/*	$Id: diCrPKI.h $ */

/*	For `CryptoSys PKI Pro`.
	Requires `diCrPKI.lib` and `diCrPKI.dll` for Win32/64
	or `diCrPKI.a` or `libcryptosyspki.so` for Linux.
*/

/*	Copyright (C) 2002-25 DI Management Services Pty Limited
	<http://di-mgt.com.au> <http://cryptosys.net>
	All rights reserved.

	Last updated:
	$Date: 2023-01-01 03:07:00 $
	$Revision: 21.0.0 $
*/

#ifndef DICRPKI_H_
#define DICRPKI_H_ 1

#include <wchar.h>

/* GENERAL CONSTANTS */
#define PKI_DIR_ENCRYPT   1
#define PKI_DIR_DECRYPT   0
/* Synonyms for direction */
#define ENCRYPT 1
#define DECRYPT 0
/* Maximum number of bytes in hash digest byte array */
#define PKI_MAX_HASH_BYTES 64
#define PKI_SHA1_BYTES     20
#define PKI_SHA224_BYTES   28
#define PKI_SHA256_BYTES   32
#define PKI_SHA384_BYTES   48
#define PKI_SHA512_BYTES   64
#define PKI_MD5_BYTES      16
#define PKI_MD2_BYTES      16
#define PKI_RMD160_BYTES   20
#define PKI_BTC160_BYTES   20
/* Maximum number of hex characters in hash digest (excl null) */
#define PKI_MAX_HASH_CHARS (2*PKI_MAX_HASH_BYTES)
#define PKI_SHA1_CHARS     (2*PKI_SHA1_BYTES)
#define PKI_SHA224_CHARS   (2*PKI_SHA224_BYTES)
#define PKI_SHA256_CHARS   (2*PKI_SHA256_BYTES)
#define PKI_SHA384_CHARS   (2*PKI_SHA384_BYTES)
#define PKI_SHA512_CHARS   (2*PKI_SHA512_BYTES)
#define PKI_MD5_CHARS      (2*PKI_MD5_BYTES)
#define PKI_MD2_CHARS      (2*PKI_MD2_BYTES)
#define PKI_RMD160_CHARS   (2*PKI_RMD160_BYTES)
#define PKI_BTC160_CHARS   (2*PKI_BTC160_BYTES)
/* Synonym retained for backwards compatibility */
#define PKI_MAX_HASH_LEN   PKI_MAX_HASH_CHARS
/* Encryption block sizes in bytes */
#define PKI_BLK_TDEA_BYTES 8
#define PKI_BLK_AES_BYTES  16
/* Key size in bytes */
#define PKI_KEYSIZE_TDEA_BYTES 24
#define PKI_KEYSIZE_MAX_BYTES  32
/* Required size for RNG seed file */
#define PKI_RNG_SEED_BYTES 64
/* Length of GUID string - added [v12.3] */
#define PKI_RNG_GUID_CHARS 36
/* Maximum number of characters in a last error message */
#define PKI_MAX_LASTERROR_CHARS 647
#define PKI_MAX_ERROR_CHARS (PKI_MAX_LASTERROR_CHARS)  /* synonym */
/* Maximum number of characters in an error lookup message */
#define PKI_MAX_ERRORLOOKUP_CHARS 127


/* OPTIONS */
#define PKI_DEFAULT       0

/* Signature algorithms */
#define PKI_SIG_SHA1RSA   0x0
#define PKI_SIG_MD5RSA    0x1
#define PKI_SIG_MD2RSA    0x2
#define PKI_SIG_SHA256RSA 0x3
#define PKI_SIG_SHA384RSA 0x4
#define PKI_SIG_SHA512RSA 0x5
#define PKI_SIG_SHA224RSA 0x6
/* Synonyms added [v12.0] */
#define PKI_SIG_RSA_SHA1   0x0
#define PKI_SIG_RSA_SHA224 0x6
#define PKI_SIG_RSA_SHA256 0x3
#define PKI_SIG_RSA_SHA384 0x4
#define PKI_SIG_RSA_SHA512 0x5
#define PKI_SIG_RSA_MD5    0x1   /* [not recommended for new implementations] */
/* New in [v11.0] */
#define PKI_SIG_ECDSA_SHA1   0x10
#define PKI_SIG_ECDSA_SHA224 0x20
#define PKI_SIG_ECDSA_SHA256 0x30
#define PKI_SIG_ECDSA_SHA384 0x40
#define PKI_SIG_ECDSA_SHA512 0x50
/* New in [v12.0] */
#define PKI_SIG_RSA_PSS_SHA1   0xB0
#define PKI_SIG_RSA_PSS_SHA224 0xB6
#define PKI_SIG_RSA_PSS_SHA256 0xB3
#define PKI_SIG_RSA_PSS_SHA384 0xB4
#define PKI_SIG_RSA_PSS_SHA512 0xB5

/* Safe curves for EdDSA - new in [v20.0] */
#define PKI_SIG_ED25519  0xC0
//-- 0xC1 Reserved for PKI_SIG_ED448

/* Safe curves for ECDH - new in [v20.0] */
#define PKI_ECDH_X25519  0xD0
//-- 0xD1 Reserved for PKI_ECDH_X448

/* Salt lengths for RSA-PSS - new in [v12.0] */
#define PKI_PSS_SALTLEN_HLEN 0x000000	/* Default */
#define PKI_PSS_SALTLEN_MAX  0x200000
#define PKI_PSS_SALTLEN_20   0x300000
#define PKI_PSS_SALTLEN_ZERO 0x400000

/* MGF parameters for RSA-OAEP/PSS - new in [v12.0] */
#define PKI_MGF_MGF1SHA1     0x800000L  /* Force SHA-1 in MGF1 */

