This page lists the elements of the BlackBerry Dynamics Crypto C language programming interface. More...
Macros | |
#define | GD_C_API_EXT |
#define | GD_C_API_EXT |
#define | GD_C_API_EXT |
#define | GD_C_API_EXT |
#define | GD_C_API_EXT |
#define | GD_C_API_EXT |
Functions | |
const char ** | GDCipher_list (void) |
Return all cipher suites by name. More... | |
const struct GDCipher * | GDCipher_byname (const char *name) |
Return a cipher suite by name. More... | |
const char * | GDCipher_name (const struct GDCipherContext *ctx) |
Return a cipher suite's name. More... | |
const struct GDCipher * | GDCipher_bycontext (const struct GDCipherContext *ctx) |
Return a cipher by context. More... | |
int | GDCipher_block_size (const struct GDCipher *cipher) |
Return the cipher block size. More... | |
int | GDCipher_key_length (const struct GDCipher *cipher) |
Return the cipher key length. More... | |
int | GDCipher_iv_length (const struct GDCipher *cipher) |
Return the IV length. More... | |
unsigned long | GDCipher_mode (const struct GDCipher *cipher) |
Return the cipher mode. More... | |
void | GDCipher_set_padding (struct GDCipherContext *ctx, int padding) |
Enable or disable padding. More... | |
struct GDCipherContext * | GDCipher_new (void) |
Return a new cipher context. More... | |
int | GDCipher_init (struct GDCipherContext *ctx, const struct GDCipher *cipher, const void *key, const void *iv, int mode) |
Initialize a cipher context. More... | |
int | GDCipher_copy (struct GDCipherContext *destination, const struct GDCipherContext *source) |
Copy a cipher context. More... | |
int | GDCipher_update (struct GDCipherContext *ctx, void *out_data, int *out_data_sz, const void *in_data, int in_data_sz) |
Encipher or decipher. More... | |
int | GDCipher_final (struct GDCipherContext *ctx, void *out_data, int *out_sz) |
Encipher or decipher last block. More... | |
int | GDCipher (struct GDCipherContext *ctx, void *out_data, const void *in_data, unsigned int in_data_sz) |
Encipher or decipher. More... | |
int | GDCipher_cleanup (struct GDCipherContext *ctx) |
Clears all information from a cipher context. More... | |
void | GDCipher_free (struct GDCipherContext *ctx) |
Free the cipher context. More... | |
const struct GDDigest * | GDDigest_byname (const char *name) |
Return a digest algorithm by name. More... | |
const char * | GDDigest_name (const struct GDDigestContext *ctx) |
Return a digest's name. More... | |
const struct GDDigest * | GDDigest_bycontext (const struct GDDigestContext *ctx) |
Return a digest by context. More... | |
int | GDDigest_size (const struct GDDigest *digest) |
Size of a digest in bytes. More... | |
int | GDDigest_block_size (const struct GDDigest *digest) |
Return the digest block size. More... | |
struct GDDigestContext * | GDDigest_new (void) |
Return a new digest context. More... | |
int | GDDigest_init (struct GDDigestContext *ctx, const struct GDDigest *algorithm) |
Initialize a digest context. More... | |
int | GDDigest_copy (struct GDDigestContext *destination, const struct GDDigestContext *source) |
Copy a digest context. More... | |
int | GDDigest_update (struct GDDigestContext *ctx, const void *message, size_t message_sz) |
Calculate a digest. More... | |
int | GDDigest_final (struct GDDigestContext *ctx, void *digest, unsigned int *digest_sz) |
Finalize and output the digest. More... | |
int | GDDigest (const void *data, size_t data_sz, void *md, unsigned int *md_sz, const struct GDDigest *type) |
Calculate a digest. More... | |
int | GDDigest_sign_init (struct GDDigestContext *ctx, struct GDKeyContext **key_context, const struct GDDigest *digest, struct GDKey *key) |
Initialize a digest context for signing. More... | |
int | GDDigest_sign_final (struct GDDigestContext *ctx, void *signature, size_t *signature_sz) |
Sign a digest. More... | |
int | GDDigest_verify_init (struct GDDigestContext *ctx, struct GDKeyContext **key_ctx, const struct GDDigest *digest, struct GDKey *key) |
Initialize a digest context for verification. More... | |
int | GDDigest_verify_final (struct GDDigestContext *ctx, const void *signature, size_t signature_sz) |
Verify a digest. More... | |
int | GDDigest_cleanup (struct GDDigestContext *ctx) |
Clears all information from a digest context. More... | |
void | GDDigest_free (struct GDDigestContext *ctx) |
Free the digest context. More... | |
unsigned long | GDCryptoError_get (void) |
Retrieve the earliest error code. More... | |
unsigned long | GDCryptoError_peek (void) |
Read the earliest error code. More... | |
unsigned long | GDCryptoError_peek_last (void) |
Read the latest error code. More... | |
void | GDCryptoError_clear (void) |
Empties the error stack. More... | |
const char * | GDCryptoError_string (unsigned long e) |
Return a human-readable string representing the error code. More... | |
const char * | GDCryptoError_detailed_string (void) |
Return a detailed human-readable string of the last error. More... | |
int | GDFIPS_mode (void) |
Retrieve the current FIPS 140-2 mode of operation. More... | |
struct GDX509 * | GDX509_copy (const struct GDX509 *cert) |
Copy a X509 structure. More... | |
void | GDX509_free (struct GDX509 *cert) |
Free a X509 structure. More... | |
struct GDX509List * | GDX509List_read (const char *pem, int pem_length) |
Retrieve a list of X509 certificates within a PEM container. More... | |
struct GDX509List * | GDX509List_copy (const struct GDX509List *certs) |
Copy a list of X509 certificates. More... | |
int | GDX509List_num (const struct GDX509List *certs) |
Count the number of X509 certificates. More... | |
const struct GDX509 * | GDX509List_value (const struct GDX509List *certs, int index) |
Retrieve an X509 certificate from a list. More... | |
void | GDX509List_insert (const struct GDX509List *certs, int index, const struct GDX509 *cert) |
Insert a certificate into the list. More... | |
bool | GDX509List_evaluate (const struct GDX509List *certs, const struct GDX509List *not_used, const char *hostname, char **reason) |
Evaluate a certificate chain. More... | |
struct GDX509List * | GDX509List_trusted_authorities (void) |
Retrieve a list of trusted X509 certificate authorities. More... | |
struct GDX509List * | GDX509List_all_user_certs (void) |
Retrieve all user certificates managed by Dynamics. More... | |
struct GDX509List * | GDX509List_valid_user_signing_certs (void) |
Retrieve all valid user certificates managed by Dynamics. More... | |
struct GDX509List * | GDX509List_valid_user_encryption_certs (void) |
Retrieve all valid user encryption certificates managed by Dynamics. More... | |
struct GDX509List * | GDX509List_all_user_encryption_certs (void) |
Retrieve all user encryption certificates managed by Dynamics. More... | |
struct GDX509List * | GDX509List_aux_certs (const struct GDX509 *cert) |
Retrieve a certificate chain for a user certificate. More... | |
void | GDX509List_free (struct GDX509List *certs) |
Free a X509 list structure. More... | |
struct GDKey * | GDKey_public (const struct GDX509 *cert) |
Retrieve the public key. More... | |
struct GDKey * | GDKey_private (const struct GDX509 *cert) |
