1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/freebl/blapi.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,1593 @@
1.4 +/*
1.5 + * blapi.h - public prototypes for the freebl library
1.6 + *
1.7 + * This Source Code Form is subject to the terms of the Mozilla Public
1.8 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.9 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.10 +
1.11 +#ifndef _BLAPI_H_
1.12 +#define _BLAPI_H_
1.13 +
1.14 +#include "blapit.h"
1.15 +#include "hasht.h"
1.16 +#include "alghmac.h"
1.17 +
1.18 +SEC_BEGIN_PROTOS
1.19 +
1.20 +/*
1.21 +** RSA encryption/decryption. When encrypting/decrypting the output
1.22 +** buffer must be at least the size of the public key modulus.
1.23 +*/
1.24 +
1.25 +extern SECStatus BL_Init(void);
1.26 +
1.27 +/*
1.28 +** Generate and return a new RSA public and private key.
1.29 +** Both keys are encoded in a single RSAPrivateKey structure.
1.30 +** "cx" is the random number generator context
1.31 +** "keySizeInBits" is the size of the key to be generated, in bits.
1.32 +** 512, 1024, etc.
1.33 +** "publicExponent" when not NULL is a pointer to some data that
1.34 +** represents the public exponent to use. The data is a byte
1.35 +** encoded integer, in "big endian" order.
1.36 +*/
1.37 +extern RSAPrivateKey *RSA_NewKey(int keySizeInBits,
1.38 + SECItem * publicExponent);
1.39 +
1.40 +/*
1.41 +** Perform a raw public-key operation
1.42 +** Length of input and output buffers are equal to key's modulus len.
1.43 +*/
1.44 +extern SECStatus RSA_PublicKeyOp(RSAPublicKey * key,
1.45 + unsigned char * output,
1.46 + const unsigned char * input);
1.47 +
1.48 +/*
1.49 +** Perform a raw private-key operation
1.50 +** Length of input and output buffers are equal to key's modulus len.
1.51 +*/
1.52 +extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey * key,
1.53 + unsigned char * output,
1.54 + const unsigned char * input);
1.55 +
1.56 +/*
1.57 +** Perform a raw private-key operation, and check the parameters used in
1.58 +** the operation for validity by performing a test operation first.
1.59 +** Length of input and output buffers are equal to key's modulus len.
1.60 +*/
1.61 +extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key,
1.62 + unsigned char * output,
1.63 + const unsigned char * input);
1.64 +
1.65 +/*
1.66 +** Perform a check of private key parameters for consistency.
1.67 +*/
1.68 +extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key);
1.69 +
1.70 +/*
1.71 +** Given only minimal private key parameters, fill in the rest of the
1.72 +** parameters.
1.73 +**
1.74 +**
1.75 +** All the entries, including those supplied by the caller, will be
1.76 +** overwritten with data alocated out of the arena.
1.77 +**
1.78 +** If no arena is supplied, one will be created.
1.79 +**
1.80 +** The following fields must be supplied in order for this function
1.81 +** to succeed:
1.82 +** one of either publicExponent or privateExponent
1.83 +** two more of the following 5 parameters (not counting the above).
1.84 +** modulus (n)
1.85 +** prime1 (p)
1.86 +** prime2 (q)
1.87 +** publicExponent (e)
1.88 +** privateExponent (d)
1.89 +**
1.90 +** NOTE: if only the publicExponent, privateExponent, and one prime is given,
1.91 +** then there may be more than one RSA key that matches that combination. If
1.92 +** we find 2 possible valid keys that meet this criteria, we return an error.
1.93 +** If we return the wrong key, and the original modulus is compared to the
1.94 +** new modulus, both can be factored by calculateing gcd(n_old,n_new) to get
1.95 +** the common prime.
1.96 +**
1.97 +** NOTE: in some cases the publicExponent must be less than 2^23 for this
1.98 +** function to work correctly. (The case where we have only one of: modulus
1.99 +** prime1 and prime2).
1.100 +**
1.101 +** All parameters will be replaced in the key structure with new parameters
1.102 +** allocated out of the arena. There is no attempt to free the old structures.
1.103 +** prime1 will always be greater than prime2 (even if the caller supplies the
1.104 +** smaller prime as prime1 or the larger prime as prime2). The parameters are
1.105 +** not overwritten on failure.
1.106 +**
1.107 +** While the remaining Chinese remainder theorem parameters (dp,dp, and qinv)
1.108 +** can also be used in reconstructing the private key, they are currently
1.109 +** ignored in this implementation.
1.110 +*/
1.111 +extern SECStatus RSA_PopulatePrivateKey(RSAPrivateKey *key);
1.112 +
1.113 +/********************************************************************
1.114 +** RSA algorithm
1.115 +*/
1.116 +
1.117 +/********************************************************************
1.118 +** Raw signing/encryption/decryption operations.
1.119 +**
1.120 +** No padding or formatting will be applied.
1.121 +** inputLen MUST be equivalent to the modulus size (in bytes).
1.122 +*/
1.123 +extern SECStatus
1.124 +RSA_SignRaw(RSAPrivateKey * key,
1.125 + unsigned char * output,
1.126 + unsigned int * outputLen,
1.127 + unsigned int maxOutputLen,
1.128 + const unsigned char * input,
1.129 + unsigned int inputLen);
1.130 +
1.131 +extern SECStatus
1.132 +RSA_CheckSignRaw(RSAPublicKey * key,
1.133 + const unsigned char * sig,
1.134 + unsigned int sigLen,
1.135 + const unsigned char * hash,
1.136 + unsigned int hashLen);
1.137 +
1.138 +extern SECStatus
1.139 +RSA_CheckSignRecoverRaw(RSAPublicKey * key,
1.140 + unsigned char * data,
1.141 + unsigned int * dataLen,
1.142 + unsigned int maxDataLen,
1.143 + const unsigned char * sig,
1.144 + unsigned int sigLen);
1.145 +
1.146 +extern SECStatus
1.147 +RSA_EncryptRaw(RSAPublicKey * key,
1.148 + unsigned char * output,
1.149 + unsigned int * outputLen,
1.150 + unsigned int maxOutputLen,
1.151 + const unsigned char * input,
1.152 + unsigned int inputLen);
1.153 +
1.154 +extern SECStatus
1.155 +RSA_DecryptRaw(RSAPrivateKey * key,
1.156 + unsigned char * output,
1.157 + unsigned int * outputLen,
1.158 + unsigned int maxOutputLen,
1.159 + const unsigned char * input,
1.160 + unsigned int inputLen);
1.161 +
1.162 +/********************************************************************
1.163 +** RSAES-OAEP encryption/decryption, as defined in RFC 3447, Section 7.1.
1.164 +**
1.165 +** Note: Only MGF1 is supported as the mask generation function. It will be
1.166 +** used with maskHashAlg as the inner hash function.
1.167 +**
1.168 +** Unless performing Known Answer Tests, "seed" should be NULL, indicating that
1.169 +** freebl should generate a random value. Otherwise, it should be an octet
1.170 +** string of seedLen bytes, which should be the same size as the output of
1.171 +** hashAlg.
1.172 +*/
1.173 +extern SECStatus
1.174 +RSA_EncryptOAEP(RSAPublicKey * key,
1.175 + HASH_HashType hashAlg,
1.176 + HASH_HashType maskHashAlg,
1.177 + const unsigned char * label,
1.178 + unsigned int labelLen,
1.179 + const unsigned char * seed,
1.180 + unsigned int seedLen,
1.181 + unsigned char * output,
1.182 + unsigned int * outputLen,
1.183 + unsigned int maxOutputLen,
1.184 + const unsigned char * input,
1.185 + unsigned int inputLen);
1.186 +
1.187 +extern SECStatus
1.188 +RSA_DecryptOAEP(RSAPrivateKey * key,
1.189 + HASH_HashType hashAlg,
1.190 + HASH_HashType maskHashAlg,
1.191 + const unsigned char * label,
1.192 + unsigned int labelLen,
1.193 + unsigned char * output,
1.194 + unsigned int * outputLen,
1.195 + unsigned int maxOutputLen,
1.196 + const unsigned char * input,
1.197 + unsigned int inputLen);
1.198 +
1.199 +/********************************************************************
1.200 +** RSAES-PKCS1-v1_5 encryption/decryption, as defined in RFC 3447, Section 7.2.
