1/*
2 * crypto.h - public data structures and prototypes for the crypto library
3 *
4 * The contents of this file are subject to the Mozilla Public
5 * License Version 1.1 (the "License"); you may not use this file
6 * except in compliance with the License. You may obtain a copy of
7 * the License at http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS
10 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
11 * implied. See the License for the specific language governing
12 * rights and limitations under the License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is Netscape
17 * Communications Corporation.  Portions created by Netscape are
18 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
19 * Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the
24 * terms of the GNU General Public License Version 2 or later (the
25 * "GPL"), in which case the provisions of the GPL are applicable
26 * instead of those above.  If you wish to allow use of your
27 * version of this file only under the terms of the GPL and not to
28 * allow others to use your version of this file under the MPL,
29 * indicate your decision by deleting the provisions above and
30 * replace them with the notice and other provisions required by
31 * the GPL.  If you do not delete the provisions above, a recipient
32 * may use your version of this file under either the MPL or the
33 * GPL.
34 */
35
36#ifndef _CRYPTOHI_H_
37#define _CRYPTOHI_H_
38
39#include <security_asn1/seccomon.h>
40#include <Security/SecCmsBase.h>
41
42
43SEC_BEGIN_PROTOS
44
45
46/****************************************/
47/*
48** DER encode/decode DSA signatures
49*/
50
51/* ANSI X9.57 defines DSA signatures as DER encoded data.  Our DSA code (and
52 * most of the rest of the world) just generates 40 bytes of raw data.  These
53 * functions convert between formats.
54 */
55//extern SECStatus DSAU_EncodeDerSig(SECItem *dest, SECItem *src);
56//extern SECItem *DSAU_DecodeDerSig(SECItem *item);
57
58/*
59 * Return a csp handle able to deal with algorithm
60 */
61extern CSSM_CSP_HANDLE SecCspHandleForAlgorithm(CSSM_ALGORITHMS algorithm);
62
63/*
64 * Return a CSSM_ALGORITHMS for a given SECOidTag or 0 if there is none
65 */
66extern CSSM_ALGORITHMS SECOID_FindyCssmAlgorithmByTag(SECOidTag algTag);
67
68
69/****************************************/
70/*
71** Signature creation operations
72*/
73
74/*
75** Sign a single block of data using private key encryption and given
76** signature/hash algorithm.
77**	"result" the final signature data (memory is allocated)
78**	"buf" the input data to sign
79**	"len" the amount of data to sign
80**	"pk" the private key to encrypt with
81**	"algid" the signature/hash algorithm to sign with
82**		(must be compatible with the key type).
83*/
84extern SECStatus SEC_SignData(SECItem *result, unsigned char *buf, int len,
85			     SecPrivateKeyRef pk, SECOidTag digAlgTag, SECOidTag sigAlgTag);
86
87/*
88** Sign a pre-digested block of data using private key encryption, encoding
89**  The given signature/hash algorithm.
90**	"result" the final signature data (memory is allocated)
91**	"digest" the digest to sign
92**	"pk" the private key to encrypt with
93**	"algtag" The algorithm tag to encode (need for RSA only)
94*/
95extern SECStatus SGN_Digest(SecPrivateKeyRef privKey,
96                SECOidTag digAlgTag, SECOidTag sigAlgTag, SECItem *result, SECItem *digest);
97
98/****************************************/
99/*
100** Signature verification operations
101*/
102
103
104/*
105** Verify the signature on a block of data for which we already have
106** the digest. The signature data is an RSA private key encrypted
107** block of data formatted according to PKCS#1.
108** 	"dig" the digest
109** 	"key" the public key to check the signature with
110** 	"sig" the encrypted signature data
111**	"algid" specifies the signing algorithm to use.  This must match
112**	    the key type.
113**/
114extern SECStatus VFY_VerifyDigest(SECItem *dig, SecPublicKeyRef key,
115				  SECItem *sig, SECOidTag digAlgTag, SECOidTag sigAlgTag, void *wincx);
116
117/*
118** Verify the signature on a block of data. The signature data is an RSA
119** private key encrypted block of data formatted according to PKCS#1.
120** 	"buf" the input data
121** 	"len" the length of the input data
122** 	"key" the public key to check the signature with
123** 	"sig" the encrypted signature data
124**	"algid" specifies the signing algorithm to use.  This must match
125**	    the key type.
126*/
127extern SECStatus VFY_VerifyData(unsigned char *buf, int len,
128				SecPublicKeyRef key, SECItem *sig,
129				SECOidTag digAlgTag, SECOidTag sigAlgTag, void *wincx);
130
131
132
133extern SECStatus WRAP_PubWrapSymKey(SecPublicKeyRef publickey,
134				    SecSymmetricKeyRef bulkkey,
135				    CSSM_DATA_PTR encKey);
136
137
138extern SecSymmetricKeyRef WRAP_PubUnwrapSymKey(SecPrivateKeyRef privkey, CSSM_DATA_PTR encKey, SECOidTag bulkalgtag);
139
140
141SEC_END_PROTOS
142
143#endif /* _CRYPTOHI_H_ */
144