Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(28)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mozilla/security/nss/lib/freebl/blapi.h

Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « mozilla/security/nss/lib/freebl/arcfour.c ('k') | mozilla/security/nss/lib/freebl/blapii.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * crypto.h - public data structures and prototypes for the crypto library
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /* $Id: blapi.h,v 1.50 2013/02/05 18:10:42 wtc%google.com Exp $ */
8
9 #ifndef _BLAPI_H_
10 #define _BLAPI_H_
11
12 #include "blapit.h"
13 #include "hasht.h"
14 #include "alghmac.h"
15
16 SEC_BEGIN_PROTOS
17
18 /*
19 ** RSA encryption/decryption. When encrypting/decrypting the output
20 ** buffer must be at least the size of the public key modulus.
21 */
22
23 extern SECStatus BL_Init(void);
24
25 /*
26 ** Generate and return a new RSA public and private key.
27 ** Both keys are encoded in a single RSAPrivateKey structure.
28 ** "cx" is the random number generator context
29 ** "keySizeInBits" is the size of the key to be generated, in bits.
30 ** 512, 1024, etc.
31 ** "publicExponent" when not NULL is a pointer to some data that
32 ** represents the public exponent to use. The data is a byte
33 ** encoded integer, in "big endian" order.
34 */
35 extern RSAPrivateKey *RSA_NewKey(int keySizeInBits,
36 SECItem * publicExponent);
37
38 /*
39 ** Perform a raw public-key operation
40 ** Length of input and output buffers are equal to key's modulus len.
41 */
42 extern SECStatus RSA_PublicKeyOp(RSAPublicKey * key,
43 unsigned char * output,
44 const unsigned char * input);
45
46 /*
47 ** Perform a raw private-key operation
48 ** Length of input and output buffers are equal to key's modulus len.
49 */
50 extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey * key,
51 unsigned char * output,
52 const unsigned char * input);
53
54 /*
55 ** Perform a raw private-key operation, and check the parameters used in
56 ** the operation for validity by performing a test operation first.
57 ** Length of input and output buffers are equal to key's modulus len.
58 */
59 extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key,
60 unsigned char * output,
61 const unsigned char * input);
62
63 /*
64 ** Perform a check of private key parameters for consistency.
65 */
66 extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key);
67
68 /*
69 ** Given only minimal private key parameters, fill in the rest of the
70 ** parameters.
71 **
72 **
73 ** All the entries, including those supplied by the caller, will be
74 ** overwritten with data alocated out of the arena.
75 **
76 ** If no arena is supplied, one will be created.
77 **
78 ** The following fields must be supplied in order for this function
79 ** to succeed:
80 ** one of either publicExponent or privateExponent
81 ** two more of the following 5 parameters (not counting the above).
82 ** modulus (n)
83 ** prime1 (p)
84 ** prime2 (q)
85 ** publicExponent (e)
86 ** privateExponent (d)
87 **
88 ** NOTE: if only the publicExponent, privateExponent, and one prime is given,
89 ** then there may be more than one RSA key that matches that combination. If
90 ** we find 2 possible valid keys that meet this criteria, we return an error.
91 ** If we return the wrong key, and the original modulus is compared to the
92 ** new modulus, both can be factored by calculateing gcd(n_old,n_new) to get
93 ** the common prime.
94 **
95 ** NOTE: in some cases the publicExponent must be less than 2^23 for this
96 ** function to work correctly. (The case where we have only one of: modulus
97 ** prime1 and prime2).
98 **
99 ** All parameters will be replaced in the key structure with new parameters
100 ** allocated out of the arena. There is no attempt to free the old structures.
101 ** prime1 will always be greater than prime2 (even if the caller supplies the
102 ** smaller prime as prime1 or the larger prime as prime2). The parameters are
103 ** not overwritten on failure.
104 **
105 ** While the remaining Chinese remainder theorem parameters (dp,dp, and qinv)
106 ** can also be used in reconstructing the private key, they are currently
107 ** ignored in this implementation.
108 */
109 extern SECStatus RSA_PopulatePrivateKey(RSAPrivateKey *key);
110
111 /********************************************************************
112 ** DSA signing algorithm
113 */
114
115 /* Generate a new random value within the interval [2, q-1].
116 */
117 extern SECStatus DSA_NewRandom(PLArenaPool * arena, const SECItem * q,
118 SECItem * random);
119
120 /*
121 ** Generate and return a new DSA public and private key pair,
122 ** both of which are encoded into a single DSAPrivateKey struct.
123 ** "params" is a pointer to the PQG parameters for the domain
124 ** Uses a random seed.
125 */
126 extern SECStatus DSA_NewKey(const PQGParams * params,
127 DSAPrivateKey ** privKey);
128
129 /* signature is caller-supplied buffer of at least 20 bytes.
130 ** On input, signature->len == size of buffer to hold signature.
131 ** digest->len == size of digest.
132 ** On output, signature->len == size of signature in buffer.
133 ** Uses a random seed.
134 */
135 extern SECStatus DSA_SignDigest(DSAPrivateKey * key,
136 SECItem * signature,
137 const SECItem * digest);
138
139 /* signature is caller-supplied buffer of at least 20 bytes.
140 ** On input, signature->len == size of buffer to hold signature.
141 ** digest->len == size of digest.
142 */
143 extern SECStatus DSA_VerifyDigest(DSAPublicKey * key,
144 const SECItem * signature,
145 const SECItem * digest);
146
147 /* For FIPS compliance testing. Seed must be exactly 20 bytes long */
148 extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params,
149 const unsigned char * seed,
150 DSAPrivateKey **privKey);
151
152 /* For FIPS compliance testing. Seed must be exactly 20 bytes. */
153 extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey * key,
154 SECItem * signature,
155 const SECItem * digest,
156 const unsigned char * seed);
157
158 /******************************************************
159 ** Diffie Helman key exchange algorithm
160 */
161
162 /* Generates parameters for Diffie-Helman key generation.
163 ** primeLen is the length in bytes of prime P to be generated.
164 */
165 extern SECStatus DH_GenParam(int primeLen, DHParams ** params);
166
167 /* Generates a public and private key, both of which are encoded in a single
168 ** DHPrivateKey struct. Params is input, privKey are output.