/* PKCS#5 Password-based encryption algorithms */
#define PKI_PBE_SHA_3DES  0x0		/* Default */
/* Added in [v11.0] as simpler alternative to PKI_PBE_PBES2 + PKI_BC */
#define PKI_PBE_PBKDF2_DESEDE3 0x1010L
#define PKI_PBE_PBKDF2_AES128  0x1020L
#define PKI_PBE_PBKDF2_AES192  0x1030L
#define PKI_PBE_PBKDF2_AES256  0x1040L
// --0x1820L Reserved for PKI_PBE_SCRYPT_AES128
// --0x1840L Reserved for PKI_PBE_SCRYPT_AES256
/* These next 3 changed in [v11.0] (by adding 0x8000000) */
#define PKI_PBE_MD5_DES 0x8000001L   /* [not recommended for new implementations] */
#define PKI_PBE_MD2_DES 0x8000002L   /* [not recommended for new implementations] */
#define PKI_PBE_SHA_DES 0x8000003L   /* [not recommended for new implementations] */
/* Synonym retained for backwards compatibility */
#define PKI_PBES2_3DES  PKI_PBE_PBKDF2_DESEDE3
/* Older alternative to specify PBES2 PBKDF2 */
#define PKI_PBE_PBES2   0x1000L	/* Add PKI_BC_* option to specify encryption alg  */

/* Message digest hash algorithms */
#define PKI_HASH_SHA1     0x0
#define PKI_HASH_MD5      0x1
#define PKI_HASH_MD2      0x2
#define PKI_HASH_SHA256   0x3
#define PKI_HASH_SHA384   0x4
#define PKI_HASH_SHA512   0x5
#define PKI_HASH_SHA224   0x6
#define PKI_HASH_RMD160   0x7
#define PKI_HASH_BTC160   0x8
#define PKI_HASH_SHA3_224 0xA
#define PKI_HASH_SHA3_256 0xB
#define PKI_HASH_SHA3_384 0xC
#define PKI_HASH_SHA3_512 0xD

#define PKI_HASH_MODE_TEXT 0x10000L
#define PKI_HASH_DOUBLE    0x20000L

/* HMAC algorithms */
#define PKI_HMAC_SHA1     0x0
#define PKI_HMAC_SHA224   0x6
#define PKI_HMAC_SHA256   0x3
#define PKI_HMAC_SHA384   0x4
#define PKI_HMAC_SHA512   0x5
#define PKI_HMAC_SHA3_224 0xA
#define PKI_HMAC_SHA3_256 0xB
#define PKI_HMAC_SHA3_384 0xC
#define PKI_HMAC_SHA3_512 0xD

/* Options for MAC/XOF/PRF functions */
#define PKI_KMAC_128      0x201
#define PKI_KMAC_256      0x202
#define PKI_XOF_SHAKE128  0x203
#define PKI_XOF_SHAKE256  0x204
#define PKI_XOF_MGF1_SHA1    0x210
#define PKI_XOF_MGF1_SHA256  0x213
#define PKI_XOF_MGF1_SHA512  0x215

/* nFermatExp values for RSA exponent */
#define PKI_RSAEXP_EQ_3     0
#define PKI_RSAEXP_EQ_5     1
#define PKI_RSAEXP_EQ_17    2
#define PKI_RSAEXP_EQ_257   3
#define PKI_RSAEXP_EQ_65537 4

/* Return values for RSA_CheckKey */
#define PKI_VALID_PUBLICKEY  1
#define PKI_VALID_PRIVATEKEY 0

/* Options for ECC Keys - New in [v20.0] */
#define PKI_ECC_PRIVATE_KEY 0x0
#define PKI_ECC_PUBLIC_KEY  0x1

/* BIT FLAGS */

/* Key generation and storage */
#define PKI_KEYGEN_INDICATE   0x1000000L
#define PKI_KEY_SECURE_OFF    0x2000000L	/* New in [v20.4] */
#define PKI_KEY_FORMAT_PEM    0x10000L
#define PKI_KEY_FORMAT_SSL    0x20000L
#define PKI_KEY_TYPE_PKCS8    0x40000L

#define PKI_PFX_STRONG_CERT		0x1000000L  /* New in [v12.3] */
#define PKI_PFX_PLAIN_CERT		0x2000000L
#define PKI_PFX_CLONE_KEY		0x4000000L
#define PKI_PFX_ALT_FORMAT		 0x100000L
#define PKI_PFX_P7CHAIN			   0x0400L
#define PKI_PFX_AES256_SHA256	   0x1043L	/* New in [v20.5] */

#define PKI_CMS_FORMAT_BASE64     0x10000L
#define PKI_CMS_EXCLUDE_CERTS      0x0100L
#define PKI_CMS_EXCLUDE_DATA       0x0200L
#define PKI_CMS_CERTS_ONLY         0x0400L
#define PKI_CMS_INCLUDE_ATTRS      0x0800L
#define PKI_CMS_ADD_SIGNTIME       0x1000L
#define PKI_CMS_ADD_SMIMECAP       0x2000L
#define PKI_CMS_ADD_SIGNINGCERT    0x4000L  /* New in [v12.4] */
#define PKI_CMS_ADD_ALGPROTECT     0x8000L  /* New in [v12.4] */
#define PKI_CMS_NO_INFLATE      0x1000000L
#define PKI_CMS_NO_OUTER        0x2000000L
#define PKI_CMS_ALT_ALGID       0x4000000L
#define PKI_CMS_BIGFILE         0x8000000L
#define PKI_CMS_PSEUDOSIG        0x100000L  /* New in [v20.2] */

#ifndef PKI_XML_DEFINED_
#define PKI_XML_RSAKEYVALUE   0x0001L
#define PKI_XML_EXCLPRIVATE   0x0010L
#define PKI_XML_REQPRIVATE    0x0020L
#define PKI_XML_HEXBINARY     0x0100L
#define PKI_XML_DEFINED_
#endif  /* PKI_XML_DEFINED_ */

