1 /* 2 * crypto.h - public data structures and prototypes for the crypto library 3 * 4 * ***** BEGIN LICENSE BLOCK ***** 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 6 * 7 * The contents of this file are subject to the Mozilla Public License Version 8 * 1.1 (the "License"); you may not use this file except in compliance with 9 * the License. You may obtain a copy of the License at 10 * http://www.mozilla.org/MPL/ 11 * 12 * Software distributed under the License is distributed on an "AS IS" basis, 13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 14 * for the specific language governing rights and limitations under the 15 * License. 16 * 17 * The Original Code is the Netscape security libraries. 18 * 19 * The Initial Developer of the Original Code is 20 * Netscape Communications Corporation. 21 * Portions created by the Initial Developer are Copyright (C) 1994-2000 22 * the Initial Developer. All Rights Reserved. 23 * 24 * Contributor(s): 25 * Dr Vipul Gupta <vipul.gupta (at) sun.com>, Sun Microsystems Laboratories 26 * 27 * Alternatively, the contents of this file may be used under the terms of 28 * either the GNU General Public License Version 2 or later (the "GPL"), or 29 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 30 * in which case the provisions of the GPL or the LGPL are applicable instead 31 * of those above. If you wish to allow use of your version of this file only 32 * under the terms of either the GPL or the LGPL, and not to allow others to 33 * use your version of this file under the terms of the MPL, indicate your 34 * decision by deleting the provisions above and replace them with the notice 35 * and other provisions required by the GPL or the LGPL. If you do not delete 36 * the provisions above, a recipient may use your version of this file under 37 * the terms of any one of the MPL, the GPL or the LGPL. 38 * 39 * ***** END LICENSE BLOCK ***** */ 40 /* $Id: blapi.h,v 1.33 2009/03/29 03:45:32 wtc%google.com Exp $ */ 41 42 #ifndef _BLAPI_H_ 43 #define _BLAPI_H_ 44 45 #include "blapit.h" 46 #include "hasht.h" 47 #include "alghmac.h" 48 49 SEC_BEGIN_PROTOS 50 51 /* 52 ** RSA encryption/decryption. When encrypting/decrypting the output 53 ** buffer must be at least the size of the public key modulus. 54 */ 55 56 extern SECStatus BL_Init(void); 57 58 /* 59 ** Generate and return a new RSA public and private key. 60 ** Both keys are encoded in a single RSAPrivateKey structure. 61 ** "cx" is the random number generator context 62 ** "keySizeInBits" is the size of the key to be generated, in bits. 63 ** 512, 1024, etc. 64 ** "publicExponent" when not NULL is a pointer to some data that 65 ** represents the public exponent to use. The data is a byte 66 ** encoded integer, in "big endian" order. 67 */ 68 extern RSAPrivateKey *RSA_NewKey(int keySizeInBits, 69 SECItem * publicExponent); 70 71 /* 72 ** Perform a raw public-key operation 73 ** Length of input and output buffers are equal to key's modulus len. 74 */ 75 extern SECStatus RSA_PublicKeyOp(RSAPublicKey * key, 76 unsigned char * output, 77 const unsigned char * input); 78 79 /* 80 ** Perform a raw private-key operation 81 ** Length of input and output buffers are equal to key's modulus len. 82 */ 83 extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey * key, 84 unsigned char * output, 85 const unsigned char * input); 86 87 /* 88 ** Perform a raw private-key operation, and check the parameters used in 89 ** the operation for validity by performing a test operation first. 90 ** Length of input and output buffers are equal to key's modulus len. 91 */ 92 extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, 93 unsigned char * output, 94 const unsigned char * input); 95 96 /* 97 ** Perform a check of private key parameters for consistency. 98 */ 99 extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key); 100 101 102 /******************************************************************** 103 ** DSA signing algorithm 104 */ 105 106 /* 107 ** Generate and return a new DSA public and private key pair, 108 ** both of which are encoded into a single DSAPrivateKey struct. 109 ** "params" is a pointer to the PQG parameters for the domain 110 ** Uses a random seed. 111 */ 112 extern SECStatus DSA_NewKey(const PQGParams * params, 113 DSAPrivateKey ** privKey); 114 115 /* signature is caller-supplied buffer of at least 20 bytes. 116 ** On input, signature->len == size of buffer to hold signature. 117 ** digest->len == size of digest. 118 ** On output, signature->len == size of signature in buffer. 119 ** Uses a random seed. 120 */ 121 extern SECStatus DSA_SignDigest(DSAPrivateKey * key, 122 SECItem * signature, 123 const SECItem * digest); 124 125 /* signature is caller-supplied buffer of at least 20 bytes. 126 ** On input, signature->len == size of buffer to hold signature. 127 ** digest->len == size of digest. 128 */ 129 extern SECStatus DSA_VerifyDigest(DSAPublicKey * key, 130 const SECItem * signature, 131 const SECItem * digest); 132 133 /* For FIPS compliance testing. Seed must be exactly 20 bytes long */ 134 extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params, 135 const unsigned char * seed, 136 DSAPrivateKey **privKey); 137 138 /* For FIPS compliance testing. Seed must be exactly 20 bytes. */ 139 extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey * key, 140 SECItem * signature, 141 const SECItem * digest, 142 const unsigned char * seed); 143 144 /****************************************************** 145 ** Diffie Helman key exchange algorithm 146 */ 147 148 /* Generates parameters for Diffie-Helman key generation. 