The Tor Browser: security/nss/lib/freebl/blapi.h@b8a032363ba2 (annotated)

security/nss/lib/freebl/blapi.h@b8a032363ba2 (annotated)

security/nss/lib/freebl/blapi.h

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /*
  * blapi.h - public prototypes for the freebl library
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifndef _BLAPI_H_
 #define _BLAPI_H_
 #include "blapit.h"
 #include "hasht.h"
 #include "alghmac.h"
 SEC_BEGIN_PROTOS
 /*
 ** RSA encryption/decryption. When encrypting/decrypting the output
 ** buffer must be at least the size of the public key modulus.
 */
 extern SECStatus BL_Init(void);
 /*
 ** Generate and return a new RSA public and private key.
 **	Both keys are encoded in a single RSAPrivateKey structure.
 **	"cx" is the random number generator context
 **	"keySizeInBits" is the size of the key to be generated, in bits.
 **	   512, 1024, etc.
 **	"publicExponent" when not NULL is a pointer to some data that
 **	   represents the public exponent to use. The data is a byte
 **	   encoded integer, in "big endian" order.
 */
 extern RSAPrivateKey *RSA_NewKey(int         keySizeInBits,
 				 SECItem *   publicExponent);
 /*
 ** Perform a raw public-key operation
 **	Length of input and output buffers are equal to key's modulus len.
 */
 extern SECStatus RSA_PublicKeyOp(RSAPublicKey *   key,
 				 unsigned char *  output,
 				 const unsigned char *  input);
 /*
 ** Perform a raw private-key operation
 **	Length of input and output buffers are equal to key's modulus len.
 */
 extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey *  key,
 				  unsigned char *  output,
 				  const unsigned char *  input);
 /*
 ** Perform a raw private-key operation, and check the parameters used in
 ** the operation for validity by performing a test operation first.
 **	Length of input and output buffers are equal to key's modulus len.
 */
 extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *  key,
 				               unsigned char *  output,
 				               const unsigned char *  input);
 /*
 ** Perform a check of private key parameters for consistency.
 */
 extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key);
 /*
 ** Given only minimal private key parameters, fill in the rest of the
 ** parameters.
 **
 **
 ** All the entries, including those supplied by the caller, will be
 ** overwritten with data alocated out of the arena.
 **
 ** If no arena is supplied, one will be created.
 **
 ** The following fields must be supplied in order for this function
 ** to succeed:
 **   one of either publicExponent or privateExponent
 **   two more of the following 5 parameters (not counting the above).
 **      modulus (n)
 **      prime1  (p)
 **      prime2  (q)
 **      publicExponent (e)
 **      privateExponent (d)
 **
 ** NOTE: if only the publicExponent, privateExponent, and one prime is given,
 ** then there may be more than one RSA key that matches that combination. If
 ** we find 2 possible valid keys that meet this criteria, we return an error.
 ** If we return the wrong key, and the original modulus is compared to the
 ** new modulus, both can be factored by calculateing gcd(n_old,n_new) to get
 ** the common prime.
 **
 ** NOTE: in some cases the publicExponent must be less than 2^23 for this
 ** function to work correctly. (The case where we have only one of: modulus
 ** prime1 and prime2).
 **
 ** All parameters will be replaced in the key structure with new parameters
 ** allocated out of the arena. There is no attempt to free the old structures.
 ** prime1 will always be greater than prime2 (even if the caller supplies the
 ** smaller prime as prime1 or the larger prime as prime2). The parameters are
 ** not overwritten on failure.
 **
 ** While the remaining Chinese remainder theorem parameters (dp,dp, and qinv)
 ** can also be used in reconstructing the private key, they are currently
 ** ignored in this implementation.
 */
 extern SECStatus RSA_PopulatePrivateKey(RSAPrivateKey *key);
 /********************************************************************
 ** RSA algorithm
 */
 /********************************************************************
 ** Raw signing/encryption/decryption operations.
 **
 ** No padding or formatting will be applied.
 ** inputLen MUST be equivalent to the modulus size (in bytes).
 */
 extern SECStatus
 RSA_SignRaw(RSAPrivateKey       * key,
             unsigned char       * output,
             unsigned int        * outputLen,
             unsigned int          maxOutputLen,
             const unsigned char * input,
             unsigned int          inputLen);
 extern SECStatus
 RSA_CheckSignRaw(RSAPublicKey        * key,
                  const unsigned char * sig,
                  unsigned int          sigLen,
                  const unsigned char * hash,
                  unsigned int          hashLen);
 extern SECStatus
 RSA_CheckSignRecoverRaw(RSAPublicKey        * key,
                         unsigned char       * data,
                         unsigned int        * dataLen,
                         unsigned int          maxDataLen,
                         const unsigned char * sig,
                         unsigned int          sigLen);
 extern SECStatus
 RSA_EncryptRaw(RSAPublicKey        * key,
                unsigned char       * output,
                unsigned int        * outputLen,
                unsigned int          maxOutputLen,
                const unsigned char * input,
                unsigned int          inputLen);
 extern SECStatus
 RSA_DecryptRaw(RSAPrivateKey       * key,
                unsigned char       * output,
                unsigned int        * outputLen,
                unsigned int          maxOutputLen,
                const unsigned char * input,
                unsigned int          inputLen);
