/* libncrypto interface.

Copyright 2010 Red Hat, Inc.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this
   list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice,
   this list of conditions and the following disclaimer in the documentation
   and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.

Red Hat author: Miloslav Trmač <mitr@redhat.com> */

#ifndef NCRYPTO_H__
#define NCRYPTO_H__

#include <stddef.h>

#include <pkcs11.h>

/* In general, semantics aspects that are not documented here are same as in
   PCKS#11.

   Simultaneous references to the same object from multiple threads (except for
   simultaneous read accesses to a key) cause undefined behavior. */

 /* Global state */

/* A program should pair calls of ncr_open () with ncr_close ().  In absence
   of ncr_open (), the library will be initialized automatically, and
   ncr_close () will deinitialize it.  */

CK_RV ncr_open (void);
CK_RV ncr_close (void);

 /* Random numbers */

CK_RV ncr_get_random_bytes (void *dest, size_t size);

 /* Symmetric keys */

struct ncr_symm_key;

CK_RV ncr_symm_key_create (struct ncr_symm_key **key, CK_KEY_TYPE type,
			   const void *value, size_t value_size);
CK_RV ncr_symm_key_generate (struct ncr_symm_key **key, CK_MECHANISM_TYPE mech,
			     size_t value_size);
CK_RV ncr_symm_key_destroy (struct ncr_symm_key *key);

 /* Asymmetric keys */

struct ncr_public_key;
struct ncr_private_key;

CK_RV ncr_public_key_create (struct ncr_public_key **key, CK_KEY_TYPE type,
			     const void *der, size_t der_size);
CK_RV ncr_public_key_destroy (struct ncr_public_key *key);
CK_RV ncr_private_key_create (struct ncr_private_key **key, CK_KEY_TYPE type,
			      const void *der, size_t der_size,
			      const void *public_value,
			      size_t public_value_size);
CK_RV ncr_private_key_destroy (struct ncr_private_key *key);

CK_RV ncr_public_key_create_rsa (struct ncr_public_key **key,
				 const void *modulus, size_t modulus_size,
				 const void *public_exponent,
				 size_t public_exponent_size);
CK_RV ncr_private_key_create_rsa (struct ncr_private_key **key,
				  const void *modulus, size_t modulus_size,
				  const void *public_exponent,
				  size_t public_exponent_size,
				  const void *private_exponent,
				  size_t private_exponent_size,
				  const void *prime_1, size_t prime_1_size,
				  const void *prime_2, size_t prime_2_size,
				  const void *exponent_1,
				  size_t exponent_1_size,
				  const void *exponent_2,
				  size_t exponent_2_size,
				  const void *coefficient,
				  size_t coefficient_size);

 /* Asymmetric operations */

CK_RV ncr_public_key_encrypt (CK_MECHANISM_TYPE mech,
			      struct ncr_public_key *key, void *dest,
			      size_t *dest_size_ptr, const void *src,
			      size_t src_size);
CK_RV ncr_private_key_decrypt (CK_MECHANISM_TYPE mech,
			       struct ncr_private_key *key, void *dest,
			       size_t *dest_size_ptr, const void *src,
			       size_t src_size);

/* FIXME? Add multipart sign/verify with included hashing - not currently
   supported by NSS. */
CK_RV ncr_private_key_sign (CK_MECHANISM_TYPE mech,
			    struct ncr_private_key *key, void *dest,
			    size_t *dest_size_ptr, const void *src,
			    size_t src_size);
CK_RV ncr_public_key_verify (CK_MECHANISM_TYPE mech,
			     struct ncr_public_key *key, const void *signature,
			     size_t signature_size, const void *src,
			     size_t src_size);

 /* Digests */

struct ncr_digest_session;

/* Session lifetime management. */
CK_RV ncr_digest_alloc (struct ncr_digest_session **sess,
			CK_MECHANISM_TYPE mech);
CK_RV ncr_digest_free (struct ncr_digest_session *sess);
CK_RV ncr_digest_clone (struct ncr_digest_session **clone,
			struct ncr_digest_session *sess);
/* Use either ncr_digest_{init,update*,final} (), or
   ncr_{digest_init,digest} ().  After finishing such a call sequence, a new
   sequence can be started within the same session. */
CK_RV ncr_digest_init (struct ncr_digest_session *sess);
CK_RV ncr_digest_update (struct ncr_digest_session *sess, const void *data,
			 size_t size);
CK_RV ncr_digest_final (struct ncr_digest_session *sess, void *dest,
			size_t *size_ptr);
CK_RV ncr_digest (struct ncr_digest_session *sess, void *dest,
		  size_t *dest_size_ptr, const void *data, size_t data_size);

