Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(107)

Side by Side Diff: nss/lib/freebl/blapi.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/freebl/arcfour.c ('k') | nss/lib/freebl/blapii.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * blapi.h - public prototypes for the freebl library
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
8 #ifndef _BLAPI_H_
9 #define _BLAPI_H_
10
11 #include "blapit.h"
12 #include "hasht.h"
13 #include "alghmac.h"
14
15 SEC_BEGIN_PROTOS
16
17 /*
18 ** RSA encryption/decryption. When encrypting/decrypting the output
19 ** buffer must be at least the size of the public key modulus.
20 */
21
22 extern SECStatus BL_Init(void);
23
24 /*
25 ** Generate and return a new RSA public and private key.
26 ** Both keys are encoded in a single RSAPrivateKey structure.
27 ** "cx" is the random number generator context
28 ** "keySizeInBits" is the size of the key to be generated, in bits.
29 ** 512, 1024, etc.
30 ** "publicExponent" when not NULL is a pointer to some data that
31 ** represents the public exponent to use. The data is a byte
32 ** encoded integer, in "big endian" order.
33 */
34 extern RSAPrivateKey *RSA_NewKey(int keySizeInBits,
35 SECItem * publicExponent);
36
37 /*
38 ** Perform a raw public-key operation
39 ** Length of input and output buffers are equal to key's modulus len.
40 */
41 extern SECStatus RSA_PublicKeyOp(RSAPublicKey * key,
42 unsigned char * output,
43 const unsigned char * input);
44
45 /*
46 ** Perform a raw private-key operation
47 ** Length of input and output buffers are equal to key's modulus len.
48 */
49 extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey * key,
50 unsigned char * output,
51 const unsigned char * input);
52
53 /*
54 ** Perform a raw private-key operation, and check the parameters used in
55 ** the operation for validity by performing a test operation first.
56 ** Length of input and output buffers are equal to key's modulus len.
57 */
58 extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key,
59 unsigned char * output,
60 const unsigned char * input);
61
62 /*
63 ** Perform a check of private key parameters for consistency.
64 */
65 extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key);
66
67 /*
68 ** Given only minimal private key parameters, fill in the rest of the
69 ** parameters.
70 **
71 **
72 ** All the entries, including those supplied by the caller, will be
73 ** overwritten with data alocated out of the arena.
74 **
75 ** If no arena is supplied, one will be created.
76 **
77 ** The following fields must be supplied in order for this function
78 ** to succeed:
79 ** one of either publicExponent or privateExponent
80 ** two more of the following 5 parameters (not counting the above).
81 ** modulus (n)
82 ** prime1 (p)
83 ** prime2 (q)
84 ** publicExponent (e)
85 ** privateExponent (d)
86 **
87 ** NOTE: if only the publicExponent, privateExponent, and one prime is given,
88 ** then there may be more than one RSA key that matches that combination. If
89 ** we find 2 possible valid keys that meet this criteria, we return an error.
90 ** If we return the wrong key, and the original modulus is compared to the
91 ** new modulus, both can be factored by calculateing gcd(n_old,n_new) to get
92 ** the common prime.
93 **
94 ** NOTE: in some cases the publicExponent must be less than 2^23 for this
95 ** function to work correctly. (The case where we have only one of: modulus
96 ** prime1 and prime2).
97 **
98 ** All parameters will be replaced in the key structure with new parameters
99 ** allocated out of the arena. There is no attempt to free the old structures.
100 ** prime1 will always be greater than prime2 (even if the caller supplies the
101 ** smaller prime as prime1 or the larger prime as prime2). The parameters are
102 ** not overwritten on failure.
103 **
104 ** While the remaining Chinese remainder theorem parameters (dp,dp, and qinv)
105 ** can also be used in reconstructing the private key, they are currently
106 ** ignored in this implementation.
107 */
108 extern SECStatus RSA_PopulatePrivateKey(RSAPrivateKey *key);
109
110 /********************************************************************
111 ** RSA algorithm
112 */
113
114 /********************************************************************
115 ** Raw signing/encryption/decryption operations.
116 **
117 ** No padding or formatting will be applied.
118 ** inputLen MUST be equivalent to the modulus size (in bytes).
119 */
120 extern SECStatus
121 RSA_SignRaw(RSAPrivateKey * key,
122 unsigned char * output,
123 unsigned int * outputLen,
124 unsigned int maxOutputLen,
125 const unsigned char * input,
126 unsigned int inputLen);
127
128 extern SECStatus
129 RSA_CheckSignRaw(RSAPublicKey * key,
130 const unsigned char * sig,
131 unsigned int sigLen,
132 const unsigned char * hash,
133 unsigned int hashLen);
134
135 extern SECStatus
136 RSA_CheckSignRecoverRaw(RSAPublicKey * key,
137 unsigned char * data,
138 unsigned int * dataLen,
139 unsigned int maxDataLen,
140 const unsigned char * sig,
141 unsigned int sigLen);
142
143 extern SECStatus
144 RSA_EncryptRaw(RSAPublicKey * key,
145 unsigned char * output,
146 unsigned int * outputLen,
147 unsigned int maxOutputLen,
148 const unsigned char * input,
149 unsigned int inputLen);
150
151 extern SECStatus
152 RSA_DecryptRaw(RSAPrivateKey * key,
153 unsigned char * output,
154 unsigned int * outputLen,
155 unsigned int maxOutputLen,
156 const unsigned char * input,
157 unsigned int inputLen);
158
159 /********************************************************************
160 ** RSAES-OAEP encryption/decryption, as defined in RFC 3447, Section 7.1.
161 **
162 ** Note: Only MGF1 is supported as the mask generation function. It will be
163 ** used with maskHashAlg as the inner hash function.
164 **
165 ** Unless performing Known Answer Tests, "seed" should be NULL, indicating that
166 ** freebl should generate a random value. Otherwise, it should be an octet
167 ** string of seedLen bytes, which should be the same size as the output of
168 ** hashAlg.
169 */
170 extern SECStatus
171 RSA_EncryptOAEP(RSAPublicKey * key,
172 HASH_HashType hashAlg,
173 HASH_HashType maskHashAlg,
174 const unsigned char * label,
175 unsigned int labelLen,
176 const unsigned char * seed,
177 unsigned int seedLen,
178 unsigned char * output,
179 unsigned int * outputLen,
180 unsigned int maxOutputLen,
181 const unsigned char * input,
182 unsigned int inputLen);
183
184 extern SECStatus
185 RSA_DecryptOAEP(RSAPrivateKey * key,
186 HASH_HashType hashAlg,
187 HASH_HashType maskHashAlg,
188 const unsigned char * label,
189 unsigned int labelLen,
190 unsigned char * output,
191 unsigned int * outputLen,
192 unsigned int maxOutputLen,
193 const unsigned char * input,
194 unsigned int inputLen);
195
196 /********************************************************************
197 ** RSAES-PKCS1-v1_5 encryption/decryption, as defined in RFC 3447, Section 7.2.
198 */
199 extern SECStatus
200 RSA_EncryptBlock(RSAPublicKey * key,
201 unsigned char * output,
202 unsigned int * outputLen,
203 unsigned int maxOutputLen,
204 const unsigned char * input,
205 unsigned int inputLen);
206
207 extern SECStatus
208 RSA_DecryptBlock(RSAPrivateKey * key,
209 unsigned char * output,
210 unsigned int * outputLen,
211 unsigned int maxOutputLen,
212 const unsigned char * input,
213 unsigned int inputLen);
214
215 /********************************************************************
216 ** RSASSA-PSS signing/verifying, as defined in RFC 3447, Section 8.1.
