1 /* 2 * blapit.h - public data structures for the freebl library 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 7 8 #ifndef _BLAPIT_H_ 9 #define _BLAPIT_H_ 10 11 #include "seccomon.h" 12 #include "prlink.h" 13 #include "plarena.h" 14 #include "ecl-exp.h" 15 16 /* RC2 operation modes */ 17 #define NSS_RC2 0 18 #define NSS_RC2_CBC 1 19 20 /* RC5 operation modes */ 21 #define NSS_RC5 0 22 #define NSS_RC5_CBC 1 23 24 /* DES operation modes */ 25 #define NSS_DES 0 26 #define NSS_DES_CBC 1 27 #define NSS_DES_EDE3 2 28 #define NSS_DES_EDE3_CBC 3 29 30 #define DES_KEY_LENGTH 8 /* Bytes */ 31 32 /* AES operation modes */ 33 #define NSS_AES 0 34 #define NSS_AES_CBC 1 35 #define NSS_AES_CTS 2 36 #define NSS_AES_CTR 3 37 #define NSS_AES_GCM 4 38 39 /* Camellia operation modes */ 40 #define NSS_CAMELLIA 0 41 #define NSS_CAMELLIA_CBC 1 42 43 /* SEED operation modes */ 44 #define NSS_SEED 0 45 #define NSS_SEED_CBC 1 46 47 #define DSA1_SUBPRIME_LEN 20 /* Bytes */ 48 #define DSA1_SIGNATURE_LEN (DSA1_SUBPRIME_LEN * 2) /* Bytes */ 49 #define DSA_MAX_SUBPRIME_LEN 32 /* Bytes */ 50 #define DSA_MAX_SIGNATURE_LEN (DSA_MAX_SUBPRIME_LEN * 2) /* Bytes */ 51 52 /* 53 * Mark the old defines as deprecated. This will warn code that expected 54 * DSA1 only that they need to change if the are to support DSA2. 55 */ 56 #if defined(__GNUC__) && (__GNUC__ > 3) 57 /* make GCC warn when we use these #defines */ 58 typedef int __BLAPI_DEPRECATED __attribute__((deprecated)); 59 #define DSA_SUBPRIME_LEN ((__BLAPI_DEPRECATED)DSA1_SUBPRIME_LEN) 60 #define DSA_SIGNATURE_LEN ((__BLAPI_DEPRECATED)DSA1_SIGNATURE_LEN) 61 #define DSA_Q_BITS ((__BLAPI_DEPRECATED)(DSA1_SUBPRIME_LEN * 8)) 62 #else 63 #ifdef _WIN32 64 /* This magic gets the windows compiler to give us a deprecation 65 * warning */ 66 #pragma deprecated(DSA_SUBPRIME_LEN, DSA_SIGNATURE_LEN, DSA_QBITS) 67 #endif 68 #define DSA_SUBPRIME_LEN DSA1_SUBPRIME_LEN 69 #define DSA_SIGNATURE_LEN DSA1_SIGNATURE_LEN 70 #define DSA_Q_BITS (DSA1_SUBPRIME_LEN * 8) 71 #endif 72 73 /* XXX We shouldn't have to hard code this limit. For 74 * now, this is the quickest way to support ECDSA signature 75 * processing (ECDSA signature lengths depend on curve 76 * size). This limit is sufficient for curves upto 77 * 576 bits. 78 */ 79 #define MAX_ECKEY_LEN 72 /* Bytes */ 80 81 #define EC_MAX_KEY_BITS 521 /* in bits */ 82 #define EC_MIN_KEY_BITS 256 /* in bits */ 83 84 /* EC point compression format */ 85 #define EC_POINT_FORM_COMPRESSED_Y0 0x02 86 #define EC_POINT_FORM_COMPRESSED_Y1 0x03 87 #define EC_POINT_FORM_UNCOMPRESSED 0x04 88 #define EC_POINT_FORM_HYBRID_Y0 0x06 89 #define EC_POINT_FORM_HYBRID_Y1 0x07 90 91 /* 92 * Number of bytes each hash algorithm produces 93 */ 94 #define MD2_LENGTH 16 /* Bytes */ 95 #define MD5_LENGTH 16 /* Bytes */ 96 #define SHA1_LENGTH 20 /* Bytes */ 97 #define SHA256_LENGTH 32 /* bytes */ 98 #define SHA384_LENGTH 48 /* bytes */ 99 #define SHA512_LENGTH 64 /* bytes */ 100 #define BLAKE2B512_LENGTH 64 /* Bytes */ 101 #define HASH_LENGTH_MAX SHA512_LENGTH 102 103 /* 104 * Input block size for each hash algorithm. 