149 ** primeLen is the length in bytes of prime P to be generated. 150 */ 151 extern SECStatus DH_GenParam(int primeLen, DHParams ** params); 152 153 /* Generates a public and private key, both of which are encoded in a single 154 ** DHPrivateKey struct. Params is input, privKey are output. 155 ** This is Phase 1 of Diffie Hellman. 156 */ 157 extern SECStatus DH_NewKey(DHParams * params, 158 DHPrivateKey ** privKey); 159 160 /* 161 ** DH_Derive does the Diffie-Hellman phase 2 calculation, using the 162 ** other party's publicValue, and the prime and our privateValue. 163 ** maxOutBytes is the requested length of the generated secret in bytes. 164 ** A zero value means produce a value of any length up to the size of 165 ** the prime. If successful, derivedSecret->data is set 166 ** to the address of the newly allocated buffer containing the derived 167 ** secret, and derivedSecret->len is the size of the secret produced. 168 ** The size of the secret produced will never be larger than the length 169 ** of the prime, and it may be smaller than maxOutBytes. 170 ** It is the caller's responsibility to free the allocated buffer 171 ** containing the derived secret. 172 */ 173 extern SECStatus DH_Derive(SECItem * publicValue, 174 SECItem * prime, 175 SECItem * privateValue, 176 SECItem * derivedSecret, 177 unsigned int maxOutBytes); 178 179 /* 180 ** KEA_CalcKey returns octet string with the private key for a dual 181 ** Diffie-Helman key generation as specified for government key exchange. 182 */ 183 extern SECStatus KEA_Derive(SECItem *prime, 184 SECItem *public1, 185 SECItem *public2, 186 SECItem *private1, 187 SECItem *private2, 188 SECItem *derivedSecret); 189 190 /* 191 * verify that a KEA or DSA public key is a valid key for this prime and 192 * subprime domain. 193 */ 194 extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime); 195 196 /****************************************************** 197 ** Elliptic Curve algorithms 198 */ 199 200 /* Generates a public and private key, both of which are encoded 201 ** in a single ECPrivateKey struct. Params is input, privKey are 202 ** output. 203 */ 204 extern SECStatus EC_NewKey(ECParams * params, 205 ECPrivateKey ** privKey); 206 207 extern SECStatus EC_NewKeyFromSeed(ECParams * params, 208 ECPrivateKey ** privKey, 209 const unsigned char* seed, 210 int seedlen); 211 212 /* Validates an EC public key as described in Section 5.2.2 of 213 * X9.62. Such validation prevents against small subgroup attacks 214 * when the ECDH primitive is used with the cofactor. 215 */ 216 extern SECStatus EC_ValidatePublicKey(ECParams * params, 217 SECItem * publicValue); 218 219 /* 220 ** ECDH_Derive performs a scalar point multiplication of a point 221 ** representing a (peer's) public key and a large integer representing 222 ** a private key (its own). Both keys must use the same elliptic curve 223 ** parameters. If the withCofactor parameter is true, the 224 ** multiplication also uses the cofactor associated with the curve 225 ** parameters. The output of this scheme is the x-coordinate of the 226 ** resulting point. If successful, derivedSecret->data is set to the 227 ** address of the newly allocated buffer containing the derived 228 ** secret, and derivedSecret->len is the size of the secret 229 ** produced. It is the caller's responsibility to free the allocated 230 ** buffer containing the derived secret. 231 */ 232 extern SECStatus ECDH_Derive(SECItem * publicValue, 233 ECParams * params, 234 SECItem * privateValue, 235 PRBool withCofactor, 236 SECItem * derivedSecret); 237 238 /* On input, signature->len == size of buffer to hold signature. 239 ** digest->len == size of digest. 240 ** On output, signature->len == size of signature in buffer. 241 ** Uses a random seed. 242 */ 243 extern SECStatus ECDSA_SignDigest(ECPrivateKey *key, 244 SECItem *signature, 245 const SECItem *digest); 246 247 /* On input, signature->len == size of buffer to hold signature. 248 ** digest->len == size of digest. 249 */ 250 extern SECStatus ECDSA_VerifyDigest(ECPublicKey *key, 251 const SECItem *signature, 252 const SECItem *digest); 253 254 /* Uses the provided seed. */ 255 extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey *key, 256 SECItem *signature, 257 const SECItem *digest, 258 const unsigned char *seed, 259 const int seedlen); 260 261 /******************************************/ 262 /* 263 ** RC4 symmetric stream cypher 264 */ 265 266 /* 267 ** Create a new RC4 context suitable for RC4 encryption/decryption. 268 ** "key" raw key data 269 ** "len" the number of bytes of key data 270 */ 271 extern RC4Context *RC4_CreateContext(const unsigned char *key, int len); 272 273 extern RC4Context *RC4_AllocateContext(void); 274 extern SECStatus RC4_InitContext(RC4Context *cx, 275 const unsigned char *key, 276 unsigned int keylen, 277 const unsigned char *, 278 int, 279 unsigned int , 280 unsigned int ); 281 282 /* 283 ** Destroy an RC4 encryption/decryption context. 284 ** "cx" the context 285 ** "freeit" if PR_TRUE then free the object as well as its sub-objects 286 */ 287 extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit); 288 289 /* 290 ** Perform RC4 encryption. 291 ** "cx" the context 292 ** "output" the output buffer to store the encrypted data. 293 ** "outputLen" how much data is stored in "output". Set by the routine 294 ** after some data is stored in output. 