217 **
218 ** Note: Only MGF1 is supported as the mask generation function. It will be
219 ** used with maskHashAlg as the inner hash function.
220 **
221 ** Unless performing Known Answer Tests, "salt" should be NULL, indicating that
222 ** freebl should generate a random value.
223 */
224 extern SECStatus
225 RSA_SignPSS(RSAPrivateKey * key,
226 HASH_HashType hashAlg,
227 HASH_HashType maskHashAlg,
228 const unsigned char * salt,
229 unsigned int saltLen,
230 unsigned char * output,
231 unsigned int * outputLen,
232 unsigned int maxOutputLen,
233 const unsigned char * input,
234 unsigned int inputLen);
235
236 extern SECStatus
237 RSA_CheckSignPSS(RSAPublicKey * key,
238 HASH_HashType hashAlg,
239 HASH_HashType maskHashAlg,
240 unsigned int saltLen,
241 const unsigned char * sig,
242 unsigned int sigLen,
243 const unsigned char * hash,
244 unsigned int hashLen);
245
246 /********************************************************************
247 ** RSASSA-PKCS1-v1_5 signing/verifying, as defined in RFC 3447, Section 8.2.
248 **
249 ** These functions expect as input to be the raw value to be signed. For most
250 ** cases using PKCS1-v1_5, this should be the value of T, the DER-encoded
251 ** DigestInfo structure defined in Section 9.2, Step 2.
252 ** Note: This can also be used for signatures that use PKCS1-v1_5 padding, such
253 ** as the signatures used in SSL/TLS, which sign a raw hash.
254 */
255 extern SECStatus
256 RSA_Sign(RSAPrivateKey * key,
257 unsigned char * output,
258 unsigned int * outputLen,
259 unsigned int maxOutputLen,
260 const unsigned char * data,
261 unsigned int dataLen);
262
263 extern SECStatus
264 RSA_CheckSign(RSAPublicKey * key,
265 const unsigned char * sig,
266 unsigned int sigLen,
267 const unsigned char * data,
268 unsigned int dataLen);
269
270 extern SECStatus
271 RSA_CheckSignRecover(RSAPublicKey * key,
272 unsigned char * output,
273 unsigned int * outputLen,
274 unsigned int maxOutputLen,
275 const unsigned char * sig,
276 unsigned int sigLen);
277
278 /********************************************************************
279 ** DSA signing algorithm
280 */
281
282 /* Generate a new random value within the interval [2, q-1].
283 */
284 extern SECStatus DSA_NewRandom(PLArenaPool * arena, const SECItem * q,
285 SECItem * random);
286
287 /*
288 ** Generate and return a new DSA public and private key pair,
289 ** both of which are encoded into a single DSAPrivateKey struct.
290 ** "params" is a pointer to the PQG parameters for the domain
291 ** Uses a random seed.
292 */
293 extern SECStatus DSA_NewKey(const PQGParams * params,
294 DSAPrivateKey ** privKey);
295
296 /* signature is caller-supplied buffer of at least 20 bytes.
297 ** On input, signature->len == size of buffer to hold signature.
298 ** digest->len == size of digest.
299 ** On output, signature->len == size of signature in buffer.
300 ** Uses a random seed.
301 */
302 extern SECStatus DSA_SignDigest(DSAPrivateKey * key,
303 SECItem * signature,
304 const SECItem * digest);
305
306 /* signature is caller-supplied buffer of at least 20 bytes.
307 ** On input, signature->len == size of buffer to hold signature.
308 ** digest->len == size of digest.
309 */
310 extern SECStatus DSA_VerifyDigest(DSAPublicKey * key,
311 const SECItem * signature,
312 const SECItem * digest);
313
314 /* For FIPS compliance testing. Seed must be exactly 20 bytes long */
315 extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params,
316 const unsigned char * seed,
317 DSAPrivateKey **privKey);
318
319 /* For FIPS compliance testing. Seed must be exactly 20 bytes. */
320 extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey * key,
321 SECItem * signature,
322 const SECItem * digest,
323 const unsigned char * seed);
324
325 /******************************************************
326 ** Diffie Helman key exchange algorithm
327 */
328
329 /* Generates parameters for Diffie-Helman key generation.
330 ** primeLen is the length in bytes of prime P to be generated.
331 */
332 extern SECStatus DH_GenParam(int primeLen, DHParams ** params);
333
334 /* Generates a public and private key, both of which are encoded in a single
335 ** DHPrivateKey struct. Params is input, privKey are output.
336 ** This is Phase 1 of Diffie Hellman.
337 */
338 extern SECStatus DH_NewKey(DHParams * params,
339 DHPrivateKey ** privKey);
340
341 /*
342 ** DH_Derive does the Diffie-Hellman phase 2 calculation, using the
343 ** other party's publicValue, and the prime and our privateValue.
344 ** maxOutBytes is the requested length of the generated secret in bytes.
345 ** A zero value means produce a value of any length up to the size of
346 ** the prime. If successful, derivedSecret->data is set
347 ** to the address of the newly allocated buffer containing the derived
348 ** secret, and derivedSecret->len is the size of the secret produced.
349 ** The size of the secret produced will depend on the value of outBytes.
350 ** If outBytes is 0, the key length will be all the significant bytes of
351 ** the derived secret (leading zeros are dropped). This length could be less
352 ** than the length of the prime. If outBytes is nonzero, the length of the
353 ** produced key will be outBytes long. If the key is truncated, the most
354 ** significant bytes are truncated. If it is expanded, zero bytes are added
355 ** at the beginning.
356 ** It is the caller's responsibility to free the allocated buffer
357 ** containing the derived secret.
358 */
359 extern SECStatus DH_Derive(SECItem * publicValue,
360 SECItem * prime,
361 SECItem * privateValue,
362 SECItem * derivedSecret,
363 unsigned int outBytes);
364
365 /*
366 ** KEA_CalcKey returns octet string with the private key for a dual
367 ** Diffie-Helman key generation as specified for government key exchange.
368 */
369 extern SECStatus KEA_Derive(SECItem *prime,
370 SECItem *public1,
371 SECItem *public2,
372 SECItem *private1,
373 SECItem *private2,
374 SECItem *derivedSecret);
375
376 /*
377 * verify that a KEA or DSA public key is a valid key for this prime and
378 * subprime domain.
379 */
380 extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime);
381
382 /****************************************
383 * J-PAKE key transport
384 */
385
386 /* Given gx == g^x, create a Schnorr zero-knowledge proof for the value x
387 * using the specified hash algorithm and signer ID. The signature is
388 * returned in the values gv and r. testRandom must be NULL for a PRNG
389 * generated random committment to be used in the sigature. When testRandom
390 * is non-NULL, that value must contain a value in the subgroup q; that
391 * value will be used instead of a PRNG-generated committment in order to
392 * facilitate known-answer tests.
393 *
394 * If gxIn is non-NULL then it must contain a pre-computed value of g^x that
395 * will be used by the function; in this case, the gxOut parameter must be NULL.
396 * If the gxIn parameter is NULL then gxOut must be non-NULL; in this case
397 * gxOut will contain the value g^x on output.
