mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-15 04:00:12 +01:00
423 lines
12 KiB
C
423 lines
12 KiB
C
/*
|
|
* blapit.h - public data structures for the crypto library
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef _BLAPIT_H_
|
|
#define _BLAPIT_H_
|
|
|
|
#include "seccomon.h"
|
|
#include "prlink.h"
|
|
#include "plarena.h"
|
|
#include "ecl-exp.h"
|
|
|
|
|
|
/* RC2 operation modes */
|
|
#define NSS_RC2 0
|
|
#define NSS_RC2_CBC 1
|
|
|
|
/* RC5 operation modes */
|
|
#define NSS_RC5 0
|
|
#define NSS_RC5_CBC 1
|
|
|
|
/* DES operation modes */
|
|
#define NSS_DES 0
|
|
#define NSS_DES_CBC 1
|
|
#define NSS_DES_EDE3 2
|
|
#define NSS_DES_EDE3_CBC 3
|
|
|
|
#define DES_KEY_LENGTH 8 /* Bytes */
|
|
|
|
/* AES operation modes */
|
|
#define NSS_AES 0
|
|
#define NSS_AES_CBC 1
|
|
#define NSS_AES_CTS 2
|
|
#define NSS_AES_CTR 3
|
|
#define NSS_AES_GCM 4
|
|
|
|
/* Camellia operation modes */
|
|
#define NSS_CAMELLIA 0
|
|
#define NSS_CAMELLIA_CBC 1
|
|
|
|
/* SEED operation modes */
|
|
#define NSS_SEED 0
|
|
#define NSS_SEED_CBC 1
|
|
|
|
#define DSA1_SUBPRIME_LEN 20 /* Bytes */
|
|
#define DSA1_SIGNATURE_LEN (DSA1_SUBPRIME_LEN*2) /* Bytes */
|
|
#define DSA_MAX_SUBPRIME_LEN 32 /* Bytes */
|
|
#define DSA_MAX_SIGNATURE_LEN (DSA_MAX_SUBPRIME_LEN*2)/* Bytes */
|
|
|
|
/*
|
|
* Mark the old defines as deprecated. This will warn code that expected
|
|
* DSA1 only that they need to change if the are to support DSA2.
|
|
*/
|
|
#if defined(__GNUC__) && (__GNUC__ > 3)
|
|
/* make GCC warn when we use these #defines */
|
|
typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
|
|
#define DSA_SUBPRIME_LEN ((__BLAPI_DEPRECATED)DSA1_SUBPRIME_LEN)
|
|
#define DSA_SIGNATURE_LEN ((__BLAPI_DEPRECATED)DSA1_SIGNATURE_LEN)
|
|
#define DSA_Q_BITS ((__BLAPI_DEPRECATED)(DSA1_SUBPRIME_LEN*8))
|
|
#else
|
|
#ifdef _WIN32
|
|
/* This magic gets the windows compiler to give us a deprecation
|
|
* warning */
|
|
#pragma deprecated(DSA_SUBPRIME_LEN, DSA_SIGNATURE_LEN, DSA_QBITS)
|
|
#endif
|
|
#define DSA_SUBPRIME_LEN DSA1_SUBPRIME_LEN
|
|
#define DSA_SIGNATURE_LEN DSA1_SIGNATURE_LEN
|
|
#define DSA_Q_BITS (DSA1_SUBPRIME_LEN*8)
|
|
#endif
|
|
|
|
|
|
/* XXX We shouldn't have to hard code this limit. For
|
|
* now, this is the quickest way to support ECDSA signature
|
|
* processing (ECDSA signature lengths depend on curve
|
|
* size). This limit is sufficient for curves upto
|
|
* 576 bits.