295 ** "maxOutputLen" the maximum amount of data that can ever be 296 ** stored in "output" 297 ** "input" the input data 298 ** "inputLen" the amount of input data 299 */ 300 extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output, 301 unsigned int *outputLen, unsigned int maxOutputLen, 302 const unsigned char *input, unsigned int inputLen); 303 304 /* 305 ** Perform RC4 decryption. 306 ** "cx" the context 307 ** "output" the output buffer to store the decrypted data. 308 ** "outputLen" how much data is stored in "output". Set by the routine 309 ** after some data is stored in output. 310 ** "maxOutputLen" the maximum amount of data that can ever be 311 ** stored in "output" 312 ** "input" the input data 313 ** "inputLen" the amount of input data 314 */ 315 extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output, 316 unsigned int *outputLen, unsigned int maxOutputLen, 317 const unsigned char *input, unsigned int inputLen); 318 319 /******************************************/ 320 /* 321 ** RC2 symmetric block cypher 322 */ 323 324 /* 325 ** Create a new RC2 context suitable for RC2 encryption/decryption. 326 ** "key" raw key data 327 ** "len" the number of bytes of key data 328 ** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC) 329 ** "mode" one of NSS_RC2 or NSS_RC2_CBC 330 ** "effectiveKeyLen" is the effective key length (as specified in 331 ** RFC 2268) in bytes (not bits). 332 ** 333 ** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block 334 ** chaining" mode. 335 */ 336 extern RC2Context *RC2_CreateContext(const unsigned char *key, unsigned int len, 337 const unsigned char *iv, int mode, 338 unsigned effectiveKeyLen); 339 extern RC2Context *RC2_AllocateContext(void); 340 extern SECStatus RC2_InitContext(RC2Context *cx, 341 const unsigned char *key, 342 unsigned int keylen, 343 const unsigned char *iv, 344 int mode, 345 unsigned int effectiveKeyLen, 346 unsigned int ); 347 348 /* 349 ** Destroy an RC2 encryption/decryption context. 350 ** "cx" the context 351 ** "freeit" if PR_TRUE then free the object as well as its sub-objects 352 */ 353 extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit); 354 355 /* 356 ** Perform RC2 encryption. 357 ** "cx" the context 358 ** "output" the output buffer to store the encrypted data. 359 ** "outputLen" how much data is stored in "output". Set by the routine 360 ** after some data is stored in output. 361 ** "maxOutputLen" the maximum amount of data that can ever be 362 ** stored in "output" 363 ** "input" the input data 364 ** "inputLen" the amount of input data 365 */ 366 extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output, 367 unsigned int *outputLen, unsigned int maxOutputLen, 368 const unsigned char *input, unsigned int inputLen); 369 370 /* 371 ** Perform RC2 decryption. 372 ** "cx" the context 373 ** "output" the output buffer to store the decrypted data. 374 ** "outputLen" how much data is stored in "output". Set by the routine 375 ** after some data is stored in output. 376 ** "maxOutputLen" the maximum amount of data that can ever be 377 ** stored in "output" 378 ** "input" the input data 379 ** "inputLen" the amount of input data 380 */ 381 extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output, 382 unsigned int *outputLen, unsigned int maxOutputLen, 383 const unsigned char *input, unsigned int inputLen); 384 385 /******************************************/ 386 /* 387 ** RC5 symmetric block cypher -- 64-bit block size 388 */ 389 390 /* 391 ** Create a new RC5 context suitable for RC5 encryption/decryption. 392 ** "key" raw key data 393 ** "len" the number of bytes of key data 394 ** "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC) 395 ** "mode" one of NSS_RC5 or NSS_RC5_CBC 396 ** 397 ** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block 398 ** chaining" mode. 399 */ 400 extern RC5Context *RC5_CreateContext(const SECItem *key, unsigned int rounds, 401 unsigned int wordSize, const unsigned char *iv, int mode); 402 extern RC5Context *RC5_AllocateContext(void); 403 extern SECStatus RC5_InitContext(RC5Context *cx, 404 const unsigned char *key, 405 unsigned int keylen, 406 const unsigned char *iv, 407 int mode, 408 unsigned int rounds, 409 unsigned int wordSize); 410 411 /* 412 ** Destroy an RC5 encryption/decryption context. 413 ** "cx" the context 414 ** "freeit" if PR_TRUE then free the object as well as its sub-objects 415 */ 416 extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit); 417 418 /* 419 ** Perform RC5 encryption. 420 ** "cx" the context 421 ** "output" the output buffer to store the encrypted data. 422 ** "outputLen" how much data is stored in "output". Set by the routine 423 ** after some data is stored in output. 424 ** "maxOutputLen" the maximum amount of data that can ever be 425 ** stored in "output" 426 ** "input" the input data 427 ** "inputLen" the amount of input data 428 */ 429 extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output, 430 unsigned int *outputLen, unsigned int maxOutputLen, 431 const unsigned char *input, unsigned int inputLen); 432 433 /* 434 ** Perform RC5 decryption. 435 ** "cx" the context 436 ** "output" the output buffer to store the decrypted data. 437 ** "outputLen" how much data is stored in "output". Set by the routine 438 ** after some data is stored in output. 