Retrieve an opaque private key corresponding to a user certificate. More... | |
void | GDKey_free (struct GDKey *key) |
Free a key structure. More... | |
int | GDKey_compare (const struct GDKey *a, const struct GDKey *b) |
Compare two keys. More... | |
int | GDKey_size (const struct GDKey *key) |
Signature size. More... | |
int | GDKey_bits (const struct GDKey *key) |
Key size. More... | |
int | GDKey_type (const struct GDKey *key) |
Key type. More... | |
const char * | GDKey_name (const struct GDKey *key) |
Return the key algorithm name. More... | |
struct GDKeyContext * | GDKeyContext_new (struct GDKey *key) |
Create a new key context. More... | |
struct GDKeyContext * | GDKeyContext_copy (struct GDKeyContext *ctx) |
Copy a key context. More... | |
void | GDKeyContext_free (struct GDKeyContext *ctx) |
Free a key context. More... | |
int | GDKey_sign_init (struct GDKeyContext *ctx) |
Initialize a key context for signing. More... | |
int | GDKey_sign (struct GDKeyContext *ctx, void *signature, size_t *signature_length, const void *message, size_t message_length) |
Sign a message. More... | |
int | GDKey_verify_init (struct GDKeyContext *ctx) |
Initialize a key context for verification. More... | |
int | GDKey_verify (struct GDKeyContext *ctx, const void *signature, size_t signature_length, const void *message, size_t message_length) |
Verify a signed message. More... | |
int | GDKey_encrypt_init (struct GDKeyContext *ctx) |
Initialize a key context for encryption. More... | |
int | GDKey_encrypt (struct GDKeyContext *ctx, void *encrypted, size_t *encrypted_length, const void *clear, size_t clear_length) |
Encrypt data. More... | |
int | GDKey_decrypt_init (struct GDKeyContext *ctx) |
Initialize a key context for decryption. More... | |
int | GDKey_decrypt (struct GDKeyContext *ctx, void *clear, size_t *clear_length, const void *encrypted, size_t encrypted_length) |
Decrypt data. More... | |
int | GDKey_sign_final (struct GDDigestContext *digest, void *signature, unsigned int *signature_length, struct GDKey *key) |
Sign a digest. More... | |
int | GDKey_verify_final (struct GDDigestContext *digest, const void *signature, unsigned int signature_length, struct GDKey *key) |
Verify a digest. More... | |
int | GDKey_set_signature_md (struct GDKeyContext *ctx, const struct GDDigest *digest) |
Sets the message digest type used in a signature. More... | |
int | GDKey_get_signature_md (struct GDKeyContext *ctx, const struct GDDigest **digest) |
Returns the message digest type. More... | |
struct GDPKCS7 * | GDPKCS7_SMIME_read (struct GDStream *stream, struct GDStream **clearText, int flags) |
Deserialize SMIME to a PKCS7 structure. More... | |
struct GDPKCS7 * | GDPKCS7_read (struct GDStream *stream, int flags) |
Deserialize ASN.1/DER encoding to a PKCS7 structure. More... | |
int | GDPKCS7_type (struct GDPKCS7 *p7, int flags) |
Retrieve the type of PKCS7 structure. More... | |
int | GDPKCS7_verify (struct GDPKCS7 *p7, const struct GDX509List *certs, const struct GDX509List *anchors, struct GDStream *indata, struct GDStream *out, int flags) |
Verify a PKCS7 signedData structure. More... | |
const struct GDX509List * | GDPKCS7_get_signers (struct GDPKCS7 *p7, int flags) |
Retrieve the signer's certificate(s). More... | |
int | GDPKCS7_decrypt (struct GDPKCS7 *p7, struct GDKey *pkey, const struct GDX509 *cert, struct GDStream *data, int flags) |
Decrypt a PKCS7 envelopedData structure. More... | |
struct GDPKCS7 * | GDPKCS7_encrypt (struct GDX509List *certs, struct GDStream *in, const struct GDCipher *cipher, int flags) |
Create a PKCS7 envelopedData structure. More... | |
struct GDPKCS7 * | GDPKCS7_add_signer (const struct GDX509 *signcert, struct GDKey *pkey, struct GDX509List *certs, const struct GDDigest *md, int flags) |
Add signer information to a PKCS7 structure. More... | |
int | GDPKCS7_final (struct GDPKCS7 *p7, struct GDStream *data, int flags) |
Finalize a PKCS7 structure. More... | |
int | GDPKCS7_write (struct GDStream *stream, struct GDPKCS7 *p7, int flags) |
Serialize a PKCS7 structure to ASN.1/DER encoding. More... | |
int | GDPKCS7_SMIME_write (struct GDStream *stream, struct GDPKCS7 *p7, struct GDStream *data, int flags) |
Serialize a PKCS7 structure to SMIME encoding. More... | |
void | GDPKCS7_free (struct GDPKCS7 *p7, int flags) |
Free a PKCS7 structure. More... | |
struct GDRSA * | GDRSA_public_key (const struct GDX509 *cert) |
Retrieve the RSA public key. More... | |
struct GDRSA * | GDRSA_private_key (const struct GDX509 *cert) |
Retrieve a pseudo private RSA key corresponding to a user certificate. More... | |
int | GDRSA_size (const struct GDRSA *rsa) |
RSA modulus size. More... | |
void | GDRSA_free (struct GDRSA *rsa) |
Free a RSA key structure. More... | |
int | GDRSA_sign (const struct GDDigest *digest_algorithm, const void *digest, unsigned int digest_size, void *signature, unsigned int *signature_size, struct GDRSA *rsa) |
RSA sign a message digest. More... | |
int | GDRSA_verify (const struct GDDigest *digest_algorithm, const void *digest, unsigned int digest_size, const void *signature, unsigned int signature_size, struct GDRSA *rsa) |
Verify an RSA signed message. More... | |
int | GDRSA_public_encrypt (int flen, const void *from, void *to, struct GDRSA *rsa, int padding) |
RSA public encrypt. More... | |
int | GDRSA_private_decrypt (int flen, const void *from, void *to, struct GDRSA *rsa, int padding) |
RSA private decrypt. More... | |
int | GDRSA_private_encrypt (int flen, const void *from, void *to, struct GDRSA *rsa, int padding) |
RSA private encrypt. More... | |
int | GDRSA_public_decrypt (int flen, const void *from, void *to, struct GDRSA *rsa, int padding) |
RSA public decrypt. More... | |
const struct GDStreamStorageMethod * | GDStream_mem_storage_method (void) |
Retrieve a memory stream storage method. More... | |
struct GDStream * | GDStream_new_mem_buf (const void *buf, int len) |
Create a stream from a region of memory. More... | |
struct GDStream * | GDStream_new (const struct GDStreamStorageMethod *method) |
Create a stream. More... | |
int | GDStream_read (struct GDStream *stream, void *data, int len) |
Read from a stream. More... | |
int | GDStream_write (struct GDStream *stream, const void *data, int len) |
Write to a stream. More... | |
int | GDStream_reset (struct GDStream *stream) |
Reset a stream. More... | |
int | GDStream_eof (struct GDStream *stream) |
Tells if stream has reached the end. More... | |
void | GDStream_free (struct GDStream *stream) |
Free a stream structure. More... | |
Variables | |
const int | GDCIPHER_MAX_BLOCK_LENGTH |
Maximum block length for all ciphers. More... | |
const int | GDCIPHER_MAX_KEY_LENGTH |
Maximum key length for all ciphers. More... | |
const unsigned long | GDCIPHER_STREAM_CIPHER |
Stream cipher mode. More... | |
const unsigned long | GDCIPHER_ECB_MODE |
ECB cipher mode. More... | |
const unsigned long | GDCIPHER_CBC_MODE |
CBC cipher mode. More... | |
const unsigned long | GDCIPHER_CFB_MODE |
CFB cipher mode. More... | |
const unsigned long | GDCIPHER_OFB_MODE |
OFB cipher mode. More... | |
