1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
|
/* libncrypto interface.
Copyright 2010 Red Hat, Inc.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
Red Hat author: Miloslav Trmač <mitr@redhat.com> */
#ifndef NCRYPTO_H__
#define NCRYPTO_H__
#include <stddef.h>
#include <pkcs11.h>
/* In general, semantics aspects that are not documented here are same as in
PCKS#11.
Simultaneous references to the same object from multiple threads (except for
simultaneous read accesses to a key) cause undefined behavior. */
� /* Global state */
/* A program should pair calls of ncr_open () with ncr_close (). In absence
of ncr_open (), the library will be initialized automatically, and
ncr_close () will deinitialize it. */
CK_RV ncr_open (void);
CK_RV ncr_close (void);
� /* Random numbers */
CK_RV ncr_get_random_bytes (void *dest, size_t size);
� /* Symmetric keys */
struct ncr_symm_key;
CK_RV ncr_symm_key_create (struct ncr_symm_key **key, CK_KEY_TYPE type,
const void *value, size_t value_size);
CK_RV ncr_symm_key_generate (struct ncr_symm_key **key, CK_MECHANISM_TYPE mech,
size_t value_size);
CK_RV ncr_symm_key_destroy (struct ncr_symm_key *key);
� /* Asymmetric keys */
struct ncr_public_key;
struct ncr_private_key;
CK_RV ncr_public_key_create (struct ncr_public_key **key, CK_KEY_TYPE type,
const void *der, size_t der_size);
CK_RV ncr_public_key_destroy (struct ncr_public_key *key);
CK_RV ncr_private_key_create (struct ncr_private_key **key, CK_KEY_TYPE type,
const void *der, size_t der_size,
const void *public_value,
size_t public_value_size);
CK_RV ncr_private_key_destroy (struct ncr_private_key *key);
CK_RV ncr_public_key_create_rsa (struct ncr_public_key **key,
const void *modulus, size_t modulus_size,
const void *public_exponent,
size_t public_exponent_size);
CK_RV ncr_private_key_create_rsa (struct ncr_private_key **key,
const void *modulus, size_t modulus_size,
const void *public_exponent,
size_t public_exponent_size,
const void *private_exponent,
size_t private_exponent_size,
const void *prime_1, size_t prime_1_size,
const void *prime_2, size_t prime_2_size,
const void *exponent_1,
size_t exponent_1_size,
const void *exponent_2,
size_t exponent_2_size,
const void *coefficient,
size_t coefficient_size);
� /* Asymmetric operations */
CK_RV ncr_public_key_encrypt (CK_MECHANISM_TYPE mech,
struct ncr_public_key *key, void *dest,
size_t *dest_size_ptr, const void *src,
size_t src_size);
CK_RV ncr_private_key_decrypt (CK_MECHANISM_TYPE mech,
struct ncr_private_key *key, void *dest,
size_t *dest_size_ptr, const void *src,
size_t src_size);
/* FIXME? Add multipart sign/verify with included hashing - not currently
supported by NSS. */
CK_RV ncr_private_key_sign (CK_MECHANISM_TYPE mech,
struct ncr_private_key *key, void *dest,
size_t *dest_size_ptr, const void *src,
size_t src_size);
CK_RV ncr_public_key_verify (CK_MECHANISM_TYPE mech,
struct ncr_public_key *key, const void *signature,
size_t signature_size, const void *src,
size_t src_size);
� /* Digests */
struct ncr_digest_session;
/* Session lifetime management. */
CK_RV ncr_digest_alloc (struct ncr_digest_session **sess,
CK_MECHANISM_TYPE mech);
CK_RV ncr_digest_free (struct ncr_digest_session *sess);
CK_RV ncr_digest_clone (struct ncr_digest_session **clone,
struct ncr_digest_session *sess);
/* Use either ncr_digest_{init,update*,final} (), or
ncr_{digest_init,digest} (). After finishing such a call sequence, a new
sequence can be started within the same session. */
CK_RV ncr_digest_init (struct ncr_digest_session *sess);
CK_RV ncr_digest_update (struct ncr_digest_session *sess, const void *data,
size_t size);
CK_RV ncr_digest_final (struct ncr_digest_session *sess, void *dest,