|
|
*/
|
|
#define MAX_ECKEY_LEN 72 /* Bytes */
|
|
|
|
#ifdef NSS_ECC_MORE_THAN_SUITE_B
|
|
#define EC_MAX_KEY_BITS 571 /* in bits */
|
|
#define EC_MIN_KEY_BITS 112 /* in bits */
|
|
#else
|
|
#define EC_MAX_KEY_BITS 521 /* in bits */
|
|
#define EC_MIN_KEY_BITS 256 /* in bits */
|
|
#endif
|
|
|
|
/* EC point compression format */
|
|
#define EC_POINT_FORM_COMPRESSED_Y0 0x02
|
|
#define EC_POINT_FORM_COMPRESSED_Y1 0x03
|
|
#define EC_POINT_FORM_UNCOMPRESSED 0x04
|
|
#define EC_POINT_FORM_HYBRID_Y0 0x06
|
|
#define EC_POINT_FORM_HYBRID_Y1 0x07
|
|
|
|
/*
|
|
* Number of bytes each hash algorithm produces
|
|
*/
|
|
#define MD2_LENGTH 16 /* Bytes */
|
|
#define MD5_LENGTH 16 /* Bytes */
|
|
#define SHA1_LENGTH 20 /* Bytes */
|
|
#define SHA256_LENGTH 32 /* bytes */
|
|
#define SHA384_LENGTH 48 /* bytes */
|
|
#define SHA512_LENGTH 64 /* bytes */
|
|
#define HASH_LENGTH_MAX SHA512_LENGTH
|
|
|
|
/*
|
|
* Input block size for each hash algorithm.
|
|
*/
|
|
|
|
#define MD2_BLOCK_LENGTH 64 /* bytes */
|
|
#define MD5_BLOCK_LENGTH 64 /* bytes */
|
|
#define SHA1_BLOCK_LENGTH 64 /* bytes */
|
|
#define SHA224_BLOCK_LENGTH 64 /* bytes */
|
|
#define SHA256_BLOCK_LENGTH 64 /* bytes */
|
|
#define SHA384_BLOCK_LENGTH 128 /* bytes */
|
|
#define SHA512_BLOCK_LENGTH 128 /* bytes */
|
|
#define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH
|
|
|
|
#define AES_KEY_WRAP_IV_BYTES 8
|
|
#define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */
|
|
#define AES_BLOCK_SIZE 16 /* bytes */
|
|
|
|
#define AES_128_KEY_LENGTH 16 /* bytes */
|
|
#define AES_192_KEY_LENGTH 24 /* bytes */
|
|
#define AES_256_KEY_LENGTH 32 /* bytes */
|
|
|
|
#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
|
|
|
|
#define SEED_BLOCK_SIZE 16 /* bytes */
|
|
#define SEED_KEY_LENGTH 16 /* bytes */
|
|
|
|
#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
|
|
|
|
/*
|
|
* These values come from the initial key size limits from the PKCS #11
|
|
* module. They may be arbitrarily adjusted to any value freebl supports.
|
|
*/
|
|
#define RSA_MIN_MODULUS_BITS 128
|
|
#define RSA_MAX_MODULUS_BITS 16384
|
|
#define RSA_MAX_EXPONENT_BITS 64
|
|
#define DH_MIN_P_BITS 128
|
|
#define DH_MAX_P_BITS 16384
|
|
|
|
/*
|
|
* The FIPS 186-1 algorithm for generating primes P and Q allows only 9
|
|
* distinct values for the length of P, and only one value for the
|
|
* length of Q.
|
|
* The algorithm uses a variable j to indicate which of the 9 lengths
|
|
* of P is to be used.
|
|
* The following table relates j to the lengths of P and Q in bits.
|
|
*
|
|
* j bits in P bits in Q
|
|
* _ _________ _________
|
|
* 0 512 160
|
|
* 1 576 160
|
|
* 2 640 160
|
|
* 3 704 160
|
|
* 4 768 160
|
|
* 5 832 160
|
|
* 6 896 160
|
|
* 7 960 160
|
|
* 8 1024 160
|
|
*
|
|
* The FIPS-186-1 compliant PQG generator takes j as an input parameter.
|
|
*
|
|
* FIPS 186-3 algorithm specifies 4 distinct P and Q sizes:
|
|
*
|
|
* bits in P bits in Q
|
|
* _________ _________
|
|
* 1024 160
|
|
* 2048 224
|
|
* 2048 256
|
|
* 3072 256
|
|
*
|
|
* The FIPS-186-3 complaiant PQG generator (PQG V2) takes arbitrary p and q
|
|
* lengths as input and returns an error if they aren't in this list.
|
|
*/
|
|
|
|
#define DSA1_Q_BITS 160
|
|
#define DSA_MAX_P_BITS 3072
|
|
#define DSA_MIN_P_BITS 512
|
|
#define DSA_MAX_Q_BITS 256
|
|
#define DSA_MIN_Q_BITS 160
|
|
|
|
#if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN*8
|
|
#error "Inconsistent declaration of DSA SUBPRIME/Q parameters in blapit.h"
|
|
#endif
|
|
|
|
|
|
/*
|
|
* function takes desired number of bits in P,
|
|
* returns index (0..8) or -1 if number of bits is invalid.