105 */ 106 107 #define MD2_BLOCK_LENGTH 64 /* bytes */ 108 #define MD5_BLOCK_LENGTH 64 /* bytes */ 109 #define SHA1_BLOCK_LENGTH 64 /* bytes */ 110 #define SHA224_BLOCK_LENGTH 64 /* bytes */ 111 #define SHA256_BLOCK_LENGTH 64 /* bytes */ 112 #define SHA384_BLOCK_LENGTH 128 /* bytes */ 113 #define SHA512_BLOCK_LENGTH 128 /* bytes */ 114 #define BLAKE2B_BLOCK_LENGTH 128 /* Bytes */ 115 #define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH 116 117 #define AES_KEY_WRAP_IV_BYTES 8 118 #define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */ 119 #define AES_BLOCK_SIZE 16 /* bytes */ 120 121 #define AES_128_KEY_LENGTH 16 /* bytes */ 122 #define AES_192_KEY_LENGTH 24 /* bytes */ 123 #define AES_256_KEY_LENGTH 32 /* bytes */ 124 125 #define CAMELLIA_BLOCK_SIZE 16 /* bytes */ 126 127 #define SEED_BLOCK_SIZE 16 /* bytes */ 128 #define SEED_KEY_LENGTH 16 /* bytes */ 129 130 #define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048 131 132 #define BLAKE2B_KEY_SIZE 64 133 134 /* 135 * These values come from the initial key size limits from the PKCS #11 136 * module. They may be arbitrarily adjusted to any value freebl supports. 137 */ 138 #define RSA_MIN_MODULUS_BITS 128 139 #define RSA_MAX_MODULUS_BITS 16384 140 #define RSA_MAX_EXPONENT_BITS 64 141 #define DH_MIN_P_BITS 128 142 #define DH_MAX_P_BITS 16384 143 144 /* 145 * The FIPS 186-1 algorithm for generating primes P and Q allows only 9 146 * distinct values for the length of P, and only one value for the 147 * length of Q. 148 * The algorithm uses a variable j to indicate which of the 9 lengths 149 * of P is to be used. 150 * The following table relates j to the lengths of P and Q in bits. 151 * 152 * j bits in P bits in Q 153 * _ _________ _________ 154 * 0 512 160 155 * 1 576 160 156 * 2 640 160 157 * 3 704 160 158 * 4 768 160 159 * 5 832 160 160 * 6 896 160 161 * 7 960 160 162 * 8 1024 160 163 * 164 * The FIPS-186-1 compliant PQG generator takes j as an input parameter. 165 * 166 * FIPS 186-3 algorithm specifies 4 distinct P and Q sizes: 167 * 168 * bits in P bits in Q 169 * _________ _________ 170 * 1024 160 171 * 2048 224 172 * 2048 256 173 * 3072 256 174 * 175 * The FIPS-186-3 complaiant PQG generator (PQG V2) takes arbitrary p and q 176 * lengths as input and returns an error if they aren't in this list. 177 */ 178 179 #define DSA1_Q_BITS 160 180 #define DSA_MAX_P_BITS 3072 181 #define DSA_MIN_P_BITS 512 182 #define DSA_MAX_Q_BITS 256 183 #define DSA_MIN_Q_BITS 160 184 185 #if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN * 8 186 #error "Inconsistent declaration of DSA SUBPRIME/Q parameters in blapit.h" 187 #endif 188 189 /* 190 * function takes desired number of bits in P, 191 * returns index (0..8) or -1 if number of bits is invalid. 192 */ 193 #define PQG_PBITS_TO_INDEX(bits) \ 194 (((bits) < 512 || (bits) > 1024 || (bits) % 64) ? -1 : (int)((bits)-512) / 64) 195 196 /* 197 * function takes index (0-8) 198 * returns number of bits in P for that index, or -1 if index is invalid. 