1.201 +*/
1.202 +extern SECStatus
1.203 +RSA_EncryptBlock(RSAPublicKey * key,
1.204 + unsigned char * output,
1.205 + unsigned int * outputLen,
1.206 + unsigned int maxOutputLen,
1.207 + const unsigned char * input,
1.208 + unsigned int inputLen);
1.209 +
1.210 +extern SECStatus
1.211 +RSA_DecryptBlock(RSAPrivateKey * key,
1.212 + unsigned char * output,
1.213 + unsigned int * outputLen,
1.214 + unsigned int maxOutputLen,
1.215 + const unsigned char * input,
1.216 + unsigned int inputLen);
1.217 +
1.218 +/********************************************************************
1.219 +** RSASSA-PSS signing/verifying, as defined in RFC 3447, Section 8.1.
1.220 +**
1.221 +** Note: Only MGF1 is supported as the mask generation function. It will be
1.222 +** used with maskHashAlg as the inner hash function.
1.223 +**
1.224 +** Unless performing Known Answer Tests, "salt" should be NULL, indicating that
1.225 +** freebl should generate a random value.
1.226 +*/
1.227 +extern SECStatus
1.228 +RSA_SignPSS(RSAPrivateKey * key,
1.229 + HASH_HashType hashAlg,
1.230 + HASH_HashType maskHashAlg,
1.231 + const unsigned char * salt,
1.232 + unsigned int saltLen,
1.233 + unsigned char * output,
1.234 + unsigned int * outputLen,
1.235 + unsigned int maxOutputLen,
1.236 + const unsigned char * input,
1.237 + unsigned int inputLen);
1.238 +
1.239 +extern SECStatus
1.240 +RSA_CheckSignPSS(RSAPublicKey * key,
1.241 + HASH_HashType hashAlg,
1.242 + HASH_HashType maskHashAlg,
1.243 + unsigned int saltLen,
1.244 + const unsigned char * sig,
1.245 + unsigned int sigLen,
1.246 + const unsigned char * hash,
1.247 + unsigned int hashLen);
1.248 +
1.249 +/********************************************************************
1.250 +** RSASSA-PKCS1-v1_5 signing/verifying, as defined in RFC 3447, Section 8.2.
1.251 +**
1.252 +** These functions expect as input to be the raw value to be signed. For most
1.253 +** cases using PKCS1-v1_5, this should be the value of T, the DER-encoded
1.254 +** DigestInfo structure defined in Section 9.2, Step 2.
1.255 +** Note: This can also be used for signatures that use PKCS1-v1_5 padding, such
1.256 +** as the signatures used in SSL/TLS, which sign a raw hash.
1.257 +*/
1.258 +extern SECStatus
1.259 +RSA_Sign(RSAPrivateKey * key,
1.260 + unsigned char * output,
1.261 + unsigned int * outputLen,
1.262 + unsigned int maxOutputLen,
1.263 + const unsigned char * data,
1.264 + unsigned int dataLen);
1.265 +
1.266 +extern SECStatus
1.267 +RSA_CheckSign(RSAPublicKey * key,
1.268 + const unsigned char * sig,
1.269 + unsigned int sigLen,
1.270 + const unsigned char * data,
1.271 + unsigned int dataLen);
1.272 +
1.273 +extern SECStatus
1.274 +RSA_CheckSignRecover(RSAPublicKey * key,
1.275 + unsigned char * output,
1.276 + unsigned int * outputLen,
1.277 + unsigned int maxOutputLen,
1.278 + const unsigned char * sig,
1.279 + unsigned int sigLen);
1.280 +
1.281 +/********************************************************************
1.282 +** DSA signing algorithm
1.283 +*/
1.284 +
1.285 +/* Generate a new random value within the interval [2, q-1].
1.286 +*/
1.287 +extern SECStatus DSA_NewRandom(PLArenaPool * arena, const SECItem * q,
1.288 + SECItem * random);
1.289 +
1.290 +/*
1.291 +** Generate and return a new DSA public and private key pair,
1.292 +** both of which are encoded into a single DSAPrivateKey struct.
1.293 +** "params" is a pointer to the PQG parameters for the domain
1.294 +** Uses a random seed.
1.295 +*/
1.296 +extern SECStatus DSA_NewKey(const PQGParams * params,
1.297 + DSAPrivateKey ** privKey);
1.298 +
1.299 +/* signature is caller-supplied buffer of at least 20 bytes.
1.300 +** On input, signature->len == size of buffer to hold signature.
1.301 +** digest->len == size of digest.
1.302 +** On output, signature->len == size of signature in buffer.
1.303 +** Uses a random seed.
1.304 +*/
1.305 +extern SECStatus DSA_SignDigest(DSAPrivateKey * key,
1.306 + SECItem * signature,
1.307 + const SECItem * digest);
1.308 +
1.309 +/* signature is caller-supplied buffer of at least 20 bytes.
1.310 +** On input, signature->len == size of buffer to hold signature.
1.311 +** digest->len == size of digest.
1.312 +*/
1.313 +extern SECStatus DSA_VerifyDigest(DSAPublicKey * key,
1.314 + const SECItem * signature,
1.315 + const SECItem * digest);
1.316 +
1.317 +/* For FIPS compliance testing. Seed must be exactly 20 bytes long */
1.318 +extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params,
1.319 + const unsigned char * seed,
1.320 + DSAPrivateKey **privKey);
1.321 +
1.322 +/* For FIPS compliance testing. Seed must be exactly 20 bytes. */
1.323 +extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey * key,
1.324 + SECItem * signature,
1.325 + const SECItem * digest,
1.326 + const unsigned char * seed);
1.327 +
1.328 +/******************************************************
1.329 +** Diffie Helman key exchange algorithm
1.330 +*/
1.331 +
1.332 +/* Generates parameters for Diffie-Helman key generation.
1.333 +** primeLen is the length in bytes of prime P to be generated.
1.334 +*/
1.335 +extern SECStatus DH_GenParam(int primeLen, DHParams ** params);
1.336 +
1.337 +/* Generates a public and private key, both of which are encoded in a single
1.338 +** DHPrivateKey struct. Params is input, privKey are output.
1.339 +** This is Phase 1 of Diffie Hellman.
1.340 +*/
1.341 +extern SECStatus DH_NewKey(DHParams * params,
1.342 + DHPrivateKey ** privKey);
1.343 +
1.344 +/*
1.345 +** DH_Derive does the Diffie-Hellman phase 2 calculation, using the
1.346 +** other party's publicValue, and the prime and our privateValue.
1.347 +** maxOutBytes is the requested length of the generated secret in bytes.
1.348 +** A zero value means produce a value of any length up to the size of
1.349 +** the prime. If successful, derivedSecret->data is set
1.350 +** to the address of the newly allocated buffer containing the derived
1.351 +** secret, and derivedSecret->len is the size of the secret produced.
1.352 +** The size of the secret produced will depend on the value of outBytes.
1.353 +** If outBytes is 0, the key length will be all the significant bytes of
1.354 +** the derived secret (leading zeros are dropped). This length could be less
1.355 +** than the length of the prime. If outBytes is nonzero, the length of the
1.356 +** produced key will be outBytes long. If the key is truncated, the most
1.357 +** significant bytes are truncated. If it is expanded, zero bytes are added
1.358 +** at the beginning.
1.359 +** It is the caller's responsibility to free the allocated buffer
1.360 +** containing the derived secret.
1.361 +*/
1.362 +extern SECStatus DH_Derive(SECItem * publicValue,
1.363 + SECItem * prime,
1.364 + SECItem * privateValue,
1.365 + SECItem * derivedSecret,
1.366 + unsigned int outBytes);
1.367 +
1.368 +/*
1.369 +** KEA_CalcKey returns octet string with the private key for a dual
1.370 +** Diffie-Helman key generation as specified for government key exchange.
1.371 +*/
1.372 +extern SECStatus KEA_Derive(SECItem *prime,
1.373 + SECItem *public1,
1.374 + SECItem *public2,
1.375 + SECItem *private1,
1.376 + SECItem *private2,
1.377 + SECItem *derivedSecret);
1.378 +
1.379 +/*
1.380 + * verify that a KEA or DSA public key is a valid key for this prime and
1.381 + * subprime domain.
1.382 + */
1.383 +extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime);
1.384 +
1.385 +/****************************************
1.386 + * J-PAKE key transport
1.387 + */
1.388 +
1.389 +/* Given gx == g^x, create a Schnorr zero-knowledge proof for the value x
1.390 + * using the specified hash algorithm and signer ID. The signature is
1.391 + * returned in the values gv and r. testRandom must be NULL for a PRNG
1.392 + * generated random committment to be used in the sigature. When testRandom
1.393 + * is non-NULL, that value must contain a value in the subgroup q; that
1.394 + * value will be used instead of a PRNG-generated committment in order to
1.395 + * facilitate known-answer tests.
