tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pk11pqg.h (6584B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 /* Thse functions are stub functions which will get replaced with calls through
      5 * PKCS #11.
      6 */
      7 
      8 #ifndef _PK11PQG_H_
      9 #define _PK11PQG_H_ 1
     10 
     11 #include "blapit.h"
     12 
     13 SEC_BEGIN_PROTOS
     14 
     15 /* Generate PQGParams and PQGVerify structs.
     16 * Length of seed and length of h both equal length of P.
     17 * All lengths are specified by "j", according to the table above.
     18 */
     19 extern SECStatus PK11_PQG_ParamGen(unsigned int j, PQGParams **pParams,
     20                                   PQGVerify **pVfy);
     21 
     22 /* Generate PQGParams and PQGVerify structs.
     23 * Length of P specified by j.  Length of h will match length of P.
     24 * Length of SEED in bytes specified in seedBytes.
     25 * seedBbytes must be in the range [20..255] or an error will result.
     26 */
     27 extern SECStatus PK11_PQG_ParamGenSeedLen(unsigned int j,
     28                                          unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy);
     29 
     30 /* Generate PQGParams and PQGVerify structs.
     31 * Length of P specified by L.
     32 *   if L is greater than 1024 then the resulting verify parameters will be
     33 *   DSA2.
     34 * Length of Q specified by N. If zero, The PKCS #11 module will
     35 *   pick an appropriately sized Q for L. If N is specified and L = 1024, then
     36 *   the resulting verify parameters will be DSA2, Otherwise DSA1 parameters
     37 *   will be returned.
     38 * Length of SEED in bytes specified in seedBytes.
     39 *
     40 * The underlying PKCS #11 module will check the values for L, N,
     41 * and seedBytes. The rules for softoken are:
     42 *
     43 * If L <= 1024, then L must be between 512 and 1024 in increments of 64 bits.
     44 * If L <= 1024, then N must be 0 or 160.
     45 * If L >= 1024, then L and N must match the following table:
     46 *   L=1024   N=0 or 160
     47 *   L=2048   N=0 or 224
     48 *   L=2048   N=256
     49 *   L=3072   N=0 or 256
     50 * if L <= 1024
     51 *   seedBbytes must be in the range [20..256].
     52 * if L >= 1024
     53 *   seedBbytes must be in the range [20..L/16].
     54 */
     55 extern SECStatus
     56 PK11_PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
     57                    PQGParams **pParams, PQGVerify **pVfy);
     58 
     59 /*  Test PQGParams for validity as DSS PQG values.
     60 *  If vfy is non-NULL, test PQGParams to make sure they were generated
     61 *       using the specified seed, counter, and h values.
     62 *
     63 *  Return value indicates whether Verification operation ran successfully
     64 *  to completion, but does not indicate if PQGParams are valid or not.
     65 *  If return value is SECSuccess, then *pResult has these meanings:
     66 *       SECSuccess: PQGParams are valid.
     67 *       SECFailure: PQGParams are invalid.
     68 *
     69 * Verify the following 12 facts about PQG counter SEED g and h
     70 * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2
     71 * PQG_VerifyParams in softoken/freebl will automatically choose the
     72 * appropriate test.
     73 */
     74 extern SECStatus PK11_PQG_VerifyParams(const PQGParams *params,
     75                                       const PQGVerify *vfy, SECStatus *result);
     76 extern void PK11_PQG_DestroyParams(PQGParams *params);
     77 extern void PK11_PQG_DestroyVerify(PQGVerify *vfy);
     78 
     79 /**************************************************************************
     80 *  Return a pointer to a new PQGParams struct that is constructed from   *
     81 *  copies of the arguments passed in.                                    *
     82 *  Return NULL on failure.                                               *
     83 **************************************************************************/
     84 extern PQGParams *PK11_PQG_NewParams(const SECItem *prime, const SECItem *subPrime, const SECItem *base);
     85 
     86 /**************************************************************************
     87 * Fills in caller's "prime" SECItem with the prime value in params.
     88 * Contents can be freed by calling SECITEM_FreeItem(prime, PR_FALSE);
     89 **************************************************************************/
     90 extern SECStatus PK11_PQG_GetPrimeFromParams(const PQGParams *params,
     91                                             SECItem *prime);
     92 
     93 /**************************************************************************
     94 * Fills in caller's "subPrime" SECItem with the prime value in params.
     95 * Contents can be freed by calling SECITEM_FreeItem(subPrime, PR_FALSE);
     96 **************************************************************************/
     97 extern SECStatus PK11_PQG_GetSubPrimeFromParams(const PQGParams *params,
     98                                                SECItem *subPrime);
     99 
    100 /**************************************************************************
    101 * Fills in caller's "base" SECItem with the base value in params.
    102 * Contents can be freed by calling SECITEM_FreeItem(base, PR_FALSE);
    103 **************************************************************************/
    104 extern SECStatus PK11_PQG_GetBaseFromParams(const PQGParams *params,
    105                                            SECItem *base);
    106 
    107 /**************************************************************************
    108 *  Return a pointer to a new PQGVerify struct that is constructed from   *
    109 *  copies of the arguments passed in.                                    *
    110 *  Return NULL on failure.                                               *
    111 **************************************************************************/
    112 extern PQGVerify *PK11_PQG_NewVerify(unsigned int counter,
    113                                     const SECItem *seed, const SECItem *h);
    114 
    115 /**************************************************************************
    116 * Returns "counter" value from the PQGVerify.
    117 **************************************************************************/
    118 extern unsigned int PK11_PQG_GetCounterFromVerify(const PQGVerify *verify);
    119 
    120 /**************************************************************************
    121 * Fills in caller's "seed" SECItem with the seed value in verify.
    122 * Contents can be freed by calling SECITEM_FreeItem(seed, PR_FALSE);
    123 **************************************************************************/
    124 extern SECStatus PK11_PQG_GetSeedFromVerify(const PQGVerify *verify,
    125                                            SECItem *seed);
    126 
    127 /**************************************************************************
    128 * Fills in caller's "h" SECItem with the h value in verify.
    129 * Contents can be freed by calling SECITEM_FreeItem(h, PR_FALSE);
    130 **************************************************************************/
    131 extern SECStatus PK11_PQG_GetHFromVerify(const PQGVerify *verify, SECItem *h);
    132 
    133 SEC_END_PROTOS
    134 
    135 #endif