 /********************************************************************
 ** RSAES-OAEP encryption/decryption, as defined in RFC 3447, Section 7.1.
 **
 ** Note: Only MGF1 is supported as the mask generation function. It will be
 ** used with maskHashAlg as the inner hash function.
 **
 ** Unless performing Known Answer Tests, "seed" should be NULL, indicating that
 ** freebl should generate a random value. Otherwise, it should be an octet
 ** string of seedLen bytes, which should be the same size as the output of
 ** hashAlg.
 */
 extern SECStatus
 RSA_EncryptOAEP(RSAPublicKey        * key,
                 HASH_HashType         hashAlg,
                 HASH_HashType         maskHashAlg,
                 const unsigned char * label,
                 unsigned int          labelLen,
                 const unsigned char * seed,
                 unsigned int          seedLen,
                 unsigned char       * output,
                 unsigned int        * outputLen,
                 unsigned int          maxOutputLen,
                 const unsigned char * input,
                 unsigned int          inputLen);
 extern SECStatus
 RSA_DecryptOAEP(RSAPrivateKey       * key,
                 HASH_HashType         hashAlg,
                 HASH_HashType         maskHashAlg,
                 const unsigned char * label,
                 unsigned int          labelLen,
                 unsigned char       * output,
                 unsigned int        * outputLen,
                 unsigned int          maxOutputLen,
                 const unsigned char * input,
                 unsigned int          inputLen);
 /********************************************************************
 ** RSAES-PKCS1-v1_5 encryption/decryption, as defined in RFC 3447, Section 7.2.
 */
 extern SECStatus
 RSA_EncryptBlock(RSAPublicKey        * key,
                  unsigned char       * output,
                  unsigned int        * outputLen,
                  unsigned int          maxOutputLen,
                  const unsigned char * input,
                  unsigned int          inputLen);
 extern SECStatus
 RSA_DecryptBlock(RSAPrivateKey       * key,
                  unsigned char       * output,
                  unsigned int        * outputLen,
                  unsigned int          maxOutputLen,
                  const unsigned char * input,
                  unsigned int          inputLen);
 /********************************************************************
 ** RSASSA-PSS signing/verifying, as defined in RFC 3447, Section 8.1.
 **
 ** Note: Only MGF1 is supported as the mask generation function. It will be
 ** used with maskHashAlg as the inner hash function.
 **
 ** Unless performing Known Answer Tests, "salt" should be NULL, indicating that
 ** freebl should generate a random value.
 */
 extern SECStatus
 RSA_SignPSS(RSAPrivateKey       * key,
             HASH_HashType         hashAlg,
             HASH_HashType         maskHashAlg,
             const unsigned char * salt,
             unsigned int          saltLen,
             unsigned char       * output,
             unsigned int        * outputLen,
             unsigned int          maxOutputLen,
             const unsigned char * input,
             unsigned int          inputLen);
 extern SECStatus
 RSA_CheckSignPSS(RSAPublicKey        * key,
                  HASH_HashType         hashAlg,
                  HASH_HashType         maskHashAlg,
                  unsigned int          saltLen,
                  const unsigned char * sig,
                  unsigned int          sigLen,
                  const unsigned char * hash,
                  unsigned int          hashLen);
 /********************************************************************
 ** RSASSA-PKCS1-v1_5 signing/verifying, as defined in RFC 3447, Section 8.2.
 **
 ** These functions expect as input to be the raw value to be signed. For most
 ** cases using PKCS1-v1_5, this should be the value of T, the DER-encoded
 ** DigestInfo structure defined in Section 9.2, Step 2.
 ** Note: This can also be used for signatures that use PKCS1-v1_5 padding, such
 ** as the signatures used in SSL/TLS, which sign a raw hash.
 */
 extern SECStatus
 RSA_Sign(RSAPrivateKey       * key,
          unsigned char       * output,
          unsigned int        * outputLen,
          unsigned int          maxOutputLen,
          const unsigned char * data,
          unsigned int          dataLen);
 extern SECStatus
 RSA_CheckSign(RSAPublicKey        * key,
               const unsigned char * sig,
               unsigned int          sigLen,
               const unsigned char * data,
               unsigned int          dataLen);
 extern SECStatus
 RSA_CheckSignRecover(RSAPublicKey        * key,
                      unsigned char       * output,
                      unsigned int        * outputLen,
                      unsigned int          maxOutputLen,
                      const unsigned char * sig,
                      unsigned int          sigLen);
 /********************************************************************
 ** DSA signing algorithm
 */
 /* Generate a new random value within the interval [2, q-1].
 */
 extern SECStatus DSA_NewRandom(PLArenaPool * arena, const SECItem * q,
                                SECItem * random);
 /*
 ** Generate and return a new DSA public and private key pair,
 **	both of which are encoded into a single DSAPrivateKey struct.
 **	"params" is a pointer to the PQG parameters for the domain
 **	Uses a random seed.
 */
 extern SECStatus DSA_NewKey(const PQGParams *     params,
 		            DSAPrivateKey **      privKey);
 /* signature is caller-supplied buffer of at least 20 bytes.
 ** On input,  signature->len == size of buffer to hold signature.
 **            digest->len    == size of digest.
 ** On output, signature->len == size of signature in buffer.
 ** Uses a random seed.
 */
 extern SECStatus DSA_SignDigest(DSAPrivateKey *   key,
 				SECItem *         signature,
 				const SECItem *   digest);
 /* signature is caller-supplied buffer of at least 20 bytes.
 ** On input,  signature->len == size of buffer to hold signature.
 **            digest->len    == size of digest.
 */
 extern SECStatus DSA_VerifyDigest(DSAPublicKey *  key,
 				  const SECItem * signature,
 				  const SECItem * digest);
 /* For FIPS compliance testing. Seed must be exactly 20 bytes long */
 extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params,
                                     const unsigned char * seed,
                                     DSAPrivateKey **privKey);
 /* For FIPS compliance testing. Seed must be exactly 20 bytes. */
 extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey * key,
                                         SECItem *       signature,
                                         const SECItem * digest,
                                         const unsigned char * seed);
 /******************************************************
 ** Diffie Helman key exchange algorithm
 */
 /* Generates parameters for Diffie-Helman key generation.
