1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/freebl/blapit.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,422 @@
1.4 +/*
1.5 + * blapit.h - public data structures for the freebl library
1.6 + *
1.7 + * This Source Code Form is subject to the terms of the Mozilla Public
1.8 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.9 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.10 +
1.11 +#ifndef _BLAPIT_H_
1.12 +#define _BLAPIT_H_
1.13 +
1.14 +#include "seccomon.h"
1.15 +#include "prlink.h"
1.16 +#include "plarena.h"
1.17 +#include "ecl-exp.h"
1.18 +
1.19 +
1.20 +/* RC2 operation modes */
1.21 +#define NSS_RC2 0
1.22 +#define NSS_RC2_CBC 1
1.23 +
1.24 +/* RC5 operation modes */
1.25 +#define NSS_RC5 0
1.26 +#define NSS_RC5_CBC 1
1.27 +
1.28 +/* DES operation modes */
1.29 +#define NSS_DES 0
1.30 +#define NSS_DES_CBC 1
1.31 +#define NSS_DES_EDE3 2
1.32 +#define NSS_DES_EDE3_CBC 3
1.33 +
1.34 +#define DES_KEY_LENGTH 8 /* Bytes */
1.35 +
1.36 +/* AES operation modes */
1.37 +#define NSS_AES 0
1.38 +#define NSS_AES_CBC 1
1.39 +#define NSS_AES_CTS 2
1.40 +#define NSS_AES_CTR 3
1.41 +#define NSS_AES_GCM 4
1.42 +
1.43 +/* Camellia operation modes */
1.44 +#define NSS_CAMELLIA 0
1.45 +#define NSS_CAMELLIA_CBC 1
1.46 +
1.47 +/* SEED operation modes */
1.48 +#define NSS_SEED 0
1.49 +#define NSS_SEED_CBC 1
1.50 +
1.51 +#define DSA1_SUBPRIME_LEN 20 /* Bytes */
1.52 +#define DSA1_SIGNATURE_LEN (DSA1_SUBPRIME_LEN*2) /* Bytes */
1.53 +#define DSA_MAX_SUBPRIME_LEN 32 /* Bytes */
1.54 +#define DSA_MAX_SIGNATURE_LEN (DSA_MAX_SUBPRIME_LEN*2)/* Bytes */
1.55 +
1.56 +/*
1.57 + * Mark the old defines as deprecated. This will warn code that expected
1.58 + * DSA1 only that they need to change if the are to support DSA2.
1.59 + */
1.60 +#if defined(__GNUC__) && (__GNUC__ > 3)
1.61 +/* make GCC warn when we use these #defines */
1.62 +typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
1.63 +#define DSA_SUBPRIME_LEN ((__BLAPI_DEPRECATED)DSA1_SUBPRIME_LEN)
1.64 +#define DSA_SIGNATURE_LEN ((__BLAPI_DEPRECATED)DSA1_SIGNATURE_LEN)
1.65 +#define DSA_Q_BITS ((__BLAPI_DEPRECATED)(DSA1_SUBPRIME_LEN*8))
1.66 +#else
1.67 +#ifdef _WIN32
1.68 +/* This magic gets the windows compiler to give us a deprecation
1.69 + * warning */
1.70 +#pragma deprecated(DSA_SUBPRIME_LEN, DSA_SIGNATURE_LEN, DSA_QBITS)
1.71 +#endif
1.72 +#define DSA_SUBPRIME_LEN DSA1_SUBPRIME_LEN
1.73 +#define DSA_SIGNATURE_LEN DSA1_SIGNATURE_LEN
1.74 +#define DSA_Q_BITS (DSA1_SUBPRIME_LEN*8)
1.75 +#endif
1.76 +
1.77 +
1.78 +/* XXX We shouldn't have to hard code this limit. For
1.79 + * now, this is the quickest way to support ECDSA signature
1.80 + * processing (ECDSA signature lengths depend on curve
1.81 + * size). This limit is sufficient for curves upto
1.82 + * 576 bits.