#ifndef PKI_ENCOD_DEFINED_
#define PKI_EME_DEFAULT         0x00L
#define PKI_EME_PKCSV1_5        0x00L
#define PKI_EME_OAEP            0x10L
#define PKI_EMSIG_DEFAULT       0x20L
#define PKI_EMSIG_PKCSV1_5      0x20L
#define PKI_EMSIG_DIGESTONLY  0x1000L
#define PKI_EMSIG_DIGINFO     0x2000L
#define PKI_EMSIG_ISO9796   0x100000L
#define PKI_ENCOD_DEFINED_
#endif  /* PKI_ENCOD_DEFINED_ */

#ifndef PKI_X509_DEFINED_
/* X.509 Option flags */
#define PKI_X509_FORMAT_PEM                0x10000L
#define PKI_X509_FORMAT_BIN                0x20000L
#define PKI_X509_REQ_KLUDGE               0x100000L
#define PKI_X509_NO_TIMECHECK             0x200000L
#define PKI_X509_LATIN1                   0x400000L
#define PKI_X509_UTF8                     0x800000L
#define PKI_X509_AUTHKEYID               0x1000000L	
#define PKI_X509_NO_BASIC                0x2000000L				
#define PKI_X509_CA_TRUE                 0x4000000L
#define PKI_X509_VERSION1                0x8000000L
#define PKI_X509_LDAP                       0x1000L
#define PKI_X509_DECIMAL                    0x8000L
/* Flags for X.509 Key Usage */
#define PKI_X509_KEYUSAGE_DIGITALSIGNATURE  0x0001L
#define PKI_X509_KEYUSAGE_NONREPUDIATION    0x0002L
#define PKI_X509_KEYUSAGE_KEYENCIPHERMENT   0x0004L
#define PKI_X509_KEYUSAGE_DATAENCIPHERMENT  0x0008L
#define PKI_X509_KEYUSAGE_KEYAGREEMENT      0x0010L
#define PKI_X509_KEYUSAGE_KEYCERTSIGN       0x0020L
#define PKI_X509_KEYUSAGE_CRLSIGN           0x0040L
#define PKI_X509_KEYUSAGE_ENCIPHERONLY      0x0080L
#define PKI_X509_KEYUSAGE_DECIPHERONLY      0x0100L
/* Specific return values */
/* [v12.0] Changed from +1/-1 to proper error codes */
#define PKI_X509_EXPIRED         16 /* (EXPIRED_ERROR) CHANGED FROM -1 [v12.0] */
#define PKI_X509_VERIFY_FAILURE  22	/* (SIGNATURE_ERROR) CHANGED FROM -1 [v12.0] */
#define PKI_X509_REVOKED         42	/* (REVOCATION_ERROR) CHANGED FROM +1 [v12.0] */
#define PKI_X509_INVALID         43	/* (CERT_PATH_ERROR) CHANGED FROM +1 [v12.0] */
#define PKI_X509_VALID_NOW       0
#define PKI_X509_VERIFY_SUCCESS  0
#define PKI_X509_DEFINED_
#endif  /* PKI_X509_DEFINED_ */

/* Return values for CNV_CheckUTF */
#define PKI_CHRS_NOT_UTF8    0L
#define PKI_CHRS_ALL_ASCII   1L
#define PKI_CHRS_ANSI8       2L
#define PKI_CHRS_MULTIBYTE   3L

/* Options for CNV_ByteEncoding */
#define PKI_CNV_UTF8_FROM_LATIN1 0x1L
#define PKI_CNV_LATIN1_FROM_UTF8 0x2L

/* Options for CNV_Num[To/From]Bytes - new in [v11.0] */
#define PKI_CNV_BIG_ENDIAN    0x0L
#define PKI_CNV_LITTLE_ENDIAN 0x1L

/* Flags and return values for X.509 and CMS query functions */
#define PKI_QUERY_GETTYPE    0x100000L
#define PKI_QUERY_NUMBER     1L
#define PKI_QUERY_STRING     2L

/* Options for RNG functions */
#define PKI_RNG_STRENGTH_112        0x00L
#define PKI_RNG_STRENGTH_128        0x01L

/* Block cipher (BC) algorithm options */
#define PKI_BC_TDEA    0x10L	// )
#define PKI_BC_3DES    0x10L	// ) equiv. synonyms for Triple DES
#define PKI_BC_DESEDE3 0x10L	// )
#define PKI_BC_AES128  0x20L
#define PKI_BC_AES192  0x30L
#define PKI_BC_AES256  0x40L

/* Block cipher mode options */
#define PKI_MODE_ECB  0x000L
#define PKI_MODE_CBC  0x100L
#define PKI_MODE_OFB  0x200L
#define PKI_MODE_CFB  0x300L
#define PKI_MODE_CTR  0x400L
/* Added [v12.1] AEAD only */
#define PKI_MODE_GCM  0x500L

/* Block cipher padding options */
#define PKI_PAD_DEFAULT 0x0
#define PKI_PAD_NOPAD  0x10000
#define PKI_PAD_PKCS5  0x20000
#define PKI_PAD_1ZERO  0x30000
/* Added [v11.1] */
#define PKI_PAD_AX923  0x40000
#define PKI_PAD_W3C    0x50000

/* AEAD algorithms - added [v12.1] */
#define PKI_AEAD_AES_128_GCM  0x520L
#define PKI_AEAD_AES_192_GCM  0x530L
#define PKI_AEAD_AES_256_GCM  0x540L