 **	primeLen is the length in bytes of prime P to be generated.
 */
 extern SECStatus DH_GenParam(int primeLen, DHParams ** params);
 /* Generates a public and private key, both of which are encoded in a single
 **	DHPrivateKey struct. Params is input, privKey are output.
 **	This is Phase 1 of Diffie Hellman.
 */
 extern SECStatus DH_NewKey(DHParams *           params,
                            DHPrivateKey **	privKey);
 /*
 ** DH_Derive does the Diffie-Hellman phase 2 calculation, using the
 ** other party's publicValue, and the prime and our privateValue.
 ** maxOutBytes is the requested length of the generated secret in bytes.
 ** A zero value means produce a value of any length up to the size of
 ** the prime.   If successful, derivedSecret->data is set
 ** to the address of the newly allocated buffer containing the derived
 ** secret, and derivedSecret->len is the size of the secret produced.
 ** The size of the secret produced will depend on the value of outBytes.
 ** If outBytes is 0, the key length will be all the significant bytes of
 ** the derived secret (leading zeros are dropped). This length could be less
 ** than the length of the prime. If outBytes is nonzero, the length of the
 ** produced key will be outBytes long. If the key is truncated, the most
 ** significant bytes are truncated. If it is expanded, zero bytes are added
 ** at the beginning.
 ** It is the caller's responsibility to free the allocated buffer
 ** containing the derived secret.
 */
 extern SECStatus DH_Derive(SECItem *    publicValue,
 		           SECItem *    prime,
 			   SECItem *    privateValue,
 			   SECItem *    derivedSecret,
 			   unsigned int outBytes);
 /*
 ** KEA_CalcKey returns octet string with the private key for a dual
 ** Diffie-Helman  key generation as specified for government key exchange.
 */
 extern SECStatus KEA_Derive(SECItem *prime,
                             SECItem *public1,
                             SECItem *public2,
 			    SECItem *private1,
 			    SECItem *private2,
 			    SECItem *derivedSecret);
 /*
  * verify that a KEA or DSA public key is a valid key for this prime and
  * subprime domain.
  */
 extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime);
 /****************************************
  * J-PAKE key transport
  */
 /* Given gx == g^x, create a Schnorr zero-knowledge proof for the value x
  * using the specified hash algorithm and signer ID. The signature is
  * returned in the values gv and r. testRandom must be NULL for a PRNG
  * generated random committment to be used in the sigature. When testRandom
  * is non-NULL, that value must contain a value in the subgroup q; that
  * value will be used instead of a PRNG-generated committment in order to
  * facilitate known-answer tests.
  *
  * If gxIn is non-NULL then it must contain a pre-computed value of g^x that
  * will be used by the function; in this case, the gxOut parameter must be NULL.
  * If the gxIn parameter is NULL then gxOut must be non-NULL; in this case
  * gxOut will contain the value g^x on output.
  *
  * gx (if not supplied by the caller), gv, and r will be allocated in the arena.
  * The arena is *not* optional so do not pass NULL for the arena parameter.
  * The arena should be zeroed when it is freed.
  */
 SECStatus
 JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
            const SECItem * signerID, const SECItem * x,
            const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut,
            SECItem * gv, SECItem * r);
 /* Given gx == g^x, verify the Schnorr zero-knowledge proof (gv, r) for the
  * value x using the specified hash algorithm and signer ID.
  *
  * The arena is *not* optional so do not pass NULL for the arena parameter.
  */
 SECStatus
 JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg,
              HASH_HashType hashType, const SECItem * signerID,
              const SECItem * peerID, const SECItem * gx,
              const SECItem * gv, const SECItem * r);
 /* Call before round 2 with x2, s, and x2s all non-NULL. This will calculate
  * base = g^(x1+x3+x4) (mod p) and x2s = x2*s (mod q). The values to send in
  * round 2 (A and the proof of knowledge of x2s) can then be calculated with
  * JPAKE_Sign using pqg->base = base and x = x2s.
  *
  * Call after round 2 with x2, s, and x2s all NULL, and passing (gx1, gx2, gx3)
  * instead of (gx1, gx3, gx4). This will calculate base = g^(x1+x2+x3). Then call
  * JPAKE_Verify with pqg->base = base and then JPAKE_Final.
  *
  * base and x2s will be allocated in the arena. The arena is *not* optional so
  * do not pass NULL for the arena parameter. The arena should be zeroed when it
  * is freed.
 */
 SECStatus
 JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem  *q,
              const SECItem * gx1, const SECItem * gx3, const SECItem * gx4,
              SECItem * base, const SECItem * x2, const SECItem * s, SECItem * x2s);
 /* K = (B/g^(x2*x4*s))^x2 (mod p)
  *
  * K will be allocated in the arena. The arena is *not* optional so do not pass
  * NULL for the arena parameter. The arena should be zeroed when it is freed.
  */
 SECStatus
 JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem  *q,
             const SECItem * x2, const SECItem * gx4, const SECItem * x2s,
             const SECItem * B, SECItem * K);
 /******************************************************
 ** Elliptic Curve algorithms
 */
 /* Generates a public and private key, both of which are encoded
 ** in a single ECPrivateKey struct. Params is input, privKey are
 ** output.
 */
 extern SECStatus EC_NewKey(ECParams *          params,
                            ECPrivateKey **     privKey);
 extern SECStatus EC_NewKeyFromSeed(ECParams *  params,
                            ECPrivateKey **     privKey,
                            const unsigned char* seed,
                            int                 seedlen);
 /* Validates an EC public key as described in Section 5.2.2 of
  * X9.62. Such validation prevents against small subgroup attacks
  * when the ECDH primitive is used with the cofactor.
  */
 extern SECStatus EC_ValidatePublicKey(ECParams * params,
                            SECItem *           publicValue);
 /*
 ** ECDH_Derive performs a scalar point multiplication of a point
 ** representing a (peer's) public key and a large integer representing
 ** a private key (its own). Both keys must use the same elliptic curve
 ** parameters. If the withCofactor parameter is true, the
 ** multiplication also uses the cofactor associated with the curve
 ** parameters.  The output of this scheme is the x-coordinate of the
 ** resulting point. If successful, derivedSecret->data is set to the
 ** address of the newly allocated buffer containing the derived
 ** secret, and derivedSecret->len is the size of the secret
 ** produced. It is the caller's responsibility to free the allocated
 ** buffer containing the derived secret.
 */
 extern SECStatus ECDH_Derive(SECItem *       publicValue,
                              ECParams *      params,
                              SECItem *       privateValue,
                              PRBool          withCofactor,
                              SECItem *       derivedSecret);
 /* On input,  signature->len == size of buffer to hold signature.