1.83 + */
1.84 +#define MAX_ECKEY_LEN 72 /* Bytes */
1.85 +
1.86 +#ifdef NSS_ECC_MORE_THAN_SUITE_B
1.87 +#define EC_MAX_KEY_BITS 571 /* in bits */
1.88 +#define EC_MIN_KEY_BITS 112 /* in bits */
1.89 +#else
1.90 +#define EC_MAX_KEY_BITS 521 /* in bits */
1.91 +#define EC_MIN_KEY_BITS 256 /* in bits */
1.92 +#endif
1.93 +
1.94 +/* EC point compression format */
1.95 +#define EC_POINT_FORM_COMPRESSED_Y0 0x02
1.96 +#define EC_POINT_FORM_COMPRESSED_Y1 0x03
1.97 +#define EC_POINT_FORM_UNCOMPRESSED 0x04
1.98 +#define EC_POINT_FORM_HYBRID_Y0 0x06
1.99 +#define EC_POINT_FORM_HYBRID_Y1 0x07
1.100 +
1.101 +/*
1.102 + * Number of bytes each hash algorithm produces
1.103 + */
1.104 +#define MD2_LENGTH 16 /* Bytes */
1.105 +#define MD5_LENGTH 16 /* Bytes */
1.106 +#define SHA1_LENGTH 20 /* Bytes */
1.107 +#define SHA256_LENGTH 32 /* bytes */
1.108 +#define SHA384_LENGTH 48 /* bytes */
1.109 +#define SHA512_LENGTH 64 /* bytes */
1.110 +#define HASH_LENGTH_MAX SHA512_LENGTH
1.111 +
1.112 +/*
1.113 + * Input block size for each hash algorithm.
1.114 + */
1.115 +
1.116 +#define MD2_BLOCK_LENGTH 64 /* bytes */
1.117 +#define MD5_BLOCK_LENGTH 64 /* bytes */
1.118 +#define SHA1_BLOCK_LENGTH 64 /* bytes */
1.119 +#define SHA224_BLOCK_LENGTH 64 /* bytes */
1.120 +#define SHA256_BLOCK_LENGTH 64 /* bytes */
1.121 +#define SHA384_BLOCK_LENGTH 128 /* bytes */
1.122 +#define SHA512_BLOCK_LENGTH 128 /* bytes */
1.123 +#define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH
1.124 +
1.125 +#define AES_KEY_WRAP_IV_BYTES 8
1.126 +#define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */
1.127 +#define AES_BLOCK_SIZE 16 /* bytes */
1.128 +
1.129 +#define AES_128_KEY_LENGTH 16 /* bytes */
1.130 +#define AES_192_KEY_LENGTH 24 /* bytes */
1.131 +#define AES_256_KEY_LENGTH 32 /* bytes */
1.132 +
1.133 +#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
1.134 +
1.135 +#define SEED_BLOCK_SIZE 16 /* bytes */
1.136 +#define SEED_KEY_LENGTH 16 /* bytes */
1.137 +
1.138 +#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
1.139 +
1.140 +/*
1.141 + * These values come from the initial key size limits from the PKCS #11
1.142 + * module. They may be arbitrarily adjusted to any value freebl supports.
1.143 + */
1.144 +#define RSA_MIN_MODULUS_BITS 128
1.145 +#define RSA_MAX_MODULUS_BITS 16384
1.146 +#define RSA_MAX_EXPONENT_BITS 64
1.147 +#define DH_MIN_P_BITS 128
1.148 +#define DH_MAX_P_BITS 16384
1.149 +
1.150 +/*
1.151 + * The FIPS 186-1 algorithm for generating primes P and Q allows only 9
1.152 + * distinct values for the length of P, and only one value for the
1.153 + * length of Q.
1.154 + * The algorithm uses a variable j to indicate which of the 9 lengths
1.155 + * of P is to be used.
1.156 + * The following table relates j to the lengths of P and Q in bits.
1.157 + *
1.158 + * j bits in P bits in Q
1.159 + * _ _________ _________
1.160 + * 0 512 160
1.161 + * 1 576 160
1.162 + * 2 640 160
1.163 + * 3 704 160
1.164 + * 4 768 160
1.165 + * 5 832 160
1.166 + * 6 896 160
1.167 + * 7 960 160
1.168 + * 8 1024 160
1.169 + *
1.170 + * The FIPS-186-1 compliant PQG generator takes j as an input parameter.
1.171 + *
1.172 + * FIPS 186-3 algorithm specifies 4 distinct P and Q sizes:
1.173 + *
1.174 + * bits in P bits in Q
1.175 + * _________ _________
1.176 + * 1024 160
1.177 + * 2048 224
1.178 + * 2048 256
1.179 + * 3072 256
1.180 + *
1.181 + * The FIPS-186-3 complaiant PQG generator (PQG V2) takes arbitrary p and q
1.182 + * lengths as input and returns an error if they aren't in this list.
1.183 + */
1.184 +
1.185 +#define DSA1_Q_BITS 160
1.186 +#define DSA_MAX_P_BITS 3072
1.187 +#define DSA_MIN_P_BITS 512
1.188 +#define DSA_MAX_Q_BITS 256
1.189 +#define DSA_MIN_Q_BITS 160
1.190 +
1.191 +#if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN*8
1.192 +#error "Inconsistent declaration of DSA SUBPRIME/Q parameters in blapit.h"
1.193 +#endif
1.194 +
1.195 +
1.196 +/*
1.197 + * function takes desired number of bits in P,
1.198 + * returns index (0..8) or -1 if number of bits is invalid.
