/* $Id: diCrPKI.h $ */ /* For `CryptoSys PKI Pro`. Requires `diCrPKI.lib` and `diCrPKI.dll` for Win32/64 or `diCrPKI.a` or `libcryptosyspki.so` for Linux. */ /* Copyright (C) 2002-25 DI Management Services Pty Limited <http://di-mgt.com.au> <http://cryptosys.net> All rights reserved. Last updated: $Date: 2023-01-01 03:07:00 $ $Revision: 21.0.0 $ */ #ifndef DICRPKI_H_ #define DICRPKI_H_ 1 #include <wchar.h> /* GENERAL CONSTANTS */ #define PKI_DIR_ENCRYPT 1 #define PKI_DIR_DECRYPT 0 /* Synonyms for direction */ #define ENCRYPT 1 #define DECRYPT 0 /* Maximum number of bytes in hash digest byte array */ #define PKI_MAX_HASH_BYTES 64 #define PKI_SHA1_BYTES 20 #define PKI_SHA224_BYTES 28 #define PKI_SHA256_BYTES 32 #define PKI_SHA384_BYTES 48 #define PKI_SHA512_BYTES 64 #define PKI_MD5_BYTES 16 #define PKI_MD2_BYTES 16 #define PKI_RMD160_BYTES 20 #define PKI_BTC160_BYTES 20 /* Maximum number of hex characters in hash digest (excl null) */ #define PKI_MAX_HASH_CHARS (2*PKI_MAX_HASH_BYTES) #define PKI_SHA1_CHARS (2*PKI_SHA1_BYTES) #define PKI_SHA224_CHARS (2*PKI_SHA224_BYTES) #define PKI_SHA256_CHARS (2*PKI_SHA256_BYTES) #define PKI_SHA384_CHARS (2*PKI_SHA384_BYTES) #define PKI_SHA512_CHARS (2*PKI_SHA512_BYTES) #define PKI_MD5_CHARS (2*PKI_MD5_BYTES) #define PKI_MD2_CHARS (2*PKI_MD2_BYTES) #define PKI_RMD160_CHARS (2*PKI_RMD160_BYTES) #define PKI_BTC160_CHARS (2*PKI_BTC160_BYTES) /* Synonym retained for backwards compatibility */ #define PKI_MAX_HASH_LEN PKI_MAX_HASH_CHARS /* Encryption block sizes in bytes */ #define PKI_BLK_TDEA_BYTES 8 #define PKI_BLK_AES_BYTES 16 /* Key size in bytes */ #define PKI_KEYSIZE_TDEA_BYTES 24 #define PKI_KEYSIZE_MAX_BYTES 32 /* Required size for RNG seed file */ #define PKI_RNG_SEED_BYTES 64 /* Length of GUID string - added [v12.3] */ #define PKI_RNG_GUID_CHARS 36 /* Maximum number of characters in a last error message */ #define PKI_MAX_LASTERROR_CHARS 647 #define PKI_MAX_ERROR_CHARS (PKI_MAX_LASTERROR_CHARS) /* synonym */ /* Maximum number of characters in an error lookup message */ #define PKI_MAX_ERRORLOOKUP_CHARS 127 /* OPTIONS */ #define PKI_DEFAULT 0 /* Signature algorithms */ #define PKI_SIG_SHA1RSA 0x0 #define PKI_SIG_MD5RSA 0x1 #define PKI_SIG_MD2RSA 0x2 #define PKI_SIG_SHA256RSA 0x3 #define PKI_SIG_SHA384RSA 0x4 #define PKI_SIG_SHA512RSA 0x5 #define PKI_SIG_SHA224RSA 0x6 /* Synonyms added [v12.0] */ #define PKI_SIG_RSA_SHA1 0x0 #define PKI_SIG_RSA_SHA224 0x6 #define PKI_SIG_RSA_SHA256 0x3 #define PKI_SIG_RSA_SHA384 0x4 #define PKI_SIG_RSA_SHA512 0x5 #define PKI_SIG_RSA_MD5 0x1 /* [not recommended for new implementations] */ /* New in [v11.0] */ #define PKI_SIG_ECDSA_SHA1 0x10 #define PKI_SIG_ECDSA_SHA224 0x20 #define PKI_SIG_ECDSA_SHA256 0x30 #define PKI_SIG_ECDSA_SHA384 0x40 #define PKI_SIG_ECDSA_SHA512 0x50 /* New in [v12.0] */ #define PKI_SIG_RSA_PSS_SHA1 0xB0 #define PKI_SIG_RSA_PSS_SHA224 0xB6 #define PKI_SIG_RSA_PSS_SHA256 0xB3 #define PKI_SIG_RSA_PSS_SHA384 0xB4 #define PKI_SIG_RSA_PSS_SHA512 0xB5 /* Safe curves for EdDSA - new in [v20.0] */ #define PKI_SIG_ED25519 0xC0 //-- 0xC1 Reserved for PKI_SIG_ED448 /* Safe curves for ECDH - new in [v20.0] */ #define PKI_ECDH_X25519 0xD0 //-- 0xD1 Reserved for PKI_ECDH_X448 /* Salt lengths for RSA-PSS - new in [v12.0] */ #define PKI_PSS_SALTLEN_HLEN 0x000000 /* Default */ #define PKI_PSS_SALTLEN_MAX 0x200000 #define PKI_PSS_SALTLEN_20 0x300000 #define PKI_PSS_SALTLEN_ZERO 0x400000 /* MGF parameters for RSA-OAEP/PSS - new in [v12.0] */ #define PKI_MGF_MGF1SHA1 0x800000L /* Force SHA-1 in MGF1 */ /* PKCS#5 Password-based encryption algorithms */ #define PKI_PBE_SHA_3DES 0x0 /* Default */ /* Added in [v11.0] as simpler alternative to PKI_PBE_PBES2 + PKI_BC */ #define PKI_PBE_PBKDF2_DESEDE3 0x1010L #define PKI_PBE_PBKDF2_AES128 0x1020L #define PKI_PBE_PBKDF2_AES192 0x1030L #define PKI_PBE_PBKDF2_AES256 0x1040L // --0x1820L Reserved for PKI_PBE_SCRYPT_AES128 // --0x1840L Reserved for PKI_PBE_SCRYPT_AES256 /* These next 3 changed in [v11.0] (by adding 0x8000000) */ #define PKI_PBE_MD5_DES 0x8000001L /* [not recommended for new implementations] */ #define PKI_PBE_MD2_DES 0x8000002L /* [not recommended for new implementations] */ #define PKI_PBE_SHA_DES 0x8000003L /* [not recommended for new implementations] */ /* Synonym retained for backwards compatibility */ #define PKI_PBES2_3DES PKI_PBE_PBKDF2_DESEDE3 /* Older alternative to specify PBES2 PBKDF2 */ #define PKI_PBE_PBES2 0x1000L /* Add PKI_BC_* option to specify encryption alg */ /* Message digest