 **            digest->len    == size of digest.
 ** On output, signature->len == size of signature in buffer.
 ** Uses a random seed.
 */
 extern SECStatus ECDSA_SignDigest(ECPrivateKey  *key,
                                   SECItem       *signature,
                                   const SECItem *digest);
 /* On input,  signature->len == size of buffer to hold signature.
 **            digest->len    == size of digest.
 */
 extern SECStatus ECDSA_VerifyDigest(ECPublicKey   *key,
                                     const SECItem *signature,
                                     const SECItem *digest);
 /* Uses the provided seed. */
 extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey        *key,
                                           SECItem             *signature,
                                           const SECItem       *digest,
                                           const unsigned char *seed,
                                           const int           seedlen);
 /******************************************/
 /*
 ** RC4 symmetric stream cypher
 */
 /*
 ** Create a new RC4 context suitable for RC4 encryption/decryption.
 **	"key" raw key data
 **	"len" the number of bytes of key data
 */
 extern RC4Context *RC4_CreateContext(const unsigned char *key, int len);
 extern RC4Context *RC4_AllocateContext(void);
 extern SECStatus   RC4_InitContext(RC4Context *cx,
 				   const unsigned char *key,
 				   unsigned int keylen,
 				   const unsigned char *,
 				   int,
 				   unsigned int ,
 				   unsigned int );
 /*
 ** Destroy an RC4 encryption/decryption context.
 **	"cx" the context
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit);
 /*
 ** Perform RC4 encryption.
 **	"cx" the context
 **	"output" the output buffer to store the encrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 */
 extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output,
 			    unsigned int *outputLen, unsigned int maxOutputLen,
 			    const unsigned char *input, unsigned int inputLen);
 /*
 ** Perform RC4 decryption.
 **	"cx" the context
 **	"output" the output buffer to store the decrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 */
 extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
 			    unsigned int *outputLen, unsigned int maxOutputLen,
 			    const unsigned char *input, unsigned int inputLen);
 /******************************************/
 /*
 ** RC2 symmetric block cypher
 */
 /*
 ** Create a new RC2 context suitable for RC2 encryption/decryption.
 ** 	"key" raw key data
 ** 	"len" the number of bytes of key data
 ** 	"iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
 ** 	"mode" one of NSS_RC2 or NSS_RC2_CBC
 **	"effectiveKeyLen" is the effective key length (as specified in
 **	    RFC 2268) in bytes (not bits).
 **
 ** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
 ** chaining" mode.
 */
 extern RC2Context *RC2_CreateContext(const unsigned char *key, unsigned int len,
 				     const unsigned char *iv, int mode,
 				     unsigned effectiveKeyLen);
 extern RC2Context *RC2_AllocateContext(void);
 extern SECStatus   RC2_InitContext(RC2Context *cx,
 				   const unsigned char *key,
 				   unsigned int keylen,
 				   const unsigned char *iv,
 				   int mode,
 				   unsigned int effectiveKeyLen,
 				   unsigned int );
 /*
 ** Destroy an RC2 encryption/decryption context.
 **	"cx" the context
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit);
 /*
 ** Perform RC2 encryption.
 **	"cx" the context
 **	"output" the output buffer to store the encrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 */
 extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
 			    unsigned int *outputLen, unsigned int maxOutputLen,
 			    const unsigned char *input, unsigned int inputLen);
 /*
 ** Perform RC2 decryption.
 **	"cx" the context
 **	"output" the output buffer to store the decrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 */
 extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
 			    unsigned int *outputLen, unsigned int maxOutputLen,
 			    const unsigned char *input, unsigned int inputLen);
 /******************************************/
 /*
 ** RC5 symmetric block cypher -- 64-bit block size
 */
 /*
 ** Create a new RC5 context suitable for RC5 encryption/decryption.
 **      "key" raw key data
 **      "len" the number of bytes of key data
 **      "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC)
 **      "mode" one of NSS_RC5 or NSS_RC5_CBC
 **
 ** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block
 ** chaining" mode.
 */
 extern RC5Context *RC5_CreateContext(const SECItem *key, unsigned int rounds,
                      unsigned int wordSize, const unsigned char *iv, int mode);
 extern RC5Context *RC5_AllocateContext(void);
 extern SECStatus   RC5_InitContext(RC5Context *cx,
 				   const unsigned char *key,
 				   unsigned int keylen,
 				   const unsigned char *iv,
 				   int mode,
 				   unsigned int rounds,
 				   unsigned int wordSize);
 /*
 ** Destroy an RC5 encryption/decryption context.
 **      "cx" the context
 **      "freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit);
 /*
 ** Perform RC5 encryption.
 **      "cx" the context
 **      "output" the output buffer to store the encrypted data.
 **      "outputLen" how much data is stored in "output". Set by the routine
 **         after some data is stored in output.
 **      "maxOutputLen" the maximum amount of data that can ever be
 **         stored in "output"
 **      "input" the input data
 **      "inputLen" the amount of input data
 */
 extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output,
                             unsigned int *outputLen, unsigned int maxOutputLen,
                             const unsigned char *input, unsigned int inputLen);
 /*
 ** Perform RC5 decryption.
 **      "cx" the context
 **      "output" the output buffer to store the decrypted data.
 **      "outputLen" how much data is stored in "output". Set by the routine
 **         after some data is stored in output.
 **      "maxOutputLen" the maximum amount of data that can ever be
 **         stored in "output"
 **      "input" the input data
 **      "inputLen" the amount of input data
 */
 extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output,
                             unsigned int *outputLen, unsigned int maxOutputLen,
                             const unsigned char *input, unsigned int inputLen);
