| blob | 9d12188e9dda2c515590c56a9c5720edea06496b |
1 /*
2 * crypto.h - public data structures and prototypes for the crypto library
3 *
4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 *
7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/
11 *
12 * Software distributed under the License is distributed on an "AS IS" basis,
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 * for the specific language governing rights and limitations under the
15 * License.
16 *
17 * The Original Code is the Netscape security libraries.
18 *
19 * The Initial Developer of the Original Code is
20 * Netscape Communications Corporation.
21 * Portions created by the Initial Developer are Copyright (C) 1994-2000
22 * the Initial Developer. All Rights Reserved.
23 *
24 * Contributor(s):
25 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
26 *
27 * Alternatively, the contents of this file may be used under the terms of
28 * either the GNU General Public License Version 2 or later (the "GPL"), or
29 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 * in which case the provisions of the GPL or the LGPL are applicable instead
31 * of those above. If you wish to allow use of your version of this file only
32 * under the terms of either the GPL or the LGPL, and not to allow others to
33 * use your version of this file under the terms of the MPL, indicate your
34 * decision by deleting the provisions above and replace them with the notice
35 * and other provisions required by the GPL or the LGPL. If you do not delete
36 * the provisions above, a recipient may use your version of this file under
37 * the terms of any one of the MPL, the GPL or the LGPL.
38 *
39 * ***** END LICENSE BLOCK ***** */
40 /* $Id: blapi.h,v 1.26 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */
42 #ifndef _BLAPI_H_
43 #define _BLAPI_H_
49 SEC_BEGIN_PROTOS
51 /*
52 ** RSA encryption/decryption. When encrypting/decrypting the output
53 ** buffer must be at least the size of the public key modulus.
54 */
56 /*
57 ** Generate and return a new RSA public and private key.
58 ** Both keys are encoded in a single RSAPrivateKey structure.
59 ** "cx" is the random number generator context
60 ** "keySizeInBits" is the size of the key to be generated, in bits.
61 ** 512, 1024, etc.
62 ** "publicExponent" when not NULL is a pointer to some data that
63 ** represents the public exponent to use. The data is a byte
64 ** encoded integer, in "big endian" order.
65 */
69 /*
70 ** Perform a raw public-key operation
71 ** Length of input and output buffers are equal to key's modulus len.
72 */
77 /*
78 ** Perform a raw private-key operation
79 ** Length of input and output buffers are equal to key's modulus len.
80 */
85 /*
86 ** Perform a raw private-key operation, and check the parameters used in
87 ** the operation for validity by performing a test operation first.
88 ** Length of input and output buffers are equal to key's modulus len.
89 */
94 /*
95 ** Perform a check of private key parameters for consistency.
96 */
100 /********************************************************************
101 ** DSA signing algorithm
102 */
104 /*
105 ** Generate and return a new DSA public and private key pair,
106 ** both of which are encoded into a single DSAPrivateKey struct.
107 ** "params" is a pointer to the PQG parameters for the domain
108 ** Uses a random seed.
109 */
113 /* signature is caller-supplied buffer of at least 20 bytes.
114 ** On input, signature->len == size of buffer to hold signature.
115 ** digest->len == size of digest.
116 ** On output, signature->len == size of signature in buffer.
117 ** Uses a random seed.
118 */
123 /* signature is caller-supplied buffer of at least 20 bytes.
124 ** On input, signature->len == size of buffer to hold signature.
125 ** digest->len == size of digest.
126 */
131 /* For FIPS compliance testing. Seed must be exactly 20 bytes long */
136 /* For FIPS compliance testing. Seed must be exactly 20 bytes. */
142 /******************************************************
143 ** Diffie Helman key exchange algorithm
144 */
146 /* Generates parameters for Diffie-Helman key generation.
147 ** primeLen is the length in bytes of prime P to be generated.
148 */
151 /* Generates a public and private key, both of which are encoded in a single
152 ** DHPrivateKey struct. Params is input, privKey are output.
153 ** This is Phase 1 of Diffie Hellman.