const unsigned long | GDCIPHER_CTR_MODE |
CTR cipher mode. More... | |
const unsigned long | GDCIPHER_GCM_MODE |
GCM cipher mode. More... | |
const unsigned long | GDCIPHER_CCM_MODE |
CCM cipher mode. More... | |
const unsigned long | GDCIPHER_XTS_MODE |
XTS cipher mode. More... | |
const unsigned long | GDCIPHER_WRAP_MODE |
Wrap cipher mode. More... | |
const int | GDDIGEST_MAX_SIZE |
Maximum supported digest size in bytes. More... | |
const int | GDKEY_TYPE_RSA |
RSA key type. More... | |
const int | GDKEY_TYPE_DSA |
DSA key type. More... | |
const int | GDKEY_TYPE_EC |
EC key type. More... | |
const int | GDPKCS7_TEXT |
PKCS7 flags. More... | |
const int | GDPKCS7_NOCERTS |
const int | GDPKCS7_NOSIGS |
const int | GDPKCS7_NOCHAIN |
const int | GDPKCS7_NOINTERN |
const int | GDPKCS7_NOVERIFY |
const int | GDPKCS7_DETACHED |
const int | GDPKCS7_BINARY |
const int | GDPKCS7_NOATTR |
const int | GDPKCS7_NOSMIMECAP |
const int | GDPKCS7_NOOLDMIMETYPE |
const int | GDPKCS7_CRLFEOL |
const int | GDPKCS7_STREAM |
const int | GDPKCS7_NOCRL |
const int | GDPKCS7_PARTIAL |
const int | GDPKCS7_REUSE_DIGEST |
const int | GDPKCS7_USE_KEYID |
const int | GDPKCS7_KEY_PARAM |
const int | GDPKCS7_SIGNED |
PKCS7 content-type:pkcs7-signedData. More... | |
const int | GDPKCS7_ENCRYPTED |
PKCS7 content-type:pkcs7-encryptedData. More... | |
const int | GDPKCS7_ENVELOPED |
PKCS7 content-type:pkcs7-envelopedData. More... | |
const int | GDPKCS7_SIGNED_AND_ENVELOPED |
PKCS7 content-type:pkcs7-signedAndEnvelopedData. More... | |
const int | GDPKCS7_DATA |
PKCS7 content-type:pkcs7-data. More... | |
const int | GDPKCS7_DIGEST |
PKCS7 content-type:pkcs7-digestData. More... | |
const int | GDRSA_PKCS1_PADDING |
PKCS #1 padding. More... | |
const int | GDRSA_PKCS1_OAEP_PADDING |
PKCS #1 OAEP padding. More... | |
const int | GDRSA_NO_PADDING |
No padding. More... | |
This is a C language programming interface for performing cryptographic operations. The interface enables an app to perform PKCS7 sign, verify, encrypt, decrypt operations.
#define GD_C_API_EXT |
#define GD_C_API_EXT |
#define GD_C_API_EXT |
#define GD_C_API_EXT |
#define GD_C_API_EXT |
#define GD_C_API_EXT |
const char** GDCipher_list | ( | void | ) |
Returns an array of supported cipher suite names.
char**
an array of c-strings containing the cipher names. const struct GDCipher* GDCipher_byname | ( | const char * | name | ) |
Returns a cipher structure by suite name. The name must be the long name format as specified in obj_mac.h of OpenSSL.
name | char* the name of the cipher suite required. For example, "des-ede3-cbc". |
GDCipher*
the cipher suite or NULL. If NULL, the reason can be obtained from GDCryptoError_get(). const char* GDCipher_name | ( | const struct GDCipherContext * | ctx | ) |
Returns the name of the given cipher suite. The name will be in long name format as specified in obj_mac.h of OpenSSL.
ctx | GDCipherContext* the cipher context for which the name is required. |
char*
the cipher suite name or NULL. const struct GDCipher* GDCipher_bycontext | ( | const struct GDCipherContext * | ctx | ) |
Returns a cipher structure for the given cipher context.
ctx | GDCipherContext* the context of the cipher required. |
GDCipher*
the cipher suite or NULL. int GDCipher_block_size | ( | const struct GDCipher * | cipher | ) |
Returns the block size of a given cipher.
cipher | GDCipher* the cipher for which the block size is required. |
int
the block size of the cipher in bytes. int GDCipher_key_length | ( | const struct GDCipher * | cipher | ) |
Returns the key length of a given cipher.
cipher | GDCipher* the cipher for which the key length is required. |
int
the key length of the cipher. int GDCipher_iv_length | ( | const struct GDCipher * | cipher | ) |
Returns the IV length of a given cipher.
cipher | GDCipher* the cipher for which the IV length is required. |
int
the IV length of the cipher. unsigned long GDCipher_mode | ( | const struct GDCipher * | cipher | ) |
Returns the mode of a given cipher.
cipher | GDCipher* the cipher for which the mode is required. |
unsigned long
the mode of the cipher. void GDCipher_set_padding | ( | struct GDCipherContext * | ctx, |
int | padding | ||
) |
Enable or disable padding for the given cipher context.
ctx | GDCipherContext* the cipher context for which padding is to be enabled or disabled. |
padding | int 0 for no padding, any other value to enable padding. |
struct GDCipherContext* GDCipher_new | ( | void | ) |
A cipher context is used to symmetrically encrypt or decrypt a message. The context should be initialized with a specific cipher algorithm by calling GDCipher_init().
GDCipherContext*
a cipher context. int GDCipher_init | ( | struct GDCipherContext * | ctx, |
const struct GDCipher * | cipher, | ||
const void * | key, | ||
const void * | iv, | ||
int | mode | ||
) |
Initialize the cipher context with a specific cipher suite.
ctx | GDCipherContext* a pointer to the cipher context. |
cipher | const GDCipher* the cipher suite, for example AES-256-CBC. |
key | const void* NULL or the symmetric key to use, depending on the cipher. |
iv | const void* NULL or the IV to use, depending on the cipher. |
mode | int 1 for encryption, 0 for decryption |
int
1 for success, 0 for failure. int GDCipher_copy | ( | struct GDCipherContext * | destination, |
const struct GDCipherContext * | source | ||
) |
Copies the cipher context. The destination cipher is cleaned up before being updated to match the source cipher.
source | GDCipherContext* a pointer to a cipher context. |
destination | const GDCipherContext* the cipher context to copy. |
int
1 for success, 0 for failure. int GDCipher_update | ( | struct GDCipherContext * | ctx, |
void * | out_data, | ||
int * | out_data_sz, | ||
const void * | in_data, | ||
int | in_data_sz | ||
) |
Perform encryption or decryption of a message. This function can be called multiple times to encrypt or decrypt successive blocks of data.
ctx | GDCipherContext* a pointer to the cipher context. |
out_data | void* a buffer large enough to contain the encrypted or decrypted data. The amount of data written may be anything from zero bytes to (in_sz + cipher_block_size - 1). |
out_data_sz | size_t the number of bytes written to out_data. |
in_data | const void* a pointer to the data to be encrypted or decrypted. |
in_data_sz | int the number of bytes of the data to be encrypted. |
int
1 for success, 0 for failure. int GDCipher_final | ( | struct GDCipherContext * | ctx, |
void * | out_data, | ||
int * | out_sz | ||
) |
Finish encryption or decryption of the last block of data.
ctx | GDCipherContext* a pointer to the cipher context. |
out_data | size_t a buffer large enough to contain the encrypted or decrypted data. The amount of data written may be anything from zero bytes to (remaining_sz + cipher_block_size - 1). |
out_sz | size_t the number of bytes written to out_data. |
int
1 for success, 0 for failure. int GDCipher | ( | struct GDCipherContext * | ctx, |
void * | out_data, | ||
const void * | in_data, | ||
unsigned int | in_data_sz | ||
) |
Perform encryption or decryption of a message.