/* Block cipher option flags */
#define PKI_IV_PREFIX 0x1000

/* Key wrap algorithms - added [v20.5] */
#define PKI_KWRAP_3DES    0x100000L
#define PKI_KWRAP_AES128  0x200000L
#define PKI_KWRAP_AES192  0x300000L
#define PKI_KWRAP_AES256  0x400000L

/* Key transport algorithms */
#define PKI_KT_RSAES_PKCS   0x0000L
#define PKI_KT_RSAES_OAEP   0x8000L
// --0xC000L Reserved for PKI_KT_RSA_KEM

/* Key derivation functions */
/* Changed [v20.5] */
// #define PKI_KDF_KDF2    0x000L //--historical, never used
#define PKI_KDF_X963    0x0000L	/* [v20.5] new default */
#define PKI_KDF_HKDF    0x1000L

/* ASN.1 utilities - added [v10.0] */
#define PKI_ASN1_NOCOMMENTS 0x100000L
#define PKI_ASN1_ADDLEVELS  0x800000L
#define PKI_ASN1_TYPE_MAXCHARS 64

/* SIG functions */
#define PKI_SIG_USEDIGEST     0x1000L	/* Added [v10.0] */
#define PKI_SIG_DETERMINISTIC 0x2000L	/* Added [v11.0] */
#define PKI_SIG_ASN1DER       0x4000L	/* Added [v11.0], changed from 0x200000 [v12.0] */

/* SMIME functions - added [v10.0] */
#define PKI_SMIME_ENCODE_BASE64   0x10000L
#define PKI_SMIME_ENCODE_BINARY   0x20000L
#define PKI_SMIME_ADDX           0x100000L

/* Encoding options - added [v11.0] */
#define PKI_ENCODE_HEX       0x30000L
#define PKI_ENCODE_BASE64URL 0x40000L

/* Wipefile options - added [v12.0] */
#define PKI_WIPEFILE_DOD7    0x0	/* Default */
#define PKI_WIPEFILE_SIMPLE  0x1

/* General */
#define PKI_GEN_PLATFORM 0x40
#define PKI_GEN_LEGACY   0x8000000L	/* Added [v11.0] */


/* __stdcall convention required for Win32/64 DLL only */
#if defined(__linux__) || defined (linux) || defined(__linux)
#define __stdcall
#endif

#ifdef __cplusplus
extern "C" {
#endif

/* GENERAL FUNCTIONS */
long __stdcall PKI_Version(void *nReserved1, void *nReserved2);
long __stdcall PKI_LicenceType(long nOptions);
long __stdcall PKI_CompileTime(char *szOutput, long nOutChars);
long __stdcall PKI_ModuleName(char *szOutput, long nOutChars, long nOptions);
long __stdcall PKI_PowerUpTests(long nOptions);
long __stdcall PKI_Platform(char *szOutput, long nOutChars);
long __stdcall PKI_ModuleInfo(char *szOutput, long nOutChars, long nOptions);
/* New in [v21.0] */
long __stdcall PKI_FormatErrorMessage(char *szOutput, long nOutChars, long nErrCode, const char *szUserMsg);

/* ERROR-RELATED FUNCTIONS */
long __stdcall PKI_LastError(char *szOutput, long nOutChars);
long __stdcall PKI_ErrorCode(void);
long __stdcall PKI_ErrorLookup(char *szOutput, long nOutChars, long nErrCode);

/* CRYPTOGRAPHIC MESSAGE SYNTAX (CMS) FUNCTIONS */
long __stdcall CMS_MakeEnvData(const char *szFileOut, const char *szFileIn, const char *szCertList, const char *szSeed, long nSeedLen, long nOptions);
long __stdcall CMS_MakeEnvDataFromString(const char *szFileOut, const char *szDataIn, const char *szCertList, const char *szSeed, long nSeedLen, long nOptions);
long __stdcall CMS_ReadEnvData(const char *szFileOut, const char *szFileIn, const char *szCertFile, const char *szPrivateKey, long nOptions);
long __stdcall CMS_ReadEnvDataToString(char *szOutput, long nOutChars, const char *szFileIn, const char *szCertFile, const char *szPrivateKey, long nOptions);
long __stdcall CMS_MakeSigData(const char *szFileOut, const char *szFileIn, const char *szCertList, const char *szPrivateKey, long nOptions);
long __stdcall CMS_MakeSigDataFromString(const char *szFileOut, const char *szDataIn, const char *szCertList, const char *szPrivateKey, long nOptions);
long __stdcall CMS_MakeSigDataFromSigValue(const char *szFileOut, const unsigned char *lpSigValue, long nSigLen, const unsigned char *lpData, long nDataLen, const char *szCertListOrFile, long nOptions);
long __stdcall CMS_MakeDetachedSig(const char *szFileOut, const char *szHexDigest, const char *szCertList, const char *szPrivateKey, long nOptions);
long __stdcall CMS_ReadSigData(const char *szFileOut, const char *szFileIn, long nOptions);
long __stdcall CMS_ReadSigDataToString(char *szOutput, long nOutChars, const char *szFileIn, long nOptions);
long __stdcall CMS_GetSigDataDigest(char *szOutput, long nOutChars, const char *szFileIn, const char *szCertFile, long nOptions);
long __stdcall CMS_VerifySigData(const char *szFileIn, const char *szCertFile, const char *szHexDigest, long nOptions);
long __stdcall CMS_QuerySigData(char *szOutput, long nOutChars, const char *szFileIn, const char *szQuery, long nOptions);
long __stdcall CMS_QueryEnvData(char *szOutput, long nOutChars, const char *szFileIn, const char *szQuery, long nOptions);
long __stdcall CMS_MakeComprData(const char *szFileOut, const char *szFileIn, long nOptions);
long __stdcall CMS_ReadComprData(const char *szFileOut, const char *szFileIn, long nOptions);
long __stdcall CMS_ReadEnvDataToBytes(unsigned char *lpOutput, long nOutBytes, const char *szFileIn, const char *szCertFile, const char *szPrivateKey, long nOptions);
long __stdcall CMS_ReadSigDataToBytes(unsigned char *lpOutput, long nOutBytes, const char *szFileIn, long nOptions);
long __stdcall CMS_MakeEnvDataFromBytes(const char *szFileOut, const unsigned char *lpInput, long nInputLen, const char *szCertList, const char *szSeed, long nSeedLen, long nOptions);
long __stdcall CMS_MakeSigDataFromBytes(const char *szFileOut, const unsigned char *lpInput, long nInputLen, const char *szCertList, const char *szPrivateKey, long nOptions);