1.396 + *
1.397 + * If gxIn is non-NULL then it must contain a pre-computed value of g^x that
1.398 + * will be used by the function; in this case, the gxOut parameter must be NULL.
1.399 + * If the gxIn parameter is NULL then gxOut must be non-NULL; in this case
1.400 + * gxOut will contain the value g^x on output.
1.401 + *
1.402 + * gx (if not supplied by the caller), gv, and r will be allocated in the arena.
1.403 + * The arena is *not* optional so do not pass NULL for the arena parameter.
1.404 + * The arena should be zeroed when it is freed.
1.405 + */
1.406 +SECStatus
1.407 +JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
1.408 + const SECItem * signerID, const SECItem * x,
1.409 + const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut,
1.410 + SECItem * gv, SECItem * r);
1.411 +
1.412 +/* Given gx == g^x, verify the Schnorr zero-knowledge proof (gv, r) for the
1.413 + * value x using the specified hash algorithm and signer ID.
1.414 + *
1.415 + * The arena is *not* optional so do not pass NULL for the arena parameter.
1.416 + */
1.417 +SECStatus
1.418 +JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg,
1.419 + HASH_HashType hashType, const SECItem * signerID,
1.420 + const SECItem * peerID, const SECItem * gx,
1.421 + const SECItem * gv, const SECItem * r);
1.422 +
1.423 +/* Call before round 2 with x2, s, and x2s all non-NULL. This will calculate
1.424 + * base = g^(x1+x3+x4) (mod p) and x2s = x2*s (mod q). The values to send in
1.425 + * round 2 (A and the proof of knowledge of x2s) can then be calculated with
1.426 + * JPAKE_Sign using pqg->base = base and x = x2s.
1.427 + *
1.428 + * Call after round 2 with x2, s, and x2s all NULL, and passing (gx1, gx2, gx3)
1.429 + * instead of (gx1, gx3, gx4). This will calculate base = g^(x1+x2+x3). Then call
1.430 + * JPAKE_Verify with pqg->base = base and then JPAKE_Final.
1.431 + *
1.432 + * base and x2s will be allocated in the arena. The arena is *not* optional so
1.433 + * do not pass NULL for the arena parameter. The arena should be zeroed when it
1.434 + * is freed.
1.435 +*/
1.436 +SECStatus
1.437 +JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem *q,
1.438 + const SECItem * gx1, const SECItem * gx3, const SECItem * gx4,
1.439 + SECItem * base, const SECItem * x2, const SECItem * s, SECItem * x2s);
1.440 +
1.441 +/* K = (B/g^(x2*x4*s))^x2 (mod p)
1.442 + *
1.443 + * K will be allocated in the arena. The arena is *not* optional so do not pass
1.444 + * NULL for the arena parameter. The arena should be zeroed when it is freed.
1.445 + */
1.446 +SECStatus
1.447 +JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem *q,
1.448 + const SECItem * x2, const SECItem * gx4, const SECItem * x2s,
1.449 + const SECItem * B, SECItem * K);
1.450 +
1.451 +/******************************************************
1.452 +** Elliptic Curve algorithms
1.453 +*/
1.454 +
1.455 +/* Generates a public and private key, both of which are encoded
1.456 +** in a single ECPrivateKey struct. Params is input, privKey are
1.457 +** output.
1.458 +*/
1.459 +extern SECStatus EC_NewKey(ECParams * params,
1.460 + ECPrivateKey ** privKey);
1.461 +
1.462 +extern SECStatus EC_NewKeyFromSeed(ECParams * params,
1.463 + ECPrivateKey ** privKey,
1.464 + const unsigned char* seed,
1.465 + int seedlen);
1.466 +
1.467 +/* Validates an EC public key as described in Section 5.2.2 of
1.468 + * X9.62. Such validation prevents against small subgroup attacks
1.469 + * when the ECDH primitive is used with the cofactor.
1.470 + */
1.471 +extern SECStatus EC_ValidatePublicKey(ECParams * params,
1.472 + SECItem * publicValue);
1.473 +
1.474 +/*
1.475 +** ECDH_Derive performs a scalar point multiplication of a point
1.476 +** representing a (peer's) public key and a large integer representing
1.477 +** a private key (its own). Both keys must use the same elliptic curve
1.478 +** parameters. If the withCofactor parameter is true, the
1.479 +** multiplication also uses the cofactor associated with the curve
1.480 +** parameters. The output of this scheme is the x-coordinate of the
1.481 +** resulting point. If successful, derivedSecret->data is set to the
1.482 +** address of the newly allocated buffer containing the derived
1.483 +** secret, and derivedSecret->len is the size of the secret
1.484 +** produced. It is the caller's responsibility to free the allocated
1.485 +** buffer containing the derived secret.
1.486 +*/
1.487 +extern SECStatus ECDH_Derive(SECItem * publicValue,
1.488 + ECParams * params,
1.489 + SECItem * privateValue,
1.490 + PRBool withCofactor,
1.491 + SECItem * derivedSecret);
1.492 +
1.493 +/* On input, signature->len == size of buffer to hold signature.
1.494 +** digest->len == size of digest.
1.495 +** On output, signature->len == size of signature in buffer.
1.496 +** Uses a random seed.
1.497 +*/
1.498 +extern SECStatus ECDSA_SignDigest(ECPrivateKey *key,
1.499 + SECItem *signature,
1.500 + const SECItem *digest);
1.501 +
1.502 +/* On input, signature->len == size of buffer to hold signature.
1.503 +** digest->len == size of digest.
1.504 +*/
1.505 +extern SECStatus ECDSA_VerifyDigest(ECPublicKey *key,
1.506 + const SECItem *signature,
1.507 + const SECItem *digest);
1.508 +
1.509 +/* Uses the provided seed. */
1.510 +extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey *key,
1.511 + SECItem *signature,
1.512 + const SECItem *digest,
1.513 + const unsigned char *seed,
1.514 + const int seedlen);
1.515 +
1.516 +/******************************************/
1.517 +/*
1.518 +** RC4 symmetric stream cypher
1.519 +*/
1.520 +
1.521 +/*
1.522 +** Create a new RC4 context suitable for RC4 encryption/decryption.
1.523 +** "key" raw key data
1.524 +** "len" the number of bytes of key data
1.525 +*/
1.526 +extern RC4Context *RC4_CreateContext(const unsigned char *key, int len);
1.527 +
1.528 +extern RC4Context *RC4_AllocateContext(void);
1.529 +extern SECStatus RC4_InitContext(RC4Context *cx,
1.530 + const unsigned char *key,
1.531 + unsigned int keylen,
1.532 + const unsigned char *,
1.533 + int,
1.534 + unsigned int ,
1.535 + unsigned int );
1.536 +
1.537 +/*
1.538 +** Destroy an RC4 encryption/decryption context.
1.539 +** "cx" the context
1.540 +** "freeit" if PR_TRUE then free the object as well as its sub-objects
1.541 +*/
1.542 +extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit);
1.543 +
1.544 +/*
1.545 +** Perform RC4 encryption.
1.546 +** "cx" the context
1.547 +** "output" the output buffer to store the encrypted data.
1.548 +** "outputLen" how much data is stored in "output". Set by the routine
1.549 +** after some data is stored in output.
1.550 +** "maxOutputLen" the maximum amount of data that can ever be
1.551 +** stored in "output"
1.552 +** "input" the input data
1.553 +** "inputLen" the amount of input data
1.554 +*/
1.555 +extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output,
1.556 + unsigned int *outputLen, unsigned int maxOutputLen,
1.557 + const unsigned char *input, unsigned int inputLen);
1.558 +
1.559 +/*
1.560 +** Perform RC4 decryption.
1.561 +** "cx" the context
1.562 +** "output" the output buffer to store the decrypted data.
1.563 +** "outputLen" how much data is stored in "output". Set by the routine
1.564 +** after some data is stored in output.
1.565 +** "maxOutputLen" the maximum amount of data that can ever be
1.566 +** stored in "output"
1.567 +** "input" the input data
1.568 +** "inputLen" the amount of input data
1.569 +*/
1.570 +extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
1.571 + unsigned int *outputLen, unsigned int maxOutputLen,
1.572 + const unsigned char *input, unsigned int inputLen);
1.573 +
1.574 +/******************************************/
1.575 +/*
1.576 +** RC2 symmetric block cypher
1.577 +*/
1.578 +
1.579 +/*
1.580 +** Create a new RC2 context suitable for RC2 encryption/decryption.
