andre@0: /* andre@0: * blapi.h - public prototypes for the freebl library andre@0: * andre@0: * This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #ifndef _BLAPI_H_ andre@0: #define _BLAPI_H_ andre@0: andre@0: #include "blapit.h" andre@0: #include "hasht.h" andre@0: #include "alghmac.h" andre@0: andre@0: SEC_BEGIN_PROTOS andre@0: andre@0: /* andre@0: ** RSA encryption/decryption. When encrypting/decrypting the output andre@0: ** buffer must be at least the size of the public key modulus. andre@0: */ andre@0: andre@0: extern SECStatus BL_Init(void); andre@0: andre@0: /* andre@0: ** Generate and return a new RSA public and private key. andre@0: ** Both keys are encoded in a single RSAPrivateKey structure. andre@0: ** "cx" is the random number generator context andre@0: ** "keySizeInBits" is the size of the key to be generated, in bits. andre@0: ** 512, 1024, etc. andre@0: ** "publicExponent" when not NULL is a pointer to some data that andre@0: ** represents the public exponent to use. The data is a byte andre@0: ** encoded integer, in "big endian" order. andre@0: */ andre@0: extern RSAPrivateKey *RSA_NewKey(int keySizeInBits, andre@0: SECItem * publicExponent); andre@0: andre@0: /* andre@0: ** Perform a raw public-key operation andre@0: ** Length of input and output buffers are equal to key's modulus len. andre@0: */ andre@0: extern SECStatus RSA_PublicKeyOp(RSAPublicKey * key, andre@0: unsigned char * output, andre@0: const unsigned char * input); andre@0: andre@0: /* andre@0: ** Perform a raw private-key operation andre@0: ** Length of input and output buffers are equal to key's modulus len. andre@0: */ andre@0: extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey * key, andre@0: unsigned char * output, andre@0: const unsigned char * input); andre@0: andre@0: /* andre@0: ** Perform a raw private-key operation, and check the parameters used in andre@0: ** the operation for validity by performing a test operation first. andre@0: ** Length of input and output buffers are equal to key's modulus len. andre@0: */ andre@0: extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, andre@0: unsigned char * output, andre@0: const unsigned char * input); andre@0: andre@0: /* andre@0: ** Perform a check of private key parameters for consistency. andre@0: */ andre@0: extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key); andre@0: andre@0: /* andre@0: ** Given only minimal private key parameters, fill in the rest of the andre@0: ** parameters. andre@0: ** andre@0: ** andre@0: ** All the entries, including those supplied by the caller, will be andre@0: ** overwritten with data alocated out of the arena. andre@0: ** andre@0: ** If no arena is supplied, one will be created. andre@0: ** andre@0: ** The following fields must be supplied in order for this function andre@0: ** to succeed: andre@0: ** one of either publicExponent or privateExponent andre@0: ** two more of the following 5 parameters (not counting the above). andre@0: ** modulus (n) andre@0: ** prime1 (p) andre@0: ** prime2 (q) andre@0: ** publicExponent (e) andre@0: ** privateExponent (d) andre@0: ** andre@0: ** NOTE: if only the publicExponent, privateExponent, and one prime is given, andre@0: ** then there may be more than one RSA key that matches that combination. If andre@0: ** we find 2 possible valid keys that meet this criteria, we return an error. andre@0: ** If we return the wrong key, and the original modulus is compared to the andre@0: ** new modulus, both can be factored by calculateing gcd(n_old,n_new) to get andre@0: ** the common prime. andre@0: ** andre@0: ** NOTE: in some cases the publicExponent must be less than 2^23 for this andre@0: ** function to work correctly. (The case where we have only one of: modulus andre@0: ** prime1 and prime2). andre@0: ** andre@0: ** All parameters will be replaced in the key structure with new parameters andre@0: ** allocated out of the arena. There is no attempt to free the old structures. andre@0: ** prime1 will always be greater than prime2 (even if the caller supplies the andre@0: ** smaller prime as prime1 or the larger prime as prime2). The parameters are andre@0: ** not overwritten on failure. andre@0: ** andre@0: ** While the remaining Chinese remainder theorem parameters (dp,dp, and qinv) andre@0: ** can also be used in reconstructing the private key, they are currently andre@0: ** ignored in this implementation. andre@0: */ andre@0: extern SECStatus RSA_PopulatePrivateKey(RSAPrivateKey *key); andre@0: andre@0: /******************************************************************** andre@0: ** RSA algorithm andre@0: */ andre@0: andre@0: /******************************************************************** andre@0: ** Raw signing/encryption/decryption operations. andre@0: ** andre@0: ** No padding or formatting will be applied. andre@0: ** inputLen MUST be equivalent to the modulus size (in bytes). andre@0: */ andre@0: extern SECStatus andre@0: RSA_SignRaw(RSAPrivateKey * key, andre@0: unsigned char * output, andre@0: unsigned int * outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char * input, andre@0: unsigned int inputLen); andre@0: andre@0: extern SECStatus andre@0: RSA_CheckSignRaw(RSAPublicKey * key, andre@0: const unsigned char * sig, andre@0: unsigned int sigLen, andre@0: const unsigned char * hash, andre@0: unsigned int hashLen); andre@0: andre@0: extern SECStatus andre@0: RSA_CheckSignRecoverRaw(RSAPublicKey * key, andre@0: unsigned char * data, andre@0: unsigned int * dataLen, andre@0: unsigned int maxDataLen, andre@0: const unsigned char * sig, andre@0: unsigned int sigLen); andre@0: andre@0: extern SECStatus andre@0: RSA_EncryptRaw(RSAPublicKey * key, andre@0: unsigned char * output, andre@0: unsigned int * outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char * input, andre@0: unsigned int inputLen); andre@0: andre@0: extern SECStatus andre@0: RSA_DecryptRaw(RSAPrivateKey * key, andre@0: unsigned char * output, andre@0: unsigned int * outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char * input, andre@0: unsigned int inputLen); andre@0: andre@0: /******************************************************************** andre@0: ** RSAES-OAEP encryption/decryption, as defined in RFC 3447, Section 7.1. andre@0: ** andre@0: ** Note: Only MGF1 is supported as the mask generation function. It will be andre@0: ** used with maskHashAlg as the inner hash function. andre@0: ** andre@0: ** Unless performing Known Answer Tests, "seed" should be NULL, indicating that andre@0: ** freebl should generate a random value. Otherwise, it should be an octet andre@0: ** string of seedLen bytes, which should be the same size as the output of andre@0: ** hashAlg. andre@0: */ andre@0: extern SECStatus andre@0: RSA_EncryptOAEP(RSAPublicKey * key, andre@0: HASH_HashType hashAlg, andre@0: HASH_HashType maskHashAlg, andre@0: const unsigned char * label, andre@0: unsigned int labelLen, andre@0: const unsigned char * seed, andre@0: unsigned int seedLen, andre@0: unsigned char * output, andre@0: unsigned int * outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char * input, andre@0: unsigned int inputLen); andre@0: andre@0: extern SECStatus andre@0: RSA_DecryptOAEP(RSAPrivateKey * key, andre@0: HASH_HashType hashAlg, andre@0: HASH_HashType maskHashAlg, andre@0: const unsigned char * label, andre@0: unsigned int labelLen, andre@0: unsigned char * output, andre@0: unsigned int * outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char * input, andre@0: unsigned int inputLen); andre@0: andre@0: /******************************************************************** andre@0: ** RSAES-PKCS1-v1_5 encryption/decryption, as defined in RFC 3447, Section 7.2. andre@0: */ andre@0: extern SECStatus andre@0: RSA_EncryptBlock(RSAPublicKey * key, andre@0: unsigned char * output, andre@0: unsigned int * outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char * input, andre@0: unsigned int inputLen); andre@0: andre@0: extern SECStatus andre@0: RSA_DecryptBlock(RSAPrivateKey * key, andre@0: unsigned char * output, andre@0: unsigned int * outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char * input, andre@0: unsigned int inputLen); andre@0: andre@0: /******************************************************************** andre@0: ** RSASSA-PSS signing/verifying, as defined in RFC 3447, Section 8.1. andre@0: ** andre@0: ** Note: Only MGF1 is supported as the mask generation function. It will be andre@0: ** used with maskHashAlg as the inner hash function. andre@0: ** andre@0: ** Unless performing Known Answer Tests, "salt" should be NULL, indicating that andre@0: ** freebl should generate a random value. andre@0: */ andre@0: extern SECStatus andre@0: RSA_SignPSS(RSAPrivateKey * key, andre@0: HASH_HashType hashAlg, andre@0: HASH_HashType maskHashAlg, andre@0: const unsigned char * salt, andre@0: unsigned int saltLen, andre@0: unsigned char * output, andre@0: unsigned int * outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char * input, andre@0: unsigned int inputLen); andre@0: andre@0: extern SECStatus andre@0: RSA_CheckSignPSS(RSAPublicKey * key, andre@0: HASH_HashType hashAlg, andre@0: HASH_HashType maskHashAlg, andre@0: unsigned int saltLen, andre@0: const unsigned char * sig, andre@0: unsigned int sigLen, andre@0: const unsigned char * hash, andre@0: unsigned int hashLen); andre@0: andre@0: /******************************************************************** andre@0: ** RSASSA-PKCS1-v1_5 signing/verifying, as defined in RFC 3447, Section 8.2. andre@0: ** andre@0: ** These functions expect as input to be the raw value to be signed. For most andre@0: ** cases using PKCS1-v1_5, this should be the value of T, the DER-encoded andre@0: ** DigestInfo structure defined in Section 9.2, Step 2. andre@0: ** Note: This can also be used for signatures that use PKCS1-v1_5 padding, such andre@0: ** as the signatures used in SSL/TLS, which sign a raw hash. andre@0: */ andre@0: extern SECStatus andre@0: RSA_Sign(RSAPrivateKey * key, andre@0: unsigned char * output, andre@0: unsigned int * outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char * data, andre@0: unsigned int dataLen); andre@0: andre@0: extern SECStatus andre@0: RSA_CheckSign(RSAPublicKey * key, andre@0: const unsigned char * sig, andre@0: unsigned int sigLen, andre@0: const unsigned char * data, andre@0: unsigned int dataLen); andre@0: andre@0: extern SECStatus andre@0: RSA_CheckSignRecover(RSAPublicKey * key, andre@0: unsigned char * output, andre@0: unsigned int * outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char * sig, andre@0: unsigned int sigLen); andre@0: andre@0: /******************************************************************** andre@0: ** DSA signing algorithm andre@0: */ andre@0: andre@0: /* Generate a new random value within the interval [2, q-1]. andre@0: */ andre@0: extern SECStatus DSA_NewRandom(PLArenaPool * arena, const SECItem * q, andre@0: SECItem * random); andre@0: andre@0: /* andre@0: ** Generate and return a new DSA public and private key pair, andre@0: ** both of which are encoded into a single DSAPrivateKey struct. andre@0: ** "params" is a pointer to the PQG parameters for the domain andre@0: ** Uses a random seed. andre@0: */ andre@0: extern SECStatus DSA_NewKey(const PQGParams * params, andre@0: DSAPrivateKey ** privKey); andre@0: andre@0: /* signature is caller-supplied buffer of at least 20 bytes. andre@0: ** On input, signature->len == size of buffer to hold signature. andre@0: ** digest->len == size of digest. andre@0: ** On output, signature->len == size of signature in buffer. andre@0: ** Uses a random seed. andre@0: */ andre@0: extern SECStatus DSA_SignDigest(DSAPrivateKey * key, andre@0: SECItem * signature, andre@0: const SECItem * digest); andre@0: andre@0: /* signature is caller-supplied buffer of at least 20 bytes. andre@0: ** On input, signature->len == size of buffer to hold signature. andre@0: ** digest->len == size of digest. andre@0: */ andre@0: extern SECStatus DSA_VerifyDigest(DSAPublicKey * key, andre@0: const SECItem * signature, andre@0: const SECItem * digest); andre@0: andre@0: /* For FIPS compliance testing. Seed must be exactly 20 bytes long */ andre@0: extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params, andre@0: const unsigned char * seed, andre@0: DSAPrivateKey **privKey); andre@0: andre@0: /* For FIPS compliance testing. Seed must be exactly 20 bytes. */ andre@0: extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey * key, andre@0: SECItem * signature, andre@0: const SECItem * digest, andre@0: const unsigned char * seed); andre@0: andre@0: /****************************************************** andre@0: ** Diffie Helman key exchange algorithm andre@0: */ andre@0: andre@0: /* Generates parameters for Diffie-Helman key generation. andre@0: ** primeLen is the length in bytes of prime P to be generated. andre@0: */ andre@0: extern SECStatus DH_GenParam(int primeLen, DHParams ** params); andre@0: andre@0: /* Generates a public and private key, both of which are encoded in a single andre@0: ** DHPrivateKey struct. Params is input, privKey are output. andre@0: ** This is Phase 1 of Diffie Hellman. andre@0: */ andre@0: extern SECStatus DH_NewKey(DHParams * params, andre@0: DHPrivateKey ** privKey); andre@0: andre@0: /* andre@0: ** DH_Derive does the Diffie-Hellman phase 2 calculation, using the andre@0: ** other party's publicValue, and the prime and our privateValue. andre@0: ** maxOutBytes is the requested length of the generated secret in bytes. andre@0: ** A zero value means produce a value of any length up to the size of andre@0: ** the prime. If successful, derivedSecret->data is set andre@0: ** to the address of the newly allocated buffer containing the derived andre@0: ** secret, and derivedSecret->len is the size of the secret produced. andre@0: ** The size of the secret produced will depend on the value of outBytes. andre@0: ** If outBytes is 0, the key length will be all the significant bytes of andre@0: ** the derived secret (leading zeros are dropped). This length could be less andre@0: ** than the length of the prime. If outBytes is nonzero, the length of the andre@0: ** produced key will be outBytes long. If the key is truncated, the most andre@0: ** significant bytes are truncated. If it is expanded, zero bytes are added andre@0: ** at the beginning. andre@0: ** It is the caller's responsibility to free the allocated buffer andre@0: ** containing the derived secret. andre@0: */ andre@0: extern SECStatus DH_Derive(SECItem * publicValue, andre@0: SECItem * prime, andre@0: SECItem * privateValue, andre@0: SECItem * derivedSecret, andre@0: unsigned int outBytes); andre@0: andre@0: /* andre@0: ** KEA_CalcKey returns octet string with the private key for a dual andre@0: ** Diffie-Helman key generation as specified for government key exchange. andre@0: */ andre@0: extern SECStatus KEA_Derive(SECItem *prime, andre@0: SECItem *public1, andre@0: SECItem *public2, andre@0: SECItem *private1, andre@0: SECItem *private2, andre@0: SECItem *derivedSecret); andre@0: andre@0: /* andre@0: * verify that a KEA or DSA public key is a valid key for this prime and andre@0: * subprime domain. andre@0: */ andre@0: extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime); andre@0: andre@0: /**************************************** andre@0: * J-PAKE key transport andre@0: */ andre@0: andre@0: /* Given gx == g^x, create a Schnorr zero-knowledge proof for the value x andre@0: * using the specified hash algorithm and signer ID. The signature is andre@0: * returned in the values gv and r. testRandom must be NULL for a PRNG andre@0: * generated random committment to be used in the sigature. When testRandom andre@0: * is non-NULL, that value must contain a value in the subgroup q; that andre@0: * value will be used instead of a PRNG-generated committment in order to andre@0: * facilitate known-answer tests. andre@0: * andre@0: * If gxIn is non-NULL then it must contain a pre-computed value of g^x that andre@0: * will be used by the function; in this case, the gxOut parameter must be NULL. andre@0: * If the gxIn parameter is NULL then gxOut must be non-NULL; in this case andre@0: * gxOut will contain the value g^x on output. andre@0: * andre@0: * gx (if not supplied by the caller), gv, and r will be allocated in the arena. andre@0: * The arena is *not* optional so do not pass NULL for the arena parameter. andre@0: * The arena should be zeroed when it is freed. andre@0: */ andre@0: SECStatus andre@0: JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType, andre@0: const SECItem * signerID, const SECItem * x, andre@0: const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut, andre@0: SECItem * gv, SECItem * r); andre@0: andre@0: /* Given gx == g^x, verify the Schnorr zero-knowledge proof (gv, r) for the andre@0: * value x using the specified hash algorithm and signer ID. andre@0: * andre@0: * The arena is *not* optional so do not pass NULL for the arena parameter. andre@0: */ andre@0: SECStatus andre@0: JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg, andre@0: HASH_HashType hashType, const SECItem * signerID, andre@0: const SECItem * peerID, const SECItem * gx, andre@0: const SECItem * gv, const SECItem * r); andre@0: andre@0: /* Call before round 2 with x2, s, and x2s all non-NULL. This will calculate andre@0: * base = g^(x1+x3+x4) (mod p) and x2s = x2*s (mod q). The values to send in andre@0: * round 2 (A and the proof of knowledge of x2s) can then be calculated with andre@0: * JPAKE_Sign using pqg->base = base and x = x2s. andre@0: * andre@0: * Call after round 2 with x2, s, and x2s all NULL, and passing (gx1, gx2, gx3) andre@0: * instead of (gx1, gx3, gx4). This will calculate base = g^(x1+x2+x3). Then call andre@0: * JPAKE_Verify with pqg->base = base and then JPAKE_Final. andre@0: * andre@0: * base and x2s will be allocated in the arena. The arena is *not* optional so andre@0: * do not pass NULL for the arena parameter. The arena should be zeroed when it andre@0: * is freed. andre@0: */ andre@0: SECStatus andre@0: JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem *q, andre@0: const SECItem * gx1, const SECItem * gx3, const SECItem * gx4, andre@0: SECItem * base, const SECItem * x2, const SECItem * s, SECItem * x2s); andre@0: andre@0: /* K = (B/g^(x2*x4*s))^x2 (mod p) andre@0: * andre@0: * K will be allocated in the arena. The arena is *not* optional so do not pass andre@0: * NULL for the arena parameter. The arena should be zeroed when it is freed. andre@0: */ andre@0: SECStatus andre@0: JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem *q, andre@0: const SECItem * x2, const SECItem * gx4, const SECItem * x2s, andre@0: const SECItem * B, SECItem * K); andre@0: andre@0: /****************************************************** andre@0: ** Elliptic Curve algorithms andre@0: */ andre@0: andre@0: /* Generates a public and private key, both of which are encoded andre@0: ** in a single ECPrivateKey struct. Params is input, privKey are andre@0: ** output. andre@0: */ andre@0: extern SECStatus EC_NewKey(ECParams * params, andre@0: ECPrivateKey ** privKey); andre@0: andre@0: extern SECStatus EC_NewKeyFromSeed(ECParams * params, andre@0: ECPrivateKey ** privKey, andre@0: const unsigned char* seed, andre@0: int seedlen); andre@0: andre@0: /* Validates an EC public key as described in Section 5.2.2 of andre@0: * X9.62. Such validation prevents against small subgroup attacks andre@0: * when the ECDH primitive is used with the cofactor. andre@0: */ andre@0: extern SECStatus EC_ValidatePublicKey(ECParams * params, andre@0: SECItem * publicValue); andre@0: andre@0: /* andre@0: ** ECDH_Derive performs a scalar point multiplication of a point andre@0: ** representing a (peer's) public key and a large integer representing andre@0: ** a private key (its own). Both keys must use the same elliptic curve andre@0: ** parameters. If the withCofactor parameter is true, the andre@0: ** multiplication also uses the cofactor associated with the curve andre@0: ** parameters. The output of this scheme is the x-coordinate of the andre@0: ** resulting point. If successful, derivedSecret->data is set to the andre@0: ** address of the newly allocated buffer containing the derived andre@0: ** secret, and derivedSecret->len is the size of the secret andre@0: ** produced. It is the caller's responsibility to free the allocated andre@0: ** buffer containing the derived secret. andre@0: */ andre@0: extern SECStatus ECDH_Derive(SECItem * publicValue, andre@0: ECParams * params, andre@0: SECItem * privateValue, andre@0: PRBool withCofactor, andre@0: SECItem * derivedSecret); andre@0: andre@0: /* On input, signature->len == size of buffer to hold signature. andre@0: ** digest->len == size of digest. andre@0: ** On output, signature->len == size of signature in buffer. andre@0: ** Uses a random seed. andre@0: */ andre@0: extern SECStatus ECDSA_SignDigest(ECPrivateKey *key, andre@0: SECItem *signature, andre@0: const SECItem *digest); andre@0: andre@0: /* On input, signature->len == size of buffer to hold signature. andre@0: ** digest->len == size of digest. andre@0: */ andre@0: extern SECStatus ECDSA_VerifyDigest(ECPublicKey *key, andre@0: const SECItem *signature, andre@0: const SECItem *digest); andre@0: andre@0: /* Uses the provided seed. */ andre@0: extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey *key, andre@0: SECItem *signature, andre@0: const SECItem *digest, andre@0: const unsigned char *seed, andre@0: const int seedlen); andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** RC4 symmetric stream cypher andre@0: */ andre@0: andre@0: /* andre@0: ** Create a new RC4 context suitable for RC4 encryption/decryption. andre@0: ** "key" raw key data andre@0: ** "len" the number of bytes of key data andre@0: */ andre@0: extern RC4Context *RC4_CreateContext(const unsigned char *key, int len); andre@0: andre@0: extern RC4Context *RC4_AllocateContext(void); andre@0: extern SECStatus RC4_InitContext(RC4Context *cx, andre@0: const unsigned char *key, andre@0: unsigned int keylen, andre@0: const unsigned char *, andre@0: int, andre@0: unsigned int , andre@0: unsigned int ); andre@0: andre@0: /* andre@0: ** Destroy an RC4 encryption/decryption context. andre@0: ** "cx" the context