PageRenderTime 125ms CodeModel.GetById 70ms app.highlight 14ms RepoModel.GetById 36ms app.codeStats 1ms

/gecko_api/include/cryptohi.h

http://firefox-mac-pdf.googlecode.com/
C++ Header | 401 lines | 74 code | 34 blank | 293 comment | 0 complexity | 673e165a37a9513c8c3caa3c9756bd72 MD5 | raw file
  1/*
  2 * crypto.h - public data structures and prototypes for the crypto library
  3 *
  4 * ***** BEGIN LICENSE BLOCK *****
  5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  6 *
  7 * The contents of this file are subject to the Mozilla Public License Version
  8 * 1.1 (the "License"); you may not use this file except in compliance with
  9 * the License. You may obtain a copy of the License at
 10 * http://www.mozilla.org/MPL/
 11 *
 12 * Software distributed under the License is distributed on an "AS IS" basis,
 13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 14 * for the specific language governing rights and limitations under the
 15 * License.
 16 *
 17 * The Original Code is the Netscape security libraries.
 18 *
 19 * The Initial Developer of the Original Code is
 20 * Netscape Communications Corporation.
 21 * Portions created by the Initial Developer are Copyright (C) 1994-2000
 22 * the Initial Developer. All Rights Reserved.
 23 *
 24 * Contributor(s):
 25 *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
 26 *
 27 * Alternatively, the contents of this file may be used under the terms of
 28 * either the GNU General Public License Version 2 or later (the "GPL"), or
 29 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 30 * in which case the provisions of the GPL or the LGPL are applicable instead
 31 * of those above. If you wish to allow use of your version of this file only
 32 * under the terms of either the GPL or the LGPL, and not to allow others to
 33 * use your version of this file under the terms of the MPL, indicate your
 34 * decision by deleting the provisions above and replace them with the notice
 35 * and other provisions required by the GPL or the LGPL. If you do not delete
 36 * the provisions above, a recipient may use your version of this file under
 37 * the terms of any one of the MPL, the GPL or the LGPL.
 38 *
 39 * ***** END LICENSE BLOCK ***** */
 40/* $Id: cryptohi.h,v 1.11 2006/03/15 21:42:21 rrelyea%redhat.com Exp $ */
 41
 42#ifndef _CRYPTOHI_H_
 43#define _CRYPTOHI_H_
 44
 45#include "blapit.h"
 46
 47#include "seccomon.h"
 48#include "secoidt.h"
 49#include "secdert.h"
 50#include "cryptoht.h"
 51#include "keyt.h"
 52#include "certt.h"
 53
 54
 55SEC_BEGIN_PROTOS
 56
 57
 58/****************************************/
 59/*
 60** DER encode/decode (EC)DSA signatures
 61*/
 62
 63/* ANSI X9.57 defines DSA signatures as DER encoded data.  Our DSA code (and
 64 * most of the rest of the world) just generates 40 bytes of raw data.  These
 65 * functions convert between formats.
 66 */
 67extern SECStatus DSAU_EncodeDerSig(SECItem *dest, SECItem *src);
 68extern SECItem *DSAU_DecodeDerSig(const SECItem *item);
 69
 70/*
 71 * Unlike DSA, raw ECDSA signatures do not have a fixed length.
 72 * Rather they contain two integers r and s whose length depends
 73 * on the size of the EC key used for signing.
 74 *
 75 * We can reuse the DSAU_EncodeDerSig interface to DER encode
 76 * raw ECDSA signature keeping in mind that the length of r 
 77 * is the same as that of s and exactly half of src->len.
 78 *
 79 * For decoding, we need to pass the length of the desired
 80 * raw signature (twice the key size) explicitly.
 81 */
 82extern SECStatus DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src, 
 83					  unsigned int len);
 84extern SECItem *DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len);
 85
 86/****************************************/
 87/*
 88** Signature creation operations
 89*/
 90
 91/*
 92** Create a new signature context used for signing a data stream.
 93**	"alg" the signature algorithm to use (e.g. SEC_OID_RSA_WITH_MD5)
 94**	"privKey" the private key to use
 95*/
 96extern SGNContext *SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *privKey);
 97
 98/*
 99** Destroy a signature-context object
100**	"key" the object
101**	"freeit" if PR_TRUE then free the object as well as its sub-objects
102*/
103extern void SGN_DestroyContext(SGNContext *cx, PRBool freeit);
104
105/*
106** Reset the signing context "cx" to its initial state, preparing it for
107** another stream of data.