1.581 +** "key" raw key data
1.582 +** "len" the number of bytes of key data
1.583 +** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
1.584 +** "mode" one of NSS_RC2 or NSS_RC2_CBC
1.585 +** "effectiveKeyLen" is the effective key length (as specified in
1.586 +** RFC 2268) in bytes (not bits).
1.587 +**
1.588 +** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
1.589 +** chaining" mode.
1.590 +*/
1.591 +extern RC2Context *RC2_CreateContext(const unsigned char *key, unsigned int len,
1.592 + const unsigned char *iv, int mode,
1.593 + unsigned effectiveKeyLen);
1.594 +extern RC2Context *RC2_AllocateContext(void);
1.595 +extern SECStatus RC2_InitContext(RC2Context *cx,
1.596 + const unsigned char *key,
1.597 + unsigned int keylen,
1.598 + const unsigned char *iv,
1.599 + int mode,
1.600 + unsigned int effectiveKeyLen,
1.601 + unsigned int );
1.602 +
1.603 +/*
1.604 +** Destroy an RC2 encryption/decryption context.
1.605 +** "cx" the context
1.606 +** "freeit" if PR_TRUE then free the object as well as its sub-objects
1.607 +*/
1.608 +extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit);
1.609 +
1.610 +/*
1.611 +** Perform RC2 encryption.
1.612 +** "cx" the context
1.613 +** "output" the output buffer to store the encrypted data.
1.614 +** "outputLen" how much data is stored in "output". Set by the routine
1.615 +** after some data is stored in output.
1.616 +** "maxOutputLen" the maximum amount of data that can ever be
1.617 +** stored in "output"
1.618 +** "input" the input data
1.619 +** "inputLen" the amount of input data
1.620 +*/
1.621 +extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
1.622 + unsigned int *outputLen, unsigned int maxOutputLen,
1.623 + const unsigned char *input, unsigned int inputLen);
1.624 +
1.625 +/*
1.626 +** Perform RC2 decryption.
1.627 +** "cx" the context
1.628 +** "output" the output buffer to store the decrypted data.
1.629 +** "outputLen" how much data is stored in "output". Set by the routine
1.630 +** after some data is stored in output.
1.631 +** "maxOutputLen" the maximum amount of data that can ever be
1.632 +** stored in "output"
1.633 +** "input" the input data
1.634 +** "inputLen" the amount of input data
1.635 +*/
1.636 +extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
1.637 + unsigned int *outputLen, unsigned int maxOutputLen,
1.638 + const unsigned char *input, unsigned int inputLen);
1.639 +
1.640 +/******************************************/
1.641 +/*
1.642 +** RC5 symmetric block cypher -- 64-bit block size
1.643 +*/
1.644 +
1.645 +/*
1.646 +** Create a new RC5 context suitable for RC5 encryption/decryption.
1.647 +** "key" raw key data
1.648 +** "len" the number of bytes of key data
1.649 +** "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC)
1.650 +** "mode" one of NSS_RC5 or NSS_RC5_CBC
1.651 +**
1.652 +** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block
1.653 +** chaining" mode.
1.654 +*/
1.655 +extern RC5Context *RC5_CreateContext(const SECItem *key, unsigned int rounds,
1.656 + unsigned int wordSize, const unsigned char *iv, int mode);
1.657 +extern RC5Context *RC5_AllocateContext(void);
1.658 +extern SECStatus RC5_InitContext(RC5Context *cx,
1.659 + const unsigned char *key,
1.660 + unsigned int keylen,
1.661 + const unsigned char *iv,
1.662 + int mode,
1.663 + unsigned int rounds,
1.664 + unsigned int wordSize);
1.665 +
1.666 +/*
1.667 +** Destroy an RC5 encryption/decryption context.
1.668 +** "cx" the context
1.669 +** "freeit" if PR_TRUE then free the object as well as its sub-objects
1.670 +*/
1.671 +extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit);
1.672 +
1.673 +/*
1.674 +** Perform RC5 encryption.
1.675 +** "cx" the context
1.676 +** "output" the output buffer to store the encrypted data.
1.677 +** "outputLen" how much data is stored in "output". Set by the routine
1.678 +** after some data is stored in output.
1.679 +** "maxOutputLen" the maximum amount of data that can ever be
1.680 +** stored in "output"
1.681 +** "input" the input data
1.682 +** "inputLen" the amount of input data
1.683 +*/
1.684 +extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output,
1.685 + unsigned int *outputLen, unsigned int maxOutputLen,
1.686 + const unsigned char *input, unsigned int inputLen);
1.687 +
1.688 +/*
1.689 +** Perform RC5 decryption.
1.690 +** "cx" the context
1.691 +** "output" the output buffer to store the decrypted data.
1.692 +** "outputLen" how much data is stored in "output". Set by the routine
1.693 +** after some data is stored in output.
1.694 +** "maxOutputLen" the maximum amount of data that can ever be
1.695 +** stored in "output"
1.696 +** "input" the input data
1.697 +** "inputLen" the amount of input data
1.698 +*/
1.699 +
1.700 +extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output,
1.701 + unsigned int *outputLen, unsigned int maxOutputLen,
1.702 + const unsigned char *input, unsigned int inputLen);
1.703 +
1.704 +
1.705 +
1.706 +/******************************************/
1.707 +/*
1.708 +** DES symmetric block cypher
1.709 +*/
1.710 +
1.711 +/*
1.712 +** Create a new DES context suitable for DES encryption/decryption.
1.713 +** "key" raw key data
1.714 +** "len" the number of bytes of key data
1.715 +** "iv" is the CBC initialization vector (if mode is NSS_DES_CBC or
1.716 +** mode is DES_EDE3_CBC)
1.717 +** "mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC
1.718 +** "encrypt" is PR_TRUE if the context will be used for encryption
1.719 +**
1.720 +** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES
1.721 +** cipher is run in "cipher block chaining" mode.
1.722 +*/
1.723 +extern DESContext *DES_CreateContext(const unsigned char *key,
1.724 + const unsigned char *iv,
1.725 + int mode, PRBool encrypt);
1.726 +extern DESContext *DES_AllocateContext(void);
1.727 +extern SECStatus DES_InitContext(DESContext *cx,
1.728 + const unsigned char *key,
1.729 + unsigned int keylen,
1.730 + const unsigned char *iv,
1.731 + int mode,
1.732 + unsigned int encrypt,
1.733 + unsigned int );
1.734 +
1.735 +/*
1.736 +** Destroy an DES encryption/decryption context.
1.737 +** "cx" the context
1.738 +** "freeit" if PR_TRUE then free the object as well as its sub-objects
1.739 +*/
1.740 +extern void DES_DestroyContext(DESContext *cx, PRBool freeit);
1.741 +
1.742 +/*
1.743 +** Perform DES encryption.
1.744 +** "cx" the context
1.745 +** "output" the output buffer to store the encrypted data.
1.746 +** "outputLen" how much data is stored in "output". Set by the routine
1.747 +** after some data is stored in output.
1.748 +** "maxOutputLen" the maximum amount of data that can ever be
1.749 +** stored in "output"
1.750 +** "input" the input data
1.751 +** "inputLen" the amount of input data
1.752 +**
1.753 +** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
1.754 +*/
1.755 +extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output,
1.756 + unsigned int *outputLen, unsigned int maxOutputLen,
1.757 + const unsigned char *input, unsigned int inputLen);
1.758 +
1.759 +/*
1.760 +** Perform DES decryption.
1.761 +** "cx" the context
1.762 +** "output" the output buffer to store the decrypted data.
1.763 +** "outputLen" how much data is stored in "output". Set by the routine
1.764 +** after some data is stored in output.
1.765 +** "maxOutputLen" the maximum amount of data that can ever be
1.766 +** stored in "output"
1.767 +** "input" the input data
1.768 +** "inputLen" the amount of input data
1.769 +**
1.770 +** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
1.771 +*/
1.772 +extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output,
1.773 + unsigned int *outputLen, unsigned int maxOutputLen,
1.774 + const unsigned char *input, unsigned int inputLen);
1.775 +
1.776 +/******************************************/
1.777 +/*
1.778 +** SEED symmetric block cypher
1.779 +*/
1.780 +extern SEEDContext *
1.781 +SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
1.782 + int mode, PRBool encrypt);
1.783 +extern SEEDContext *SEED_AllocateContext(void);
1.784 +extern SECStatus SEED_InitContext(SEEDContext *cx,
1.785 + const unsigned char *key,
1.786 + unsigned int keylen,
1.787 + const unsigned char *iv,
1.788 + int mode, unsigned int encrypt,
1.789 + unsigned int );
1.790 +extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit);
1.791 +extern SECStatus
1.792 +SEED_Encrypt(SEEDContext *cx, unsigned char *output,
1.793 + unsigned int *outputLen, unsigned int maxOutputLen,
1.794 + const unsigned char *input, unsigned int inputLen);
1.795 +extern SECStatus
1.796 +SEED_Decrypt(SEEDContext *cx, unsigned char *output,
1.797 + unsigned int *outputLen, unsigned int maxOutputLen,
1.798 + const unsigned char *input, unsigned int inputLen);
1.799 +
1.800 +/******************************************/
1.801 +/*
1.802 +** AES symmetric block cypher (Rijndael)
1.803 +*/
1.804 +
1.805 +/*
1.806 +** Create a new AES context suitable for AES encryption/decryption.