 /******************************************/
 /*
 ** DES symmetric block cypher
 */
 /*
 ** Create a new DES context suitable for DES encryption/decryption.
 ** 	"key" raw key data
 ** 	"len" the number of bytes of key data
 ** 	"iv" is the CBC initialization vector (if mode is NSS_DES_CBC or
 ** 	   mode is DES_EDE3_CBC)
 ** 	"mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC
 **	"encrypt" is PR_TRUE if the context will be used for encryption
 **
 ** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES
 ** cipher is run in "cipher block chaining" mode.
 */
 extern DESContext *DES_CreateContext(const unsigned char *key,
                                      const unsigned char *iv,
 				     int mode, PRBool encrypt);
 extern DESContext *DES_AllocateContext(void);
 extern SECStatus   DES_InitContext(DESContext *cx,
 				   const unsigned char *key,
 				   unsigned int keylen,
 				   const unsigned char *iv,
 				   int mode,
 				   unsigned int encrypt,
 				   unsigned int );
 /*
 ** Destroy an DES encryption/decryption context.
 **	"cx" the context
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void DES_DestroyContext(DESContext *cx, PRBool freeit);
 /*
 ** Perform DES encryption.
 **	"cx" the context
 **	"output" the output buffer to store the encrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 **
 ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
 */
 extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output,
 			    unsigned int *outputLen, unsigned int maxOutputLen,
 			    const unsigned char *input, unsigned int inputLen);
 /*
 ** Perform DES decryption.
 **	"cx" the context
 **	"output" the output buffer to store the decrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 **
 ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
 */
 extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output,
 			    unsigned int *outputLen, unsigned int maxOutputLen,
 			    const unsigned char *input, unsigned int inputLen);
 /******************************************/
 /*
 ** SEED symmetric block cypher
 */
 extern SEEDContext *
 SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
 		   int mode, PRBool encrypt);
 extern SEEDContext *SEED_AllocateContext(void);
 extern SECStatus   SEED_InitContext(SEEDContext *cx,
 				    const unsigned char *key,
 				    unsigned int keylen,
 				    const unsigned char *iv,
 				    int mode, unsigned int encrypt,
 				    unsigned int );
 extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit);
 extern SECStatus
 SEED_Encrypt(SEEDContext *cx, unsigned char *output,
 	     unsigned int *outputLen, unsigned int maxOutputLen,
 	     const unsigned char *input, unsigned int inputLen);
 extern SECStatus
 SEED_Decrypt(SEEDContext *cx, unsigned char *output,
 	     unsigned int *outputLen, unsigned int maxOutputLen,
              const unsigned char *input, unsigned int inputLen);
 /******************************************/
 /*
 ** AES symmetric block cypher (Rijndael)
 */
 /*
 ** Create a new AES context suitable for AES encryption/decryption.
 ** 	"key" raw key data
 ** 	"keylen" the number of bytes of key data (16, 24, or 32)
 **      "blocklen" is the blocksize to use (16, 24, or 32)
 **                        XXX currently only blocksize==16 has been tested!
 */
 extern AESContext *
 AES_CreateContext(const unsigned char *key, const unsigned char *iv,
                   int mode, int encrypt,
                   unsigned int keylen, unsigned int blocklen);
 extern AESContext *AES_AllocateContext(void);
 extern SECStatus   AES_InitContext(AESContext *cx,
 				   const unsigned char *key,
 				   unsigned int keylen,
 				   const unsigned char *iv,
 				   int mode,
 				   unsigned int encrypt,
 				   unsigned int blocklen);
 /*
 ** Destroy a AES encryption/decryption context.
 **	"cx" the context
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void
 AES_DestroyContext(AESContext *cx, PRBool freeit);
 /*
 ** Perform AES encryption.
 **	"cx" the context
 **	"output" the output buffer to store the encrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 */
 extern SECStatus
 AES_Encrypt(AESContext *cx, unsigned char *output,
             unsigned int *outputLen, unsigned int maxOutputLen,
             const unsigned char *input, unsigned int inputLen);
 /*
 ** Perform AES decryption.
 **	"cx" the context
 **	"output" the output buffer to store the decrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 */
 extern SECStatus
 AES_Decrypt(AESContext *cx, unsigned char *output,
             unsigned int *outputLen, unsigned int maxOutputLen,
             const unsigned char *input, unsigned int inputLen);
 /******************************************/
 /*
 ** AES key wrap algorithm, RFC 3394
 */
 /*
 ** Create a new AES context suitable for AES encryption/decryption.
 ** 	"key" raw key data
 **      "iv"  The 8 byte "initial value"
 **      "encrypt", a boolean, true for key wrapping, false for unwrapping.
 ** 	"keylen" the number of bytes of key data (16, 24, or 32)
 */
 extern AESKeyWrapContext *
 AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
                          int encrypt, unsigned int keylen);
 extern AESKeyWrapContext * AESKeyWrap_AllocateContext(void);
 extern SECStatus
      AESKeyWrap_InitContext(AESKeyWrapContext *cx,
 				   const unsigned char *key,
 				   unsigned int keylen,
 				   const unsigned char *iv,
 				   int ,
 				   unsigned int encrypt,
 				   unsigned int );
 /*
 ** Destroy a AES KeyWrap context.
 **	"cx" the context
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void
 AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit);
 /*
 ** Perform AES key wrap.
 **	"cx" the context
 **	"output" the output buffer to store the encrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 */
 extern SECStatus
 AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
             unsigned int *outputLen, unsigned int maxOutputLen,
             const unsigned char *input, unsigned int inputLen);
 /*
 ** Perform AES key unwrap.
 **	"cx" the context
 **	"output" the output buffer to store the decrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 */
 extern SECStatus
 AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
             unsigned int *outputLen, unsigned int maxOutputLen,
             const unsigned char *input, unsigned int inputLen);