size_t *size_ptr);
CK_RV ncr_digest (struct ncr_digest_session *sess, void *dest,
size_t *dest_size_ptr, const void *data, size_t data_size);
/* You'll get better performance by keeping a long-term digest session than
repeatedly calling this function. */
CK_RV ncr_digest_standalone (CK_MECHANISM_TYPE mech, void *dest,
size_t *dest_size_ptr, const void *data,
size_t data_size);
� /* Symmetric encryption */
struct ncr_symm_cipher_session;
/* Note that for *_ECB and *_CBC, the input must be block-aligned. For
*_CBC_PAD, it does not have to be. */
/* Session lifetime management. */
CK_RV ncr_symm_cipher_alloc (struct ncr_symm_cipher_session **sess,
CK_MECHANISM_TYPE mech);
CK_RV ncr_symm_cipher_free (struct ncr_symm_cipher_session *sess);
/* Use either ncr_symm_cipher_encrypt_{init,update,final} (), or
ncr_symm_cipher_{encrypt_init,encrypt} (). After finishing such a call
sequence, a new sequence can be started within the same session. Same for
decryption sequences. */
CK_RV ncr_symm_cipher_encrypt_init (struct ncr_symm_cipher_session *sess,
struct ncr_symm_key *key,
const void *param, size_t param_size);
CK_RV ncr_symm_cipher_encrypt_update (struct ncr_symm_cipher_session *sess,
void *dest, size_t *dest_size_ptr,
const void *src, size_t src_size);
CK_RV ncr_symm_cipher_encrypt_final (struct ncr_symm_cipher_session *sess,
void *dest, size_t *dest_size_ptr,
const void *src, size_t src_size);
CK_RV ncr_symm_cipher_encrypt (struct ncr_symm_cipher_session *sess, void *dest,
size_t *dest_size_ptr, const void *src,
size_t src_size);
CK_RV ncr_symm_cipher_decrypt_init (struct ncr_symm_cipher_session *sess,
struct ncr_symm_key *key,
const void *param, size_t param_size);
CK_RV ncr_symm_cipher_decrypt_update (struct ncr_symm_cipher_session *sess,
void *dest, size_t *dest_size_ptr,
const void *src, size_t src_size);
CK_RV ncr_symm_cipher_decrypt_final (struct ncr_symm_cipher_session *sess,
void *dest, size_t *dest_size_ptr,
const void *src, size_t src_size);
CK_RV ncr_symm_cipher_decrypt (struct ncr_symm_cipher_session *sess, void *dest,
size_t *dest_size_ptr, const void *src,
size_t src_size);
� /* Symmetric signatures */
struct ncr_symm_signature_session;
/* Session lifetime management. */
CK_RV ncr_symm_signature_alloc (struct ncr_symm_signature_session **sess,
CK_MECHANISM_TYPE mech);
CK_RV ncr_symm_signature_free (struct ncr_symm_signature_session *sess);
/* Use either ncr_symm_signature_sign_{init,update,final} (), or
ncr_symm_signature_{sign_init,sign} (). After finishing such a call
sequence, a new sequence can be started within the same session. Same for
verification sequences.
Symmetric signature mechanisms tend to use keys of type
CKK_GENERIC_SECRET. */
CK_RV ncr_symm_signature_sign_init (struct ncr_symm_signature_session *sess,
struct ncr_symm_key *key);
CK_RV ncr_symm_signature_sign_update (struct ncr_symm_signature_session *sess,
const void *data, size_t size);
CK_RV ncr_symm_signature_sign_final (struct ncr_symm_signature_session *sess,
void *dest, size_t *size_ptr);
CK_RV ncr_symm_signature_sign (struct ncr_symm_signature_session *sess,
void *dest, size_t *dest_size_ptr,
const void *data, size_t data_size);
CK_RV ncr_symm_signature_verify_init (struct ncr_symm_signature_session *sess,
struct ncr_symm_key *key);
CK_RV ncr_symm_signature_verify_update (struct ncr_symm_signature_session *sess,
const void *data, size_t size);
CK_RV ncr_symm_signature_verify_final (struct ncr_symm_signature_session *sess,
const void *signature, size_t size);
CK_RV ncr_symm_signature_verify (struct ncr_symm_signature_session *sess,
const void *signature, size_t signature_size,
const void *data, size_t data_size);
#endif
|