1.199 + */
1.200 +#define PQG_PBITS_TO_INDEX(bits) \
1.201 + (((bits) < 512 || (bits) > 1024 || (bits) % 64) ? \
1.202 + -1 : (int)((bits)-512)/64)
1.203 +
1.204 +/*
1.205 + * function takes index (0-8)
1.206 + * returns number of bits in P for that index, or -1 if index is invalid.
1.207 + */
1.208 +#define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j)))
1.209 +
1.210 +
1.211 +/***************************************************************************
1.212 +** Opaque objects
1.213 +*/
1.214 +
1.215 +struct DESContextStr ;
1.216 +struct RC2ContextStr ;
1.217 +struct RC4ContextStr ;
1.218 +struct RC5ContextStr ;
1.219 +struct AESContextStr ;
1.220 +struct CamelliaContextStr ;
1.221 +struct MD2ContextStr ;
1.222 +struct MD5ContextStr ;
1.223 +struct SHA1ContextStr ;
1.224 +struct SHA256ContextStr ;
1.225 +struct SHA512ContextStr ;
1.226 +struct AESKeyWrapContextStr ;
1.227 +struct SEEDContextStr ;
1.228 +
1.229 +typedef struct DESContextStr DESContext;
1.230 +typedef struct RC2ContextStr RC2Context;
1.231 +typedef struct RC4ContextStr RC4Context;
1.232 +typedef struct RC5ContextStr RC5Context;
1.233 +typedef struct AESContextStr AESContext;
1.234 +typedef struct CamelliaContextStr CamelliaContext;
1.235 +typedef struct MD2ContextStr MD2Context;
1.236 +typedef struct MD5ContextStr MD5Context;
1.237 +typedef struct SHA1ContextStr SHA1Context;
1.238 +typedef struct SHA256ContextStr SHA256Context;
1.239 +/* SHA224Context is really a SHA256ContextStr. This is not a mistake. */
1.240 +typedef struct SHA256ContextStr SHA224Context;
1.241 +typedef struct SHA512ContextStr SHA512Context;
1.242 +/* SHA384Context is really a SHA512ContextStr. This is not a mistake. */
1.243 +typedef struct SHA512ContextStr SHA384Context;
1.244 +typedef struct AESKeyWrapContextStr AESKeyWrapContext;
1.245 +typedef struct SEEDContextStr SEEDContext;
1.246 +
1.247 +/***************************************************************************
1.248 +** RSA Public and Private Key structures
1.249 +*/
1.250 +
1.251 +/* member names from PKCS#1, section 7.1 */
1.252 +struct RSAPublicKeyStr {
1.253 + PLArenaPool * arena;
1.254 + SECItem modulus;
1.255 + SECItem publicExponent;
1.256 +};
1.257 +typedef struct RSAPublicKeyStr RSAPublicKey;
1.258 +
1.259 +/* member names from PKCS#1, section 7.2 */
1.260 +struct RSAPrivateKeyStr {
1.261 + PLArenaPool * arena;
1.262 + SECItem version;
1.263 + SECItem modulus;
1.264 + SECItem publicExponent;
1.265 + SECItem privateExponent;
1.266 + SECItem prime1;
1.267 + SECItem prime2;
1.268 + SECItem exponent1;
1.269 + SECItem exponent2;
1.270 + SECItem coefficient;
1.271 +};
1.272 +typedef struct RSAPrivateKeyStr RSAPrivateKey;
1.273 +
1.274 +
1.275 +/***************************************************************************
1.276 +** DSA Public and Private Key and related structures
1.277 +*/
1.278 +
1.279 +struct PQGParamsStr {
1.280 + PLArenaPool *arena;
1.281 + SECItem prime; /* p */
1.282 + SECItem subPrime; /* q */
1.283 + SECItem base; /* g */
1.284 + /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
1.285 +};
1.286 +typedef struct PQGParamsStr PQGParams;
1.287 +
1.288 +struct PQGVerifyStr {
1.289 + PLArenaPool * arena; /* includes this struct, seed, & h. */
1.290 + unsigned int counter;
1.291 + SECItem seed;
1.292 + SECItem h;
1.293 +};
1.294 +typedef struct PQGVerifyStr PQGVerify;
1.295 +
1.296 +struct DSAPublicKeyStr {
1.297 + PQGParams params;
1.298 + SECItem publicValue;
1.299 +};
1.300 +typedef struct DSAPublicKeyStr DSAPublicKey;
1.301 +
1.302 +struct DSAPrivateKeyStr {
1.303 + PQGParams params;
1.304 + SECItem publicValue;
1.305 + SECItem privateValue;
1.306 +};
1.307 +typedef struct DSAPrivateKeyStr DSAPrivateKey;
1.308 +
1.309 +/***************************************************************************
1.310 +** Diffie-Hellman Public and Private Key and related structures
1.311 +** Structure member names suggested by PKCS#3.