  /******************************************/
 /*
 ** Camellia symmetric block cypher
 */
 /*
 ** Create a new Camellia context suitable for Camellia encryption/decryption.
 ** 	"key" raw key data
 ** 	"keylen" the number of bytes of key data (16, 24, or 32)
 */
 extern CamelliaContext *
 Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
 		       int mode, int encrypt, unsigned int keylen);
 extern CamelliaContext *Camellia_AllocateContext(void);
 extern SECStatus   Camellia_InitContext(CamelliaContext *cx,
 					const unsigned char *key,
 					unsigned int keylen,
 					const unsigned char *iv,
 					int mode,
 					unsigned int encrypt,
 					unsigned int unused);
 /*
 ** Destroy a Camellia encryption/decryption context.
 **	"cx" the context
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void
 Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit);
 /*
 ** Perform Camellia encryption.
 **	"cx" the context
 **	"output" the output buffer to store the encrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 */
 extern SECStatus
 Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
 		 unsigned int *outputLen, unsigned int maxOutputLen,
 		 const unsigned char *input, unsigned int inputLen);
 /*
 ** Perform Camellia decryption.
 **	"cx" the context
 **	"output" the output buffer to store the decrypted data.
 **	"outputLen" how much data is stored in "output". Set by the routine
 **	   after some data is stored in output.
 **	"maxOutputLen" the maximum amount of data that can ever be
 **	   stored in "output"
 **	"input" the input data
 **	"inputLen" the amount of input data
 */
 extern SECStatus
 Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
 		 unsigned int *outputLen, unsigned int maxOutputLen,
 		 const unsigned char *input, unsigned int inputLen);
 /******************************************/
 /*
 ** MD5 secure hash function
 */
 /*
 ** Hash a null terminated string "src" into "dest" using MD5
 */
 extern SECStatus MD5_Hash(unsigned char *dest, const char *src);
 /*
 ** Hash a non-null terminated string "src" into "dest" using MD5
 */
 extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src,
 			     PRUint32 src_length);
 /*
 ** Create a new MD5 context
 */
 extern MD5Context *MD5_NewContext(void);
 /*
 ** Destroy an MD5 secure hash context.
 **	"cx" the context
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit);
 /*
 ** Reset an MD5 context, preparing it for a fresh round of hashing
 */
 extern void MD5_Begin(MD5Context *cx);
 /*
 ** Update the MD5 hash function with more data.
 **	"cx" the context
 **	"input" the data to hash
 **	"inputLen" the amount of data to hash
 */
 extern void MD5_Update(MD5Context *cx,
 		       const unsigned char *input, unsigned int inputLen);
 /*
 ** Finish the MD5 hash function. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 16 bytes of digest data are stored
 **	"digestLen" where the digest length (16) is stored
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void MD5_End(MD5Context *cx, unsigned char *digest,
 		    unsigned int *digestLen, unsigned int maxDigestLen);
 /*
 ** Export the current state of the MD5 hash without appending the standard
 ** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 16 bytes of digest data are stored
 **	"digestLen" where the digest length (16) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void MD5_EndRaw(MD5Context *cx, unsigned char *digest,
 		       unsigned int *digestLen, unsigned int maxDigestLen);
 /*
  * Return the the size of a buffer needed to flatten the MD5 Context into
  *    "cx" the context
  *  returns size;
  */
 extern unsigned int MD5_FlattenSize(MD5Context *cx);
 /*
  * Flatten the MD5 Context into a buffer:
  *    "cx" the context
  *    "space" the buffer to flatten to
  *  returns status;
  */
 extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space);
 /*
  * Resurrect a flattened context into a MD5 Context
  *    "space" the buffer of the flattend buffer
  *    "arg" ptr to void used by cryptographic resurrect
  *  returns resurected context;
  */
 extern MD5Context * MD5_Resurrect(unsigned char *space, void *arg);
 extern void MD5_Clone(MD5Context *dest, MD5Context *src);
 /*
 ** trace the intermediate state info of the MD5 hash.
 */
 extern void MD5_TraceState(MD5Context *cx);
 /******************************************/
 /*
 ** MD2 secure hash function
 */
 /*
 ** Hash a null terminated string "src" into "dest" using MD2
 */
 extern SECStatus MD2_Hash(unsigned char *dest, const char *src);
 /*
 ** Create a new MD2 context
 */
 extern MD2Context *MD2_NewContext(void);
 /*
 ** Destroy an MD2 secure hash context.
 **	"cx" the context
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit);
 /*
 ** Reset an MD2 context, preparing it for a fresh round of hashing
 */
 extern void MD2_Begin(MD2Context *cx);
 /*
 ** Update the MD2 hash function with more data.
 **	"cx" the context
 **	"input" the data to hash
 **	"inputLen" the amount of data to hash
 */
 extern void MD2_Update(MD2Context *cx,
 		       const unsigned char *input, unsigned int inputLen);
 /*
 ** Finish the MD2 hash function. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 16 bytes of digest data are stored
 **	"digestLen" where the digest length (16) is stored
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void MD2_End(MD2Context *cx, unsigned char *digest,
 		    unsigned int *digestLen, unsigned int maxDigestLen);
 /*
  * Return the the size of a buffer needed to flatten the MD2 Context into
  *    "cx" the context
  *  returns size;
  */
 extern unsigned int MD2_FlattenSize(MD2Context *cx);
 /*
  * Flatten the MD2 Context into a buffer:
  *    "cx" the context
  *    "space" the buffer to flatten to
  *  returns status;
  */
 extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space);
 /*
  * Resurrect a flattened context into a MD2 Context
  *    "space" the buffer of the flattend buffer
  *    "arg" ptr to void used by cryptographic resurrect
  *  returns resurected context;
  */
 extern MD2Context * MD2_Resurrect(unsigned char *space, void *arg);
 extern void MD2_Clone(MD2Context *dest, MD2Context *src);
 /******************************************/
 /*
 ** SHA-1 secure hash function
 */
 /*
 ** Hash a null terminated string "src" into "dest" using SHA-1
 */
 extern SECStatus SHA1_Hash(unsigned char *dest, const char *src);
 /*
 ** Hash a non-null terminated string "src" into "dest" using SHA-1
 */
 extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src,
 			      PRUint32 src_length);
 /*
 ** Create a new SHA-1 context
 */
 extern SHA1Context *SHA1_NewContext(void);
