1 /*
2  * blapit.h - public data structures for the freebl library
3  *
4  * This Source Code Form is subject to the terms of the Mozilla Public
5  * License, v. 2.0. If a copy of the MPL was not distributed with this
6  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 
8 #ifndef _BLAPIT_H_
9 #define _BLAPIT_H_
10 
11 #include "seccomon.h"
12 #include "prlink.h"
13 #include "plarena.h"
14 #include "ecl-exp.h"
15 
16 /* RC2 operation modes */
17 #define NSS_RC2 0
18 #define NSS_RC2_CBC 1
19 
20 /* RC5 operation modes */
21 #define NSS_RC5 0
22 #define NSS_RC5_CBC 1
23 
24 /* DES operation modes */
25 #define NSS_DES 0
26 #define NSS_DES_CBC 1
27 #define NSS_DES_EDE3 2
28 #define NSS_DES_EDE3_CBC 3
29 
30 #define DES_KEY_LENGTH 8 /* Bytes */
31 
32 /* AES operation modes */
33 #define NSS_AES 0
34 #define NSS_AES_CBC 1
35 #define NSS_AES_CTS 2
36 #define NSS_AES_CTR 3
37 #define NSS_AES_GCM 4
38 
39 /* Camellia operation modes */
40 #define NSS_CAMELLIA 0
41 #define NSS_CAMELLIA_CBC 1
42 
43 /* SEED operation modes */
44 #define NSS_SEED 0
45 #define NSS_SEED_CBC 1
46 
47 #define DSA1_SUBPRIME_LEN 20                             /* Bytes */
48 #define DSA1_SIGNATURE_LEN (DSA1_SUBPRIME_LEN * 2)       /* Bytes */
49 #define DSA_MAX_SUBPRIME_LEN 32                          /* Bytes */
50 #define DSA_MAX_SIGNATURE_LEN (DSA_MAX_SUBPRIME_LEN * 2) /* Bytes */
51 
52 /*
53  * Mark the old defines as deprecated. This will warn code that expected
54  * DSA1 only that they need to change if the are to support DSA2.
55  */
56 #if defined(__GNUC__) && (__GNUC__ > 3)
57 /* make GCC warn when we use these #defines */
58 typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
59 #define DSA_SUBPRIME_LEN ((__BLAPI_DEPRECATED)DSA1_SUBPRIME_LEN)
60 #define DSA_SIGNATURE_LEN ((__BLAPI_DEPRECATED)DSA1_SIGNATURE_LEN)
61 #define DSA_Q_BITS ((__BLAPI_DEPRECATED)(DSA1_SUBPRIME_LEN * 8))
62 #else
63 #ifdef _WIN32
64 /* This magic gets the windows compiler to give us a deprecation
65  * warning */
66 #pragma deprecated(DSA_SUBPRIME_LEN, DSA_SIGNATURE_LEN, DSA_QBITS)
67 #endif
68 #define DSA_SUBPRIME_LEN DSA1_SUBPRIME_LEN
69 #define DSA_SIGNATURE_LEN DSA1_SIGNATURE_LEN
70 #define DSA_Q_BITS (DSA1_SUBPRIME_LEN * 8)
71 #endif
72 
73 /* XXX We shouldn't have to hard code this limit. For
74  * now, this is the quickest way to support ECDSA signature
75  * processing (ECDSA signature lengths depend on curve
76  * size). This limit is sufficient for curves upto
77  * 576 bits.