1.807 +** "key" raw key data
1.808 +** "keylen" the number of bytes of key data (16, 24, or 32)
1.809 +** "blocklen" is the blocksize to use (16, 24, or 32)
1.810 +** XXX currently only blocksize==16 has been tested!
1.811 +*/
1.812 +extern AESContext *
1.813 +AES_CreateContext(const unsigned char *key, const unsigned char *iv,
1.814 + int mode, int encrypt,
1.815 + unsigned int keylen, unsigned int blocklen);
1.816 +extern AESContext *AES_AllocateContext(void);
1.817 +extern SECStatus AES_InitContext(AESContext *cx,
1.818 + const unsigned char *key,
1.819 + unsigned int keylen,
1.820 + const unsigned char *iv,
1.821 + int mode,
1.822 + unsigned int encrypt,
1.823 + unsigned int blocklen);
1.824 +
1.825 +/*
1.826 +** Destroy a AES encryption/decryption context.
1.827 +** "cx" the context
1.828 +** "freeit" if PR_TRUE then free the object as well as its sub-objects
1.829 +*/
1.830 +extern void
1.831 +AES_DestroyContext(AESContext *cx, PRBool freeit);
1.832 +
1.833 +/*
1.834 +** Perform AES encryption.
1.835 +** "cx" the context
1.836 +** "output" the output buffer to store the encrypted data.
1.837 +** "outputLen" how much data is stored in "output". Set by the routine
1.838 +** after some data is stored in output.
1.839 +** "maxOutputLen" the maximum amount of data that can ever be
1.840 +** stored in "output"
1.841 +** "input" the input data
1.842 +** "inputLen" the amount of input data
1.843 +*/
1.844 +extern SECStatus
1.845 +AES_Encrypt(AESContext *cx, unsigned char *output,
1.846 + unsigned int *outputLen, unsigned int maxOutputLen,
1.847 + const unsigned char *input, unsigned int inputLen);
1.848 +
1.849 +/*
1.850 +** Perform AES decryption.
1.851 +** "cx" the context
1.852 +** "output" the output buffer to store the decrypted data.
1.853 +** "outputLen" how much data is stored in "output". Set by the routine
1.854 +** after some data is stored in output.
1.855 +** "maxOutputLen" the maximum amount of data that can ever be
1.856 +** stored in "output"
1.857 +** "input" the input data
1.858 +** "inputLen" the amount of input data
1.859 +*/
1.860 +extern SECStatus
1.861 +AES_Decrypt(AESContext *cx, unsigned char *output,
1.862 + unsigned int *outputLen, unsigned int maxOutputLen,
1.863 + const unsigned char *input, unsigned int inputLen);
1.864 +
1.865 +/******************************************/
1.866 +/*
1.867 +** AES key wrap algorithm, RFC 3394
1.868 +*/
1.869 +
1.870 +/*
1.871 +** Create a new AES context suitable for AES encryption/decryption.
1.872 +** "key" raw key data
1.873 +** "iv" The 8 byte "initial value"
1.874 +** "encrypt", a boolean, true for key wrapping, false for unwrapping.
1.875 +** "keylen" the number of bytes of key data (16, 24, or 32)
1.876 +*/
1.877 +extern AESKeyWrapContext *
1.878 +AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
1.879 + int encrypt, unsigned int keylen);
1.880 +extern AESKeyWrapContext * AESKeyWrap_AllocateContext(void);
1.881 +extern SECStatus
1.882 + AESKeyWrap_InitContext(AESKeyWrapContext *cx,
1.883 + const unsigned char *key,
1.884 + unsigned int keylen,
1.885 + const unsigned char *iv,
1.886 + int ,
1.887 + unsigned int encrypt,
1.888 + unsigned int );
1.889 +
1.890 +/*
1.891 +** Destroy a AES KeyWrap context.
1.892 +** "cx" the context
1.893 +** "freeit" if PR_TRUE then free the object as well as its sub-objects
1.894 +*/
1.895 +extern void
1.896 +AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit);
1.897 +
1.898 +/*
1.899 +** Perform AES key wrap.
1.900 +** "cx" the context
1.901 +** "output" the output buffer to store the encrypted data.
1.902 +** "outputLen" how much data is stored in "output". Set by the routine
1.903 +** after some data is stored in output.
1.904 +** "maxOutputLen" the maximum amount of data that can ever be
1.905 +** stored in "output"
1.906 +** "input" the input data
1.907 +** "inputLen" the amount of input data
1.908 +*/
1.909 +extern SECStatus
1.910 +AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
1.911 + unsigned int *outputLen, unsigned int maxOutputLen,
1.912 + const unsigned char *input, unsigned int inputLen);
1.913 +
1.914 +/*
1.915 +** Perform AES key unwrap.
1.916 +** "cx" the context
1.917 +** "output" the output buffer to store the decrypted data.
1.918 +** "outputLen" how much data is stored in "output". Set by the routine
1.919 +** after some data is stored in output.
1.920 +** "maxOutputLen" the maximum amount of data that can ever be
1.921 +** stored in "output"
1.922 +** "input" the input data
1.923 +** "inputLen" the amount of input data
1.924 +*/
1.925 +extern SECStatus
1.926 +AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
1.927 + unsigned int *outputLen, unsigned int maxOutputLen,
1.928 + const unsigned char *input, unsigned int inputLen);
1.929 +
1.930 + /******************************************/
1.931 +/*
1.932 +** Camellia symmetric block cypher
1.933 +*/
1.934 +
1.935 +/*
1.936 +** Create a new Camellia context suitable for Camellia encryption/decryption.
1.937 +** "key" raw key data
1.938 +** "keylen" the number of bytes of key data (16, 24, or 32)
1.939 +*/
1.940 +extern CamelliaContext *
1.941 +Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
1.942 + int mode, int encrypt, unsigned int keylen);
1.943 +
1.944 +extern CamelliaContext *Camellia_AllocateContext(void);
1.945 +extern SECStatus Camellia_InitContext(CamelliaContext *cx,
1.946 + const unsigned char *key,
1.947 + unsigned int keylen,
1.948 + const unsigned char *iv,
1.949 + int mode,
1.950 + unsigned int encrypt,
1.951 + unsigned int unused);
1.952 +/*
1.953 +** Destroy a Camellia encryption/decryption context.
1.954 +** "cx" the context
1.955 +** "freeit" if PR_TRUE then free the object as well as its sub-objects
1.956 +*/
1.957 +extern void
1.958 +Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit);
1.959 +
1.960 +/*
1.961 +** Perform Camellia encryption.
1.962 +** "cx" the context
1.963 +** "output" the output buffer to store the encrypted data.
1.964 +** "outputLen" how much data is stored in "output". Set by the routine
1.965 +** after some data is stored in output.
1.966 +** "maxOutputLen" the maximum amount of data that can ever be
1.967 +** stored in "output"
1.968 +** "input" the input data
1.969 +** "inputLen" the amount of input data
1.970 +*/
1.971 +extern SECStatus
1.972 +Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
1.973 + unsigned int *outputLen, unsigned int maxOutputLen,
1.974 + const unsigned char *input, unsigned int inputLen);
1.975 +
1.976 +/*
1.977 +** Perform Camellia decryption.
1.978 +** "cx" the context
1.979 +** "output" the output buffer to store the decrypted data.
1.980 +** "outputLen" how much data is stored in "output". Set by the routine
1.981 +** after some data is stored in output.