1.312 +*/
1.313 +
1.314 +struct DHParamsStr {
1.315 + PLArenaPool * arena;
1.316 + SECItem prime; /* p */
1.317 + SECItem base; /* g */
1.318 +};
1.319 +typedef struct DHParamsStr DHParams;
1.320 +
1.321 +struct DHPublicKeyStr {
1.322 + PLArenaPool * arena;
1.323 + SECItem prime;
1.324 + SECItem base;
1.325 + SECItem publicValue;
1.326 +};
1.327 +typedef struct DHPublicKeyStr DHPublicKey;
1.328 +
1.329 +struct DHPrivateKeyStr {
1.330 + PLArenaPool * arena;
1.331 + SECItem prime;
1.332 + SECItem base;
1.333 + SECItem publicValue;
1.334 + SECItem privateValue;
1.335 +};
1.336 +typedef struct DHPrivateKeyStr DHPrivateKey;
1.337 +
1.338 +/***************************************************************************
1.339 +** Data structures used for elliptic curve parameters and
1.340 +** public and private keys.
1.341 +*/
1.342 +
1.343 +/*
1.344 +** The ECParams data structures can encode elliptic curve
1.345 +** parameters for both GFp and GF2m curves.
1.346 +*/
1.347 +
1.348 +typedef enum { ec_params_explicit,
1.349 + ec_params_named
1.350 +} ECParamsType;
1.351 +
1.352 +typedef enum { ec_field_GFp = 1,
1.353 + ec_field_GF2m
1.354 +} ECFieldType;
1.355 +
1.356 +struct ECFieldIDStr {
1.357 + int size; /* field size in bits */
1.358 + ECFieldType type;
1.359 + union {
1.360 + SECItem prime; /* prime p for (GFp) */
1.361 + SECItem poly; /* irreducible binary polynomial for (GF2m) */
1.362 + } u;
1.363 + int k1; /* first coefficient of pentanomial or
1.364 + * the only coefficient of trinomial
1.365 + */
1.366 + int k2; /* two remaining coefficients of pentanomial */
1.367 + int k3;
1.368 +};
1.369 +typedef struct ECFieldIDStr ECFieldID;
1.370 +
1.371 +struct ECCurveStr {
1.372 + SECItem a; /* contains octet stream encoding of
1.373 + * field element (X9.62 section 4.3.3)
1.374 + */
1.375 + SECItem b;
1.376 + SECItem seed;
1.377 +};
1.378 +typedef struct ECCurveStr ECCurve;
1.379 +
1.380 +struct ECParamsStr {
1.381 + PLArenaPool * arena;
1.382 + ECParamsType type;
1.383 + ECFieldID fieldID;
1.384 + ECCurve curve;
1.385 + SECItem base;
1.386 + SECItem order;
1.387 + int cofactor;
1.388 + SECItem DEREncoding;
1.389 + ECCurveName name;
1.390 + SECItem curveOID;
1.391 +};
1.392 +typedef struct ECParamsStr ECParams;
1.393 +
1.394 +struct ECPublicKeyStr {
1.395 + ECParams ecParams;
1.396 + SECItem publicValue; /* elliptic curve point encoded as
1.397 + * octet stream.
1.398 + */
1.399 +};
1.400 +typedef struct ECPublicKeyStr ECPublicKey;
1.401 +
1.402 +struct ECPrivateKeyStr {
1.403 + ECParams ecParams;
1.404 + SECItem publicValue; /* encoded ec point */
1.405 + SECItem privateValue; /* private big integer */
1.406 + SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
1.407 +};
1.408 +typedef struct ECPrivateKeyStr ECPrivateKey;
1.409 +
1.410 +typedef void * (*BLapiAllocateFunc)(void);
1.411 +typedef void (*BLapiDestroyContextFunc)(void *cx, PRBool freeit);
1.412 +typedef SECStatus (*BLapiInitContextFunc)(void *cx,
1.413 + const unsigned char *key,
1.414 + unsigned int keylen,
1.415 + const unsigned char *,
1.416 + int,
1.417 + unsigned int ,
1.418 + unsigned int );
1.419 +typedef SECStatus (*BLapiEncrypt)(void *cx, unsigned char *output,
1.420 + unsigned int *outputLen,
1.421 + unsigned int maxOutputLen,
1.422 + const unsigned char *input,
1.423 + unsigned int inputLen);
1.424 +
1.425 +#endif /* _BLAPIT_H_ */