439 ** "maxOutputLen" the maximum amount of data that can ever be 440 ** stored in "output" 441 ** "input" the input data 442 ** "inputLen" the amount of input data 443 */ 444 445 extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output, 446 unsigned int *outputLen, unsigned int maxOutputLen, 447 const unsigned char *input, unsigned int inputLen); 448 449 450 451 /******************************************/ 452 /* 453 ** DES symmetric block cypher 454 */ 455 456 /* 457 ** Create a new DES context suitable for DES encryption/decryption. 458 ** "key" raw key data 459 ** "len" the number of bytes of key data 460 ** "iv" is the CBC initialization vector (if mode is NSS_DES_CBC or 461 ** mode is DES_EDE3_CBC) 462 ** "mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC 463 ** "encrypt" is PR_TRUE if the context will be used for encryption 464 ** 465 ** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES 466 ** cipher is run in "cipher block chaining" mode. 467 */ 468 extern DESContext *DES_CreateContext(const unsigned char *key, 469 const unsigned char *iv, 470 int mode, PRBool encrypt); 471 extern DESContext *DES_AllocateContext(void); 472 extern SECStatus DES_InitContext(DESContext *cx, 473 const unsigned char *key, 474 unsigned int keylen, 475 const unsigned char *iv, 476 int mode, 477 unsigned int encrypt, 478 unsigned int ); 479 480 /* 481 ** Destroy an DES encryption/decryption context. 482 ** "cx" the context 483 ** "freeit" if PR_TRUE then free the object as well as its sub-objects 484 */ 485 extern void DES_DestroyContext(DESContext *cx, PRBool freeit); 486 487 /* 488 ** Perform DES encryption. 489 ** "cx" the context 490 ** "output" the output buffer to store the encrypted data. 491 ** "outputLen" how much data is stored in "output". Set by the routine 492 ** after some data is stored in output. 493 ** "maxOutputLen" the maximum amount of data that can ever be 494 ** stored in "output" 495 ** "input" the input data 496 ** "inputLen" the amount of input data 497 ** 498 ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH 499 */ 500 extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output, 501 unsigned int *outputLen, unsigned int maxOutputLen, 502 const unsigned char *input, unsigned int inputLen); 503 504 /* 505 ** Perform DES decryption. 506 ** "cx" the context 507 ** "output" the output buffer to store the decrypted data. 508 ** "outputLen" how much data is stored in "output". Set by the routine 509 ** after some data is stored in output. 510 ** "maxOutputLen" the maximum amount of data that can ever be 511 ** stored in "output" 512 ** "input" the input data 513 ** "inputLen" the amount of input data 514 ** 515 ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH 516 */ 517 extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output, 518 unsigned int *outputLen, unsigned int maxOutputLen, 519 const unsigned char *input, unsigned int inputLen); 520 521 /******************************************/ 522 /* 523 ** SEED symmetric block cypher 524 */ 525 extern SEEDContext * 526 SEED_CreateContext(const unsigned char *key, const unsigned char *iv, 527 int mode, PRBool encrypt); 528 extern SEEDContext *SEED_AllocateContext(void); 529 extern SECStatus SEED_InitContext(SEEDContext *cx, 530 const unsigned char *key, 531 unsigned int keylen, 532 const unsigned char *iv, 533 int mode, unsigned int encrypt, 534 unsigned int ); 535 extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit); 536 extern SECStatus 537 SEED_Encrypt(SEEDContext *cx, unsigned char *output, 538 unsigned int *outputLen, unsigned int maxOutputLen, 539 const unsigned char *input, unsigned int inputLen); 540 extern SECStatus 541 SEED_Decrypt(SEEDContext *cx, unsigned char *output, 542 unsigned int *outputLen, unsigned int maxOutputLen, 543 const unsigned char *input, unsigned int inputLen); 544 545 /******************************************/ 546 /* 547 ** AES symmetric block cypher (Rijndael) 548 */ 549 550 /* 551 ** Create a new AES context suitable for AES encryption/decryption. 552 ** "key" raw key data 553 ** "keylen" the number of bytes of key data (16, 24, or 32) 554 ** "blocklen" is the blocksize to use (16, 24, or 32) 555 ** XXX currently only blocksize==16 has been tested! 556 */ 557 extern AESContext * 558 AES_CreateContext(const unsigned char *key, const unsigned char *iv, 559 int mode, int encrypt, 560 unsigned int keylen, unsigned int blocklen); 561 extern AESContext *AES_AllocateContext(void); 562 extern SECStatus AES_InitContext(AESContext *cx, 563 const unsigned char *key, 564 unsigned int keylen, 565 const unsigned char *iv, 566 int mode, 567 unsigned int encrypt, 568 unsigned int blocklen); 569 570 /* 571 ** Destroy a AES encryption/decryption context. 572 ** "cx" the context 573 ** "freeit" if PR_TRUE then free the object as well as its sub-objects 574 */ 575 extern void 576 AES_DestroyContext(AESContext *cx, PRBool freeit); 577 578 /* 579 ** Perform AES encryption. 580 ** "cx" the context 581 ** "output" the output buffer to store the encrypted data. 582 ** "outputLen" how much data is stored in "output". Set by the routine 583 ** after some data is stored in output. 584 ** "maxOutputLen" the maximum amount of data that can ever be 585 ** stored in "output" 586 ** "input" the input data 587 ** "inputLen" the amount of input data 588 */ 589 extern SECStatus 590 AES_Encrypt(AESContext *cx, unsigned char *output, 591 unsigned int *outputLen, unsigned int maxOutputLen, 592 const unsigned char *input, unsigned int inputLen); 593 594 /* 595 ** Perform AES decryption. 