169 ** This is Phase 1 of Diffie Hellman.
170 */
171 extern SECStatus DH_NewKey(DHParams * params,
172 DHPrivateKey ** privKey);
173
174 /*
175 ** DH_Derive does the Diffie-Hellman phase 2 calculation, using the
176 ** other party's publicValue, and the prime and our privateValue.
177 ** maxOutBytes is the requested length of the generated secret in bytes.
178 ** A zero value means produce a value of any length up to the size of
179 ** the prime. If successful, derivedSecret->data is set
180 ** to the address of the newly allocated buffer containing the derived
181 ** secret, and derivedSecret->len is the size of the secret produced.
182 ** The size of the secret produced will depend on the value of outBytes.
183 ** If outBytes is 0, the key length will be all the significant bytes of
184 ** the derived secret (leading zeros are dropped). This length could be less
185 ** than the length of the prime. If outBytes is nonzero, the length of the
186 ** produced key will be outBytes long. If the key is truncated, the most
187 ** significant bytes are truncated. If it is expanded, zero bytes are added
188 ** at the beginning.
189 ** It is the caller's responsibility to free the allocated buffer
190 ** containing the derived secret.
191 */
192 extern SECStatus DH_Derive(SECItem * publicValue,
193 SECItem * prime,
194 SECItem * privateValue,
195 SECItem * derivedSecret,
196 unsigned int outBytes);
197
198 /*
199 ** KEA_CalcKey returns octet string with the private key for a dual
200 ** Diffie-Helman key generation as specified for government key exchange.
201 */
202 extern SECStatus KEA_Derive(SECItem *prime,
203 SECItem *public1,
204 SECItem *public2,
205 SECItem *private1,
206 SECItem *private2,
207 SECItem *derivedSecret);
208
209 /*
210 * verify that a KEA or DSA public key is a valid key for this prime and
211 * subprime domain.
212 */
213 extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime);
214
215 /****************************************
216 * J-PAKE key transport
217 */
218
219 /* Given gx == g^x, create a Schnorr zero-knowledge proof for the value x
220 * using the specified hash algorithm and signer ID. The signature is
221 * returned in the values gv and r. testRandom must be NULL for a PRNG
222 * generated random committment to be used in the sigature. When testRandom
223 * is non-NULL, that value must contain a value in the subgroup q; that
224 * value will be used instead of a PRNG-generated committment in order to
225 * facilitate known-answer tests.
226 *
227 * If gxIn is non-NULL then it must contain a pre-computed value of g^x that
228 * will be used by the function; in this case, the gxOut parameter must be NULL.
229 * If the gxIn parameter is NULL then gxOut must be non-NULL; in this case
230 * gxOut will contain the value g^x on output.
231 *
232 * gx (if not supplied by the caller), gv, and r will be allocated in the arena.
233 * The arena is *not* optional so do not pass NULL for the arena parameter.
234 * The arena should be zeroed when it is freed.
235 */
236 SECStatus
237 JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
238 const SECItem * signerID, const SECItem * x,
239 const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut,
240 SECItem * gv, SECItem * r);
241
242 /* Given gx == g^x, verify the Schnorr zero-knowledge proof (gv, r) for the
243 * value x using the specified hash algorithm and signer ID.
244 *
245 * The arena is *not* optional so do not pass NULL for the arena parameter.
246 */
247 SECStatus
248 JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg,
249 HASH_HashType hashType, const SECItem * signerID,
250 const SECItem * peerID, const SECItem * gx,
251 const SECItem * gv, const SECItem * r);
252
253 /* Call before round 2 with x2, s, and x2s all non-NULL. This will calculate
254 * base = g^(x1+x3+x4) (mod p) and x2s = x2*s (mod q). The values to send in
255 * round 2 (A and the proof of knowledge of x2s) can then be calculated with
256 * JPAKE_Sign using pqg->base = base and x = x2s.
257 *
258 * Call after round 2 with x2, s, and x2s all NULL, and passing (gx1, gx2, gx3)
259 * instead of (gx1, gx3, gx4). This will calculate base = g^(x1+x2+x3). Then cal l
260 * JPAKE_Verify with pqg->base = base and then JPAKE_Final.
261 *
262 * base and x2s will be allocated in the arena. The arena is *not* optional so
263 * do not pass NULL for the arena parameter. The arena should be zeroed when it
264 * is freed.
265 */
266 SECStatus
267 JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem *q,
268 const SECItem * gx1, const SECItem * gx3, const SECItem * gx4,
269 SECItem * base, const SECItem * x2, const SECItem * s, SECItem * x2 s);
270
271 /* K = (B/g^(x2*x4*s))^x2 (mod p)
272 *
273 * K will be allocated in the arena. The arena is *not* optional so do not pass
274 * NULL for the arena parameter. The arena should be zeroed when it is freed.
275 */
276 SECStatus
277 JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem *q,
278 const SECItem * x2, const SECItem * gx4, const SECItem * x2s,
279 const SECItem * B, SECItem * K);
280
281 /******************************************************
282 ** Elliptic Curve algorithms
283 */
284
285 /* Generates a public and private key, both of which are encoded
286 ** in a single ECPrivateKey struct. Params is input, privKey are
287 ** output.
288 */
289 extern SECStatus EC_NewKey(ECParams * params,
290 ECPrivateKey ** privKey);
291
292 extern SECStatus EC_NewKeyFromSeed(ECParams * params,
293 ECPrivateKey ** privKey,
294 const unsigned char* seed,
295 int seedlen);
296
297 /* Validates an EC public key as described in Section 5.2.2 of
298 * X9.62. Such validation prevents against small subgroup attacks
299 * when the ECDH primitive is used with the cofactor.
300 */
301 extern SECStatus EC_ValidatePublicKey(ECParams * params,
302 SECItem * publicValue);
303
304 /*
305 ** ECDH_Derive performs a scalar point multiplication of a point
306 ** representing a (peer's) public key and a large integer representing
307 ** a private key (its own). Both keys must use the same elliptic curve
308 ** parameters. If the withCofactor parameter is true, the
309 ** multiplication also uses the cofactor associated with the curve
310 ** parameters. The output of this scheme is the x-coordinate of the
311 ** resulting point. If successful, derivedSecret->data is set to the
312 ** address of the newly allocated buffer containing the derived
313 ** secret, and derivedSecret->len is the size of the secret
314 ** produced. It is the caller's responsibility to free the allocated
315 ** buffer containing the derived secret.
