| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 /* Thse functions are stub functions which will get replaced with calls through | 4 /* Thse functions are stub functions which will get replaced with calls through |
| 5 * PKCS #11. | 5 * PKCS #11. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #ifndef _PK11PQG_H_ | 8 #ifndef _PK11PQG_H_ |
| 9 #define _PK11PQG_H_ 1 | 9 #define _PK11PQG_H_ 1 |
| 10 | 10 |
| 11 #include "blapit.h" | 11 #include "blapit.h" |
| 12 | 12 |
| 13 SEC_BEGIN_PROTOS | 13 SEC_BEGIN_PROTOS |
| 14 | 14 |
| 15 /* Generate PQGParams and PQGVerify structs. | 15 /* Generate PQGParams and PQGVerify structs. |
| 16 * Length of seed and length of h both equal length of P. | 16 * Length of seed and length of h both equal length of P. |
| 17 * All lengths are specified by "j", according to the table above. | 17 * All lengths are specified by "j", according to the table above. |
| 18 */ | 18 */ |
| 19 extern SECStatus PK11_PQG_ParamGen(unsigned int j, PQGParams **pParams, | 19 extern SECStatus PK11_PQG_ParamGen(unsigned int j, PQGParams **pParams, |
| 20 PQGVerify **pVfy); | 20 PQGVerify **pVfy); |
| 21 | 21 |
| 22 /* Generate PQGParams and PQGVerify structs. | 22 /* Generate PQGParams and PQGVerify structs. |
| 23 * Length of P specified by j. Length of h will match length of P. | 23 * Length of P specified by j. Length of h will match length of P. |
| 24 * Length of SEED in bytes specified in seedBytes. | 24 * Length of SEED in bytes specified in seedBytes. |
| 25 * seedBbytes must be in the range [20..255] or an error will result. | 25 * seedBbytes must be in the range [20..255] or an error will result. |
| 26 */ | 26 */ |
| 27 extern SECStatus PK11_PQG_ParamGenSeedLen( unsigned int j, | 27 extern SECStatus PK11_PQG_ParamGenSeedLen( unsigned int j, |
| 28 unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy); | 28 unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy); |
| 29 | 29 |
| 30 |
| 31 /* Generate PQGParams and PQGVerify structs. |
| 32 * Length of P specified by L. |
| 33 * if L is greater than 1024 then the resulting verify parameters will be |
| 34 * DSA2. |
| 35 * Length of Q specified by N. If zero, The PKCS #11 module will |
| 36 * pick an appropriately sized Q for L. If N is specified and L = 1024, then |
| 37 * the resulting verify parameters will be DSA2, Otherwise DSA1 parameters |
| 38 * will be returned. |
| 39 * Length of SEED in bytes specified in seedBytes. |
| 40 * |
| 41 * The underlying PKCS #11 module will check the values for L, N, |
| 42 * and seedBytes. The rules for softoken are: |
| 43 * |
| 44 * If L <= 1024, then L must be between 512 and 1024 in increments of 64 bits. |
| 45 * If L <= 1024, then N must be 0 or 160. |
| 46 * If L >= 1024, then L and N must match the following table: |
| 47 * L=1024 N=0 or 160 |
| 48 * L=2048 N=0 or 224 |
| 49 * L=2048 N=256 |
| 50 * L=3072 N=0 or 256 |
| 51 * if L <= 1024 |
| 52 * seedBbytes must be in the range [20..256]. |
| 53 * if L >= 1024 |
| 54 * seedBbytes must be in the range [20..L/16]. |
| 55 */ |
| 56 extern SECStatus |
| 57 PK11_PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes, |
| 58 PQGParams **pParams, PQGVerify **pVfy); |
| 59 |
| 30 /* Test PQGParams for validity as DSS PQG values. | 60 /* Test PQGParams for validity as DSS PQG values. |
| 31 * If vfy is non-NULL, test PQGParams to make sure they were generated | 61 * If vfy is non-NULL, test PQGParams to make sure they were generated |
| 32 * using the specified seed, counter, and h values. | 62 * using the specified seed, counter, and h values. |
| 33 * | 63 * |
