1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pk11wrap/pk11pqg.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,142 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +/* Thse functions are stub functions which will get replaced with calls through
1.8 + * PKCS #11.
1.9 + */
1.10 +
1.11 +#ifndef _PK11PQG_H_
1.12 +#define _PK11PQG_H_ 1
1.13 +
1.14 +#include "blapit.h"
1.15 +
1.16 +SEC_BEGIN_PROTOS
1.17 +
1.18 +/* Generate PQGParams and PQGVerify structs.
1.19 + * Length of seed and length of h both equal length of P.
1.20 + * All lengths are specified by "j", according to the table above.
1.21 + */
1.22 +extern SECStatus PK11_PQG_ParamGen(unsigned int j, PQGParams **pParams,
1.23 + PQGVerify **pVfy);
1.24 +
1.25 +/* Generate PQGParams and PQGVerify structs.
1.26 + * Length of P specified by j. Length of h will match length of P.
1.27 + * Length of SEED in bytes specified in seedBytes.
1.28 + * seedBbytes must be in the range [20..255] or an error will result.
1.29 + */
1.30 +extern SECStatus PK11_PQG_ParamGenSeedLen( unsigned int j,
1.31 + unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy);
1.32 +
1.33 +
1.34 +/* Generate PQGParams and PQGVerify structs.
1.35 + * Length of P specified by L.
1.36 + * if L is greater than 1024 then the resulting verify parameters will be
1.37 + * DSA2.
1.38 + * Length of Q specified by N. If zero, The PKCS #11 module will
1.39 + * pick an appropriately sized Q for L. If N is specified and L = 1024, then
1.40 + * the resulting verify parameters will be DSA2, Otherwise DSA1 parameters
1.41 + * will be returned.
1.42 + * Length of SEED in bytes specified in seedBytes.
1.43 + *
1.44 + * The underlying PKCS #11 module will check the values for L, N,
1.45 + * and seedBytes. The rules for softoken are:
1.46 + *
1.47 + * If L <= 1024, then L must be between 512 and 1024 in increments of 64 bits.
1.48 + * If L <= 1024, then N must be 0 or 160.
1.49 + * If L >= 1024, then L and N must match the following table:
1.50 + * L=1024 N=0 or 160
1.51 + * L=2048 N=0 or 224
1.52 + * L=2048 N=256
1.53 + * L=3072 N=0 or 256
1.54 + * if L <= 1024
1.55 + * seedBbytes must be in the range [20..256].
1.56 + * if L >= 1024
1.57 + * seedBbytes must be in the range [20..L/16].
1.58 + */
1.59 +extern SECStatus
1.60 +PK11_PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
1.61 + PQGParams **pParams, PQGVerify **pVfy);
1.62 +
1.63 +/* Test PQGParams for validity as DSS PQG values.
1.64 + * If vfy is non-NULL, test PQGParams to make sure they were generated
1.65 + * using the specified seed, counter, and h values.
1.66 + *
1.67 + * Return value indicates whether Verification operation ran successfully
1.68 + * to completion, but does not indicate if PQGParams are valid or not.
1.69 + * If return value is SECSuccess, then *pResult has these meanings:
1.70 + * SECSuccess: PQGParams are valid.
1.71 + * SECFailure: PQGParams are invalid.
1.72 + *
1.73 + * Verify the following 12 facts about PQG counter SEED g and h
1.74 + * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2
1.75 + * PQG_VerifyParams in softoken/freebl will automatically choose the
1.76 + * appropriate test.
1.77 + */
1.78 +extern SECStatus PK11_PQG_VerifyParams(const PQGParams *params,
1.79 + const PQGVerify *vfy, SECStatus *result);
1.80 +extern void PK11_PQG_DestroyParams(PQGParams *params);
1.81 +extern void PK11_PQG_DestroyVerify(PQGVerify *vfy);
1.82 +
1.83 +/**************************************************************************
1.84 + * Return a pointer to a new PQGParams struct that is constructed from *
1.85 + * copies of the arguments passed in. *
1.86 + * Return NULL on failure. *
1.87 + **************************************************************************/
1.88 +extern PQGParams * PK11_PQG_NewParams(const SECItem * prime, const
1.89 + SECItem * subPrime, const SECItem * base);
1.90 +
1.91 +
1.92 +/**************************************************************************
1.93 + * Fills in caller's "prime" SECItem with the prime value in params.
1.94 + * Contents can be freed by calling SECITEM_FreeItem(prime, PR_FALSE);
1.95 + **************************************************************************/
1.96 +extern SECStatus PK11_PQG_GetPrimeFromParams(const PQGParams *params,
1.97 + SECItem * prime);
1.98 +
1.99 +
1.100 +/**************************************************************************
1.101 + * Fills in caller's "subPrime" SECItem with the prime value in params.
1.102 + * Contents can be freed by calling SECITEM_FreeItem(subPrime, PR_FALSE);
1.103 + **************************************************************************/
1.104 +extern SECStatus PK11_PQG_GetSubPrimeFromParams(const PQGParams *params,
1.105 + SECItem * subPrime);
1.106 +
1.107 +
1.108 +/**************************************************************************
1.109 + * Fills in caller's "base" SECItem with the base value in params.
1.110 + * Contents can be freed by calling SECITEM_FreeItem(base, PR_FALSE);
1.111 + **************************************************************************/
1.112 +extern SECStatus PK11_PQG_GetBaseFromParams(const PQGParams *params,
1.113 + SECItem *base);
1.114 +
1.115 +
1.116 +/**************************************************************************
1.117 + * Return a pointer to a new PQGVerify struct that is constructed from *
1.118 + * copies of the arguments passed in. *
1.119 + * Return NULL on failure. *
1.120 + **************************************************************************/
1.121 +extern PQGVerify * PK11_PQG_NewVerify(unsigned int counter,
1.122 + const SECItem * seed, const SECItem * h);
1.123 +
1.124 +
1.125 +/**************************************************************************
1.126 + * Returns "counter" value from the PQGVerify.
1.127 + **************************************************************************/
1.128 +extern unsigned int PK11_PQG_GetCounterFromVerify(const PQGVerify *verify);
1.129 +
1.130 +/**************************************************************************
1.131 + * Fills in caller's "seed" SECItem with the seed value in verify.
1.132 + * Contents can be freed by calling SECITEM_FreeItem(seed, PR_FALSE);
1.133 + **************************************************************************/
1.134 +extern SECStatus PK11_PQG_GetSeedFromVerify(const PQGVerify *verify,
1.135 + SECItem *seed);
1.136 +
1.137 +/**************************************************************************
1.138 + * Fills in caller's "h" SECItem with the h value in verify.
1.139 + * Contents can be freed by calling SECITEM_FreeItem(h, PR_FALSE);
1.140 + **************************************************************************/
1.141 +extern SECStatus PK11_PQG_GetHFromVerify(const PQGVerify *verify, SECItem * h);
1.142 +
1.143 +SEC_END_PROTOS
1.144 +
1.145 +#endif
