| author | Chris Pearce <cpearce@mozilla.com> |
| Fri, 14 Nov 2014 21:26:24 +1300 | |
| changeset 215799 | abf353e4a1a7513c7c8a3557491e1118c9cb6c9e |
| parent 215798 | dd073758b0bc177428ef4d6e4560b459a6ef5499 |
| child 215800 | d7bb0dc3dfb2c41a39b3f2c5003746d12bbafb1e |
| push id | 27827 |
| push user | ryanvm@gmail.com |
| push date | Fri, 14 Nov 2014 22:48:07 +0000 |
| treeherder | mozilla-central@acbd7b68fa8c [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | hsivonen |
| bugs | 1088488 |
| milestone | 36.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| ipc/app/moz.build | file | annotate | diff | comparison | revisions | |
| ipc/app/sha256.c | file | annotate | diff | comparison | revisions | |
| ipc/app/sha256.h | file | annotate | diff | comparison | revisions |
--- a/ipc/app/moz.build +++ b/ipc/app/moz.build @@ -51,16 +51,20 @@ if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ 'rlz', 'sandbox_staticruntime_s', ] DELAYLOAD_DLLS += [ 'mozalloc.dll', 'nss3.dll', 'xul.dll' ] + SOURCES += [ + 'sha256.c', + ] + if CONFIG['_MSC_VER']: # Always enter a Windows program through wmain, whether or not we're # a console application. WIN32_EXE_LDFLAGS += ['-ENTRY:wmainCRTStartup'] LDFLAGS += [CONFIG['MOZ_ALLOW_HEAP_EXECUTE_FLAGS']]
copy from security/nss/lib/freebl/sha512.c copy to ipc/app/sha256.c --- a/security/nss/lib/freebl/sha512.c +++ b/ipc/app/sha256.c @@ -1,29 +1,30 @@ -/* - * sha512.c - implementation of SHA224, SHA256, SHA384 and SHA512 - * - * This Source Code Form is subject to the terms of the Mozilla Public +/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#ifdef FREEBL_NO_DEPEND -#include "stubs.h" -#endif +// Stripped down version of security/nss/lib/freebl/sha512.c +// and related headers. +#include "sha256.h" +#include "string.h" #include "prcpucfg.h" #if defined(NSS_X86) || defined(SHA_NO_LONG_LONG) #define NOUNROLL512 1 #undef HAVE_LONG_LONG #endif -#include "prtypes.h" /* for PRUintXX */ -#include "prlong.h" -#include "secport.h" /* for PORT_XXX */ -#include "blapi.h" -#include "sha256.h" /* for struct SHA256ContextStr */ + +#define SHA256_BLOCK_LENGTH 64 /* bytes */ + +typedef enum _SECStatus { + SECWouldBlock = -2, + SECFailure = -1, + SECSuccess = 0 +} SECStatus; /* ============= Common constants and defines ======================= */ #define W ctx->u.w #define B ctx->u.b #define H ctx->h #define SHR(x,n) (x >> n) @@ -140,32 +141,16 @@ static __inline__ PRUint32 swap4b(PRUint #endif /* Capitol Sigma and lower case sigma functions */ #define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22)) #define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25)) #define s0(x) (t1 = x, ROTR32(t1, 7) ^ ROTR32(t1,18) ^ SHR(t1, 3)) #define s1(x) (t2 = x, ROTR32(t2,17) ^ ROTR32(t2,19) ^ SHR(t2,10)) -SHA256Context * -SHA256_NewContext(void) -{ - SHA256Context *ctx = PORT_New(SHA256Context); - return ctx; -} - -void -SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit) -{ - memset(ctx, 0, sizeof *ctx); - if (freeit) { - PORT_Free(ctx); - } -} - void SHA256_Begin(SHA256Context *ctx) { memset(ctx, 0, sizeof *ctx); memcpy(H, H256, sizeof H256); } static void @@ -499,1100 +484,8 @@ SHA256_HashBuf(unsigned char *dest, cons SHA256_Begin(&ctx); SHA256_Update(&ctx, src, src_length); SHA256_End(&ctx, dest, &outLen, SHA256_LENGTH); memset(&ctx, 0, sizeof ctx); return SECSuccess; } - - -SECStatus -SHA256_Hash(unsigned char *dest, const char *src) -{ - return SHA256_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); -} - - -void SHA256_TraceState(SHA256Context *ctx) { } - -unsigned int -SHA256_FlattenSize(SHA256Context *ctx) -{ - return sizeof *ctx; -} - -SECStatus -SHA256_Flatten(SHA256Context *ctx,unsigned char *space) -{ - PORT_Memcpy(space, ctx, sizeof *ctx); - return SECSuccess; -} - -SHA256Context * -SHA256_Resurrect(unsigned char *space, void *arg) -{ - SHA256Context *ctx = SHA256_NewContext(); - if (ctx) - PORT_Memcpy(ctx, space, sizeof *ctx); - return ctx; -} - -void SHA256_Clone(SHA256Context *dest, SHA256Context *src) -{ - memcpy(dest, src, sizeof *dest); -} - -/* ============= SHA224 implementation ================================== */ - -/* SHA-224 initial hash values */ -static const PRUint32 H224[8] = { - 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, - 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 -}; - -SHA224Context * -SHA224_NewContext(void) -{ - return SHA256_NewContext(); -} - -void -SHA224_DestroyContext(SHA224Context *ctx, PRBool freeit) -{ - SHA256_DestroyContext(ctx, freeit); -} - -void -SHA224_Begin(SHA224Context *ctx) -{ - memset(ctx, 0, sizeof *ctx); - memcpy(H, H224, sizeof H224); -} - -void -SHA224_Update(SHA224Context *ctx, const unsigned char *input, - unsigned int inputLen) -{ - SHA256_Update(ctx, input, inputLen); -} - -void -SHA224_End(SHA256Context *ctx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH); - SHA256_End(ctx, digest, digestLen, maxLen); -} - -void -SHA224_EndRaw(SHA256Context *ctx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH); - SHA256_EndRaw(ctx, digest, digestLen, maxLen); -} - -SECStatus -SHA224_HashBuf(unsigned char *dest, const unsigned char *src, - PRUint32 src_length) -{ - SHA256Context ctx; - unsigned int outLen; - - SHA224_Begin(&ctx); - SHA256_Update(&ctx, src, src_length); - SHA256_End(&ctx, dest, &outLen, SHA224_LENGTH); - memset(&ctx, 0, sizeof ctx); - - return SECSuccess; -} - -SECStatus -SHA224_Hash(unsigned char *dest, const char *src) -{ - return SHA224_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); -} - -void SHA224_TraceState(SHA224Context *ctx) { } - -unsigned int -SHA224_FlattenSize(SHA224Context *ctx) -{ - return SHA256_FlattenSize(ctx); -} - -SECStatus -SHA224_Flatten(SHA224Context *ctx, unsigned char *space) -{ - return SHA256_Flatten(ctx, space); -} - -SHA224Context * -SHA224_Resurrect(unsigned char *space, void *arg) -{ - return SHA256_Resurrect(space, arg); -} - -void SHA224_Clone(SHA224Context *dest, SHA224Context *src) -{ - SHA256_Clone(dest, src); -} - - -/* ======= SHA512 and SHA384 common constants and defines ================= */ - -/* common #defines for SHA512 and SHA384 */ -#if defined(HAVE_LONG_LONG) -#if defined(_MSC_VER) -#pragma intrinsic(_rotr64,_rotl64) -#define ROTR64(x,n) _rotr64(x,n) -#define ROTL64(x,n) _rotl64(x,n) -#else -#define ROTR64(x,n) ((x >> n) | (x << (64 - n))) -#define ROTL64(x,n) ((x << n) | (x >> (64 - n))) -#endif - -#define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39)) -#define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41)) -#define s0(x) (t1 = x, ROTR64(t1, 1) ^ ROTR64(t1, 8) ^ SHR(t1,7)) -#define s1(x) (t2 = x, ROTR64(t2,19) ^ ROTR64(t2,61) ^ SHR(t2,6)) - -#if PR_BYTES_PER_LONG == 8 -#define ULLC(hi,lo) 0x ## hi ## lo ## UL -#elif defined(_MSC_VER) -#define ULLC(hi,lo) 0x ## hi ## lo ## ui64 -#else -#define ULLC(hi,lo) 0x ## hi ## lo ## ULL -#endif - -#if defined(_MSC_VER) -#pragma intrinsic(_byteswap_uint64) -#define SHA_HTONLL(x) _byteswap_uint64(x) - -#elif defined(__GNUC__) && (defined(__x86_64__) || defined(__x86_64)) -static __inline__ PRUint64 swap8b(PRUint64 value) -{ - __asm__("bswapq %0" : "+r" (value)); - return (value); -} -#define SHA_HTONLL(x) swap8b(x) - -#else -#define SHA_MASK16 ULLC(0000FFFF,0000FFFF) -#define SHA_MASK8 ULLC(00FF00FF,00FF00FF) -#define SHA_HTONLL(x) (t1 = x, \ - t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 ), \ - t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16), \ - (t1 >> 32) | (t1 << 32)) -#endif -#define BYTESWAP8(x) x = SHA_HTONLL(x) - -#else /* no long long */ - -#if defined(IS_LITTLE_ENDIAN) -#define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U } -#else -#define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U } -#endif - -#define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \ - x.hi ^= x.lo ^= x.hi ^= x.lo, x) -#define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \ - tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0) -#endif - -/* SHA-384 and SHA-512 constants, K512. */ -static const PRUint64 K512[80] = { -#if PR_BYTES_PER_LONG == 8 - 0x428a2f98d728ae22UL , 0x7137449123ef65cdUL , - 0xb5c0fbcfec4d3b2fUL , 0xe9b5dba58189dbbcUL , - 0x3956c25bf348b538UL , 0x59f111f1b605d019UL , - 0x923f82a4af194f9bUL , 0xab1c5ed5da6d8118UL , - 0xd807aa98a3030242UL , 0x12835b0145706fbeUL , - 0x243185be4ee4b28cUL , 0x550c7dc3d5ffb4e2UL , - 0x72be5d74f27b896fUL , 0x80deb1fe3b1696b1UL , - 0x9bdc06a725c71235UL , 0xc19bf174cf692694UL , - 0xe49b69c19ef14ad2UL , 0xefbe4786384f25e3UL , - 0x0fc19dc68b8cd5b5UL , 0x240ca1cc77ac9c65UL , - 0x2de92c6f592b0275UL , 0x4a7484aa6ea6e483UL , - 0x5cb0a9dcbd41fbd4UL , 0x76f988da831153b5UL , - 0x983e5152ee66dfabUL , 0xa831c66d2db43210UL , - 0xb00327c898fb213fUL , 0xbf597fc7beef0ee4UL , - 0xc6e00bf33da88fc2UL , 0xd5a79147930aa725UL , - 0x06ca6351e003826fUL , 0x142929670a0e6e70UL , - 0x27b70a8546d22ffcUL , 0x2e1b21385c26c926UL , - 0x4d2c6dfc5ac42aedUL , 0x53380d139d95b3dfUL , - 0x650a73548baf63deUL , 0x766a0abb3c77b2a8UL , - 0x81c2c92e47edaee6UL , 0x92722c851482353bUL , - 0xa2bfe8a14cf10364UL , 0xa81a664bbc423001UL , - 0xc24b8b70d0f89791UL , 0xc76c51a30654be30UL , - 0xd192e819d6ef5218UL , 0xd69906245565a910UL , - 0xf40e35855771202aUL , 0x106aa07032bbd1b8UL , - 0x19a4c116b8d2d0c8UL , 0x1e376c085141ab53UL , - 0x2748774cdf8eeb99UL , 0x34b0bcb5e19b48a8UL , - 0x391c0cb3c5c95a63UL , 0x4ed8aa4ae3418acbUL , - 0x5b9cca4f7763e373UL , 0x682e6ff3d6b2b8a3UL , - 0x748f82ee5defb2fcUL , 0x78a5636f43172f60UL , - 0x84c87814a1f0ab72UL , 0x8cc702081a6439ecUL , - 0x90befffa23631e28UL , 0xa4506cebde82bde9UL , - 0xbef9a3f7b2c67915UL , 0xc67178f2e372532bUL , - 0xca273eceea26619cUL , 