| 34 * Return value indicates whether Verification operation ran successfully | 64 * Return value indicates whether Verification operation ran successfully |
| 35 * to completion, but does not indicate if PQGParams are valid or not. | 65 * to completion, but does not indicate if PQGParams are valid or not. |
| 36 * If return value is SECSuccess, then *pResult has these meanings: | 66 * If return value is SECSuccess, then *pResult has these meanings: |
| 37 * SECSuccess: PQGParams are valid. | 67 * SECSuccess: PQGParams are valid. |
| 38 * SECFailure: PQGParams are invalid. | 68 * SECFailure: PQGParams are invalid. |
| 39 * | 69 * |
| 40 * Verify the following 12 facts about PQG counter SEED g and h | 70 * Verify the following 12 facts about PQG counter SEED g and h |
| 41 * 1. Q is 160 bits long. | 71 * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2 |
| 42 * 2. P is one of the 9 valid lengths. | 72 * PQG_VerifyParams in softoken/freebl will automatically choose the |
| 43 * 3. G < P | 73 * appropriate test. |
| 44 * 4. P % Q == 1 | |
| 45 * 5. Q is prime | |
| 46 * 6. P is prime | |
| 47 * Steps 7-12 are done only if the optional PQGVerify is supplied. | |
| 48 * 7. counter < 4096 | |
| 49 * 8. g >= 160 and g < 2048 (g is length of seed in bits) | |
| 50 * 9. Q generated from SEED matches Q in PQGParams. | |
| 51 * 10. P generated from (L, counter, g, SEED, Q) matches P in PQGParams. | |
| 52 * 11. 1 < h < P-1 | |
| 53 * 12. G generated from h matches G in PQGParams. | |
| 54 */ | 74 */ |
| 55 | |
| 56 extern SECStatus PK11_PQG_VerifyParams(const PQGParams *params, | 75 extern SECStatus PK11_PQG_VerifyParams(const PQGParams *params, |
| 57 const PQGVerify *vfy, SECStatus *result); | 76 const PQGVerify *vfy, SECStatus *result); |
| 58 extern void PK11_PQG_DestroyParams(PQGParams *params); | 77 extern void PK11_PQG_DestroyParams(PQGParams *params); |
| 59 extern void PK11_PQG_DestroyVerify(PQGVerify *vfy); | 78 extern void PK11_PQG_DestroyVerify(PQGVerify *vfy); |
| 60 | 79 |
| 61 /************************************************************************** | 80 /************************************************************************** |
| 62 * Return a pointer to a new PQGParams struct that is constructed from * | 81 * Return a pointer to a new PQGParams struct that is constructed from * |
| 63 * copies of the arguments passed in. * | 82 * copies of the arguments passed in. * |
| 64 * Return NULL on failure. * | 83 * Return NULL on failure. * |
| 65 **************************************************************************/ | 84 **************************************************************************/ |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 114 | 133 |
| 115 /************************************************************************** | 134 /************************************************************************** |
| 116 * Fills in caller's "h" SECItem with the h value in verify. | 135 * Fills in caller's "h" SECItem with the h value in verify. |
| 117 * Contents can be freed by calling SECITEM_FreeItem(h, PR_FALSE); | 136 * Contents can be freed by calling SECITEM_FreeItem(h, PR_FALSE); |
| 118 **************************************************************************/ | 137 **************************************************************************/ |
| 119 extern SECStatus PK11_PQG_GetHFromVerify(const PQGVerify *verify, SECItem * h); | 138 extern SECStatus PK11_PQG_GetHFromVerify(const PQGVerify *verify, SECItem * h); |
| 120 | 139 |
| 121 SEC_END_PROTOS | 140 SEC_END_PROTOS |
| 122 | 141 |
| 123 #endif | 142 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10961060:
Update NSS to NSS 3.14 Beta 1. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/