398 *
399 * gx (if not supplied by the caller), gv, and r will be allocated in the arena.
400 * The arena is *not* optional so do not pass NULL for the arena parameter.
401 * The arena should be zeroed when it is freed.
402 */
403 SECStatus
404 JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
405 const SECItem * signerID, const SECItem * x,
406 const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut,
407 SECItem * gv, SECItem * r);
408
409 /* Given gx == g^x, verify the Schnorr zero-knowledge proof (gv, r) for the
410 * value x using the specified hash algorithm and signer ID.
411 *
412 * The arena is *not* optional so do not pass NULL for the arena parameter.
413 */
414 SECStatus
415 JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg,
416 HASH_HashType hashType, const SECItem * signerID,
417 const SECItem * peerID, const SECItem * gx,
418 const SECItem * gv, const SECItem * r);
419
420 /* Call before round 2 with x2, s, and x2s all non-NULL. This will calculate
421 * base = g^(x1+x3+x4) (mod p) and x2s = x2*s (mod q). The values to send in
422 * round 2 (A and the proof of knowledge of x2s) can then be calculated with
423 * JPAKE_Sign using pqg->base = base and x = x2s.
424 *
425 * Call after round 2 with x2, s, and x2s all NULL, and passing (gx1, gx2, gx3)
426 * instead of (gx1, gx3, gx4). This will calculate base = g^(x1+x2+x3). Then cal l
427 * JPAKE_Verify with pqg->base = base and then JPAKE_Final.
428 *
429 * base and x2s will be allocated in the arena. The arena is *not* optional so
430 * do not pass NULL for the arena parameter. The arena should be zeroed when it
431 * is freed.
432 */
433 SECStatus
434 JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem *q,
435 const SECItem * gx1, const SECItem * gx3, const SECItem * gx4,
436 SECItem * base, const SECItem * x2, const SECItem * s, SECItem * x2 s);
437
438 /* K = (B/g^(x2*x4*s))^x2 (mod p)
439 *
440 * K will be allocated in the arena. The arena is *not* optional so do not pass
441 * NULL for the arena parameter. The arena should be zeroed when it is freed.
442 */
443 SECStatus
444 JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem *q,
445 const SECItem * x2, const SECItem * gx4, const SECItem * x2s,
446 const SECItem * B, SECItem * K);
447
448 /******************************************************
449 ** Elliptic Curve algorithms
450 */
451
452 /* Generates a public and private key, both of which are encoded
453 ** in a single ECPrivateKey struct. Params is input, privKey are
454 ** output.
455 */
456 extern SECStatus EC_NewKey(ECParams * params,
457 ECPrivateKey ** privKey);
458
459 extern SECStatus EC_NewKeyFromSeed(ECParams * params,
460 ECPrivateKey ** privKey,
461 const unsigned char* seed,
462 int seedlen);
463
464 /* Validates an EC public key as described in Section 5.2.2 of
465 * X9.62. Such validation prevents against small subgroup attacks
466 * when the ECDH primitive is used with the cofactor.
467 */
468 extern SECStatus EC_ValidatePublicKey(ECParams * params,
469 SECItem * publicValue);
470
471 /*
472 ** ECDH_Derive performs a scalar point multiplication of a point
473 ** representing a (peer's) public key and a large integer representing
474 ** a private key (its own). Both keys must use the same elliptic curve
475 ** parameters. If the withCofactor parameter is true, the
476 ** multiplication also uses the cofactor associated with the curve
477 ** parameters. The output of this scheme is the x-coordinate of the
478 ** resulting point. If successful, derivedSecret->data is set to the
479 ** address of the newly allocated buffer containing the derived
480 ** secret, and derivedSecret->len is the size of the secret
481 ** produced. It is the caller's responsibility to free the allocated
482 ** buffer containing the derived secret.
483 */
484 extern SECStatus ECDH_Derive(SECItem * publicValue,
485 ECParams * params,
486 SECItem * privateValue,
487 PRBool withCofactor,
488 SECItem * derivedSecret);
489
490 /* On input, signature->len == size of buffer to hold signature.
491 ** digest->len == size of digest.
492 ** On output, signature->len == size of signature in buffer.
493 ** Uses a random seed.
494 */
495 extern SECStatus ECDSA_SignDigest(ECPrivateKey *key,
496 SECItem *signature,
497 const SECItem *digest);
498
499 /* On input, signature->len == size of buffer to hold signature.
500 ** digest->len == size of digest.
501 */
502 extern SECStatus ECDSA_VerifyDigest(ECPublicKey *key,
503 const SECItem *signature,
504 const SECItem *digest);
505
506 /* Uses the provided seed. */
507 extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey *key,
508 SECItem *signature,
509 const SECItem *digest,
510 const unsigned char *seed,
511 const int seedlen);
512
513 /******************************************/
514 /*
515 ** RC4 symmetric stream cypher
516 */
517
518 /*
519 ** Create a new RC4 context suitable for RC4 encryption/decryption.
520 ** "key" raw key data
521 ** "len" the number of bytes of key data
522 */
523 extern RC4Context *RC4_CreateContext(const unsigned char *key, int len);
524
525 extern RC4Context *RC4_AllocateContext(void);
526 extern SECStatus RC4_InitContext(RC4Context *cx,
527 const unsigned char *key,
528 unsigned int keylen,
529 const unsigned char *,
530 int,
531 unsigned int ,
532 unsigned int );
533
534 /*
535 ** Destroy an RC4 encryption/decryption context.
536 ** "cx" the context
537 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
538 */
539 extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit);
540
541 /*
542 ** Perform RC4 encryption.
543 ** "cx" the context
544 ** "output" the output buffer to store the encrypted data.
545 ** "outputLen" how much data is stored in "output". Set by the routine
546 ** after some data is stored in output.
547 ** "maxOutputLen" the maximum amount of data that can ever be
548 ** stored in "output"
549 ** "input" the input data
550 ** "inputLen" the amount of input data
551 */
552 extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output,
553 unsigned int *outputLen, unsigned int maxOutputLen,
554 const unsigned char *input, unsigned int inputLen);
555
556 /*
557 ** Perform RC4 decryption.
558 ** "cx" the context
559 ** "output" the output buffer to store the decrypted data.
560 ** "outputLen" how much data is stored in "output". Set by the routine
561 ** after some data is stored in output.
562 ** "maxOutputLen" the maximum amount of data that can ever be
563 ** stored in "output"
564 ** "input" the input data
565 ** "inputLen" the amount of input data
566 */
567 extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
568 unsigned int *outputLen, unsigned int maxOutputLen,
569 const unsigned char *input, unsigned int inputLen);
570
571 /******************************************/
572 /*
573 ** RC2 symmetric block cypher
574 */
575
576 /*
577 ** Create a new RC2 context suitable for RC2 encryption/decryption.
578 ** "key" raw key data
579 ** "len" the number of bytes of key data
580 ** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
581 ** "mode" one of NSS_RC2 or NSS_RC2_CBC
582 ** "effectiveKeyLen" is the effective key length (as specified in
583 ** RFC 2268) in bytes (not bits).
584 **
585 ** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
586 ** chaining" mode.