 /*
 ** Destroy a SHA-1 secure hash context.
 **	"cx" the context
 **	"freeit" if PR_TRUE then free the object as well as its sub-objects
 */
 extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit);
 /*
 ** Reset a SHA-1 context, preparing it for a fresh round of hashing
 */
 extern void SHA1_Begin(SHA1Context *cx);
 /*
 ** Update the SHA-1 hash function with more data.
 **	"cx" the context
 **	"input" the data to hash
 **	"inputLen" the amount of data to hash
 */
 extern void SHA1_Update(SHA1Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 /*
 ** Finish the SHA-1 hash function. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 16 bytes of digest data are stored
 **	"digestLen" where the digest length (20) is stored
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA1_End(SHA1Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 /*
 ** Export the current state of the SHA-1 hash without appending the standard
 ** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 20 bytes of digest data are stored
 **	"digestLen" where the digest length (20) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA1_EndRaw(SHA1Context *cx, unsigned char *digest,
 			unsigned int *digestLen, unsigned int maxDigestLen);
 /*
 ** trace the intermediate state info of the SHA1 hash.
 */
 extern void SHA1_TraceState(SHA1Context *cx);
 /*
  * Return the the size of a buffer needed to flatten the SHA-1 Context into
  *    "cx" the context
  *  returns size;
  */
 extern unsigned int SHA1_FlattenSize(SHA1Context *cx);
 /*
  * Flatten the SHA-1 Context into a buffer:
  *    "cx" the context
  *    "space" the buffer to flatten to
  *  returns status;
  */
 extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space);
 /*
  * Resurrect a flattened context into a SHA-1 Context
  *    "space" the buffer of the flattend buffer
  *    "arg" ptr to void used by cryptographic resurrect
  *  returns resurected context;
  */
 extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg);
 extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
 /******************************************/
 extern SHA224Context *SHA224_NewContext(void);
 extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
 extern void SHA224_Begin(SHA224Context *cx);
 extern void SHA224_Update(SHA224Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA224_End(SHA224Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 /*
 ** Export the current state of the SHA-224 hash without appending the standard
 ** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 28 bytes of digest data are stored
 **	"digestLen" where the digest length (28) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
 				PRUint32 src_length);
 extern SECStatus SHA224_Hash(unsigned char *dest, const char *src);
 extern void SHA224_TraceState(SHA224Context *cx);
 extern unsigned int SHA224_FlattenSize(SHA224Context *cx);
 extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
 extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
 extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
 /******************************************/
 extern SHA256Context *SHA256_NewContext(void);
 extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
 extern void SHA256_Begin(SHA256Context *cx);
 extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 /*
 ** Export the current state of the SHA-256 hash without appending the standard
 ** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 32 bytes of digest data are stored
 **	"digestLen" where the digest length (32) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
 				PRUint32 src_length);
 extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
 extern void SHA256_TraceState(SHA256Context *cx);
 extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
 extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
 extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
 extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src);
 /******************************************/
 extern SHA512Context *SHA512_NewContext(void);
 extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
 extern void SHA512_Begin(SHA512Context *cx);
 extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 /*
 ** Export the current state of the SHA-512 hash without appending the standard
 ** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 64 bytes of digest data are stored
 **	"digestLen" where the digest length (64) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
 				PRUint32 src_length);
 extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
 extern void SHA512_TraceState(SHA512Context *cx);
 extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
 extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
 extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
 extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src);
 /******************************************/
 extern SHA384Context *SHA384_NewContext(void);
 extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
 extern void SHA384_Begin(SHA384Context *cx);
 extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
 /*
 ** Export the current state of the SHA-384 hash without appending the standard
 ** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 48 bytes of digest data are stored
 **	"digestLen" where the digest length (48) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
 */
 extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
 				PRUint32 src_length);
 extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
 extern void SHA384_TraceState(SHA384Context *cx);
 extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
 extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
 extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
 extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
 /****************************************
  * implement TLS 1.0 Pseudo Random Function (PRF) and TLS P_hash function
  */
 extern SECStatus
 TLS_PRF(const SECItem *secret, const char *label, SECItem *seed,
          SECItem *result, PRBool isFIPS);
 extern SECStatus
 TLS_P_hash(HASH_HashType hashAlg, const SECItem *secret, const char *label,
            SECItem *seed, SECItem *result, PRBool isFIPS);
 /******************************************/
 /*
 ** Pseudo Random Number Generation.  FIPS compliance desirable.
 */
 /*
 ** Initialize the global RNG context and give it some seed input taken
 ** from the system.  This function is thread-safe and will only allow
 ** the global context to be initialized once.  The seed input is likely
 ** small, so it is imperative that RNG_RandomUpdate() be called with
 ** additional seed data before the generator is used.  A good way to
 ** provide the generator with additional entropy is to call
 ** RNG_SystemInfoForRNG().  Note that NSS_Init() does exactly that.
 */
 extern SECStatus RNG_RNGInit(void);
 /*
 ** Update the global random number generator with more seeding
 ** material
 */
 extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes);
 /*
 ** Generate some random bytes, using the global random number generator
 ** object.
 */
 extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len);
 /* Destroy the global RNG context.  After a call to RNG_RNGShutdown()
 ** a call to RNG_RNGInit() is required in order to use the generator again,
 ** along with seed data (see the comment above RNG_RNGInit()).
 */
 extern void  RNG_RNGShutdown(void);
 extern void RNG_SystemInfoForRNG(void);
 /*
  * FIPS 186-2 Change Notice 1 RNG Algorithm 1, used both to
  * generate the DSA X parameter and as a generic purpose RNG.
  *
  * The following two FIPS186Change functions are needed for
  * NIST RNG Validation System.
