diff nss/lib/freebl/blapit.h @ 0:1e5118fa0cb1

This is NSS with a Cmake Buildsyste To compile a static NSS library for Windows we've used the Chromium-NSS fork and added a Cmake buildsystem to compile it statically for Windows. See README.chromium for chromium changes and README.trustbridge for our modifications.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 28 Jul 2014 10:47:06 +0200
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nss/lib/freebl/blapit.h	Mon Jul 28 10:47:06 2014 +0200
@@ -0,0 +1,424 @@
+/*
+ * blapit.h - public data structures for the freebl library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _BLAPIT_H_
+#define _BLAPIT_H_
+
+#include "seccomon.h"
+#include "prlink.h"
+#include "plarena.h"
+#include "ecl-exp.h"
+
+
+/* RC2 operation modes */
+#define NSS_RC2			0
+#define NSS_RC2_CBC		1
+
+/* RC5 operation modes */
+#define NSS_RC5                 0
+#define NSS_RC5_CBC             1
+
+/* DES operation modes */
+#define NSS_DES			0
+#define NSS_DES_CBC		1
+#define NSS_DES_EDE3		2
+#define NSS_DES_EDE3_CBC	3
+
+#define DES_KEY_LENGTH		8	/* Bytes */
+
+/* AES operation modes */
+#define NSS_AES                 0
+#define NSS_AES_CBC             1
+#define NSS_AES_CTS             2
+#define NSS_AES_CTR             3
+#define NSS_AES_GCM             4
+
+/* Camellia operation modes */
+#define NSS_CAMELLIA                 0
+#define NSS_CAMELLIA_CBC             1
+
+/* SEED operation modes */
+#define NSS_SEED		0
+#define NSS_SEED_CBC		1
+
+#define DSA1_SUBPRIME_LEN	20			/* Bytes */
+#define DSA1_SIGNATURE_LEN 	(DSA1_SUBPRIME_LEN*2)	/* Bytes */
+#define DSA_MAX_SUBPRIME_LEN	32			/* Bytes */
+#define DSA_MAX_SIGNATURE_LEN 	(DSA_MAX_SUBPRIME_LEN*2)/* Bytes */
+
+/*
+ * Mark the old defines as deprecated. This will warn code that expected
+ * DSA1 only that they need to change if the are to support DSA2.
+ */
+#if defined(__GNUC__) && (__GNUC__ > 3)
+/* make GCC warn when we use these #defines */
+typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
+#define DSA_SUBPRIME_LEN ((__BLAPI_DEPRECATED)DSA1_SUBPRIME_LEN)
+#define DSA_SIGNATURE_LEN ((__BLAPI_DEPRECATED)DSA1_SIGNATURE_LEN)
+#define DSA_Q_BITS ((__BLAPI_DEPRECATED)(DSA1_SUBPRIME_LEN*8))
+#else
+#ifdef _WIN32
+/* This magic gets the windows compiler to give us a deprecation
+ * warning */
+#pragma deprecated(DSA_SUBPRIME_LEN, DSA_SIGNATURE_LEN, DSA_QBITS)
+#endif
+#define DSA_SUBPRIME_LEN  DSA1_SUBPRIME_LEN
+#define DSA_SIGNATURE_LEN DSA1_SIGNATURE_LEN
+#define DSA_Q_BITS 	  (DSA1_SUBPRIME_LEN*8)
+#endif
+
+
+/* XXX We shouldn't have to hard code this limit. For
+ * now, this is the quickest way to support ECDSA signature
+ * processing (ECDSA signature lengths depend on curve
+ * size). This limit is sufficient for curves upto
+ * 576 bits.