316 */
317 extern SECStatus ECDH_Derive(SECItem * publicValue,
318 ECParams * params,
319 SECItem * privateValue,
320 PRBool withCofactor,
321 SECItem * derivedSecret);
322
323 /* On input, signature->len == size of buffer to hold signature.
324 ** digest->len == size of digest.
325 ** On output, signature->len == size of signature in buffer.
326 ** Uses a random seed.
327 */
328 extern SECStatus ECDSA_SignDigest(ECPrivateKey *key,
329 SECItem *signature,
330 const SECItem *digest);
331
332 /* On input, signature->len == size of buffer to hold signature.
333 ** digest->len == size of digest.
334 */
335 extern SECStatus ECDSA_VerifyDigest(ECPublicKey *key,
336 const SECItem *signature,
337 const SECItem *digest);
338
339 /* Uses the provided seed. */
340 extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey *key,
341 SECItem *signature,
342 const SECItem *digest,
343 const unsigned char *seed,
344 const int seedlen);
345
346 /******************************************/
347 /*
348 ** RC4 symmetric stream cypher
349 */
350
351 /*
352 ** Create a new RC4 context suitable for RC4 encryption/decryption.
353 ** "key" raw key data
354 ** "len" the number of bytes of key data
355 */
356 extern RC4Context *RC4_CreateContext(const unsigned char *key, int len);
357
358 extern RC4Context *RC4_AllocateContext(void);
359 extern SECStatus RC4_InitContext(RC4Context *cx,
360 const unsigned char *key,
361 unsigned int keylen,
362 const unsigned char *,
363 int,
364 unsigned int ,
365 unsigned int );
366
367 /*
368 ** Destroy an RC4 encryption/decryption context.
369 ** "cx" the context
370 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
371 */
372 extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit);
373
374 /*
375 ** Perform RC4 encryption.
376 ** "cx" the context
377 ** "output" the output buffer to store the encrypted data.
378 ** "outputLen" how much data is stored in "output". Set by the routine
379 ** after some data is stored in output.
380 ** "maxOutputLen" the maximum amount of data that can ever be
381 ** stored in "output"
382 ** "input" the input data
383 ** "inputLen" the amount of input data
384 */
385 extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output,
386 unsigned int *outputLen, unsigned int maxOutputLen,
387 const unsigned char *input, unsigned int inputLen);
388
389 /*
390 ** Perform RC4 decryption.
391 ** "cx" the context
392 ** "output" the output buffer to store the decrypted data.
393 ** "outputLen" how much data is stored in "output". Set by the routine
394 ** after some data is stored in output.
395 ** "maxOutputLen" the maximum amount of data that can ever be
396 ** stored in "output"
397 ** "input" the input data
398 ** "inputLen" the amount of input data
399 */
400 extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
401 unsigned int *outputLen, unsigned int maxOutputLen,
402 const unsigned char *input, unsigned int inputLen);
403
404 /******************************************/
405 /*
406 ** RC2 symmetric block cypher
407 */
408
409 /*
410 ** Create a new RC2 context suitable for RC2 encryption/decryption.
411 ** "key" raw key data
412 ** "len" the number of bytes of key data
413 ** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
414 ** "mode" one of NSS_RC2 or NSS_RC2_CBC
415 ** "effectiveKeyLen" is the effective key length (as specified in
416 ** RFC 2268) in bytes (not bits).
417 **
418 ** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
419 ** chaining" mode.
420 */
421 extern RC2Context *RC2_CreateContext(const unsigned char *key, unsigned int len,
422 const unsigned char *iv, int mode,
423 unsigned effectiveKeyLen);
424 extern RC2Context *RC2_AllocateContext(void);
425 extern SECStatus RC2_InitContext(RC2Context *cx,
426 const unsigned char *key,
427 unsigned int keylen,
428 const unsigned char *iv,
429 int mode,
430 unsigned int effectiveKeyLen,
431 unsigned int );
432
433 /*
434 ** Destroy an RC2 encryption/decryption context.
435 ** "cx" the context
436 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
437 */
438 extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit);
439
440 /*
441 ** Perform RC2 encryption.
442 ** "cx" the context
443 ** "output" the output buffer to store the encrypted data.
444 ** "outputLen" how much data is stored in "output". Set by the routine
445 ** after some data is stored in output.
446 ** "maxOutputLen" the maximum amount of data that can ever be
447 ** stored in "output"
448 ** "input" the input data
449 ** "inputLen" the amount of input data
450 */
451 extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
452 unsigned int *outputLen, unsigned int maxOutputLen,
453 const unsigned char *input, unsigned int inputLen);
454
455 /*
456 ** Perform RC2 decryption.
457 ** "cx" the context
458 ** "output" the output buffer to store the decrypted data.
459 ** "outputLen" how much data is stored in "output". Set by the routine
460 ** after some data is stored in output.
461 ** "maxOutputLen" the maximum amount of data that can ever be
462 ** stored in "output"
463 ** "input" the input data
464 ** "inputLen" the amount of input data
465 */
466 extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
467 unsigned int *outputLen, unsigned int maxOutputLen,
468 const unsigned char *input, unsigned int inputLen);
469
470 /******************************************/
471 /*
472 ** RC5 symmetric block cypher -- 64-bit block size
473 */
474
475 /*
476 ** Create a new RC5 context suitable for RC5 encryption/decryption.
477 ** "key" raw key data
478 ** "len" the number of bytes of key data
479 ** "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC)
480 ** "mode" one of NSS_RC5 or NSS_RC5_CBC
481 **
482 ** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block
483 ** chaining" mode.
484 */
485 extern RC5Context *RC5_CreateContext(const SECItem *key, unsigned int rounds,
486 unsigned int wordSize, const unsigned char *iv, int mode);
487 extern RC5Context *RC5_AllocateContext(void);
488 extern SECStatus RC5_InitContext(RC5Context *cx,
489 const unsigned char *key,
490 unsigned int keylen,
491 const unsigned char *iv,
492 int mode,
493 unsigned int rounds,
494 unsigned int wordSize);
495
496 /*
497 ** Destroy an RC5 encryption/decryption context.