/* You'll get better performance by keeping a long-term digest session than
   repeatedly calling this function. */
CK_RV ncr_digest_standalone (CK_MECHANISM_TYPE mech, void *dest,
			     size_t *dest_size_ptr, const void *data,
			     size_t data_size);

 /* Symmetric encryption */

struct ncr_symm_cipher_session;

/* Note that for *_ECB and *_CBC, the input must be block-aligned.  For
   *_CBC_PAD, it does not have to be. */

/* Session lifetime management. */
CK_RV ncr_symm_cipher_alloc (struct ncr_symm_cipher_session **sess,
			     CK_MECHANISM_TYPE mech);
CK_RV ncr_symm_cipher_free (struct ncr_symm_cipher_session *sess);
/* Use either ncr_symm_cipher_encrypt_{init,update,final} (), or
   ncr_symm_cipher_{encrypt_init,encrypt} ().  After finishing such a call
   sequence, a new sequence can be started within the same session.  Same for
   decryption sequences. */
CK_RV ncr_symm_cipher_encrypt_init (struct ncr_symm_cipher_session *sess,
				    struct ncr_symm_key *key,
				    const void *param, size_t param_size);
CK_RV ncr_symm_cipher_encrypt_update (struct ncr_symm_cipher_session *sess,
				      void *dest, size_t *dest_size_ptr,
				      const void *src, size_t src_size);
CK_RV ncr_symm_cipher_encrypt_final (struct ncr_symm_cipher_session *sess,
				     void *dest, size_t *dest_size_ptr,
				     const void *src, size_t src_size);
CK_RV ncr_symm_cipher_encrypt (struct ncr_symm_cipher_session *sess, void *dest,
			       size_t *dest_size_ptr, const void *src,
			       size_t src_size);
CK_RV ncr_symm_cipher_decrypt_init (struct ncr_symm_cipher_session *sess,
				    struct ncr_symm_key *key,
				    const void *param, size_t param_size);
CK_RV ncr_symm_cipher_decrypt_update (struct ncr_symm_cipher_session *sess,
				      void *dest, size_t *dest_size_ptr,
				      const void *src, size_t src_size);
CK_RV ncr_symm_cipher_decrypt_final (struct ncr_symm_cipher_session *sess,
				     void *dest, size_t *dest_size_ptr,
				     const void *src, size_t src_size);
CK_RV ncr_symm_cipher_decrypt (struct ncr_symm_cipher_session *sess, void *dest,
			       size_t *dest_size_ptr, const void *src,
			       size_t src_size);

 /* Symmetric signatures */

struct ncr_symm_signature_session;

/* Session lifetime management. */
CK_RV ncr_symm_signature_alloc (struct ncr_symm_signature_session **sess,
				CK_MECHANISM_TYPE mech);
CK_RV ncr_symm_signature_free (struct ncr_symm_signature_session *sess);
/* Use either ncr_symm_signature_sign_{init,update,final} (), or
   ncr_symm_signature_{sign_init,sign} ().  After finishing such a call
   sequence, a new sequence can be started within the same session.  Same for
   verification sequences.

   Symmetric signature mechanisms  tend to use keys of type
   CKK_GENERIC_SECRET. */
CK_RV ncr_symm_signature_sign_init (struct ncr_symm_signature_session *sess,
				    struct ncr_symm_key *key);
CK_RV ncr_symm_signature_sign_update (struct ncr_symm_signature_session *sess,
				      const void *data, size_t size);
CK_RV ncr_symm_signature_sign_final (struct ncr_symm_signature_session *sess,
				     void *dest, size_t *size_ptr);
CK_RV ncr_symm_signature_sign (struct ncr_symm_signature_session *sess,
			       void *dest, size_t *dest_size_ptr,
			       const void *data, size_t data_size);
CK_RV ncr_symm_signature_verify_init (struct ncr_symm_signature_session *sess,
				      struct ncr_symm_key *key);
CK_RV ncr_symm_signature_verify_update (struct ncr_symm_signature_session *sess,
					const void *data, size_t size);
CK_RV ncr_symm_signature_verify_final (struct ncr_symm_signature_session *sess,
				       const void *signature, size_t size);
CK_RV ncr_symm_signature_verify (struct ncr_symm_signature_session *sess,
				 const void *signature, size_t signature_size,
				 const void *data, size_t data_size);

#endif