1.982 +** "maxOutputLen" the maximum amount of data that can ever be
1.983 +** stored in "output"
1.984 +** "input" the input data
1.985 +** "inputLen" the amount of input data
1.986 +*/
1.987 +extern SECStatus
1.988 +Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
1.989 + unsigned int *outputLen, unsigned int maxOutputLen,
1.990 + const unsigned char *input, unsigned int inputLen);
1.991 +
1.992 +
1.993 +/******************************************/
1.994 +/*
1.995 +** MD5 secure hash function
1.996 +*/
1.997 +
1.998 +/*
1.999 +** Hash a null terminated string "src" into "dest" using MD5
1.1000 +*/
1.1001 +extern SECStatus MD5_Hash(unsigned char *dest, const char *src);
1.1002 +
1.1003 +/*
1.1004 +** Hash a non-null terminated string "src" into "dest" using MD5
1.1005 +*/
1.1006 +extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src,
1.1007 + PRUint32 src_length);
1.1008 +
1.1009 +/*
1.1010 +** Create a new MD5 context
1.1011 +*/
1.1012 +extern MD5Context *MD5_NewContext(void);
1.1013 +
1.1014 +
1.1015 +/*
1.1016 +** Destroy an MD5 secure hash context.
1.1017 +** "cx" the context
1.1018 +** "freeit" if PR_TRUE then free the object as well as its sub-objects
1.1019 +*/
1.1020 +extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit);
1.1021 +
1.1022 +/*
1.1023 +** Reset an MD5 context, preparing it for a fresh round of hashing
1.1024 +*/
1.1025 +extern void MD5_Begin(MD5Context *cx);
1.1026 +
1.1027 +/*
1.1028 +** Update the MD5 hash function with more data.
1.1029 +** "cx" the context
1.1030 +** "input" the data to hash
1.1031 +** "inputLen" the amount of data to hash
1.1032 +*/
1.1033 +extern void MD5_Update(MD5Context *cx,
1.1034 + const unsigned char *input, unsigned int inputLen);
1.1035 +
1.1036 +/*
1.1037 +** Finish the MD5 hash function. Produce the digested results in "digest"
1.1038 +** "cx" the context
1.1039 +** "digest" where the 16 bytes of digest data are stored
1.1040 +** "digestLen" where the digest length (16) is stored
1.1041 +** "maxDigestLen" the maximum amount of data that can ever be
1.1042 +** stored in "digest"
1.1043 +*/
1.1044 +extern void MD5_End(MD5Context *cx, unsigned char *digest,
1.1045 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1046 +
1.1047 +/*
1.1048 +** Export the current state of the MD5 hash without appending the standard
1.1049 +** padding and length bytes. Produce the digested results in "digest"
1.1050 +** "cx" the context
1.1051 +** "digest" where the 16 bytes of digest data are stored
1.1052 +** "digestLen" where the digest length (16) is stored (optional)
1.1053 +** "maxDigestLen" the maximum amount of data that can ever be
1.1054 +** stored in "digest"
1.1055 +*/
1.1056 +extern void MD5_EndRaw(MD5Context *cx, unsigned char *digest,
1.1057 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1058 +
1.1059 +/*
1.1060 + * Return the the size of a buffer needed to flatten the MD5 Context into
1.1061 + * "cx" the context
1.1062 + * returns size;
1.1063 + */
1.1064 +extern unsigned int MD5_FlattenSize(MD5Context *cx);
1.1065 +
1.1066 +/*
1.1067 + * Flatten the MD5 Context into a buffer:
1.1068 + * "cx" the context
1.1069 + * "space" the buffer to flatten to
1.1070 + * returns status;
1.1071 + */
1.1072 +extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space);
1.1073 +
1.1074 +/*
1.1075 + * Resurrect a flattened context into a MD5 Context
1.1076 + * "space" the buffer of the flattend buffer
1.1077 + * "arg" ptr to void used by cryptographic resurrect
1.1078 + * returns resurected context;
1.1079 + */
1.1080 +extern MD5Context * MD5_Resurrect(unsigned char *space, void *arg);
1.1081 +extern void MD5_Clone(MD5Context *dest, MD5Context *src);
1.1082 +
1.1083 +/*
1.1084 +** trace the intermediate state info of the MD5 hash.
1.1085 +*/
1.1086 +extern void MD5_TraceState(MD5Context *cx);
1.1087 +
1.1088 +
1.1089 +/******************************************/
1.1090 +/*
1.1091 +** MD2 secure hash function
1.1092 +*/
1.1093 +
1.1094 +/*
1.1095 +** Hash a null terminated string "src" into "dest" using MD2
1.1096 +*/
1.1097 +extern SECStatus MD2_Hash(unsigned char *dest, const char *src);
1.1098 +
1.1099 +/*
1.1100 +** Create a new MD2 context
1.1101 +*/
1.1102 +extern MD2Context *MD2_NewContext(void);
1.1103 +
1.1104 +
1.1105 +/*
1.1106 +** Destroy an MD2 secure hash context.
1.1107 +** "cx" the context
1.1108 +** "freeit" if PR_TRUE then free the object as well as its sub-objects
1.1109 +*/
1.1110 +extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit);
1.1111 +
1.1112 +/*
1.1113 +** Reset an MD2 context, preparing it for a fresh round of hashing
1.1114 +*/
1.1115 +extern void MD2_Begin(MD2Context *cx);
1.1116 +
1.1117 +/*
1.1118 +** Update the MD2 hash function with more data.
1.1119 +** "cx" the context
1.1120 +** "input" the data to hash
1.1121 +** "inputLen" the amount of data to hash
1.1122 +*/
1.1123 +extern void MD2_Update(MD2Context *cx,
1.1124 + const unsigned char *input, unsigned int inputLen);
1.1125 +
1.1126 +/*
1.1127 +** Finish the MD2 hash function. Produce the digested results in "digest"
1.1128 +** "cx" the context
1.1129 +** "digest" where the 16 bytes of digest data are stored
1.1130 +** "digestLen" where the digest length (16) is stored
1.1131 +** "maxDigestLen" the maximum amount of data that can ever be
1.1132 +** stored in "digest"
1.1133 +*/
1.1134 +extern void MD2_End(MD2Context *cx, unsigned char *digest,
1.1135 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1136 +
1.1137 +/*
1.1138 + * Return the the size of a buffer needed to flatten the MD2 Context into
1.1139 + * "cx" the context
1.1140 + * returns size;
1.1141 + */
1.1142 +extern unsigned int MD2_FlattenSize(MD2Context *cx);
1.1143 +
1.1144 +/*
1.1145 + * Flatten the MD2 Context into a buffer:
1.1146 + * "cx" the context
1.1147 + * "space" the buffer to flatten to
1.1148 + * returns status;
1.1149 + */
1.1150 +extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space);
1.1151 +
1.1152 +/*
1.1153 + * Resurrect a flattened context into a MD2 Context
1.1154 + * "space" the buffer of the flattend buffer
1.1155 + * "arg" ptr to void used by cryptographic resurrect
1.1156 + * returns resurected context;
1.1157 + */
1.1158 +extern MD2Context * MD2_Resurrect(unsigned char *space, void *arg);
1.1159 +extern void MD2_Clone(MD2Context *dest, MD2Context *src);
1.1160 +
1.1161 +/******************************************/
1.1162 +/*
1.1163 +** SHA-1 secure hash function
1.1164 +*/
1.1165 +
1.1166 +/*
1.1167 +** Hash a null terminated string "src" into "dest" using SHA-1
1.1168 +*/
1.1169 +extern SECStatus SHA1_Hash(unsigned char *dest, const char *src);
1.1170 +
1.1171 +/*
1.1172 +** Hash a non-null terminated string "src" into "dest" using SHA-1
1.1173 +*/
1.1174 +extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src,
1.1175 + PRUint32 src_length);
1.1176 +
1.1177 +/*
1.1178 +** Create a new SHA-1 context
1.1179 +*/
1.1180 +extern SHA1Context *SHA1_NewContext(void);
1.1181 +
1.1182 +
1.1183 +/*
1.1184 +** Destroy a SHA-1 secure hash context.
1.1185 +** "cx" the context
1.1186 +** "freeit" if PR_TRUE then free the object as well as its sub-objects
1.1187 +*/
1.1188 +extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit);
1.1189 +
1.1190 +/*
1.1191 +** Reset a SHA-1 context, preparing it for a fresh round of hashing
1.1192 +*/
1.1193 +extern void SHA1_Begin(SHA1Context *cx);
1.1194 +
1.1195 +/*
1.1196 +** Update the SHA-1 hash function with more data.