498 ** "cx" the context
499 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
500 */
501 extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit);
502
503 /*
504 ** Perform RC5 encryption.
505 ** "cx" the context
506 ** "output" the output buffer to store the encrypted data.
507 ** "outputLen" how much data is stored in "output". Set by the routine
508 ** after some data is stored in output.
509 ** "maxOutputLen" the maximum amount of data that can ever be
510 ** stored in "output"
511 ** "input" the input data
512 ** "inputLen" the amount of input data
513 */
514 extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output,
515 unsigned int *outputLen, unsigned int maxOutputLen,
516 const unsigned char *input, unsigned int inputLen);
517
518 /*
519 ** Perform RC5 decryption.
520 ** "cx" the context
521 ** "output" the output buffer to store the decrypted data.
522 ** "outputLen" how much data is stored in "output". Set by the routine
523 ** after some data is stored in output.
524 ** "maxOutputLen" the maximum amount of data that can ever be
525 ** stored in "output"
526 ** "input" the input data
527 ** "inputLen" the amount of input data
528 */
529
530 extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output,
531 unsigned int *outputLen, unsigned int maxOutputLen,
532 const unsigned char *input, unsigned int inputLen);
533
534
535
536 /******************************************/
537 /*
538 ** DES symmetric block cypher
539 */
540
541 /*
542 ** Create a new DES context suitable for DES encryption/decryption.
543 ** "key" raw key data
544 ** "len" the number of bytes of key data
545 ** "iv" is the CBC initialization vector (if mode is NSS_DES_CBC or
546 ** mode is DES_EDE3_CBC)
547 ** "mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC
548 ** "encrypt" is PR_TRUE if the context will be used for encryption
549 **
550 ** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES
551 ** cipher is run in "cipher block chaining" mode.
552 */
553 extern DESContext *DES_CreateContext(const unsigned char *key,
554 const unsigned char *iv,
555 int mode, PRBool encrypt);
556 extern DESContext *DES_AllocateContext(void);
557 extern SECStatus DES_InitContext(DESContext *cx,
558 const unsigned char *key,
559 unsigned int keylen,
560 const unsigned char *iv,
561 int mode,
562 unsigned int encrypt,
563 unsigned int );
564
565 /*
566 ** Destroy an DES encryption/decryption context.
567 ** "cx" the context
568 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
569 */
570 extern void DES_DestroyContext(DESContext *cx, PRBool freeit);
571
572 /*
573 ** Perform DES encryption.
574 ** "cx" the context
575 ** "output" the output buffer to store the encrypted data.
576 ** "outputLen" how much data is stored in "output". Set by the routine
577 ** after some data is stored in output.
578 ** "maxOutputLen" the maximum amount of data that can ever be
579 ** stored in "output"
580 ** "input" the input data
581 ** "inputLen" the amount of input data
582 **
583 ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
584 */
585 extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output,
586 unsigned int *outputLen, unsigned int maxOutputLen,
587 const unsigned char *input, unsigned int inputLen);
588
589 /*
590 ** Perform DES decryption.
591 ** "cx" the context
592 ** "output" the output buffer to store the decrypted data.
593 ** "outputLen" how much data is stored in "output". Set by the routine
594 ** after some data is stored in output.
595 ** "maxOutputLen" the maximum amount of data that can ever be
596 ** stored in "output"
597 ** "input" the input data
598 ** "inputLen" the amount of input data
599 **
600 ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
601 */
602 extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output,
603 unsigned int *outputLen, unsigned int maxOutputLen,
604 const unsigned char *input, unsigned int inputLen);
605
606 /******************************************/
607 /*
608 ** SEED symmetric block cypher
609 */
610 extern SEEDContext *
611 SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
612 int mode, PRBool encrypt);
613 extern SEEDContext *SEED_AllocateContext(void);
614 extern SECStatus SEED_InitContext(SEEDContext *cx,
615 const unsigned char *key,
616 unsigned int keylen,
617 const unsigned char *iv,
618 int mode, unsigned int encrypt,
619 unsigned int );
620 extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit);
621 extern SECStatus
622 SEED_Encrypt(SEEDContext *cx, unsigned char *output,
623 unsigned int *outputLen, unsigned int maxOutputLen,
624 const unsigned char *input, unsigned int inputLen);
625 extern SECStatus
626 SEED_Decrypt(SEEDContext *cx, unsigned char *output,
627 unsigned int *outputLen, unsigned int maxOutputLen,
628 const unsigned char *input, unsigned int inputLen);
629
630 /******************************************/
631 /*
632 ** AES symmetric block cypher (Rijndael)
633 */
634
635 /*
636 ** Create a new AES context suitable for AES encryption/decryption.
637 ** "key" raw key data
638 ** "keylen" the number of bytes of key data (16, 24, or 32)
639 ** "blocklen" is the blocksize to use (16, 24, or 32)
640 ** XXX currently only blocksize==16 has been tested!
641 */
642 extern AESContext *
643 AES_CreateContext(const unsigned char *key, const unsigned char *iv,
644 int mode, int encrypt,
645 unsigned int keylen, unsigned int blocklen);
646 extern AESContext *AES_AllocateContext(void);
647 extern SECStatus AES_InitContext(AESContext *cx,
648 const unsigned char *key,
649 unsigned int keylen,
650 const unsigned char *iv,
651 int mode,
652 unsigned int encrypt,
653 unsigned int blocklen);
654
655 /*
656 ** Destroy a AES encryption/decryption context.
657 ** "cx" the context
658 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
659 */
660 extern void
661 AES_DestroyContext(AESContext *cx, PRBool freeit);
662
663 /*
664 ** Perform AES encryption.
665 ** "cx" the context
666 ** "output" the output buffer to store the encrypted data.
667 ** "outputLen" how much data is stored in "output". Set by the routine
668 ** after some data is stored in output.
