Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(240)

Side by Side Diff: nss/lib/cryptohi/cryptohi.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/ckfw/wrap.c ('k') | nss/lib/cryptohi/cryptoht.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * cryptohi.h - public prototypes for the crypto library
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
8 #ifndef _CRYPTOHI_H_
9 #define _CRYPTOHI_H_
10
11 #include "blapit.h"
12
13 #include "seccomon.h"
14 #include "secoidt.h"
15 #include "secdert.h"
16 #include "cryptoht.h"
17 #include "keyt.h"
18 #include "certt.h"
19
20 SEC_BEGIN_PROTOS
21
22 /****************************************/
23 /*
24 ** DER encode/decode (EC)DSA signatures
25 */
26
27 /* ANSI X9.57 defines DSA signatures as DER encoded data. Our DSA1 code (and
28 * most of the rest of the world) just generates 40 bytes of raw data. These
29 * functions convert between formats.
30 */
31 extern SECStatus DSAU_EncodeDerSig(SECItem *dest, SECItem *src);
32 extern SECItem *DSAU_DecodeDerSig(const SECItem *item);
33
34 /*
35 * Unlike DSA1, raw DSA2 and ECDSA signatures do not have a fixed length.
36 * Rather they contain two integers r and s whose length depends
37 * on the size of q or the EC key used for signing.
38 *
39 * We can reuse the DSAU_EncodeDerSig interface to DER encode
40 * raw ECDSA signature keeping in mind that the length of r
41 * is the same as that of s and exactly half of src->len.
42 *
43 * For decoding, we need to pass the length of the desired
44 * raw signature (twice the key size) explicitly.
45 */
46 extern SECStatus DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src,
47 unsigned int len);
48 extern SECItem *DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len);
49
50 /****************************************/
51 /*
52 ** Signature creation operations
53 */
54
55 /*
56 ** Create a new signature context used for signing a data stream.
57 ** "alg" the signature algorithm to use (e.g. SEC_OID_PKCS1_MD5_WITH_RSA_EN CRYPTION)
58 ** "privKey" the private key to use
59 */
60 extern SGNContext *SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *privKey);
61
62 /*
63 ** Destroy a signature-context object
64 ** "cx" the object
65 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
66 */
67 extern void SGN_DestroyContext(SGNContext *cx, PRBool freeit);
68
69 /*
70 ** Reset the signing context "cx" to its initial state, preparing it for
71 ** another stream of data.
72 */
73 extern SECStatus SGN_Begin(SGNContext *cx);
74
75 /*
76 ** Update the signing context with more data to sign.
77 ** "cx" the context
78 ** "input" the input data to sign
79 ** "inputLen" the length of the input data
80 */
81 extern SECStatus SGN_Update(SGNContext *cx, const unsigned char *input,
82 unsigned int inputLen);
83
84 /*
85 ** Finish the signature process. Use either k0 or k1 to sign the data
86 ** stream that was input using SGN_Update. The resulting signature is
87 ** formatted using PKCS#1 and then encrypted using RSA private or public
88 ** encryption.
89 ** "cx" the context
90 ** "result" the final signature data (memory is allocated)
91 */
92 extern SECStatus SGN_End(SGNContext *cx, SECItem *result);
93
94 /*
95 ** Sign a single block of data using private key encryption and given
96 ** signature/hash algorithm.
97 ** "result" the final signature data (memory is allocated)
98 ** "buf" the input data to sign
99 ** "len" the amount of data to sign
100 ** "pk" the private key to encrypt with
101 ** "algid" the signature/hash algorithm to sign with
102 ** (must be compatible with the key type).
103 */
104 extern SECStatus SEC_SignData(SECItem *result,
105 const unsigned char *buf, int len,
106 SECKEYPrivateKey *pk, SECOidTag algid);
107
108 /*
109 ** Sign a pre-digested block of data using private key encryption, encoding
110 ** The given signature/hash algorithm.