596 ** "cx" the context 597 ** "output" the output buffer to store the decrypted data. 598 ** "outputLen" how much data is stored in "output". Set by the routine 599 ** after some data is stored in output. 600 ** "maxOutputLen" the maximum amount of data that can ever be 601 ** stored in "output" 602 ** "input" the input data 603 ** "inputLen" the amount of input data 604 */ 605 extern SECStatus 606 AES_Decrypt(AESContext *cx, unsigned char *output, 607 unsigned int *outputLen, unsigned int maxOutputLen, 608 const unsigned char *input, unsigned int inputLen); 609 610 /******************************************/ 611 /* 612 ** AES key wrap algorithm, RFC 3394 613 */ 614 615 /* 616 ** Create a new AES context suitable for AES encryption/decryption. 617 ** "key" raw key data 618 ** "iv" The 8 byte "initial value" 619 ** "encrypt", a boolean, true for key wrapping, false for unwrapping. 620 ** "keylen" the number of bytes of key data (16, 24, or 32) 621 */ 622 extern AESKeyWrapContext * 623 AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv, 624 int encrypt, unsigned int keylen); 625 extern AESKeyWrapContext * AESKeyWrap_AllocateContext(void); 626 extern SECStatus 627 AESKeyWrap_InitContext(AESKeyWrapContext *cx, 628 const unsigned char *key, 629 unsigned int keylen, 630 const unsigned char *iv, 631 int , 632 unsigned int encrypt, 633 unsigned int ); 634 635 /* 636 ** Destroy a AES KeyWrap context. 637 ** "cx" the context 638 ** "freeit" if PR_TRUE then free the object as well as its sub-objects 639 */ 640 extern void 641 AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit); 642 643 /* 644 ** Perform AES key wrap. 645 ** "cx" the context 646 ** "output" the output buffer to store the encrypted data. 647 ** "outputLen" how much data is stored in "output". Set by the routine 648 ** after some data is stored in output. 649 ** "maxOutputLen" the maximum amount of data that can ever be 650 ** stored in "output" 651 ** "input" the input data 652 ** "inputLen" the amount of input data 653 */ 654 extern SECStatus 655 AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output, 656 unsigned int *outputLen, unsigned int maxOutputLen, 657 const unsigned char *input, unsigned int inputLen); 658 659 /* 660 ** Perform AES key unwrap. 661 ** "cx" the context 662 ** "output" the output buffer to store the decrypted data. 663 ** "outputLen" how much data is stored in "output". Set by the routine 664 ** after some data is stored in output. 665 ** "maxOutputLen" the maximum amount of data that can ever be 666 ** stored in "output" 667 ** "input" the input data 668 ** "inputLen" the amount of input data 669 */ 670 extern SECStatus 671 AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output, 672 unsigned int *outputLen, unsigned int maxOutputLen, 673 const unsigned char *input, unsigned int inputLen); 674 675 /******************************************/ 676 /* 677 ** Camellia symmetric block cypher 678 */ 679 680 /* 681 ** Create a new Camellia context suitable for Camellia encryption/decryption. 682 ** "key" raw key data 683 ** "keylen" the number of bytes of key data (16, 24, or 32) 684 */ 685 extern CamelliaContext * 686 Camellia_CreateContext(const unsigned char *key, const unsigned char *iv, 687 int mode, int encrypt, unsigned int keylen); 688 689 extern CamelliaContext *Camellia_AllocateContext(void); 690 extern SECStatus Camellia_InitContext(CamelliaContext *cx, 691 const unsigned char *key, 692 unsigned int keylen, 693 const unsigned char *iv, 694 int mode, 695 unsigned int encrypt, 696 unsigned int unused); 697 /* 698 ** Destroy a Camellia encryption/decryption context. 699 ** "cx" the context 700 ** "freeit" if PR_TRUE then free the object as well as its sub-objects 701 */ 702 extern void 703 Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit); 704 705 /* 706 ** Perform Camellia encryption. 707 ** "cx" the context 708 ** "output" the output buffer to store the encrypted data. 709 ** "outputLen" how much data is stored in "output". Set by the routine 710 ** after some data is stored in output. 711 ** "maxOutputLen" the maximum amount of data that can ever be 712 ** stored in "output" 713 ** "input" the input data 714 ** "inputLen" the amount of input data 715 */ 716 extern SECStatus 717 Camellia_Encrypt(CamelliaContext *cx, unsigned char *output, 718 unsigned int *outputLen, unsigned int maxOutputLen, 719 const unsigned char *input, unsigned int inputLen); 720 721 /* 722 ** Perform Camellia decryption. 723 ** "cx" the context 724 ** "output" the output buffer to store the decrypted data. 725 ** "outputLen" how much data is stored in "output". Set by the routine 726 ** after some data is stored in output. 727 ** "maxOutputLen" the maximum amount of data that can ever be 728 ** stored in "output" 729 ** "input" the input data 730 ** "inputLen" the amount of input data 731 */ 732 extern SECStatus 733 Camellia_Decrypt(CamelliaContext *cx, unsigned char *output, 734 unsigned int *outputLen, unsigned int maxOutputLen, 735 const unsigned char *input, unsigned int inputLen); 736 737 738 /******************************************/ 739 /* 740 ** MD5 secure hash function 741 */ 742 743 /* 744 ** Hash a null terminated string "src" into "dest" using MD5 745 */ 746 extern SECStatus MD5_Hash(unsigned char *dest, const char *src); 747 748 /* 749 ** Hash a non-null terminated string "src" into "dest" using MD5 750 */ 751 extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src, 752 uint32 src_length); 753 754 /* 755 ** Create a new MD5 context 756 */ 757 extern MD5Context *MD5_NewContext(void); 758 759 760 /* 761 ** Destroy an MD5 secure hash context. 