154 */
158 /*
159 ** DH_Derive does the Diffie-Hellman phase 2 calculation, using the
160 ** other party's publicValue, and the prime and our privateValue.
161 ** maxOutBytes is the requested length of the generated secret in bytes.
162 ** A zero value means produce a value of any length up to the size of
163 ** the prime. If successful, derivedSecret->data is set
164 ** to the address of the newly allocated buffer containing the derived
165 ** secret, and derivedSecret->len is the size of the secret produced.
166 ** The size of the secret produced will never be larger than the length
167 ** of the prime, and it may be smaller than maxOutBytes.
168 ** It is the caller's responsibility to free the allocated buffer
169 ** containing the derived secret.
170 */
177 /*
178 ** KEA_CalcKey returns octet string with the private key for a dual
179 ** Diffie-Helman key generation as specified for government key exchange.
180 */
188 /*
189 * verify that a KEA or DSA public key is a valid key for this prime and
190 * subprime domain.
191 */
194 /******************************************************
195 ** Elliptic Curve algorithms
196 */
198 /* Generates a public and private key, both of which are encoded
199 ** in a single ECPrivateKey struct. Params is input, privKey are
200 ** output.
201 */
210 /* Validates an EC public key as described in Section 5.2.2 of
211 * X9.62. Such validation prevents against small subgroup attacks
212 * when the ECDH primitive is used with the cofactor.
213 */
217 /*
218 ** ECDH_Derive performs a scalar point multiplication of a point
219 ** representing a (peer's) public key and a large integer representing
220 ** a private key (its own). Both keys must use the same elliptic curve
221 ** parameters. If the withCofactor parameter is true, the
222 ** multiplication also uses the cofactor associated with the curve
223 ** parameters. The output of this scheme is the x-coordinate of the
224 ** resulting point. If successful, derivedSecret->data is set to the
225 ** address of the newly allocated buffer containing the derived
226 ** secret, and derivedSecret->len is the size of the secret
227 ** produced. It is the caller's responsibility to free the allocated
228 ** buffer containing the derived secret.
229 */
233 PRBool withCofactor,
236 /* On input, signature->len == size of buffer to hold signature.
237 ** digest->len == size of digest.
238 ** On output, signature->len == size of signature in buffer.
239 ** Uses a random seed.
240 */
245 /* On input, signature->len == size of buffer to hold signature.
246 ** digest->len == size of digest.
247 */
252 /* Uses the provided seed. */
259 /******************************************/
260 /*
261 ** RC4 symmetric stream cypher
262 */
264 /*
265 ** Create a new RC4 context suitable for RC4 encryption/decryption.
266 ** "key" raw key data
267 ** "len" the number of bytes of key data
268 */
280 /*
281 ** Destroy an RC4 encryption/decryption context.
282 ** "cx" the context
283 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
284 */
287 /*
288 ** Perform RC4 encryption.
289 ** "cx" the context
290 ** "output" the output buffer to store the encrypted data.
291 ** "outputLen" how much data is stored in "output". Set by the routine
292 ** after some data is stored in output.
293 ** "maxOutputLen" the maximum amount of data that can ever be
294 ** stored in "output"
295 ** "input" the input data
296 ** "inputLen" the amount of input data
297 */
302 /*
303 ** Perform RC4 decryption.
304 ** "cx" the context
305 ** "output" the output buffer to store the decrypted data.
306 ** "outputLen" how much data is stored in "output". Set by the routine
307 ** after some data is stored in output.
308 ** "maxOutputLen" the maximum amount of data that can ever be
309 ** stored in "output"
310 ** "input" the input data
311 ** "inputLen" the amount of input data
312 */
317 /******************************************/
318 /*
319 ** RC2 symmetric block cypher
320 */
322 /*
323 ** Create a new RC2 context suitable for RC2 encryption/decryption.
324 ** "key" raw key data
325 ** "len" the number of bytes of key data
326 ** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
327 ** "mode" one of NSS_RC2 or NSS_RC2_CBC
328 ** "effectiveKeyLen" is the effective key length (as specified in
329 ** RFC 2268) in bytes (not bits).