1.1197 +** "cx" the context
1.1198 +** "input" the data to hash
1.1199 +** "inputLen" the amount of data to hash
1.1200 +*/
1.1201 +extern void SHA1_Update(SHA1Context *cx, const unsigned char *input,
1.1202 + unsigned int inputLen);
1.1203 +
1.1204 +/*
1.1205 +** Finish the SHA-1 hash function. Produce the digested results in "digest"
1.1206 +** "cx" the context
1.1207 +** "digest" where the 16 bytes of digest data are stored
1.1208 +** "digestLen" where the digest length (20) is stored
1.1209 +** "maxDigestLen" the maximum amount of data that can ever be
1.1210 +** stored in "digest"
1.1211 +*/
1.1212 +extern void SHA1_End(SHA1Context *cx, unsigned char *digest,
1.1213 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1214 +
1.1215 +/*
1.1216 +** Export the current state of the SHA-1 hash without appending the standard
1.1217 +** padding and length bytes. Produce the digested results in "digest"
1.1218 +** "cx" the context
1.1219 +** "digest" where the 20 bytes of digest data are stored
1.1220 +** "digestLen" where the digest length (20) is stored (optional)
1.1221 +** "maxDigestLen" the maximum amount of data that can ever be
1.1222 +** stored in "digest"
1.1223 +*/
1.1224 +extern void SHA1_EndRaw(SHA1Context *cx, unsigned char *digest,
1.1225 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1226 +
1.1227 +/*
1.1228 +** trace the intermediate state info of the SHA1 hash.
1.1229 +*/
1.1230 +extern void SHA1_TraceState(SHA1Context *cx);
1.1231 +
1.1232 +/*
1.1233 + * Return the the size of a buffer needed to flatten the SHA-1 Context into
1.1234 + * "cx" the context
1.1235 + * returns size;
1.1236 + */
1.1237 +extern unsigned int SHA1_FlattenSize(SHA1Context *cx);
1.1238 +
1.1239 +/*
1.1240 + * Flatten the SHA-1 Context into a buffer:
1.1241 + * "cx" the context
1.1242 + * "space" the buffer to flatten to
1.1243 + * returns status;
1.1244 + */
1.1245 +extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space);
1.1246 +
1.1247 +/*
1.1248 + * Resurrect a flattened context into a SHA-1 Context
1.1249 + * "space" the buffer of the flattend buffer
1.1250 + * "arg" ptr to void used by cryptographic resurrect
1.1251 + * returns resurected context;
1.1252 + */
1.1253 +extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg);
1.1254 +extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
1.1255 +
1.1256 +/******************************************/
1.1257 +
1.1258 +extern SHA224Context *SHA224_NewContext(void);
1.1259 +extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
1.1260 +extern void SHA224_Begin(SHA224Context *cx);
1.1261 +extern void SHA224_Update(SHA224Context *cx, const unsigned char *input,
1.1262 + unsigned int inputLen);
1.1263 +extern void SHA224_End(SHA224Context *cx, unsigned char *digest,
1.1264 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1265 +/*
1.1266 +** Export the current state of the SHA-224 hash without appending the standard
1.1267 +** padding and length bytes. Produce the digested results in "digest"
1.1268 +** "cx" the context
1.1269 +** "digest" where the 28 bytes of digest data are stored
1.1270 +** "digestLen" where the digest length (28) is stored (optional)
1.1271 +** "maxDigestLen" the maximum amount of data that can ever be
1.1272 +** stored in "digest"
1.1273 +*/
1.1274 +extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest,
1.1275 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1276 +extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
1.1277 + PRUint32 src_length);
1.1278 +extern SECStatus SHA224_Hash(unsigned char *dest, const char *src);
1.1279 +extern void SHA224_TraceState(SHA224Context *cx);
1.1280 +extern unsigned int SHA224_FlattenSize(SHA224Context *cx);
1.1281 +extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
1.1282 +extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
1.1283 +extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
1.1284 +
1.1285 +/******************************************/
1.1286 +
1.1287 +extern SHA256Context *SHA256_NewContext(void);
1.1288 +extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
1.1289 +extern void SHA256_Begin(SHA256Context *cx);
1.1290 +extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
1.1291 + unsigned int inputLen);
1.1292 +extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
1.1293 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1294 +/*
1.1295 +** Export the current state of the SHA-256 hash without appending the standard
1.1296 +** padding and length bytes. Produce the digested results in "digest"
1.1297 +** "cx" the context
1.1298 +** "digest" where the 32 bytes of digest data are stored
1.1299 +** "digestLen" where the digest length (32) is stored (optional)
1.1300 +** "maxDigestLen" the maximum amount of data that can ever be
1.1301 +** stored in "digest"
1.1302 +*/
1.1303 +extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest,
1.1304 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1305 +extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
1.1306 + PRUint32 src_length);
1.1307 +extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
1.1308 +extern void SHA256_TraceState(SHA256Context *cx);
1.1309 +extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
1.1310 +extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
1.1311 +extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
1.1312 +extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src);
1.1313 +
1.1314 +/******************************************/
1.1315 +
1.1316 +extern SHA512Context *SHA512_NewContext(void);
1.1317 +extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
1.1318 +extern void SHA512_Begin(SHA512Context *cx);
1.1319 +extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
1.1320 + unsigned int inputLen);
1.1321 +/*
1.1322 +** Export the current state of the SHA-512 hash without appending the standard
1.1323 +** padding and length bytes. Produce the digested results in "digest"
1.1324 +** "cx" the context
1.1325 +** "digest" where the 64 bytes of digest data are stored
1.1326 +** "digestLen" where the digest length (64) is stored (optional)
1.1327 +** "maxDigestLen" the maximum amount of data that can ever be
1.1328 +** stored in "digest"
1.1329 +*/
1.1330 +extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest,
1.1331 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1332 +extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
1.1333 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1334 +extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
1.1335 + PRUint32 src_length);
1.1336 +extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
1.1337 +extern void SHA512_TraceState(SHA512Context *cx);
1.1338 +extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
1.1339 +extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
1.1340 +extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
1.1341 +extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src);
1.1342 +
1.1343 +/******************************************/
1.1344 +
1.1345 +extern SHA384Context *SHA384_NewContext(void);
1.1346 +extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
1.1347 +extern void SHA384_Begin(SHA384Context *cx);
1.1348 +extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
1.1349 + unsigned int inputLen);
1.1350 +extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
1.1351 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1352 +/*
1.1353 +** Export the current state of the SHA-384 hash without appending the standard
1.1354 +** padding and length bytes. Produce the digested results in "digest"
1.1355 +** "cx" the context
1.1356 +** "digest" where the 48 bytes of digest data are stored
1.1357 +** "digestLen" where the digest length (48) is stored (optional)
1.1358 +** "maxDigestLen" the maximum amount of data that can ever be
1.1359 +** stored in "digest"
1.1360 +*/
1.1361 +extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest,
1.1362 + unsigned int *digestLen, unsigned int maxDigestLen);
1.1363 +extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
1.1364 + PRUint32 src_length);
1.1365 +extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
1.1366 +extern void SHA384_TraceState(SHA384Context *cx);
1.1367 +extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
1.1368 +extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
1.1369 +extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
1.1370 +extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
1.1371 +
1.1372 +/****************************************
1.1373 + * implement TLS 1.0 Pseudo Random Function (PRF) and TLS P_hash function
1.1374 + */
1.1375 +
1.1376 +extern SECStatus
1.1377 +TLS_PRF(const SECItem *secret, const char *label, SECItem *seed,
1.1378 + SECItem *result, PRBool isFIPS);
1.1379 +
1.1380 +extern SECStatus
1.1381 +TLS_P_hash(HASH_HashType hashAlg, const SECItem *secret, const char *label,
1.1382 + SECItem *seed, SECItem *result, PRBool isFIPS);
1.1383 +
1.1384 +/******************************************/
1.1385 +/*
1.1386 +** Pseudo Random Number Generation. FIPS compliance desirable.
1.1387 +*/
1.1388 +
1.1389 +/*
1.1390 +** Initialize the global RNG context and give it some seed input taken
1.1391 +** from the system. This function is thread-safe and will only allow
1.1392 +** the global context to be initialized once. The seed input is likely
1.1393 +** small, so it is imperative that RNG_RandomUpdate() be called with
1.1394 +** additional seed data before the generator is used. A good way to
1.1395 +** provide the generator with additional entropy is to call
1.1396 +** RNG_SystemInfoForRNG(). Note that NSS_Init() does exactly that.
1.1397 +*/
1.1398 +extern SECStatus RNG_RNGInit(void);
1.1399 +
1.1400 +/*
1.1401 +** Update the global random number generator with more seeding
1.1402 +** material
1.1403 +*/
1.1404 +extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes);
1.1405 +
1.1406 +/*
1.1407 +** Generate some random bytes, using the global random number generator
1.1408 +** object.