669 ** "maxOutputLen" the maximum amount of data that can ever be
670 ** stored in "output"
671 ** "input" the input data
672 ** "inputLen" the amount of input data
673 */
674 extern SECStatus
675 AES_Encrypt(AESContext *cx, unsigned char *output,
676 unsigned int *outputLen, unsigned int maxOutputLen,
677 const unsigned char *input, unsigned int inputLen);
678
679 /*
680 ** Perform AES decryption.
681 ** "cx" the context
682 ** "output" the output buffer to store the decrypted data.
683 ** "outputLen" how much data is stored in "output". Set by the routine
684 ** after some data is stored in output.
685 ** "maxOutputLen" the maximum amount of data that can ever be
686 ** stored in "output"
687 ** "input" the input data
688 ** "inputLen" the amount of input data
689 */
690 extern SECStatus
691 AES_Decrypt(AESContext *cx, unsigned char *output,
692 unsigned int *outputLen, unsigned int maxOutputLen,
693 const unsigned char *input, unsigned int inputLen);
694
695 /******************************************/
696 /*
697 ** AES key wrap algorithm, RFC 3394
698 */
699
700 /*
701 ** Create a new AES context suitable for AES encryption/decryption.
702 ** "key" raw key data
703 ** "iv" The 8 byte "initial value"
704 ** "encrypt", a boolean, true for key wrapping, false for unwrapping.
705 ** "keylen" the number of bytes of key data (16, 24, or 32)
706 */
707 extern AESKeyWrapContext *
708 AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
709 int encrypt, unsigned int keylen);
710 extern AESKeyWrapContext * AESKeyWrap_AllocateContext(void);
711 extern SECStatus
712 AESKeyWrap_InitContext(AESKeyWrapContext *cx,
713 const unsigned char *key,
714 unsigned int keylen,
715 const unsigned char *iv,
716 int ,
717 unsigned int encrypt,
718 unsigned int );
719
720 /*
721 ** Destroy a AES KeyWrap context.
722 ** "cx" the context
723 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
724 */
725 extern void
726 AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit);
727
728 /*
729 ** Perform AES key wrap.
730 ** "cx" the context
731 ** "output" the output buffer to store the encrypted data.
732 ** "outputLen" how much data is stored in "output". Set by the routine
733 ** after some data is stored in output.
734 ** "maxOutputLen" the maximum amount of data that can ever be
735 ** stored in "output"
736 ** "input" the input data
737 ** "inputLen" the amount of input data
738 */
739 extern SECStatus
740 AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
741 unsigned int *outputLen, unsigned int maxOutputLen,
742 const unsigned char *input, unsigned int inputLen);
743
744 /*
745 ** Perform AES key unwrap.
746 ** "cx" the context
747 ** "output" the output buffer to store the decrypted data.
748 ** "outputLen" how much data is stored in "output". Set by the routine
749 ** after some data is stored in output.
750 ** "maxOutputLen" the maximum amount of data that can ever be
751 ** stored in "output"
752 ** "input" the input data
753 ** "inputLen" the amount of input data
754 */
755 extern SECStatus
756 AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
757 unsigned int *outputLen, unsigned int maxOutputLen,
758 const unsigned char *input, unsigned int inputLen);
759
760 /******************************************/
761 /*
762 ** Camellia symmetric block cypher
763 */
764
765 /*
766 ** Create a new Camellia context suitable for Camellia encryption/decryption.
767 ** "key" raw key data
768 ** "keylen" the number of bytes of key data (16, 24, or 32)
769 */
770 extern CamelliaContext *
771 Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
772 int mode, int encrypt, unsigned int keylen);
773
774 extern CamelliaContext *Camellia_AllocateContext(void);
775 extern SECStatus Camellia_InitContext(CamelliaContext *cx,
776 const unsigned char *key,
777 unsigned int keylen,
778 const unsigned char *iv,
779 int mode,
780 unsigned int encrypt,
781 unsigned int unused);
782 /*
783 ** Destroy a Camellia encryption/decryption context.
784 ** "cx" the context
785 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
786 */
787 extern void
788 Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit);
789
790 /*
791 ** Perform Camellia encryption.
792 ** "cx" the context
793 ** "output" the output buffer to store the encrypted data.
794 ** "outputLen" how much data is stored in "output". Set by the routine
795 ** after some data is stored in output.
796 ** "maxOutputLen" the maximum amount of data that can ever be
797 ** stored in "output"
798 ** "input" the input data
799 ** "inputLen" the amount of input data
800 */
801 extern SECStatus
802 Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
803 unsigned int *outputLen, unsigned int maxOutputLen,
804 const unsigned char *input, unsigned int inputLen);
805
806 /*
807 ** Perform Camellia decryption.
808 ** "cx" the context
809 ** "output" the output buffer to store the decrypted data.
810 ** "outputLen" how much data is stored in "output". Set by the routine
811 ** after some data is stored in output.
812 ** "maxOutputLen" the maximum amount of data that can ever be
813 ** stored in "output"
814 ** "input" the input data
815 ** "inputLen" the amount of input data
816 */
817 extern SECStatus
818 Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
819 unsigned int *outputLen, unsigned int maxOutputLen,
820 const unsigned char *input, unsigned int inputLen);
821
822
823 /******************************************/
824 /*
825 ** MD5 secure hash function
826 */
827
828 /*
829 ** Hash a null terminated string "src" into "dest" using MD5
830 */
831 extern SECStatus MD5_Hash(unsigned char *dest, const char *src);
832
833 /*
834 ** Hash a non-null terminated string "src" into "dest" using MD5
835 */
836 extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src,
837 uint32 src_length);
838
839 /*
840 ** Create a new MD5 context
841 */
842 extern MD5Context *MD5_NewContext(void);
843
844
845 /*
846 ** Destroy an MD5 secure hash context.
847 ** "cx" the context
848 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
849 */
850 extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit);
851
852 /*
853 ** Reset an MD5 context, preparing it for a fresh round of hashing
854 */
855 extern void MD5_Begin(MD5Context *cx);
856
857 /*
858 ** Update the MD5 hash function with more data.