/* RSA KEY FUNCTIONS */
/* New in [v12.3] */
long __stdcall RSA_MakeKeysXtd(const char *szPubKeyFile, const char *szPriKeyFile, const char *szPassword, long nBits, long nExpFermat, const char *szParams, long nOptions);
/* ...supersedes the function: */
long __stdcall RSA_MakeKeys(const char *szPubKeyFile, const char *szEpkFile, long nBits, long nExpFermat, long nTests, long nCount, const char *szPassword, const void *lpSeed, long nSeedLen, long nOptions);
/* New in [v12.3] */
long __stdcall RSA_SaveEncKey(const char *szFileOut, const char *szIntKeyString, const char *szPassword, const char *szParams, long nOptions);
/* ...supersedes the function: */
long __stdcall RSA_SaveEncPrivateKey(const char *szFileOut, const char *szKeyString, long nCount, const char *szPassword, long nOptions);
long __stdcall RSA_SavePublicKey(const char *szFileOut, const char *szKeyString, long nOptions);
long __stdcall RSA_SavePrivateKeyInfo(const char *szFileOut, const char *szKeyString, long nOptions);
long __stdcall RSA_GetPrivateKeyFromPFX(const char *szFileOut, const char *szPfxFile, long nOptions);
long __stdcall RSA_GetPublicKeyFromCert(char *szOutput, long nOutChars, const char *szCertFile, long nOptions);
long __stdcall RSA_KeyBits(const char *szKeyString);
long __stdcall RSA_KeyBytes(const char *szKeyString);
long __stdcall RSA_ToXMLString(char *szOutput, long nOutChars, const char *szKeyString, long nOptions);
long __stdcall RSA_ToXMLStringEx(char *szOutput, long nOutChars, const char *szKeyString, const char *szPrefix, long nOptions);
long __stdcall RSA_FromXMLString(char *szOutput, long nOutChars, const char *szXmlString, long nOptions);
long __stdcall RSA_CheckKey(const char *szKeyString, long nOptions);
long __stdcall RSA_KeyHashCode(const char *szKeyString);
long __stdcall RSA_KeyMatch(const char *szPrivateKey, const char *szPublicKey);
long __stdcall RSA_ReadPrivateKeyFromPFX(char *szOutput, long nOutChars, const char *szPfxFile, const char *szPassword, long nOptions);
long __stdcall RSA_PublicKeyFromPrivate(char *szOutput, long nOutChars, const char *szKeyString, long nOptions);
long __stdcall RSA_ReadAnyPrivateKey(char *szOutput, long nOutChars, const char *szKeyFileOrString, const char *szPassword, long nOptions);
long __stdcall RSA_ReadAnyPublicKey(char *szOutput, long nOutChars, const char *szKeyFileOrString, long nOptions);
long __stdcall RSA_KeyValue(char *szOutput, long nOutChars, const char *szKeyString, const char *szFieldName, long nOptions);

/* The following three functions are @deprecated - use RSA_ReadAnyPrivateKey or RSA_ReadAnyPublicKey. */
long __stdcall RSA_ReadEncPrivateKey(char *szOutput, long nOutChars, const char *szEpkFile, const char *szPassword, long nOptions);
long __stdcall RSA_ReadPrivateKeyInfo(char *szOutput, long nOutChars, const char *szKeyFile, long nOptions);
long __stdcall RSA_ReadPublicKey(char *szOutput, long nOutChars, const char *szPubKeyFile, long nOptions);

/* 'RAW' RSA ENCRYPTION/DECRYPTION FUNCTIONS */
long __stdcall RSA_RawPublic(unsigned char *lpData, long nDataLen, const char *szPublicKey, long nOptions);
long __stdcall RSA_RawPrivate(unsigned char *lpData, long nDataLen, const char *szPrivateKey, long nOptions);
long __stdcall RSA_EncodeMsg(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nOptions);
long __stdcall RSA_DecodeMsg(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nOptions);
long __stdcall RSA_Encrypt(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const char *szPublicKeyFile, const char *szParameters, long nOptions);
long __stdcall RSA_Decrypt(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const char *szPrivateKeyFile, const char *szPassword, const char *szParameters, long nOptions);

/* ELLIPTIC CURVE CRYPTOGRAPHY FUNCTIONS */
long __stdcall ECC_MakeKeys(const char *szPubKeyFile, const char *szPriKeyFile, const char *szCurveName, const char *szPassword, const char *szParams, long nOptions);
long __stdcall ECC_ReadKeyByCurve(char *szOutput, long nOutChars, const char *szHexKey, const char *szCurveName, long nOptions);
long __stdcall ECC_ReadPrivateKey(char *szOutput, long nOutChars, const char *szKeyFileOrString, const char *szPassword, long nOptions);
long __stdcall ECC_ReadPublicKey(char *szOutput, long nOutChars, const char *szKeyFileOrString, long nOptions);
long __stdcall ECC_SaveEncKey(const char *szFileOut, const char *szIntKeyString, const char *szPassword, const char *szParams, long nOptions);
long __stdcall ECC_SaveKey(const char *szFileOut, const char *szIntKeyString, long nOptions);
long __stdcall ECC_PublicKeyFromPrivate(char *szOutput, long nOutChars, const char *szIntKeyString, long nOptions);
long __stdcall ECC_QueryKey(char *szOutput, long nOutChars, const char *szIntKeyString, const char *szQuery, long nOptions);
long __stdcall ECC_KeyHashCode(const char *szKeyString);
/* New in [v20.0] */
long __stdcall ECC_DHSharedSecret(unsigned char *lpZZ, long nOutBytes, const char *szIntPrivateKey, const char *szIntPublicKey, long nOptions);