587 */
588 extern RC2Context *RC2_CreateContext(const unsigned char *key, unsigned int len,
589 const unsigned char *iv, int mode,
590 unsigned effectiveKeyLen);
591 extern RC2Context *RC2_AllocateContext(void);
592 extern SECStatus RC2_InitContext(RC2Context *cx,
593 const unsigned char *key,
594 unsigned int keylen,
595 const unsigned char *iv,
596 int mode,
597 unsigned int effectiveKeyLen,
598 unsigned int );
599
600 /*
601 ** Destroy an RC2 encryption/decryption context.
602 ** "cx" the context
603 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
604 */
605 extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit);
606
607 /*
608 ** Perform RC2 encryption.
609 ** "cx" the context
610 ** "output" the output buffer to store the encrypted data.
611 ** "outputLen" how much data is stored in "output". Set by the routine
612 ** after some data is stored in output.
613 ** "maxOutputLen" the maximum amount of data that can ever be
614 ** stored in "output"
615 ** "input" the input data
616 ** "inputLen" the amount of input data
617 */
618 extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
619 unsigned int *outputLen, unsigned int maxOutputLen,
620 const unsigned char *input, unsigned int inputLen);
621
622 /*
623 ** Perform RC2 decryption.
624 ** "cx" the context
625 ** "output" the output buffer to store the decrypted data.
626 ** "outputLen" how much data is stored in "output". Set by the routine
627 ** after some data is stored in output.
628 ** "maxOutputLen" the maximum amount of data that can ever be
629 ** stored in "output"
630 ** "input" the input data
631 ** "inputLen" the amount of input data
632 */
633 extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
634 unsigned int *outputLen, unsigned int maxOutputLen,
635 const unsigned char *input, unsigned int inputLen);
636
637 /******************************************/
638 /*
639 ** RC5 symmetric block cypher -- 64-bit block size
640 */
641
642 /*
643 ** Create a new RC5 context suitable for RC5 encryption/decryption.
644 ** "key" raw key data
645 ** "len" the number of bytes of key data
646 ** "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC)
647 ** "mode" one of NSS_RC5 or NSS_RC5_CBC
648 **
649 ** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block
650 ** chaining" mode.
651 */
652 extern RC5Context *RC5_CreateContext(const SECItem *key, unsigned int rounds,
653 unsigned int wordSize, const unsigned char *iv, int mode);
654 extern RC5Context *RC5_AllocateContext(void);
655 extern SECStatus RC5_InitContext(RC5Context *cx,
656 const unsigned char *key,
657 unsigned int keylen,
658 const unsigned char *iv,
659 int mode,
660 unsigned int rounds,
661 unsigned int wordSize);
662
663 /*
664 ** Destroy an RC5 encryption/decryption context.
665 ** "cx" the context
666 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
667 */
668 extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit);
669
670 /*
671 ** Perform RC5 encryption.
672 ** "cx" the context
673 ** "output" the output buffer to store the encrypted data.
674 ** "outputLen" how much data is stored in "output". Set by the routine
675 ** after some data is stored in output.
676 ** "maxOutputLen" the maximum amount of data that can ever be
677 ** stored in "output"
678 ** "input" the input data
679 ** "inputLen" the amount of input data
680 */
681 extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output,
682 unsigned int *outputLen, unsigned int maxOutputLen,
683 const unsigned char *input, unsigned int inputLen);
684
685 /*
686 ** Perform RC5 decryption.
687 ** "cx" the context
688 ** "output" the output buffer to store the decrypted data.
689 ** "outputLen" how much data is stored in "output". Set by the routine
690 ** after some data is stored in output.
691 ** "maxOutputLen" the maximum amount of data that can ever be
692 ** stored in "output"
693 ** "input" the input data
694 ** "inputLen" the amount of input data
695 */
696
697 extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output,
698 unsigned int *outputLen, unsigned int maxOutputLen,
699 const unsigned char *input, unsigned int inputLen);
700
701
702
703 /******************************************/
704 /*
705 ** DES symmetric block cypher
706 */
707
708 /*
709 ** Create a new DES context suitable for DES encryption/decryption.
710 ** "key" raw key data
711 ** "len" the number of bytes of key data
712 ** "iv" is the CBC initialization vector (if mode is NSS_DES_CBC or
713 ** mode is DES_EDE3_CBC)
714 ** "mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC
715 ** "encrypt" is PR_TRUE if the context will be used for encryption
716 **
717 ** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES
718 ** cipher is run in "cipher block chaining" mode.
719 */
720 extern DESContext *DES_CreateContext(const unsigned char *key,
721 const unsigned char *iv,
722 int mode, PRBool encrypt);
723 extern DESContext *DES_AllocateContext(void);
724 extern SECStatus DES_InitContext(DESContext *cx,
725 const unsigned char *key,
726 unsigned int keylen,
727 const unsigned char *iv,
728 int mode,
729 unsigned int encrypt,
730 unsigned int );
731
732 /*
733 ** Destroy an DES encryption/decryption context.
734 ** "cx" the context
735 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
736 */
737 extern void DES_DestroyContext(DESContext *cx, PRBool freeit);
738
739 /*
740 ** Perform DES encryption.
741 ** "cx" the context
742 ** "output" the output buffer to store the encrypted data.
743 ** "outputLen" how much data is stored in "output". Set by the routine
744 ** after some data is stored in output.
745 ** "maxOutputLen" the maximum amount of data that can ever be
746 ** stored in "output"
747 ** "input" the input data
748 ** "inputLen" the amount of input data
749 **
750 ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
751 */
752 extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output,
753 unsigned int *outputLen, unsigned int maxOutputLen,
754 const unsigned char *input, unsigned int inputLen);
755
756 /*
757 ** Perform DES decryption.
758 ** "cx" the context
759 ** "output" the output buffer to store the decrypted data.
760 ** "outputLen" how much data is stored in "output". Set by the routine
761 ** after some data is stored in output.
762 ** "maxOutputLen" the maximum amount of data that can ever be
763 ** stored in "output"
764 ** "input" the input data
765 ** "inputLen" the amount of input data
766 **
767 ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
768 */
769 extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output,
770 unsigned int *outputLen, unsigned int maxOutputLen,
771 const unsigned char *input, unsigned int inputLen);
772
773 /******************************************/
774 /*
775 ** SEED symmetric block cypher
776 */
777 extern SEEDContext *
778 SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
779 int mode, PRBool encrypt);
780 extern SEEDContext *SEED_AllocateContext(void);
781 extern SECStatus SEED_InitContext(SEEDContext *cx,
782 const unsigned char *key,
783 unsigned int keylen,
784 const unsigned char *iv,
785 int mode, unsigned int encrypt,
786 unsigned int );
787 extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit);
788 extern SECStatus
789 SEED_Encrypt(SEEDContext *cx, unsigned char *output,
790 unsigned int *outputLen, unsigned int maxOutputLen,
791 const unsigned char *input, unsigned int inputLen);
792 extern SECStatus
793 SEED_Decrypt(SEEDContext *cx, unsigned char *output,
794 unsigned int *outputLen, unsigned int maxOutputLen,
795 const unsigned char *input, unsigned int inputLen);
796
797 /******************************************/
798 /*
799 ** AES symmetric block cypher (Rijndael)
800 */
801
802 /*
803 ** Create a new AES context suitable for AES encryption/decryption.
804 ** "key" raw key data
805 ** "keylen" the number of bytes of key data (16, 24, or 32)
806 ** "blocklen" is the blocksize to use (16, 24, or 32)
807 ** XXX currently only blocksize==16 has been tested!