ctx | GDCipherContext* a pointer to the cipher context. |
out_data | void* a buffer large enough to contain the encrypted or decrypted data. The amount of data written may be anything from zero bytes to (in_sz + cipher_block_size - 1). |
in_data | const void* a pointer to the data to be encrypted or decrypted. |
in_data_sz | unsigned int the number of bytes of the data to be encrypted. |
int
1 for success, 0 for failure. int GDCipher_cleanup | ( | struct GDCipherContext * | ctx | ) |
Clears all information from a cipher context and frees up any allocated memory associate with it. It should be called after all operations using a cipher are complete so sensitive information does not remain in memory.
ctx | GDCipherContext* a pointer to the cipher context. |
int
1 for success, 0 for failure. void GDCipher_free | ( | struct GDCipherContext * | ctx | ) |
Deallocate cipher context resources. It does not free the buffer holding the encrypted or decrypted data that the caller supplied to GDCipher_final().
ctx | GDCipherContext* a pointer to the cipher context to free. |
const struct GDDigest* GDDigest_byname | ( | const char * | name | ) |
Returns a digest algorithm structure by name. The name must be the long name format as specified in obj_mac.h of OpenSSL.
name | char* the name of the digest required. For example, "sha256". |
int
the digest or NULL. If NULL, the reason can be obtained from GDCryptoError_get(). const char* GDDigest_name | ( | const struct GDDigestContext * | ctx | ) |
Returns the name of the given digest structure. The name will be in long name format as specified in obj_mac.h of OpenSSL.
ctx | GDDigestContext* the digest context for which the name is required. |
char*
the digest name or NULL. const struct GDDigest* GDDigest_bycontext | ( | const struct GDDigestContext * | ctx | ) |
Returns a digest structure for the given digest context.
ctx | GDDigestContext* the context of the digest required. |
GDDigest*
the digest or NULL. If NULL, the reason can be obtained from GDCryptoError_get(). int GDDigest_size | ( | const struct GDDigest * | digest | ) |
Returns the specified digest size in bytes.
digest | const GDDigest* digest the digest. For example, "sha256". |
int
the digest size. int GDDigest_block_size | ( | const struct GDDigest * | digest | ) |
Returns the block size of a given digest.
digest | GDCipher* the digest for which the block size is required. |
int
the block size of the digest in bytes. struct GDDigestContext* GDDigest_new | ( | void | ) |
A digest context is used to calculate the digest (hash) of a message. The context should be initialized with a specific digest algorithm by calling GDDigest_init().
GDDigestContext*
a digest context. int GDDigest_init | ( | struct GDDigestContext * | ctx, |
const struct GDDigest * | algorithm | ||
) |
Initialize the digest context with a specific digest algorithm.
ctx | GDDigestContext* a pointer to the digest context. |
algorithm | const GDDigest* the digest algorithm, for example SHA-256. |
int
1 for success, 0 for failure. int GDDigest_copy | ( | struct GDDigestContext * | destination, |
const struct GDDigestContext * | source | ||
) |
Copies the digest context. The destination digest is cleaned up before being updated to match the source digest.
source | GDDigestContext* a pointer to a digest context. |
destination | const GDDigestContext* the digest context to copy. |
int
1 for success, 0 for failure. int GDDigest_update | ( | struct GDDigestContext * | ctx, |
const void * | message, | ||
size_t | message_sz | ||
) |
Calculate the digest of a message. This function can be called multiple times to update the digest with additional message data.
ctx | GDDigestContext* a pointer to the digest context. |
message | const void* a pointer to the message chunk. |
message_sz | size_t the number of bytes of the message chunk. |
int
1 for success, 0 for failure. int GDDigest_final | ( | struct GDDigestContext * | ctx, |
void * | digest, | ||
unsigned int * | digest_sz | ||
) |
Return the final digest of the complete message.
ctx | GDDigestContext* a pointer to the digest context. |
digest | void* a pointer to memory large enough to contain the digest. The caller must allocate and eventually free this buffer. The size of the buffer required can be determined by calling GDDigest_size(), or using GDDIGEST_MAX_SIZE. |
digest_sz | size_t the number of digest bytes copied to digest. |
int
1 for success, 0 for failure. int GDDigest | ( | const void * | data, |
size_t | data_sz, | ||
void * | md, | ||
unsigned int * | md_sz, | ||
const struct GDDigest * | type | ||
) |
Calculate the digest of a message.
data | const void* a buffer containing the data to hash. |
data_sz | size_t the size of the buffer containing the data to hash. |
md | void* a buffer large enough to contain the digest. |
md_sz | size_t upon return, the number of bytes of the calculated digest. |
type | GDDigest* the digest required. |
int
1 for success, 0 for failure. int GDDigest_sign_init | ( | struct GDDigestContext * | ctx, |
struct GDKeyContext ** | key_context, | ||
const struct GDDigest * | digest, | ||
struct GDKey * | key | ||
) |
Initialize a digest context for a signing operation.
ctx | GDDigestContext* the digest context to initialize. |
key_context | GDKeyContext** if not NULL, upon return, a key context that can be used to set additional signing parameters. The key context will be freed automatically when the digest context is freed. |
digest | GDDigest* the digest algorithm to use when signing. |
key | GDKey* the signer's private key. |
int
1 for success, 0 or a negative value for failure. int GDDigest_sign_final | ( | struct GDDigestContext * | ctx, |
void * | signature, | ||
size_t * | signature_sz | ||
) |
Signs a message digest.
ctx | GDDigestContext* the initialized digest context to use when signing. |
signature | void* a buffer large enough to contain the signature. If NULL, the size required is returned in signature_sz. |
signature_sz | GDDigest* upon return, the size of the signature. |
int
1 for success and 0 or a negative value for failure. int GDDigest_verify_init | ( | struct GDDigestContext * | ctx, |
struct GDKeyContext ** | key_ctx, | ||
const struct GDDigest * | digest, | ||
struct GDKey * | key | ||
) |
Initialize a digest context for a verification operation.
ctx | GDDigestContext* the digest context to initialize. |
key_ctx | GDKeyContext** if not NULL, upon return, a key context that can be used to set additional verification parameters. The key context will be freed automatically when the digest context is freed. |
digest | GDDigest* the digest algorithm to use when verifying. |
key | GDKey* the signer's public key. |
int
1 for success, 0 for failure. int GDDigest_verify_final | ( | struct GDDigestContext * | ctx, |
const void * | signature, | ||
size_t | signature_sz | ||
) |
Verifies a message digest.
ctx | GDDigestContext* the initialized digest context to use for verification. |
signature | void* a buffer containing a signature. |
signature_sz | GDDigest* the size of the signature buffer. |
int GDDigest_cleanup | ( | struct GDDigestContext * | ctx | ) |
Clears all information from a digest context and frees up any allocated memory associate with it. It should be called after all operations using a digest are complete so sensitive information does not remain in memory.
ctx | GDDigestContext* a pointer to the digest context. |
int
1 for success, 0 for failure. void GDDigest_free | ( | struct GDDigestContext * | ctx | ) |
Deallocate digest context resources. It does not free the digest buffer that the caller supplied to GDDigest_final().
ctx | GDDigestContext* a pointer to the digest context to free. |
unsigned long GDCryptoError_get | ( | void | ) |
Returns the earliest error code from the thread's error stack and removes the entry. This function can be called repeatedly until there are no more error codes to return.
unsigned long
an error code, or 0 if there is no error in the queue. unsigned long GDCryptoError_peek | ( | void | ) |
Returns the earliest error code without modifying the error stack for this thread.
unsigned long
The error code, or 0 if there is no error in the queue. unsigned long GDCryptoError_peek_last | ( | void | ) |
Returns the latest error code without modifying the error stack for this thread.
unsigned long
The error code, or 0 if there is no error in the queue. void GDCryptoError_clear | ( | void | ) |
Clear the thread's error stack.