859 ** "cx" the context
860 ** "input" the data to hash
861 ** "inputLen" the amount of data to hash
862 */
863 extern void MD5_Update(MD5Context *cx,
864 const unsigned char *input, unsigned int inputLen);
865
866 /*
867 ** Finish the MD5 hash function. Produce the digested results in "digest"
868 ** "cx" the context
869 ** "digest" where the 16 bytes of digest data are stored
870 ** "digestLen" where the digest length (16) is stored
871 ** "maxDigestLen" the maximum amount of data that can ever be
872 ** stored in "digest"
873 */
874 extern void MD5_End(MD5Context *cx, unsigned char *digest,
875 unsigned int *digestLen, unsigned int maxDigestLen);
876
877 /*
878 ** Export the raw state of the MD5 hash without appending the standard padding
879 ** and length bytes. Produce the digested results in "digest"
880 ** "cx" the context
881 ** "digest" where the 16 bytes of digest data are stored
882 ** "digestLen" where the digest length (16) is stored (optional)
883 ** "maxDigestLen" the maximum amount of data that can ever be
884 ** stored in "digest"
885 */
886 extern void MD5_EndRaw(MD5Context *cx, unsigned char *digest,
887 unsigned int *digestLen, unsigned int maxDigestLen);
888
889 /*
890 * Return the the size of a buffer needed to flatten the MD5 Context into
891 * "cx" the context
892 * returns size;
893 */
894 extern unsigned int MD5_FlattenSize(MD5Context *cx);
895
896 /*
897 * Flatten the MD5 Context into a buffer:
898 * "cx" the context
899 * "space" the buffer to flatten to
900 * returns status;
901 */
902 extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space);
903
904 /*
905 * Resurrect a flattened context into a MD5 Context
906 * "space" the buffer of the flattend buffer
907 * "arg" ptr to void used by cryptographic resurrect
908 * returns resurected context;
909 */
910 extern MD5Context * MD5_Resurrect(unsigned char *space, void *arg);
911 extern void MD5_Clone(MD5Context *dest, MD5Context *src);
912
913 /*
914 ** trace the intermediate state info of the MD5 hash.
915 */
916 extern void MD5_TraceState(MD5Context *cx);
917
918
919 /******************************************/
920 /*
921 ** MD2 secure hash function
922 */
923
924 /*
925 ** Hash a null terminated string "src" into "dest" using MD2
926 */
927 extern SECStatus MD2_Hash(unsigned char *dest, const char *src);
928
929 /*
930 ** Create a new MD2 context
931 */
932 extern MD2Context *MD2_NewContext(void);
933
934
935 /*
936 ** Destroy an MD2 secure hash context.
937 ** "cx" the context
938 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
939 */
940 extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit);
941
942 /*
943 ** Reset an MD2 context, preparing it for a fresh round of hashing
944 */
945 extern void MD2_Begin(MD2Context *cx);
946
947 /*
948 ** Update the MD2 hash function with more data.
949 ** "cx" the context
950 ** "input" the data to hash
951 ** "inputLen" the amount of data to hash
952 */
953 extern void MD2_Update(MD2Context *cx,
954 const unsigned char *input, unsigned int inputLen);
955
956 /*
957 ** Finish the MD2 hash function. Produce the digested results in "digest"
958 ** "cx" the context
959 ** "digest" where the 16 bytes of digest data are stored
960 ** "digestLen" where the digest length (16) is stored
961 ** "maxDigestLen" the maximum amount of data that can ever be
962 ** stored in "digest"
963 */
964 extern void MD2_End(MD2Context *cx, unsigned char *digest,
965 unsigned int *digestLen, unsigned int maxDigestLen);
966
967 /*
968 * Return the the size of a buffer needed to flatten the MD2 Context into
969 * "cx" the context
970 * returns size;
971 */
972 extern unsigned int MD2_FlattenSize(MD2Context *cx);
973
974 /*
975 * Flatten the MD2 Context into a buffer:
976 * "cx" the context
977 * "space" the buffer to flatten to
978 * returns status;
979 */
980 extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space);
981
982 /*
983 * Resurrect a flattened context into a MD2 Context
984 * "space" the buffer of the flattend buffer
985 * "arg" ptr to void used by cryptographic resurrect
986 * returns resurected context;
987 */
988 extern MD2Context * MD2_Resurrect(unsigned char *space, void *arg);
989 extern void MD2_Clone(MD2Context *dest, MD2Context *src);
990
991 /******************************************/
992 /*
993 ** SHA-1 secure hash function
994 */
995
996 /*
997 ** Hash a null terminated string "src" into "dest" using SHA-1
998 */
999 extern SECStatus SHA1_Hash(unsigned char *dest, const char *src);
1000
1001 /*
1002 ** Hash a non-null terminated string "src" into "dest" using SHA-1
1003 */
1004 extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src,
1005 uint32 src_length);
1006
1007 /*
1008 ** Create a new SHA-1 context
1009 */
1010 extern SHA1Context *SHA1_NewContext(void);
1011
1012
1013 /*
1014 ** Destroy a SHA-1 secure hash context.
1015 ** "cx" the context
1016 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
1017 */
1018 extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit);
1019
1020 /*
1021 ** Reset a SHA-1 context, preparing it for a fresh round of hashing
1022 */
1023 extern void SHA1_Begin(SHA1Context *cx);
1024
1025 /*
1026 ** Update the SHA-1 hash function with more data.
1027 ** "cx" the context
1028 ** "input" the data to hash
1029 ** "inputLen" the amount of data to hash
1030 */
1031 extern void SHA1_Update(SHA1Context *cx, const unsigned char *input,
1032 unsigned int inputLen);
1033
1034 /*
1035 ** Finish the SHA-1 hash function. Produce the digested results in "digest"
1036 ** "cx" the context
1037 ** "digest" where the 16 bytes of digest data are stored
1038 ** "digestLen" where the digest length (20) is stored
1039 ** "maxDigestLen" the maximum amount of data that can ever be
1040 ** stored in "digest"
1041 */
1042 extern void SHA1_End(SHA1Context *cx, unsigned char *digest,
1043 unsigned int *digestLen, unsigned int maxDigestLen);
1044
1045 /*
1046 ** Export the current state of the SHA-1 hash without appending the standard
1047 ** padding and length. Produce the digested results in "digest"
1048 ** "cx" the context
1049 ** "digest" where the 16 bytes of digest data are stored
1050 ** "digestLen" where the digest length (20) is stored (optional)
1051 ** "maxDigestLen" the maximum amount of data that can ever be
1052 ** stored in "digest"
1053 */
1054 extern void SHA1_EndRaw(SHA1Context *cx, unsigned char *digest,
1055 unsigned int *digestLen, unsigned int maxDigestLen);
1056
1057 /*
1058 ** trace the intermediate state info of the SHA1 hash.