762 ** "cx" the context 763 ** "freeit" if PR_TRUE then free the object as well as its sub-objects 764 */ 765 extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit); 766 767 /* 768 ** Reset an MD5 context, preparing it for a fresh round of hashing 769 */ 770 extern void MD5_Begin(MD5Context *cx); 771 772 /* 773 ** Update the MD5 hash function with more data. 774 ** "cx" the context 775 ** "input" the data to hash 776 ** "inputLen" the amount of data to hash 777 */ 778 extern void MD5_Update(MD5Context *cx, 779 const unsigned char *input, unsigned int inputLen); 780 781 /* 782 ** Finish the MD5 hash function. Produce the digested results in "digest" 783 ** "cx" the context 784 ** "digest" where the 16 bytes of digest data are stored 785 ** "digestLen" where the digest length (16) is stored 786 ** "maxDigestLen" the maximum amount of data that can ever be 787 ** stored in "digest" 788 */ 789 extern void MD5_End(MD5Context *cx, unsigned char *digest, 790 unsigned int *digestLen, unsigned int maxDigestLen); 791 792 /* 793 * Return the the size of a buffer needed to flatten the MD5 Context into 794 * "cx" the context 795 * returns size; 796 */ 797 extern unsigned int MD5_FlattenSize(MD5Context *cx); 798 799 /* 800 * Flatten the MD5 Context into a buffer: 801 * "cx" the context 802 * "space" the buffer to flatten to 803 * returns status; 804 */ 805 extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space); 806 807 /* 808 * Resurrect a flattened context into a MD5 Context 809 * "space" the buffer of the flattend buffer 810 * "arg" ptr to void used by cryptographic resurrect 811 * returns resurected context; 812 */ 813 extern MD5Context * MD5_Resurrect(unsigned char *space, void *arg); 814 extern void MD5_Clone(MD5Context *dest, MD5Context *src); 815 816 /* 817 ** trace the intermediate state info of the MD5 hash. 818 */ 819 extern void MD5_TraceState(MD5Context *cx); 820 821 822 /******************************************/ 823 /* 824 ** MD2 secure hash function 825 */ 826 827 /* 828 ** Hash a null terminated string "src" into "dest" using MD2 829 */ 830 extern SECStatus MD2_Hash(unsigned char *dest, const char *src); 831 832 /* 833 ** Create a new MD2 context 834 */ 835 extern MD2Context *MD2_NewContext(void); 836 837 838 /* 839 ** Destroy an MD2 secure hash context. 840 ** "cx" the context 841 ** "freeit" if PR_TRUE then free the object as well as its sub-objects 842 */ 843 extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit); 844 845 /* 846 ** Reset an MD2 context, preparing it for a fresh round of hashing 847 */ 848 extern void MD2_Begin(MD2Context *cx); 849 850 /* 851 ** Update the MD2 hash function with more data. 852 ** "cx" the context 853 ** "input" the data to hash 854 ** "inputLen" the amount of data to hash 855 */ 856 extern void MD2_Update(MD2Context *cx, 857 const unsigned char *input, unsigned int inputLen); 858 859 /* 860 ** Finish the MD2 hash function. Produce the digested results in "digest" 861 ** "cx" the context 862 ** "digest" where the 16 bytes of digest data are stored 863 ** "digestLen" where the digest length (16) is stored 864 ** "maxDigestLen" the maximum amount of data that can ever be 865 ** stored in "digest" 866 */ 867 extern void MD2_End(MD2Context *cx, unsigned char *digest, 868 unsigned int *digestLen, unsigned int maxDigestLen); 869 870 /* 871 * Return the the size of a buffer needed to flatten the MD2 Context into 872 * "cx" the context 873 * returns size; 874 */ 875 extern unsigned int MD2_FlattenSize(MD2Context *cx); 876 877 /* 878 * Flatten the MD2 Context into a buffer: 879 * "cx" the context 880 * "space" the buffer to flatten to 881 * returns status; 882 */ 883 extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space); 884 885 /* 886 * Resurrect a flattened context into a MD2 Context 887 * "space" the buffer of the flattend buffer 888 * "arg" ptr to void used by cryptographic resurrect 889 * returns resurected context; 890 */ 891 extern MD2Context * MD2_Resurrect(unsigned char *space, void *arg); 892 extern void MD2_Clone(MD2Context *dest, MD2Context *src); 893 894 /******************************************/ 895 /* 896 ** SHA-1 secure hash function 897 */ 898 899 /* 900 ** Hash a null terminated string "src" into "dest" using SHA-1 901 */ 902 extern SECStatus SHA1_Hash(unsigned char *dest, const char *src); 903 904 /* 905 ** Hash a non-null terminated string "src" into "dest" using SHA-1 906 */ 907 extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src, 908 uint32 src_length); 909 910 /* 911 ** Create a new SHA-1 context 912 */ 913 extern SHA1Context *SHA1_NewContext(void); 914 915 916 /* 917 ** Destroy a SHA-1 secure hash context. 