/* PKCS12 FILE FUNCTIONS */
long __stdcall PFX_MakeFile(const char *szFileOut, const char *szCertFile, const char *szEpkFile, const char *szPassword, const char *szFriendlyName, long nOptions);
long __stdcall PFX_VerifySig(const char *szFileName, const char *szPassword, long nOptions);

/* X509 CERTIFICATE FUNCTIONS */
long __stdcall X509_MakeCert(const char *szNewCertFile, const char *szIssuerCertFile, const char *szSubjectPubKeyFile, const char *szIssuerEpkFile, long nCertNum, long nYearsValid, const char *szDistName, const char *szExtensions, long nKeyUsageFlags, const char *szPassword, long nOptions);
long __stdcall X509_MakeCertSelf(const char *szNewCertFile, const char *szEpkFile, long nCertNum, long nYearsValid, const char *szDistName, const char *szExtensions, long nKeyUsageFlags, const char *szPassword, long nOptions);
long __stdcall X509_CertRequest(const char *szNewReqFile, const char *szEpkFile, const char *szDistName, const char *szExtensions, const char *szPassword, long nOptions);
long __stdcall X509_VerifyCert(const char *szCertToVerify, const char *szIssuerCert, long nOptions);
long __stdcall X509_CertThumb(const char *szCertFile, char *szOutput, long nOutChars, long nOptions);
long __stdcall X509_CertIsValidNow(const char *szCertFile, long nOptions);
long __stdcall X509_CertIssuedOn(const char *szCertFile, char *szOutput, long nOutChars, long nOptions);
long __stdcall X509_CertExpiresOn(const char *szCertFile, char *szOutput, long nOutChars, long nOptions);
long __stdcall X509_CertSerialNumber(const char *szCertFile, char *szOutput, long nOutChars, long nOptions);
long __stdcall X509_HashIssuerAndSN(const char *szCertFile, char *szOutput, long nOutChars, long nOptions);
long __stdcall X509_CertIssuerName(const char *szCertFile, char *szOutput, long nOutChars, const char *szDelim, long nOptions);
long __stdcall X509_CertSubjectName(const char *szCertFile, char *szOutput, long nOutChars, const char *szDelim, long nOptions);
long __stdcall X509_GetCertFromP7Chain(const char *szNewCertFile, const char *szP7cFile, long nIndex, long nOptions);
long __stdcall X509_GetCertFromPFX(const char *szNewCertFile, const char *szPfxFile, const char *szPassword, long nOptions);
long __stdcall X509_KeyUsageFlags(const char *szCertFile);
long __stdcall X509_QueryCert(char *szOutput, long nOutChars, const char *szCertFile, const char *szQuery, long nOptions);
long __stdcall X509_ReadStringFromFile(char *szOutput, long nOutChars, const char *szCertFile, long nOptions);
long __stdcall X509_SaveFileFromString(const char *szNewCertFile, const char *szCertString, long nOptions);
long __stdcall X509_TextDump(const char *szFileOut, const char *szCertFile, long nOptions);
long __stdcall X509_ValidatePath(const char *szCertListOrP7File, const char *szTrustedCert, long nOptions);
long __stdcall X509_TextDumpToString(char *szOutput, long nOutChars, const char *szCertFile, long nOptions);
long __stdcall X509_ReadCertStringFromP7Chain(char *szOutput, long nOutChars, const char *szP7cFile, long nIndex, long nOptions);
long __stdcall X509_ReadCertStringFromPFX(char *szOutput, long nOutChars, const char *szPfxFile, const char *szPassword, long nOptions);
long __stdcall X509_GetCertCountInP7Chain(const char *szP7cFile, long nOptions);

/* X509 CRL FUNCTIONS */
long __stdcall X509_MakeCRL(const char *szCrlFile, const char *szIssuerCert, const char *szIssuerKeyFile, const char *szPassword, const char *szRevokedCertList, const char *szExtensions, long nOptions);
long __stdcall X509_CheckCertInCRL(const char *szCertFile, const char *szCrlFile, const char *szCRLIssuerCert, const char *szDate, long nOptions);

/* ONLINE CERTIFICATE STATUS PROTOCOL (OCSP) FUNCTIONS */
long __stdcall OCSP_MakeRequest(char *szOutput, long nOutChars, const char *szIssuerCert, const char *szCertFileOrSerialNum, const char *szExtensions, long nOptions);
long __stdcall OCSP_ReadResponse(char *szOutput, long nOutChars, const char *szResponseFile, const char *szIssuerCert, const char *szExtensions, long nOptions);

/* TRIPLE DES FUNCTIONS */
long __stdcall TDEA_HexMode(char *szOutput, const char *szInput, const char *szKey, long fEncrypt, const char *szMode, const char *szIV);
long __stdcall TDEA_B64Mode(char *szOutput, const char *szInput, const char *szKey, long fEncrypt, const char *szMode, const char *szIV);
/* [The following two functions are @deprecated - use equivalent CIPHER_ functions] */
long __stdcall TDEA_BytesMode(unsigned char *lpOutput, const unsigned char *lpData, long nDataLen, const unsigned char *lpKey, long fEncrypt, const char *szMode, const unsigned char *lpIV);
long __stdcall TDEA_File(const char *szFileOut, const char *szFileIn, const unsigned char *lpKey, long fEncrypt, const char *szMode, const unsigned char *lpIV);