const char* GDCryptoError_string | ( | unsigned long | e | ) |
Generates a human-readable string representing the error code.
e | unsigned long the error code. |
char*
a pointer to a static buffer containing the string. const char* GDCryptoError_detailed_string | ( | void | ) |
Generates a human-readable string with additional technical information if avaiable.
char*
a pointer to a static buffer containing the string. int GDFIPS_mode | ( | void | ) |
This function returns the FIPS mode of operation. When in FIPS mode, calls to the Dynamics Crypto API will fail if an algorithm not compliant with FIPS 140-2 is used.
int
A return code of non-zero indicates FIPS mode, 0 indicates non-FIPS mode. struct GDX509* GDX509_copy | ( | const struct GDX509 * | cert | ) |
Copy resources held by the X509 structure.
cert | GDX509* the X509 structure to copy. |
void GDX509_free | ( | struct GDX509 * | cert | ) |
Deallocates resources held by the X509 structure.
cert | GDX509* the X509 structure to free. |
struct GDX509List* GDX509List_read | ( | const char * | pem, |
int | pem_length | ||
) |
Decodes a PEM container and returns a list of certificates within.
pem | const char* a pointer to the PEM data. |
pem_length | int length of the PEM data. |
GDX509List*
the list of certificates within the PEM data. If NULL, the reason can be obtained from GDCryptoError_get(). struct GDX509List* GDX509List_copy | ( | const struct GDX509List * | certs | ) |
Copies and returns a list of certificates.
certs | GDX509List* the list to copy. |
GDX509List*
the copied list of certificates. If NULL, the reason can be obtained from GDCryptoError_get(). int GDX509List_num | ( | const struct GDX509List * | certs | ) |
Returns the number of X509 certificates within a list.
certs | GDX509List* the list of certificates to count. |
int
the number of certificates within the list. const struct GDX509* GDX509List_value | ( | const struct GDX509List * | certs, |
int | index | ||
) |
Returns an X509 certificate at a zero-based index within the list.
certs | GDX509List* the list of certificates to access. |
index | int the index of list to access. |
GDX509*
the certificate at the specified index. void GDX509List_insert | ( | const struct GDX509List * | certs, |
int | index, | ||
const struct GDX509 * | cert | ||
) |
Copies and inserts a X509 certificate into a list at a given index.
certs | GDX509List* the list of certificates to insert into. |
index | int the index within the list to insert the certificate. |
cert | GDX509* the certificate to copy and insert. |
bool GDX509List_evaluate | ( | const struct GDX509List * | certs, |
const struct GDX509List * | not_used, | ||
const char * | hostname, | ||
char ** | reason | ||
) |
Evaluates whether the certificate can be trusted. A certificate is trustworthy if an unbroken chain of trust back to the root Certificate Authority (CA) within the trust store can be established. Validity periods and signatures of the leaf certificate and intermediates (if any) are checked.
The Dynamics trust store will be searched first, and if the device certificate store is enabled it may also be used during evaluation.
certs | GDX509List* the certificate to evaluate, followed by intermediates (if any). |
not_used | GDX509List* must be NULL. |
hostname | char* the name of the server if used to evaluate a TLS server certificate. |
reason | char** allocated and set to the reason for failure upon return, NULL otherwise. The caller is responsible for deallocating by calling free. |
bool
true if the certificate chain is trusted, false otherwise. struct GDX509List* GDX509List_trusted_authorities | ( | void | ) |
Returns a list of trusted certificate authorities found within the Dynamics container.
GDX509List*
a list of trusted certificate authorities or NULL if not found. struct GDX509List* GDX509List_all_user_certs | ( | void | ) |
Return a list of user certificates known to Dynamics.
GDX509List*
a list of all user certificates known to Dynamics, NULL if none. struct GDX509List* GDX509List_valid_user_signing_certs | ( | void | ) |
Return a list of user certificates known to Dynamics if the device's time falls within the certificate's validity date range.
GDX509List*
a list of all valid user certificates known to Dynamics, NULL if none. struct GDX509List* GDX509List_valid_user_encryption_certs | ( | void | ) |
Return a list of user certificates known to Dynamics if the device's time falls within the certificate's validity date range, and usage properties permit it to be used for encryption purposes.
GDX509List*
a list of all valid user encryption certificates known to Dynamics, NULL if none. struct GDX509List* GDX509List_all_user_encryption_certs | ( | void | ) |
Return a list of user certificates known to Dynamics if usage properties permit it to be used for encryption purposes. The list may include expired certificates.
GDX509List*
a list of all user encryption certificates known to Dynamics, NULL if none. struct GDX509List* GDX509List_aux_certs | ( | const struct GDX509 * | cert | ) |
Return a certificate chain for the user certificate, containing intermediate certificates, if any.
cert | GDX509* the user certificates for which the chain is required. |
GDX509List*
a list of intermediate certificates or NULL if none. void GDX509List_free | ( | struct GDX509List * | certs | ) |
Deallocates resources held by the X509 list structure.
certs | GDX509List* the X509 list structure to free. |
struct GDKey* GDKey_public | ( | const struct GDX509 * | cert | ) |
Return the public key from within the supplied certificate.
cert | GDX509* the certificate for which the key is required. |
GDKey*
the public key of the certificate. If NULL, the reason can be obtained from GDCryptoError_get(). struct GDKey* GDKey_private | ( | const struct GDX509 * | cert | ) |
Return the private key corresponding to a user certificate stored within the Dynamics Key Store. The key data is not meaningful and will yield garbage if used to sign or decrypt data using external (non-Dynamics) APIs.
cert | GDX509* the certificate for which the private key is required. |
GDKey*
the private key of the certificate. If NULL, the reason can be obtained from GDCryptoError_get(). void GDKey_free | ( | struct GDKey * | key | ) |
Deallocates resources held by the key structure.
key | GDKey* the key structure to free. |
int GDKey_compare | ( | const struct GDKey * | a, |
const struct GDKey * | b | ||
) |
Compare two keys.
a | GDKey* key a. |
b | GDKey* key b. |
int
1 if the keys match, 0 if they don't match, -1 if the key types are different and -2 if the operation is not supported. int GDKey_size | ( | const struct GDKey * | key | ) |
Returns the maximum size of an ASN.1 encoded signature in bytes. It can be used to determine how much memory must be allocated for a signature.
key | GDKey* the key for which the signature size is required. |
int
the maximum signature size in bytes. int GDKey_bits | ( | const struct GDKey * | key | ) |
Returns the key size in bits.
key | GDKey* the key for which the size is required. |
int
the key size in bits. int GDKey_type | ( | const struct GDKey * | key | ) |
Returns the type of the underlying key.
key | GDKey* the key for which the type is required. |
int
the key type, which will be either GDKEY_TYPE_RSA, GDKEY_TYPE_DSA, or GDKEY_TYPE_EC. const char* GDKey_name | ( | const struct GDKey * | key | ) |
Return the key algorithm name.
key | GDKey* the key for which the algorithm name is required. |
char*
the key algorithm name. struct GDKeyContext* GDKeyContext_new | ( | struct GDKey * | key | ) |
Create a new key context object. Contexts are opaque structures used by other APIs and must not be used simultaneously by multiple threads.
key | GDKey* the key for which the context is required. |
GDKeyContext*
the key context or NULL if an error occurred. struct GDKeyContext* GDKeyContext_copy | ( | struct GDKeyContext * | ctx | ) |
Copy a key context object.
ctx | GDKey* the source key context to copy. |
GDKeyContext*
a copy of the key context. void GDKeyContext_free | ( | struct GDKeyContext * | ctx | ) |
Deallocates resources held by the key context.
ctx | GDKeyContext* the key context to free. |
int GDKey_sign_init | ( | struct GDKeyContext * | ctx | ) |
Initializes a key context object for a signing operation.
