1/* 2 * crypto.h - public data structures and prototypes for the crypto library 3 * 4 * The contents of this file are subject to the Mozilla Public 5 * License Version 1.1 (the "License"); you may not use this file 6 * except in compliance with the License. You may obtain a copy of 7 * the License at http://www.mozilla.org/MPL/ 8 * 9 * Software distributed under the License is distributed on an "AS 10 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 11 * implied. See the License for the specific language governing 12 * rights and limitations under the License. 13 * 14 * The Original Code is the Netscape security libraries. 15 * 16 * The Initial Developer of the Original Code is Netscape 17 * Communications Corporation. Portions created by Netscape are 18 * Copyright (C) 1994-2000 Netscape Communications Corporation. All 19 * Rights Reserved. 20 * 21 * Contributor(s): 22 * 23 * Alternatively, the contents of this file may be used under the 24 * terms of the GNU General Public License Version 2 or later (the 25 * "GPL"), in which case the provisions of the GPL are applicable 26 * instead of those above. If you wish to allow use of your 27 * version of this file only under the terms of the GPL and not to 28 * allow others to use your version of this file under the MPL, 29 * indicate your decision by deleting the provisions above and 30 * replace them with the notice and other provisions required by 31 * the GPL. If you do not delete the provisions above, a recipient 32 * may use your version of this file under either the MPL or the 33 * GPL. 34 */ 35 36#ifndef _CRYPTOHI_H_ 37#define _CRYPTOHI_H_ 38 39#include <security_asn1/seccomon.h> 40#include <Security/SecCmsBase.h> 41 42 43SEC_BEGIN_PROTOS 44 45 46/****************************************/ 47/* 48** DER encode/decode DSA signatures 49*/ 50 51/* ANSI X9.57 defines DSA signatures as DER encoded data. Our DSA code (and 52 * most of the rest of the world) just generates 40 bytes of raw data. These 53 * functions convert between formats. 54 */ 55//extern SECStatus DSAU_EncodeDerSig(SecAsn1Item *dest, SecAsn1Item *src); 56//extern SecAsn1Item *DSAU_DecodeDerSig(SecAsn1Item *item); 57 58#if USE_CDSA_CRYPTO 59/* 60 * Return a csp handle able to deal with algorithm 61 */ 62extern CSSM_CSP_HANDLE SecCspHandleForAlgorithm(CSSM_ALGORITHMS algorithm); 63 64/* 65 * Return a CSSM_ALGORITHMS for a given SECOidTag or 0 if there is none 66 */ 67extern CSSM_ALGORITHMS SECOID_FindyCssmAlgorithmByTag(SECOidTag algTag); 68#endif 69 70/****************************************/ 71/* 72** Signature creation operations 73*/ 74 75/* 76** Sign a single block of data using private key encryption and given 77** signature/hash algorithm. 78** "result" the final signature data (memory is allocated) 79** "buf" the input data to sign 80** "len" the amount of data to sign 81** "pk" the private key to encrypt with 82** "algid" the signature/hash algorithm to sign with 83** (must be compatible with the key type). 84*/ 85extern SECStatus SEC_SignData(SecAsn1Item *result, unsigned char *buf, int len, 86 SecPrivateKeyRef pk, SECOidTag digAlgTag, SECOidTag sigAlgTag); 87 88/* 89** Sign a pre-digested block of data using private key encryption, encoding 90** The given signature/hash algorithm. 91** "result" the final signature data (memory is allocated) 92** "digest" the digest to sign 93** "pk" the private key to encrypt with 94** "algtag" The algorithm tag to encode (need for RSA only) 95*/ 96extern SECStatus SGN_Digest(SecPrivateKeyRef privKey, 97 SECOidTag digAlgTag, SECOidTag sigAlgTag, SecAsn1Item *result, SecAsn1Item *digest); 98 99/****************************************/ 100/* 101** Signature verification operations 102*/ 103 104 105/* 106** Verify the signature on a block of data for which we already have 107** the digest. The signature data is an RSA private key encrypted 108** block of data formatted according to PKCS#1. 109** "dig" the digest 110** "key" the public key to check the signature with 111** "sig" the encrypted signature data 112** "algid" specifies the signing algorithm to use. This must match 113** the key type. 114**/ 115extern SECStatus VFY_VerifyDigest(SecAsn1Item *dig, SecPublicKeyRef key, 116 SecAsn1Item *sig, SECOidTag digAlgTag, SECOidTag sigAlgTag, void *wincx); 117 118/* 119** Verify the signature on a block of data. The signature data is an RSA 120** private key encrypted block of data formatted according to PKCS#1. 121** "buf" the input data 122** "len" the length of the input data 123** "key" the public key to check the signature with 124** "sig" the encrypted signature data 125** "algid" specifies the signing algorithm to use. This must match 126** the key type. 127*/ 128extern SECStatus VFY_VerifyData(unsigned char *buf, int len, 129 SecPublicKeyRef key, SecAsn1Item *sig, 130 SECOidTag digAlgTag, SECOidTag sigAlgTag, void *wincx); 131 132 133 134extern SECStatus WRAP_PubWrapSymKey(SecPublicKeyRef publickey, 135 SecSymmetricKeyRef bulkkey, 136 SecAsn1Item * encKey); 137 138 139extern SecSymmetricKeyRef WRAP_PubUnwrapSymKey(SecPrivateKeyRef privkey, const SecAsn1Item *encKey, SECOidTag bulkalgtag); 140 141 142SEC_END_PROTOS 143 144#endif /* _CRYPTOHI_H_ */ 145