0xd186b8c721c0c207UL , - 0xeada7dd6cde0eb1eUL , 0xf57d4f7fee6ed178UL , - 0x06f067aa72176fbaUL , 0x0a637dc5a2c898a6UL , - 0x113f9804bef90daeUL , 0x1b710b35131c471bUL , - 0x28db77f523047d84UL , 0x32caab7b40c72493UL , - 0x3c9ebe0a15c9bebcUL , 0x431d67c49c100d4cUL , - 0x4cc5d4becb3e42b6UL , 0x597f299cfc657e2aUL , - 0x5fcb6fab3ad6faecUL , 0x6c44198c4a475817UL -#else - ULLC(428a2f98,d728ae22), ULLC(71374491,23ef65cd), - ULLC(b5c0fbcf,ec4d3b2f), ULLC(e9b5dba5,8189dbbc), - ULLC(3956c25b,f348b538), ULLC(59f111f1,b605d019), - ULLC(923f82a4,af194f9b), ULLC(ab1c5ed5,da6d8118), - ULLC(d807aa98,a3030242), ULLC(12835b01,45706fbe), - ULLC(243185be,4ee4b28c), ULLC(550c7dc3,d5ffb4e2), - ULLC(72be5d74,f27b896f), ULLC(80deb1fe,3b1696b1), - ULLC(9bdc06a7,25c71235), ULLC(c19bf174,cf692694), - ULLC(e49b69c1,9ef14ad2), ULLC(efbe4786,384f25e3), - ULLC(0fc19dc6,8b8cd5b5), ULLC(240ca1cc,77ac9c65), - ULLC(2de92c6f,592b0275), ULLC(4a7484aa,6ea6e483), - ULLC(5cb0a9dc,bd41fbd4), ULLC(76f988da,831153b5), - ULLC(983e5152,ee66dfab), ULLC(a831c66d,2db43210), - ULLC(b00327c8,98fb213f), ULLC(bf597fc7,beef0ee4), - ULLC(c6e00bf3,3da88fc2), ULLC(d5a79147,930aa725), - ULLC(06ca6351,e003826f), ULLC(14292967,0a0e6e70), - ULLC(27b70a85,46d22ffc), ULLC(2e1b2138,5c26c926), - ULLC(4d2c6dfc,5ac42aed), ULLC(53380d13,9d95b3df), - ULLC(650a7354,8baf63de), ULLC(766a0abb,3c77b2a8), - ULLC(81c2c92e,47edaee6), ULLC(92722c85,1482353b), - ULLC(a2bfe8a1,4cf10364), ULLC(a81a664b,bc423001), - ULLC(c24b8b70,d0f89791), ULLC(c76c51a3,0654be30), - ULLC(d192e819,d6ef5218), ULLC(d6990624,5565a910), - ULLC(f40e3585,5771202a), ULLC(106aa070,32bbd1b8), - ULLC(19a4c116,b8d2d0c8), ULLC(1e376c08,5141ab53), - ULLC(2748774c,df8eeb99), ULLC(34b0bcb5,e19b48a8), - ULLC(391c0cb3,c5c95a63), ULLC(4ed8aa4a,e3418acb), - ULLC(5b9cca4f,7763e373), ULLC(682e6ff3,d6b2b8a3), - ULLC(748f82ee,5defb2fc), ULLC(78a5636f,43172f60), - ULLC(84c87814,a1f0ab72), ULLC(8cc70208,1a6439ec), - ULLC(90befffa,23631e28), ULLC(a4506ceb,de82bde9), - ULLC(bef9a3f7,b2c67915), ULLC(c67178f2,e372532b), - ULLC(ca273ece,ea26619c), ULLC(d186b8c7,21c0c207), - ULLC(eada7dd6,cde0eb1e), ULLC(f57d4f7f,ee6ed178), - ULLC(06f067aa,72176fba), ULLC(0a637dc5,a2c898a6), - ULLC(113f9804,bef90dae), ULLC(1b710b35,131c471b), - ULLC(28db77f5,23047d84), ULLC(32caab7b,40c72493), - ULLC(3c9ebe0a,15c9bebc), ULLC(431d67c4,9c100d4c), - ULLC(4cc5d4be,cb3e42b6), ULLC(597f299c,fc657e2a), - ULLC(5fcb6fab,3ad6faec), ULLC(6c44198c,4a475817) -#endif -}; - -struct SHA512ContextStr { - union { - PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */ - PRUint32 l[160]; - PRUint8 b[640]; - } u; - PRUint64 h[8]; /* 8 state variables */ - PRUint64 sizeLo; /* 64-bit count of hashed bytes. */ -}; - -/* =========== SHA512 implementation ===================================== */ - -/* SHA-512 initial hash values */ -static const PRUint64 H512[8] = { -#if PR_BYTES_PER_LONG == 8 - 0x6a09e667f3bcc908UL , 0xbb67ae8584caa73bUL , - 0x3c6ef372fe94f82bUL , 0xa54ff53a5f1d36f1UL , - 0x510e527fade682d1UL , 0x9b05688c2b3e6c1fUL , - 0x1f83d9abfb41bd6bUL , 0x5be0cd19137e2179UL -#else - ULLC(6a09e667,f3bcc908), ULLC(bb67ae85,84caa73b), - ULLC(3c6ef372,fe94f82b), ULLC(a54ff53a,5f1d36f1), - ULLC(510e527f,ade682d1), ULLC(9b05688c,2b3e6c1f), - ULLC(1f83d9ab,fb41bd6b), ULLC(5be0cd19,137e2179) -#endif -}; - - -SHA512Context * -SHA512_NewContext(void) -{ - SHA512Context *ctx = PORT_New(SHA512Context); - return ctx; -} - -void -SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit) -{ - memset(ctx, 0, sizeof *ctx); - if (freeit) { - PORT_Free(ctx); - } -} - -void -SHA512_Begin(SHA512Context *ctx) -{ - memset(ctx, 0, sizeof *ctx); - memcpy(H, H512, sizeof H512); -} - -#if defined(SHA512_TRACE) -#if defined(HAVE_LONG_LONG) -#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \ - n, #e, d, #a, h); -#else -#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \ - n, #e, d.hi, d.lo, #a, h.hi, h.lo); -#endif -#else -#define DUMP(n,a,d,e,h) -#endif - -#if defined(HAVE_LONG_LONG) - -#define ADDTO(x,y) y += x - -#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16]) - -#define ROUND(n,a,b,c,d,e,f,g,h) \ - h += S1(e) + Ch(e,f,g) + K512[n] + W[n]; \ - d += h; \ - h += S0(a) + Maj(a,b,c); \ - DUMP(n,a,d,e,h) - -#else /* use only 32-bit variables, and don't unroll loops */ - -#undef NOUNROLL512 -#define NOUNROLL512 1 - -#define ADDTO(x,y) y.lo += x.lo; y.hi += x.hi + (x.lo > y.lo) - -#define ROTR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n)) -#define ROTR64A(x,n,lo,hi) (x.lo << (64-n) | x.hi >> (n-32)) -#define SHR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n)) - -/* Capitol Sigma and lower case sigma functions */ -#define s0lo(x) (ROTR64a(x,1,lo,hi) ^ ROTR64a(x,8,lo,hi) ^ SHR64a(x,7,lo,hi)) -#define s0hi(x) (ROTR64a(x,1,hi,lo) ^ ROTR64a(x,8,hi,lo) ^ (x.hi >> 7)) - -#define s1lo(x) (ROTR64a(x,19,lo,hi) ^ ROTR64A(x,61,lo,hi) ^ SHR64a(x,6,lo,hi)) -#define s1hi(x) (ROTR64a(x,19,hi,lo) ^ ROTR64A(x,61,hi,lo) ^ (x.hi >> 6)) - -#define S0lo(x)(ROTR64a(x,28,lo,hi) ^ ROTR64A(x,34,lo,hi) ^ ROTR64A(x,39,lo,hi)) -#define S0hi(x)(ROTR64a(x,28,hi,lo) ^ ROTR64A(x,34,hi,lo) ^ ROTR64A(x,39,hi,lo)) - -#define S1lo(x)(ROTR64a(x,14,lo,hi) ^ ROTR64a(x,18,lo,hi) ^ ROTR64A(x,41,lo,hi)) -#define S1hi(x)(ROTR64a(x,14,hi,lo) ^ ROTR64a(x,18,hi,lo) ^ ROTR64A(x,41,hi,lo)) - -/* 32-bit versions of Ch and Maj */ -#define Chxx(x,y,z,lo) ((x.lo & y.lo) ^ (~x.lo & z.lo)) -#define Majx(x,y,z,lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo)) - -#define INITW(t) \ - do { \ - PRUint32 lo, tm; \ - PRUint32 cy = 0; \ - lo = s1lo(W[t-2]); \ - lo += (tm = W[t-7].lo); if (lo < tm) cy++; \ - lo += (tm = s0lo(W[t-15])); if (lo < tm) cy++; \ - lo += (tm = W[t-16].lo); if (lo < tm) cy++; \ - W[t].lo = lo; \ - W[t].hi = cy + s1hi(W[t-2]) + W[t-7].hi + s0hi(W[t-15]) + W[t-16].hi; \ - } while (0) - -#define ROUND(n,a,b,c,d,e,f,g,h) \ - { \ - PRUint32 lo, tm, cy; \ - lo = S1lo(e); \ - lo += (tm = Chxx(e,f,g,lo)); cy = (lo < tm); \ - lo += (tm = K512[n].lo); if (lo < tm) cy++; \ - lo += (tm = W[n].lo); if (lo < tm) cy++; \ - h.lo += lo; if (h.lo < lo) cy++; \ - h.hi += cy + S1hi(e) + Chxx(e,f,g,hi) + K512[n].hi + W[n].hi; \ - d.lo += h.lo; \ - d.hi += h.hi + (d.lo < h.lo); \ - lo = S0lo(a); \ - lo += (tm = Majx(a,b,c,lo)); cy = (lo < tm); \ - h.lo += lo; if (h.lo < lo) cy++; \ - h.hi += cy + S0hi(a) + Majx(a,b,c,hi); \ - DUMP(n,a,d,e,h) \ - } -#endif - -static void -SHA512_Compress(SHA512Context *ctx) -{ -#if defined(IS_LITTLE_ENDIAN) - { -#if defined(HAVE_LONG_LONG) - PRUint64 t1; -#else - PRUint32 t1; -#endif - BYTESWAP8(W[0]); - BYTESWAP8(W[1]); - BYTESWAP8(W[2]); - BYTESWAP8(W[3]); - BYTESWAP8(W[4]); - BYTESWAP8(W[5]); - BYTESWAP8(W[6]); - BYTESWAP8(W[7]); - BYTESWAP8(W[8]); - BYTESWAP8(W[9]); - BYTESWAP8(W[10]); - BYTESWAP8(W[11]); - BYTESWAP8(W[12]); - BYTESWAP8(W[13]); - BYTESWAP8(W[14]); - BYTESWAP8(W[15]); - } -#endif - - { - PRUint64 t1, t2; -#ifdef NOUNROLL512 - { - /* prepare the "message schedule" */ - int t; - for (t = 16; t < 80; ++t) { - INITW(t); - } - } -#else - INITW(16); - INITW(17); - INITW(18); - INITW(19); - - INITW(20); - INITW(21); - INITW(22); - INITW(23); - INITW(24); - INITW(25); - INITW(26); - INITW(27); - INITW(28); - INITW(29); - - INITW(30); - INITW(31); - INITW(32); - INITW(33); - INITW(34); - INITW(35); - INITW(36); - INITW(37); - INITW(38); - INITW(39); - - INITW(40); - INITW(41); - INITW(42); - INITW(43); - INITW(44); - INITW(45); - INITW(46); - INITW(47); - INITW(48); - INITW(49); - - INITW(50); - INITW(51); - INITW(52); - INITW(53); - INITW(54); - INITW(55); - INITW(56); - INITW(57); - INITW(58); - INITW(59); - - INITW(60); - INITW(61); - INITW(62); - INITW(63); - INITW(64); - INITW(65); - INITW(66); - INITW(67); - INITW(68); - INITW(69); - - INITW(70); - INITW(71); - INITW(72); - INITW(73); - INITW(74); - INITW(75); - INITW(76); - INITW(77); - INITW(78); - INITW(79); -#endif - } -#ifdef SHA512_TRACE - { - int i; - for (i = 0; i < 80; ++i) { -#ifdef HAVE_LONG_LONG - printf("W[%2d] = %016lx\n", i, W[i]); -#else - printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo); -#endif - } - } -#endif - { - PRUint64 a, b, c, d, e, f, g, h; - - a = H[0]; - b = H[1]; - c = H[2]; - d = H[3]; - e = H[4]; - f = H[5]; - g = H[6]; - h = H[7]; - -#ifdef NOUNROLL512 - { - int t; - for (t = 0; t < 80; t+= 8) { - ROUND(t+0,a,b,c,d,e,f,g,h) - ROUND(t+1,h,a,b,c,d,e,f,g) - ROUND(t+2,g,h,a,b,c,d,e,f) - ROUND(t+3,f,g,h,a,b,c,d,e) - ROUND(t+4,e,f,g,h,a,b,c,d) - ROUND(t+5,d,e,f,g,h,a,b,c) - ROUND(t+6,c,d,e,f,g,h,a,b) - ROUND(t+7,b,c,d,e,f,g,h,a) - } - } -#else - ROUND( 0,a,b,c,d,e,f,g,h) - ROUND( 1,h,a,b,c,d,e,f,g) - ROUND( 2,g,h,a,b,c,d,e,f) - ROUND( 3,f,g,h,a,b,c,d,e) - ROUND( 4,e,f,g,h,a,b,c,d) - ROUND( 5,d,e,f,g,h,a,b,c) - ROUND( 6,c,d,e,f,g,h,a,b) - ROUND( 7,b,c,d,e,f,g,h,a) - - ROUND( 8,a,b,c,d,e,f,g,h) - ROUND( 