1/*
2 * crypto.h - public data structures and prototypes for the crypto library
3 *
4 * The contents of this file are subject to the Mozilla Public
5 * License Version 1.1 (the "License"); you may not use this file
6 * except in compliance with the License. You may obtain a copy of
7 * the License at http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS
10 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
11 * implied. See the License for the specific language governing
12 * rights and limitations under the License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is Netscape
17 * Communications Corporation.  Portions created by Netscape are
18 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
19 * Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the
24 * terms of the GNU General Public License Version 2 or later (the
25 * "GPL"), in which case the provisions of the GPL are applicable
26 * instead of those above.  If you wish to allow use of your
27 * version of this file only under the terms of the GPL and not to
28 * allow others to use your version of this file under the MPL,
29 * indicate your decision by deleting the provisions above and
30 * replace them with the notice and other provisions required by
31 * the GPL.  If you do not delete the provisions above, a recipient
32 * may use your version of this file under either the MPL or the
33 * GPL.
34 */
35
36#ifndef _CRYPTOHI_H_
37#define _CRYPTOHI_H_
38
39#include <security_asn1/seccomon.h>
40#include <Security/SecCmsBase.h>
41
42
43SEC_BEGIN_PROTOS
44
45
46/****************************************/
47/*
48** DER encode/decode DSA signatures
49*/
50
51/* ANSI X9.57 defines DSA signatures as DER encoded data.  Our DSA code (and
52 * most of the rest of the world) just generates 40 bytes of raw data.  These
53 * functions convert between formats.
54 */
55//extern SECStatus DSAU_EncodeDerSig(SecAsn1Item *dest, SecAsn1Item *src);
56//extern SecAsn1Item *DSAU_DecodeDerSig(SecAsn1Item *item);
57
58#if USE_CDSA_CRYPTO
59/*
60 * Return a csp handle able to deal with algorithm
61 */
62extern CSSM_CSP_HANDLE SecCspHandleForAlgorithm(CSSM_ALGORITHMS algorithm);
63
64/*
65 * Return a CSSM_ALGORITHMS for a given SECOidTag or 0 if there is none
66 */
67extern CSSM_ALGORITHMS SECOID_FindyCssmAlgorithmByTag(SECOidTag algTag);
68#endif
69
70/****************************************/
71/*
72** Signature creation operations
73*/
74
75/*
76** Sign a single block of data using private key encryption and given
77** signature/hash algorithm.
78**	"result" the final signature data (memory is allocated)
79**	"buf" the input data to sign
80**	"len" the amount of data to sign
81**	"pk" the private key to encrypt with
82**	"algid" the signature/hash algorithm to sign with
83**		(must be compatible with the key type).
84*/
85extern SECStatus SEC_SignData(SecAsn1Item *result, unsigned char *buf, int len,
86			     SecPrivateKeyRef pk, SECOidTag digAlgTag, SECOidTag sigAlgTag);
87
88/*
89** Sign a pre-digested block of data using private key encryption, encoding
90**  The given signature/hash algorithm.
91**	"result" the final signature data (memory is allocated)
92**	"digest" the digest to sign
93**	"pk" the private key to encrypt with
94**	"algtag" The algorithm tag to encode (need for RSA only)
95*/
96extern SECStatus SGN_Digest(SecPrivateKeyRef privKey,
97                SECOidTag digAlgTag, SECOidTag sigAlgTag, SecAsn1Item *result, SecAsn1Item *digest);
98
99/****************************************/
100/*
101** Signature verification operations
102*/
103
104
105/*
106** Verify the signature on a block of data for which we already have
107** the digest. The signature data is an RSA private key encrypted
108** block of data formatted according to PKCS#1.
109** 	"dig" the digest
110** 	"key" the public key to check the signature with
111** 	"sig" the encrypted signature data
112**	"algid" specifies the signing algorithm to use.  This must match
113**	    the key type.
114**/
115extern SECStatus VFY_VerifyDigest(SecAsn1Item *dig, SecPublicKeyRef key,
116				  SecAsn1Item *sig, SECOidTag digAlgTag, SECOidTag sigAlgTag, void *wincx);
117
118/*
119** Verify the signature on a block of data. The signature data is an RSA
120** private key encrypted block of data formatted according to PKCS#1.
121** 	"buf" the input data
122** 	"len" the length of the input data
123** 	"key" the public key to check the signature with
124** 	"sig" the encrypted signature data
125**	"algid" specifies the signing algorithm to use.  This must match
126**	    the key type.
127*/
128extern SECStatus VFY_VerifyData(unsigned char *buf, int len,
129				SecPublicKeyRef key, SecAsn1Item *sig,
130				SECOidTag digAlgTag, SECOidTag sigAlgTag, void *wincx);
131
132
133
134extern SECStatus WRAP_PubWrapSymKey(SecPublicKeyRef publickey,
135				    SecSymmetricKeyRef bulkkey,
136				    SecAsn1Item * encKey);
137
138
139extern SecSymmetricKeyRef WRAP_PubUnwrapSymKey(SecPrivateKeyRef privkey, const SecAsn1Item *encKey, SECOidTag bulkalgtag);
140
141
142SEC_END_PROTOS
143
144#endif /* _CRYPTOHI_H_ */
145