330 **
331 ** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
332 ** chaining" mode.
333 */
346 /*
347 ** Destroy an RC2 encryption/decryption context.
348 ** "cx" the context
349 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
350 */
353 /*
354 ** Perform RC2 encryption.
355 ** "cx" the context
356 ** "output" the output buffer to store the encrypted data.
357 ** "outputLen" how much data is stored in "output". Set by the routine
358 ** after some data is stored in output.
359 ** "maxOutputLen" the maximum amount of data that can ever be
360 ** stored in "output"
361 ** "input" the input data
362 ** "inputLen" the amount of input data
363 */
368 /*
369 ** Perform RC2 decryption.
370 ** "cx" the context
371 ** "output" the output buffer to store the decrypted data.
372 ** "outputLen" how much data is stored in "output". Set by the routine
373 ** after some data is stored in output.
374 ** "maxOutputLen" the maximum amount of data that can ever be
375 ** stored in "output"
376 ** "input" the input data
377 ** "inputLen" the amount of input data
378 */
383 /******************************************/
384 /*
385 ** RC5 symmetric block cypher -- 64-bit block size
386 */
388 /*
389 ** Create a new RC5 context suitable for RC5 encryption/decryption.
390 ** "key" raw key data
391 ** "len" the number of bytes of key data
392 ** "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC)
393 ** "mode" one of NSS_RC5 or NSS_RC5_CBC
394 **
395 ** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block
396 ** chaining" mode.
397 */
409 /*
410 ** Destroy an RC5 encryption/decryption context.
411 ** "cx" the context
412 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
413 */
416 /*
417 ** Perform RC5 encryption.
418 ** "cx" the context
419 ** "output" the output buffer to store the encrypted data.
420 ** "outputLen" how much data is stored in "output". Set by the routine
421 ** after some data is stored in output.
422 ** "maxOutputLen" the maximum amount of data that can ever be
423 ** stored in "output"
424 ** "input" the input data
425 ** "inputLen" the amount of input data
426 */
431 /*
432 ** Perform RC5 decryption.
433 ** "cx" the context
434 ** "output" the output buffer to store the decrypted data.
435 ** "outputLen" how much data is stored in "output". Set by the routine
436 ** after some data is stored in output.
437 ** "maxOutputLen" the maximum amount of data that can ever be
438 ** stored in "output"
439 ** "input" the input data
440 ** "inputLen" the amount of input data
441 */
449 /******************************************/
450 /*
451 ** DES symmetric block cypher
452 */
454 /*
455 ** Create a new DES context suitable for DES encryption/decryption.
456 ** "key" raw key data
457 ** "len" the number of bytes of key data
458 ** "iv" is the CBC initialization vector (if mode is NSS_DES_CBC or
459 ** mode is DES_EDE3_CBC)
460 ** "mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC
461 ** "encrypt" is PR_TRUE if the context will be used for encryption
462 **
463 ** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES
464 ** cipher is run in "cipher block chaining" mode.
465 */
478 /*
479 ** Destroy an DES encryption/decryption context.
480 ** "cx" the context
481 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
482 */
485 /*
486 ** Perform DES encryption.
487 ** "cx" the context
488 ** "output" the output buffer to store the encrypted data.
489 ** "outputLen" how much data is stored in "output". Set by the routine
490 ** after some data is stored in output.
491 ** "maxOutputLen" the maximum amount of data that can ever be
492 ** stored in "output"
493 ** "input" the input data
494 ** "inputLen" the amount of input data
495 **
496 ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
497 */
502 /*
503 ** Perform DES decryption.
504 ** "cx" the context
505 ** "output" the output buffer to store the decrypted data.
506 ** "outputLen" how much data is stored in "output". Set by the routine
507 ** after some data is stored in output.
508 ** "maxOutputLen" the maximum amount of data that can ever be
509 ** stored in "output"
510 ** "input" the input data
511 ** "inputLen" the amount of input data
512 **
513 ** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
514 */
519 /******************************************/
520 /*
521 ** AES symmetric block cypher (Rijndael)
522 */
524 /*
525 ** Create a new AES context suitable for AES encryption/decryption.