ctx | GDKeyContext* the key context to initialize. |
int GDKey_sign | ( | struct GDKeyContext * | ctx, |
void * | signature, | ||
size_t * | signature_length, | ||
const void * | message, | ||
size_t | message_length | ||
) |
Signs a message, usually a message digest and returns the ASN.1 DER encoded signature. This function does not calculate the digest of the data to be signed. The required size for the signature buffer can be computed by calling this function with a NULL signature buffer.
ctx | GDKeyContext* the key context to sign with. |
signature | void* NULL, or a buffer large enough to hold the signature. |
signature_length | size_t* must be set to the length of the signature buffer, and upon return will be set to the amount of data written to the signature buffer. If signature is NULL, it will be set to the maximum size of the signature. |
message | void* the message to sign, usually a digest. |
message_length | size_t* the length of the message to sign. |
int GDKey_verify_init | ( | struct GDKeyContext * | ctx | ) |
Initializes a key context object for a verification operation.
ctx | GDKeyContext* the key context to initialize. |
int GDKey_verify | ( | struct GDKeyContext * | ctx, |
const void * | signature, | ||
size_t | signature_length, | ||
const void * | message, | ||
size_t | message_length | ||
) |
Verifys an ASN.1 DER encoded signature.
ctx | GDKeyContext* the key context to verify with. |
signature | void* a buffer holding the signature. |
signature_length | size_t* the length of the signature. |
message | void* a buffer holding the message or digest to be verified. |
message_length | size_t* the length of the message or digest to verify. |
int GDKey_encrypt_init | ( | struct GDKeyContext * | ctx | ) |
Initializes a key context object for an encryption operation.
ctx | GDKeyContext* the key context to initialize. |
int GDKey_encrypt | ( | struct GDKeyContext * | ctx, |
void * | encrypted, | ||
size_t * | encrypted_length, | ||
const void * | clear, | ||
size_t | clear_length | ||
) |
Encrypts data using the key associated with the supplied key context.
ctx | GDKeyContext* the key context to encrypt with. |
encrypted | void* a buffer large enough to hold the encrypted data. If NULL, the length required is returned in encrypted_length. |
encrypted_length | size_t* the length of the buffer supplied to hold the encrypted data, and upon successful return the actual length of the encrypted data. |
clear | void* the data to encrypt. |
clear_length | size_t* the length of the data to encrypt. |
int GDKey_decrypt_init | ( | struct GDKeyContext * | ctx | ) |
Initializes a key context object for a decryption operation.
ctx | GDKeyContext* the key context to initialize. |
int GDKey_decrypt | ( | struct GDKeyContext * | ctx, |
void * | clear, | ||
size_t * | clear_length, | ||
const void * | encrypted, | ||
size_t | encrypted_length | ||
) |
Decrypts data using the key associated with the supplied key context.
ctx | GDKeyContext* the key context to decrypt with. |
clear | void* a buffer large enough to hold the decrypted data. If NULL, the length required is returned in clear_length. |
clear_length | size_t* the length of the buffer supplied to hold the decrypted data, and upon successful return the actual length of the decrypted data. |
encrypted | void* the data to decrypt. |
encrypted_length | size_t* the length of the data to decrypt. |
int GDKey_sign_final | ( | struct GDDigestContext * | digest, |
void * | signature, | ||
unsigned int * | signature_length, | ||
struct GDKey * | key | ||
) |
Signs a message digest. The output signature buffer size can be computed by calling GDKey_size().
digest | GDDigestContext* the initialized digest context. |
signature | void* a buffer large enough to hold the signature at least GDKey_size(key) bytes. |
signature_length | unsigned int* upon successful return will be set to the amount of data written to the signature buffer. |
key | GDKey* the private signing key. |
int GDKey_verify_final | ( | struct GDDigestContext * | digest, |
const void * | signature, | ||
unsigned int | signature_length, | ||
struct GDKey * | key | ||
) |
Verifies a message digest.
digest | GDDigestContext* the initialized digest context to verify. |
signature | void* a buffer containing the DER encoded signature. |
signature_length | unsigned int the length of the signature buffer in bytes. |
key | GDKey* the signer's public key. |
int GDKey_set_signature_md | ( | struct GDKeyContext * | ctx, |
const struct GDDigest * | digest | ||
) |
Sets the digest algorithm to be used when calculating a signature.
ctx | GDKeyContext* the key context to setup. |
digest | GDDigest* the digest algorithm to use. |
int GDKey_get_signature_md | ( | struct GDKeyContext * | ctx, |
const struct GDDigest ** | digest | ||
) |
Returns the digest algorithm for a given key context.
ctx | GDKeyContext* the key context to query. |
digest | GDDigest** the digest algorithm returned. |
struct GDPKCS7* GDPKCS7_SMIME_read | ( | struct GDStream * | stream, |
struct GDStream ** | clearText, | ||
int | flags | ||
) |
Deserialize SMIME content received over a network, read from a file, and so on.
stream | GDStream* the stream to read the SMIME message from. |
clearText | GDStream** if cleartext signing is used then the content is returned in a memory stream, otherwise *clearText is set to NULL. The caller is responsible for freeing the stream. |
flags | int optional set of flags. |
GDPKCS7*
a PKCS7 structure or NULL if an error occurred. The error can be obtained from GDCryptoError_get(). struct GDPKCS7* GDPKCS7_read | ( | struct GDStream * | stream, |
int | flags | ||
) |
Deserialize ASN.1/DER encoded PKCS7 content received over a network, read from a file, and so on.
stream | GDStream* the stream to read the ASN.1/DER encoded data from. |
flags | int optional set of flags. |
GDPKCS7*
a PKCS7 structure or NULL if an error occurred. The error can be obtained from GDCryptoError_get(). int GDPKCS7_type | ( | struct GDPKCS7 * | p7, |
int | flags | ||
) |
Retrieve the type of the PKCS7 structure.
p7 | GDPKCS7* the PKCS7 structure to verify. The PKCS7 structure may be obtained from an initial call to GDPKCS7_read(), GDPKCS7_encrypt(), or GDPKCS7_add_signer(). |
flags | int optional set of flags. |
int
the type of the PKCS7 structure. int GDPKCS7_verify | ( | struct GDPKCS7 * | p7, |
const struct GDX509List * | certs, | ||
const struct GDX509List * | anchors, | ||
struct GDStream * | indata, | ||
struct GDStream * | out, | ||
int | flags | ||
) |
Verifies a PKCS7 signedData structure.
p7 | GDPKCS7* the PKCS7 structure to verify. The PKCS7 structure may be obtained from an initial call to GDPKCS7_read(). |
certs | GDX509List* a set of certificates in which to search for the signer's certificate. |
anchors | GDX509List* an optional set of trusted certificate authorities or NULL if using the Dynamics trusted certificate store. |
indata | GDStream* the signed data if the content is detached. |
out | GDStream* the content is written to out if it is not NULL. |
flags | int optional set of flags. |
int
1 for a successful verification and 0 if an error occurs. The error can be obtained from GDCryptoError_get(). const struct GDX509List* GDPKCS7_get_signers | ( | struct GDPKCS7 * | p7, |
int | flags | ||
) |
Retrieve the signer's certificate(s) from a PKCS7 signedData structure.
p7 | GDPKCS7* the PKCS7 signedData. The PKCS7 structure may be obtained from an initial call to GDPKCS7_read(). |
flags | int optional set of flags. |
GDX509List*
a list of end-user certificates belonging to the signer(s), or NULL. If NULL, the reason can be obtained from GDCryptoError_get(). int GDPKCS7_decrypt | ( | struct GDPKCS7 * | p7, |
struct GDKey * | pkey, | ||
const struct GDX509 * | cert, | ||
struct GDStream * | data, | ||
int | flags | ||
) |
Decrypts content within a PKCS7 envelopedData structure.
