michael@0: /* michael@0: * blapit.h - public data structures for the freebl library michael@0: * michael@0: * This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef _BLAPIT_H_ michael@0: #define _BLAPIT_H_ michael@0: michael@0: #include "seccomon.h" michael@0: #include "prlink.h" michael@0: #include "plarena.h" michael@0: #include "ecl-exp.h" michael@0: michael@0: michael@0: /* RC2 operation modes */ michael@0: #define NSS_RC2 0 michael@0: #define NSS_RC2_CBC 1 michael@0: michael@0: /* RC5 operation modes */ michael@0: #define NSS_RC5 0 michael@0: #define NSS_RC5_CBC 1 michael@0: michael@0: /* DES operation modes */ michael@0: #define NSS_DES 0 michael@0: #define NSS_DES_CBC 1 michael@0: #define NSS_DES_EDE3 2 michael@0: #define NSS_DES_EDE3_CBC 3 michael@0: michael@0: #define DES_KEY_LENGTH 8 /* Bytes */ michael@0: michael@0: /* AES operation modes */ michael@0: #define NSS_AES 0 michael@0: #define NSS_AES_CBC 1 michael@0: #define NSS_AES_CTS 2 michael@0: #define NSS_AES_CTR 3 michael@0: #define NSS_AES_GCM 4 michael@0: michael@0: /* Camellia operation modes */ michael@0: #define NSS_CAMELLIA 0 michael@0: #define NSS_CAMELLIA_CBC 1 michael@0: michael@0: /* SEED operation modes */ michael@0: #define NSS_SEED 0 michael@0: #define NSS_SEED_CBC 1 michael@0: michael@0: #define DSA1_SUBPRIME_LEN 20 /* Bytes */ michael@0: #define DSA1_SIGNATURE_LEN (DSA1_SUBPRIME_LEN*2) /* Bytes */ michael@0: #define DSA_MAX_SUBPRIME_LEN 32 /* Bytes */ michael@0: #define DSA_MAX_SIGNATURE_LEN (DSA_MAX_SUBPRIME_LEN*2)/* Bytes */ michael@0: michael@0: /* michael@0: * Mark the old defines as deprecated. This will warn code that expected michael@0: * DSA1 only that they need to change if the are to support DSA2. michael@0: */ michael@0: #if defined(__GNUC__) && (__GNUC__ > 3) michael@0: /* make GCC warn when we use these #defines */ michael@0: typedef int __BLAPI_DEPRECATED __attribute__((deprecated)); michael@0: #define DSA_SUBPRIME_LEN ((__BLAPI_DEPRECATED)DSA1_SUBPRIME_LEN) michael@0: #define DSA_SIGNATURE_LEN ((__BLAPI_DEPRECATED)DSA1_SIGNATURE_LEN) michael@0: #define DSA_Q_BITS ((__BLAPI_DEPRECATED)(DSA1_SUBPRIME_LEN*8)) michael@0: #else michael@0: #ifdef _WIN32 michael@0: /* This magic gets the windows compiler to give us a deprecation michael@0: * warning */ michael@0: #pragma deprecated(DSA_SUBPRIME_LEN, DSA_SIGNATURE_LEN, DSA_QBITS) michael@0: #endif michael@0: #define DSA_SUBPRIME_LEN DSA1_SUBPRIME_LEN michael@0: #define DSA_SIGNATURE_LEN DSA1_SIGNATURE_LEN michael@0: #define DSA_Q_BITS (DSA1_SUBPRIME_LEN*8) michael@0: #endif michael@0: michael@0: michael@0: /* XXX We shouldn't have to hard code this limit. For michael@0: * now, this is the quickest way to support ECDSA signature michael@0: * processing (ECDSA signature lengths depend on curve michael@0: * size). This limit is sufficient for curves upto michael@0: * 576 bits. michael@0: */ michael@0: #define MAX_ECKEY_LEN 72 /* Bytes */ michael@0: michael@0: #ifdef NSS_ECC_MORE_THAN_SUITE_B michael@0: #define EC_MAX_KEY_BITS 571 /* in bits */ michael@0: #define EC_MIN_KEY_BITS 112 /* in bits */ michael@0: #else michael@0: #define EC_MAX_KEY_BITS 521 /* in bits */ michael@0: #define EC_MIN_KEY_BITS 256 /* in bits */ michael@0: #endif michael@0: michael@0: /* EC point compression format */ michael@0: #define EC_POINT_FORM_COMPRESSED_Y0 0x02 michael@0: #define EC_POINT_FORM_COMPRESSED_Y1 0x03 michael@0: #define EC_POINT_FORM_UNCOMPRESSED 0x04 michael@0: #define EC_POINT_FORM_HYBRID_Y0 0x06 michael@0: #define EC_POINT_FORM_HYBRID_Y1 0x07 michael@0: michael@0: /* michael@0: * Number of bytes each hash algorithm produces michael@0: */ michael@0: #define MD2_LENGTH 16 /* Bytes */ michael@0: #define MD5_LENGTH 16 /* Bytes */ michael@0: #define SHA1_LENGTH 20 /* Bytes */ michael@0: #define SHA256_LENGTH 32 /* bytes */ michael@0: #define SHA384_LENGTH 