Add GCM, CTR, and CTS modes to AES.

nss/mozilla/security/nss/lib/freebl/blapii.h

Index: nss/mozilla/security/nss/lib/freebl/blapii.h
===================================================================
--- nss/mozilla/security/nss/lib/freebl/blapii.h	(revision 155503)
+++ nss/mozilla/security/nss/lib/freebl/blapii.h	(working copy)
@@ -40,6 +40,14 @@
 
 #include "blapit.h"
 
+#define MAX_BLOCK_SIZE 16

[Ryan Sleevi, 2012/09/11 19:34:30]

nit: It seems useful to add a comment here explaining this, much like found
within SFTK_MAX_BLOCK_SIZE

/** max block size of supported block ciphers */

+
+typedef SECStatus (*freeblCipherFunc)(void *cx, unsigned char *output,

[Ryan Sleevi, 2012/09/11 19:34:30]

I think it would be helpful if you could document here what the expectations
are.

Most notably:
- Is there a requirement that inputLen is a multiple of blocksize?
  - If not, what is the handling mode?
- What is the expectation if inputLen = 0 (for an "empty block")?

[wtc, 2012/09/14 01:16:42]

I looked into this. I found that freeblDestroyFunc can be
a block cipher (in ECB or CBC/no-padding mode) or a stream
cipher (CTR, CTS, and GCM), so it's not easy to document
the expectations here.

I chose to document what ctr.h, cts.h, and gcm.h expect of
their |cipher| input argument. The downside of that approach
is that I had to replicate the freeblCipherFunc function
prototype in those headers, so that I can talk about the
inputLen and blocksize arguments.

+                          unsigned int *outputLen, unsigned int maxOutputLen,
+                          const unsigned char *input, unsigned int inputLen,
+			  unsigned int blocksize);
+typedef SECStatus (*freeblDestroyFunc)(void *cx, PRBool freeit);
+
 SEC_BEGIN_PROTOS
 
 #if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
@@ -54,6 +62,7 @@
 
 #endif
 

[Ryan Sleevi, 2012/09/11 19:34:30]

nit: unnecessary newline?

+
 SEC_END_PROTOS
 
 #endif /* _BLAPII_H_ */