111 ** "result" the final signature data (memory is allocated)
112 ** "digest" the digest to sign
113 ** "privKey" the private key to encrypt with
114 ** "algtag" The algorithm tag to encode (need for RSA only)
115 */
116 extern SECStatus SGN_Digest(SECKEYPrivateKey *privKey,
117 SECOidTag algtag, SECItem *result, SECItem *digest);
118
119 /*
120 ** DER sign a single block of data using private key encryption and the
121 ** MD5 hashing algorithm. This routine first computes a digital signature
122 ** using SEC_SignData, then wraps it with an CERTSignedData and then der
123 ** encodes the result.
124 ** "arena" is the memory arena to use to allocate data from
125 ** "result" the final der encoded data (memory is allocated)
126 ** "buf" the input data to sign
127 ** "len" the amount of data to sign
128 ** "pk" the private key to encrypt with
129 */
130 extern SECStatus SEC_DerSignData(PLArenaPool *arena, SECItem *result,
131 const unsigned char *buf, int len,
132 SECKEYPrivateKey *pk, SECOidTag algid);
133
134 /*
135 ** Destroy a signed-data object.
136 ** "sd" the object
137 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
138 */
139 extern void SEC_DestroySignedData(CERTSignedData *sd, PRBool freeit);
140
141 /*
142 ** Get the signature algorithm tag number for the given key type and hash
143 ** algorithm tag. Returns SEC_OID_UNKNOWN if key type and hash algorithm
144 ** do not match or are not supported.
145 */
146 extern SECOidTag SEC_GetSignatureAlgorithmOidTag(KeyType keyType,
147 SECOidTag hashAlgTag);
148
149 /****************************************/
150 /*
151 ** Signature verification operations
152 */
153
154 /*
155 ** Create a signature verification context. This version is deprecated,
156 ** This function is deprecated. Use VFY_CreateContextDirect or
157 ** VFY_CreateContextWithAlgorithmID instead.
158 ** "key" the public key to verify with
159 ** "sig" the encrypted signature data if sig is NULL then
160 ** VFY_EndWithSignature must be called with the correct signature at
161 ** the end of the processing.
162 ** "sigAlg" specifies the signing algorithm to use (including the
163 ** hash algorthim). This must match the key type.
164 ** "wincx" void pointer to the window context
165 */
166 extern VFYContext *VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig,
167 SECOidTag sigAlg, void *wincx);
168 /*
169 ** Create a signature verification context.
170 ** "key" the public key to verify with
171 ** "sig" the encrypted signature data if sig is NULL then
172 ** VFY_EndWithSignature must be called with the correct signature at
173 ** the end of the processing.
174 ** "pubkAlg" specifies the cryptographic signing algorithm to use (the
175 ** raw algorithm without any hash specified. This must match the key
176 ** type.
177 ** "hashAlg" specifies the hashing algorithm used. If the key is an
178 ** RSA key, and sig is not NULL, then hashAlg can be SEC_OID_UNKNOWN.
179 ** the hash is selected from data in the sig.
180 ** "hash" optional pointer to return the actual hash algorithm used.
181 ** in practice this should always match the passed in hashAlg (the
182 ** exception is the case where hashAlg is SEC_OID_UNKNOWN above).
183 ** If this value is NULL no, hash oid is returned.
184 ** "wincx" void pointer to the window context
185 */
186 extern VFYContext *VFY_CreateContextDirect(const SECKEYPublicKey *key,
187 const SECItem *sig,
188 SECOidTag pubkAlg,
189 SECOidTag hashAlg,
190 SECOidTag *hash, void *wincx);
191 /*
192 ** Create a signature verification context from a algorithm ID.
193 ** "key" the public key to verify with
194 ** "sig" the encrypted signature data if sig is NULL then
195 ** VFY_EndWithSignature must be called with the correct signature at
196 ** the end of the processing.
197 ** "algid" specifies the signing algorithm and parameters to use.