p7 | GDPKCS7* the PKCS7 envelopedData structure to decrypt. |
pkey | GDKey* private key of the recipient. |
cert | GDX509* the recipients certificate. |
data | GDStream* the decrypted content is written to data. |
flags | int optional set of flags. |
int
either 1 for success or 0 for failure. The error can be obtained from GDCryptoError_get(). struct GDPKCS7* GDPKCS7_encrypt | ( | struct GDX509List * | certs, |
struct GDStream * | in, | ||
const struct GDCipher * | cipher, | ||
int | flags | ||
) |
Create and return an encrypted PKCS7 envelopedData structure.
certs | GDX509List* a list of recipient certificates. |
in | GDStream* the content to be encrypted. |
cipher | GDCipher* the symmetric cipher to use. |
flags | int optional set of flags. |
GDPKCS7*
a PKCS7 structure or NULL if an error occurred. The error can be obtained from GDCryptoError_get(). struct GDPKCS7* GDPKCS7_add_signer | ( | const struct GDX509 * | signcert, |
struct GDKey * | pkey, | ||
struct GDX509List * | certs, | ||
const struct GDDigest * | md, | ||
int | flags | ||
) |
Add signer information and return a PKCS7 signedData structure.
signcert | GDX509* the signing certificate. |
pkey | GDKey* the corresponsding private key of the signing certificate. |
certs | GDX509List* optional additional set of certificates to include in the PKCS7 structure, for example, intermediate CAs. |
md | GDDigest* the message digest to use. |
flags | int optional set of flags. |
GDPKCS7*
a PKCS7 structure or NULL if an error occurred. The error can be obtained from GDCryptoError_get(). int GDPKCS7_final | ( | struct GDPKCS7 * | p7, |
struct GDStream * | data, | ||
int | flags | ||
) |
Finalize a PKCS7 structure, readying it for serialization. This may trigger computation of the actual PKCS7 data, such as content signing.
p7 | GDPKCS7* the PKCS7 structure to finalize. |
data | GDStream* the content to be finalized. |
flags | int optional set of flags. |
int
either 1 for success or 0 for failure. The error can be obtained from GDCryptoError_get(). int GDPKCS7_write | ( | struct GDStream * | stream, |
struct GDPKCS7 * | p7, | ||
int | flags | ||
) |
Serialize a PKCS7 structure to ASN.1/DER encoding suitable for sending over the network, writing to a file, and so on.
stream | GDStream* the stream to write the ASN.1/DER encoded data to. |
p7 | GDPKCS7* the PKCS7 structure to serialize. The PKCS7 structure may be obtained from an initial call to GDPKCS7_add_signer() or GDPKCS7_encrypt(). |
flags | int optional set of flags. |
int
either 1 for success or 0 for failure. The error can be obtained from GDCryptoError_get(). int GDPKCS7_SMIME_write | ( | struct GDStream * | stream, |
struct GDPKCS7 * | p7, | ||
struct GDStream * | data, | ||
int | flags | ||
) |
Serialize a PKCS7 structure to SMIME encoding suitable for sending over the network, writing to a file, and so on.
stream | GDStream* the stream to write the SMIME message to. |
data | GDStream* the content to read from if streaming is enabled. |
p7 | GDPKCS7* the PKCS7 structure to serialize. The PKCS7 structure may be obtained from an initial call to GDPKCS7_add_signer() or GDPKCS7_encrypt(). |
flags | int optional set of flags. |
int
either 1 for success or 0 for failure. The error can be obtained from GDCryptoError_get(). void GDPKCS7_free | ( | struct GDPKCS7 * | p7, |
int | flags | ||
) |
Deallocates resources held by the PKCS7 structure.
p7 | GDPKCS7* the PKCS7 structure to free. |
flags | int optional set of flags. |
struct GDRSA* GDRSA_public_key | ( | const struct GDX509 * | cert | ) |
Return the RSA public key from within the supplied certificate.
cert | GDX509* the certificate for which the key is required. |
GDRSA*
the public key of the certificate. If NULL, the reason can be obtained from GDCryptoError_get(). struct GDRSA* GDRSA_private_key | ( | const struct GDX509 * | cert | ) |
Return the private RSA key corresponding to a user certificate. The key data is not meaningful and will yield garbage if used to sign or decrypt data using non-Dynamics APIs.
cert | GDX509* the certificate for which the private key is required. |
GDRSA*
the RSA private key of the certificate. If NULL, the reason can be obtained from GDCryptoError_get(). int GDRSA_size | ( | const struct GDRSA * | rsa | ) |
Returns the RSA modulus size in bytes. It can be used to determine how much memory must be allocated for an RSA encrypted value.
rsa | GDRSA* the RSA key for which the modulus size is required. |
int
the RSA modulus size in bytes. void GDRSA_free | ( | struct GDRSA * | rsa | ) |
Deallocates resources held by the RSA key structure.
rsa | GDRSA* the RSA key structure to free. |
int GDRSA_sign | ( | const struct GDDigest * | digest_algorithm, |
const void * | digest, | ||
unsigned int | digest_size, | ||
void * | signature, | ||
unsigned int * | signature_size, | ||
struct GDRSA * | rsa | ||
) |
RSA sign a message digest specified in PKCS #1 v2.0.
digest_algorithm | const GDDigest* the digest algorthim of the message. |
digest | const void* a pointer to a buffer containing the message digest. |
digest_size | unsigned int the digest size. |
signature | void* a pointer to memory large enough to contain the signature. The caller must allocate and eventually free this buffer. The size of the buffer required can be determined by calling GDRSA_size(). |
signature_size | unsigned int the number of signature bytes copied to signature. |
rsa | GDRSA* the signer's RSA private key. |
int
1 on success, 0 for failure. int GDRSA_verify | ( | const struct GDDigest * | digest_algorithm, |
const void * | digest, | ||
unsigned int | digest_size, | ||
const void * | signature, | ||
unsigned int | signature_size, | ||
struct GDRSA * | rsa | ||
) |
Verify an RSA signed message.
digest_algorithm | const GDDigest* denotes the message digest algorithm that was used to generate the signature. |
digest | const void* a pointer to a buffer containing the digest of the message to verify. |
digest_size | unsigned int the message digest size in bytes. |
signature | const void* a pointer to the RSA signature. |
signature_size | unsigned int the size of the RSA signature. |
rsa | GDRSA* the signer's RSA public key. |
int
1 on successful verification, 0 for failure. The reason for failure can be determined by calling GDCryptoError_get(). int GDRSA_public_encrypt | ( | int | flen, |
const void * | from, | ||
void * | to, | ||
struct GDRSA * | rsa, | ||
int | padding | ||
) |
RSA encrypt a message with the recipient's public key.
flen | int the size of the data to be encrypted. |
from | const void* a pointer to the data (usually a symmetric key) to be encrypted. |
to | void* a pointer to memory large enough to contain the encrypted data. The caller must allocate and eventually free this buffer. The size of the buffer required can be determined by calling GDRSA_size(). |
rsa | GDRSA* the recipient's public key. |
padding | int the padding scheme to use. |
int
if successful, the size in bytes of the encrypted data, or -1 if not. The reason for failure can be determined by calling GDCryptoError_get(). int GDRSA_private_decrypt | ( | int | flen, |
const void * | from, | ||
void * | to, | ||
struct GDRSA * | rsa, | ||
int | padding | ||
) |
RSA decrypt a message with the recipient's private key.