andre@0: ** "freeit" if PR_TRUE then free the object as well as its sub-objects andre@0: */ andre@0: extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit); andre@0: andre@0: /* andre@0: ** Perform RC4 encryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the encrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /* andre@0: ** Perform RC4 decryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the decrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** RC2 symmetric block cypher andre@0: */ andre@0: andre@0: /* andre@0: ** Create a new RC2 context suitable for RC2 encryption/decryption. andre@0: ** "key" raw key data andre@0: ** "len" the number of bytes of key data andre@0: ** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC) andre@0: ** "mode" one of NSS_RC2 or NSS_RC2_CBC andre@0: ** "effectiveKeyLen" is the effective key length (as specified in andre@0: ** RFC 2268) in bytes (not bits). andre@0: ** andre@0: ** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block andre@0: ** chaining" mode. andre@0: */ andre@0: extern RC2Context *RC2_CreateContext(const unsigned char *key, unsigned int len, andre@0: const unsigned char *iv, int mode, andre@0: unsigned effectiveKeyLen); andre@0: extern RC2Context *RC2_AllocateContext(void); andre@0: extern SECStatus RC2_InitContext(RC2Context *cx, andre@0: const unsigned char *key, andre@0: unsigned int keylen, andre@0: const unsigned char *iv, andre@0: int mode, andre@0: unsigned int effectiveKeyLen, andre@0: unsigned int ); andre@0: andre@0: /* andre@0: ** Destroy an RC2 encryption/decryption context. andre@0: ** "cx" the context andre@0: ** "freeit" if PR_TRUE then free the object as well as its sub-objects andre@0: */ andre@0: extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit); andre@0: andre@0: /* andre@0: ** Perform RC2 encryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the encrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /* andre@0: ** Perform RC2 decryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the decrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** RC5 symmetric block cypher -- 64-bit block size andre@0: */ andre@0: andre@0: /* andre@0: ** Create a new RC5 context suitable for RC5 encryption/decryption. andre@0: ** "key" raw key data andre@0: ** "len" the number of bytes of key data andre@0: ** "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC) andre@0: ** "mode" one of NSS_RC5 or NSS_RC5_CBC andre@0: ** andre@0: ** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block andre@0: ** chaining" mode. andre@0: */ andre@0: extern RC5Context *RC5_CreateContext(const SECItem *key, unsigned int rounds, andre@0: unsigned int wordSize, const unsigned char *iv, int mode); andre@0: extern RC5Context *RC5_AllocateContext(void); andre@0: extern SECStatus RC5_InitContext(RC5Context *cx, andre@0: const unsigned char *key, andre@0: unsigned int keylen, andre@0: const unsigned char *iv, andre@0: int mode, andre@0: unsigned int rounds, andre@0: unsigned int wordSize); andre@0: andre@0: /* andre@0: ** Destroy an RC5 encryption/decryption context. andre@0: ** "cx" the context andre@0: ** "freeit" if PR_TRUE then free the object as well as its sub-objects andre@0: */ andre@0: extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit); andre@0: andre@0: /* andre@0: ** Perform RC5 encryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the encrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /* andre@0: ** Perform RC5 decryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the decrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: andre@0: extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** DES symmetric block cypher andre@0: */ andre@0: andre@0: /* andre@0: ** Create a new DES context suitable for DES encryption/decryption. andre@0: ** "key" raw key data andre@0: ** "len" the number of bytes of key data andre@0: ** "iv" is the CBC initialization vector (if mode is NSS_DES_CBC or andre@0: ** mode is DES_EDE3_CBC) andre@0: ** "mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC andre@0: ** "encrypt" is PR_TRUE if the context will be used for encryption andre@0: ** andre@0: ** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES andre@0: ** cipher is run in "cipher block chaining" mode. andre@0: */ andre@0: extern DESContext *DES_CreateContext(const unsigned char *key, andre@0: const unsigned char *iv, andre@0: int mode, PRBool encrypt); andre@0: extern DESContext *DES_AllocateContext(void); andre@0: extern SECStatus DES_InitContext(DESContext *cx, andre@0: const unsigned char *key, andre@0: unsigned int keylen, andre@0: const unsigned char *iv, andre@0: int mode, andre@0: unsigned int encrypt, andre@0: unsigned int ); andre@0: andre@0: /* andre@0: ** Destroy an DES encryption/decryption context. andre@0: ** "cx" the context andre@0: ** "freeit" if PR_TRUE then free the object as well as its sub-objects andre@0: */ andre@0: extern void DES_DestroyContext(DESContext *cx, PRBool freeit); andre@0: andre@0: /* andre@0: ** Perform DES encryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the encrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: ** andre@0: ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH andre@0: */ andre@0: extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /* andre@0: ** Perform DES decryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the decrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: ** andre@0: ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH andre@0: */ andre@0: extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** SEED symmetric block cypher andre@0: */ andre@0: extern SEEDContext * andre@0: SEED_CreateContext(const unsigned char *key, const unsigned char *iv, andre@0: int mode, PRBool encrypt); andre@0: extern SEEDContext *SEED_AllocateContext(void); andre@0: extern SECStatus SEED_InitContext(SEEDContext *cx, andre@0: const unsigned char *key, andre@0: unsigned int keylen, andre@0: const unsigned char *iv, andre@0: int mode, unsigned int encrypt, andre@0: unsigned int ); andre@0: extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit); andre@0: extern SECStatus andre@0: SEED_Encrypt(SEEDContext *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: extern SECStatus andre@0: SEED_Decrypt(SEEDContext *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** AES symmetric block cypher (Rijndael) andre@0: */ andre@0: andre@0: /* andre@0: ** Create a new AES context suitable for AES encryption/decryption. andre@0: ** "key" raw key data andre@0: ** "keylen" the number of bytes of key data (16, 24, or 32) andre@0: ** "blocklen" is the blocksize to use (16, 24, or 32) andre@0: ** XXX currently only blocksize==16 has been tested! andre@0: */ andre@0: extern AESContext * andre@0: AES_CreateContext(const unsigned char *key, const unsigned char *iv, andre@0: int mode, int encrypt, andre@0: unsigned int keylen, unsigned int blocklen); andre@0: extern AESContext *AES_AllocateContext(void); andre@0: extern SECStatus AES_InitContext(AESContext *cx, andre@0: const unsigned char *key, andre@0: unsigned int keylen, andre@0: const unsigned char *iv, andre@0: int mode, andre@0: unsigned int encrypt, andre@0: unsigned int blocklen); andre@0: andre@0: /* andre@0: ** Destroy a AES encryption/decryption context. andre@0: ** "cx" the context andre@0: ** "freeit" if PR_TRUE then free the object as well as its sub-objects andre@0: */ andre@0: extern