9,h,a,b,c,d,e,f,g) - ROUND(10,g,h,a,b,c,d,e,f) - ROUND(11,f,g,h,a,b,c,d,e) - ROUND(12,e,f,g,h,a,b,c,d) - ROUND(13,d,e,f,g,h,a,b,c) - ROUND(14,c,d,e,f,g,h,a,b) - ROUND(15,b,c,d,e,f,g,h,a) - - ROUND(16,a,b,c,d,e,f,g,h) - ROUND(17,h,a,b,c,d,e,f,g) - ROUND(18,g,h,a,b,c,d,e,f) - ROUND(19,f,g,h,a,b,c,d,e) - ROUND(20,e,f,g,h,a,b,c,d) - ROUND(21,d,e,f,g,h,a,b,c) - ROUND(22,c,d,e,f,g,h,a,b) - ROUND(23,b,c,d,e,f,g,h,a) - - ROUND(24,a,b,c,d,e,f,g,h) - ROUND(25,h,a,b,c,d,e,f,g) - ROUND(26,g,h,a,b,c,d,e,f) - ROUND(27,f,g,h,a,b,c,d,e) - ROUND(28,e,f,g,h,a,b,c,d) - ROUND(29,d,e,f,g,h,a,b,c) - ROUND(30,c,d,e,f,g,h,a,b) - ROUND(31,b,c,d,e,f,g,h,a) - - ROUND(32,a,b,c,d,e,f,g,h) - ROUND(33,h,a,b,c,d,e,f,g) - ROUND(34,g,h,a,b,c,d,e,f) - ROUND(35,f,g,h,a,b,c,d,e) - ROUND(36,e,f,g,h,a,b,c,d) - ROUND(37,d,e,f,g,h,a,b,c) - ROUND(38,c,d,e,f,g,h,a,b) - ROUND(39,b,c,d,e,f,g,h,a) - - ROUND(40,a,b,c,d,e,f,g,h) - ROUND(41,h,a,b,c,d,e,f,g) - ROUND(42,g,h,a,b,c,d,e,f) - ROUND(43,f,g,h,a,b,c,d,e) - ROUND(44,e,f,g,h,a,b,c,d) - ROUND(45,d,e,f,g,h,a,b,c) - ROUND(46,c,d,e,f,g,h,a,b) - ROUND(47,b,c,d,e,f,g,h,a) - - ROUND(48,a,b,c,d,e,f,g,h) - ROUND(49,h,a,b,c,d,e,f,g) - ROUND(50,g,h,a,b,c,d,e,f) - ROUND(51,f,g,h,a,b,c,d,e) - ROUND(52,e,f,g,h,a,b,c,d) - ROUND(53,d,e,f,g,h,a,b,c) - ROUND(54,c,d,e,f,g,h,a,b) - ROUND(55,b,c,d,e,f,g,h,a) - - ROUND(56,a,b,c,d,e,f,g,h) - ROUND(57,h,a,b,c,d,e,f,g) - ROUND(58,g,h,a,b,c,d,e,f) - ROUND(59,f,g,h,a,b,c,d,e) - ROUND(60,e,f,g,h,a,b,c,d) - ROUND(61,d,e,f,g,h,a,b,c) - ROUND(62,c,d,e,f,g,h,a,b) - ROUND(63,b,c,d,e,f,g,h,a) - - ROUND(64,a,b,c,d,e,f,g,h) - ROUND(65,h,a,b,c,d,e,f,g) - ROUND(66,g,h,a,b,c,d,e,f) - ROUND(67,f,g,h,a,b,c,d,e) - ROUND(68,e,f,g,h,a,b,c,d) - ROUND(69,d,e,f,g,h,a,b,c) - ROUND(70,c,d,e,f,g,h,a,b) - ROUND(71,b,c,d,e,f,g,h,a) - - ROUND(72,a,b,c,d,e,f,g,h) - ROUND(73,h,a,b,c,d,e,f,g) - ROUND(74,g,h,a,b,c,d,e,f) - ROUND(75,f,g,h,a,b,c,d,e) - ROUND(76,e,f,g,h,a,b,c,d) - ROUND(77,d,e,f,g,h,a,b,c) - ROUND(78,c,d,e,f,g,h,a,b) - ROUND(79,b,c,d,e,f,g,h,a) -#endif - - ADDTO(a,H[0]); - ADDTO(b,H[1]); - ADDTO(c,H[2]); - ADDTO(d,H[3]); - ADDTO(e,H[4]); - ADDTO(f,H[5]); - ADDTO(g,H[6]); - ADDTO(h,H[7]); - } -} - -void -SHA512_Update(SHA512Context *ctx, const unsigned char *input, - unsigned int inputLen) -{ - unsigned int inBuf; - if (!inputLen) - return; - -#if defined(HAVE_LONG_LONG) - inBuf = (unsigned int)ctx->sizeLo & 0x7f; - /* Add inputLen into the count of bytes processed, before processing */ - ctx->sizeLo += inputLen; -#else - inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f; - ctx->sizeLo.lo += inputLen; - if (ctx->sizeLo.lo < inputLen) ctx->sizeLo.hi++; -#endif - - /* if data already in buffer, attemp to fill rest of buffer */ - if (inBuf) { - unsigned int todo = SHA512_BLOCK_LENGTH - inBuf; - if (inputLen < todo) - todo = inputLen; - memcpy(B + inBuf, input, todo); - input += todo; - inputLen -= todo; - if (inBuf + todo == SHA512_BLOCK_LENGTH) - SHA512_Compress(ctx); - } - - /* if enough data to fill one or more whole buffers, process them. */ - while (inputLen >= SHA512_BLOCK_LENGTH) { - memcpy(B, input, SHA512_BLOCK_LENGTH); - input += SHA512_BLOCK_LENGTH; - inputLen -= SHA512_BLOCK_LENGTH; - SHA512_Compress(ctx); - } - /* if data left over, fill it into buffer */ - if (inputLen) - memcpy(B, input, inputLen); -} - -void -SHA512_End(SHA512Context *ctx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ -#if defined(HAVE_LONG_LONG) - unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f; - PRUint64 t1; -#else - unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f; - PRUint32 t1; -#endif - unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf); - PRUint64 lo; - LL_SHL(lo, ctx->sizeLo, 3); - - SHA512_Update(ctx, pad, padLen); - -#if defined(HAVE_LONG_LONG) - W[14] = 0; -#else - W[14].lo = 0; - W[14].hi = 0; -#endif - - W[15] = lo; -#if defined(IS_LITTLE_ENDIAN) - BYTESWAP8(W[15]); -#endif - SHA512_Compress(ctx); - - /* now output the answer */ -#if defined(IS_LITTLE_ENDIAN) - BYTESWAP8(H[0]); - BYTESWAP8(H[1]); - BYTESWAP8(H[2]); - BYTESWAP8(H[3]); - BYTESWAP8(H[4]); - BYTESWAP8(H[5]); - BYTESWAP8(H[6]); - BYTESWAP8(H[7]); -#endif - padLen = PR_MIN(SHA512_LENGTH, maxDigestLen); - memcpy(digest, H, padLen); - if (digestLen) - *digestLen = padLen; -} - -void -SHA512_EndRaw(SHA512Context *ctx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ -#if defined(HAVE_LONG_LONG) - PRUint64 t1; -#else - PRUint32 t1; -#endif - PRUint64 h[8]; - unsigned int len; - - memcpy(h, ctx->h, sizeof(h)); - -#if defined(IS_LITTLE_ENDIAN) - BYTESWAP8(h[0]); - BYTESWAP8(h[1]); - BYTESWAP8(h[2]); - BYTESWAP8(h[3]); - BYTESWAP8(h[4]); - BYTESWAP8(h[5]); - BYTESWAP8(h[6]); - BYTESWAP8(h[7]); -#endif - len = PR_MIN(SHA512_LENGTH, maxDigestLen); - memcpy(digest, h, len); - if (digestLen) - *digestLen = len; -} - -SECStatus -SHA512_HashBuf(unsigned char *dest, const unsigned char *src, - PRUint32 src_length) -{ - SHA512Context ctx; - unsigned int outLen; - - SHA512_Begin(&ctx); - SHA512_Update(&ctx, src, src_length); - SHA512_End(&ctx, dest, &outLen, SHA512_LENGTH); - memset(&ctx, 0, sizeof ctx); - - return SECSuccess; -} - - -SECStatus -SHA512_Hash(unsigned char *dest, const char *src) -{ - return SHA512_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); -} - - -void SHA512_TraceState(SHA512Context *ctx) { } - -unsigned int -SHA512_FlattenSize(SHA512Context *ctx) -{ - return sizeof *ctx; -} - -SECStatus -SHA512_Flatten(SHA512Context *ctx,unsigned char *space) -{ - PORT_Memcpy(space, ctx, sizeof *ctx); - return SECSuccess; -} - -SHA512Context * -SHA512_Resurrect(unsigned char *space, void *arg) -{ - SHA512Context *ctx = SHA512_NewContext(); - if (ctx) - PORT_Memcpy(ctx, space, sizeof *ctx); - return ctx; -} - -void SHA512_Clone(SHA512Context *dest, SHA512Context *src) -{ - memcpy(dest, src, sizeof *dest); -} - -/* ======================================================================= */ -/* SHA384 uses a SHA512Context as the real context. -** The only differences between SHA384 an SHA512 are: -** a) the intialization values for the context, and -** b) the number of bytes of data produced as output. -*/ - -/* SHA-384 initial hash values */ -static const PRUint64 H384[8] = { -#if PR_BYTES_PER_LONG == 8 - 0xcbbb9d5dc1059ed8UL , 0x629a292a367cd507UL , - 0x9159015a3070dd17UL , 0x152fecd8f70e5939UL , - 0x67332667ffc00b31UL , 0x8eb44a8768581511UL , - 0xdb0c2e0d64f98fa7UL , 0x47b5481dbefa4fa4UL -#else - ULLC(cbbb9d5d,c1059ed8), ULLC(629a292a,367cd507), - ULLC(9159015a,3070dd17), ULLC(152fecd8,f70e5939), - ULLC(67332667,ffc00b31), ULLC(8eb44a87,68581511), - ULLC(db0c2e0d,64f98fa7), ULLC(47b5481d,befa4fa4) -#endif -}; - -SHA384Context * -SHA384_NewContext(void) -{ - return SHA512_NewContext(); -} - -void -SHA384_DestroyContext(SHA384Context *ctx, PRBool freeit) -{ - SHA512_DestroyContext(ctx, freeit); -} - -void -SHA384_Begin(SHA384Context *ctx) -{ - memset(ctx, 0, sizeof *ctx); - memcpy(H, H384, sizeof H384); -} - -void -SHA384_Update(SHA384Context *ctx, const unsigned char *input, - unsigned int inputLen) -{ - SHA512_Update(ctx, input, inputLen); -} - -void -SHA384_End(SHA384Context *ctx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH); - SHA512_End(ctx, digest, digestLen, maxLen); -} - -void -SHA384_EndRaw(SHA384Context *ctx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen) -{ - unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH); - SHA512_EndRaw(ctx, digest, digestLen, maxLen); -} - -SECStatus -SHA384_HashBuf(unsigned char *dest, const unsigned char *src, - PRUint32 src_length) -{ - SHA512Context ctx; - unsigned int outLen; - - SHA384_Begin(&ctx); - SHA512_Update(&ctx, src, src_length); - SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH); - memset(&ctx, 0, sizeof ctx); - - return SECSuccess; -} - -SECStatus -SHA384_Hash(unsigned char *dest, const char *src) -{ - return SHA384_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); -} - -void SHA384_TraceState(SHA384Context *ctx) { } - -unsigned int -SHA384_FlattenSize(SHA384Context *ctx) -{ - return sizeof(SHA384Context); -} - -SECStatus -SHA384_Flatten(SHA384Context *ctx,unsigned char *space) -{ - return SHA512_Flatten(ctx, space); -} - -SHA384Context * -SHA384_Resurrect(unsigned char *space, void *arg) -{ - return SHA512_Resurrect(space, arg); -} - -void SHA384_Clone(SHA384Context *dest, SHA384Context *src) -{ - memcpy(dest, src, sizeof *dest); -} - -/* ======================================================================= */ -#ifdef SELFTEST -#include <stdio.h> - -static const char abc[] = { "abc" }; -static const char abcdbc[] = { - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -}; -static const char abcdef[] = { - "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" -}; - -void -dumpHash32(const unsigned char *buf, unsigned int bufLen) -{ - unsigned int i; - for (i = 0; i < bufLen; i += 4) { - printf(" %02x%02x%02x%02x", buf[i], buf[i+1], buf[i+2], buf[i+3]); - } - printf("\n"); -} - -void test256(void) -{ - unsigned char outBuf[SHA256_LENGTH]; - - printf("SHA256, input = %s\n", abc); - SHA256_Hash(outBuf, abc); - dumpHash32(outBuf, sizeof outBuf); - - printf("SHA256, input = %s\n", abcdbc); - SHA256_Hash(outBuf, abcdbc); - dumpHash32(outBuf, sizeof outBuf); -} - -void test224(void) -{ - SHA224Context ctx; - unsigned char a1000times[1000]; - unsigned int outLen; - unsigned char outBuf[SHA224_LENGTH]; - int i; - - /* Test Vector 1 */ - printf("SHA224, input = %s\n", abc); - SHA224_Hash(outBuf, abc); - dumpHash32(outBuf, sizeof outBuf); - - /* Test Vector 2 */ - printf("SHA224, input = %s\n", abcdbc); - SHA224_Hash(outBuf, abcdbc); - dumpHash32(outBuf, sizeof outBuf); - - /* Test Vector 3 */ - - /* to hash one million 'a's perform 1000 - * sha224 updates on a buffer with 1000 'a's - */ - memset(a1000times, 'a', 1000); - printf("SHA224, input = %s\n", "a one million times"); - SHA224_Begin(&ctx); - for (i = 0; i < 1000; i++) - SHA224_Update(&ctx, a1000times, 1000); - SHA224_End(&ctx, outBuf, &outLen, SHA224_LENGTH); - dumpHash32(outBuf, sizeof outBuf); -} - -void -dumpHash64(const unsigned char *buf, unsigned int bufLen) -{ - unsigned int i; - for (i = 0; i < bufLen; i += 8) { - if (i % 32 == 0) - printf("\n"); - printf(" %02x%02x%02x%02x%02x%02x%02x%02x", - buf[i ], buf[i+1], buf[i+2], buf[i+3], - buf[i+4], buf[i+5], buf[i+6], buf[i+7]); - } - printf("\n"); -} - -void test512(void) -{ - unsigned char outBuf[SHA512_LENGTH]; - - printf("SHA512, input = %s\n", abc); - SHA512_Hash(outBuf, abc); - dumpHash64(outBuf, sizeof outBuf); - - printf("SHA512, input = %s\n", abcdef); - SHA512_Hash(outBuf, abcdef); - dumpHash64(outBuf, sizeof outBuf); -} - -void time512(void) -{ - unsigned char outBuf[SHA512_LENGTH]; - - SHA512_Hash(outBuf, abc); - SHA512_Hash(outBuf, abcdef); -} - -void test384(void) -{ - unsigned char outBuf[SHA384_LENGTH]; - - printf("SHA384, input = %s\n", abc); - SHA384_Hash(outBuf, abc); - dumpHash64(outBuf, sizeof outBuf); - - printf("SHA384, input = %s\n", abcdef); - SHA384_Hash(outBuf, abcdef); - dumpHash64(outBuf, sizeof outBuf); -} - -int main (int argc, char *argv[], char *envp[]) -{ - int i = 1; - if (argc > 1) { - i = atoi(argv[1]); - } - if (i < 2) { - test224(); - test256(); - test384(); - test512(); - } else { - while (i-- > 0) { - time512(); - } - printf("done\n"); - } - return 0; -} - -void *PORT_Alloc(size_t len) { return malloc(len); } -void PORT_Free(void *ptr) { free(ptr); } -void PORT_ZFree(void *ptr, size_t len) { memset(ptr, 0, len); free(ptr); } -#endif