199 */ 200 #define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j))) 201 202 /*************************************************************************** 203 ** Opaque objects 204 */ 205 206 struct DESContextStr; 207 struct RC2ContextStr; 208 struct RC4ContextStr; 209 struct RC5ContextStr; 210 struct AESContextStr; 211 struct CamelliaContextStr; 212 struct MD2ContextStr; 213 struct MD5ContextStr; 214 struct SHA1ContextStr; 215 struct SHA256ContextStr; 216 struct SHA512ContextStr; 217 struct AESKeyWrapContextStr; 218 struct SEEDContextStr; 219 struct ChaCha20Poly1305ContextStr; 220 struct Blake2bContextStr; 221 222 typedef struct DESContextStr DESContext; 223 typedef struct RC2ContextStr RC2Context; 224 typedef struct RC4ContextStr RC4Context; 225 typedef struct RC5ContextStr RC5Context; 226 typedef struct AESContextStr AESContext; 227 typedef struct CamelliaContextStr CamelliaContext; 228 typedef struct MD2ContextStr MD2Context; 229 typedef struct MD5ContextStr MD5Context; 230 typedef struct SHA1ContextStr SHA1Context; 231 typedef struct SHA256ContextStr SHA256Context; 232 /* SHA224Context is really a SHA256ContextStr. This is not a mistake. */ 233 typedef struct SHA256ContextStr SHA224Context; 234 typedef struct SHA512ContextStr SHA512Context; 235 /* SHA384Context is really a SHA512ContextStr. This is not a mistake. */ 236 typedef struct SHA512ContextStr SHA384Context; 237 typedef struct AESKeyWrapContextStr AESKeyWrapContext; 238 typedef struct SEEDContextStr SEEDContext; 239 typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context; 240 typedef struct Blake2bContextStr BLAKE2BContext; 241 242 /*************************************************************************** 243 ** RSA Public and Private Key structures 244 */ 245 246 /* member names from PKCS#1, section 7.1 */ 247 struct RSAPublicKeyStr { 248 PLArenaPool *arena; 249 SECItem modulus; 250 SECItem publicExponent; 251 }; 252 typedef struct RSAPublicKeyStr RSAPublicKey; 253 254 /* member names from PKCS#1, section 7.2 */ 255 struct RSAPrivateKeyStr { 256 PLArenaPool *arena; 257 SECItem version; 258 SECItem modulus; 259 SECItem publicExponent; 260 SECItem privateExponent; 261 SECItem prime1; 262 SECItem prime2; 263 SECItem exponent1; 264 SECItem exponent2; 265 SECItem coefficient; 266 }; 267 typedef struct RSAPrivateKeyStr RSAPrivateKey; 268 269 /*************************************************************************** 270 ** DSA Public and Private Key and related structures 271 */ 272 273 struct PQGParamsStr { 274 PLArenaPool *arena; 275 SECItem prime; /* p */ 276 SECItem subPrime; /* q */ 277 SECItem base; /* g */ 278 /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */ 279 }; 280 typedef struct PQGParamsStr PQGParams; 281 282 struct PQGVerifyStr { 283 PLArenaPool *arena; /* includes this struct, seed, & h. */ 284 unsigned int counter; 285 SECItem seed; 286 SECItem h; 287 }; 288 typedef struct PQGVerifyStr PQGVerify; 289 290 struct DSAPublicKeyStr { 291 PQGParams params; 292 SECItem publicValue; 293 }; 294 typedef struct DSAPublicKeyStr DSAPublicKey; 295 296 struct DSAPrivateKeyStr { 297 PQGParams params; 298 SECItem publicValue; 299 SECItem privateValue; 300 }; 301 typedef struct DSAPrivateKeyStr DSAPrivateKey; 302 303 /*************************************************************************** 304 ** Diffie-Hellman Public and Private Key and related structures 305 ** Structure member names suggested by PKCS#3. 