1059 */
1060 extern void SHA1_TraceState(SHA1Context *cx);
1061
1062 /*
1063 * Return the the size of a buffer needed to flatten the SHA-1 Context into
1064 * "cx" the context
1065 * returns size;
1066 */
1067 extern unsigned int SHA1_FlattenSize(SHA1Context *cx);
1068
1069 /*
1070 * Flatten the SHA-1 Context into a buffer:
1071 * "cx" the context
1072 * "space" the buffer to flatten to
1073 * returns status;
1074 */
1075 extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space);
1076
1077 /*
1078 * Resurrect a flattened context into a SHA-1 Context
1079 * "space" the buffer of the flattend buffer
1080 * "arg" ptr to void used by cryptographic resurrect
1081 * returns resurected context;
1082 */
1083 extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg);
1084 extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
1085
1086 /******************************************/
1087
1088 extern SHA224Context *SHA224_NewContext(void);
1089 extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
1090 extern void SHA224_Begin(SHA224Context *cx);
1091 extern void SHA224_Update(SHA224Context *cx, const unsigned char *input,
1092 unsigned int inputLen);
1093 extern void SHA224_End(SHA224Context *cx, unsigned char *digest,
1094 unsigned int *digestLen, unsigned int maxDigestLen);
1095 extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest,
1096 unsigned int *digestLen, unsigned int maxDigestLen);
1097 extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
1098 uint32 src_length);
1099 extern SECStatus SHA224_Hash(unsigned char *dest, const char *src);
1100 extern void SHA224_TraceState(SHA224Context *cx);
1101 extern unsigned int SHA224_FlattenSize(SHA224Context *cx);
1102 extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
1103 extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
1104 extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
1105
1106 /******************************************/
1107
1108 extern SHA256Context *SHA256_NewContext(void);
1109 extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
1110 extern void SHA256_Begin(SHA256Context *cx);
1111 extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
1112 unsigned int inputLen);
1113 extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
1114 unsigned int *digestLen, unsigned int maxDigestLen);
1115 extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest,
1116 unsigned int *digestLen, unsigned int maxDigestLen);
1117 extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
1118 uint32 src_length);
1119 extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
1120 extern void SHA256_TraceState(SHA256Context *cx);
1121 extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
1122 extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
1123 extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
1124 extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src);
1125
1126 /******************************************/
1127
1128 extern SHA512Context *SHA512_NewContext(void);
1129 extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
1130 extern void SHA512_Begin(SHA512Context *cx);
1131 extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
1132 unsigned int inputLen);
1133 extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest,
1134 unsigned int *digestLen, unsigned int maxDigestLen);
1135 extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
1136 unsigned int *digestLen, unsigned int maxDigestLen);
1137 extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
1138 uint32 src_length);
1139 extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
1140 extern void SHA512_TraceState(SHA512Context *cx);
1141 extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
1142 extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
1143 extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
1144 extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src);
1145
1146 /******************************************/
1147
1148 extern SHA384Context *SHA384_NewContext(void);
1149 extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
1150 extern void SHA384_Begin(SHA384Context *cx);
1151 extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
1152 unsigned int inputLen);
1153 extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
1154 unsigned int *digestLen, unsigned int maxDigestLen);
1155 extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest,
1156 unsigned int *digestLen, unsigned int maxDigestLen);
1157 extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
1158 uint32 src_length);
1159 extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
1160 extern void SHA384_TraceState(SHA384Context *cx);
1161 extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
1162 extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
1163 extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
1164 extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
1165
1166 /****************************************
1167 * implement TLS 1.0 Pseudo Random Function (PRF) and TLS P_hash function
1168 */
1169
1170 extern SECStatus
1171 TLS_PRF(const SECItem *secret, const char *label, SECItem *seed,
1172 SECItem *result, PRBool isFIPS);
1173
1174 extern SECStatus
1175 TLS_P_hash(HASH_HashType hashAlg, const SECItem *secret, const char *label,
1176 SECItem *seed, SECItem *result, PRBool isFIPS);
1177
1178 /******************************************/
1179 /*
1180 ** Pseudo Random Number Generation. FIPS compliance desirable.
1181 */
1182
1183 /*
1184 ** Initialize the global RNG context and give it some seed input taken
1185 ** from the system. This function is thread-safe and will only allow
1186 ** the global context to be initialized once. The seed input is likely
1187 ** small, so it is imperative that RNG_RandomUpdate() be called with
1188 ** additional seed data before the generator is used. A good way to
1189 ** provide the generator with additional entropy is to call
1190 ** RNG_SystemInfoForRNG(). Note that NSS_Init() does exactly that.
1191 */
1192 extern SECStatus RNG_RNGInit(void);
1193
1194 /*
1195 ** Update the global random number generator with more seeding
1196 ** material
1197 */
1198 extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes);
1199
1200 /*
1201 ** Generate some random bytes, using the global random number generator
1202 ** object.
1203 */
1204 extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len);
1205
1206 /* Destroy the global RNG context. After a call to RNG_RNGShutdown()
1207 ** a call to RNG_RNGInit() is required in order to use the generator again,
1208 ** along with seed data (see the comment above RNG_RNGInit()).
1209 */
1210 extern void RNG_RNGShutdown(void);
1211
1212 extern void RNG_SystemInfoForRNG(void);
1213
1214 /*
1215 * FIPS 186-2 Change Notice 1 RNG Algorithm 1, used both to
1216 * generate the DSA X parameter and as a generic purpose RNG.
1217 *
1218 * The following two FIPS186Change functions are needed for
1219 * NIST RNG Validation System.
