| Index: mozilla/security/nss/lib/pk11wrap/pk11pqg.h
|
| ===================================================================
|
| --- mozilla/security/nss/lib/pk11wrap/pk11pqg.h (revision 164196)
|
| +++ mozilla/security/nss/lib/pk11wrap/pk11pqg.h (working copy)
|
| @@ -27,6 +27,36 @@
|
| extern SECStatus PK11_PQG_ParamGenSeedLen( unsigned int j,
|
| unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy);
|
|
|
| +
|
| +/* Generate PQGParams and PQGVerify structs.
|
| + * Length of P specified by L.
|
| + * if L is greater than 1024 then the resulting verify parameters will be
|
| + * DSA2.
|
| + * Length of Q specified by N. If zero, The PKCS #11 module will
|
| + * pick an appropriately sized Q for L. If N is specified and L = 1024, then
|
| + * the resulting verify parameters will be DSA2, Otherwise DSA1 parameters
|
| + * will be returned.
|
| + * Length of SEED in bytes specified in seedBytes.
|
| + *
|
| + * The underlying PKCS #11 module will check the values for L, N,
|
| + * and seedBytes. The rules for softoken are:
|
| + *
|
| + * If L <= 1024, then L must be between 512 and 1024 in increments of 64 bits.
|
| + * If L <= 1024, then N must be 0 or 160.
|
| + * If L >= 1024, then L and N must match the following table:
|
| + * L=1024 N=0 or 160
|
| + * L=2048 N=0 or 224
|
| + * L=2048 N=256
|
| + * L=3072 N=0 or 256
|
| + * if L <= 1024
|
| + * seedBbytes must be in the range [20..256].
|
| + * if L >= 1024
|
| + * seedBbytes must be in the range [20..L/16].
|
| + */
|
| +extern SECStatus
|
| +PK11_PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
|
| + PQGParams **pParams, PQGVerify **pVfy);
|
| +
|
| /* Test PQGParams for validity as DSS PQG values.
|
| * If vfy is non-NULL, test PQGParams to make sure they were generated
|
| * using the specified seed, counter, and h values.
|
| @@ -38,21 +68,10 @@
|
| * SECFailure: PQGParams are invalid.
|
| *
|
| * Verify the following 12 facts about PQG counter SEED g and h
|
| - * 1. Q is 160 bits long.
|
| - * 2. P is one of the 9 valid lengths.
|
| - * 3. G < P
|
| - * 4. P % Q == 1
|
| - * 5. Q is prime
|
| - * 6. P is prime
|
| - * Steps 7-12 are done only if the optional PQGVerify is supplied.
|
| - * 7. counter < 4096
|
| - * 8. g >= 160 and g < 2048 (g is length of seed in bits)
|
| - * 9. Q generated from SEED matches Q in PQGParams.
|
| - * 10. P generated from (L, counter, g, SEED, Q) matches P in PQGParams.
|
| - * 11. 1 < h < P-1
|
| - * 12. G generated from h matches G in PQGParams.
|
| + * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2
|
| + * PQG_VerifyParams in softoken/freebl will automatically choose the
|
| + * appropriate test.
|
| */
|
| -
|
| extern SECStatus PK11_PQG_VerifyParams(const PQGParams *params,
|
| const PQGVerify *vfy, SECStatus *result);
|
| extern void PK11_PQG_DestroyParams(PQGParams *params);
|
|
|
Chromium Code Reviews
Issue 11359091:
Update NSS to NSS 3.14 pre-release snapshot 2012-06-26 01:00:00 PDT. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/