808 */
809 extern AESContext *
810 AES_CreateContext(const unsigned char *key, const unsigned char *iv,
811 int mode, int encrypt,
812 unsigned int keylen, unsigned int blocklen);
813 extern AESContext *AES_AllocateContext(void);
814 extern SECStatus AES_InitContext(AESContext *cx,
815 const unsigned char *key,
816 unsigned int keylen,
817 const unsigned char *iv,
818 int mode,
819 unsigned int encrypt,
820 unsigned int blocklen);
821
822 /*
823 ** Destroy a AES encryption/decryption context.
824 ** "cx" the context
825 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
826 */
827 extern void
828 AES_DestroyContext(AESContext *cx, PRBool freeit);
829
830 /*
831 ** Perform AES encryption.
832 ** "cx" the context
833 ** "output" the output buffer to store the encrypted data.
834 ** "outputLen" how much data is stored in "output". Set by the routine
835 ** after some data is stored in output.
836 ** "maxOutputLen" the maximum amount of data that can ever be
837 ** stored in "output"
838 ** "input" the input data
839 ** "inputLen" the amount of input data
840 */
841 extern SECStatus
842 AES_Encrypt(AESContext *cx, unsigned char *output,
843 unsigned int *outputLen, unsigned int maxOutputLen,
844 const unsigned char *input, unsigned int inputLen);
845
846 /*
847 ** Perform AES decryption.
848 ** "cx" the context
849 ** "output" the output buffer to store the decrypted data.
850 ** "outputLen" how much data is stored in "output". Set by the routine
851 ** after some data is stored in output.
852 ** "maxOutputLen" the maximum amount of data that can ever be
853 ** stored in "output"
854 ** "input" the input data
855 ** "inputLen" the amount of input data
856 */
857 extern SECStatus
858 AES_Decrypt(AESContext *cx, unsigned char *output,
859 unsigned int *outputLen, unsigned int maxOutputLen,
860 const unsigned char *input, unsigned int inputLen);
861
862 /******************************************/
863 /*
864 ** AES key wrap algorithm, RFC 3394
865 */
866
867 /*
868 ** Create a new AES context suitable for AES encryption/decryption.
869 ** "key" raw key data
870 ** "iv" The 8 byte "initial value"
871 ** "encrypt", a boolean, true for key wrapping, false for unwrapping.
872 ** "keylen" the number of bytes of key data (16, 24, or 32)
873 */
874 extern AESKeyWrapContext *
875 AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
876 int encrypt, unsigned int keylen);
877 extern AESKeyWrapContext * AESKeyWrap_AllocateContext(void);
878 extern SECStatus
879 AESKeyWrap_InitContext(AESKeyWrapContext *cx,
880 const unsigned char *key,
881 unsigned int keylen,
882 const unsigned char *iv,
883 int ,
884 unsigned int encrypt,
885 unsigned int );
886
887 /*
888 ** Destroy a AES KeyWrap context.
889 ** "cx" the context
890 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
891 */
892 extern void
893 AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit);
894
895 /*
896 ** Perform AES key wrap.
897 ** "cx" the context
898 ** "output" the output buffer to store the encrypted data.
899 ** "outputLen" how much data is stored in "output". Set by the routine
900 ** after some data is stored in output.
901 ** "maxOutputLen" the maximum amount of data that can ever be
902 ** stored in "output"
903 ** "input" the input data
904 ** "inputLen" the amount of input data
905 */
906 extern SECStatus
907 AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
908 unsigned int *outputLen, unsigned int maxOutputLen,
909 const unsigned char *input, unsigned int inputLen);
910
911 /*
912 ** Perform AES key unwrap.
913 ** "cx" the context
914 ** "output" the output buffer to store the decrypted data.
915 ** "outputLen" how much data is stored in "output". Set by the routine
916 ** after some data is stored in output.
917 ** "maxOutputLen" the maximum amount of data that can ever be
918 ** stored in "output"
919 ** "input" the input data
920 ** "inputLen" the amount of input data
921 */
922 extern SECStatus
923 AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
924 unsigned int *outputLen, unsigned int maxOutputLen,
925 const unsigned char *input, unsigned int inputLen);
926
927 /******************************************/
928 /*
929 ** Camellia symmetric block cypher
930 */
931
932 /*
933 ** Create a new Camellia context suitable for Camellia encryption/decryption.
934 ** "key" raw key data
935 ** "keylen" the number of bytes of key data (16, 24, or 32)
936 */
937 extern CamelliaContext *
938 Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
939 int mode, int encrypt, unsigned int keylen);
940
941 extern CamelliaContext *Camellia_AllocateContext(void);
942 extern SECStatus Camellia_InitContext(CamelliaContext *cx,
943 const unsigned char *key,
944 unsigned int keylen,
945 const unsigned char *iv,
946 int mode,
947 unsigned int encrypt,
948 unsigned int unused);
949 /*
950 ** Destroy a Camellia encryption/decryption context.
951 ** "cx" the context
952 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
953 */
954 extern void
955 Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit);
956
957 /*
958 ** Perform Camellia encryption.
959 ** "cx" the context
960 ** "output" the output buffer to store the encrypted data.
961 ** "outputLen" how much data is stored in "output". Set by the routine
962 ** after some data is stored in output.
963 ** "maxOutputLen" the maximum amount of data that can ever be
964 ** stored in "output"
965 ** "input" the input data
966 ** "inputLen" the amount of input data
967 */
968 extern SECStatus
969 Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
970 unsigned int *outputLen, unsigned int maxOutputLen,
971 const unsigned char *input, unsigned int inputLen);
972
973 /*
974 ** Perform Camellia decryption.
975 ** "cx" the context
976 ** "output" the output buffer to store the decrypted data.
977 ** "outputLen" how much data is stored in "output". Set by the routine
978 ** after some data is stored in output.
979 ** "maxOutputLen" the maximum amount of data that can ever be
980 ** stored in "output"
981 ** "input" the input data
982 ** "inputLen" the amount of input data
983 */
984 extern SECStatus
985 Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
986 unsigned int *outputLen, unsigned int maxOutputLen,
987 const unsigned char *input, unsigned int inputLen);
988
989 /******************************************/
990 /*
991 ** ChaCha20+Poly1305 AEAD
992 */
993
994 extern SECStatus ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
995 const unsigned char *key,
996 unsigned int keyLen,
997 unsigned int tagLen);
998
999 extern ChaCha20Poly1305Context *ChaCha20Poly1305_CreateContext(
1000 const unsigned char *key, unsigned int keyLen, unsigned int tagLen);
1001
1002 extern void ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx,
1003 PRBool freeit);
1004
1005 extern SECStatus ChaCha20Poly1305_Seal(
1006 const ChaCha20Poly1305Context *ctx, unsigned char *output,
1007 unsigned int *outputLen, unsigned int maxOutputLen,
1008 const unsigned char *input, unsigned int inputLen,
1009 const unsigned char *nonce, unsigned int nonceLen,
1010 const unsigned char *ad, unsigned int adLen);
1011
1012 extern SECStatus ChaCha20Poly1305_Open(
1013 const ChaCha20Poly1305Context *ctx, unsigned char *output,
1014 unsigned int *outputLen, unsigned int maxOutputLen,
1015 const unsigned char *input, unsigned int inputLen,
1016 const unsigned char *nonce, unsigned int nonceLen,
1017 const unsigned char *ad, unsigned int adLen);
1018
1019 /******************************************/
1020 /*
1021 ** MD5 secure hash function
1022 */
1023
1024 /*
1025 ** Hash a null terminated string "src" into "dest" using MD5
1026 */
1027 extern SECStatus MD5_Hash(unsigned char *dest, const char *src);
1028
1029 /*
1030 ** Hash a non-null terminated string "src" into "dest" using MD5
1031 */
1032 extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src,
1033 PRUint32 src_length);
1034
1035 /*
1036 ** Create a new MD5 context
1037 */
1038 extern MD5Context *MD5_NewContext(void);
1039
1040
1041 /*
1042 ** Destroy an MD5 secure hash context.
