andre@0: /* andre@0: * blapit.h - public data structures for the freebl library andre@0: * andre@0: * This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #ifndef _BLAPIT_H_ andre@0: #define _BLAPIT_H_ andre@0: andre@0: #include "seccomon.h" andre@0: #include "prlink.h" andre@0: #include "plarena.h" andre@0: #include "ecl-exp.h" andre@0: andre@0: andre@0: /* RC2 operation modes */ andre@0: #define NSS_RC2 0 andre@0: #define NSS_RC2_CBC 1 andre@0: andre@0: /* RC5 operation modes */ andre@0: #define NSS_RC5 0 andre@0: #define NSS_RC5_CBC 1 andre@0: andre@0: /* DES operation modes */ andre@0: #define NSS_DES 0 andre@0: #define NSS_DES_CBC 1 andre@0: #define NSS_DES_EDE3 2 andre@0: #define NSS_DES_EDE3_CBC 3 andre@0: andre@0: #define DES_KEY_LENGTH 8 /* Bytes */ andre@0: andre@0: /* AES operation modes */ andre@0: #define NSS_AES 0 andre@0: #define NSS_AES_CBC 1 andre@0: #define NSS_AES_CTS 2 andre@0: #define NSS_AES_CTR 3 andre@0: #define NSS_AES_GCM 4 andre@0: andre@0: /* Camellia operation modes */ andre@0: #define NSS_CAMELLIA 0 andre@0: #define NSS_CAMELLIA_CBC 1 andre@0: andre@0: /* SEED operation modes */ andre@0: #define NSS_SEED 0 andre@0: #define NSS_SEED_CBC 1 andre@0: andre@0: #define DSA1_SUBPRIME_LEN 20 /* Bytes */ andre@0: #define DSA1_SIGNATURE_LEN (DSA1_SUBPRIME_LEN*2) /* Bytes */ andre@0: #define DSA_MAX_SUBPRIME_LEN 32 /* Bytes */ andre@0: #define DSA_MAX_SIGNATURE_LEN (DSA_MAX_SUBPRIME_LEN*2)/* Bytes */ andre@0: andre@0: /* andre@0: * Mark the old defines as deprecated. This will warn code that expected andre@0: * DSA1 only that they need to change if the are to support DSA2. andre@0: */ andre@0: #if defined(__GNUC__) && (__GNUC__ > 3) andre@0: /* make GCC warn when we use these #defines */ andre@0: typedef int __BLAPI_DEPRECATED __attribute__((deprecated)); andre@0: #define DSA_SUBPRIME_LEN ((__BLAPI_DEPRECATED)DSA1_SUBPRIME_LEN) andre@0: #define DSA_SIGNATURE_LEN ((__BLAPI_DEPRECATED)DSA1_SIGNATURE_LEN) andre@0: #define DSA_Q_BITS ((__BLAPI_DEPRECATED)(DSA1_SUBPRIME_LEN*8)) andre@0: #else andre@0: #ifdef _WIN32 andre@0: /* This magic gets the windows compiler to give us a deprecation andre@0: * warning */ andre@0: #pragma deprecated(DSA_SUBPRIME_LEN, DSA_SIGNATURE_LEN, DSA_QBITS) andre@0: #endif andre@0: #define DSA_SUBPRIME_LEN DSA1_SUBPRIME_LEN andre@0: #define DSA_SIGNATURE_LEN DSA1_SIGNATURE_LEN andre@0: #define DSA_Q_BITS (DSA1_SUBPRIME_LEN*8) andre@0: #endif andre@0: andre@0: andre@0: /* XXX We shouldn't have to hard code this limit. For andre@0: * now, this is the quickest way to support ECDSA signature andre@0: * processing (ECDSA signature lengths depend on curve andre@0: * size). This limit is sufficient for curves upto andre@0: * 576 bits. andre@0: */ andre@0: #define MAX_ECKEY_LEN 72 /* Bytes */ andre@0: andre@0: #ifdef NSS_ECC_MORE_THAN_SUITE_B andre@0: #define EC_MAX_KEY_BITS 571 /* in bits */ andre@0: #define EC_MIN_KEY_BITS 112 /* in bits */ andre@0: #else andre@0: #define EC_MAX_KEY_BITS 521 /* in bits */ andre@0: #define EC_MIN_KEY_BITS 256 /* in bits */ andre@0: #endif andre@0: andre@0: /* EC point compression format */ andre@0: #define EC_POINT_FORM_COMPRESSED_Y0 0x02 andre@0: #define EC_POINT_FORM_COMPRESSED_Y1 0x03 andre@0: #define EC_POINT_FORM_UNCOMPRESSED 0x04 andre@0: #define EC_POINT_FORM_HYBRID_Y0 0x06 andre@0: #define EC_POINT_FORM_HYBRID_Y1 0x07 andre@0: andre@0: /* andre@0: * Number of bytes each hash algorithm produces andre@0: */ andre@0: #define MD2_LENGTH 16 /* Bytes */ andre@0: #define MD5_LENGTH 16 /* Bytes */ andre@0: #define SHA1_LENGTH 20 /* Bytes */ andre@0: #define SHA256_LENGTH 32 /* bytes */ andre@0: #define SHA384_LENGTH 48 /* bytes */ andre@0: #define SHA512_LENGTH 64 /* bytes */ andre@0: #define HASH_LENGTH_MAX SHA512_LENGTH andre@0: andre@0: /* andre@0: * Input block size for each hash algorithm. andre@0: */ andre@0: andre@0: #define MD2_BLOCK_LENGTH 64 /* bytes */ andre@0: #define MD5_BLOCK_LENGTH 64 /* bytes */ andre@0: #define SHA1_BLOCK_LENGTH 64 /* bytes */ andre@0: #define SHA224_BLOCK_LENGTH 64 /* bytes */ andre@0: #define SHA256_BLOCK_LENGTH 64 /* bytes */ andre@0: #define SHA384_BLOCK_LENGTH 128 /* bytes */ andre@0: #define SHA512_BLOCK_LENGTH 128 /* bytes */ andre@0: #define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH andre@0: andre@0: #define AES_KEY_WRAP_IV_BYTES 8 andre@0: #define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */ andre@0: #define AES_BLOCK_SIZE 16 /* bytes */ andre@0: andre@0: #define AES_128_KEY_LENGTH 16 /* bytes */ andre@0: #define AES_192_KEY_LENGTH 24 /* bytes */ andre@0: #define AES_256_KEY_LENGTH 32 /* bytes */ andre@0: andre@0: #define CAMELLIA_BLOCK_SIZE 16 /* bytes */ andre@0: andre@0: #define SEED_BLOCK_SIZE 16 /* bytes */ andre@0: #define SEED_KEY_LENGTH 16 /* bytes */ andre@0: andre@0: #define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048 andre@0: andre@0: /* andre@0: * These values come from the initial key size limits from the PKCS #11 andre@0: * module. They may be arbitrarily adjusted to any value freebl supports. andre@0: */ andre@0: #define RSA_MIN_MODULUS_BITS 128 andre@0: #define RSA_MAX_MODULUS_BITS 16384 andre@0: #define RSA_MAX_EXPONENT_BITS 64 andre@0: #define DH_MIN_P_BITS 128 andre@0: #define DH_MAX_P_BITS 16384 andre@0: andre@0: /* andre@0: * The FIPS 186-1 algorithm for generating primes P and Q allows only 9 andre@0: * distinct values for the length of P, and only one value for the andre@0: * length of Q. andre@0: * The algorithm uses a variable j to indicate which of the 9 lengths andre@0: * of P is to be used. andre@0: * The following table relates j to the lengths of P and Q in bits. andre@0: * andre@0: * j bits in P bits in Q andre@0: * _ _________ _________ andre@0: * 0 512 160 andre@0: * 1 576 160 andre@0: * 2 640 160 andre@0: * 3 704 160 andre@0: * 4 768 160 andre@0: * 5 832 160 andre@0: * 6 896 160 andre@0: * 7 960 160 andre@0: * 8 1024 160 andre@0: * andre@0: * The FIPS-186-1 compliant PQG generator takes j as an input parameter. andre@0: * andre@0: * FIPS 186-3 algorithm specifies 4 distinct P and Q sizes: andre@0: * andre@0: * bits in P bits in Q andre@0: * _________ _________ andre@0: * 1024 160 andre@0: * 2048 224 andre@0: * 2048 256 andre@0: * 3072 256 andre@0: * andre@0: * The FIPS-186-3 complaiant PQG generator (PQG V2) takes arbitrary p and q andre@0: * lengths as input and returns an error if they aren't in this list. andre@0: */ andre@0: andre@0: #define DSA1_Q_BITS 160 andre@0: #define DSA_MAX_P_BITS 3072 andre@0: #define DSA_MIN_P_BITS 512 andre@0: #define DSA_MAX_Q_BITS 256 andre@0: #define DSA_MIN_Q_BITS 160 andre@0: andre@0: #if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN*8 andre@0: #error "Inconsistent declaration of DSA SUBPRIME/Q parameters in blapit.h" andre@0: #endif andre@0: andre@0: andre@0: /* andre@0: * function takes desired number of bits in P, andre@0: * returns index (0..8) or -1 if number of bits is invalid. andre@0: */ andre@0: #define PQG_PBITS_TO_INDEX(bits) \ andre@0: (((bits) < 512 || (bits) > 1024 || (bits) % 64) ? \ andre@0: -1 : (int)((bits)-512)/64) andre@0: andre@0: /* andre@0: * function takes index (0-8) andre@0: * returns number of bits in P for that index, or -1 if index is invalid. andre@0: */ andre@0: #define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j))) andre@0: andre@0: andre@0: /*************************************************************************** andre@0: ** Opaque objects andre@0: */ andre@0: andre@0: struct DESContextStr ; andre@0: struct RC2ContextStr ; andre@0: struct RC4ContextStr ; andre@0: struct RC5ContextStr ; andre@0: struct AESContextStr ; andre@0: struct CamelliaContextStr ; andre@0: struct MD2ContextStr ; andre@0: struct MD5ContextStr ; andre@0: struct SHA1ContextStr ; andre@0: struct SHA256ContextStr ; andre@0: struct SHA512ContextStr ; andre@0: struct AESKeyWrapContextStr ; andre@0: struct SEEDContextStr ; andre@0: struct ChaCha20Poly1305ContextStr; andre@0: andre@0: typedef struct DESContextStr DESContext; andre@0: typedef struct RC2ContextStr RC2Context; andre@0: typedef struct RC4ContextStr RC4Context; andre@0: typedef struct RC5ContextStr RC5Context; andre@0: typedef struct AESContextStr AESContext; andre@0: typedef struct CamelliaContextStr CamelliaContext; andre@0: typedef struct MD2ContextStr MD2Context; andre@0: typedef struct MD5ContextStr MD5Context; andre@0: typedef struct SHA1ContextStr SHA1Context; andre@0: typedef struct SHA256ContextStr SHA256Context; andre@0: /* SHA224Context is really a SHA256ContextStr. This is not a mistake. */ andre@0: typedef struct SHA256ContextStr SHA224Context; andre@0: typedef struct SHA512ContextStr SHA512Context; andre@0: /* SHA384Context is really a SHA512ContextStr. This is not a mistake. */ andre@0: typedef struct SHA512ContextStr SHA384Context; andre@0: typedef struct AESKeyWrapContextStr AESKeyWrapContext; andre@0: typedef struct SEEDContextStr SEEDContext; andre@0: typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context; andre@0: andre@0: /*************************************************************************** andre@0: ** RSA Public and Private Key structures andre@0: */ andre@0: andre@0: /* member names from PKCS#1, section 7.1 */ andre@0: struct RSAPublicKeyStr { andre@0: PLArenaPool * arena; andre@0: SECItem modulus; andre@0: SECItem publicExponent; andre@0: }; andre@0: typedef struct RSAPublicKeyStr RSAPublicKey; andre@0: andre@0: /* member names from PKCS#1, section 7.2 */ andre@0: struct RSAPrivateKeyStr { andre@0: PLArenaPool * arena; andre@0: SECItem version; andre@0: SECItem modulus; andre@0: SECItem publicExponent; andre@0: SECItem privateExponent; andre@0: SECItem prime1; andre@0: SECItem prime2; andre@0: SECItem exponent1; andre@0: SECItem exponent2; andre@0: SECItem coefficient; andre@0: }; andre@0: typedef struct RSAPrivateKeyStr RSAPrivateKey; andre@0: andre@0: andre@0: /*************************************************************************** andre@0: ** DSA Public and Private Key and related structures andre@0: */ andre@0: andre@0: struct PQGParamsStr { andre@0: PLArenaPool *arena; andre@0: SECItem prime; /* p */ andre@0: SECItem subPrime; /* q */ andre@0: SECItem base; /* g */ andre@0: /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */ andre@0: }; andre@0: typedef struct PQGParamsStr PQGParams; andre@0: andre@0: struct PQGVerifyStr { andre@0: PLArenaPool * arena; /* includes this struct, seed, & h. */ andre@0: unsigned int counter; andre@0: SECItem seed; andre@0: SECItem h; andre@0: }; andre@0: typedef struct PQGVerifyStr PQGVerify; andre@0: andre@0: struct DSAPublicKeyStr { andre@0: PQGParams params; andre@0: SECItem publicValue; andre@0: }; andre@0: typedef struct DSAPublicKeyStr DSAPublicKey; andre@0: andre@0: struct DSAPrivateKeyStr { andre@0: PQGParams params; andre@0: SECItem publicValue; andre@0: SECItem privateValue; andre@0: }; andre@0: typedef struct DSAPrivateKeyStr DSAPrivateKey; andre@0: andre@0: /*************************************************************************** andre@0: ** Diffie-Hellman Public and Private Key and related structures andre@0: ** Structure member names suggested by PKCS#3. andre@0: */ andre@0: andre@0: struct DHParamsStr { andre@0: PLArenaPool * arena; andre@0: SECItem prime; /* p */ andre@0: SECItem base; /* g */ andre@0: }; andre@0: typedef struct DHParamsStr DHParams; andre@0: andre@0: struct DHPublicKeyStr { andre@0: PLArenaPool * arena; andre@0: SECItem prime; andre@0: SECItem base; andre@0: SECItem publicValue; andre@0: }; andre@0: typedef struct DHPublicKeyStr DHPublicKey; andre@0: andre@0: struct DHPrivateKeyStr { andre@0: PLArenaPool * arena; andre@0: SECItem prime; andre@0: SECItem base; andre@0: SECItem publicValue; andre@0: SECItem privateValue; andre@0: }; andre@0: typedef struct DHPrivateKeyStr DHPrivateKey; andre@0: andre@0: /*************************************************************************** andre@0: ** Data structures used for elliptic curve parameters and andre@0: ** public and private keys. andre@0: */ andre@0: andre@0: /* andre@0: ** The ECParams data structures can encode elliptic curve andre@0: ** parameters for both GFp and GF2m curves. andre@0: */ andre@0: andre@0: typedef enum { ec_params_explicit, andre@0: ec_params_named andre@0: } ECParamsType; andre@0: andre@0: typedef enum { ec_field_GFp = 1, andre@0: ec_field_GF2m andre@0: } ECFieldType; andre@0: andre@0: struct ECFieldIDStr { andre@0: int size; /* field size in bits */ andre@0: ECFieldType type; andre@0: union { andre@0: SECItem prime; /* prime p for (GFp) */ andre@0: SECItem poly; /* irreducible binary polynomial for (GF2m) */ andre@0: } u; andre@0: int k1; /* first coefficient of pentanomial or andre@0: * the only coefficient of trinomial andre@0: */ andre@0: int k2; /* two remaining coefficients of pentanomial */ andre@0: int k3; andre@0: }; andre@0: typedef struct ECFieldIDStr ECFieldID; andre@0: andre@0: struct ECCurveStr { andre@0: SECItem a; /* contains octet stream encoding of andre@0: * field element (X9.62 section 4.3.3) andre@0: */ andre@0: SECItem b; andre@0: SECItem seed; andre@0: }; andre@0: typedef struct ECCurveStr ECCurve; andre@0: andre@0: struct ECParamsStr { andre@0: PLArenaPool * arena; andre@0: ECParamsType type; andre@0: ECFieldID fieldID; andre@0: ECCurve curve; andre@0: SECItem base; andre@0: SECItem order; andre@0: int cofactor; andre@0: SECItem DEREncoding; andre@0: ECCurveName name; andre@0: SECItem curveOID; andre@0: }; andre@0: typedef struct ECParamsStr ECParams; andre@0: andre@0: struct ECPublicKeyStr { andre@0: ECParams ecParams; andre@0: SECItem publicValue; /* elliptic curve point encoded as andre@0: * octet stream. andre@0: */ andre@0: }; andre@0: typedef struct ECPublicKeyStr ECPublicKey; andre@0: andre@0: struct ECPrivateKeyStr { andre@0: ECParams ecParams; andre@0: SECItem publicValue; /* encoded ec point */ andre@0: SECItem privateValue; /* private big integer */ andre@0: SECItem version; /* As per SEC 1, Appendix C, Section C.4 */ andre@0: }; andre@0: typedef struct ECPrivateKeyStr ECPrivateKey; andre@0: andre@0: typedef void * (*BLapiAllocateFunc)(void); andre@0: typedef void (*BLapiDestroyContextFunc)(void *cx, PRBool freeit); andre@0: typedef SECStatus (*BLapiInitContextFunc)(void *cx, andre@0: const unsigned char *key, andre@0: unsigned int keylen, andre@0: const unsigned char *, andre@0: int, andre@0: unsigned int , andre@0: unsigned int ); andre@0: typedef SECStatus (*BLapiEncrypt)(void *cx, unsigned char *output, andre@0: unsigned int *outputLen, andre@0: unsigned int maxOutputLen, andre@0: const unsigned char *input, andre@0: unsigned int inputLen); andre@0: andre@0: #endif /* _BLAPIT_H_ */