is the system time;
lastAccessTime: The time of the last write operation to the label, which is the
system time.
The ASN.1 definition of label’s signature attribute:
SignAttribute: : = SEQUENCE {
Signer Certificate, -- Signature certificate
signAlg ObjectIdentifier, -- Algorithm identifier
signature BIT STRING -- Signature value
Where:
signer: The signer's signature certificate, following the definition of ASN.1 in
GM/T 0015;
signAlg: The signature algorithm’s identifier;
signature: The result of the signature of all the contents of the label except the
signature value attribute.
The ASN.1 definition of label encryption attribute:
EncryptionAttribute: : = SEQUENCE {
algorithmID ObjectIdentifier, -- Algorithm identifier
algMode INTEGER, -- Algorithm mode
numBits INTEGER, -- Number of feedback bits
decryptorList DECRYPTLIST -- List of decryptors
Where:
algorithmID: Algorithm identifier.
DECRYPTLIST: : = SEQUENCE{
DecryptorSet
The privilege attribute defines the operation privilege for the file. The ASN.1
definition of the privilege attribute:
PrivAttr:: = SEQUENCE {
OPERATORLIST -- List of operator privileges
OPERATORLIST: : = SET OF Operator Attribute
The ASN.1 definition of operator privilege attribute is as follows:
OperatorAttribute: : = SEQUENCE {
operator Decryptor,
privilege SEQUENCE
Where:
operator: The structure is the same as the ASN.1 definition of Decryptor in
"7.1.1.2" of this standard.
ASN.1 definition of operator privileges:
privilege: : = SEQUENCE {
cert Certificate, -- The user certificate for this privilege
read BOOLEAN, -- Read privilege
totalRead INTEGER, -- The number of times readable
alreadyRead INTEGER, -- The number of times read
write BOOLEAN, -- Write privilege
delete BOOLEAN, -- Delete privileges
print BOOLEAN, -- Print privilege
totalPrint INTEGER, -- The number of copies printable
alreadyPrint INTEGER, -- The number of copies printed
expri EXPRIVILEGE optional -- Extension privilege
The ASN.1 definition of content attributes:
Content Attribute : : = SEQUENCE {
fileType INTEGER, -- File type
fileLevel INTEGER, -- File level
fileSize INTEGER, -- File size
fileName UTF8String, -- Filename
fileTitle UTF8String, -- File title
fileDate GeneralizedTime, -- The last modification date of the file
expiredDate GeneralizedTime, -- The expiration date
desuetudeDate GeneralizedTime, -- The revocation date
destroyData GeneralizedTime -- The destruction date
Where:
fileType: The file type, the specific meaning is defined by the application;
fileLevel: The file level, the specific meaning is defined by the application;
fileSize: The number of bytes in the plaintext of the file;
fileName: The file name;
fileTitle: The file title;
fileDate: The last modification date of the file;
expiredDate: The expiration date of the file. If the file exceeds the date, the file
will be invalid and cannot be modified, but only be read.
desuetudeDate: The date the file was invalidated during the validity period of
the file;
destroyData: The date the file is destroyed. After it expires, the file cannot be
read.
7.2.8 Identity attributes
The identity attribute is the unique identifier of the file. The identity is determined
8 Basic cryptographic operation
8.1 Overview
Basic cryptographic operations refer to the various common cryptographic
operations that middleware implements on labels and files. The validity of digital
certificate used in the middleware cryptographic operation is ensured by the
application system, then it can perform cryptographic operation.
8.2 Label integrity and establishment of binding relationship
This is required when the label is established and updated. The process is as
follows:
a) Obtain an algorithm identifier (algorithmID) from the signature attribute
(SFL_Head:signAttr) of the label header;
b) Use the hash algorithm as specified in the algorithm identifier to calculate
the abstract of all label contents except for the signature value of the label
header;
c) Use the public key algorithm as specified in the algorithm identifier and the
private key of the operator signature to carry out digital signature for the
abstract as generated in the step b);
d) Fill the signature value in the signature attribute (SFL_Head: signAttr) of
the label header;
e) If the encryption attribute (SFL_Head: encryptionAttr) of the label header
is not empty, use the block cipher algorithm as specified in the algorithm
identifier to encrypt the entire label body. The encryption key is randomly
generated. Use the public key algorithm as specified in the algorithm
identifier and the operator's encrypted public key to generate a digital
envelope, which is stored in the decryptor list (SFL_ Head: encryptionAttr:
decryptorList) of the encryption attribute of the label header.