918 ** "cx" the context 919 ** "freeit" if PR_TRUE then free the object as well as its sub-objects 920 */ 921 extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit); 922 923 /* 924 ** Reset a SHA-1 context, preparing it for a fresh round of hashing 925 */ 926 extern void SHA1_Begin(SHA1Context *cx); 927 928 /* 929 ** Update the SHA-1 hash function with more data. 930 ** "cx" the context 931 ** "input" the data to hash 932 ** "inputLen" the amount of data to hash 933 */ 934 extern void SHA1_Update(SHA1Context *cx, const unsigned char *input, 935 unsigned int inputLen); 936 937 /* 938 ** Finish the SHA-1 hash function. Produce the digested results in "digest" 939 ** "cx" the context 940 ** "digest" where the 16 bytes of digest data are stored 941 ** "digestLen" where the digest length (20) is stored 942 ** "maxDigestLen" the maximum amount of data that can ever be 943 ** stored in "digest" 944 */ 945 extern void SHA1_End(SHA1Context *cx, unsigned char *digest, 946 unsigned int *digestLen, unsigned int maxDigestLen); 947 948 /* 949 ** trace the intermediate state info of the SHA1 hash. 950 */ 951 extern void SHA1_TraceState(SHA1Context *cx); 952 953 /* 954 * Return the the size of a buffer needed to flatten the SHA-1 Context into 955 * "cx" the context 956 * returns size; 957 */ 958 extern unsigned int SHA1_FlattenSize(SHA1Context *cx); 959 960 /* 961 * Flatten the SHA-1 Context into a buffer: 962 * "cx" the context 963 * "space" the buffer to flatten to 964 * returns status; 965 */ 966 extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space); 967 968 /* 969 * Resurrect a flattened context into a SHA-1 Context 970 * "space" the buffer of the flattend buffer 971 * "arg" ptr to void used by cryptographic resurrect 972 * returns resurected context; 973 */ 974 extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg); 975 extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src); 976 977 /******************************************/ 978 979 extern SHA256Context *SHA256_NewContext(void); 980 extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit); 981 extern void SHA256_Begin(SHA256Context *cx); 982 extern void SHA256_Update(SHA256Context *cx, const unsigned char *input, 983 unsigned int inputLen); 984 extern void SHA256_End(SHA256Context *cx, unsigned char *digest, 985 unsigned int *digestLen, unsigned int maxDigestLen); 986 extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src, 987 uint32 src_length); 988 extern SECStatus SHA256_Hash(unsigned char *dest, const char *src); 989 extern void SHA256_TraceState(SHA256Context *cx); 990 extern unsigned int SHA256_FlattenSize(SHA256Context *cx); 991 extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space); 992 extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg); 993 extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src); 994 995 /******************************************/ 996 997 extern SHA512Context *SHA512_NewContext(void); 998 extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit); 999 extern void SHA512_Begin(SHA512Context *cx); 1000 extern void SHA512_Update(SHA512Context *cx, const unsigned char *input, 1001 unsigned int inputLen); 1002 extern void SHA512_End(SHA512Context *cx, unsigned char *digest, 1003 unsigned int *digestLen, unsigned int maxDigestLen); 1004 extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src, 1005 uint32 src_length); 1006 extern SECStatus SHA512_Hash(unsigned char *dest, const char *src); 1007 extern void SHA512_TraceState(SHA512Context *cx); 1008 extern unsigned int SHA512_FlattenSize(SHA512Context *cx); 1009 extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space); 1010 extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg); 1011 extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src); 1012 1013 /******************************************/ 1014 1015 extern SHA384Context *SHA384_NewContext(void); 1016 extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit); 1017 extern void SHA384_Begin(SHA384Context *cx); 1018 extern void SHA384_Update(SHA384Context *cx, const unsigned char *input, 1019 unsigned int inputLen); 1020 extern void SHA384_End(SHA384Context *cx, unsigned char *digest, 1021 unsigned int *digestLen, unsigned int maxDigestLen); 1022 extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src, 1023 uint32 src_length); 1024 extern SECStatus SHA384_Hash(unsigned char *dest, const char *src); 1025 extern void SHA384_TraceState(SHA384Context *cx); 1026 extern unsigned int SHA384_FlattenSize(SHA384Context *cx); 1027 extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space); 1028 extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg); 1029 extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src); 1030 1031 /**************************************** 1032 * implement TLS Pseudo Random Function (PRF) 1033 */ 1034 1035 extern SECStatus 1036 TLS_PRF(const SECItem *secret, const char *label, SECItem *seed, 1037 SECItem *result, PRBool isFIPS); 1038 1039 /******************************************/ 1040 /* 1041 ** Pseudo Random Number Generation. FIPS compliance desirable. 1042 */ 1043 1044 /* 1045 ** Initialize the global RNG context and give it some seed input taken 1046 ** from the system. This function is thread-safe and will only allow 1047 ** the global context to be initialized once. The seed input is likely 1048 ** small, so it is imperative that RNG_RandomUpdate() be called with 1049 ** additional seed data before the generator is used. A good way to 1050 ** provide the generator with additional entropy is to call 1051 ** RNG_SystemInfoForRNG(). Note that NSS_Init() does exactly that. 1052 */ 1053 extern SECStatus RNG_RNGInit(void); 1054 1055 /* 1056 ** Update the global random number generator with more seeding 1057 ** material 1058 */ 1059 extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes); 1060 1061 /* 1062 ** Generate some random bytes, using the global random number generator 1063 ** object. 