526 ** "key" raw key data
527 ** "keylen" the number of bytes of key data (16, 24, or 32)
528 ** "blocklen" is the blocksize to use (16, 24, or 32)
529 ** XXX currently only blocksize==16 has been tested!
530 */
544 /*
545 ** Destroy a AES encryption/decryption context.
546 ** "cx" the context
547 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
548 */
552 /*
553 ** Perform AES encryption.
554 ** "cx" the context
555 ** "output" the output buffer to store the encrypted data.
556 ** "outputLen" how much data is stored in "output". Set by the routine
557 ** after some data is stored in output.
558 ** "maxOutputLen" the maximum amount of data that can ever be
559 ** stored in "output"
560 ** "input" the input data
561 ** "inputLen" the amount of input data
562 */
563 extern SECStatus
568 /*
569 ** Perform AES decryption.
570 ** "cx" the context
571 ** "output" the output buffer to store the decrypted data.
572 ** "outputLen" how much data is stored in "output". Set by the routine
573 ** after some data is stored in output.
574 ** "maxOutputLen" the maximum amount of data that can ever be
575 ** stored in "output"
576 ** "input" the input data
577 ** "inputLen" the amount of input data
578 */
579 extern SECStatus
584 /******************************************/
585 /*
586 ** AES key wrap algorithm, RFC 3394
587 */
589 /*
590 ** Create a new AES context suitable for AES encryption/decryption.
591 ** "key" raw key data
592 ** "iv" The 8 byte "initial value"
593 ** "encrypt", a boolean, true for key wrapping, false for unwrapping.
594 ** "keylen" the number of bytes of key data (16, 24, or 32)
595 */
600 extern SECStatus
609 /*
610 ** Destroy a AES KeyWrap context.
611 ** "cx" the context
612 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
613 */
617 /*
618 ** Perform AES key wrap.
619 ** "cx" the context
620 ** "output" the output buffer to store the encrypted data.
621 ** "outputLen" how much data is stored in "output". Set by the routine
622 ** after some data is stored in output.
623 ** "maxOutputLen" the maximum amount of data that can ever be
624 ** stored in "output"
625 ** "input" the input data
626 ** "inputLen" the amount of input data
627 */
628 extern SECStatus
633 /*
634 ** Perform AES key unwrap.
635 ** "cx" the context
636 ** "output" the output buffer to store the decrypted data.
637 ** "outputLen" how much data is stored in "output". Set by the routine
638 ** after some data is stored in output.
639 ** "maxOutputLen" the maximum amount of data that can ever be
640 ** stored in "output"
641 ** "input" the input data
642 ** "inputLen" the amount of input data
643 */
644 extern SECStatus
649 /******************************************/
650 /*
651 ** Camellia symmetric block cypher
652 */
654 /*
655 ** Create a new Camellia context suitable for Camellia encryption/decryption.
656 ** "key" raw key data
657 ** "keylen" the number of bytes of key data (16, 24, or 32)
658 */
671 /*
672 ** Destroy a Camellia encryption/decryption context.
673 ** "cx" the context
674 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
675 */
679 /*
680 ** Perform Camellia encryption.
681 ** "cx" the context
682 ** "output" the output buffer to store the encrypted data.
683 ** "outputLen" how much data is stored in "output". Set by the routine
684 ** after some data is stored in output.
685 ** "maxOutputLen" the maximum amount of data that can ever be
686 ** stored in "output"
687 ** "input" the input data
688 ** "inputLen" the amount of input data
689 */
690 extern SECStatus
695 /*
696 ** Perform Camellia decryption.
697 ** "cx" the context
698 ** "output" the output buffer to store the decrypted data.
699 ** "outputLen" how much data is stored in "output". Set by the routine
700 ** after some data is stored in output.