|
|
*/
|
|
#define PQG_PBITS_TO_INDEX(bits) \
|
|
(((bits) < 512 || (bits) > 1024 || (bits) % 64) ? \
|
|
-1 : (int)((bits)-512)/64)
|
|
|
|
/*
|
|
* function takes index (0-8)
|
|
* returns number of bits in P for that index, or -1 if index is invalid.
|
|
*/
|
|
#define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j)))
|
|
|
|
|
|
/***************************************************************************
|
|
** Opaque objects
|
|
*/
|
|
|
|
struct DESContextStr ;
|
|
struct RC2ContextStr ;
|
|
struct RC4ContextStr ;
|
|
struct RC5ContextStr ;
|
|
struct AESContextStr ;
|
|
struct CamelliaContextStr ;
|
|
struct MD2ContextStr ;
|
|
struct MD5ContextStr ;
|
|
struct SHA1ContextStr ;
|
|
struct SHA256ContextStr ;
|
|
struct SHA512ContextStr ;
|
|
struct AESKeyWrapContextStr ;
|
|
struct SEEDContextStr ;
|
|
|
|
typedef struct DESContextStr DESContext;
|
|
typedef struct RC2ContextStr RC2Context;
|
|
typedef struct RC4ContextStr RC4Context;
|
|
typedef struct RC5ContextStr RC5Context;
|
|
typedef struct AESContextStr AESContext;
|
|
typedef struct CamelliaContextStr CamelliaContext;
|
|
typedef struct MD2ContextStr MD2Context;
|
|
typedef struct MD5ContextStr MD5Context;
|
|
typedef struct SHA1ContextStr SHA1Context;
|
|
typedef struct SHA256ContextStr SHA256Context;
|
|
/* SHA224Context is really a SHA256ContextStr. This is not a mistake. */
|
|
typedef struct SHA256ContextStr SHA224Context;
|
|
typedef struct SHA512ContextStr SHA512Context;
|
|
/* SHA384Context is really a SHA512ContextStr. This is not a mistake. */
|
|
typedef struct SHA512ContextStr SHA384Context;
|
|
typedef struct AESKeyWrapContextStr AESKeyWrapContext;
|
|
typedef struct SEEDContextStr SEEDContext;
|
|
|
|
/***************************************************************************
|
|
** RSA Public and Private Key structures
|
|
*/
|
|
|
|
/* member names from PKCS#1, section 7.1 */
|
|
struct RSAPublicKeyStr {
|
|
PLArenaPool * arena;
|
|
SECItem modulus;
|
|
SECItem publicExponent;
|
|
};
|
|
typedef struct RSAPublicKeyStr RSAPublicKey;
|
|
|
|
/* member names from PKCS#1, section 7.2 */
|
|
struct RSAPrivateKeyStr {
|
|
PLArenaPool * arena;
|
|
SECItem version;
|
|
SECItem modulus;
|
|
SECItem publicExponent;
|
|
SECItem privateExponent;
|
|
SECItem prime1;
|
|
SECItem prime2;
|
|
SECItem exponent1;
|
|
SECItem exponent2;
|
|
SECItem coefficient;
|
|
};
|
|
typedef struct RSAPrivateKeyStr RSAPrivateKey;
|
|
|
|
|
|
/***************************************************************************
|
|
** DSA Public and Private Key and related structures
|
|
*/
|
|
|
|
struct PQGParamsStr {
|
|
PLArenaPool *arena;
|
|
SECItem prime; /* p */
|
|
SECItem subPrime; /* q */
|
|
SECItem base; /* g */
|
|
/* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
|
|
};
|
|
typedef struct PQGParamsStr PQGParams;
|
|
|
|
struct PQGVerifyStr {
|
|
PLArenaPool * arena; /* includes this struct, seed, & h. */
|
|
unsigned int counter;
|
|
SECItem seed;
|
|
SECItem h;
|
|
};
|
|
typedef struct PQGVerifyStr PQGVerify;
|
|
|
|
struct DSAPublicKeyStr {
|
|
PQGParams params;
|
|
SECItem publicValue;
|
|
};
|
|
typedef struct DSAPublicKeyStr DSAPublicKey;
|
|
|
|
struct DSAPrivateKeyStr {
|
|
PQGParams params;
|
|
SECItem publicValue;
|
|
SECItem privateValue;
|
|
};
|
|
typedef struct DSAPrivateKeyStr DSAPrivateKey;