198 ** This must match the key type.
199 ** "hash" optional pointer to return the oid of the actual hash used in
200 ** the signature. If this value is NULL no, hash oid is returned.
201 ** "wincx" void pointer to the window context
202 */
203 extern VFYContext *VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key,
204 const SECItem *sig,
205 const SECAlgorithmID *algid,
206 SECOidTag *hash,
207 void *wincx);
208
209 /*
210 ** Destroy a verification-context object.
211 ** "cx" the context to destroy
212 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
213 */
214 extern void VFY_DestroyContext(VFYContext *cx, PRBool freeit);
215
216 extern SECStatus VFY_Begin(VFYContext *cx);
217
218 /*
219 ** Update a verification context with more input data. The input data
220 ** is fed to a secure hash function (depending on what was in the
221 ** encrypted signature data).
222 ** "cx" the context
223 ** "input" the input data
224 ** "inputLen" the amount of input data
225 */
226 extern SECStatus VFY_Update(VFYContext *cx, const unsigned char *input,
227 unsigned int inputLen);
228
229 /*
230 ** Finish the verification process. The return value is a status which
231 ** indicates success or failure. On success, the SECSuccess value is
232 ** returned. Otherwise, SECFailure is returned and the error code found
233 ** using PORT_GetError() indicates what failure occurred.
234 ** "cx" the context
235 */
236 extern SECStatus VFY_End(VFYContext *cx);
237
238 /*
239 ** Finish the verification process. The return value is a status which
240 ** indicates success or failure. On success, the SECSuccess value is
241 ** returned. Otherwise, SECFailure is returned and the error code found
242 ** using PORT_GetError() indicates what failure occurred. If signature is
243 ** supplied the verification uses this signature to verify, otherwise the
244 ** signature passed in VFY_CreateContext() is used.
245 ** VFY_EndWithSignature(cx,NULL); is identical to VFY_End(cx);.
246 ** "cx" the context
247 ** "sig" the encrypted signature data
248 */
249 extern SECStatus VFY_EndWithSignature(VFYContext *cx, SECItem *sig);
250
251 /*
252 ** Verify the signature on a block of data for which we already have
253 ** the digest. The signature data is an RSA private key encrypted
254 ** block of data formatted according to PKCS#1.
255 ** This function is deprecated. Use VFY_VerifyDigestDirect or
256 ** VFY_VerifyDigestWithAlgorithmID instead.
257 ** "dig" the digest
258 ** "key" the public key to check the signature with
259 ** "sig" the encrypted signature data
260 ** "sigAlg" specifies the signing algorithm to use. This must match
261 ** the key type.
262 ** "wincx" void pointer to the window context
263 **/
264 extern SECStatus VFY_VerifyDigest(SECItem *dig, SECKEYPublicKey *key,
265 SECItem *sig, SECOidTag sigAlg, void *wincx);
266 /*
267 ** Verify the signature on a block of data for which we already have
268 ** the digest. The signature data is an RSA private key encrypted
269 ** block of data formatted according to PKCS#1.
270 ** "dig" the digest
271 ** "key" the public key to check the signature with
272 ** "sig" the encrypted signature data
273 ** "pubkAlg" specifies the cryptographic signing algorithm to use (the
274 ** raw algorithm without any hash specified. This must match the key
275 ** type.
276 ** "hashAlg" specifies the hashing algorithm used.
277 ** "wincx" void pointer to the window context
278 **/
279 extern SECStatus VFY_VerifyDigestDirect(const SECItem *dig,
280 const SECKEYPublicKey *key,
281 const SECItem *sig, SECOidTag pubkAlg,
282 SECOidTag hashAlg, void *wincx);
283 /*
284 ** Verify the signature on a block of data for which we already have
285 ** the digest. The signature data is an RSA private key encrypted
286 ** block of data formatted according to PKCS#1.