  */
 /*
  * FIPS186Change_GenerateX is now deprecated. It will return SECFailure with
  * the error set to PR_NOT_IMPLEMENTED_ERROR.
  */
 extern SECStatus
 FIPS186Change_GenerateX(unsigned char *XKEY,
                         const unsigned char *XSEEDj,
                         unsigned char *x_j);
 /*
  * When generating the DSA X parameter, we generate 2*GSIZE bytes
  * of random output and reduce it mod q.
  *
  * Input: w, 2*GSIZE bytes
  *        q, DSA_SUBPRIME_LEN bytes
  * Output: xj, DSA_SUBPRIME_LEN bytes
  */
 extern SECStatus
 FIPS186Change_ReduceModQForDSA(const unsigned char *w,
                                const unsigned char *q,
                                unsigned char *xj);
 /*
  * The following functions are for FIPS poweron self test and FIPS algorithm
  * testing.
  */
 extern SECStatus
 PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
 		const PRUint8 *nonce, unsigned int nonce_len,
 		const PRUint8 *personal_string, unsigned int ps_len);
 extern SECStatus
 PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
 		  const PRUint8 *additional, unsigned int additional_len);
 extern SECStatus
 PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
 		  const PRUint8 *additional, unsigned int additional_len);
 extern SECStatus
 PRNGTEST_Uninstantiate(void);
 extern SECStatus
 PRNGTEST_RunHealthTests(void);
 /* Generate PQGParams and PQGVerify structs.
  * Length of seed and length of h both equal length of P.
  * All lengths are specified by "j", according to the table above.
  *
  * The verify parameters will conform to FIPS186-1.
  */
 extern SECStatus
 PQG_ParamGen(unsigned int j, 	   /* input : determines length of P. */
              PQGParams **pParams,  /* output: P Q and G returned here */
 	     PQGVerify **pVfy);    /* output: counter and seed. */
 /* Generate PQGParams and PQGVerify structs.
  * Length of P specified by j.  Length of h will match length of P.
  * Length of SEED in bytes specified in seedBytes.
  * seedBbytes must be in the range [20..255] or an error will result.
  *
  * The verify parameters will conform to FIPS186-1.
  */
 extern SECStatus
 PQG_ParamGenSeedLen(
              unsigned int j, 	     /* input : determines length of P. */
 	     unsigned int seedBytes, /* input : length of seed in bytes.*/
              PQGParams **pParams,    /* output: P Q and G returned here */
 	     PQGVerify **pVfy);      /* output: counter and seed. */
 /* Generate PQGParams and PQGVerify structs.
  * Length of P specified by L in bits.
  * Length of Q specified by N in bits.
  * Length of SEED in bytes specified in seedBytes.
  * seedBbytes must be in the range [N..L*2] or an error will result.
  *
  * Not that J uses the above table, L is the length exact. L and N must
  * match the table below or an error will result:
  *
  *  L            N
  * 1024         160
  * 2048         224
  * 2048         256
  * 3072         256
  *
  * If N or seedBytes are set to zero, then PQG_ParamGenSeedLen will
  * pick a default value (typically the smallest secure value for these
  * variables).
  *
  * The verify parameters will conform to FIPS186-3 using the smallest
  * permissible hash for the key strength.
  */
 extern SECStatus
 PQG_ParamGenV2(
              unsigned int L, 	     /* input : determines length of P. */
              unsigned int N, 	     /* input : determines length of Q. */
 	     unsigned int seedBytes, /* input : length of seed in bytes.*/
              PQGParams **pParams,    /* output: P Q and G returned here */
 	     PQGVerify **pVfy);      /* output: counter and seed. */
 /*  Test PQGParams for validity as DSS PQG values.
  *  If vfy is non-NULL, test PQGParams to make sure they were generated
  *       using the specified seed, counter, and h values.
  *
  *  Return value indicates whether Verification operation ran successfully
  *  to completion, but does not indicate if PQGParams are valid or not.
  *  If return value is SECSuccess, then *pResult has these meanings:
  *       SECSuccess: PQGParams are valid.
  *       SECFailure: PQGParams are invalid.
  *
  * Verify the PQG againts the counter, SEED and h.
  * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2
  * PQG_VerifyParams will automatically choose the appropriate test.
  */
 extern SECStatus   PQG_VerifyParams(const PQGParams *params,
                                     const PQGVerify *vfy, SECStatus *result);
 extern void PQG_DestroyParams(PQGParams *params);
 extern void PQG_DestroyVerify(PQGVerify *vfy);
 /*
  * clean-up any global tables freebl may have allocated after it starts up.
  * This function is not thread safe and should be called only after the
  * library has been quiessed.
  */
 extern void BL_Cleanup(void);
 /* unload freebl shared library from memory */
 extern void BL_Unload(void);
 /**************************************************************************
  *  Verify a given Shared library signature                               *
  **************************************************************************/
 PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr);
 /**************************************************************************
  *  Verify a given filename's signature                               *
  **************************************************************************/
 PRBool BLAPI_SHVerifyFile(const char *shName);
 /**************************************************************************
  *  Verify Are Own Shared library signature                               *
  **************************************************************************/
 PRBool BLAPI_VerifySelf(const char *name);
 /*********************************************************************/
 extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType);
 extern void BL_SetForkState(PRBool forked);
 #ifndef NSS_DISABLE_ECC
 /*
 ** pepare an ECParam structure from DEREncoded params
  */
 extern SECStatus EC_FillParams(PLArenaPool *arena,
                                const SECItem *encodedParams, ECParams *params);
 extern SECStatus EC_DecodeParams(const SECItem *encodedParams,
                                  ECParams **ecparams);
 extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
                                const ECParams *srcParams);
 #endif
 SEC_END_PROTOS
 #endif /* _BLAPI_H_ */

The Tor Browser / annotate

security/nss/lib/freebl/blapi.h@b8a032363ba2 (annotated)

security/nss/lib/freebl/blapi.h