78  */
79 #define MAX_ECKEY_LEN 72 /* Bytes */
80 
81 #define EC_MAX_KEY_BITS 521 /* in bits */
82 #define EC_MIN_KEY_BITS 256 /* in bits */
83 
84 /* EC point compression format */
85 #define EC_POINT_FORM_COMPRESSED_Y0 0x02
86 #define EC_POINT_FORM_COMPRESSED_Y1 0x03
87 #define EC_POINT_FORM_UNCOMPRESSED 0x04
88 #define EC_POINT_FORM_HYBRID_Y0 0x06
89 #define EC_POINT_FORM_HYBRID_Y1 0x07
90 
91 /*
92  * Number of bytes each hash algorithm produces
93  */
94 #define MD2_LENGTH 16        /* Bytes */
95 #define MD5_LENGTH 16        /* Bytes */
96 #define SHA1_LENGTH 20       /* Bytes */
97 #define SHA256_LENGTH 32     /* bytes */
98 #define SHA384_LENGTH 48     /* bytes */
99 #define SHA512_LENGTH 64     /* bytes */
100 #define BLAKE2B512_LENGTH 64 /* Bytes */
101 #define HASH_LENGTH_MAX SHA512_LENGTH
102 
103 /*
104  * Input block size for each hash algorithm.
105  */
106 
107 #define MD2_BLOCK_LENGTH 64      /* bytes */
108 #define MD5_BLOCK_LENGTH 64      /* bytes */
109 #define SHA1_BLOCK_LENGTH 64     /* bytes */
110 #define SHA224_BLOCK_LENGTH 64   /* bytes */
111 #define SHA256_BLOCK_LENGTH 64   /* bytes */
112 #define SHA384_BLOCK_LENGTH 128  /* bytes */
113 #define SHA512_BLOCK_LENGTH 128  /* bytes */
114 #define BLAKE2B_BLOCK_LENGTH 128 /* Bytes */
115 #define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH
116 
117 #define AES_KEY_WRAP_IV_BYTES 8
118 #define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */
119 #define AES_BLOCK_SIZE 16         /* bytes */
120 
121 #define AES_128_KEY_LENGTH 16 /* bytes */
122 #define AES_192_KEY_LENGTH 24 /* bytes */
123 #define AES_256_KEY_LENGTH 32 /* bytes */
124 
125 #define CAMELLIA_BLOCK_SIZE 16 /* bytes */
126 
127 #define SEED_BLOCK_SIZE 16 /* bytes */
128 #define SEED_KEY_LENGTH 16 /* bytes */
129 
130 #define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
131 
132 #define BLAKE2B_KEY_SIZE 64
133 
134 /*
135  * These values come from the initial key size limits from the PKCS #11
136  * module. They may be arbitrarily adjusted to any value freebl supports.
137  */
138 #define RSA_MIN_MODULUS_BITS 128
139 #define RSA_MAX_MODULUS_BITS 16384
140 #define RSA_MAX_EXPONENT_BITS 64
141 #define DH_MIN_P_BITS 128
142 #define DH_MAX_P_BITS 16384
143 
144 /*
145  * The FIPS 186-1 algorithm for generating primes P and Q allows only 9
146  * distinct values for the length of P, and only one value for the
147  * length of Q.
148  * The algorithm uses a variable j to indicate which of the 9 lengths
149  * of P is to be used.
150  * The following table relates j to the lengths of P and Q in bits.
151  *
152  *  j   bits in P   bits in Q
153  *  _   _________   _________
154  *  0    512        160
155  *  1    576        160
156  *  2    640        160
157  *  3    704        160
158  *  4    768        160
159  *  5    832        160
160  *  6    896        160
161  *  7    960        160
162  *  8   1024        160
163  *
164  * The FIPS-186-1 compliant PQG generator takes j as an input parameter.
165  *
166  * FIPS 186-3 algorithm specifies 4 distinct P and Q sizes:
167  *
168  *     bits in P       bits in Q
169  *     _________       _________
170  *      1024           160
171  *      2048           224
172  *      2048           256
173  *      3072           256
174  *
175  * The FIPS-186-3 complaiant PQG generator (PQG V2) takes arbitrary p and q
176  * lengths as input and returns an error if they aren't in this list.
177  */
178 
179 #define DSA1_Q_BITS 160
180 #define DSA_MAX_P_BITS 3072
181 #define DSA_MIN_P_BITS 512
182 #define DSA_MAX_Q_BITS 256
183 #define DSA_MIN_Q_BITS 160
184 
185 #if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN * 8
186 #error "Inconsistent declaration of DSA SUBPRIME/Q parameters in blapit.h"
187 #endif
188 
189 /*
190  * function takes desired number of bits in P,
191  * returns index (0..8) or -1 if number of bits is invalid.