1043 ** "cx" the context
1044 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
1045 */
1046 extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit);
1047
1048 /*
1049 ** Reset an MD5 context, preparing it for a fresh round of hashing
1050 */
1051 extern void MD5_Begin(MD5Context *cx);
1052
1053 /*
1054 ** Update the MD5 hash function with more data.
1055 ** "cx" the context
1056 ** "input" the data to hash
1057 ** "inputLen" the amount of data to hash
1058 */
1059 extern void MD5_Update(MD5Context *cx,
1060 const unsigned char *input, unsigned int inputLen);
1061
1062 /*
1063 ** Finish the MD5 hash function. Produce the digested results in "digest"
1064 ** "cx" the context
1065 ** "digest" where the 16 bytes of digest data are stored
1066 ** "digestLen" where the digest length (16) is stored
1067 ** "maxDigestLen" the maximum amount of data that can ever be
1068 ** stored in "digest"
1069 */
1070 extern void MD5_End(MD5Context *cx, unsigned char *digest,
1071 unsigned int *digestLen, unsigned int maxDigestLen);
1072
1073 /*
1074 ** Export the current state of the MD5 hash without appending the standard
1075 ** padding and length bytes. Produce the digested results in "digest"
1076 ** "cx" the context
1077 ** "digest" where the 16 bytes of digest data are stored
1078 ** "digestLen" where the digest length (16) is stored (optional)
1079 ** "maxDigestLen" the maximum amount of data that can ever be
1080 ** stored in "digest"
1081 */
1082 extern void MD5_EndRaw(MD5Context *cx, unsigned char *digest,
1083 unsigned int *digestLen, unsigned int maxDigestLen);
1084
1085 /*
1086 * Return the the size of a buffer needed to flatten the MD5 Context into
1087 * "cx" the context
1088 * returns size;
1089 */
1090 extern unsigned int MD5_FlattenSize(MD5Context *cx);
1091
1092 /*
1093 * Flatten the MD5 Context into a buffer:
1094 * "cx" the context
1095 * "space" the buffer to flatten to
1096 * returns status;
1097 */
1098 extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space);
1099
1100 /*
1101 * Resurrect a flattened context into a MD5 Context
1102 * "space" the buffer of the flattend buffer
1103 * "arg" ptr to void used by cryptographic resurrect
1104 * returns resurected context;
1105 */
1106 extern MD5Context * MD5_Resurrect(unsigned char *space, void *arg);
1107 extern void MD5_Clone(MD5Context *dest, MD5Context *src);
1108
1109 /*
1110 ** trace the intermediate state info of the MD5 hash.
1111 */
1112 extern void MD5_TraceState(MD5Context *cx);
1113
1114
1115 /******************************************/
1116 /*
1117 ** MD2 secure hash function
1118 */
1119
1120 /*
1121 ** Hash a null terminated string "src" into "dest" using MD2
1122 */
1123 extern SECStatus MD2_Hash(unsigned char *dest, const char *src);
1124
1125 /*
1126 ** Create a new MD2 context
1127 */
1128 extern MD2Context *MD2_NewContext(void);
1129
1130
1131 /*
1132 ** Destroy an MD2 secure hash context.
1133 ** "cx" the context
1134 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
1135 */
1136 extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit);
1137
1138 /*
1139 ** Reset an MD2 context, preparing it for a fresh round of hashing
1140 */
1141 extern void MD2_Begin(MD2Context *cx);
1142
1143 /*
1144 ** Update the MD2 hash function with more data.
1145 ** "cx" the context
1146 ** "input" the data to hash
1147 ** "inputLen" the amount of data to hash
1148 */
1149 extern void MD2_Update(MD2Context *cx,
1150 const unsigned char *input, unsigned int inputLen);
1151
1152 /*
1153 ** Finish the MD2 hash function. Produce the digested results in "digest"
1154 ** "cx" the context
1155 ** "digest" where the 16 bytes of digest data are stored
1156 ** "digestLen" where the digest length (16) is stored
1157 ** "maxDigestLen" the maximum amount of data that can ever be
1158 ** stored in "digest"
1159 */
1160 extern void MD2_End(MD2Context *cx, unsigned char *digest,
1161 unsigned int *digestLen, unsigned int maxDigestLen);
1162
1163 /*
1164 * Return the the size of a buffer needed to flatten the MD2 Context into
1165 * "cx" the context
1166 * returns size;
1167 */
1168 extern unsigned int MD2_FlattenSize(MD2Context *cx);
1169
1170 /*
1171 * Flatten the MD2 Context into a buffer:
1172 * "cx" the context
1173 * "space" the buffer to flatten to
1174 * returns status;
1175 */
1176 extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space);
1177
1178 /*
1179 * Resurrect a flattened context into a MD2 Context
1180 * "space" the buffer of the flattend buffer
1181 * "arg" ptr to void used by cryptographic resurrect
1182 * returns resurected context;
1183 */
1184 extern MD2Context * MD2_Resurrect(unsigned char *space, void *arg);
1185 extern void MD2_Clone(MD2Context *dest, MD2Context *src);
1186
1187 /******************************************/
1188 /*
1189 ** SHA-1 secure hash function
1190 */
1191
1192 /*
1193 ** Hash a null terminated string "src" into "dest" using SHA-1
1194 */
1195 extern SECStatus SHA1_Hash(unsigned char *dest, const char *src);
1196
1197 /*
1198 ** Hash a non-null terminated string "src" into "dest" using SHA-1
1199 */
1200 extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src,
1201 PRUint32 src_length);
1202
1203 /*
1204 ** Create a new SHA-1 context
1205 */
1206 extern SHA1Context *SHA1_NewContext(void);
1207
1208
1209 /*
1210 ** Destroy a SHA-1 secure hash context.
1211 ** "cx" the context
1212 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
1213 */
1214 extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit);
1215
1216 /*
1217 ** Reset a SHA-1 context, preparing it for a fresh round of hashing
1218 */
1219 extern void SHA1_Begin(SHA1Context *cx);
1220
1221 /*
1222 ** Update the SHA-1 hash function with more data.