|
|
|
|
/***************************************************************************
|
|
** Diffie-Hellman Public and Private Key and related structures
|
|
** Structure member names suggested by PKCS#3.
|
|
*/
|
|
|
|
struct DHParamsStr {
|
|
PLArenaPool * arena;
|
|
SECItem prime; /* p */
|
|
SECItem base; /* g */
|
|
};
|
|
typedef struct DHParamsStr DHParams;
|
|
|
|
struct DHPublicKeyStr {
|
|
PLArenaPool * arena;
|
|
SECItem prime;
|
|
SECItem base;
|
|
SECItem publicValue;
|
|
};
|
|
typedef struct DHPublicKeyStr DHPublicKey;
|
|
|
|
struct DHPrivateKeyStr {
|
|
PLArenaPool * arena;
|
|
SECItem prime;
|
|
SECItem base;
|
|
SECItem publicValue;
|
|
SECItem privateValue;
|
|
};
|
|
typedef struct DHPrivateKeyStr DHPrivateKey;
|
|
|
|
/***************************************************************************
|
|
** Data structures used for elliptic curve parameters and
|
|
** public and private keys.
|
|
*/
|
|
|
|
/*
|
|
** The ECParams data structures can encode elliptic curve
|
|
** parameters for both GFp and GF2m curves.
|
|
*/
|
|
|
|
typedef enum { ec_params_explicit,
|
|
ec_params_named
|
|
} ECParamsType;
|
|
|
|
typedef enum { ec_field_GFp = 1,
|
|
ec_field_GF2m
|
|
} ECFieldType;
|
|
|
|
struct ECFieldIDStr {
|
|
int size; /* field size in bits */
|
|
ECFieldType type;
|
|
union {
|
|
SECItem prime; /* prime p for (GFp) */
|
|
SECItem poly; /* irreducible binary polynomial for (GF2m) */
|
|
} u;
|
|
int k1; /* first coefficient of pentanomial or
|
|
* the only coefficient of trinomial
|
|
*/
|
|
int k2; /* two remaining coefficients of pentanomial */
|
|
int k3;
|
|
};
|
|
typedef struct ECFieldIDStr ECFieldID;
|
|
|
|
struct ECCurveStr {
|
|
SECItem a; /* contains octet stream encoding of
|
|
* field element (X9.62 section 4.3.3)
|
|
*/
|
|
SECItem b;
|
|
SECItem seed;
|
|
};
|
|
typedef struct ECCurveStr ECCurve;
|
|
|
|
struct ECParamsStr {
|
|
PLArenaPool * arena;
|
|
ECParamsType type;
|
|
ECFieldID fieldID;
|
|
ECCurve curve;
|
|
SECItem base;
|
|
SECItem order;
|
|
int cofactor;
|
|
SECItem DEREncoding;
|
|
ECCurveName name;
|
|
SECItem curveOID;
|
|
};
|
|
typedef struct ECParamsStr ECParams;
|
|
|
|
struct ECPublicKeyStr {
|
|
ECParams ecParams;
|
|
SECItem publicValue; /* elliptic curve point encoded as
|
|
* octet stream.
|
|
*/
|
|
};
|
|
typedef struct ECPublicKeyStr ECPublicKey;
|
|
|
|
struct ECPrivateKeyStr {
|
|
ECParams ecParams;
|
|
SECItem publicValue; /* encoded ec point */
|
|
SECItem privateValue; /* private big integer */
|
|
SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
|
|
};
|
|
typedef struct ECPrivateKeyStr ECPrivateKey;
|
|
|
|
typedef void * (*BLapiAllocateFunc)(void);
|
|
typedef void (*BLapiDestroyContextFunc)(void *cx, PRBool freeit);
|
|
typedef SECStatus (*BLapiInitContextFunc)(void *cx,
|
|
const unsigned char *key,
|
|
unsigned int keylen,
|
|
const unsigned char *,
|
|
int,
|
|
unsigned int ,
|
|
unsigned int );
|
|
typedef SECStatus (*BLapiEncrypt)(void *cx, unsigned char *output,
|
|
unsigned int *outputLen,
|
|
unsigned int maxOutputLen,
|
|
const unsigned char *input,
|
|
unsigned int inputLen);
|
|
|
|
#endif /* _BLAPIT_H_ */
|