1.1409 +*/
1.1410 +extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len);
1.1411 +
1.1412 +/* Destroy the global RNG context. After a call to RNG_RNGShutdown()
1.1413 +** a call to RNG_RNGInit() is required in order to use the generator again,
1.1414 +** along with seed data (see the comment above RNG_RNGInit()).
1.1415 +*/
1.1416 +extern void RNG_RNGShutdown(void);
1.1417 +
1.1418 +extern void RNG_SystemInfoForRNG(void);
1.1419 +
1.1420 +/*
1.1421 + * FIPS 186-2 Change Notice 1 RNG Algorithm 1, used both to
1.1422 + * generate the DSA X parameter and as a generic purpose RNG.
1.1423 + *
1.1424 + * The following two FIPS186Change functions are needed for
1.1425 + * NIST RNG Validation System.
1.1426 + */
1.1427 +
1.1428 +/*
1.1429 + * FIPS186Change_GenerateX is now deprecated. It will return SECFailure with
1.1430 + * the error set to PR_NOT_IMPLEMENTED_ERROR.
1.1431 + */
1.1432 +extern SECStatus
1.1433 +FIPS186Change_GenerateX(unsigned char *XKEY,
1.1434 + const unsigned char *XSEEDj,
1.1435 + unsigned char *x_j);
1.1436 +
1.1437 +/*
1.1438 + * When generating the DSA X parameter, we generate 2*GSIZE bytes
1.1439 + * of random output and reduce it mod q.
1.1440 + *
1.1441 + * Input: w, 2*GSIZE bytes
1.1442 + * q, DSA_SUBPRIME_LEN bytes
1.1443 + * Output: xj, DSA_SUBPRIME_LEN bytes
1.1444 + */
1.1445 +extern SECStatus
1.1446 +FIPS186Change_ReduceModQForDSA(const unsigned char *w,
1.1447 + const unsigned char *q,
1.1448 + unsigned char *xj);
1.1449 +
1.1450 +/*
1.1451 + * The following functions are for FIPS poweron self test and FIPS algorithm
1.1452 + * testing.
1.1453 + */
1.1454 +extern SECStatus
1.1455 +PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
1.1456 + const PRUint8 *nonce, unsigned int nonce_len,
1.1457 + const PRUint8 *personal_string, unsigned int ps_len);
1.1458 +
1.1459 +extern SECStatus
1.1460 +PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
1.1461 + const PRUint8 *additional, unsigned int additional_len);
1.1462 +
1.1463 +extern SECStatus
1.1464 +PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
1.1465 + const PRUint8 *additional, unsigned int additional_len);
1.1466 +
1.1467 +extern SECStatus
1.1468 +PRNGTEST_Uninstantiate(void);
1.1469 +
1.1470 +extern SECStatus
1.1471 +PRNGTEST_RunHealthTests(void);
1.1472 +
1.1473 +/* Generate PQGParams and PQGVerify structs.
1.1474 + * Length of seed and length of h both equal length of P.
1.1475 + * All lengths are specified by "j", according to the table above.
1.1476 + *
1.1477 + * The verify parameters will conform to FIPS186-1.
1.1478 + */
1.1479 +extern SECStatus
1.1480 +PQG_ParamGen(unsigned int j, /* input : determines length of P. */
1.1481 + PQGParams **pParams, /* output: P Q and G returned here */
1.1482 + PQGVerify **pVfy); /* output: counter and seed. */
1.1483 +
1.1484 +/* Generate PQGParams and PQGVerify structs.
1.1485 + * Length of P specified by j. Length of h will match length of P.
1.1486 + * Length of SEED in bytes specified in seedBytes.
1.1487 + * seedBbytes must be in the range [20..255] or an error will result.
1.1488 + *
1.1489 + * The verify parameters will conform to FIPS186-1.
1.1490 + */
1.1491 +extern SECStatus
1.1492 +PQG_ParamGenSeedLen(
1.1493 + unsigned int j, /* input : determines length of P. */
1.1494 + unsigned int seedBytes, /* input : length of seed in bytes.*/
1.1495 + PQGParams **pParams, /* output: P Q and G returned here */
1.1496 + PQGVerify **pVfy); /* output: counter and seed. */
1.1497 +
1.1498 +/* Generate PQGParams and PQGVerify structs.
1.1499 + * Length of P specified by L in bits.
1.1500 + * Length of Q specified by N in bits.
1.1501 + * Length of SEED in bytes specified in seedBytes.
1.1502 + * seedBbytes must be in the range [N..L*2] or an error will result.
1.1503 + *
1.1504 + * Not that J uses the above table, L is the length exact. L and N must
1.1505 + * match the table below or an error will result:
1.1506 + *
1.1507 + * L N
1.1508 + * 1024 160
1.1509 + * 2048 224
1.1510 + * 2048 256
1.1511 + * 3072 256
1.1512 + *
1.1513 + * If N or seedBytes are set to zero, then PQG_ParamGenSeedLen will
1.1514 + * pick a default value (typically the smallest secure value for these
1.1515 + * variables).
1.1516 + *
1.1517 + * The verify parameters will conform to FIPS186-3 using the smallest
1.1518 + * permissible hash for the key strength.
1.1519 + */
1.1520 +extern SECStatus
1.1521 +PQG_ParamGenV2(
1.1522 + unsigned int L, /* input : determines length of P. */
1.1523 + unsigned int N, /* input : determines length of Q. */
1.1524 + unsigned int seedBytes, /* input : length of seed in bytes.*/
1.1525 + PQGParams **pParams, /* output: P Q and G returned here */
1.1526 + PQGVerify **pVfy); /* output: counter and seed. */
1.1527 +
1.1528 +
1.1529 +/* Test PQGParams for validity as DSS PQG values.
1.1530 + * If vfy is non-NULL, test PQGParams to make sure they were generated
1.1531 + * using the specified seed, counter, and h values.
1.1532 + *
1.1533 + * Return value indicates whether Verification operation ran successfully
1.1534 + * to completion, but does not indicate if PQGParams are valid or not.
1.1535 + * If return value is SECSuccess, then *pResult has these meanings:
1.1536 + * SECSuccess: PQGParams are valid.
1.1537 + * SECFailure: PQGParams are invalid.
1.1538 + *
1.1539 + * Verify the PQG againts the counter, SEED and h.
1.1540 + * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2
1.1541 + * PQG_VerifyParams will automatically choose the appropriate test.
1.1542 + */
1.1543 +
1.1544 +extern SECStatus PQG_VerifyParams(const PQGParams *params,
1.1545 + const PQGVerify *vfy, SECStatus *result);
1.1546 +
1.1547 +extern void PQG_DestroyParams(PQGParams *params);
1.1548 +
1.1549 +extern void PQG_DestroyVerify(PQGVerify *vfy);
1.1550 +
1.1551 +
1.1552 +/*
1.1553 + * clean-up any global tables freebl may have allocated after it starts up.
1.1554 + * This function is not thread safe and should be called only after the
1.1555 + * library has been quiessed.
1.1556 + */
1.1557 +extern void BL_Cleanup(void);
1.1558 +
1.1559 +/* unload freebl shared library from memory */
1.1560 +extern void BL_Unload(void);
1.1561 +
1.1562 +/**************************************************************************
1.1563 + * Verify a given Shared library signature *
1.1564 + **************************************************************************/
1.1565 +PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr);
1.1566 +
1.1567 +/**************************************************************************
1.1568 + * Verify a given filename's signature *
1.1569 + **************************************************************************/
1.1570 +PRBool BLAPI_SHVerifyFile(const char *shName);
1.1571 +
1.1572 +/**************************************************************************
1.1573 + * Verify Are Own Shared library signature *
1.1574 + **************************************************************************/
1.1575 +PRBool BLAPI_VerifySelf(const char *name);
1.1576 +
1.1577 +/*********************************************************************/
1.1578 +extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType);
1.1579 +
1.1580 +extern void BL_SetForkState(PRBool forked);
1.1581 +
1.1582 +#ifndef NSS_DISABLE_ECC
1.1583 +/*
1.1584 +** pepare an ECParam structure from DEREncoded params
1.1585 + */
1.1586 +extern SECStatus EC_FillParams(PLArenaPool *arena,
1.1587 + const SECItem *encodedParams, ECParams *params);
1.1588 +extern SECStatus EC_DecodeParams(const SECItem *encodedParams,
1.1589 + ECParams **ecparams);
1.1590 +extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
1.1591 + const ECParams *srcParams);
1.1592 +#endif
1.1593 +
1.1594 +SEC_END_PROTOS
1.1595 +
1.1596 +#endif /* _BLAPI_H_ */