/* GENERIC BLOCK CIPHER FUNCTIONS */
/* @deprecated - prefer CIPHER_En/DecryptBytes */
long __stdcall CIPHER_Bytes(long fEncrypt, unsigned char *lpOutput, const unsigned char *lpData, long nDataLen, const unsigned char *lpKey, const unsigned char *lpIV, const char *szAlgAndMode, long nOptions);
/* @deprecated - prefer CIPHER_FileEn/Decrypt */
long __stdcall CIPHER_File(long fEncrypt, const char *szFileOut, const char *szFileIn, const unsigned char *lpKey, const unsigned char *lpIV, const char *szAlgAndMode, long nOptions);
/* @deprecated - prefer CIPHER_En/DecryptHex */
long __stdcall CIPHER_Hex(long fEncrypt, char *szOutput, long nOutChars, const char *szData, const char *szKey, const char *szIV, const char *szAlgAndMode, long nOptions);
/* Changed in [v20.2]: Renamed ~Bytes2 to ~Bytes */
long __stdcall CIPHER_EncryptBytes(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions);
long __stdcall CIPHER_DecryptBytes(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions);
/* @deprecated - keep old ~Bytes2 for backwards compatibility */
long __stdcall CIPHER_EncryptBytes2(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions);
long __stdcall CIPHER_DecryptBytes2(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions);

long __stdcall CIPHER_FileEncrypt(const char *szFileOut, const char *szFileIn, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions);
long __stdcall CIPHER_FileDecrypt(const char *szFileOut, const char *szFileIn, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions);
long __stdcall CIPHER_EncryptAEAD(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const unsigned char *lpAAD, long nAadLen, long nOptions);
long __stdcall CIPHER_DecryptAEAD(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const unsigned char *lpAAD, long nAadLen, long nOptions);
long __stdcall CIPHER_KeyWrap(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpData, long nDataLen, const unsigned char *lpKek, long nKekLen, long nOptions);
long __stdcall CIPHER_KeyUnwrap(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpData, long nDataLen, const unsigned char *lpKek, long nKekLen, long nOptions);
/* New in [v20.0] */
long __stdcall CIPHER_EncryptHex(char *szOutput, long nOutChars, const char *szInputHex, const char *szKeyHex, const char *szIvHex, const char *szAlgModePad, long nOptions);
long __stdcall CIPHER_DecryptHex(char *szOutput, long nOutChars, const char *szInputHex, const char *szKeyHex, const char *szIvHex, const char *szAlgModePad, long nOptions);

/* MESSAGE DIGEST HASH FUNCTIONS */
long __stdcall HASH_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpMessage, long nMsgLen, long nOptions);
long __stdcall HASH_File(unsigned char *lpOutput, long nOutBytes, const char *szFileName, long nOptions);
long __stdcall HASH_HexFromBytes(char *szOutput, long nOutChars, const void *lpMessage, long nMsgLen, long nOptions);
long __stdcall HASH_HexFromFile(char *szOutput, long nOutChars, const char *szFileName, long nOptions);
long __stdcall HASH_HexFromHex(char *szOutput, long nOutChars, const char *szMsgHex, long nOptions);
/* New in [v20.5] */
long __stdcall HASH_Length(long nAlgId);

/* HMAC FUNCTIONS */
long __stdcall HMAC_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpMessage, long nMsgLen, const void *lpKey, long nKeyLen, long nOptions);
long __stdcall HMAC_HexFromBytes(char *szOutput, long nOutChars, const void *lpMessage, long nMsgLen, const void *lpKey, long nKeyLen, long nOptions);
long __stdcall HMAC_HexFromHex(char *szOutput, long nOutChars, const char *szMsgHex, const char *szKeyHex, long nOptions);

/* BASE64 AND HEX CONVERSION FUNCTIONS */
long __stdcall CNV_B64StrFromBytes(char *szOutput, long nOutChars, const unsigned char *lpInput, long nInputLen);
long __stdcall CNV_BytesFromB64Str(unsigned char *lpOutput, long nOutBytes, const char *szInput);
long __stdcall CNV_B64Filter(char *szOutput, const char *szInput, long nStrLen);
long __stdcall CNV_HexStrFromBytes(char *szOutput, long nOutChars, const unsigned char *lpInput, long nInputLen);
long __stdcall CNV_BytesFromHexStr(unsigned char *lpOutput, long nOutBytes, const char *szInput);
long __stdcall CNV_HexFilter(char *szOutput, const char *szInput, long nStrLen);
/* BASE58 FUNCTIONS */
long __stdcall CNV_Base58FromBytes(char *szOutput, long nOutChars, const unsigned char *lpInput, long nInputLen);
long __stdcall CNV_Base58ToBytes(unsigned char *lpOutput, long nOutBytes, const char *szInput);

/* UTF-8 CONVERSION/CHECK FUNCTIONS */
long __stdcall CNV_UTF8BytesFromLatin1(unsigned char *lpOutput, long nOutBytes, const char *szInput);
long __stdcall CNV_Latin1FromUTF8Bytes(char *szOutput, long nOutChars, const unsigned char *lpInput, long nBytes);
long __stdcall CNV_CheckUTF8Bytes(const unsigned char *lpInput, long nBytes);
long __stdcall CNV_CheckUTF8File(const char *szFileName);
long __stdcall CNV_ByteEncoding(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nBytes, long nOptions);
/* New in [v20.3] */
long __stdcall CNV_Utf8FromWide(char *szOut, long nOutChars, const wchar_t* wstr);
/* New in [v21.0] */
long __stdcall CNV_ShortPathName(char *szOut, long nOutChars, const wchar_t* szwLongPath);