287 ** "key" the public key to verify with
288 ** "sig" the encrypted signature data if sig is NULL then
289 ** VFY_EndWithSignature must be called with the correct signature at
290 ** the end of the processing.
291 ** "algid" specifies the signing algorithm and parameters to use.
292 ** This must match the key type.
293 ** "hash" oid of the actual hash used to create digest. If this value is
294 ** not set to SEC_OID_UNKNOWN, it must match the hash of the signature.
295 ** "wincx" void pointer to the window context
296 */
297 extern SECStatus VFY_VerifyDigestWithAlgorithmID(const SECItem *dig,
298 const SECKEYPublicKey *key, con st SECItem *sig,
299 const SECAlgorithmID *algid, SE COidTag hash,
300 void *wincx);
301
302 /*
303 ** Verify the signature on a block of data. The signature data is an RSA
304 ** private key encrypted block of data formatted according to PKCS#1.
305 ** This function is deprecated. Use VFY_VerifyDataDirect or
306 ** VFY_VerifyDataWithAlgorithmID instead.
307 ** "buf" the input data
308 ** "len" the length of the input data
309 ** "key" the public key to check the signature with
310 ** "sig" the encrypted signature data
311 ** "sigAlg" specifies the signing algorithm to use. This must match
312 ** the key type.
313 ** "wincx" void pointer to the window context
314 */
315 extern SECStatus VFY_VerifyData(const unsigned char *buf, int len,
316 const SECKEYPublicKey *key, const SECItem *sig,
317 SECOidTag sigAlg, void *wincx);
318 /*
319 ** Verify the signature on a block of data. The signature data is an RSA
320 ** private key encrypted block of data formatted according to PKCS#1.
321 ** "buf" the input data
322 ** "len" the length of the input data
323 ** "key" the public key to check the signature with
324 ** "sig" the encrypted signature data
325 ** "pubkAlg" specifies the cryptographic signing algorithm to use (the
326 ** raw algorithm without any hash specified. This must match the key
327 ** type.
328 ** "hashAlg" specifies the hashing algorithm used. If the key is an
329 ** RSA key, and sig is not NULL, then hashAlg can be SEC_OID_UNKNOWN.
330 ** the hash is selected from data in the sig.
331 ** "hash" optional pointer to return the actual hash algorithm used.
332 ** in practice this should always match the passed in hashAlg (the
333 ** exception is the case where hashAlg is SEC_OID_UNKNOWN above).
334 ** If this value is NULL no, hash oid is returned.
335 ** "wincx" void pointer to the window context
336 */
337 extern SECStatus VFY_VerifyDataDirect(const unsigned char *buf, int len,
338 const SECKEYPublicKey *key,
339 const SECItem *sig,
340 SECOidTag pubkAlg, SECOidTag hashAlg,
341 SECOidTag *hash, void *wincx);
342
343 /*
344 ** Verify the signature on a block of data. The signature data is an RSA
345 ** private key encrypted block of data formatted according to PKCS#1.
346 ** "buf" the input data
347 ** "len" the length of the input data
348 ** "key" the public key to check the signature with
349 ** "sig" the encrypted signature data
350 ** "algid" specifies the signing algorithm and parameters to use.
351 ** This must match the key type.
352 ** "hash" optional pointer to return the oid of the actual hash used in
353 ** the signature. If this value is NULL no, hash oid is returned.
354 ** "wincx" void pointer to the window context
355 */
356 extern SECStatus VFY_VerifyDataWithAlgorithmID(const unsigned char *buf,
357 int len, const SECKEYPublicKey *k ey,
358 const SECItem *sig,
359 const SECAlgorithmID *algid, SECO idTag *hash,
360 void *wincx);
361
362 SEC_END_PROTOS
363
364 #endif /* _CRYPTOHI_H_ */
OLDNEW
« no previous file with comments | « nss/lib/ckfw/wrap.c ('k') | nss/lib/cryptohi/cryptoht.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698