hash algorithms */ #define PKI_HASH_SHA1 0x0 #define PKI_HASH_MD5 0x1 #define PKI_HASH_MD2 0x2 #define PKI_HASH_SHA256 0x3 #define PKI_HASH_SHA384 0x4 #define PKI_HASH_SHA512 0x5 #define PKI_HASH_SHA224 0x6 #define PKI_HASH_RMD160 0x7 #define PKI_HASH_BTC160 0x8 #define PKI_HASH_SHA3_224 0xA #define PKI_HASH_SHA3_256 0xB #define PKI_HASH_SHA3_384 0xC #define PKI_HASH_SHA3_512 0xD #define PKI_HASH_MODE_TEXT 0x10000L #define PKI_HASH_DOUBLE 0x20000L /* HMAC algorithms */ #define PKI_HMAC_SHA1 0x0 #define PKI_HMAC_SHA224 0x6 #define PKI_HMAC_SHA256 0x3 #define PKI_HMAC_SHA384 0x4 #define PKI_HMAC_SHA512 0x5 #define PKI_HMAC_SHA3_224 0xA #define PKI_HMAC_SHA3_256 0xB #define PKI_HMAC_SHA3_384 0xC #define PKI_HMAC_SHA3_512 0xD /* Options for MAC/XOF/PRF functions */ #define PKI_KMAC_128 0x201 #define PKI_KMAC_256 0x202 #define PKI_XOF_SHAKE128 0x203 #define PKI_XOF_SHAKE256 0x204 #define PKI_XOF_MGF1_SHA1 0x210 #define PKI_XOF_MGF1_SHA256 0x213 #define PKI_XOF_MGF1_SHA512 0x215 /* nFermatExp values for RSA exponent */ #define PKI_RSAEXP_EQ_3 0 #define PKI_RSAEXP_EQ_5 1 #define PKI_RSAEXP_EQ_17 2 #define PKI_RSAEXP_EQ_257 3 #define PKI_RSAEXP_EQ_65537 4 /* Return values for RSA_CheckKey */ #define PKI_VALID_PUBLICKEY 1 #define PKI_VALID_PRIVATEKEY 0 /* Options for ECC Keys - New in [v20.0] */ #define PKI_ECC_PRIVATE_KEY 0x0 #define PKI_ECC_PUBLIC_KEY 0x1 /* BIT FLAGS */ /* Key generation and storage */ #define PKI_KEYGEN_INDICATE 0x1000000L #define PKI_KEY_SECURE_OFF 0x2000000L /* New in [v20.4] */ #define PKI_KEY_FORMAT_PEM 0x10000L #define PKI_KEY_FORMAT_SSL 0x20000L #define PKI_KEY_TYPE_PKCS8 0x40000L #define PKI_PFX_STRONG_CERT 0x1000000L /* New in [v12.3] */ #define PKI_PFX_PLAIN_CERT 0x2000000L #define PKI_PFX_CLONE_KEY 0x4000000L #define PKI_PFX_ALT_FORMAT 0x100000L #define PKI_PFX_P7CHAIN 0x0400L #define PKI_PFX_AES256_SHA256 0x1043L /* New in [v20.5] */ #define PKI_CMS_FORMAT_BASE64 0x10000L #define PKI_CMS_EXCLUDE_CERTS 0x0100L #define PKI_CMS_EXCLUDE_DATA 0x0200L #define PKI_CMS_CERTS_ONLY 0x0400L #define PKI_CMS_INCLUDE_ATTRS 0x0800L #define PKI_CMS_ADD_SIGNTIME 0x1000L #define PKI_CMS_ADD_SMIMECAP 0x2000L #define PKI_CMS_ADD_SIGNINGCERT 0x4000L /* New in [v12.4] */ #define PKI_CMS_ADD_ALGPROTECT 0x8000L /* New in [v12.4] */ #define PKI_CMS_NO_INFLATE 0x1000000L #define PKI_CMS_NO_OUTER 0x2000000L #define PKI_CMS_ALT_ALGID 0x4000000L #define PKI_CMS_BIGFILE 0x8000000L #define PKI_CMS_PSEUDOSIG 0x100000L /* New in [v20.2] */ #ifndef PKI_XML_DEFINED_ #define PKI_XML_RSAKEYVALUE 0x0001L #define PKI_XML_EXCLPRIVATE 0x0010L #define PKI_XML_REQPRIVATE 0x0020L #define PKI_XML_HEXBINARY 0x0100L #define PKI_XML_DEFINED_ #endif /* PKI_XML_DEFINED_ */ #ifndef PKI_ENCOD_DEFINED_ #define PKI_EME_DEFAULT 0x00L #define PKI_EME_PKCSV1_5 0x00L #define PKI_EME_OAEP 0x10L #define PKI_EMSIG_DEFAULT 0x20L #define PKI_EMSIG_PKCSV1_5 0x20L #define PKI_EMSIG_DIGESTONLY 0x1000L #define PKI_EMSIG_DIGINFO 0x2000L #define PKI_EMSIG_ISO9796 0x100000L #define PKI_ENCOD_DEFINED_ #endif /* PKI_ENCOD_DEFINED_ */ #ifndef PKI_X509_DEFINED_ /* X.509 Option flags */ #define PKI_X509_FORMAT_PEM 0x10000L #define PKI_X509_FORMAT_BIN 0x20000L #define PKI_X509_REQ_KLUDGE 0x100000L #define PKI_X509_NO_TIMECHECK 0x200000L #define PKI_X509_LATIN1 0x400000L #define PKI_X509_UTF8 0x800000L #define PKI_X509_AUTHKEYID 0x1000000L #define PKI_X509_NO_BASIC 0x2000000L #define PKI_X509_CA_TRUE 0x4000000L #define PKI_X509_VERSION1 0x8000000L #define PKI_X509_LDAP 0x1000L #define PKI_X509_DECIMAL 0x8000L /* Flags for X.509 Key Usage */ #define PKI_X509_KEYUSAGE_DIGITALSIGNATURE 0x0001L #define PKI_X509_KEYUSAGE_NONREPUDIATION 0x0002L #define PKI_X509_KEYUSAGE_KEYENCIPHERMENT 0x0004L #define PKI_X509_KEYUSAGE_DATAENCIPHERMENT 0x0008L #define PKI_X509_KEYUSAGE_KEYAGREEMENT 0x0010L #define PKI_X509_KEYUSAGE_KEYCERTSIGN 0x0020L #define PKI_X509_KEYUSAGE_CRLSIGN 0x0040L #define PKI_X509_KEYUSAGE_ENCIPHERONLY 0x0080L #define PKI_X509_KEYUSAGE_DECIPHERONLY 0x0100L /* Specific return values */ /* [v12.0] Changed from +1/-1 to proper error codes */ #define PKI_X509_EXPIRED 16 /* (EXPIRED_ERROR) CHANGED FROM -1 [v12.0] */ #define PKI_X509_VERIFY_FAILURE 22 /* (SIGNATURE_ERROR) CHANGED FROM -1 [v12.0] */ #define PKI_X509_REVOKED 42 /* (REVOCATION_ERROR) CHANGED FROM +1 [v12.0] */ #define PKI_X509_INVALID 43 /* (CERT_PATH_ERROR) CHANGED FROM +1 [v12.0] */ #define PKI_X509_VALID_NOW 0 #define PKI_X509_VERIFY_SUCCESS 0 #define PKI_X509_DEFINED_ #endif /* PKI_X509_DEFINED_ */ /* Return