192  */
193 #define PQG_PBITS_TO_INDEX(bits) \
194     (((bits) < 512 || (bits) > 1024 || (bits) % 64) ? -1 : (int)((bits)-512) / 64)
195 
196 /*
197  * function takes index (0-8)
198  * returns number of bits in P for that index, or -1 if index is invalid.
199  */
200 #define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j)))
201 
202 /***************************************************************************
203 ** Opaque objects
204 */
205 
206 struct DESContextStr;
207 struct RC2ContextStr;
208 struct RC4ContextStr;
209 struct RC5ContextStr;
210 struct AESContextStr;
211 struct CamelliaContextStr;
212 struct MD2ContextStr;
213 struct MD5ContextStr;
214 struct SHA1ContextStr;
215 struct SHA256ContextStr;
216 struct SHA512ContextStr;
217 struct AESKeyWrapContextStr;
218 struct SEEDContextStr;
219 struct ChaCha20Poly1305ContextStr;
220 struct Blake2bContextStr;
221 
222 typedef struct DESContextStr DESContext;
223 typedef struct RC2ContextStr RC2Context;
224 typedef struct RC4ContextStr RC4Context;
225 typedef struct RC5ContextStr RC5Context;
226 typedef struct AESContextStr AESContext;
227 typedef struct CamelliaContextStr CamelliaContext;
228 typedef struct MD2ContextStr MD2Context;
229 typedef struct MD5ContextStr MD5Context;
230 typedef struct SHA1ContextStr SHA1Context;
231 typedef struct SHA256ContextStr SHA256Context;
232 /* SHA224Context is really a SHA256ContextStr.  This is not a mistake. */
233 typedef struct SHA256ContextStr SHA224Context;
234 typedef struct SHA512ContextStr SHA512Context;
235 /* SHA384Context is really a SHA512ContextStr.  This is not a mistake. */
236 typedef struct SHA512ContextStr SHA384Context;
237 typedef struct AESKeyWrapContextStr AESKeyWrapContext;
238 typedef struct SEEDContextStr SEEDContext;
239 typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context;
240 typedef struct Blake2bContextStr BLAKE2BContext;
241 
242 /***************************************************************************
243 ** RSA Public and Private Key structures
244 */
245 
246 /* member names from PKCS#1, section 7.1 */
247 struct RSAPublicKeyStr {
248     PLArenaPool *arena;
249     SECItem modulus;
250     SECItem publicExponent;
251 };
252 typedef struct RSAPublicKeyStr RSAPublicKey;
253 
254 /* member names from PKCS#1, section 7.2 */
255 struct RSAPrivateKeyStr {
256     PLArenaPool *arena;
257     SECItem version;
258     SECItem modulus;
259     SECItem publicExponent;
260     SECItem privateExponent;
261     SECItem prime1;
262     SECItem prime2;
263     SECItem exponent1;
264     SECItem exponent2;
265     SECItem coefficient;
266 };
267 typedef struct RSAPrivateKeyStr RSAPrivateKey;
268 
269 /***************************************************************************
270 ** DSA Public and Private Key and related structures
271 */
272 
273 struct PQGParamsStr {
274     PLArenaPool *arena;
275     SECItem prime;    /* p */
276     SECItem subPrime; /* q */
277     SECItem base;     /* g */
278     /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
279 };
280 typedef struct PQGParamsStr PQGParams;
281 
282 struct PQGVerifyStr {
283     PLArenaPool *arena; /* includes this struct, seed, & h. */
284     unsigned int counter;
285     SECItem seed;
286     SECItem h;
287 };
288 typedef struct PQGVerifyStr PQGVerify;
289 
290 struct DSAPublicKeyStr {
291     PQGParams params;
292     SECItem publicValue;
293 };
294 typedef struct DSAPublicKeyStr DSAPublicKey;
295 
296 struct DSAPrivateKeyStr {
297     PQGParams params;
298     SECItem publicValue;
299     SECItem privateValue;
300 };
301 typedef struct DSAPrivateKeyStr DSAPrivateKey;
302 
303 /***************************************************************************
304 ** Diffie-Hellman Public and Private Key and related structures
305 ** Structure member names suggested by PKCS#3.