copy from security/nss/lib/freebl/blapi.h copy to ipc/app/sha256.h --- a/security/nss/lib/freebl/blapi.h +++ b/ipc/app/sha256.h @@ -1,1593 +1,46 @@ -/* - * blapi.h - public prototypes for the freebl library - * - * This Source Code Form is subject to the terms of the Mozilla Public +/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#ifndef _BLAPI_H_ -#define _BLAPI_H_ - -#include "blapit.h" -#include "hasht.h" -#include "alghmac.h" - -SEC_BEGIN_PROTOS - -/* -** RSA encryption/decryption. When encrypting/decrypting the output -** buffer must be at least the size of the public key modulus. -*/ - -extern SECStatus BL_Init(void); - -/* -** Generate and return a new RSA public and private key. -** Both keys are encoded in a single RSAPrivateKey structure. -** "cx" is the random number generator context -** "keySizeInBits" is the size of the key to be generated, in bits. -** 512, 1024, etc. -** "publicExponent" when not NULL is a pointer to some data that -** represents the public exponent to use. The data is a byte -** encoded integer, in "big endian" order. -*/ -extern RSAPrivateKey *RSA_NewKey(int keySizeInBits, - SECItem * publicExponent); - -/* -** Perform a raw public-key operation -** Length of input and output buffers are equal to key's modulus len. -*/ -extern SECStatus RSA_PublicKeyOp(RSAPublicKey * key, - unsigned char * output, - const unsigned char * input); - -/* -** Perform a raw private-key operation -** Length of input and output buffers are equal to key's modulus len. -*/ -extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey * key, - unsigned char * output, - const unsigned char * input); - -/* -** Perform a raw private-key operation, and check the parameters used in -** the operation for validity by performing a test operation first. -** Length of input and output buffers are equal to key's modulus len. -*/ -extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key, - unsigned char * output, - const unsigned char * input); - -/* -** Perform a check of private key parameters for consistency. -*/ -extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key); - -/* -** Given only minimal private key parameters, fill in the rest of the -** parameters. -** -** -** All the entries, including those supplied by the caller, will be -** overwritten with data alocated out of the arena. -** -** If no arena is supplied, one will be created. -** -** The following fields must be supplied in order for this function -** to succeed: -** one of either publicExponent or privateExponent -** two more of the following 5 parameters (not counting the above). -** modulus (n) -** prime1 (p) -** prime2 (q) -** publicExponent (e) -** privateExponent (d) -** -** NOTE: if only the publicExponent, privateExponent, and one prime is given, -** then there may be more than one RSA key that matches that combination. If -** we find 2 possible valid keys that meet this criteria, we return an error. -** If we return the wrong key, and the original modulus is compared to the -** new modulus, both can be factored by calculateing gcd(n_old,n_new) to get -** the common prime. -** -** NOTE: in some cases the publicExponent must be less than 2^23 for this -** function to work correctly. (The case where we have only one of: modulus -** prime1 and prime2). -** -** All parameters will be replaced in the key structure with new parameters -** allocated out of the arena. There is no attempt to free the old structures. -** prime1 will always be greater than prime2 (even if the caller supplies the -** smaller prime as prime1 or the larger prime as prime2). The parameters are -** not overwritten on failure. -** -** While the remaining Chinese remainder theorem parameters (dp,dp, and qinv) -** can also be used in reconstructing the private key, they are currently -** ignored in this implementation. -*/ -extern SECStatus RSA_PopulatePrivateKey(RSAPrivateKey *key); - -/******************************************************************** -** RSA algorithm -*/ - -/******************************************************************** -** Raw signing/encryption/decryption operations. -** -** No padding or formatting will be applied. -** inputLen MUST be equivalent to the modulus size (in bytes). -*/ -extern SECStatus -RSA_SignRaw(RSAPrivateKey * key, - unsigned char * output, - unsigned int * outputLen, - unsigned int maxOutputLen, - const unsigned char * input, - unsigned int inputLen); - -extern SECStatus -RSA_CheckSignRaw(RSAPublicKey * key, - const unsigned char * sig, - unsigned int sigLen, - const unsigned char * hash, - unsigned int hashLen); - -extern SECStatus -RSA_CheckSignRecoverRaw(RSAPublicKey * key, - unsigned char * data, - unsigned int * dataLen, - unsigned int maxDataLen, - const unsigned char * sig, - unsigned int sigLen); - -extern SECStatus -RSA_EncryptRaw(RSAPublicKey * key, - unsigned char * output, - unsigned int * outputLen, - unsigned int maxOutputLen, - const unsigned char * input, - unsigned int inputLen); - -extern SECStatus -RSA_DecryptRaw(RSAPrivateKey * key, - unsigned char * output, - unsigned int * outputLen, - unsigned int maxOutputLen, - const unsigned char * input, - unsigned int inputLen); - -/******************************************************************** -** RSAES-OAEP encryption/decryption, as defined in RFC 3447, Section 7.1. -** -** Note: Only MGF1 is supported as the mask generation function. It will be -** used with maskHashAlg as the inner hash function. -** -** Unless performing Known Answer Tests, "seed" should be NULL, indicating that -** freebl should generate a random value. Otherwise, it should be an octet -** string of seedLen bytes, which should be the same size as the output of -** hashAlg. -*/ -extern SECStatus -RSA_EncryptOAEP(RSAPublicKey * key, - HASH_HashType hashAlg, - HASH_HashType maskHashAlg, - const unsigned char * label, - unsigned int labelLen, - const unsigned char * seed, - unsigned int seedLen, - unsigned char * output, - unsigned int * outputLen, - unsigned int maxOutputLen, - const unsigned char * input, - unsigned int inputLen); - -extern SECStatus -RSA_DecryptOAEP(RSAPrivateKey * key, - HASH_HashType hashAlg, - HASH_HashType maskHashAlg, - const unsigned char * label, - unsigned int labelLen, - unsigned char * output, - unsigned int * outputLen, - unsigned int maxOutputLen, - const unsigned char * input, - unsigned int inputLen); - -/******************************************************************** -** RSAES-PKCS1-v1_5 encryption/decryption, as defined in RFC 3447, Section 7.2. -*/ -extern SECStatus -RSA_EncryptBlock(RSAPublicKey * key, - unsigned char * output, - unsigned int * outputLen, - unsigned int maxOutputLen, - const unsigned char * input, - unsigned int inputLen); - -extern SECStatus -RSA_DecryptBlock(RSAPrivateKey * key, - unsigned char * output, - unsigned int * outputLen, - unsigned int maxOutputLen, - const unsigned char * input, - unsigned int inputLen); - -/******************************************************************** -** RSASSA-PSS signing/verifying, as defined in RFC 3447, Section 8.1. -** -** Note: Only MGF1 is supported as the mask generation function. It will be -** used with maskHashAlg as the inner hash function. -** -** Unless performing Known Answer Tests, "salt" should be NULL, indicating that -** freebl should generate a random value. -*/ -extern SECStatus -RSA_SignPSS(RSAPrivateKey * key, - HASH_HashType hashAlg, - HASH_HashType maskHashAlg, - const unsigned char * salt, - unsigned int saltLen, - unsigned char * output, - unsigned int * outputLen, - unsigned int maxOutputLen, - const unsigned char * input, - unsigned int inputLen); - -extern SECStatus -RSA_CheckSignPSS(RSAPublicKey * key, - HASH_HashType hashAlg, - HASH_HashType maskHashAlg, - unsigned int saltLen, - const unsigned char * sig, - unsigned int sigLen, - const unsigned char * hash, - unsigned int hashLen); - -/******************************************************************** -** RSASSA-PKCS1-v1_5 signing/verifying, as defined in RFC 3447, Section 8.2. -** -** These functions expect as input to be the raw value to be signed. For most -** cases using PKCS1-v1_5, this should be the value of T, the DER-encoded -** DigestInfo structure defined in Section 9.2, Step 2. -** Note: This can also be used for signatures that use PKCS1-v1_5 padding, such -** as the signatures used in SSL/TLS, which sign a raw hash. -*/ -extern SECStatus -RSA_Sign(RSAPrivateKey * key, - unsigned char * output, - unsigned int * outputLen, - unsigned int maxOutputLen, - const unsigned char * data, - unsigned int dataLen); - -extern SECStatus -RSA_CheckSign(RSAPublicKey * key, - const unsigned char * sig, - unsigned int sigLen, - const unsigned char * data, - unsigned int dataLen); - -extern SECStatus -RSA_CheckSignRecover(RSAPublicKey * key, - unsigned char * output, - unsigned int * outputLen, - unsigned int maxOutputLen, - const unsigned char * sig, - unsigned int sigLen); - -/******************************************************************** -** DSA signing algorithm -*/ - -/* Generate a new random value within the interval [2, q-1]. -*/ -extern SECStatus DSA_NewRandom(PLArenaPool * arena, const SECItem * q, - SECItem * random); - -/* -** Generate and return a new DSA public and private key pair, -** both of which are encoded into a single DSAPrivateKey struct. -** "params" is a pointer to the PQG parameters for the domain -** Uses a random seed. -*/ -extern SECStatus DSA_NewKey(const PQGParams * params, - DSAPrivateKey ** privKey); - -/* signature is caller-supplied buffer of at least 20 bytes. -** On input, signature->len == size of buffer to hold signature. -** digest->len == size of digest. -** On output, signature->len == size of signature in buffer. -** Uses a random seed. -*/ -extern SECStatus DSA_SignDigest(DSAPrivateKey * key, - SECItem * signature, - const SECItem * digest); - -/* signature is caller-supplied buffer of at least 20 bytes. -** On input, signature->len == size of buffer to hold signature. -** digest->len == size of digest. -*/ -extern SECStatus DSA_VerifyDigest(DSAPublicKey * key, - const SECItem * signature, - const SECItem * digest); - -/* For FIPS compliance testing. Seed must be exactly 20 bytes long */ -extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params, - const unsigned char * seed, - DSAPrivateKey **privKey); - -/* For FIPS compliance testing. Seed must be exactly 20 bytes. */ -extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey * key, - SECItem * signature, - const SECItem * digest, - const unsigned char * seed); - -/****************************************************** -** Diffie Helman key exchange algorithm -*/ - -/* Generates parameters for Diffie-Helman key generation. -** primeLen is the length in bytes of prime P to be generated. -*/ -extern SECStatus DH_GenParam(int primeLen, DHParams ** params); - -/* Generates a public and private key, both of which are encoded in a single -** DHPrivateKey struct. Params is input, privKey are output. -** This is Phase 1 of Diffie Hellman. -*/ -extern SECStatus DH_NewKey(DHParams * params, - DHPrivateKey ** privKey); - -/* -** DH_Derive does the Diffie-Hellman phase 2 calculation, using the -** other party's publicValue, and the prime and our privateValue. -** maxOutBytes is the requested length of the generated secret in bytes. -** A zero value means produce a value of any length up to the size of -** the prime. If successful, derivedSecret->data is set -** to the address of the newly allocated buffer containing the derived -** secret, and derivedSecret->len is the size of the secret produced. -** The size of the secret produced will depend on the value of outBytes. -** If outBytes is 0, the key length will be all the significant bytes of -** the derived secret (leading zeros are dropped). This length could be less -** than the length of the prime. If outBytes is nonzero, the length of the -** produced key will be outBytes long. If the key is truncated, the most -** significant bytes are truncated. If it is expanded, zero bytes are added -** at the beginning. -** It is the caller's responsibility to free the allocated buffer -** containing the derived secret. -*/ -extern SECStatus DH_Derive(SECItem * publicValue, - SECItem * prime, - SECItem * privateValue, - SECItem * derivedSecret, - unsigned int outBytes); - -/* -** KEA_CalcKey returns octet string with the private key for a dual -** Diffie-Helman key generation as specified for government key exchange. -*/ -extern SECStatus KEA_Derive(SECItem *prime, - SECItem *public1, - SECItem *public2, - SECItem *private1, - SECItem *private2, - SECItem *derivedSecret); - -/* - * verify that a KEA or DSA public key is a valid key for this prime and - * subprime domain. - */ -extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime); - -/**************************************** - * J-PAKE key transport - */ +// Stripped down version of security/nss/lib/freebl/blapi.h +// and related headers. -/* Given gx == g^x, create a Schnorr zero-knowledge proof for the value x - * using the specified hash algorithm and signer ID. The signature is - * returned in the values gv and r. testRandom must be NULL for a PRNG - * generated random committment to be used in the sigature. When testRandom - * is non-NULL, that value must contain a value in the subgroup q; that - * value will be used instead of a PRNG-generated committment in order to - * facilitate known-answer tests. - * - * If gxIn is non-NULL then it must contain a pre-computed value of g^x that - * will be used by the function; in this case, the gxOut parameter must be NULL. - * If the gxIn parameter is NULL then gxOut must be non-NULL; in this case - * gxOut will contain the value g^x on output. - * - * gx (if not supplied by the caller), gv, and r will be allocated in the arena. - * The arena is *not* optional so do not pass NULL for the arena parameter. - * The arena should be zeroed when it is freed. - */ -SECStatus -JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType, - const SECItem * signerID, const SECItem * x, - const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut, - SECItem * gv, SECItem * r); - -/* Given gx == g^x, verify the Schnorr zero-knowledge proof (gv, r) for the - * value x using the specified hash algorithm and signer ID. - * - * The arena is *not* optional so do not pass NULL for the arena parameter. - */ -SECStatus -JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg, - HASH_HashType hashType, const SECItem * signerID, - const SECItem * peerID, const SECItem * gx, - const SECItem * gv, const SECItem * r); - -/* Call before round 2 with x2, s, and x2s all non-NULL. This will calculate - * base = g^(x1+x3+x4) (mod p) and x2s = x2*s (mod q). The values to send in - * round 2 (A and the proof of knowledge of x2s) can then be calculated with - * JPAKE_Sign using pqg->base = base and x = x2s. - * - * Call after round 2 with x2, s, and x2s all NULL, and passing (gx1, gx2, gx3) - * instead of (gx1, gx3, gx4). This will calculate base = g^(x1+x2+x3). Then call - * JPAKE_Verify with pqg->base = base and then JPAKE_Final. - * - * base and x2s will be allocated in the arena. The arena is *not* optional so - * do not pass NULL for the arena parameter. The arena should be zeroed when it - * is freed. -*/ -SECStatus -JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem *q, - const SECItem * gx1, const SECItem * gx3, const SECItem * gx4, - SECItem * base, const SECItem * x2, const SECItem * s, SECItem * x2s); - -/* K = (B/g^(x2*x4*s))^x2 (mod p) - * - * K will be allocated in the arena. The arena is *not* optional so do not pass - * NULL for the arena parameter. The arena should be zeroed when it is freed. - */ -SECStatus -JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem *q, - const SECItem * x2, const SECItem * gx4, const SECItem * x2s, - const SECItem * B, SECItem * K); - -/****************************************************** -** Elliptic Curve algorithms -*/ - -/* Generates a public and private key, both of which are encoded -** in a single ECPrivateKey struct. Params is input, privKey are -** output. -*/ -extern SECStatus EC_NewKey(ECParams * params, - ECPrivateKey ** privKey); - -extern SECStatus EC_NewKeyFromSeed(ECParams * params, - ECPrivateKey ** privKey, - const unsigned char* seed, - int seedlen); - -/* Validates an EC public key as described in Section 5.2.2 of - * X9.62. Such validation prevents against small subgroup attacks - * when the ECDH primitive is used with the cofactor. - */ -extern SECStatus EC_ValidatePublicKey(ECParams * params, - SECItem * publicValue); - -/* -** ECDH_Derive performs a scalar point multiplication of a point -** representing a (peer's) public key and a large integer representing -** a private key (its own). Both keys must use the same elliptic curve -** parameters. If the withCofactor parameter is true, the -** multiplication also uses the cofactor associated with the curve -** parameters. The output of this scheme is the x-coordinate of the -** resulting point. If successful, derivedSecret->data is set to the -** address of the newly allocated buffer containing the derived -** secret, and derivedSecret->len is the size of the secret -** produced. It is the caller's responsibility to free the allocated -** buffer containing the derived secret. -*/ -extern SECStatus ECDH_Derive(SECItem * publicValue, - ECParams * params, - SECItem * privateValue, - PRBool withCofactor, - SECItem * derivedSecret); - -/* On input, signature->len == size of buffer to hold signature. -** digest->len == size of digest. -** On output, signature->len == size of signature in buffer. -** Uses a random seed. -*/ -extern SECStatus ECDSA_SignDigest(ECPrivateKey *key, - SECItem *signature, - const SECItem *digest); - -/* On input, signature->len == size of buffer to hold signature. -** digest->len == size of digest. -*/ -extern SECStatus ECDSA_VerifyDigest(ECPublicKey *key, - const SECItem *signature, - const SECItem *digest); - -/* Uses the provided seed. */ -extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey *key, - SECItem *signature, - const SECItem *digest, - const unsigned char *seed, - const int seedlen); - -/******************************************/ -/* -** RC4 