void andre@0: AES_DestroyContext(AESContext *cx, PRBool freeit); andre@0: andre@0: /* andre@0: ** Perform AES encryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the encrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: extern SECStatus andre@0: AES_Encrypt(AESContext *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /* andre@0: ** Perform AES decryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the decrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: extern SECStatus andre@0: AES_Decrypt(AESContext *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** AES key wrap algorithm, RFC 3394 andre@0: */ andre@0: andre@0: /* andre@0: ** Create a new AES context suitable for AES encryption/decryption. andre@0: ** "key" raw key data andre@0: ** "iv" The 8 byte "initial value" andre@0: ** "encrypt", a boolean, true for key wrapping, false for unwrapping. andre@0: ** "keylen" the number of bytes of key data (16, 24, or 32) andre@0: */ andre@0: extern AESKeyWrapContext * andre@0: AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv, andre@0: int encrypt, unsigned int keylen); andre@0: extern AESKeyWrapContext * AESKeyWrap_AllocateContext(void); andre@0: extern SECStatus andre@0: AESKeyWrap_InitContext(AESKeyWrapContext *cx, andre@0: const unsigned char *key, andre@0: unsigned int keylen, andre@0: const unsigned char *iv, andre@0: int , andre@0: unsigned int encrypt, andre@0: unsigned int ); andre@0: andre@0: /* andre@0: ** Destroy a AES KeyWrap context. andre@0: ** "cx" the context andre@0: ** "freeit" if PR_TRUE then free the object as well as its sub-objects andre@0: */ andre@0: extern void andre@0: AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit); andre@0: andre@0: /* andre@0: ** Perform AES key wrap. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the encrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: extern SECStatus andre@0: AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /* andre@0: ** Perform AES key unwrap. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the decrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: extern SECStatus andre@0: AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** Camellia symmetric block cypher andre@0: */ andre@0: andre@0: /* andre@0: ** Create a new Camellia context suitable for Camellia encryption/decryption. andre@0: ** "key" raw key data andre@0: ** "keylen" the number of bytes of key data (16, 24, or 32) andre@0: */ andre@0: extern CamelliaContext * andre@0: Camellia_CreateContext(const unsigned char *key, const unsigned char *iv, andre@0: int mode, int encrypt, unsigned int keylen); andre@0: andre@0: extern CamelliaContext *Camellia_AllocateContext(void); andre@0: extern SECStatus Camellia_InitContext(CamelliaContext *cx, andre@0: const unsigned char *key, andre@0: unsigned int keylen, andre@0: const unsigned char *iv, andre@0: int mode, andre@0: unsigned int encrypt, andre@0: unsigned int unused); andre@0: /* andre@0: ** Destroy a Camellia encryption/decryption context. andre@0: ** "cx" the context andre@0: ** "freeit" if PR_TRUE then free the object as well as its sub-objects andre@0: */ andre@0: extern void andre@0: Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit); andre@0: andre@0: /* andre@0: ** Perform Camellia encryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the encrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: extern SECStatus andre@0: Camellia_Encrypt(CamelliaContext *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /* andre@0: ** Perform Camellia decryption. andre@0: ** "cx" the context andre@0: ** "output" the output buffer to store the decrypted data. andre@0: ** "outputLen" how much data is stored in "output". Set by the routine andre@0: ** after some data is stored in output. andre@0: ** "maxOutputLen" the maximum amount of data that can ever be andre@0: ** stored in "output" andre@0: ** "input" the input data andre@0: ** "inputLen" the amount of input data andre@0: */ andre@0: extern SECStatus andre@0: Camellia_Decrypt(CamelliaContext *cx, unsigned char *output, andre@0: unsigned int *outputLen, unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** ChaCha20+Poly1305 AEAD andre@0: */ andre@0: andre@0: extern SECStatus andre@0: ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx, andre@0: const unsigned char *key, unsigned int keyLen, andre@0: unsigned int tagLen); andre@0: andre@0: extern ChaCha20Poly1305Context * andre@0: ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen, andre@0: unsigned int tagLen); andre@0: andre@0: extern void andre@0: ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, PRBool freeit); andre@0: andre@0: extern SECStatus andre@0: ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx, andre@0: unsigned char *output, unsigned int *outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen, andre@0: const unsigned char *nonce, unsigned int nonceLen, andre@0: const unsigned char *ad, unsigned int adLen); andre@0: andre@0: extern SECStatus andre@0: ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, andre@0: unsigned char *output, unsigned int *outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char *input, unsigned int inputLen, andre@0: const unsigned char *nonce, unsigned int nonceLen, andre@0: const unsigned char *ad, unsigned int adLen); andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** MD5 secure hash function andre@0: */ andre@0: andre@0: /* andre@0: ** Hash a null terminated string "src" into "dest" using MD5 andre@0: */ andre@0: extern SECStatus MD5_Hash(unsigned char *dest, const char *src); andre@0: andre@0: /* andre@0: ** Hash a non-null terminated string "src" into "dest" using MD5 andre@0: */ andre@0: extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src, andre@0: PRUint32 src_length); andre@0: andre@0: /* andre@0: ** Create a new MD5 context andre@0: */ andre@0: extern MD5Context *MD5_NewContext(void); andre@0: andre@0: andre@0: /* andre@0: ** Destroy an MD5 secure hash context. andre@0: ** "cx" the context andre@0: ** "freeit" if PR_TRUE then free the object as well as its sub-objects andre@0: */ andre@0: extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit); andre@0: andre@0: /* andre@0: ** Reset an MD5 context, preparing it for a fresh round of hashing andre@0: */ andre@0: extern void MD5_Begin(MD5Context *cx); andre@0: andre@0: /* andre@0: ** Update the MD5 hash function with more data. andre@0: ** "cx" the context andre@0: ** "input" the data to hash andre@0: ** "inputLen" the amount of data to hash andre@0: */ andre@0: extern void MD5_Update(MD5Context *cx, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /* andre@0: ** Finish the MD5 hash function. Produce the digested results in "digest" andre@0: ** "cx" the context andre@0: ** "digest" where the 16 bytes of digest data are stored andre@0: ** "digestLen" where the digest length (16) is stored andre@0: ** "maxDigestLen" the maximum amount of data that can ever be andre@0: ** stored in "digest" andre@0: */ andre@0: extern void MD5_End(MD5Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: andre@0: /* andre@0: ** Export the current state of the MD5 hash without appending the standard andre@0: ** padding and length bytes. Produce the digested results in "digest" andre@0: ** "cx" the context andre@0: ** "digest" where the 16 bytes of digest data are stored andre@0: ** "digestLen" where the digest length (16) is stored (optional) andre@0: ** "maxDigestLen" the maximum amount of data that can ever be andre@0: ** stored in "digest" andre@0: */ andre@0: extern void MD5_EndRaw(MD5Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: andre@0: /* andre@0: * Return the the size of a buffer needed to flatten the MD5 Context into andre@0: * "cx" the context andre@0: * returns size; andre@0: */ andre@0: extern unsigned int MD5_FlattenSize(MD5Context *cx); andre@0: andre@0: /* andre@0: * Flatten the MD5 Context into a buffer: andre@0: * "cx" the context andre@0: * "space" the buffer to flatten to andre@0: * returns status; andre@0: */ andre@0: extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space); andre@0: andre@0: /* andre@0: * Resurrect a flattened context into a MD5 Context andre@0: * "space" the buffer of the flattend buffer andre@0: * "arg" ptr to void used by cryptographic resurrect andre@0: * returns resurected context; andre@0: */ andre@0: extern MD5Context * MD5_Resurrect(unsigned char *space, void *arg); andre@0: extern void MD5_Clone(MD5Context *dest, MD5Context *src); andre@0: andre@0: /* andre@0: ** trace the intermediate state info of the MD5 hash. andre@0: */ andre@0: extern void MD5_TraceState(MD5Context *cx); andre@0: andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** MD2 secure hash function andre@0: */ andre@0: andre@0: /* andre@0: ** Hash a null terminated string "src" into "dest" using MD2 andre@0: */ andre@0: extern SECStatus MD2_Hash(unsigned char *dest, const char *src); andre@0: andre@0: /* andre@0: ** Create a new MD2 context andre@0: */ andre@0: extern MD2Context *MD2_NewContext(void); andre@0: andre@0: andre@0: /* andre@0: ** Destroy an MD2 secure hash context. andre@0: ** "cx" the context andre@0: ** "freeit" if PR_TRUE then free the object as well as its sub-objects andre@0: */ andre@0: extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit); andre@0: andre@0: /* andre@0: ** Reset an MD2 context, preparing it for a fresh round of hashing andre@0: */ andre@0: extern void MD2_Begin(MD2Context *cx); andre@0: andre@0: /* andre@0: ** Update the MD2 hash function with more data. andre@0: ** "cx" the context andre@0: ** "input" the data to hash andre@0: ** "inputLen" the amount of data to hash andre@0: */ andre@0: extern void MD2_Update(MD2Context *cx, andre@0: const unsigned char *input, unsigned int inputLen); andre@0: andre@0: /* andre@0: ** Finish the MD2 hash function. Produce the digested results in "digest" andre@0: ** "cx" the context andre@0: ** "digest" where the 16 bytes of digest data are stored andre@0: ** "digestLen" where the digest length (16) is stored andre@0: ** "maxDigestLen" the maximum amount of data that can ever be andre@0: ** stored in "digest" andre@0: */ andre@0: extern void MD2_End(MD2Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: andre@0: /* andre@0: * Return the the size of a buffer needed to flatten the MD2 Context into andre@0: * "cx" the context andre@0: * returns size; andre@0: */ andre@0: extern unsigned int MD2_FlattenSize(MD2Context *cx); andre@0: andre@0: /* andre@0: * Flatten the MD2 Context into a buffer: andre@0: * "cx" the context andre@0: * "space" the buffer to flatten to andre@0: * returns status; andre@0: */ andre@0: extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space); andre@0: andre@0: /* andre@0: * Resurrect a flattened context into a MD2 Context andre@0: * "space" the buffer of the flattend buffer andre@0: * "arg" ptr to void used by cryptographic resurrect andre@0: * returns resurected context; andre@0: */ andre@0: extern MD2Context * MD2_Resurrect(unsigned char *space, void *arg); andre@0: extern void MD2_Clone(MD2Context *dest, MD2Context *src); andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** SHA-1 secure hash function andre@0: */ andre@0: andre@0: /* andre@0: ** Hash a null terminated string "src" into "dest" using SHA-1 andre@0: */ andre@0: extern SECStatus SHA1_Hash(unsigned char *dest, const char *src); andre@0: andre@0: /* andre@0: ** Hash a non-null terminated string "src" into "dest" using SHA-1 andre@0: */ andre@0: extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src, andre@0: PRUint32 src_length); andre@0: andre@0: /* andre@0: ** Create a new SHA-1 context andre@0: */ andre@0: extern SHA1Context *SHA1_NewContext(void); andre@0: andre@0: andre@0: /* andre@0: ** Destroy a SHA-1 secure hash context. andre@0: ** "cx" the context andre@0: ** "freeit" if PR_TRUE then free the object as well as its sub-objects andre@0: */ andre@0: extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit); andre@0: andre@0: /* andre@0: ** Reset a SHA-1 context, preparing it for a fresh round of hashing andre@0: */ andre@0: extern void SHA1_Begin(SHA1Context *cx); andre@0: andre@0: /* andre@0: ** Update the SHA-1 hash function with more data. andre@0: ** "cx" the context andre@0: ** "input" the data to hash andre@0: ** "inputLen" the amount of data to hash andre@0: */ andre@0: extern void SHA1_Update(SHA1Context *cx, const unsigned char *input, andre@0: unsigned int inputLen); andre@0: andre@0: /* andre@0: ** Finish the SHA-1 hash function. Produce the digested results in "digest" andre@0: ** "cx" the context andre@0: ** "digest" where the 16 bytes of digest data are stored andre@0: ** "digestLen" where the digest length (20) is stored andre@0: ** "maxDigestLen" the maximum amount of data that can ever be andre@0: ** stored in "digest" andre@0: */ andre@0: extern void SHA1_End(SHA1Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: andre@0: /* andre@0: ** Export the current state of the SHA-1 hash without appending the standard andre@0: ** padding and length bytes. Produce the digested results in "digest" andre@0: ** "cx" the context andre@0: ** "digest" where the 20 bytes of digest data are stored andre@0: ** "digestLen" where the digest length (20) is stored (optional) andre@0: ** "maxDigestLen" the maximum amount of data that can ever be andre@0: ** stored in "digest" andre@0: */ andre@0: extern void SHA1_EndRaw(SHA1Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: andre@0: /* andre@0: ** trace the intermediate state info of the SHA1 hash. andre@0: */ andre@0: extern void SHA1_TraceState(SHA1Context *cx); andre@0: andre@0: /* andre@0: * Return the the size of a buffer needed to flatten the SHA-1 Context into andre@0: * "cx" the context andre@0: * returns size; andre@0: */ andre@0: extern unsigned int SHA1_FlattenSize(SHA1Context *cx); andre@0: andre@0: /* andre@0: * Flatten the SHA-1 Context into a buffer: andre@0: * "cx" the context andre@0: * "space" the buffer to flatten to andre@0: * returns status; andre@0: */ andre@0: extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space); andre@0: andre@0: /* andre@0: * Resurrect a flattened context into a SHA-1 Context andre@0: * "space" the buffer of the flattend buffer andre@0: * "arg" ptr to void used by cryptographic resurrect andre@0: * returns resurected context; andre@0: */ andre@0: extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg); andre@0: extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src); andre@0: andre@0: /******************************************/ andre@0: andre@0: extern SHA224Context *SHA224_NewContext(void); andre@0: extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit); andre@0: extern void SHA224_Begin(SHA224Context *cx); andre@0: extern void SHA224_Update(SHA224Context *cx, const unsigned char *input, andre@0: unsigned int