+ */
+#define MAX_ECKEY_LEN 	        72	/* Bytes */
+
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
+#define EC_MAX_KEY_BITS		571     /* in bits */
+#define EC_MIN_KEY_BITS		112     /* in bits */
+#else
+#define EC_MAX_KEY_BITS		521     /* in bits */
+#define EC_MIN_KEY_BITS		256     /* in bits */
+#endif
+
+/* EC point compression format */
+#define EC_POINT_FORM_COMPRESSED_Y0    0x02
+#define EC_POINT_FORM_COMPRESSED_Y1    0x03
+#define EC_POINT_FORM_UNCOMPRESSED     0x04
+#define EC_POINT_FORM_HYBRID_Y0        0x06
+#define EC_POINT_FORM_HYBRID_Y1        0x07
+
+/*
+ * Number of bytes each hash algorithm produces
+ */
+#define MD2_LENGTH		16	/* Bytes */
+#define MD5_LENGTH		16	/* Bytes */
+#define SHA1_LENGTH		20	/* Bytes */
+#define SHA256_LENGTH 		32 	/* bytes */
+#define SHA384_LENGTH 		48 	/* bytes */
+#define SHA512_LENGTH 		64 	/* bytes */
+#define HASH_LENGTH_MAX         SHA512_LENGTH
+
+/*
+ * Input block size for each hash algorithm.
+ */
+
+#define MD2_BLOCK_LENGTH 	 64 	/* bytes */
+#define MD5_BLOCK_LENGTH 	 64 	/* bytes */
+#define SHA1_BLOCK_LENGTH 	 64 	/* bytes */
+#define SHA224_BLOCK_LENGTH 	 64 	/* bytes */
+#define SHA256_BLOCK_LENGTH 	 64 	/* bytes */
+#define SHA384_BLOCK_LENGTH 	128 	/* bytes */
+#define SHA512_BLOCK_LENGTH 	128 	/* bytes */
+#define HASH_BLOCK_LENGTH_MAX 	SHA512_BLOCK_LENGTH
+
+#define AES_KEY_WRAP_IV_BYTES    8
+#define AES_KEY_WRAP_BLOCK_SIZE  8  /* bytes */
+#define AES_BLOCK_SIZE          16  /* bytes */
+
+#define AES_128_KEY_LENGTH      16  /* bytes */
+#define AES_192_KEY_LENGTH      24  /* bytes */
+#define AES_256_KEY_LENGTH      32  /* bytes */
+
+#define CAMELLIA_BLOCK_SIZE          16  /* bytes */
+
+#define SEED_BLOCK_SIZE 16              /* bytes */
+#define SEED_KEY_LENGTH 16              /* bytes */
+
+#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
+
+/*
+ * These values come from the initial key size limits from the PKCS #11
+ * module. They may be arbitrarily adjusted to any value freebl supports.
+ */
+#define RSA_MIN_MODULUS_BITS   128
+#define RSA_MAX_MODULUS_BITS 16384
+#define RSA_MAX_EXPONENT_BITS   64
+#define DH_MIN_P_BITS	       128
+#define DH_MAX_P_BITS        16384
+
+/*
+ * The FIPS 186-1 algorithm for generating primes P and Q allows only 9
+ * distinct values for the length of P, and only one value for the
+ * length of Q.
+ * The algorithm uses a variable j to indicate which of the 9 lengths
+ * of P is to be used.
+ * The following table relates j to the lengths of P and Q in bits.
+ *
+ *	j	bits in P	bits in Q
+ *	_	_________	_________
+ *	0	 512		160
+ *	1	 576		160
+ *	2	 640		160
+ *	3	 704		160
+ *	4	 768		160
+ *	5	 832		160
+ *	6	 896		160
+ *	7	 960		160
+ *	8	1024		160
+ *
+ * The FIPS-186-1 compliant PQG generator takes j as an input parameter.
+ *
+ * FIPS 186-3 algorithm specifies 4 distinct P and Q sizes:
+ *
+ *     bits in P       bits in Q
+ *     _________       _________
+ *      1024           160
+ *      2048           224
+ *      2048           256
+ *      3072           256
+ *
+ * The FIPS-186-3 complaiant PQG generator (PQG V2) takes arbitrary p and q
+ * lengths as input and returns an error if they aren't in this list.