108*/
109extern SECStatus SGN_Begin(SGNContext *cx);
110
111/*
112** Update the signing context with more data to sign.
113**	"cx" the context
114**	"input" the input data to sign
115**	"inputLen" the length of the input data
116*/
117extern SECStatus SGN_Update(SGNContext *cx, unsigned char *input,
118			   unsigned int inputLen);
119
120/*
121** Finish the signature process. Use either k0 or k1 to sign the data
122** stream that was input using SGN_Update. The resulting signature is
123** formatted using PKCS#1 and then encrypted using RSA private or public
124** encryption.
125**	"cx" the context
126**	"result" the final signature data (memory is allocated)
127*/
128extern SECStatus SGN_End(SGNContext *cx, SECItem *result);
129
130/*
131** Sign a single block of data using private key encryption and given
132** signature/hash algorithm.
133**	"result" the final signature data (memory is allocated)
134**	"buf" the input data to sign
135**	"len" the amount of data to sign
136**	"pk" the private key to encrypt with
137**	"algid" the signature/hash algorithm to sign with 
138**		(must be compatible with the key type).
139*/
140extern SECStatus SEC_SignData(SECItem *result, unsigned char *buf, int len,
141			     SECKEYPrivateKey *pk, SECOidTag algid);
142
143/*
144** Sign a pre-digested block of data using private key encryption, encoding
145**  The given signature/hash algorithm.
146**	"result" the final signature data (memory is allocated)
147**	"digest" the digest to sign
148**	"pk" the private key to encrypt with
149**	"algtag" The algorithm tag to encode (need for RSA only)
150*/
151extern SECStatus SGN_Digest(SECKEYPrivateKey *privKey,
152                SECOidTag algtag, SECItem *result, SECItem *digest);
153
154/*
155** DER sign a single block of data using private key encryption and the
156** MD5 hashing algorithm. This routine first computes a digital signature
157** using SEC_SignData, then wraps it with an CERTSignedData and then der
158** encodes the result.
159**	"arena" is the memory arena to use to allocate data from
160** 	"result" the final der encoded data (memory is allocated)
161** 	"buf" the input data to sign
162** 	"len" the amount of data to sign
163** 	"pk" the private key to encrypt with
164*/
165extern SECStatus SEC_DerSignData(PRArenaPool *arena, SECItem *result,
166				unsigned char *buf, int len,
167				SECKEYPrivateKey *pk, SECOidTag algid);
168
169/*
170** Destroy a signed-data object.
171**	"sd" the object
172**	"freeit" if PR_TRUE then free the object as well as its sub-objects
173*/
174extern void SEC_DestroySignedData(CERTSignedData *sd, PRBool freeit);
175
176/*
177** Get the signature algorithm tag number for the given key type and hash
178** algorithm tag. Returns SEC_OID_UNKNOWN if key type and hash algorithm
179** do not match or are not supported.
180*/
181extern SECOidTag SEC_GetSignatureAlgorithmOidTag(KeyType keyType,
182                                                 SECOidTag hashAlgTag);
183
184/****************************************/
185/*
186** Signature verification operations
187*/
188
189/*
190** Create a signature verification context. This version is deprecated,
191**  This function is deprecated. Use VFY_CreateContextDirect or 
192**  VFY_CreateContextWithAlgorithmID instead.
193**	"key" the public key to verify with
194**	"sig" the encrypted signature data if sig is NULL then
195**	   VFY_EndWithSignature must be called with the correct signature at
196**	   the end of the processing.
197**	"sigAlg" specifies the signing algorithm to use (including the 
198**         hash algorthim).  This must match the key type.
199**	"wincx" void pointer to the window context
200*/
201extern VFYContext *VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig,
202				     SECOidTag sigAlg, void *wincx);
203/*
204** Create a signature verification context.
205**	"key" the public key to verify with
206**	"sig" the encrypted signature data if sig is NULL then
207**	   VFY_EndWithSignature must be called with the correct signature at
208**	   the end of the processing.
209**	"pubkAlg" specifies the cryptographic signing algorithm to use (the
210**         raw algorithm without any hash specified.  This must match the key 
211**         type.