inputLen); andre@0: extern void SHA224_End(SHA224Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: /* andre@0: ** Export the current state of the SHA-224 hash without appending the standard andre@0: ** padding and length bytes. Produce the digested results in "digest" andre@0: ** "cx" the context andre@0: ** "digest" where the 28 bytes of digest data are stored andre@0: ** "digestLen" where the digest length (28) is stored (optional) andre@0: ** "maxDigestLen" the maximum amount of data that can ever be andre@0: ** stored in "digest" andre@0: */ andre@0: extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src, andre@0: PRUint32 src_length); andre@0: extern SECStatus SHA224_Hash(unsigned char *dest, const char *src); andre@0: extern void SHA224_TraceState(SHA224Context *cx); andre@0: extern unsigned int SHA224_FlattenSize(SHA224Context *cx); andre@0: extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space); andre@0: extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg); andre@0: extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src); andre@0: andre@0: /******************************************/ andre@0: andre@0: extern SHA256Context *SHA256_NewContext(void); andre@0: extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit); andre@0: extern void SHA256_Begin(SHA256Context *cx); andre@0: extern void SHA256_Update(SHA256Context *cx, const unsigned char *input, andre@0: unsigned int inputLen); andre@0: extern void SHA256_End(SHA256Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: /* andre@0: ** Export the current state of the SHA-256 hash without appending the standard andre@0: ** padding and length bytes. Produce the digested results in "digest" andre@0: ** "cx" the context andre@0: ** "digest" where the 32 bytes of digest data are stored andre@0: ** "digestLen" where the digest length (32) is stored (optional) andre@0: ** "maxDigestLen" the maximum amount of data that can ever be andre@0: ** stored in "digest" andre@0: */ andre@0: extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src, andre@0: PRUint32 src_length); andre@0: extern SECStatus SHA256_Hash(unsigned char *dest, const char *src); andre@0: extern void SHA256_TraceState(SHA256Context *cx); andre@0: extern unsigned int SHA256_FlattenSize(SHA256Context *cx); andre@0: extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space); andre@0: extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg); andre@0: extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src); andre@0: andre@0: /******************************************/ andre@0: andre@0: extern SHA512Context *SHA512_NewContext(void); andre@0: extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit); andre@0: extern void SHA512_Begin(SHA512Context *cx); andre@0: extern void SHA512_Update(SHA512Context *cx, const unsigned char *input, andre@0: unsigned int inputLen); andre@0: /* andre@0: ** Export the current state of the SHA-512 hash without appending the standard andre@0: ** padding and length bytes. Produce the digested results in "digest" andre@0: ** "cx" the context andre@0: ** "digest" where the 64 bytes of digest data are stored andre@0: ** "digestLen" where the digest length (64) is stored (optional) andre@0: ** "maxDigestLen" the maximum amount of data that can ever be andre@0: ** stored in "digest" andre@0: */ andre@0: extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: extern void SHA512_End(SHA512Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src, andre@0: PRUint32 src_length); andre@0: extern SECStatus SHA512_Hash(unsigned char *dest, const char *src); andre@0: extern void SHA512_TraceState(SHA512Context *cx); andre@0: extern unsigned int SHA512_FlattenSize(SHA512Context *cx); andre@0: extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space); andre@0: extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg); andre@0: extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src); andre@0: andre@0: /******************************************/ andre@0: andre@0: extern SHA384Context *SHA384_NewContext(void); andre@0: extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit); andre@0: extern void SHA384_Begin(SHA384Context *cx); andre@0: extern void SHA384_Update(SHA384Context *cx, const unsigned char *input, andre@0: unsigned int inputLen); andre@0: extern void SHA384_End(SHA384Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: /* andre@0: ** Export the current state of the SHA-384 hash without appending the standard andre@0: ** padding and length bytes. Produce the digested results in "digest" andre@0: ** "cx" the context andre@0: ** "digest" where the 48 bytes of digest data are stored andre@0: ** "digestLen" where the digest length (48) is stored (optional) andre@0: ** "maxDigestLen" the maximum amount of data that can ever be andre@0: ** stored in "digest" andre@0: */ andre@0: extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest, andre@0: unsigned int *digestLen, unsigned int maxDigestLen); andre@0: extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src, andre@0: PRUint32 src_length); andre@0: extern SECStatus SHA384_Hash(unsigned char *dest, const char *src); andre@0: extern void SHA384_TraceState(SHA384Context *cx); andre@0: extern unsigned int SHA384_FlattenSize(SHA384Context *cx); andre@0: extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space); andre@0: extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg); andre@0: extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src); andre@0: andre@0: /**************************************** andre@0: * implement TLS 1.0 Pseudo Random Function (PRF) and TLS P_hash function andre@0: */ andre@0: andre@0: extern SECStatus andre@0: TLS_PRF(const SECItem *secret, const char *label, SECItem *seed, andre@0: SECItem *result, PRBool isFIPS); andre@0: andre@0: extern SECStatus andre@0: TLS_P_hash(HASH_HashType hashAlg, const SECItem *secret, const char *label, andre@0: SECItem *seed, SECItem *result, PRBool isFIPS); andre@0: andre@0: /******************************************/ andre@0: /* andre@0: ** Pseudo Random Number Generation. FIPS compliance desirable. andre@0: */ andre@0: andre@0: /* andre@0: ** Initialize the global RNG context and give it some seed input taken andre@0: ** from the system. This function is thread-safe and will only allow andre@0: ** the global context to be initialized once. The seed input is likely andre@0: ** small, so it is imperative that RNG_RandomUpdate() be called with andre@0: ** additional seed data before the generator is used. A good way to andre@0: ** provide the generator with additional entropy is to call andre@0: ** RNG_SystemInfoForRNG(). Note that NSS_Init() does exactly that. andre@0: */ andre@0: extern SECStatus RNG_RNGInit(void); andre@0: andre@0: /* andre@0: ** Update the global random number generator with more seeding andre@0: ** material andre@0: */ andre@0: extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes); andre@0: andre@0: /* andre@0: ** Generate some random bytes, using the global random number generator andre@0: ** object. andre@0: */ andre@0: extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len); andre@0: andre@0: /* Destroy the global RNG context. After a call to RNG_RNGShutdown() andre@0: ** a call to RNG_RNGInit() is required in order to use the generator again, andre@0: ** along with seed data (see the comment above RNG_RNGInit()). andre@0: */ andre@0: extern void RNG_RNGShutdown(void); andre@0: andre@0: extern void RNG_SystemInfoForRNG(void); andre@0: andre@0: /* andre@0: * FIPS 186-2 Change Notice 1 RNG Algorithm 1, used both to andre@0: * generate the DSA X parameter and as a generic purpose RNG. andre@0: * andre@0: * The following two FIPS186Change functions are needed for andre@0: * NIST RNG Validation System. andre@0: */ andre@0: andre@0: /* andre@0: * FIPS186Change_GenerateX is now deprecated. It will return SECFailure with andre@0: * the error set to PR_NOT_IMPLEMENTED_ERROR. andre@0: */ andre@0: extern SECStatus andre@0: FIPS186Change_GenerateX(unsigned char *XKEY, andre@0: const unsigned char *XSEEDj, andre@0: unsigned char *x_j); andre@0: andre@0: /* andre@0: * When generating the DSA X parameter, we generate 2*GSIZE bytes andre@0: * of random output and reduce it mod q. andre@0: * andre@0: * Input: w, 2*GSIZE bytes andre@0: * q, DSA_SUBPRIME_LEN bytes andre@0: * Output: xj, DSA_SUBPRIME_LEN bytes andre@0: */ andre@0: extern SECStatus andre@0: FIPS186Change_ReduceModQForDSA(const unsigned char *w, andre@0: const unsigned char *q, andre@0: unsigned char *xj); andre@0: andre@0: /* andre@0: * The following functions are for FIPS poweron self test and FIPS algorithm andre@0: * testing. andre@0: */ andre@0: extern SECStatus andre@0: PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len, andre@0: const PRUint8 *nonce, unsigned int nonce_len, andre@0: const PRUint8 *personal_string, unsigned int ps_len); andre@0: andre@0: extern SECStatus andre@0: PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len, andre@0: const PRUint8 *additional, unsigned int additional_len); andre@0: andre@0: extern SECStatus andre@0: PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len, andre@0: const PRUint8 *additional, unsigned int additional_len); andre@0: andre@0: extern SECStatus andre@0: PRNGTEST_Uninstantiate(void); andre@0: andre@0: extern SECStatus andre@0: PRNGTEST_RunHealthTests(void); andre@0: andre@0: /* Generate PQGParams and PQGVerify structs. andre@0: * Length of seed and length of h both equal length of P. andre@0: * All lengths are specified by "j", according to the table above. andre@0: * andre@0: * The verify parameters will conform to FIPS186-1. andre@0: */ andre@0: extern SECStatus andre@0: PQG_ParamGen(unsigned int j, /* input : determines length of P. */ andre@0: PQGParams **pParams, /* output: P Q and G returned here */ andre@0: PQGVerify **pVfy); /* output: counter and seed. */ andre@0: andre@0: /* Generate PQGParams and PQGVerify structs. andre@0: * Length of P specified by j. Length of h will match length of P. andre@0: * Length of SEED in bytes specified in seedBytes. andre@0: * seedBbytes must be in the range [20..255] or an error will result. andre@0: * andre@0: * The verify parameters will conform to FIPS186-1. andre@0: */ andre@0: extern SECStatus andre@0: PQG_ParamGenSeedLen( andre@0: unsigned int j, /* input : determines length of P. */ andre@0: unsigned int seedBytes, /* input : length of seed in bytes.*/ andre@0: PQGParams **pParams, /* output: P Q and G returned here */ andre@0: PQGVerify **pVfy); /* output: counter and seed. */ andre@0: andre@0: /* Generate PQGParams and PQGVerify structs. andre@0: * Length of P specified by L in bits. andre@0: * Length of Q specified by N in bits. andre@0: * Length of SEED in bytes specified in seedBytes. andre@0: * seedBbytes must be in the range [N..L*2] or an error will result. andre@0: * andre@0: * Not that J uses the above table, L is the length exact. L and N must andre@0: * match the table below or an error will result: andre@0: * andre@0: * L N andre@0: * 1024 160 andre@0: * 2048 224 andre@0: * 2048 256 andre@0: * 3072 256 andre@0: * andre@0: * If N or seedBytes are set to zero, then PQG_ParamGenSeedLen will andre@0: * pick a default value (typically the smallest secure value for these andre@0: * variables). andre@0: * andre@0: * The verify parameters will conform to FIPS186-3 using the smallest andre@0: * permissible hash for the key strength. andre@0: */ andre@0: extern SECStatus andre@0: PQG_ParamGenV2( andre@0: unsigned int L, /* input : determines length of P. */ andre@0: unsigned int N, /* input : determines length of Q. */ andre@0: unsigned int seedBytes, /* input : length of seed in bytes.*/ andre@0: PQGParams **pParams, /* output: P Q and G returned here */ andre@0: PQGVerify **pVfy); /* output: counter and seed. */ andre@0: andre@0: andre@0: /* Test PQGParams for validity as DSS PQG values. andre@0: * If vfy is non-NULL, test PQGParams to make sure they were generated andre@0: * using the specified seed, counter, and h values. andre@0: * andre@0: * Return value indicates whether Verification operation ran successfully andre@0: * to completion, but does not indicate if PQGParams are valid or not. andre@0: * If return value is SECSuccess, then *pResult has these meanings: andre@0: * SECSuccess: PQGParams are valid. andre@0: * SECFailure: PQGParams are invalid. andre@0: * andre@0: * Verify the PQG againts the counter, SEED and h. andre@0: * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2 andre@0: * PQG_VerifyParams will automatically choose the appropriate test. andre@0: */ andre@0: andre@0: extern SECStatus PQG_VerifyParams(const PQGParams *params, andre@0: const PQGVerify *vfy, SECStatus *result); andre@0: andre@0: extern void PQG_DestroyParams(PQGParams *params); andre@0: andre@0: extern void PQG_DestroyVerify(PQGVerify *vfy); andre@0: andre@0: andre@0: /* andre@0: * clean-up any global tables freebl may have allocated after it starts up. andre@0: * This function is not thread safe and should be called only after the andre@0: * library has been quiessed. andre@0: */ andre@0: extern void BL_Cleanup(void); andre@0: andre@0: /* unload freebl shared library from memory */ andre@0: extern void BL_Unload(void); andre@0: andre@0: /************************************************************************** andre@0: * Verify a given Shared library signature * andre@0: **************************************************************************/ andre@0: PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr); andre@0: andre@0: /************************************************************************** andre@0: * Verify a given filename's signature * andre@0: **************************************************************************/ andre@0: PRBool BLAPI_SHVerifyFile(const char *shName); andre@0: andre@0: /************************************************************************** andre@0: * Verify Are Own Shared library signature * andre@0: **************************************************************************/ andre@0: PRBool BLAPI_VerifySelf(const char *name); andre@0: andre@0: /*********************************************************************/ andre@0: extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType); andre@0: andre@0: extern void BL_SetForkState(PRBool forked); andre@0: andre@0: #ifndef NSS_DISABLE_ECC andre@0: /* andre@0: ** pepare an ECParam structure from DEREncoded params andre@0: */ andre@0: extern SECStatus EC_FillParams(PLArenaPool *arena, andre@0: const SECItem *encodedParams, ECParams *params); andre@0: extern SECStatus EC_DecodeParams(const SECItem *encodedParams, andre@0: ECParams **ecparams); andre@0: extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, andre@0: const ECParams *srcParams); andre@0: #endif andre@0: andre@0: SEC_END_PROTOS andre@0: andre@0: #endif /* _BLAPI_H_ */