/* The following three functions are @deprecated... */
long __stdcall CNV_UTF8FromLatin1(char *szOutput, long nOutChars, const char *szInput); /* DEPRECATED */
long __stdcall CNV_Latin1FromUTF8(char *szOutput, long nOutChars, const char *szInput); /* DEPRECATED */
long __stdcall CNV_CheckUTF8(const char *szInput); /* DEPRECATED */

/* MISC BYTE UTILITIES */
long __stdcall CNV_ReverseBytes(unsigned char *lpOutput, const unsigned char *lpInput, long nBytes);
long __stdcall CNV_NumToBytes(unsigned char *lpOutput, long nOutBytes, long nNumber, long nOptions);
long __stdcall CNV_NumFromBytes(const unsigned char *lpInput, long nBytes, long nOptions);

/* PEM/BINARY FILE CONVERSIONS */
long __stdcall PEM_FileFromBinFile(const char *szFileOut, const char *szFileIn, const char *szHeader, long nLineLen);
long __stdcall PEM_FileFromBinFileEx(const char *szFileOut, const char *szFileIn, const char *szHeader, long nLineLen, long nOptions);
long __stdcall PEM_FileToBinFile(const char *szFileOut, const char *szFileIn);

/* RNG FUNCTIONS */
long __stdcall RNG_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpSeed, long nSeedLen);
long __stdcall RNG_Number(long nLower, long nUpper);
long __stdcall RNG_BytesWithPrompt(unsigned char *lpOutput, long nOutBytes, const char *szPrompt, long nOptions);
long __stdcall RNG_Initialize(const char *szSeedFile, long nOptions);
long __stdcall RNG_MakeSeedFile(const char *szSeedFile, const char *szPrompt, long nOptions);
long __stdcall RNG_UpdateSeedFile(const char *szSeedFile, long nOptions);
long __stdcall RNG_Test(const char *szFileOut, long nOptions);
long __stdcall RNG_Guid(char *szOutput, long nOutChars, long nOptions);

/* PADDING FUNCTIONS */
long __stdcall PAD_BytesBlock(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nBlkLen, long nOptions);
long __stdcall PAD_UnpadBytes(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nBlkLen, long nOptions);
long __stdcall PAD_HexBlock(char *szOutput, long nOutChars, const char *szInput, long nBlkLen, long nOptions);
long __stdcall PAD_UnpadHex(char *szOutput, long nOutChars, const char *szInput, long nBlkLen, long nOptions);

/* MISC UTILITIES */
long __stdcall WIPE_File(const char *szFileName, long nOptions);
long __stdcall WIPE_Data(void *lpData, long nDataLen);
long __stdcall PWD_Prompt(char *szPassword, long nPwdLen, const char *szCaption);
long __stdcall PWD_PromptEx(char *szPassword, long nPwdLen, const char *szCaption, const char *szPrompt, long nOptions);

/* PASSWORD-BASED ENCRYPTION PROTOTYPES */
long __stdcall PBE_Kdf2(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpPwd, long nPwdLen, const unsigned char *lpSalt, long nSaltLen, long nCount, long nOptions);
long __stdcall PBE_Kdf2Hex(char *szOutput, long nOutChars, long dkBytes, const char *szPwd, const char *szSaltHex, long nCount, long nOptions);

/* ASN.1 UTILITIES */
long __stdcall ASN1_TextDump(const char *szFileOut, const char *szFileOrPEMString, long nOptions);
long __stdcall ASN1_Type(char *szOutput, long nOutChars, const char *szFileOrPEMString, long nOptions);
long __stdcall ASN1_TextDumpToString(char *szOutput, long nOutChars, const char *szFileOrPEMString, const char *szDirName, long nOptions);

/* SIGNATURE FUNCTIONS */
long __stdcall SIG_SignData(char *szOutput, long nOutChars, const unsigned char *lpData, long nDataLen, const char *szKeyFile, const char *szPassword, const char *szAlgName, long nOptions);
long __stdcall SIG_SignFile(char *szOutput, long nOutChars, const char *szDataFile, const char *szKeyFile, const char *szPassword, const char *szAlgName, long nOptions);
long __stdcall SIG_VerifyData(const char *szSignature, const unsigned char *lpData, long nDataLen, const char *szCertOrKeyFile, const char *szAlgName, long nOptions);
long __stdcall SIG_VerifyFile(const char *szSignature, const char *szDataFile, const char *szCertOrKeyFile, const char *szAlgName, long nOptions);

/* SMIME FUNCTIONS */
long __stdcall SMIME_Wrap(const char *szFileOut, const char *szFileIn, const char *szFeatures, long nOptions);
long __stdcall SMIME_Extract(const char *szFileOut, const char *szFileIn, long nOptions);
long __stdcall SMIME_Query(char *szOutput, long nOutChars, const char *szFileIn, const char *szQuery, long nOptions);

/* COMPRESSION FUNCTIONS */
long __stdcall COMPR_Compress(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nOptions);
long __stdcall COMPR_Uncompress(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nOptions);

/* KEY DERIVATION FUNCTIONS */
/* New in [v20.5] */
long __stdcall KDF_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpIKM, long nIkmLen, const void *lpInfo, long nInfoLen, const char *szParams, long nOptions);
long __stdcall KDF_ForCms(unsigned char *lpOutput, long nOutBytes, const void *lpZZ, long nZzLen, const void *lpUkm, long nUkmLen, const char *szParams, long nOptions);

/* XOF/PRF FUNCTIONS */
/* New in [v21.0] */
long __stdcall XOF_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpMessage, long nMsgLen, long nOptions);
long __stdcall PRF_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpMessage, long nMsgLen, const void *lpKey, long nKeyLen, const char *szCustom, long nOptions);

#ifdef __cplusplus
}
#endif

#endif /* end DICRPKI_H_ */