8.3 Label integrity and verification of binding relationship
The middleware shall perform this verification operation before operating the
secured file. The process is as follows:
a) Obtain an algorithm identifier (algorithmID) from the signature attribute
(SFL_Head:signAttr) of the label header;
9.3 Composition of interface function and function description
9.3.1 Overview
The interface function consists of the following parts:
a) Initialization function;
b) Label and file operation functions;
c) Attribute operation function;
d) Password initialization function.
9.3.2 Initialization function
Initialize the function user system’s initial parameter settings and device
connections, etc.
9.3.3 Label and file operation functions
The label operation function opens, reads, modifies, saves, closes the user
label, meanwhile processes the encryption and decryption operations of the file.
9.3.4 Attribute operation functions
Add, modify, delete, obtain the label attributes.
9.3.5 Cryptographic operation function
The cryptographic operation function is used to encrypt, decrypt, sign and verify
the segmented data blocks.
9.4 Definition of interface function
9.4.1 Initialization function
9.4.1.1 Overview
The initialization function includes the following specific functions:
Non-0: Failed, return error code, wherein the definition of error code is
as shown in Table 3.
9.4.2 Function of label and file operations
9.4.2.1 Overview
Label and file operations include the following specific functions:
a) Open the secured file label memory: SFF_OpenSFLB
b) Read the external secured file memory: SFF_ExternalReadSFB
c) Read internal secured file memory: SFF_InternalReadSFB
d) Modify the external secured file memory: SFF_ExternalWriteSFB
e) Modify the internal secured file memory: SFF_InternalWriteSFB
f) Add file signature: SFF_AddSignAttr
g) Save secured file memory: SFF_SaveSFLB
h) Open secured file label: SFF_OpenSFL
i) Read external secured file: SFF_ExternalReadSF
j) Read internal secured file: SFF_InternalReadSF
k) Modify external secured file: SFF_ExternalWriteSF
l) Modify internal secured file: SFF_InternalWriteSF
m) Save secured file: SFF_SaveSFL
n) Close secured file: SFF_CloseSFL
o) Generate electronic signature: SFF_Stamp
p) Verify electronic signature: SFF_VerifyStamp
q) Add watermark: SFF_SetWaterMarkInfo
r) Extract watermark: SFF_GetWaterMarkInfo
s) Release watermark attribute memory: SFF_FreetWaterMarkInfo
9.4.2.2 Open secured file label memory
Prototype: int SFF_OpenSFLB(IN const SToken * pToken,
Description: Add the signature of the file to the end of the signature collection.
Parameters:
IN HSFL: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB.
Return value:
0: Success.
Non-0: Failed.
9.4.2.8 Save secured file memory
Prototype: int SFL_API SFF_SaveSFLB (IN HSFL hSfl,
OUT FileBuffer * pSFLBuffer);
Description:
a) If it is internal, encrypt the plaintext data;
b) Sign the label body;
c) Encrypt the label body;
d) Generate labels.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
OUT pSFLBuffer: Label data.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.2.9 Open security electronic file label
Prototype: int SFL_API SFF_OpenSFL(IN const SToken * pToken,
IN const char * pszSFL,
OUT HSFL * phSfl);
Description:
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.2.11 Read internal secured files
Prototype: int SFL_API SFF_InternalReadSF(IN HSFL hSfl,
IN const char * pszDstFile);
Description:
a) Determine user privileges;
b) Obtain ciphertext from the internal label;
c) Decrypt the ciphertext file.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
IN pszDstFile: The plaintext file after decryption.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.2.12 Modify external secured file
Prototype: int SFL.API SFF_ExternalWriteSF(IN HSFL hSfl,
IN const char * pszSrcFile,
IN const char * pszDstFile)
Description:
a) Determine user privileges;
b) Encrypt plaintext files.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
IN pszSrcFile: New plaintext file;
OUT WaterMarkAttr ** ppAttr);
Description: Extract the watermark attributes.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
OUT ppAttr: Returns the watermark attribute.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.2.20 Release watermark attribute memory
Prototype: int SFL_API SFF_FreetWaterMarklnfo(IN WaterMarkAttr * pAttr);
Description: Release the watermark attribute memory.