1223 ** "cx" the context
1224 ** "input" the data to hash
1225 ** "inputLen" the amount of data to hash
1226 */
1227 extern void SHA1_Update(SHA1Context *cx, const unsigned char *input,
1228 unsigned int inputLen);
1229
1230 /*
1231 ** Finish the SHA-1 hash function. Produce the digested results in "digest"
1232 ** "cx" the context
1233 ** "digest" where the 16 bytes of digest data are stored
1234 ** "digestLen" where the digest length (20) is stored
1235 ** "maxDigestLen" the maximum amount of data that can ever be
1236 ** stored in "digest"
1237 */
1238 extern void SHA1_End(SHA1Context *cx, unsigned char *digest,
1239 unsigned int *digestLen, unsigned int maxDigestLen);
1240
1241 /*
1242 ** Export the current state of the SHA-1 hash without appending the standard
1243 ** padding and length bytes. Produce the digested results in "digest"
1244 ** "cx" the context
1245 ** "digest" where the 20 bytes of digest data are stored
1246 ** "digestLen" where the digest length (20) is stored (optional)
1247 ** "maxDigestLen" the maximum amount of data that can ever be
1248 ** stored in "digest"
1249 */
1250 extern void SHA1_EndRaw(SHA1Context *cx, unsigned char *digest,
1251 unsigned int *digestLen, unsigned int maxDigestLen);
1252
1253 /*
1254 ** trace the intermediate state info of the SHA1 hash.
1255 */
1256 extern void SHA1_TraceState(SHA1Context *cx);
1257
1258 /*
1259 * Return the the size of a buffer needed to flatten the SHA-1 Context into
1260 * "cx" the context
1261 * returns size;
1262 */
1263 extern unsigned int SHA1_FlattenSize(SHA1Context *cx);
1264
1265 /*
1266 * Flatten the SHA-1 Context into a buffer:
1267 * "cx" the context
1268 * "space" the buffer to flatten to
1269 * returns status;
1270 */
1271 extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space);
1272
1273 /*
1274 * Resurrect a flattened context into a SHA-1 Context
1275 * "space" the buffer of the flattend buffer
1276 * "arg" ptr to void used by cryptographic resurrect
1277 * returns resurected context;
1278 */
1279 extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg);
1280 extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
1281
1282 /******************************************/
1283
1284 extern SHA224Context *SHA224_NewContext(void);
1285 extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
1286 extern void SHA224_Begin(SHA224Context *cx);
1287 extern void SHA224_Update(SHA224Context *cx, const unsigned char *input,
1288 unsigned int inputLen);
1289 extern void SHA224_End(SHA224Context *cx, unsigned char *digest,
1290 unsigned int *digestLen, unsigned int maxDigestLen);
1291 /*
1292 ** Export the current state of the SHA-224 hash without appending the standard
1293 ** padding and length bytes. Produce the digested results in "digest"
1294 ** "cx" the context
1295 ** "digest" where the 28 bytes of digest data are stored
1296 ** "digestLen" where the digest length (28) is stored (optional)
1297 ** "maxDigestLen" the maximum amount of data that can ever be
1298 ** stored in "digest"
1299 */
1300 extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest,
1301 unsigned int *digestLen, unsigned int maxDigestLen);
1302 extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
1303 PRUint32 src_length);
1304 extern SECStatus SHA224_Hash(unsigned char *dest, const char *src);
1305 extern void SHA224_TraceState(SHA224Context *cx);
1306 extern unsigned int SHA224_FlattenSize(SHA224Context *cx);
1307 extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
1308 extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
1309 extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
1310
1311 /******************************************/
1312
1313 extern SHA256Context *SHA256_NewContext(void);
1314 extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
1315 extern void SHA256_Begin(SHA256Context *cx);
1316 extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
1317 unsigned int inputLen);
1318 extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
1319 unsigned int *digestLen, unsigned int maxDigestLen);
1320 /*
1321 ** Export the current state of the SHA-256 hash without appending the standard
1322 ** padding and length bytes. Produce the digested results in "digest"
1323 ** "cx" the context
1324 ** "digest" where the 32 bytes of digest data are stored
1325 ** "digestLen" where the digest length (32) is stored (optional)
1326 ** "maxDigestLen" the maximum amount of data that can ever be
1327 ** stored in "digest"
1328 */
1329 extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest,
1330 unsigned int *digestLen, unsigned int maxDigestLen);
1331 extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
1332 PRUint32 src_length);
1333 extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
1334 extern void SHA256_TraceState(SHA256Context *cx);
1335 extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
1336 extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
1337 extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
1338 extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src);
1339
1340 /******************************************/
1341
1342 extern SHA512Context *SHA512_NewContext(void);
1343 extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
1344 extern void SHA512_Begin(SHA512Context *cx);
1345 extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
1346 unsigned int inputLen);
1347 /*
1348 ** Export the current state of the SHA-512 hash without appending the standard
1349 ** padding and length bytes. Produce the digested results in "digest"
1350 ** "cx" the context
1351 ** "digest" where the 64 bytes of digest data are stored
1352 ** "digestLen" where the digest length (64) is stored (optional)
1353 ** "maxDigestLen" the maximum amount of data that can ever be
1354 ** stored in "digest"
1355 */
1356 extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest,
1357 unsigned int *digestLen, unsigned int maxDigestLen);
1358 extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
1359 unsigned int *digestLen, unsigned int maxDigestLen);
1360 extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
1361 PRUint32 src_length);
1362 extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
1363 extern void SHA512_TraceState(SHA512Context *cx);
1364 extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
1365 extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
1366 extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
1367 extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src);
1368
1369 /******************************************/
1370
1371 extern SHA384Context *SHA384_NewContext(void);
1372 extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
1373 extern void SHA384_Begin(SHA384Context *cx);
1374 extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
1375 unsigned int inputLen);
1376 extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
1377 unsigned int *digestLen, unsigned int maxDigestLen);
1378 /*
1379 ** Export the current state of the SHA-384 hash without appending the standard
1380 ** padding and length bytes. Produce the digested results in "digest"
1381 ** "cx" the context
1382 ** "digest" where the 48 bytes of digest data are stored
1383 ** "digestLen" where the digest length (48) is stored (optional)
1384 ** "maxDigestLen" the maximum amount of data that can ever be
1385 ** stored in "digest"
1386 */
1387 extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest,
1388 unsigned int *digestLen, unsigned int maxDigestLen);
1389 extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
1390 PRUint32 src_length);
1391 extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
1392 extern void SHA384_TraceState(SHA384Context *cx);
1393 extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
1394 extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
1395 extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
1396 extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
1397
1398 /****************************************
1399 * implement TLS 1.0 Pseudo Random Function (PRF) and TLS P_hash function
1400 */
1401
1402 extern SECStatus
1403 TLS_PRF(const SECItem *secret, const char *label, SECItem *seed,
1404 SECItem *result, PRBool isFIPS);
1405
1406 extern SECStatus
1407 TLS_P_hash(HASH_HashType hashAlg, const SECItem *secret, const char *label,
1408 SECItem *seed, SECItem *result, PRBool isFIPS);
1409
1410 /******************************************/
1411 /*
1412 ** Pseudo Random Number Generation. FIPS compliance desirable.
1413 */
1414
1415 /*
1416 ** Initialize the global RNG context and give it some seed input taken
1417 ** from the system. This function is thread-safe and will only allow
1418 ** the global context to be initialized once. The seed input is likely
1419 ** small, so it is imperative that RNG_RandomUpdate() be called with
1420 ** additional seed data before the generator is used. A good way to
1421 ** provide the generator with additional entropy is to call
1422 ** RNG_SystemInfoForRNG(). Note that NSS_Init() does exactly that.
1423 */
1424 extern SECStatus RNG_RNGInit(void);
1425
1426 /*
1427 ** Update the global random number generator with more seeding
1428 ** material
1429 */
1430 extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes);
1431
1432 /*
1433 ** Generate some random bytes, using the global random number generator
1434 ** object.
