1/* 2 * crypto.h - public data structures and prototypes for the crypto library 3 * 4 * The contents of this file are subject to the Mozilla Public 5 * License Version 1.1 (the "License"); you may not use this file 6 * except in compliance with the License. You may obtain a copy of 7 * the License at http://www.mozilla.org/MPL/ 8 * 9 * Software distributed under the License is distributed on an "AS 10 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 11 * implied. See the License for the specific language governing 12 * rights and limitations under the License. 13 * 14 * The Original Code is the Netscape security libraries. 15 * 16 * The Initial Developer of the Original Code is Netscape 17 * Communications Corporation. Portions created by Netscape are 18 * Copyright (C) 1994-2000 Netscape Communications Corporation. All 19 * Rights Reserved. 20 * 21 * Contributor(s): 22 * 23 * Alternatively, the contents of this file may be used under the 24 * terms of the GNU General Public License Version 2 or later (the 25 * "GPL"), in which case the provisions of the GPL are applicable 26 * instead of those above. If you wish to allow use of your 27 * version of this file only under the terms of the GPL and not to 28 * allow others to use your version of this file under the MPL, 29 * indicate your decision by deleting the provisions above and 30 * replace them with the notice and other provisions required by 31 * the GPL. If you do not delete the provisions above, a recipient 32 * may use your version of this file under either the MPL or the 33 * GPL. 34 */ 35 36#ifndef _CRYPTOHI_H_ 37#define _CRYPTOHI_H_ 38 39#include <security_asn1/seccomon.h> 40#include <Security/SecCmsBase.h> 41 42 43SEC_BEGIN_PROTOS 44 45 46/****************************************/ 47/* 48** DER encode/decode DSA signatures 49*/ 50 51/* ANSI X9.57 defines DSA signatures as DER encoded data. Our DSA code (and 52 * most of the rest of the world) just generates 40 bytes of raw data. These 53 * functions convert between formats. 54 */ 55//extern SECStatus DSAU_EncodeDerSig(SECItem *dest, SECItem *src); 56//extern SECItem *DSAU_DecodeDerSig(SECItem *item); 57 58/* 59 * Return a csp handle able to deal with algorithm 60 */ 61extern CSSM_CSP_HANDLE SecCspHandleForAlgorithm(CSSM_ALGORITHMS algorithm); 62 63/* 64 * Return a CSSM_ALGORITHMS for a given SECOidTag or 0 if there is none 65 */ 66extern CSSM_ALGORITHMS SECOID_FindyCssmAlgorithmByTag(SECOidTag algTag); 67 68 69/****************************************/ 70/* 71** Signature creation operations 72*/ 73 74/* 75** Sign a single block of data using private key encryption and given 76** signature/hash algorithm. 77** "result" the final signature data (memory is allocated) 78** "buf" the input data to sign 79** "len" the amount of data to sign 80** "pk" the private key to encrypt with 81** "algid" the signature/hash algorithm to sign with 82** (must be compatible with the key type). 83*/ 84extern SECStatus SEC_SignData(SECItem *result, unsigned char *buf, int len, 85 SecPrivateKeyRef pk, SECOidTag digAlgTag, SECOidTag sigAlgTag); 86 87/* 88** Sign a pre-digested block of data using private key encryption, encoding 89** The given signature/hash algorithm. 90** "result" the final signature data (memory is allocated) 91** "digest" the digest to sign 92** "pk" the private key to encrypt with 93** "algtag" The algorithm tag to encode (need for RSA only) 94*/ 95extern SECStatus SGN_Digest(SecPrivateKeyRef privKey, 96 SECOidTag digAlgTag, SECOidTag sigAlgTag, SECItem *result, SECItem *digest); 97 98/****************************************/ 99/* 100** Signature verification operations 101*/ 102 103 104/* 105** Verify the signature on a block of data for which we already have 106** the digest. The signature data is an RSA private key encrypted 107** block of data formatted according to PKCS#1. 108** "dig" the digest 109** "key" the public key to check the signature with 110** "sig" the encrypted signature data 111** "algid" specifies the signing algorithm to use. This must match 112** the key type. 113**/ 114extern SECStatus VFY_VerifyDigest(SECItem *dig, SecPublicKeyRef key, 115 SECItem *sig, SECOidTag digAlgTag, SECOidTag sigAlgTag, void *wincx); 116 117/* 118** Verify the signature on a block of data. The signature data is an RSA 119** private key encrypted block of data formatted according to PKCS#1. 120** "buf" the input data 121** "len" the length of the input data 122** "key" the public key to check the signature with 123** "sig" the encrypted signature data 124** "algid" specifies the signing algorithm to use. This must match 125** the key type. 126*/ 127extern SECStatus VFY_VerifyData(unsigned char *buf, int len, 128 SecPublicKeyRef key, SECItem *sig, 129 SECOidTag digAlgTag, SECOidTag sigAlgTag, void *wincx); 130 131 132 133extern SECStatus WRAP_PubWrapSymKey(SecPublicKeyRef publickey, 134 SecSymmetricKeyRef bulkkey, 135 CSSM_DATA_PTR encKey); 136 137 138extern SecSymmetricKeyRef WRAP_PubUnwrapSymKey(SecPrivateKeyRef privkey, CSSM_DATA_PTR encKey, SECOidTag bulkalgtag); 139 140 141SEC_END_PROTOS 142 143#endif /* _CRYPTOHI_H_ */ 144