212**	"hashAlg" specifies the hashing algorithm used. If the key is an 
213**	   RSA key, and sig is not NULL, then hashAlg can be SEC_OID_UNKNOWN.
214**	   the hash is selected from data in the sig.
215**	"hash" optional pointer to return the actual hash algorithm used.
216**	   in practice this should always match the passed in hashAlg (the
217**	   exception is the case where hashAlg is SEC_OID_UNKNOWN above).
218**         If this value is NULL no, hash oid is returned.
219**	"wincx" void pointer to the window context
220*/
221extern VFYContext *VFY_CreateContextDirect(const SECKEYPublicKey *key,
222					   const SECItem *sig,
223	     				   SECOidTag pubkAlg, 
224					   SECOidTag hashAlg, 
225					   SECOidTag *hash, void *wincx);
226/*
227** Create a signature verification context from a algorithm ID.
228**	"key" the public key to verify with
229**	"sig" the encrypted signature data if sig is NULL then
230**	   VFY_EndWithSignature must be called with the correct signature at
231**	   the end of the processing.
232**	"algid" specifies the signing algorithm and parameters to use.
233**         This must match the key type.
234**      "hash" optional pointer to return the oid of the actual hash used in 
235**         the signature. If this value is NULL no, hash oid is returned.
236**	"wincx" void pointer to the window context
237*/
238extern VFYContext *VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key, 
239				     const SECItem *sig,
240				     const SECAlgorithmID *algid, 
241				     SECOidTag *hash,
242				     void *wincx);
243
244/*
245** Destroy a verification-context object.
246**	"cx" the context to destroy
247**	"freeit" if PR_TRUE then free the object as well as its sub-objects
248*/
249extern void VFY_DestroyContext(VFYContext *cx, PRBool freeit);
250
251extern SECStatus VFY_Begin(VFYContext *cx);
252
253/*
254** Update a verification context with more input data. The input data
255** is fed to a secure hash function (depending on what was in the
256** encrypted signature data).
257**	"cx" the context
258**	"input" the input data
259**	"inputLen" the amount of input data
260*/
261extern SECStatus VFY_Update(VFYContext *cx, const unsigned char *input,
262			    unsigned int inputLen);
263
264/*
265** Finish the verification process. The return value is a status which
266** indicates success or failure. On success, the SECSuccess value is
267** returned. Otherwise, SECFailure is returned and the error code found
268** using PORT_GetError() indicates what failure occurred.
269** 	"cx" the context
270*/
271extern SECStatus VFY_End(VFYContext *cx);
272
273/*
274** Finish the verification process. The return value is a status which
275** indicates success or failure. On success, the SECSuccess value is
276** returned. Otherwise, SECFailure is returned and the error code found
277** using PORT_GetError() indicates what failure occurred. If signature is
278** supplied the verification uses this signature to verify, otherwise the
279** signature passed in VFY_CreateContext() is used. 
280** VFY_EndWithSignature(cx,NULL); is identical to VFY_End(cx);.
281** 	"cx" the context
282** 	"sig" the encrypted signature data
283*/
284extern SECStatus VFY_EndWithSignature(VFYContext *cx, SECItem *sig);
285
286
287/*
288** Verify the signature on a block of data for which we already have
289** the digest. The signature data is an RSA private key encrypted
290** block of data formatted according to PKCS#1.
291**  This function is deprecated. Use VFY_VerifyDigestDirect or 
292**  VFY_VerifyDigestWithAlgorithmID instead.
293** 	"dig" the digest
294** 	"key" the public key to check the signature with
295** 	"sig" the encrypted signature data
296**	"sigAlg" specifies the signing algorithm to use.  This must match
297**	    the key type.
298**	"wincx" void pointer to the window context
299**/
300extern SECStatus VFY_VerifyDigest(SECItem *dig, SECKEYPublicKey *key,
301				  SECItem *sig, SECOidTag sigAlg, void *wincx);
302/*
303** Verify the signature on a block of data for which we already have
304** the digest. The signature data is an RSA private key encrypted
305** block of data formatted according to PKCS#1.
306** 	"dig" the digest
307** 	"key" the public key to check the signature with
308** 	"sig" the encrypted signature data
309**	"pubkAlg" specifies the cryptographic signing algorithm to use (the
310**         raw algorithm without any hash specified.  This must match the key 
311**         type.