flen | int the size of the data to be decrypted. |
from | const void* a pointer to the data (usually a symmetric key) to be decrypted. |
to | void* a pointer to memory large enough to contain the decrypted data. The caller must allocate and eventually free this buffer. The size of the buffer required can be determined by calling GDRSA_size(). |
rsa | GDRSA* the recipient's private key. |
padding | int the padding scheme to use. |
int
if successful, the size in bytes of the decrypted data, or -1 if not. The reason for failure can be determined by calling GDCryptoError_get(). int GDRSA_private_encrypt | ( | int | flen, |
const void * | from, | ||
void * | to, | ||
struct GDRSA * | rsa, | ||
int | padding | ||
) |
RSA encrypt a message with the recipient's private key. This is a low-level signing operation. To generate an RSA signature, call GDRSA_sign().
flen | int the size of the data to be encrypted. |
from | const void* a pointer to the data (usually a message digest) to be encrypted. |
to | void* a pointer to memory large enough to contain the encrypted data. The caller must allocate and eventually free this buffer. The size of the buffer required can be determined by calling GDRSA_size(). |
rsa | GDRSA* the signer's private key. |
padding | int the padding scheme to use. |
int
if successful, the size in bytes of the encrypted data, or -1 if not. The reason for failure can be determined by calling GDCryptoError_get(). int GDRSA_public_decrypt | ( | int | flen, |
const void * | from, | ||
void * | to, | ||
struct GDRSA * | rsa, | ||
int | padding | ||
) |
RSA decrypt a message with the sender's public key. This is a low-level verification operation. To verify an RSA signature, call GDRSA_verify().
flen | int the size of the data to be decrypted. |
from | const void* a pointer to the data (usually a message digest) to be decrypted. |
to | void* a pointer to memory large enough to contain the decrypted data. The caller must allocate and eventually free this buffer. The size of the buffer required can be determined by calling GDRSA_size(). |
rsa | GDRSA* the sender's public key. |
padding | int the padding scheme to use. |
int
if successful, the size in bytes of the decrypted data, or -1 if not. The reason for failure can be determined by calling GDCryptoError_get(). const struct GDStreamStorageMethod* GDStream_mem_storage_method | ( | void | ) |
Retrieve a memory stream storage method required to back a stream object.
GDStream_Method*
The stream storage method. If NULL, the storage method is not implemented. struct GDStream* GDStream_new_mem_buf | ( | const void * | buf, |
int | len | ||
) |
Creates a read-only stream from a small region of memory.
buf | const void* a pointer to the beginning of the data. |
len | int the length of the data, or -1 if the data is null-terminated. |
GDStream*
A read-only memory stream. If NULL, the reason can be obtained from GDCryptoError_get. struct GDStream* GDStream_new | ( | const struct GDStreamStorageMethod * | method | ) |
Creates a stream bakced by the specified storage method. For example, a memory stream.
method | GDStreamStorageMethod* the storage method backing the stream. For example, a memory stream from GDStream_mem_storage_method(). |
GDStream*
A stream of the required storage method. If NULL, the reason can be obtained from GDCryptoError_get. int GDStream_read | ( | struct GDStream * | stream, |
void * | data, | ||
int | len | ||
) |
Read data from a stream and place it into the supplied a buffer.
stream | GDStream* the stream to read from. |
data | void* a pointer to the buffer to place the data into. |
len | len length of the buffer. |
int
The number of bytes read. If -1, the reason can be obtained from GDCryptoError_get. int GDStream_write | ( | struct GDStream * | stream, |
const void * | data, | ||
int | len | ||
) |
Write data from the supplied buffer, into the stream.
stream | GDStream* the stream to write to. |
data | void* a pointer to the buffer to read the data from. |
len | len length of the buffer. |
int
The number of bytes written. If -1, the reason can be obtained from GDCryptoError_get. int GDStream_reset | ( | struct GDStream * | stream | ) |
Resets the stream to its initial state by rewinding the pointer to the start of the stream.
stream | GDStream* the stream to reset. |
int
1 for success. If not 1, the error can be obtained from GDCryptoError_get. int GDStream_eof | ( | struct GDStream * | stream | ) |
Tells if the stream has been completely read or not.
stream | GDStream* the stream to test. |
int
1 if EOF has been reached 0 otherwise. void GDStream_free | ( | struct GDStream * | stream | ) |
Deallocates resources held by the stream structure.
stream | GDStream* the stream structure to free. |
const int GDCIPHER_MAX_BLOCK_LENGTH |
Returns the maximum block length for all ciphers.
const int GDCIPHER_MAX_KEY_LENGTH |
Returns the maximum key length for all ciphers.
const unsigned long GDCIPHER_STREAM_CIPHER |
const unsigned long GDCIPHER_ECB_MODE |
const unsigned long GDCIPHER_CBC_MODE |
const unsigned long GDCIPHER_CFB_MODE |
const unsigned long GDCIPHER_OFB_MODE |
const unsigned long GDCIPHER_CTR_MODE |
const unsigned long GDCIPHER_GCM_MODE |
const unsigned long GDCIPHER_CCM_MODE |
const unsigned long GDCIPHER_XTS_MODE |
const unsigned long GDCIPHER_WRAP_MODE |
const int GDDIGEST_MAX_SIZE |
Returns the maxmium supported digest size in bytes. As of early 2019, this value is 64, which is the size of a SHA-512 digest.
const int GDKEY_TYPE_RSA |
Represents a RSA (Rivest–Shamir–Adleman) key type. It may be returned when calling GDKey_type(). It may also be required for some function calls requiring the key type to be specified.
const int GDKEY_TYPE_DSA |
Represents a DSA (Digital Signature Algorithm) key type. It may be returned when calling GDKey_type(). It may also be required for some function calls requiring the key type to be specified.
const int GDKEY_TYPE_EC |
Represents a EC (Elliptic Curve) key type. It may be returned when calling GDKey_type(). It may also be required for some function calls requiring the key type to be specified.
const int GDPKCS7_TEXT |
PKCS7 flags to control operations on a PKCS7 structure. These map directly to OpenSSL flags defined in pkcs7.h. Refer to OpenSSL documentation for PKCS7 functions requiring a flag argument for more information.
const int GDPKCS7_NOCERTS |
const int GDPKCS7_NOSIGS |
const int GDPKCS7_NOCHAIN |
const int GDPKCS7_NOINTERN |
const int GDPKCS7_NOVERIFY |
const int GDPKCS7_DETACHED |
const int GDPKCS7_BINARY |
const int GDPKCS7_NOATTR |
const int GDPKCS7_NOSMIMECAP |
const int GDPKCS7_NOOLDMIMETYPE |
const int GDPKCS7_CRLFEOL |
const int GDPKCS7_STREAM |
const int GDPKCS7_NOCRL |
const int GDPKCS7_PARTIAL |
const int GDPKCS7_REUSE_DIGEST |
const int GDPKCS7_USE_KEYID |
const int GDPKCS7_KEY_PARAM |
const int GDPKCS7_SIGNED |
If returned from GDPKCS7_type(), PKCS7 structure is signed data.
const int GDPKCS7_ENCRYPTED |
If returned from GDPKCS7_type(), PKCS7 structure is encrypted data.
const int GDPKCS7_ENVELOPED |
If returned from GDPKCS7_type(), PKCS7 structure is enveloped data.
const int GDPKCS7_SIGNED_AND_ENVELOPED |
If returned from GDPKCS7_type(), PKCS7 structure is signed and enveloped data.
const int GDPKCS7_DATA |
If returned from GDPKCS7_type(), PKCS7 structure is data type.
const int GDPKCS7_DIGEST |
If returned from GDPKCS7_type(), PKCS7 structure is digest data.
const int GDRSA_PKCS1_PADDING |
Returns a constant representing a PKCS #1 v1.5 padding scheme.
const int GDRSA_PKCS1_OAEP_PADDING |
Returns a constant representing a EME-OAEP padding scheme, as defined in PKCS #1 v2.0.
const int GDRSA_NO_PADDING |
Returns a constant representing no padding scheme.