Parameters:
IN pAttr: Watermark attribute.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3 Attribute operation interface
9.4.3.1 Overview
Attribute operations include the following specific functions:
a) Set algorithm attribute: SFF_SetAlgAttr
b) Get algorithm attribute: SFF_GetAlgAttr
c) Add privilege attribute: SFF_AddPrivilegeAttr
d) Get privilege attribute: SFF_GetPrivilegeAttr
e) Get the number of privileges: SFF_GetPrivilegeCount
ff) Add the extension attribute: SFF_AddExtendAttr
gg) Get the extension attribute: SFF_GetExtendAttr
hh) Get the number of extension attributes: SFF_GetExtendCount
ii) Get the extension attribute by serial number: SFF_GetExtend
jj) Delete extension attributes: SFF_DelExtendAttr
kk) Release extension attribute memory: SFF_FreeExAttr
ll) Add file operation log: SFF_AddLogAttr
mm) Get the number of logs: SFF_GetLogCount
nn) Get the log: SFF_GetLogAttr
oo) Delete all logs: SFF_DelAlLogAttr
pp) Release the log memory: SFF_FreeLogAttr
qq) Set the stamp attribute; SFF_SetStampInfo
rr) Get the stamp attribute: SFF_GetStampInfo
ss) Release stamp attribute memory: SFF_FreetStampInfo
tt) Set the fingerprint attribute: SFF_SetFingerPrintInfo
uu) Get the fingerprint attribute: SFF_GetFingerPrintInfo
vv) Release fingerprint attribute structure memory: SFF_FreeFingerPrintInf
ww) Get the label attribute by the ID: SFF_GetAttribute
xx) Set the label attribute by the ID: SFF_SetAttribute
yy) Release label attribute memory: SFF_FreeAttribute
zz) Set the label size: SFF_SetLabelSize
aaa) Get the label size: SFF_GetLabelSize
9.4.3.2 Set algorithm attribute
Prototype: int SFL_API SFF_SetAlgAttr(IN HSFL hSfl,
IN const lAlgAttr * pAttr);
Description:
Prototype: void SFL_API SFF_FreePrivilegeAttr(IN IPrivilegeAttr * pAttr);
Description: Release the privilege memory.
Parameters:
IN pAttr: The privilege structure to be released.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3.9 Set identity attribute
Prototype: int SFL_API SFF_SetIdentifyAttr(IN HSFL hSfl,
IN const IldentifyAttr * pAttr);
Description: Set the label identity attribute.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
IN pAttr: Identify the attribute.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3.10 Obtain identity attributes
Prototype: int SFL_API SFF_GetIdentifyAttr(IN HSFL hSfl,
OUT IldentifyAttr * pAttr);
Description: Get the identity attribute from the label.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
OUT pAttr: Return the identity attribute.
Prototype: int SFL_API SFF_SetFileType(IN HSFL hSfl, IN UINT nFileType);
Description: Set the file type.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
IN nFileType: File type, meaning is user-defined.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3.14 Obtain the file type
Prototype: int SFL_API SFF_GetFileType(IN HSFL hSfl, OUT UINT *
pFileType);
Description: Get the file type.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
OUT pFileType: Returns the file type, meaning is user-defined.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3.15 Set the file level
Prototype: int SFL_API SFF_SetFileLevel(IN HSFL hSfl, IN UINT nLevel);
Description: Set the file level.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
IN nLevel: File level.
Return value:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
IN szFileCreator: The plaintext file creator.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
Note: This interface is only used when using the memory for encryption.