symmetric stream cypher -*/ - -/* -** Create a new RC4 context suitable for RC4 encryption/decryption. -** "key" raw key data -** "len" the number of bytes of key data -*/ -extern RC4Context *RC4_CreateContext(const unsigned char *key, int len); - -extern RC4Context *RC4_AllocateContext(void); -extern SECStatus RC4_InitContext(RC4Context *cx, - const unsigned char *key, - unsigned int keylen, - const unsigned char *, - int, - unsigned int , - unsigned int ); - -/* -** Destroy an RC4 encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit); - -/* -** Perform RC4 encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform RC4 decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/******************************************/ -/* -** RC2 symmetric block cypher -*/ - -/* -** Create a new RC2 context suitable for RC2 encryption/decryption. -** "key" raw key data -** "len" the number of bytes of key data -** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC) -** "mode" one of NSS_RC2 or NSS_RC2_CBC -** "effectiveKeyLen" is the effective key length (as specified in -** RFC 2268) in bytes (not bits). -** -** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block -** chaining" mode. -*/ -extern RC2Context *RC2_CreateContext(const unsigned char *key, unsigned int len, - const unsigned char *iv, int mode, - unsigned effectiveKeyLen); -extern RC2Context *RC2_AllocateContext(void); -extern SECStatus RC2_InitContext(RC2Context *cx, - const unsigned char *key, - unsigned int keylen, - const unsigned char *iv, - int mode, - unsigned int effectiveKeyLen, - unsigned int ); - -/* -** Destroy an RC2 encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit); - -/* -** Perform RC2 encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform RC2 decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/******************************************/ -/* -** RC5 symmetric block cypher -- 64-bit block size -*/ - -/* -** Create a new RC5 context suitable for RC5 encryption/decryption. -** "key" raw key data -** "len" the number of bytes of key data -** "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC) -** "mode" one of NSS_RC5 or NSS_RC5_CBC -** -** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block -** chaining" mode. -*/ -extern RC5Context *RC5_CreateContext(const SECItem *key, unsigned int rounds, - unsigned int wordSize, const unsigned char *iv, int mode); -extern RC5Context *RC5_AllocateContext(void); -extern SECStatus RC5_InitContext(RC5Context *cx, - const unsigned char *key, - unsigned int keylen, - const unsigned char *iv, - int mode, - unsigned int rounds, - unsigned int wordSize); - -/* -** Destroy an RC5 encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit); - -/* -** Perform RC5 encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform RC5 decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ - -extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - - -/******************************************/ -/* -** DES symmetric block cypher -*/ - -/* -** Create a new DES context suitable for DES encryption/decryption. -** "key" raw key data -** "len" the number of bytes of key data -** "iv" is the CBC initialization vector (if mode is NSS_DES_CBC or -** mode is DES_EDE3_CBC) -** "mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC -** "encrypt" is PR_TRUE if the context will be used for encryption -** -** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES -** cipher is run in "cipher block chaining" mode. -*/ -extern DESContext *DES_CreateContext(const unsigned char *key, - const unsigned char *iv, - int mode, PRBool encrypt); -extern DESContext *DES_AllocateContext(void); -extern SECStatus DES_InitContext(DESContext *cx, - const unsigned char *key, - unsigned int keylen, - const unsigned char *iv, - int mode, - unsigned int encrypt, - unsigned int ); - -/* -** Destroy an DES encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void DES_DestroyContext(DESContext *cx, PRBool freeit); - -/* -** Perform DES encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -** -** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH -*/ -extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform DES decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -** -** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH -*/ -extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/******************************************/ -/* -** SEED symmetric block cypher -*/ -extern SEEDContext * -SEED_CreateContext(const unsigned char *key, const unsigned char *iv, - int mode, PRBool encrypt); -extern SEEDContext *SEED_AllocateContext(void); -extern SECStatus SEED_InitContext(SEEDContext *cx, - const unsigned char *key, - unsigned int keylen, - const unsigned char *iv, - int mode, unsigned int encrypt, - unsigned int ); -extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit); -extern SECStatus -SEED_Encrypt(SEEDContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); -extern SECStatus -SEED_Decrypt(SEEDContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); +#ifndef _SHA256_H_ +#define _SHA256_H_ -/******************************************/ -/* -** AES symmetric block cypher (Rijndael) -*/ - -/* -** Create a new AES context suitable for AES encryption/decryption. -** "key" raw key data -** "keylen" the number of bytes of key data (16, 24, or 32) -** "blocklen" is the blocksize to use (16, 24, or 32) -** XXX currently only blocksize==16 has been tested! -*/ -extern AESContext * -AES_CreateContext(const unsigned char *key, const unsigned char *iv, - int mode, int encrypt, - unsigned int keylen, unsigned int blocklen); -extern AESContext *AES_AllocateContext(void); -extern SECStatus AES_InitContext(AESContext *cx, - const unsigned char *key, - unsigned int keylen, - const unsigned char *iv, - int mode, - unsigned int encrypt, - unsigned int blocklen); - -/* -** Destroy a AES encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void -AES_DestroyContext(AESContext *cx, PRBool freeit); - -/* -** Perform AES encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -AES_Encrypt(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform AES decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -AES_Decrypt(AESContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/******************************************/ -/* -** AES key wrap algorithm, RFC 3394 -*/ - -/* -** Create a new AES context suitable for AES encryption/decryption. -** "key" raw key data -** "iv" The 8 byte "initial value" -** "encrypt", a boolean, true for key wrapping, false for unwrapping. -** "keylen" the number of bytes of key data (16, 24, or 32) -*/ -extern AESKeyWrapContext * -AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv, - int encrypt, unsigned int keylen); -extern AESKeyWrapContext * AESKeyWrap_AllocateContext(void); -extern SECStatus - AESKeyWrap_InitContext(AESKeyWrapContext *cx, - const unsigned char *key, - unsigned int keylen, - const unsigned char *iv, - int , - unsigned int encrypt, - unsigned int ); - -/* -** Destroy a AES KeyWrap context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void -AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit); - -/* -** Perform AES key wrap. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform AES key unwrap. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - /******************************************/ -/* -** Camellia symmetric block cypher -*/ - -/* -** Create a new Camellia context suitable for Camellia encryption/decryption. -** "key" raw key data -** "keylen" the number of bytes of key data (16, 24, or 32) -*/ -extern CamelliaContext * -Camellia_CreateContext(const unsigned char *key, const unsigned char *iv, - int mode, int encrypt, unsigned int keylen); - -extern CamelliaContext *Camellia_AllocateContext(void); -extern SECStatus Camellia_InitContext(CamelliaContext *cx, - const unsigned char *key, - unsigned int keylen, - const unsigned char *iv, - int mode, - unsigned int encrypt, - unsigned int unused); -/* -** Destroy a Camellia encryption/decryption context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void -Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit); - -/* -** Perform Camellia encryption. -** "cx" the context -** "output" the output buffer to store the encrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -Camellia_Encrypt(CamelliaContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - -/* -** Perform Camellia decryption. -** "cx" the context -** "output" the output buffer to store the decrypted data. -** "outputLen" how much data is stored in "output". Set by the routine -** after some data is stored in output. -** "maxOutputLen" the maximum amount of data that can ever be -** stored in "output" -** "input" the input data -** "inputLen" the amount of input data -*/ -extern SECStatus -Camellia_Decrypt(CamelliaContext *cx, unsigned char *output, - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen); - - -/******************************************/ -/* -** MD5 secure hash function -*/ - -/* -** Hash a null terminated string "src" into "dest" using MD5 -*/ -extern SECStatus MD5_Hash(unsigned char *dest, const char *src); - -/* -** Hash a non-null terminated string "src" into "dest" using MD5 -*/ -extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src, - PRUint32 src_length); - -/* -** Create a new MD5 context -*/ -extern MD5Context *MD5_NewContext(void); - - -/* -** Destroy an MD5 secure hash context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit); - -/* -** Reset an MD5 context, preparing it for a fresh round of hashing -*/ -extern void MD5_Begin(MD5Context *cx); - -/* -** Update the MD5 hash function with more data. -** "cx" the context -** "input" the data to hash -** "inputLen" the amount of data to hash -*/ -extern void MD5_Update(MD5Context *cx, - const unsigned char *input, unsigned int inputLen); - -/* -** Finish the MD5 hash function. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 16 bytes of digest data are stored -** "digestLen" where the digest length (16) is stored -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void MD5_End(MD5Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - -/* -** Export the current state of the MD5 hash without appending the standard -** padding and length bytes. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 16 bytes of digest data are stored -** "digestLen" where the digest length (16) is stored (optional) -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void MD5_EndRaw(MD5Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - -/* - * Return the the size of a buffer needed to flatten the MD5 Context into - * "cx" the context - * returns size; - */ -extern unsigned int MD5_FlattenSize(MD5Context *cx); - -/* - * Flatten the MD5 Context into a buffer: - * "cx" the context - * "space" the buffer to flatten to - * returns status; - */ -extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space); - -/* - * Resurrect a flattened context into a MD5 Context - * "space" the buffer of the flattend buffer - * "arg" ptr to void used by cryptographic resurrect - * returns resurected context; - */ -extern MD5Context * MD5_Resurrect(unsigned char *space, void *arg); -extern void MD5_Clone(MD5Context *dest, MD5Context *src); - -/* -** trace the intermediate state info of the MD5 hash. -*/ -extern void MD5_TraceState(MD5Context *cx); - - -/******************************************/ -/* -** MD2 secure hash function -*/ - -/* -** Hash a null terminated string "src" into "dest" using MD2 -*/ -extern SECStatus MD2_Hash(unsigned char *dest, const char *src); - -/* -** Create a new MD2 context -*/ -extern MD2Context *MD2_NewContext(void); - - -/* -** Destroy an MD2 secure hash context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit); - -/* -** Reset an MD2 context, preparing it for a fresh round of hashing -*/ -extern void MD2_Begin(MD2Context *cx); - -/* -** Update the MD2 hash function with more data. -** "cx" the context -** "input" the data to hash -** "inputLen" the amount of data to hash -*/ -extern void MD2_Update(MD2Context *cx, - const unsigned char *input, unsigned int inputLen); - -/* -** Finish the MD2 hash function. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 16 bytes of digest data are stored -** "digestLen" where the digest length (16) is stored -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void MD2_End(MD2Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - -/* - * Return the the size of a buffer needed to flatten the MD2 Context into - * "cx" the context - * returns size; - */ -extern unsigned int MD2_FlattenSize(MD2Context *cx); - -/* - * Flatten the MD2 Context into a buffer: - * "cx" the context - * "space" the buffer to flatten to - * returns status; - */ -extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space); - -/* - * Resurrect a flattened context into a MD2 Context - * "space" the buffer of the flattend buffer - * "arg" ptr to void used by cryptographic resurrect - * returns resurected context; - */ -extern MD2Context * MD2_Resurrect(unsigned char *space, void *arg); -extern void MD2_Clone(MD2Context *dest, MD2Context *src); - -/******************************************/ -/* -** SHA-1 secure hash function -*/ - -/* -** Hash a null terminated string "src" into "dest" using SHA-1 -*/ -extern SECStatus SHA1_Hash(unsigned char *dest, const char *src); - -/* -** Hash a non-null terminated string "src" into "dest" using SHA-1 -*/ -extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src, - PRUint32 src_length); - -/* -** Create a new SHA-1 context -*/ -extern SHA1Context *SHA1_NewContext(void); - - -/* -** Destroy a SHA-1 secure hash context. -** "cx" the context -** "freeit" if PR_TRUE then free the object as well as its sub-objects -*/ -extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit); - -/* -** Reset a SHA-1 context, preparing it for a fresh round of hashing -*/ -extern void SHA1_Begin(SHA1Context *cx); +#define SHA256_LENGTH 32 -/* -** Update the SHA-1 hash function with more data. -** "cx" the context -** "input" the data to hash -** "inputLen" the amount of data to hash -*/ -extern void SHA1_Update(SHA1Context *cx, const unsigned char *input, - unsigned int inputLen); - -/* -** Finish the SHA-1 hash function. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 16 bytes of digest data are stored -** "digestLen" where the digest length (20) is stored -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void SHA1_End(SHA1Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - -/* -** Export the current state of the SHA-1 hash without appending the standard -** padding and length bytes. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 20 bytes of digest data are stored -** "digestLen" where the digest length (20) is stored (optional) -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void SHA1_EndRaw(SHA1Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); - -/* -** trace the intermediate state info of the SHA1 hash. -*/ -extern void SHA1_TraceState(SHA1Context *cx); - -/* - * Return the the size of a buffer needed to flatten the SHA-1 Context into - * "cx" the context - * returns size; - */ -extern unsigned int SHA1_FlattenSize(SHA1Context *cx); - -/* - * Flatten the SHA-1 Context into a buffer: - * "cx" the context - * "space" the buffer to flatten to - * returns status; - */ -extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space); - -/* - * Resurrect a flattened context into a SHA-1 Context - * "space" the buffer of the flattend buffer - * "arg" ptr to void used by cryptographic resurrect - * returns resurected context; - */ -extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg); -extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src); - -/******************************************/ - -extern SHA224Context *SHA224_NewContext(void); -extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit); -extern void SHA224_Begin(SHA224Context *cx); -extern void SHA224_Update(SHA224Context *cx, const unsigned char *input, - unsigned int inputLen); -extern void SHA224_End(SHA224Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -/* -** Export the current state of the SHA-224 hash without appending the standard -** padding and length bytes. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 28 bytes of digest data are stored -** "digestLen" where the digest length (28) is stored (optional) -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src, - PRUint32 src_length); -extern SECStatus SHA224_Hash(unsigned char *dest, const char *src); -extern void SHA224_TraceState(SHA224Context *cx); -extern unsigned int SHA224_FlattenSize(SHA224Context *cx); -extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space); -extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg); -extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src); - -/******************************************/ - -extern SHA256Context *SHA256_NewContext(void); -extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit); -extern void SHA256_Begin(SHA256Context *cx); -extern void SHA256_Update(SHA256Context *cx, const unsigned char *input, - unsigned int inputLen); -extern void SHA256_End(SHA256Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -/* -** Export the current state of the SHA-256 hash without appending the standard -** padding and length bytes. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 32 bytes of digest data are stored -** "digestLen" where the digest length (32) is stored (optional) -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src, - PRUint32 src_length); -extern SECStatus SHA256_Hash(unsigned char *dest, const char *src); -extern void SHA256_TraceState(SHA256Context *cx); -extern unsigned int SHA256_FlattenSize(SHA256Context *cx); -extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space); -extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg); -extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src); - -/******************************************/ - -extern SHA512Context *SHA512_NewContext(void); -extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit); -extern void SHA512_Begin(SHA512Context *cx); -extern void SHA512_Update(SHA512Context *cx, const unsigned char *input, - unsigned int inputLen); -/* -** Export the current state of the SHA-512 hash without appending the standard -** padding and length bytes. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 64 bytes of digest data are stored -** "digestLen" where the digest length (64) is stored (optional) -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -extern void SHA512_End(SHA512Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src, - PRUint32 src_length); -extern SECStatus SHA512_Hash(unsigned char *dest, const char *src); -extern void SHA512_TraceState(SHA512Context *cx); -extern unsigned int SHA512_FlattenSize(SHA512Context *cx); -extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space); -extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg); -extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src); - -/******************************************/ - -extern SHA384Context *SHA384_NewContext(void); -extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit); -extern void SHA384_Begin(SHA384Context *cx); -extern void SHA384_Update(SHA384Context *cx, const unsigned char *input, - unsigned int inputLen); -extern void SHA384_End(SHA384Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -/* -** Export the current state of the SHA-384 hash without appending the standard -** padding and length bytes. Produce the digested results in "digest" -** "cx" the context -** "digest" where the 48 bytes of digest data are stored -** "digestLen" where the digest length (48) is stored (optional) -** "maxDigestLen" the maximum amount of data that can ever be -** stored in "digest" -*/ -extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest, - unsigned int *digestLen, unsigned int maxDigestLen); -extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src, - PRUint32 src_length); -extern SECStatus SHA384_Hash(unsigned char *dest, const char *src); -extern void SHA384_TraceState(SHA384Context *cx); -extern unsigned int SHA384_FlattenSize(SHA384Context *cx); -extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space); -extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg); -extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src); - -/**************************************** - * implement TLS 1.0 Pseudo Random Function (PRF) and TLS P_hash function - */ - -extern SECStatus -TLS_PRF(const SECItem *secret, const char *label, SECItem *seed, - SECItem *result, PRBool isFIPS); - -extern SECStatus -TLS_P_hash(HASH_HashType hashAlg, const SECItem *secret, const char *label, - SECItem *seed, SECItem *result, PRBool isFIPS); - -/******************************************/ -/* -** Pseudo Random Number Generation. FIPS compliance desirable. -*/ +#include "prtypes.h" /* for PRUintXX */ +#include "prlong.h" -/* -** Initialize the global RNG context and give it some seed input taken -** from the system. This function is thread-safe and will only allow -** the global context to be initialized once. The seed input is likely -** small, so it is imperative that RNG_RandomUpdate() be called with -** additional seed data before the generator is used. A good way to -** provide the generator with additional entropy is to call -** RNG_SystemInfoForRNG(). Note that NSS_Init() does exactly that. -*/ -extern SECStatus RNG_RNGInit(void); - -/* -** Update the global random number generator with more seeding -** material -*/ -extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes); - -/* -** Generate some random bytes, using the global random number generator -** object. -*/ -extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len); - -/* Destroy the global RNG context. After a call to RNG_RNGShutdown() -** a call to RNG_RNGInit() is required in order to use the generator again, -** along with seed data (see the comment above RNG_RNGInit()). -*/ -extern void RNG_RNGShutdown(void); - -extern void RNG_SystemInfoForRNG(void); - -/* - * FIPS 186-2 Change Notice 1 RNG Algorithm 1, used both to - * generate the DSA X parameter and as a generic purpose RNG. - * - * The following two FIPS186Change functions are needed for - * NIST RNG Validation System. - */ - -/* - * FIPS186Change_GenerateX is now deprecated. It will return SECFailure with - * the error set to PR_NOT_IMPLEMENTED_ERROR. - */ -extern SECStatus -FIPS186Change_GenerateX(unsigned char *XKEY, - const unsigned char *XSEEDj, - unsigned char *x_j); - -/* - * When generating the DSA X parameter, we generate 2*GSIZE bytes - * of random output and reduce it mod q. - * - * Input: w, 2*GSIZE bytes - * q, DSA_SUBPRIME_LEN bytes - * Output: xj, DSA_SUBPRIME_LEN bytes - */ -extern SECStatus -FIPS186Change_ReduceModQForDSA(const unsigned char *w, - const unsigned char *q, - unsigned char *xj); - -/* - * The following functions are for FIPS poweron self test and FIPS algorithm - * testing. - */ -extern SECStatus -PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len, - const PRUint8 *nonce, unsigned int nonce_len, - const PRUint8 *personal_string, unsigned int ps_len); - -extern SECStatus -PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len, - const PRUint8 *additional, unsigned int additional_len); - -extern SECStatus -PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len, - const PRUint8 *additional, unsigned int additional_len); - -extern SECStatus -PRNGTEST_Uninstantiate(void); - -extern SECStatus -PRNGTEST_RunHealthTests(void); - -/* Generate PQGParams and PQGVerify structs. - * Length of seed and length of h both equal length of P. - * All lengths are specified by "j", according to the table above. - * - * The verify parameters will conform to FIPS186-1. - */ -extern SECStatus -PQG_ParamGen(unsigned int j, /* input : determines length of P. */ - PQGParams **pParams, /* output: P Q and G returned here */ - PQGVerify **pVfy); /* output: counter and seed. */ - -/* Generate PQGParams and PQGVerify structs. - * Length of P specified by j. Length of h will match length of P. - * Length of SEED in bytes specified in seedBytes. - * seedBbytes must be in the range [20..255] or an error will result. - * - * The verify parameters will conform to FIPS186-1. - */ -extern SECStatus -PQG_ParamGenSeedLen( - unsigned int j, /* input : determines length of P. */ - unsigned int seedBytes, /* input : length of seed in bytes.*/ - PQGParams **pParams, /* output: P Q and G returned here */ - PQGVerify **pVfy); /* output: counter and seed. */ - -/* Generate PQGParams and PQGVerify structs. - * Length of P specified by L in bits. - * Length of Q specified by N in bits. - * Length of SEED in bytes specified in seedBytes. - * seedBbytes must be in the range [N..L*2] or an error will result. - * - * Not that J uses the above table, L is the length exact. L and N must - * match the table below or an error will result: - * - * L N - * 1024 160 - * 2048 224 - * 2048 256 - * 3072 256 - * - * If N or seedBytes are set to zero, then PQG_ParamGenSeedLen will - * pick a default value (typically the smallest secure value for these - * variables). - * - * The verify parameters will conform to FIPS186-3 using the smallest - * permissible hash for the key strength. - */ -extern SECStatus -PQG_ParamGenV2( - unsigned int L, /* input : determines length of P. */ - unsigned int N, /* input : determines length of Q. */ - unsigned int seedBytes, /* input : length of seed in bytes.*/ - PQGParams **pParams, /* output: P Q and G returned here */ - PQGVerify **pVfy); /* output: counter and seed. */ - - -/* Test PQGParams for validity as DSS PQG values. - * If vfy is non-NULL, test PQGParams to make sure they were generated - * using the specified seed, counter, and h values. - * - * Return value indicates whether Verification operation ran successfully - * to completion, but does not indicate if PQGParams are valid or not. - * If return value is SECSuccess, then *pResult has these meanings: - * SECSuccess: PQGParams are valid. - * SECFailure: PQGParams are invalid. - * - * Verify the PQG againts the counter, SEED and h. - * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2 - * PQG_VerifyParams will automatically choose the appropriate test. - */ - -extern SECStatus PQG_VerifyParams(const PQGParams *params, - const PQGVerify *vfy, SECStatus *result); - -extern void PQG_DestroyParams(PQGParams *params); - -extern void PQG_DestroyVerify(PQGVerify *vfy); - - -/* - * clean-up any global tables freebl may have allocated after it starts up. - * This function is not thread safe and should be called only after the - * library has been quiessed. - */ -extern void BL_Cleanup(void); - -/* unload freebl shared library from memory */ -extern void BL_Unload(void); - -/************************************************************************** - * Verify a given Shared library signature * - **************************************************************************/ -PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr); - -/************************************************************************** - * Verify a given filename's signature * - **************************************************************************/ -PRBool BLAPI_SHVerifyFile(const char *shName); - -/************************************************************************** - * Verify Are Own Shared library signature * - **************************************************************************/ -PRBool BLAPI_VerifySelf(const char *name); - -/*********************************************************************/ -extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType); - -extern void BL_SetForkState(PRBool forked); - -#ifndef NSS_DISABLE_ECC -/* -** pepare an ECParam structure from DEREncoded params - */ -extern SECStatus EC_FillParams(PLArenaPool *arena, - const SECItem *encodedParams, ECParams *params); -extern SECStatus EC_DecodeParams(const SECItem *encodedParams, - ECParams **ecparams); -extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, - const ECParams *srcParams); +#ifdef __cplusplus +extern "C" { #endif -SEC_END_PROTOS +struct SHA256Context { + union { + PRUint32 w[64]; /* message schedule, input buffer, plus 48 words */ + PRUint8 b[256]; + } u; + PRUint32 h[8]; /* 8 state variables */ + PRUint32 sizeHi,sizeLo; /* 64-bit count of hashed bytes. */ +}; + +typedef struct SHA256Context SHA256Context; + +extern void +SHA256_Begin(SHA256Context *ctx); -#endif /* _BLAPI_H_ */ +extern void +SHA256_Update(SHA256Context *ctx, const unsigned char *input, + unsigned int inputLen); + +extern void +SHA256_End(SHA256Context *ctx, unsigned char *digest, + unsigned int *digestLen, unsigned int maxDigestLen); + +#ifdef __cplusplus +} /* extern C */ +#endif + +#endif /* _SHA256_H_ */