306 */
307 
308 struct DHParamsStr {
309     PLArenaPool *arena;
310     SECItem prime; /* p */
311     SECItem base;  /* g */
312 };
313 typedef struct DHParamsStr DHParams;
314 
315 struct DHPublicKeyStr {
316     PLArenaPool *arena;
317     SECItem prime;
318     SECItem base;
319     SECItem publicValue;
320 };
321 typedef struct DHPublicKeyStr DHPublicKey;
322 
323 struct DHPrivateKeyStr {
324     PLArenaPool *arena;
325     SECItem prime;
326     SECItem base;
327     SECItem publicValue;
328     SECItem privateValue;
329 };
330 typedef struct DHPrivateKeyStr DHPrivateKey;
331 
332 /***************************************************************************
333 ** Data structures used for elliptic curve parameters and
334 ** public and private keys.
335 */
336 
337 /*
338 ** The ECParams data structures can encode elliptic curve
339 ** parameters for both GFp and GF2m curves.
340 */
341 
342 typedef enum { ec_params_explicit,
343                ec_params_named
344 } ECParamsType;
345 
346 typedef enum { ec_field_GFp = 1,
347                ec_field_GF2m,
348                ec_field_plain
349 } ECFieldType;
350 
351 struct ECFieldIDStr {
352     int size; /* field size in bits */
353     ECFieldType type;
354     union {
355         SECItem prime; /* prime p for (GFp) */
356         SECItem poly;  /* irreducible binary polynomial for (GF2m) */
357     } u;
358     int k1; /* first coefficient of pentanomial or
359                          * the only coefficient of trinomial
360                          */
361     int k2; /* two remaining coefficients of pentanomial */
362     int k3;
363 };
364 typedef struct ECFieldIDStr ECFieldID;
365 
366 struct ECCurveStr {
367     SECItem a; /* contains octet stream encoding of
368                          * field element (X9.62 section 4.3.3)
369              */
370     SECItem b;
371     SECItem seed;
372 };
373 typedef struct ECCurveStr ECCurve;
374 
375 struct ECParamsStr {
376     PLArenaPool *arena;
377     ECParamsType type;
378     ECFieldID fieldID;
379     ECCurve curve;
380     SECItem base;
381     SECItem order;
382     int cofactor;
383     SECItem DEREncoding;
384     ECCurveName name;
385     SECItem curveOID;
386 };
387 typedef struct ECParamsStr ECParams;
388 
389 struct ECPublicKeyStr {
390     ECParams ecParams;
391     SECItem publicValue; /* elliptic curve point encoded as
392                 * octet stream.
393                 */
394 };
395 typedef struct ECPublicKeyStr ECPublicKey;
396 
397 struct ECPrivateKeyStr {
398     ECParams ecParams;
399     SECItem publicValue;  /* encoded ec point */
400     SECItem privateValue; /* private big integer */
401     SECItem version;      /* As per SEC 1, Appendix C, Section C.4 */
402 };
403 typedef struct ECPrivateKeyStr ECPrivateKey;
404 
405 typedef void *(*BLapiAllocateFunc)(void);
406 typedef void (*BLapiDestroyContextFunc)(void *cx, PRBool freeit);
407 typedef SECStatus (*BLapiInitContextFunc)(void *cx,
408                                           const unsigned char *key,
409                                           unsigned int keylen,
410                                           const unsigned char *,
411                                           int,
412                                           unsigned int,
413                                           unsigned int);
414 typedef SECStatus (*BLapiEncrypt)(void *cx, unsigned char *output,
415                                   unsigned int *outputLen,
416                                   unsigned int maxOutputLen,
417                                   const unsigned char *input,
418                                   unsigned int inputLen);
419 
420 #endif /* _BLAPIT_H_ */
421