+ */
+
+#define DSA1_Q_BITS      160
+#define DSA_MAX_P_BITS	3072
+#define DSA_MIN_P_BITS	 512
+#define DSA_MAX_Q_BITS   256
+#define DSA_MIN_Q_BITS   160
+
+#if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN*8
+#error "Inconsistent declaration of DSA SUBPRIME/Q parameters in blapit.h"
+#endif
+
+
+/*
+ * function takes desired number of bits in P,
+ * returns index (0..8) or -1 if number of bits is invalid.
+ */
+#define PQG_PBITS_TO_INDEX(bits) \
+    (((bits) < 512 || (bits) > 1024 || (bits) % 64) ? \
+    -1 : (int)((bits)-512)/64)
+
+/*
+ * function takes index (0-8)
+ * returns number of bits in P for that index, or -1 if index is invalid.
+ */
+#define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j)))
+
+
+/***************************************************************************
+** Opaque objects 
+*/
+
+struct DESContextStr        ;
+struct RC2ContextStr        ;
+struct RC4ContextStr        ;
+struct RC5ContextStr        ;
+struct AESContextStr        ;
+struct CamelliaContextStr   ;
+struct MD2ContextStr        ;
+struct MD5ContextStr        ;
+struct SHA1ContextStr       ;
+struct SHA256ContextStr     ;
+struct SHA512ContextStr     ;
+struct AESKeyWrapContextStr ;
+struct SEEDContextStr       ;	
+struct ChaCha20Poly1305ContextStr;
+
+typedef struct DESContextStr        DESContext;
+typedef struct RC2ContextStr        RC2Context;
+typedef struct RC4ContextStr        RC4Context;
+typedef struct RC5ContextStr        RC5Context;
+typedef struct AESContextStr        AESContext;
+typedef struct CamelliaContextStr   CamelliaContext;
+typedef struct MD2ContextStr        MD2Context;
+typedef struct MD5ContextStr        MD5Context;
+typedef struct SHA1ContextStr       SHA1Context;
+typedef struct SHA256ContextStr     SHA256Context;
+/* SHA224Context is really a SHA256ContextStr.  This is not a mistake. */
+typedef struct SHA256ContextStr     SHA224Context;
+typedef struct SHA512ContextStr     SHA512Context;
+/* SHA384Context is really a SHA512ContextStr.  This is not a mistake. */
+typedef struct SHA512ContextStr     SHA384Context;
+typedef struct AESKeyWrapContextStr AESKeyWrapContext;
+typedef struct SEEDContextStr	    SEEDContext;	
+typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context;	
+
+/***************************************************************************
+** RSA Public and Private Key structures
+*/
+
+/* member names from PKCS#1, section 7.1 */
+struct RSAPublicKeyStr {
+    PLArenaPool * arena;
+    SECItem modulus;
+    SECItem publicExponent;
+};
+typedef struct RSAPublicKeyStr RSAPublicKey;
+
+/* member names from PKCS#1, section 7.2 */
+struct RSAPrivateKeyStr {
+    PLArenaPool * arena;
+    SECItem version;
+    SECItem modulus;
+    SECItem publicExponent;
+    SECItem privateExponent;
+    SECItem prime1;
+    SECItem prime2;
+    SECItem exponent1;
+    SECItem exponent2;
+    SECItem coefficient;
+};
+typedef struct RSAPrivateKeyStr RSAPrivateKey;
+
+
+/***************************************************************************
+** DSA Public and Private Key and related structures
+*/
+
+struct PQGParamsStr {
+    PLArenaPool *arena;
+    SECItem prime;    /* p */
+    SECItem subPrime; /* q */
+    SECItem base;     /* g */
+    /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
+};
+typedef struct PQGParamsStr PQGParams;
+
+struct PQGVerifyStr {
+    PLArenaPool * arena;	/* includes this struct, seed, & h. */
+    unsigned int  counter;
+    SECItem       seed;
+    SECItem       h;
+};
+typedef struct PQGVerifyStr PQGVerify;
+
+struct DSAPublicKeyStr {
+    PQGParams params;
+    SECItem publicValue;
+};
+typedef struct DSAPublicKeyStr DSAPublicKey;
+
+struct DSAPrivateKeyStr {
+    PQGParams params;
+    SECItem publicValue;
+    SECItem privateValue;
+};
+typedef struct DSAPrivateKeyStr DSAPrivateKey;
+
+/***************************************************************************
+** Diffie-Hellman Public and Private Key and related structures
+** Structure member names suggested by PKCS#3.