1435 */
1436 extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len);
1437
1438 /* Destroy the global RNG context. After a call to RNG_RNGShutdown()
1439 ** a call to RNG_RNGInit() is required in order to use the generator again,
1440 ** along with seed data (see the comment above RNG_RNGInit()).
1441 */
1442 extern void RNG_RNGShutdown(void);
1443
1444 extern void RNG_SystemInfoForRNG(void);
1445
1446 /*
1447 * FIPS 186-2 Change Notice 1 RNG Algorithm 1, used both to
1448 * generate the DSA X parameter and as a generic purpose RNG.
1449 *
1450 * The following two FIPS186Change functions are needed for
1451 * NIST RNG Validation System.
1452 */
1453
1454 /*
1455 * FIPS186Change_GenerateX is now deprecated. It will return SECFailure with
1456 * the error set to PR_NOT_IMPLEMENTED_ERROR.
1457 */
1458 extern SECStatus
1459 FIPS186Change_GenerateX(unsigned char *XKEY,
1460 const unsigned char *XSEEDj,
1461 unsigned char *x_j);
1462
1463 /*
1464 * When generating the DSA X parameter, we generate 2*GSIZE bytes
1465 * of random output and reduce it mod q.
1466 *
1467 * Input: w, 2*GSIZE bytes
1468 * q, DSA_SUBPRIME_LEN bytes
1469 * Output: xj, DSA_SUBPRIME_LEN bytes
1470 */
1471 extern SECStatus
1472 FIPS186Change_ReduceModQForDSA(const unsigned char *w,
1473 const unsigned char *q,
1474 unsigned char *xj);
1475
1476 /*
1477 * The following functions are for FIPS poweron self test and FIPS algorithm
1478 * testing.
1479 */
1480 extern SECStatus
1481 PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
1482 const PRUint8 *nonce, unsigned int nonce_len,
1483 const PRUint8 *personal_string, unsigned int ps_len);
1484
1485 extern SECStatus
1486 PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
1487 const PRUint8 *additional, unsigned int additional_len);
1488
1489 extern SECStatus
1490 PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
1491 const PRUint8 *additional, unsigned int additional_len);
1492
1493 extern SECStatus
1494 PRNGTEST_Uninstantiate(void);
1495
1496 extern SECStatus
1497 PRNGTEST_RunHealthTests(void);
1498
1499 /* Generate PQGParams and PQGVerify structs.
1500 * Length of seed and length of h both equal length of P.
1501 * All lengths are specified by "j", according to the table above.
1502 *
1503 * The verify parameters will conform to FIPS186-1.
1504 */
1505 extern SECStatus
1506 PQG_ParamGen(unsigned int j, /* input : determines length of P. */
1507 PQGParams **pParams, /* output: P Q and G returned here */
1508 PQGVerify **pVfy); /* output: counter and seed. */
1509
1510 /* Generate PQGParams and PQGVerify structs.
1511 * Length of P specified by j. Length of h will match length of P.
1512 * Length of SEED in bytes specified in seedBytes.
1513 * seedBbytes must be in the range [20..255] or an error will result.
1514 *
1515 * The verify parameters will conform to FIPS186-1.
1516 */
1517 extern SECStatus
1518 PQG_ParamGenSeedLen(
1519 unsigned int j, /* input : determines length of P. */
1520 unsigned int seedBytes, /* input : length of seed in bytes.*/
1521 PQGParams **pParams, /* output: P Q and G returned here */
1522 PQGVerify **pVfy); /* output: counter and seed. */
1523
1524 /* Generate PQGParams and PQGVerify structs.
1525 * Length of P specified by L in bits.
1526 * Length of Q specified by N in bits.
1527 * Length of SEED in bytes specified in seedBytes.
1528 * seedBbytes must be in the range [N..L*2] or an error will result.
1529 *
1530 * Not that J uses the above table, L is the length exact. L and N must
1531 * match the table below or an error will result:
1532 *
1533 * L N
1534 * 1024 160
1535 * 2048 224
1536 * 2048 256
1537 * 3072 256
1538 *
1539 * If N or seedBytes are set to zero, then PQG_ParamGenSeedLen will
1540 * pick a default value (typically the smallest secure value for these
1541 * variables).
1542 *
1543 * The verify parameters will conform to FIPS186-3 using the smallest
1544 * permissible hash for the key strength.
1545 */
1546 extern SECStatus
1547 PQG_ParamGenV2(
1548 unsigned int L, /* input : determines length of P. */
1549 unsigned int N, /* input : determines length of Q. */
1550 unsigned int seedBytes, /* input : length of seed in bytes.*/
1551 PQGParams **pParams, /* output: P Q and G returned here */
1552 PQGVerify **pVfy); /* output: counter and seed. */
1553
1554
1555 /* Test PQGParams for validity as DSS PQG values.
1556 * If vfy is non-NULL, test PQGParams to make sure they were generated
1557 * using the specified seed, counter, and h values.
1558 *
1559 * Return value indicates whether Verification operation ran successfully
1560 * to completion, but does not indicate if PQGParams are valid or not.
1561 * If return value is SECSuccess, then *pResult has these meanings:
1562 * SECSuccess: PQGParams are valid.
1563 * SECFailure: PQGParams are invalid.
1564 *
1565 * Verify the PQG againts the counter, SEED and h.
1566 * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2
1567 * PQG_VerifyParams will automatically choose the appropriate test.
1568 */
1569
1570 extern SECStatus PQG_VerifyParams(const PQGParams *params,
1571 const PQGVerify *vfy, SECStatus *result);
1572
1573 extern void PQG_DestroyParams(PQGParams *params);
1574
1575 extern void PQG_DestroyVerify(PQGVerify *vfy);
1576
1577
1578 /*
1579 * clean-up any global tables freebl may have allocated after it starts up.
1580 * This function is not thread safe and should be called only after the
1581 * library has been quiessed.
1582 */
1583 extern void BL_Cleanup(void);
1584
1585 /* unload freebl shared library from memory */
1586 extern void BL_Unload(void);
1587
1588 /**************************************************************************
1589 * Verify a given Shared library signature *
1590 **************************************************************************/
1591 PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr);
1592
1593 /**************************************************************************
1594 * Verify a given filename's signature *
1595 **************************************************************************/
1596 PRBool BLAPI_SHVerifyFile(const char *shName);
1597
1598 /**************************************************************************
1599 * Verify Are Own Shared library signature *
1600 **************************************************************************/
1601 PRBool BLAPI_VerifySelf(const char *name);
1602
1603 /*********************************************************************/
1604 extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType);
1605
1606 extern void BL_SetForkState(PRBool forked);
1607
1608 #ifndef NSS_DISABLE_ECC
1609 /*
1610 ** pepare an ECParam structure from DEREncoded params
1611 */
1612 extern SECStatus EC_FillParams(PLArenaPool *arena,
1613 const SECItem *encodedParams, ECParams *params);
1614 extern SECStatus EC_DecodeParams(const SECItem *encodedParams,
1615 ECParams **ecparams);
1616 extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
1617 const ECParams *srcParams);
1618 #endif
1619
1620 SEC_END_PROTOS
1621
1622 #endif /* _BLAPI_H_ */
OLDNEW
« no previous file with comments | « nss/lib/freebl/arcfour.c ('k') | nss/lib/freebl/blapii.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698