9.4.3.24 Get the plaintext file creator
Prototype: int SFL_API SFF_GetFileCreator(IN HSFL hSfl, OUT char
szFileCreator[32]);
Description: Get the plaintext file creator.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
IN szFileCreator: Return the plaintext file creator.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3.25 Set the last modification time of plaintext file
Prototype: int SFL_API SFF_SetFileModifyTime(IN HSFL hSfl, IN TIME64
tModify);
Description: Set the last modification time of the plaintext file.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
IN tModify: The modification time of the plaintext file.
Return value:
0: Success.
ptFileExpired);
Description: Get the expiration time of secured file.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
OUT ptFileExpired: Return the expiration time of the secured file.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3.29 Set the destruction time of secured file
Prototype: int SFL_API SFF_SetDestroyTime(IN HSFL hSfl, IN TIME64
tFileDestroy);
Description: Set the destruction time of secured file.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
IN tFileDestroy: The destruction time, in seconds.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
Note: After the destruction time, the file cannot be modified but only be read.
The specific destruction operation is completed by the application.
9.4.3.30 Get the destruction time of secured file
Prototype: int SFL_API SFF_GetDestroyTime(IN HSFL hSfl, OUT TIME64 *
tFileDestroy);
Description: Get the destruction time of secured file.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
usAttrld);
Description:
a) Determine whether the extension attribute’s ID is legal;
b) Delete the extension attribute.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
IN usAttrld: Extension attribute’s ID.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3.38 Release extension attribute memory
Prototype: int SFL_API SFF_FreeExAttr(IN lExtendAttr * pExAttr);
Description: Release extension attribute memory.
Parameters:
IN pExAttr: Extension attribute.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3.39 Add a file operation log
Prototype: int SFL_API SFF_AddLogAttr(IN HSFL hSfl, IN const ILogAttr *
pLog);
Description: Add a file operation log.
Parameter;
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB;
IN pLog: File operation log.
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3.42 Delete all logs
Prototype: int SFL_API SFF_DelAlLogAttr(IN HSFL hSfl);
Description:
a) Delete all logs;
b) Record the operation of log deletion.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
Note: Logs on log deletion will not be deleted.
9.4.3.43 Release log memory
Prototype: void SFF_FreeLogAttr(IN ILogAttr * pAttr);
Description: Release log memory.
Parameters:
IN pAttr: Log attribute.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3.44 Set the stamp attributes
Prototype: int SFL_API SFF_SetStampInfo(IN HSFL hSfl, IN SESeal * pAttr);
Description: Set the stamp attribute.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
Note: Set different attributes according to different ID.
9.4.3.52 Release label attribute memory
Prototype: int SFF_FreeAttribute(IN int nAttrlD, void * pAttr);
Description: Release the attribute memory.
Parameters:
IN nAttrlD: Attribute ID;
IN pAttr: Attribute memory.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.3.53 Set the label size
Prototype: int SFL.API SFF_SetLabelSize(IN HSFL hSfl, IN UINT nSize);
Description:
a) Determine whether the size is appropriate;
b) Set the label size.
Parameters:
IN hSfl: Label handle, returned by SFF_OpenSFL or SFF_OpenSFLB
IN nSize: The label size.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
Prototype: int SFL.API SFF_SymEncrypt(IN const HSFL hSfl,
IN BOOL bFinal,
IN const BYTE * pSrcData,
IN UINT nSrcLen,
OUT BYTE * pDstData,
OUT UINT * pDstLen);
Descriptions:
a) Determine whether the key handle is valid;
b) If it is the last piece of data, it is code-complemented;
c) Encrypt the data.
Parameters:
IN hSfl: Label handle;
IN bFinal: Whether it is the last piece of data;
IN pSrcData: Source data;
IN nSrcLen: Length of source data;
OUT pDstData: Ciphertext data;
OUT pDstLen: Length of ciphertext.
Return value:
0: Success.
Non-0: Failed, return error code, wherein the definition of error code is as
shown in Table 3.
9.4.4.3 Symmetrically decrypted data
Prototype: int SFL_API SFF_SymDecrypt(IN const HSFL hSfl,
IN BOOL bFinal,
IN const BYTE * pSrcData,
IN UINT nSrcLen,
......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.