701 ** "maxOutputLen" the maximum amount of data that can ever be
702 ** stored in "output"
703 ** "input" the input data
704 ** "inputLen" the amount of input data
705 */
706 extern SECStatus
712 /******************************************/
713 /*
714 ** MD5 secure hash function
715 */
717 /*
718 ** Hash a null terminated string "src" into "dest" using MD5
719 */
722 /*
723 ** Hash a non-null terminated string "src" into "dest" using MD5
724 */
726 uint32 src_length);
728 /*
729 ** Create a new MD5 context
730 */
734 /*
735 ** Destroy an MD5 secure hash context.
736 ** "cx" the context
737 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
738 */
741 /*
742 ** Reset an MD5 context, preparing it for a fresh round of hashing
743 */
746 /*
747 ** Update the MD5 hash function with more data.
748 ** "cx" the context
749 ** "input" the data to hash
750 ** "inputLen" the amount of data to hash
751 */
755 /*
756 ** Finish the MD5 hash function. Produce the digested results in "digest"
757 ** "cx" the context
758 ** "digest" where the 16 bytes of digest data are stored
759 ** "digestLen" where the digest length (16) is stored
760 ** "maxDigestLen" the maximum amount of data that can ever be
761 ** stored in "digest"
762 */
766 /*
767 * Return the the size of a buffer needed to flatten the MD5 Context into
768 * "cx" the context
769 * returns size;
770 */
773 /*
774 * Flatten the MD5 Context into a buffer:
775 * "cx" the context
776 * "space" the buffer to flatten to
777 * returns status;
778 */
781 /*
782 * Resurrect a flattened context into a MD5 Context
783 * "space" the buffer of the flattend buffer
784 * "arg" ptr to void used by cryptographic resurrect
785 * returns resurected context;
786 */
790 /*
791 ** trace the intermediate state info of the MD5 hash.
792 */
796 /******************************************/
797 /*
798 ** MD2 secure hash function
799 */
801 /*
802 ** Hash a null terminated string "src" into "dest" using MD2
803 */
806 /*
807 ** Create a new MD2 context
808 */
812 /*
813 ** Destroy an MD2 secure hash context.
814 ** "cx" the context
815 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
816 */
819 /*
820 ** Reset an MD2 context, preparing it for a fresh round of hashing
821 */
824 /*
825 ** Update the MD2 hash function with more data.
826 ** "cx" the context
827 ** "input" the data to hash
828 ** "inputLen" the amount of data to hash
829 */
833 /*
834 ** Finish the MD2 hash function. Produce the digested results in "digest"
835 ** "cx" the context
836 ** "digest" where the 16 bytes of digest data are stored
837 ** "digestLen" where the digest length (16) is stored
838 ** "maxDigestLen" the maximum amount of data that can ever be
839 ** stored in "digest"
840 */
844 /*
845 * Return the the size of a buffer needed to flatten the MD2 Context into
846 * "cx" the context
847 * returns size;
848 */
851 /*
852 * Flatten the MD2 Context into a buffer:
853 * "cx" the context
854 * "space" the buffer to flatten to
855 * returns status;
856 */
859 /*
860 * Resurrect a flattened context into a MD2 Context
861 * "space" the buffer of the flattend buffer
862 * "arg" ptr to void used by cryptographic resurrect
863 * returns resurected context;
864 */
868 /******************************************/
869 /*
870 ** SHA-1 secure hash function
871 */
873 /*
874 ** Hash a null terminated string "src" into "dest" using SHA-1
875 */
878 /*
879 ** Hash a non-null terminated string "src" into "dest" using SHA-1
880 */
882 uint32 src_length);
884 /*
885 ** Create a new SHA-1 context
886 */
890 /*
891 ** Destroy a SHA-1 secure hash context.
892 ** "cx" the context
893 ** "freeit" if PR_TRUE then free the object as well as its sub-objects
894 */
897 /*
898 ** Reset a SHA-1 context, preparing it for a fresh round of hashing
899 */
902 /*
903 ** Update the SHA-1 hash function with more data.
904 ** "cx" the context
905 ** "input" the data to hash
906 ** "inputLen" the amount of data to hash
907 */
911 /*
912 ** Finish the SHA-1 hash function. Produce the digested results in "digest"
913 ** "cx" the context
914 ** "digest" where the 16 bytes of digest data are stored
915 ** "digestLen" where the digest length (20) is stored
916 ** "maxDigestLen" the maximum amount of data that can ever be
917 ** stored in "digest"
918 */
922 /*
923 ** trace the intermediate state info of the SHA1 hash.