306 */ 307 308 struct DHParamsStr { 309 PLArenaPool *arena; 310 SECItem prime; /* p */ 311 SECItem base; /* g */ 312 }; 313 typedef struct DHParamsStr DHParams; 314 315 struct DHPublicKeyStr { 316 PLArenaPool *arena; 317 SECItem prime; 318 SECItem base; 319 SECItem publicValue; 320 }; 321 typedef struct DHPublicKeyStr DHPublicKey; 322 323 struct DHPrivateKeyStr { 324 PLArenaPool *arena; 325 SECItem prime; 326 SECItem base; 327 SECItem publicValue; 328 SECItem privateValue; 329 }; 330 typedef struct DHPrivateKeyStr DHPrivateKey; 331 332 /*************************************************************************** 333 ** Data structures used for elliptic curve parameters and 334 ** public and private keys. 335 */ 336 337 /* 338 ** The ECParams data structures can encode elliptic curve 339 ** parameters for both GFp and GF2m curves. 340 */ 341 342 typedef enum { ec_params_explicit, 343 ec_params_named 344 } ECParamsType; 345 346 typedef enum { ec_field_GFp = 1, 347 ec_field_GF2m, 348 ec_field_plain 349 } ECFieldType; 350 351 struct ECFieldIDStr { 352 int size; /* field size in bits */ 353 ECFieldType type; 354 union { 355 SECItem prime; /* prime p for (GFp) */ 356 SECItem poly; /* irreducible binary polynomial for (GF2m) */ 357 } u; 358 int k1; /* first coefficient of pentanomial or 359 * the only coefficient of trinomial 360 */ 361 int k2; /* two remaining coefficients of pentanomial */ 362 int k3; 363 }; 364 typedef struct ECFieldIDStr ECFieldID; 365 366 struct ECCurveStr { 367 SECItem a; /* contains octet stream encoding of 368 * field element (X9.62 section 4.3.3) 369 */ 370 SECItem b; 371 SECItem seed; 372 }; 373 typedef struct ECCurveStr ECCurve; 374 375 struct ECParamsStr { 376 PLArenaPool *arena; 377 ECParamsType type; 378 ECFieldID fieldID; 379 ECCurve curve; 380 SECItem base; 381 SECItem order; 382 int cofactor; 383 SECItem DEREncoding; 384 ECCurveName name; 385 SECItem curveOID; 386 }; 387 typedef struct ECParamsStr ECParams; 388 389 struct ECPublicKeyStr { 390 ECParams ecParams; 391 SECItem publicValue; /* elliptic curve point encoded as 392 * octet stream. 393 */ 394 }; 395 typedef struct ECPublicKeyStr ECPublicKey; 396 397 struct ECPrivateKeyStr { 398 ECParams ecParams; 399 SECItem publicValue; /* encoded ec point */ 400 SECItem privateValue; /* private big integer */ 401 SECItem version; /* As per SEC 1, Appendix C, Section C.4 */ 402 }; 403 typedef struct ECPrivateKeyStr ECPrivateKey; 404 405 typedef void *(*BLapiAllocateFunc)(void); 406 typedef void (*BLapiDestroyContextFunc)(void *cx, PRBool freeit); 407 typedef SECStatus (*BLapiInitContextFunc)(void *cx, 408 const unsigned char *key, 409 unsigned int keylen, 410 const unsigned char *, 411 int, 412 unsigned int, 413 unsigned int); 414 typedef SECStatus (*BLapiEncrypt)(void *cx, unsigned char *output, 415 unsigned int *outputLen, 416 unsigned int maxOutputLen, 417 const unsigned char *input, 418 unsigned int inputLen); 419 420 #endif /* _BLAPIT_H_ */ 421