1064 */ 1065 extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len); 1066 1067 /* Destroy the global RNG context. After a call to RNG_RNGShutdown() 1068 ** a call to RNG_RNGInit() is required in order to use the generator again, 1069 ** along with seed data (see the comment above RNG_RNGInit()). 1070 */ 1071 extern void RNG_RNGShutdown(void); 1072 1073 extern void RNG_SystemInfoForRNG(void); 1074 1075 /* 1076 * FIPS 186-2 Change Notice 1 RNG Algorithm 1, used both to 1077 * generate the DSA X parameter and as a generic purpose RNG. 1078 * 1079 * The following two FIPS186Change functions are needed for 1080 * NIST RNG Validation System. 1081 */ 1082 1083 /* 1084 * FIPS186Change_GenerateX is now deprecated. It will return SECFailure with 1085 * the error set to PR_NOT_IMPLEMENTED_ERROR. 1086 */ 1087 extern SECStatus 1088 FIPS186Change_GenerateX(unsigned char *XKEY, 1089 const unsigned char *XSEEDj, 1090 unsigned char *x_j); 1091 1092 /* 1093 * When generating the DSA X parameter, we generate 2*GSIZE bytes 1094 * of random output and reduce it mod q. 1095 * 1096 * Input: w, 2*GSIZE bytes 1097 * q, DSA_SUBPRIME_LEN bytes 1098 * Output: xj, DSA_SUBPRIME_LEN bytes 1099 */ 1100 extern SECStatus 1101 FIPS186Change_ReduceModQForDSA(const unsigned char *w, 1102 const unsigned char *q, 1103 unsigned char *xj); 1104 1105 /* 1106 * The following functions are for FIPS poweron self test and FIPS algorithm 1107 * testing. 1108 */ 1109 extern SECStatus 1110 PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len, 1111 const PRUint8 *nonce, unsigned int nonce_len, 1112 const PRUint8 *personal_string, unsigned int ps_len); 1113 1114 extern SECStatus 1115 PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len, 1116 const PRUint8 *additional, unsigned int additional_len); 1117 1118 extern SECStatus 1119 PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len, 1120 const PRUint8 *additional, unsigned int additional_len); 1121 1122 extern SECStatus 1123 PRNGTEST_Uninstantiate(void); 1124 1125 1126 /* Generate PQGParams and PQGVerify structs. 1127 * Length of seed and length of h both equal length of P. 1128 * All lengths are specified by "j", according to the table above. 1129 */ 1130 extern SECStatus 1131 PQG_ParamGen(unsigned int j, /* input : determines length of P. */ 1132 PQGParams **pParams, /* output: P Q and G returned here */ 1133 PQGVerify **pVfy); /* output: counter and seed. */ 1134 1135 /* Generate PQGParams and PQGVerify structs. 1136 * Length of P specified by j. Length of h will match length of P. 1137 * Length of SEED in bytes specified in seedBytes. 1138 * seedBbytes must be in the range [20..255] or an error will result. 1139 */ 1140 extern SECStatus 1141 PQG_ParamGenSeedLen( 1142 unsigned int j, /* input : determines length of P. */ 1143 unsigned int seedBytes, /* input : length of seed in bytes.*/ 1144 PQGParams **pParams, /* output: P Q and G returned here */ 1145 PQGVerify **pVfy); /* output: counter and seed. */ 1146 1147 1148 /* Test PQGParams for validity as DSS PQG values. 1149 * If vfy is non-NULL, test PQGParams to make sure they were generated 1150 * using the specified seed, counter, and h values. 1151 * 1152 * Return value indicates whether Verification operation ran successfully 1153 * to completion, but does not indicate if PQGParams are valid or not. 1154 * If return value is SECSuccess, then *pResult has these meanings: 1155 * SECSuccess: PQGParams are valid. 1156 * SECFailure: PQGParams are invalid. 1157 * 1158 * Verify the following 12 facts about PQG counter SEED g and h 1159 * 1. Q is 160 bits long. 1160 * 2. P is one of the 9 valid lengths. 1161 * 3. G < P 1162 * 4. P % Q == 1 1163 * 5. Q is prime 1164 * 6. P is prime 1165 * Steps 7-12 are done only if the optional PQGVerify is supplied. 1166 * 7. counter < 4096 1167 * 8. g >= 160 and g < 2048 (g is length of seed in bits) 1168 * 9. Q generated from SEED matches Q in PQGParams. 1169 * 10. P generated from (L, counter, g, SEED, Q) matches P in PQGParams. 1170 * 11. 1 < h < P-1 1171 * 12. G generated from h matches G in PQGParams. 1172 */ 1173 1174 extern SECStatus PQG_VerifyParams(const PQGParams *params, 1175 const PQGVerify *vfy, SECStatus *result); 1176 1177 extern void PQG_DestroyParams(PQGParams *params); 1178 1179 extern void PQG_DestroyVerify(PQGVerify *vfy); 1180 1181 1182 /* 1183 * clean-up any global tables freebl may have allocated after it starts up. 1184 * This function is not thread safe and should be called only after the 1185 * library has been quiessed. 1186 */ 1187 extern void BL_Cleanup(void); 1188 1189 /* unload freebl shared library from memory */ 1190 extern void BL_Unload(void); 1191 1192 /************************************************************************** 1193 * Verify a given Shared library signature * 1194 **************************************************************************/ 1195 PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr); 1196 1197 /************************************************************************** 1198 * Verify Are Own Shared library signature * 1199 **************************************************************************/ 1200 PRBool BLAPI_VerifySelf(const char *name); 1201 1202 /*********************************************************************/ 1203 extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType); 1204 1205 extern void BL_SetForkState(PRBool forked); 1206 1207 SEC_END_PROTOS 1208 1209 #endif /* _BLAPI_H_ */ 1210