values for CNV_CheckUTF */ #define PKI_CHRS_NOT_UTF8 0L #define PKI_CHRS_ALL_ASCII 1L #define PKI_CHRS_ANSI8 2L #define PKI_CHRS_MULTIBYTE 3L /* Options for CNV_ByteEncoding */ #define PKI_CNV_UTF8_FROM_LATIN1 0x1L #define PKI_CNV_LATIN1_FROM_UTF8 0x2L /* Options for CNV_Num[To/From]Bytes - new in [v11.0] */ #define PKI_CNV_BIG_ENDIAN 0x0L #define PKI_CNV_LITTLE_ENDIAN 0x1L /* Flags and return values for X.509 and CMS query functions */ #define PKI_QUERY_GETTYPE 0x100000L #define PKI_QUERY_NUMBER 1L #define PKI_QUERY_STRING 2L /* Options for RNG functions */ #define PKI_RNG_STRENGTH_112 0x00L #define PKI_RNG_STRENGTH_128 0x01L /* Block cipher (BC) algorithm options */ #define PKI_BC_TDEA 0x10L // ) #define PKI_BC_3DES 0x10L // ) equiv. synonyms for Triple DES #define PKI_BC_DESEDE3 0x10L // ) #define PKI_BC_AES128 0x20L #define PKI_BC_AES192 0x30L #define PKI_BC_AES256 0x40L /* Block cipher mode options */ #define PKI_MODE_ECB 0x000L #define PKI_MODE_CBC 0x100L #define PKI_MODE_OFB 0x200L #define PKI_MODE_CFB 0x300L #define PKI_MODE_CTR 0x400L /* Added [v12.1] AEAD only */ #define PKI_MODE_GCM 0x500L /* Block cipher padding options */ #define PKI_PAD_DEFAULT 0x0 #define PKI_PAD_NOPAD 0x10000 #define PKI_PAD_PKCS5 0x20000 #define PKI_PAD_1ZERO 0x30000 /* Added [v11.1] */ #define PKI_PAD_AX923 0x40000 #define PKI_PAD_W3C 0x50000 /* AEAD algorithms - added [v12.1] */ #define PKI_AEAD_AES_128_GCM 0x520L #define PKI_AEAD_AES_192_GCM 0x530L #define PKI_AEAD_AES_256_GCM 0x540L /* Block cipher option flags */ #define PKI_IV_PREFIX 0x1000 /* Key wrap algorithms - added [v20.5] */ #define PKI_KWRAP_3DES 0x100000L #define PKI_KWRAP_AES128 0x200000L #define PKI_KWRAP_AES192 0x300000L #define PKI_KWRAP_AES256 0x400000L /* Key transport algorithms */ #define PKI_KT_RSAES_PKCS 0x0000L #define PKI_KT_RSAES_OAEP 0x8000L // --0xC000L Reserved for PKI_KT_RSA_KEM /* Key derivation functions */ /* Changed [v20.5] */ // #define PKI_KDF_KDF2 0x000L //--historical, never used #define PKI_KDF_X963 0x0000L /* [v20.5] new default */ #define PKI_KDF_HKDF 0x1000L /* ASN.1 utilities - added [v10.0] */ #define PKI_ASN1_NOCOMMENTS 0x100000L #define PKI_ASN1_ADDLEVELS 0x800000L #define PKI_ASN1_TYPE_MAXCHARS 64 /* SIG functions */ #define PKI_SIG_USEDIGEST 0x1000L /* Added [v10.0] */ #define PKI_SIG_DETERMINISTIC 0x2000L /* Added [v11.0] */ #define PKI_SIG_ASN1DER 0x4000L /* Added [v11.0], changed from 0x200000 [v12.0] */ /* SMIME functions - added [v10.0] */ #define PKI_SMIME_ENCODE_BASE64 0x10000L #define PKI_SMIME_ENCODE_BINARY 0x20000L #define PKI_SMIME_ADDX 0x100000L /* Encoding options - added [v11.0] */ #define PKI_ENCODE_HEX 0x30000L #define PKI_ENCODE_BASE64URL 0x40000L /* Wipefile options - added [v12.0] */ #define PKI_WIPEFILE_DOD7 0x0 /* Default */ #define PKI_WIPEFILE_SIMPLE 0x1 /* General */ #define PKI_GEN_PLATFORM 0x40 #define PKI_GEN_LEGACY 0x8000000L /* Added [v11.0] */ /* __stdcall convention required for Win32/64 DLL only */ #if defined(__linux__) || defined (linux) || defined(__linux) #define __stdcall #endif #ifdef __cplusplus extern "C" { #endif /* GENERAL FUNCTIONS */ long __stdcall PKI_Version(void *nReserved1, void *nReserved2); long __stdcall PKI_LicenceType(long nOptions); long __stdcall PKI_CompileTime(char *szOutput, long nOutChars); long __stdcall PKI_ModuleName(char *szOutput, long nOutChars, long nOptions); long __stdcall PKI_PowerUpTests(long nOptions); long __stdcall PKI_Platform(char *szOutput, long nOutChars); long __stdcall PKI_ModuleInfo(char *szOutput, long nOutChars, long nOptions); /* New in [v21.0] */ long __stdcall PKI_FormatErrorMessage(char *szOutput, long nOutChars, long nErrCode, const char *szUserMsg); /* ERROR-RELATED FUNCTIONS */ long __stdcall PKI_LastError(char *szOutput, long nOutChars); long __stdcall PKI_ErrorCode(void); long __stdcall PKI_ErrorLookup(char *szOutput, long nOutChars, long nErrCode); /* CRYPTOGRAPHIC MESSAGE SYNTAX (CMS) FUNCTIONS */ long __stdcall CMS_MakeEnvData(const char *szFileOut, const char *szFileIn, const char *szCertList, const char *szSeed, long nSeedLen, long nOptions); long __stdcall CMS_MakeEnvDataFromString(const char *szFileOut, const char *szDataIn, const char *szCertList, const char *szSeed, long nSeedLen, long nOptions); long __stdcall CMS_ReadEnvData(const char *szFileOut, const char *szFileIn, const char *szCertFile, const char *szPrivateKey, long nOptions); long __stdcall CMS_ReadEnvDataToString(char *szOutput, long nOutChars, const char *szFileIn, const char *szCertFile, const char *szPrivateKey, long nOptions); long __stdcall CMS_MakeSigData(const char *szFileOut, const char *szFileIn, const char *szCertList, const char *szPrivateKey, long nOptions); long __stdcall CMS_MakeSigDataFromString(const char *szFileOut, const char *szDataIn, const char *szCertList, const char *szPrivateKey, long nOptions); long __stdcall CMS_MakeSigDataFromSigValue(const char *szFileOut, const unsigned char *lpSigValue, long nSigLen, const unsigned char *lpData, long nDataLen, const char *szCertListOrFile, long nOptions); long __stdcall CMS_MakeDetachedSig(const char *szFileOut, const char *szHexDigest, const char *szCertList, const char *szPrivateKey, long nOptions); long __stdcall CMS_ReadSigData(const char *szFileOut, const char *szFileIn, long nOptions); long __stdcall CMS_ReadSigDataToString(char *szOutput, long nOutChars, const char *szFileIn, long nOptions); long __stdcall CMS_GetSigDataDigest(char *szOutput, long nOutChars, const char *szFileIn, const char *szCertFile, long nOptions); long __stdcall CMS_VerifySigData(const char *szFileIn, const char *szCertFile, const char *szHexDigest, long nOptions); long __stdcall CMS_QuerySigData(char *szOutput, long nOutChars, const char *szFileIn, const char *szQuery, long nOptions); long __stdcall CMS_QueryEnvData(char *szOutput, long nOutChars, const char *szFileIn, const char *szQuery, long nOptions); long __stdcall CMS_MakeComprData(const char *szFileOut, const char *szFileIn, long nOptions); long __stdcall CMS_ReadComprData(const char *szFileOut, const char *szFileIn, long nOptions); long __stdcall CMS_ReadEnvDataToBytes(unsigned char *lpOutput, long nOutBytes, const char *szFileIn, const char *szCertFile, const char *szPrivateKey, long nOptions); long __stdcall CMS_ReadSigDataToBytes(unsigned char *lpOutput, long nOutBytes, const char *szFileIn, long nOptions); long __stdcall CMS_MakeEnvDataFromBytes(const char *szFileOut, const unsigned char *lpInput, long nInputLen, const char *szCertList, const char *szSeed, long nSeedLen, long nOptions); long __stdcall CMS_MakeSigDataFromBytes(const char *szFileOut, const unsigned char *lpInput, long nInputLen, const char *szCertList, const char *szPrivateKey, long nOptions); /* RSA KEY FUNCTIONS */ /* New in [v12.3] */ long __stdcall RSA_MakeKeysXtd(const char *szPubKeyFile, const char *szPriKeyFile, const char *szPassword, long nBits, long nExpFermat, const char *szParams, long nOptions); /* ...supersedes the function: */ long __stdcall RSA_MakeKeys(const char *szPubKeyFile, const char *szEpkFile, long nBits, long nExpFermat, long nTests, long nCount, const char *szPassword, const void *lpSeed, long nSeedLen, long nOptions); /* New in [v12.3] */ long __stdcall RSA_SaveEncKey(const char *szFileOut, const char *szIntKeyString, const char *szPassword, const char *szParams, long nOptions); /* ...supersedes the function: */ long __stdcall RSA_SaveEncPrivateKey(const char *szFileOut, const char *szKeyString, long nCount, const char *szPassword, long nOptions); long __stdcall RSA_SavePublicKey(const char *szFileOut, const char *szKeyString, long nOptions); long __stdcall RSA_SavePrivateKeyInfo(const char *szFileOut, const char *szKeyString, long nOptions); long __stdcall RSA_GetPrivateKeyFromPFX(const char *szFileOut, const char *szPfxFile, long nOptions); long __stdcall RSA_GetPublicKeyFromCert(char *szOutput, long nOutChars, const char *szCertFile, long nOptions); long __stdcall RSA_KeyBits(const char *szKeyString); long __stdcall RSA_KeyBytes(const char *szKeyString); long __stdcall RSA_ToXMLString(char *szOutput, long nOutChars, const char *szKeyString, long nOptions); long __stdcall RSA_ToXMLStringEx(char *szOutput, long nOutChars, const char *szKeyString, const char *szPrefix, long nOptions); long __stdcall RSA_FromXMLString(char *szOutput, long nOutChars, const char *szXmlString, long nOptions); long __stdcall RSA_CheckKey(const char *szKeyString, long nOptions); long __stdcall RSA_KeyHashCode(const char *szKeyString); long __stdcall RSA_KeyMatch(const char *szPrivateKey, const char *szPublicKey); long __stdcall RSA_ReadPrivateKeyFromPFX(char *szOutput, long nOutChars, const char *szPfxFile, const char *szPassword, long nOptions); long __stdcall RSA_PublicKeyFromPrivate(char *szOutput, long nOutChars, const char *szKeyString, long nOptions); long __stdcall RSA_ReadAnyPrivateKey(char *szOutput, long nOutChars, const char *szKeyFileOrString, const char *szPassword, long nOptions); long __stdcall RSA_ReadAnyPublicKey(char *szOutput, long nOutChars, const char *szKeyFileOrString, long nOptions); long __stdcall RSA_KeyValue(char *szOutput, long nOutChars, const char *szKeyString, const char *szFieldName, long nOptions); /* The following three functions are @deprecated - use RSA_ReadAnyPrivateKey or RSA_ReadAnyPublicKey. */ long __stdcall RSA_ReadEncPrivateKey(char *szOutput, long nOutChars, const char *szEpkFile, const char *szPassword, long nOptions); long __stdcall RSA_ReadPrivateKeyInfo(char *szOutput, long nOutChars, const char *szKeyFile, long nOptions); long __stdcall RSA_ReadPublicKey(char *szOutput, long nOutChars, const char *szPubKeyFile, long nOptions); /* 'RAW' RSA ENCRYPTION/DECRYPTION FUNCTIONS */ long __stdcall RSA_RawPublic(unsigned char *lpData, long nDataLen, const char *szPublicKey, long nOptions); long __stdcall RSA_RawPrivate(unsigned char *lpData, long nDataLen, const char *szPrivateKey, long nOptions); long __stdcall RSA_EncodeMsg(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nOptions); long __stdcall RSA_DecodeMsg(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nOptions); long __stdcall RSA_Encrypt(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const char *szPublicKeyFile, const char *szParameters, long nOptions); long __stdcall RSA_Decrypt(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const char *szPrivateKeyFile, const char *szPassword, const char *szParameters, long nOptions); /* ELLIPTIC CURVE CRYPTOGRAPHY FUNCTIONS */ long __stdcall ECC_MakeKeys(const char *szPubKeyFile, const char *szPriKeyFile, const char *szCurveName, const char *szPassword, const char *szParams, long nOptions); long __stdcall ECC_ReadKeyByCurve(char *szOutput, long nOutChars, const char *szHexKey, const char *szCurveName, long nOptions); long __stdcall ECC_ReadPrivateKey(char *szOutput, long nOutChars, const char *szKeyFileOrString, const char *szPassword, long nOptions); long __stdcall ECC_ReadPublicKey(char *szOutput, long nOutChars, const char *szKeyFileOrString, long nOptions); long __stdcall ECC_SaveEncKey(const char *szFileOut, const char *szIntKeyString, const char *szPassword, const char *szParams, long nOptions); long __stdcall ECC_SaveKey(const char *szFileOut, const char *szIntKeyString, long nOptions); long __stdcall ECC_PublicKeyFromPrivate(char *szOutput, long nOutChars, const char *szIntKeyString, long nOptions); long __stdcall ECC_QueryKey(char *szOutput, long nOutChars, const char *szIntKeyString, const char *szQuery, long nOptions); long __stdcall ECC_KeyHashCode(const char *szKeyString); /* New in [v20.0] */ long __stdcall ECC_DHSharedSecret(unsigned char *lpZZ, long nOutBytes, const char *szIntPrivateKey, const char *szIntPublicKey, long nOptions); /* PKCS12 FILE FUNCTIONS */ long __stdcall PFX_MakeFile(const char *szFileOut, const char *szCertFile, const char *szEpkFile, const char *szPassword, const char *szFriendlyName, long nOptions); long __stdcall PFX_VerifySig(const char *szFileName, const char *szPassword, long nOptions); /* X509 CERTIFICATE FUNCTIONS */ long __stdcall X509_MakeCert(const char *szNewCertFile, const char *szIssuerCertFile, const char *szSubjectPubKeyFile, const char *szIssuerEpkFile, long nCertNum, long nYearsValid, const char *szDistName, const char *szExtensions, long nKeyUsageFlags, const char *szPassword, long nOptions); long __stdcall X509_MakeCertSelf(const char *szNewCertFile, const char *szEpkFile, long nCertNum, long nYearsValid, const char *szDistName, const char *szExtensions, long nKeyUsageFlags, const char *szPassword, long nOptions); long __stdcall X509_CertRequest(const char *szNewReqFile, const char *szEpkFile, const char *szDistName, const char *szExtensions, const char *szPassword, long nOptions); long __stdcall X509_VerifyCert(const char *szCertToVerify, const char *szIssuerCert, long nOptions); long __stdcall X509_CertThumb(const char *szCertFile, char *szOutput, long nOutChars, long nOptions); long __stdcall X509_CertIsValidNow(const char *szCertFile, long nOptions); long __stdcall X509_CertIssuedOn(const char *szCertFile, char *szOutput, long nOutChars, long nOptions); long __stdcall X509_CertExpiresOn(const char *szCertFile, char *szOutput, long nOutChars, long nOptions); long __stdcall X509_CertSerialNumber(const char *szCertFile, char *szOutput, long nOutChars, long nOptions); long __stdcall X509_HashIssuerAndSN(const char *szCertFile, char *szOutput, long nOutChars, long nOptions); long __stdcall X509_CertIssuerName(const char *szCertFile, char *szOutput, long nOutChars, const char *szDelim, long nOptions); long __stdcall X509_CertSubjectName(const char *szCertFile, char *szOutput, long nOutChars, const char *szDelim, long nOptions); long __stdcall X509_GetCertFromP7Chain(const char *szNewCertFile, const char *szP7cFile, long nIndex, long nOptions); long __stdcall X509_GetCertFromPFX(const char *szNewCertFile, const char *szPfxFile, const char *szPassword, long nOptions); long __stdcall X509_KeyUsageFlags(const char *szCertFile); long __stdcall X509_QueryCert(char *szOutput, long nOutChars, const char *szCertFile, const char *szQuery, long nOptions); long __stdcall X509_ReadStringFromFile(char *szOutput, long nOutChars, const char *szCertFile, long nOptions); long __stdcall X509_SaveFileFromString(const char *szNewCertFile, const char *szCertString, long nOptions); long __stdcall X509_TextDump(const char *szFileOut, const char *szCertFile, long nOptions); long __stdcall X509_ValidatePath(const char *szCertListOrP7File, const char *szTrustedCert, long nOptions); long __stdcall X509_TextDumpToString(char *szOutput, long nOutChars, const char *szCertFile, long nOptions); long __stdcall X509_ReadCertStringFromP7Chain(char *szOutput, long nOutChars, const char *szP7cFile, long nIndex, long nOptions); long __stdcall X509_ReadCertStringFromPFX(char *szOutput, long nOutChars, const char *szPfxFile, const char *szPassword, long nOptions); long __stdcall X509_GetCertCountInP7Chain(const char *szP7cFile, long nOptions); /* X509 CRL FUNCTIONS */ long __stdcall X509_MakeCRL(const char *szCrlFile, const char *szIssuerCert, const char *szIssuerKeyFile, const char *szPassword, const char *szRevokedCertList, const char *szExtensions, long nOptions); long __stdcall X509_CheckCertInCRL(const char *szCertFile, const char *szCrlFile, const char *szCRLIssuerCert, const char *szDate, long nOptions); /* ONLINE CERTIFICATE STATUS PROTOCOL (OCSP) FUNCTIONS */ long __stdcall OCSP_MakeRequest(char *szOutput, long nOutChars, const char *szIssuerCert, const char *szCertFileOrSerialNum, const char *szExtensions, long nOptions); long __stdcall OCSP_ReadResponse(char *szOutput, long nOutChars, const char *szResponseFile, const char *szIssuerCert, const char *szExtensions, long nOptions); /* TRIPLE DES FUNCTIONS */ long __stdcall TDEA_HexMode(char *szOutput, const char *szInput, const char *szKey, long fEncrypt, const char *szMode, const char *szIV); long __stdcall TDEA_B64Mode(char *szOutput, const char *szInput, const char *szKey, long fEncrypt, const char *szMode, const char *szIV); /* [The following two functions are @deprecated - use equivalent CIPHER_ functions] */ long __stdcall TDEA_BytesMode(unsigned char *lpOutput, const unsigned char *lpData, long nDataLen, const unsigned char *lpKey, long fEncrypt, const char *szMode, const unsigned char *lpIV); long __stdcall TDEA_File(const char *szFileOut, const char *szFileIn, const unsigned char *lpKey, long fEncrypt, const char *szMode, const unsigned char *lpIV); /* GENERIC BLOCK CIPHER FUNCTIONS */ /* @deprecated - prefer CIPHER_En/DecryptBytes */ long __stdcall CIPHER_Bytes(long fEncrypt, unsigned char *lpOutput, const unsigned char *lpData, long nDataLen, const unsigned char *lpKey, const unsigned char *lpIV, const char *szAlgAndMode, long nOptions); /* @deprecated - prefer CIPHER_FileEn/Decrypt */ long __stdcall CIPHER_File(long fEncrypt, const char *szFileOut, const char *szFileIn, const unsigned char *lpKey, const unsigned char *lpIV, const char *szAlgAndMode, long nOptions); /* @deprecated - prefer CIPHER_En/DecryptHex */ long __stdcall CIPHER_Hex(long fEncrypt, char *szOutput, long nOutChars, const char *szData, const char *szKey, const char *szIV, const char *szAlgAndMode, long nOptions); /* Changed in [v20.2]: Renamed ~Bytes2 to ~Bytes */ long __stdcall CIPHER_EncryptBytes(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions); long __stdcall CIPHER_DecryptBytes(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions); /* @deprecated - keep old ~Bytes2 for backwards compatibility */ long __stdcall CIPHER_EncryptBytes2(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions); long __stdcall CIPHER_DecryptBytes2(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions); long __stdcall CIPHER_FileEncrypt(const char *szFileOut, const char *szFileIn, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions); long __stdcall CIPHER_FileDecrypt(const char *szFileOut, const char *szFileIn, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const