1220 */
1221
1222 /*
1223 * FIPS186Change_GenerateX is now deprecated. It will return SECFailure with
1224 * the error set to PR_NOT_IMPLEMENTED_ERROR.
1225 */
1226 extern SECStatus
1227 FIPS186Change_GenerateX(unsigned char *XKEY,
1228 const unsigned char *XSEEDj,
1229 unsigned char *x_j);
1230
1231 /*
1232 * When generating the DSA X parameter, we generate 2*GSIZE bytes
1233 * of random output and reduce it mod q.
1234 *
1235 * Input: w, 2*GSIZE bytes
1236 * q, DSA_SUBPRIME_LEN bytes
1237 * Output: xj, DSA_SUBPRIME_LEN bytes
1238 */
1239 extern SECStatus
1240 FIPS186Change_ReduceModQForDSA(const unsigned char *w,
1241 const unsigned char *q,
1242 unsigned char *xj);
1243
1244 /*
1245 * The following functions are for FIPS poweron self test and FIPS algorithm
1246 * testing.
1247 */
1248 extern SECStatus
1249 PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
1250 const PRUint8 *nonce, unsigned int nonce_len,
1251 const PRUint8 *personal_string, unsigned int ps_len);
1252
1253 extern SECStatus
1254 PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
1255 const PRUint8 *additional, unsigned int additional_len);
1256
1257 extern SECStatus
1258 PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
1259 const PRUint8 *additional, unsigned int additional_len);
1260
1261 extern SECStatus
1262 PRNGTEST_Uninstantiate(void);
1263
1264 extern SECStatus
1265 PRNGTEST_RunHealthTests(void);
1266
1267 /* Generate PQGParams and PQGVerify structs.
1268 * Length of seed and length of h both equal length of P.
1269 * All lengths are specified by "j", according to the table above.
1270 *
1271 * The verify parameters will conform to FIPS186-1.
1272 */
1273 extern SECStatus
1274 PQG_ParamGen(unsigned int j, /* input : determines length of P. */
1275 PQGParams **pParams, /* output: P Q and G returned here */
1276 PQGVerify **pVfy); /* output: counter and seed. */
1277
1278 /* Generate PQGParams and PQGVerify structs.
1279 * Length of P specified by j. Length of h will match length of P.
1280 * Length of SEED in bytes specified in seedBytes.
1281 * seedBbytes must be in the range [20..255] or an error will result.
1282 *
1283 * The verify parameters will conform to FIPS186-1.
1284 */
1285 extern SECStatus
1286 PQG_ParamGenSeedLen(
1287 unsigned int j, /* input : determines length of P. */
1288 unsigned int seedBytes, /* input : length of seed in bytes.*/
1289 PQGParams **pParams, /* output: P Q and G returned here */
1290 PQGVerify **pVfy); /* output: counter and seed. */
1291
1292 /* Generate PQGParams and PQGVerify structs.
1293 * Length of P specified by L in bits.
1294 * Length of Q specified by N in bits.
1295 * Length of SEED in bytes specified in seedBytes.
1296 * seedBbytes must be in the range [N..L*2] or an error will result.
1297 *
1298 * Not that J uses the above table, L is the length exact. L and N must
1299 * match the table below or an error will result:
1300 *
1301 * L N
1302 * 1024 160
1303 * 2048 224
1304 * 2048 256
1305 * 3072 256
1306 *
1307 * If N or seedBytes are set to zero, then PQG_ParamGenSeedLen will
1308 * pick a default value (typically the smallest secure value for these
1309 * variables).
1310 *
1311 * The verify parameters will conform to FIPS186-3 using the smallest
1312 * permissible hash for the key strength.
1313 */
1314 extern SECStatus
1315 PQG_ParamGenV2(
1316 unsigned int L, /* input : determines length of P. */
1317 unsigned int N, /* input : determines length of Q. */
1318 unsigned int seedBytes, /* input : length of seed in bytes.*/
1319 PQGParams **pParams, /* output: P Q and G returned here */
1320 PQGVerify **pVfy); /* output: counter and seed. */
1321
1322
1323 /* Test PQGParams for validity as DSS PQG values.
1324 * If vfy is non-NULL, test PQGParams to make sure they were generated
1325 * using the specified seed, counter, and h values.
1326 *
1327 * Return value indicates whether Verification operation ran successfully
1328 * to completion, but does not indicate if PQGParams are valid or not.
1329 * If return value is SECSuccess, then *pResult has these meanings:
1330 * SECSuccess: PQGParams are valid.
1331 * SECFailure: PQGParams are invalid.
1332 *
1333 * Verify the PQG againts the counter, SEED and h.
1334 * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2
1335 * PQG_VerifyParams will automatically choose the appropriate test.
1336 */
1337
1338 extern SECStatus PQG_VerifyParams(const PQGParams *params,
1339 const PQGVerify *vfy, SECStatus *result);
1340
1341 extern void PQG_DestroyParams(PQGParams *params);
1342
1343 extern void PQG_DestroyVerify(PQGVerify *vfy);
1344
1345
1346 /*
1347 * clean-up any global tables freebl may have allocated after it starts up.
1348 * This function is not thread safe and should be called only after the
1349 * library has been quiessed.
1350 */
1351 extern void BL_Cleanup(void);
1352
1353 /* unload freebl shared library from memory */
1354 extern void BL_Unload(void);
1355
1356 /**************************************************************************
1357 * Verify a given Shared library signature *
1358 **************************************************************************/
1359 PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr);
1360
1361 /**************************************************************************
1362 * Verify a given filename's signature *
1363 **************************************************************************/
1364 PRBool BLAPI_SHVerifyFile(const char *shName);
1365
1366 /**************************************************************************
1367 * Verify Are Own Shared library signature *
1368 **************************************************************************/
1369 PRBool BLAPI_VerifySelf(const char *name);
1370
1371 /*********************************************************************/
1372 extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType);
1373
1374 extern void BL_SetForkState(PRBool forked);
1375
1376 SEC_END_PROTOS
1377
1378 #endif /* _BLAPI_H_ */
OLDNEW
« no previous file with comments | « mozilla/security/nss/lib/freebl/arcfour.c ('k') | mozilla/security/nss/lib/freebl/blapii.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698