48 /* bytes */ michael@0: #define SHA512_LENGTH 64 /* bytes */ michael@0: #define HASH_LENGTH_MAX SHA512_LENGTH michael@0: michael@0: /* michael@0: * Input block size for each hash algorithm. michael@0: */ michael@0: michael@0: #define MD2_BLOCK_LENGTH 64 /* bytes */ michael@0: #define MD5_BLOCK_LENGTH 64 /* bytes */ michael@0: #define SHA1_BLOCK_LENGTH 64 /* bytes */ michael@0: #define SHA224_BLOCK_LENGTH 64 /* bytes */ michael@0: #define SHA256_BLOCK_LENGTH 64 /* bytes */ michael@0: #define SHA384_BLOCK_LENGTH 128 /* bytes */ michael@0: #define SHA512_BLOCK_LENGTH 128 /* bytes */ michael@0: #define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH michael@0: michael@0: #define AES_KEY_WRAP_IV_BYTES 8 michael@0: #define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */ michael@0: #define AES_BLOCK_SIZE 16 /* bytes */ michael@0: michael@0: #define AES_128_KEY_LENGTH 16 /* bytes */ michael@0: #define AES_192_KEY_LENGTH 24 /* bytes */ michael@0: #define AES_256_KEY_LENGTH 32 /* bytes */ michael@0: michael@0: #define CAMELLIA_BLOCK_SIZE 16 /* bytes */ michael@0: michael@0: #define SEED_BLOCK_SIZE 16 /* bytes */ michael@0: #define SEED_KEY_LENGTH 16 /* bytes */ michael@0: michael@0: #define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048 michael@0: michael@0: /* michael@0: * These values come from the initial key size limits from the PKCS #11 michael@0: * module. They may be arbitrarily adjusted to any value freebl supports. michael@0: */ michael@0: #define RSA_MIN_MODULUS_BITS 128 michael@0: #define RSA_MAX_MODULUS_BITS 16384 michael@0: #define RSA_MAX_EXPONENT_BITS 64 michael@0: #define DH_MIN_P_BITS 128 michael@0: #define DH_MAX_P_BITS 16384 michael@0: michael@0: /* michael@0: * The FIPS 186-1 algorithm for generating primes P and Q allows only 9 michael@0: * distinct values for the length of P, and only one value for the michael@0: * length of Q. michael@0: * The algorithm uses a variable j to indicate which of the 9 lengths michael@0: * of P is to be used. michael@0: * The following table relates j to the lengths of P and Q in bits. michael@0: * michael@0: * j bits in P bits in Q michael@0: * _ _________ _________ michael@0: * 0 512 160 michael@0: * 1 576 160 michael@0: * 2 640 160 michael@0: * 3 704 160 michael@0: * 4 768 160 michael@0: * 5 832 160 michael@0: * 6 896 160 michael@0: * 7 960 160 michael@0: * 8 1024 160 michael@0: * michael@0: * The FIPS-186-1 compliant PQG generator takes j as an input parameter. michael@0: * michael@0: * FIPS 186-3 algorithm specifies 4 distinct P and Q sizes: michael@0: * michael@0: * bits in P bits in Q michael@0: * _________ _________ michael@0: * 1024 160 michael@0: * 2048 224 michael@0: * 2048 256 michael@0: * 3072 256 michael@0: * michael@0: * The FIPS-186-3 complaiant PQG generator (PQG V2) takes arbitrary p and q michael@0: * lengths as input and returns an error if they aren't in this list. michael@0: */ michael@0: michael@0: #define DSA1_Q_BITS 160 michael@0: #define DSA_MAX_P_BITS 3072 michael@0: #define DSA_MIN_P_BITS 512 michael@0: #define DSA_MAX_Q_BITS 256 michael@0: #define DSA_MIN_Q_BITS 160 michael@0: michael@0: #if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN*8 michael@0: #error "Inconsistent declaration of DSA SUBPRIME/Q parameters in blapit.h" michael@0: #endif michael@0: michael@0: michael@0: /* michael@0: * function takes desired number of bits in P, michael@0: * returns index (0..8) or -1 if number of bits is invalid. michael@0: */ michael@0: #define PQG_PBITS_TO_INDEX(bits) \ michael@0: (((bits) < 512 || (bits) > 1024 || (bits) % 64) ? \ michael@0: -1 : (int)((bits)-512)/64) michael@0: michael@0: /* michael@0: * function takes index (0-8) michael@0: * returns number of bits in P for that index, or -1 if index is invalid. michael@0: */ michael@0: #define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j))) michael@0: michael@0: michael@0: /*************************************************************************** michael@0: ** Opaque objects michael@0: */ michael@0: michael@0: struct DESContextStr ; michael@0: struct RC2ContextStr ; michael@0: struct RC4ContextStr ; michael@0: struct RC5ContextStr ; michael@0: struct AESContextStr ; michael@0: struct CamelliaContextStr ; michael@0: struct MD2ContextStr ; michael@0: struct MD5ContextStr ; michael@0: struct SHA1ContextStr ; michael@0: struct SHA256ContextStr ; michael@0: struct SHA512ContextStr ; michael@0: struct AESKeyWrapContextStr ; michael@0: struct SEEDContextStr ; michael@0: michael@0: typedef struct DESContextStr DESContext; michael@0: typedef struct RC2ContextStr RC2Context; michael@0: typedef struct RC4ContextStr RC4Context; michael@0: typedef struct RC5ContextStr RC5Context; michael@0: typedef struct AESContextStr AESContext; michael@0: typedef struct CamelliaContextStr CamelliaContext; michael@0: typedef struct MD2ContextStr MD2Context; michael@0: typedef struct MD5ContextStr MD5Context; michael@0: typedef struct SHA1ContextStr SHA1Context; michael@0: typedef struct SHA256ContextStr SHA256Context; michael@0: /* SHA224Context is really a SHA256ContextStr. This is not a mistake. */ michael@0: typedef struct SHA256ContextStr SHA224Context; michael@0: typedef struct SHA512ContextStr SHA512Context; michael@0: /* SHA384Context is really a SHA512ContextStr. This is not a mistake. */ michael@0: typedef struct SHA512ContextStr SHA384Context; michael@0: typedef struct AESKeyWrapContextStr AESKeyWrapContext; michael@0: typedef struct SEEDContextStr SEEDContext; michael@0: michael@0: /*************************************************************************** michael@0: ** RSA Public and Private Key structures michael@0: */ michael@0: michael@0: /* member names from PKCS#1, section 7.1 */ michael@0: struct RSAPublicKeyStr { michael@0: PLArenaPool * arena; michael@0: SECItem modulus; michael@0: SECItem publicExponent; michael@0: }; michael@0: typedef struct RSAPublicKeyStr RSAPublicKey; michael@0: michael@0: /* member names from PKCS#1, section 7.2 */ michael@0: struct RSAPrivateKeyStr { michael@0: PLArenaPool * arena; michael@0: SECItem version; michael@0: SECItem modulus; michael@0: SECItem publicExponent; michael@0: SECItem privateExponent; michael@0: SECItem prime1; michael@0: SECItem prime2; michael@0: SECItem exponent1; michael@0: SECItem exponent2; michael@0: SECItem coefficient; michael@0: }; michael@0: typedef struct RSAPrivateKeyStr RSAPrivateKey; michael@0: michael@0: michael@0: /*************************************************************************** michael@0: ** DSA Public and Private Key and related structures michael@0: */ michael@0: michael@0: struct PQGParamsStr { michael@0: PLArenaPool *arena; michael@0: SECItem prime; /* p */ michael@0: SECItem subPrime; /* q */ michael@0: SECItem base; /* g */ michael@0: /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */ michael@0: }; michael@0: typedef struct PQGParamsStr PQGParams; michael@0: michael@0: struct PQGVerifyStr { michael@0: PLArenaPool * arena; /* includes this struct, seed, & h. */ michael@0: unsigned int counter; michael@0: SECItem seed; michael@0: SECItem h; michael@0: }; michael@0: typedef struct PQGVerifyStr PQGVerify; michael@0: michael@0: struct DSAPublicKeyStr { michael@0: PQGParams params; michael@0: SECItem publicValue; michael@0: }; michael@0: typedef struct DSAPublicKeyStr DSAPublicKey; michael@0: michael@0: struct DSAPrivateKeyStr { michael@0: PQGParams params; michael@0: SECItem publicValue; michael@0: SECItem privateValue; michael@0: }; michael@0: typedef struct DSAPrivateKeyStr DSAPrivateKey; michael@0: michael@0: /*************************************************************************** michael@0: ** Diffie-Hellman Public