char *szAlgModePad, long nOptions); long __stdcall CIPHER_EncryptAEAD(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const unsigned char *lpAAD, long nAadLen, long nOptions); long __stdcall CIPHER_DecryptAEAD(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const unsigned char *lpKey, long nKeyLen, const unsigned char *lpIV, long nIvLen, const unsigned char *lpAAD, long nAadLen, long nOptions); long __stdcall CIPHER_KeyWrap(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpData, long nDataLen, const unsigned char *lpKek, long nKekLen, long nOptions); long __stdcall CIPHER_KeyUnwrap(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpData, long nDataLen, const unsigned char *lpKek, long nKekLen, long nOptions); /* New in [v20.0] */ long __stdcall CIPHER_EncryptHex(char *szOutput, long nOutChars, const char *szInputHex, const char *szKeyHex, const char *szIvHex, const char *szAlgModePad, long nOptions); long __stdcall CIPHER_DecryptHex(char *szOutput, long nOutChars, const char *szInputHex, const char *szKeyHex, const char *szIvHex, const char *szAlgModePad, long nOptions); /* MESSAGE DIGEST HASH FUNCTIONS */ long __stdcall HASH_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpMessage, long nMsgLen, long nOptions); long __stdcall HASH_File(unsigned char *lpOutput, long nOutBytes, const char *szFileName, long nOptions); long __stdcall HASH_HexFromBytes(char *szOutput, long nOutChars, const void *lpMessage, long nMsgLen, long nOptions); long __stdcall HASH_HexFromFile(char *szOutput, long nOutChars, const char *szFileName, long nOptions); long __stdcall HASH_HexFromHex(char *szOutput, long nOutChars, const char *szMsgHex, long nOptions); /* New in [v20.5] */ long __stdcall HASH_Length(long nAlgId); /* HMAC FUNCTIONS */ long __stdcall HMAC_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpMessage, long nMsgLen, const void *lpKey, long nKeyLen, long nOptions); long __stdcall HMAC_HexFromBytes(char *szOutput, long nOutChars, const void *lpMessage, long nMsgLen, const void *lpKey, long nKeyLen, long nOptions); long __stdcall HMAC_HexFromHex(char *szOutput, long nOutChars, const char *szMsgHex, const char *szKeyHex, long nOptions); /* BASE64 AND HEX CONVERSION FUNCTIONS */ long __stdcall CNV_B64StrFromBytes(char *szOutput, long nOutChars, const unsigned char *lpInput, long nInputLen); long __stdcall CNV_BytesFromB64Str(unsigned char *lpOutput, long nOutBytes, const char *szInput); long __stdcall CNV_B64Filter(char *szOutput, const char *szInput, long nStrLen); long __stdcall CNV_HexStrFromBytes(char *szOutput, long nOutChars, const unsigned char *lpInput, long nInputLen); long __stdcall CNV_BytesFromHexStr(unsigned char *lpOutput, long nOutBytes, const char *szInput); long __stdcall CNV_HexFilter(char *szOutput, const char *szInput, long nStrLen); /* BASE58 FUNCTIONS */ long __stdcall CNV_Base58FromBytes(char *szOutput, long nOutChars, const unsigned char *lpInput, long nInputLen); long __stdcall CNV_Base58ToBytes(unsigned char *lpOutput, long nOutBytes, const char *szInput); /* UTF-8 CONVERSION/CHECK FUNCTIONS */ long __stdcall CNV_UTF8BytesFromLatin1(unsigned char *lpOutput, long nOutBytes, const char *szInput); long __stdcall CNV_Latin1FromUTF8Bytes(char *szOutput, long nOutChars, const unsigned char *lpInput, long nBytes); long __stdcall CNV_CheckUTF8Bytes(const unsigned char *lpInput, long nBytes); long __stdcall CNV_CheckUTF8File(const char *szFileName); long __stdcall CNV_ByteEncoding(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nBytes, long nOptions); /* New in [v20.3] */ long __stdcall CNV_Utf8FromWide(char *szOut, long nOutChars, const wchar_t* wstr); /* New in [v21.0] */ long __stdcall CNV_ShortPathName(char *szOut, long nOutChars, const wchar_t* szwLongPath); /* The following three functions are @deprecated... */ long __stdcall CNV_UTF8FromLatin1(char *szOutput, long nOutChars, const char *szInput); /* DEPRECATED */ long __stdcall CNV_Latin1FromUTF8(char *szOutput, long nOutChars, const char *szInput); /* DEPRECATED */ long __stdcall CNV_CheckUTF8(const char *szInput); /* DEPRECATED */ /* MISC BYTE UTILITIES */ long __stdcall CNV_ReverseBytes(unsigned char *lpOutput, const unsigned char *lpInput, long nBytes); long __stdcall CNV_NumToBytes(unsigned char *lpOutput, long nOutBytes, long nNumber, long nOptions); long __stdcall CNV_NumFromBytes(const unsigned char *lpInput, long nBytes, long nOptions); /* PEM/BINARY FILE CONVERSIONS */ long __stdcall PEM_FileFromBinFile(const char *szFileOut, const char *szFileIn, const char *szHeader, long nLineLen); long __stdcall PEM_FileFromBinFileEx(const char *szFileOut, const char *szFileIn, const char *szHeader, long nLineLen, long nOptions); long __stdcall PEM_FileToBinFile(const char *szFileOut, const char *szFileIn); /* RNG FUNCTIONS */ long __stdcall RNG_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpSeed, long nSeedLen); long __stdcall RNG_Number(long nLower, long nUpper); long __stdcall RNG_BytesWithPrompt(unsigned char *lpOutput, long nOutBytes, const char *szPrompt, long nOptions); long __stdcall RNG_Initialize(const char *szSeedFile, long nOptions); long __stdcall RNG_MakeSeedFile(const char *szSeedFile, const char *szPrompt, long nOptions); long __stdcall RNG_UpdateSeedFile(const char *szSeedFile, long nOptions); long __stdcall RNG_Test(const char *szFileOut, long nOptions); long __stdcall RNG_Guid(char *szOutput, long nOutChars, long nOptions); /* PADDING FUNCTIONS */ long __stdcall PAD_BytesBlock(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nBlkLen, long nOptions); long __stdcall PAD_UnpadBytes(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nBlkLen, long nOptions); long __stdcall PAD_HexBlock(char *szOutput, long nOutChars, const char *szInput, long nBlkLen, long nOptions); long __stdcall PAD_UnpadHex(char *szOutput, long nOutChars, const char *szInput, long nBlkLen, long nOptions); /* MISC UTILITIES */ long __stdcall WIPE_File(const char *szFileName, long nOptions); long __stdcall WIPE_Data(void *lpData, long nDataLen); long __stdcall PWD_Prompt(char *szPassword, long nPwdLen, const char *szCaption); long __stdcall PWD_PromptEx(char *szPassword, long nPwdLen, const char *szCaption, const char *szPrompt, long nOptions); /* PASSWORD-BASED ENCRYPTION PROTOTYPES */ long __stdcall PBE_Kdf2(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpPwd, long nPwdLen, const unsigned char *lpSalt, long nSaltLen, long nCount, long nOptions); long __stdcall PBE_Kdf2Hex(char *szOutput, long nOutChars, long dkBytes, const char *szPwd, const char *szSaltHex, long nCount, long nOptions); /* ASN.1 UTILITIES */ long __stdcall ASN1_TextDump(const char *szFileOut, const char *szFileOrPEMString, long nOptions); long __stdcall ASN1_Type(char *szOutput, long nOutChars, const char *szFileOrPEMString, long nOptions); long __stdcall ASN1_TextDumpToString(char *szOutput, long nOutChars, const char *szFileOrPEMString, const char *szDirName, long nOptions); /* SIGNATURE FUNCTIONS */ long __stdcall SIG_SignData(char *szOutput, long nOutChars, const unsigned char *lpData, long nDataLen, const char *szKeyFile, const char *szPassword, const char *szAlgName, long nOptions); long __stdcall SIG_SignFile(char *szOutput, long nOutChars, const char *szDataFile, const char *szKeyFile, const char *szPassword, const char *szAlgName, long nOptions); long __stdcall SIG_VerifyData(const char *szSignature, const unsigned char *lpData, long nDataLen, const char *szCertOrKeyFile, const char *szAlgName, long nOptions); long __stdcall SIG_VerifyFile(const char *szSignature, const char *szDataFile, const char *szCertOrKeyFile, const char *szAlgName, long nOptions); /* SMIME FUNCTIONS */ long __stdcall SMIME_Wrap(const char *szFileOut, const char *szFileIn, const char *szFeatures, long nOptions); long __stdcall SMIME_Extract(const char *szFileOut, const char *szFileIn, long nOptions); long __stdcall SMIME_Query(char *szOutput, long nOutChars, const char *szFileIn, const char *szQuery, long nOptions); /* COMPRESSION FUNCTIONS */ long __stdcall COMPR_Compress(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nOptions); long __stdcall COMPR_Uncompress(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, long nOptions); /* KEY DERIVATION FUNCTIONS */ /* New in [v20.5] */ long __stdcall KDF_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpIKM, long nIkmLen, const void *lpInfo, long nInfoLen, const char *szParams, long nOptions); long __stdcall KDF_ForCms(unsigned char *lpOutput, long nOutBytes, const void *lpZZ, long nZzLen, const void *lpUkm, long nUkmLen, const char *szParams, long nOptions); /* XOF/PRF FUNCTIONS */ /* New in [v21.0] */ long __stdcall XOF_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpMessage, long nMsgLen, long nOptions); long __stdcall PRF_Bytes(unsigned char *lpOutput, long nOutBytes, const void *lpMessage, long nMsgLen, const void *lpKey, long nKeyLen, const char *szCustom, long nOptions); #ifdef __cplusplus } #endif #endif /* end DICRPKI_H_ */