312**	"hashAlg" specifies the hashing algorithm used.
313**	"wincx" void pointer to the window context
314**/
315extern SECStatus VFY_VerifyDigestDirect(const SECItem *dig, 
316					const SECKEYPublicKey *key,
317					const SECItem *sig, SECOidTag pubkAlg, 
318					SECOidTag hashAlg, void *wincx);
319/*
320** Verify the signature on a block of data for which we already have
321** the digest. The signature data is an RSA private key encrypted
322** block of data formatted according to PKCS#1.
323**	"key" the public key to verify with
324**	"sig" the encrypted signature data if sig is NULL then
325**	   VFY_EndWithSignature must be called with the correct signature at
326**	   the end of the processing.
327**	"algid" specifies the signing algorithm and parameters to use.
328**         This must match the key type.
329**      "hash" oid of the actual hash used to create digest. If this  value is
330**         not set to SEC_OID_UNKNOWN, it must match the hash of the signature.
331**	"wincx" void pointer to the window context
332*/
333extern SECStatus VFY_VerifyDigestWithAlgorithmID(const SECItem *dig, 
334				const SECKEYPublicKey *key, const SECItem *sig,
335				const SECAlgorithmID *algid, SECOidTag hash,
336				void *wincx);
337
338/*
339** Verify the signature on a block of data. The signature data is an RSA
340** private key encrypted block of data formatted according to PKCS#1.
341**   This function is deprecated. Use VFY_VerifyDataDirect or 
342**   VFY_VerifyDataWithAlgorithmID instead.
343** 	"buf" the input data
344** 	"len" the length of the input data
345** 	"key" the public key to check the signature with
346** 	"sig" the encrypted signature data
347**	"sigAlg" specifies the signing algorithm to use.  This must match
348**	    the key type.
349**	"wincx" void pointer to the window context
350*/
351extern SECStatus VFY_VerifyData(unsigned char *buf, int len,
352				SECKEYPublicKey *key, SECItem *sig,
353				SECOidTag sigAlg, void *wincx);
354/*
355** Verify the signature on a block of data. The signature data is an RSA
356** private key encrypted block of data formatted according to PKCS#1.
357** 	"buf" the input data
358** 	"len" the length of the input data
359** 	"key" the public key to check the signature with
360** 	"sig" the encrypted signature data
361**	"pubkAlg" specifies the cryptographic signing algorithm to use (the
362**         raw algorithm without any hash specified.  This must match the key 
363**         type.
364**	"hashAlg" specifies the hashing algorithm used. If the key is an 
365**	   RSA key, and sig is not NULL, then hashAlg can be SEC_OID_UNKNOWN.
366**	   the hash is selected from data in the sig.
367**	"hash" optional pointer to return the actual hash algorithm used.
368**	   in practice this should always match the passed in hashAlg (the
369**	   exception is the case where hashAlg is SEC_OID_UNKNOWN above).
370**         If this value is NULL no, hash oid is returned.
371**	"wincx" void pointer to the window context
372*/
373extern SECStatus VFY_VerifyDataDirect(const unsigned char *buf, int len,
374				      const SECKEYPublicKey *key, 
375				      const SECItem *sig,
376				      SECOidTag pubkAlg, SECOidTag hashAlg, 
377				      SECOidTag *hash, void *wincx);
378
379/*
380** Verify the signature on a block of data. The signature data is an RSA
381** private key encrypted block of data formatted according to PKCS#1.
382** 	"buf" the input data
383** 	"len" the length of the input data
384** 	"key" the public key to check the signature with
385** 	"sig" the encrypted signature data
386**	"algid" specifies the signing algorithm and parameters to use.
387**         This must match the key type.
388**      "hash" optional pointer to return the oid of the actual hash used in 
389**         the signature. If this value is NULL no, hash oid is returned.
390**	"wincx" void pointer to the window context
391*/
392extern SECStatus VFY_VerifyDataWithAlgorithmID(const unsigned char *buf, 
393				int len, const SECKEYPublicKey *key,
394				 const SECItem *sig,
395				const SECAlgorithmID *algid, SECOidTag *hash,
396				void *wincx);
397
398
399SEC_END_PROTOS
400
401#endif /* _CRYPTOHI_H_ */