and Private Key and related structures michael@0: ** Structure member names suggested by PKCS#3. michael@0: */ michael@0: michael@0: struct DHParamsStr { michael@0: PLArenaPool * arena; michael@0: SECItem prime; /* p */ michael@0: SECItem base; /* g */ michael@0: }; michael@0: typedef struct DHParamsStr DHParams; michael@0: michael@0: struct DHPublicKeyStr { michael@0: PLArenaPool * arena; michael@0: SECItem prime; michael@0: SECItem base; michael@0: SECItem publicValue; michael@0: }; michael@0: typedef struct DHPublicKeyStr DHPublicKey; michael@0: michael@0: struct DHPrivateKeyStr { michael@0: PLArenaPool * arena; michael@0: SECItem prime; michael@0: SECItem base; michael@0: SECItem publicValue; michael@0: SECItem privateValue; michael@0: }; michael@0: typedef struct DHPrivateKeyStr DHPrivateKey; michael@0: michael@0: /*************************************************************************** michael@0: ** Data structures used for elliptic curve parameters and michael@0: ** public and private keys. michael@0: */ michael@0: michael@0: /* michael@0: ** The ECParams data structures can encode elliptic curve michael@0: ** parameters for both GFp and GF2m curves. michael@0: */ michael@0: michael@0: typedef enum { ec_params_explicit, michael@0: ec_params_named michael@0: } ECParamsType; michael@0: michael@0: typedef enum { ec_field_GFp = 1, michael@0: ec_field_GF2m michael@0: } ECFieldType; michael@0: michael@0: struct ECFieldIDStr { michael@0: int size; /* field size in bits */ michael@0: ECFieldType type; michael@0: union { michael@0: SECItem prime; /* prime p for (GFp) */ michael@0: SECItem poly; /* irreducible binary polynomial for (GF2m) */ michael@0: } u; michael@0: int k1; /* first coefficient of pentanomial or michael@0: * the only coefficient of trinomial michael@0: */ michael@0: int k2; /* two remaining coefficients of pentanomial */ michael@0: int k3; michael@0: }; michael@0: typedef struct ECFieldIDStr ECFieldID; michael@0: michael@0: struct ECCurveStr { michael@0: SECItem a; /* contains octet stream encoding of michael@0: * field element (X9.62 section 4.3.3) michael@0: */ michael@0: SECItem b; michael@0: SECItem seed; michael@0: }; michael@0: typedef struct ECCurveStr ECCurve; michael@0: michael@0: struct ECParamsStr { michael@0: PLArenaPool * arena; michael@0: ECParamsType type; michael@0: ECFieldID fieldID; michael@0: ECCurve curve; michael@0: SECItem base; michael@0: SECItem order; michael@0: int cofactor; michael@0: SECItem DEREncoding; michael@0: ECCurveName name; michael@0: SECItem curveOID; michael@0: }; michael@0: typedef struct ECParamsStr ECParams; michael@0: michael@0: struct ECPublicKeyStr { michael@0: ECParams ecParams; michael@0: SECItem publicValue; /* elliptic curve point encoded as michael@0: * octet stream. michael@0: */ michael@0: }; michael@0: typedef struct ECPublicKeyStr ECPublicKey; michael@0: michael@0: struct ECPrivateKeyStr { michael@0: ECParams ecParams; michael@0: SECItem publicValue; /* encoded ec point */ michael@0: SECItem privateValue; /* private big integer */ michael@0: SECItem version; /* As per SEC 1, Appendix C, Section C.4 */ michael@0: }; michael@0: typedef struct ECPrivateKeyStr ECPrivateKey; michael@0: michael@0: typedef void * (*BLapiAllocateFunc)(void); michael@0: typedef void (*BLapiDestroyContextFunc)(void *cx, PRBool freeit); michael@0: typedef SECStatus (*BLapiInitContextFunc)(void *cx, michael@0: const unsigned char *key, michael@0: unsigned int keylen, michael@0: const unsigned char *, michael@0: int, michael@0: unsigned int , michael@0: unsigned int ); michael@0: typedef SECStatus (*BLapiEncrypt)(void *cx, unsigned char *output, michael@0: unsigned int *outputLen, michael@0: unsigned int maxOutputLen, michael@0: const unsigned char *input, michael@0: unsigned int inputLen); michael@0: michael@0: #endif /* _BLAPIT_H_ */