+*/
+
+struct DHParamsStr {
+    PLArenaPool * arena;
+    SECItem prime; /* p */
+    SECItem base; /* g */
+};
+typedef struct DHParamsStr DHParams;
+
+struct DHPublicKeyStr {
+    PLArenaPool * arena;
+    SECItem prime;
+    SECItem base;
+    SECItem publicValue;
+};
+typedef struct DHPublicKeyStr DHPublicKey;
+
+struct DHPrivateKeyStr {
+    PLArenaPool * arena;
+    SECItem prime;
+    SECItem base;
+    SECItem publicValue;
+    SECItem privateValue;
+};
+typedef struct DHPrivateKeyStr DHPrivateKey;
+
+/***************************************************************************
+** Data structures used for elliptic curve parameters and
+** public and private keys.
+*/
+
+/*
+** The ECParams data structures can encode elliptic curve 
+** parameters for both GFp and GF2m curves.
+*/
+
+typedef enum { ec_params_explicit,
+	       ec_params_named
+} ECParamsType;
+
+typedef enum { ec_field_GFp = 1,
+               ec_field_GF2m
+} ECFieldType;
+
+struct ECFieldIDStr {
+    int         size;   /* field size in bits */
+    ECFieldType type;
+    union {
+        SECItem  prime; /* prime p for (GFp) */
+        SECItem  poly;  /* irreducible binary polynomial for (GF2m) */
+    } u;
+    int         k1;     /* first coefficient of pentanomial or
+                         * the only coefficient of trinomial 
+                         */
+    int         k2;     /* two remaining coefficients of pentanomial */
+    int         k3;
+};
+typedef struct ECFieldIDStr ECFieldID;
+
+struct ECCurveStr {
+    SECItem a;          /* contains octet stream encoding of
+                         * field element (X9.62 section 4.3.3) 
+			 */
+    SECItem b;
+    SECItem seed;
+};
+typedef struct ECCurveStr ECCurve;
+
+struct ECParamsStr {
+    PLArenaPool * arena;
+    ECParamsType  type;
+    ECFieldID     fieldID;
+    ECCurve       curve; 
+    SECItem       base;
+    SECItem       order; 
+    int           cofactor;
+    SECItem       DEREncoding;
+    ECCurveName   name;
+    SECItem       curveOID;
+};
+typedef struct ECParamsStr ECParams;
+
+struct ECPublicKeyStr {
+    ECParams ecParams;   
+    SECItem publicValue;   /* elliptic curve point encoded as 
+			    * octet stream.
+			    */
+};
+typedef struct ECPublicKeyStr ECPublicKey;
+
+struct ECPrivateKeyStr {
+    ECParams ecParams;   
+    SECItem publicValue;   /* encoded ec point */
+    SECItem privateValue;  /* private big integer */
+    SECItem version;       /* As per SEC 1, Appendix C, Section C.4 */
+};
+typedef struct ECPrivateKeyStr ECPrivateKey;
+
+typedef void * (*BLapiAllocateFunc)(void);
+typedef void (*BLapiDestroyContextFunc)(void *cx, PRBool freeit);
+typedef SECStatus (*BLapiInitContextFunc)(void *cx, 
+				   const unsigned char *key, 
+				   unsigned int keylen,
+				   const unsigned char *, 
+				   int, 
+				   unsigned int ,
+				   unsigned int );
+typedef SECStatus (*BLapiEncrypt)(void *cx, unsigned char *output,
+				unsigned int *outputLen, 
+				unsigned int maxOutputLen,
+				const unsigned char *input, 
+				unsigned int inputLen);
+
+#endif /* _BLAPIT_H_ */
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)