924 */
927 /*
928 * Return the the size of a buffer needed to flatten the SHA-1 Context into
929 * "cx" the context
930 * returns size;
931 */
934 /*
935 * Flatten the SHA-1 Context into a buffer:
936 * "cx" the context
937 * "space" the buffer to flatten to
938 * returns status;
939 */
942 /*
943 * Resurrect a flattened context into a SHA-1 Context
944 * "space" the buffer of the flattend buffer
945 * "arg" ptr to void used by cryptographic resurrect
946 * returns resurected context;
947 */
951 /******************************************/
961 uint32 src_length);
969 /******************************************/
979 uint32 src_length);
987 /******************************************/
997 uint32 src_length);
1005 /****************************************
1006 * implement TLS Pseudo Random Function (PRF)
1007 */
1009 extern SECStatus
1013 /******************************************/
1014 /*
1015 ** Pseudo Random Number Generation. FIPS compliance desirable.
1016 */
1018 /*
1019 ** Initialize the global RNG context and give it some seed input taken
1020 ** from the system. This function is thread-safe and will only allow
1021 ** the global context to be initialized once. The seed input is likely
1022 ** small, so it is imperative that RNG_RandomUpdate() be called with
1023 ** additional seed data before the generator is used. A good way to
1024 ** provide the generator with additional entropy is to call
1025 ** RNG_SystemInfoForRNG(). Note that NSS_Init() does exactly that.
1026 */
1029 /*
1030 ** Update the global random number generator with more seeding
1031 ** material
1032 */
1035 /*
1036 ** Generate some random bytes, using the global random number generator
1037 ** object.
1038 */
1041 /* Destroy the global RNG context. After a call to RNG_RNGShutdown()
1042 ** a call to RNG_RNGInit() is required in order to use the generator again,
1043 ** along with seed data (see the comment above RNG_RNGInit()).
1044 */
1049 /*
1050 * FIPS 186-2 Change Notice 1 RNG Algorithm 1, used both to
1051 * generate the DSA X parameter and as a generic purpose RNG.
1052 *
1053 * The following two FIPS186Change functions are needed for
1054 * NIST RNG Validation System.
1055 */
1057 /*
1058 * Given the seed-key and the seed, generate the random output.
1059 *
1060 * Parameters:
1061 * XKEY [input/output]: the state of the RNG (seed-key)
1062 * XSEEDj [input]: optional user input (seed)
1063 * x_j [output]: output of the RNG
1064 *
1065 * Return value:
1066 * This function usually returns SECSuccess. The only reason
1067 * this function returns SECFailure is that XSEEDj equals
1068 * XKEY, including the intermediate XKEY value between the two
1069 * iterations. (This test is actually a FIPS 140-2 requirement
1070 * and not required for FIPS algorithm testing, but it is too
1071 * hard to separate from this function.) If this function fails,
1072 * XKEY is not updated, but some data may have been written to
1073 * x_j, which should be ignored.
1074 */
1075 extern SECStatus
1080 /*
1081 * When generating the DSA X parameter, we generate 2*GSIZE bytes
1082 * of random output and reduce it mod q.
1083 *
1084 * Input: w, 2*GSIZE bytes
1085 * q, DSA_SUBPRIME_LEN bytes
1086 * Output: xj, DSA_SUBPRIME_LEN bytes
1087 */
1088 extern SECStatus
1093 /* Generate PQGParams and PQGVerify structs.
1094 * Length of seed and length of h both equal length of P.
1095 * All lengths are specified by "j", according to the table above.
1096 */
1097 extern SECStatus
1102 /* Generate PQGParams and PQGVerify structs.
1103 * Length of P specified by j. Length of h will match length of P.
1104 * Length of SEED in bytes specified in seedBytes.
1105 * seedBbytes must be in the range [20..255] or an error will result.
1106 */
1107 extern SECStatus
1115 /* Test PQGParams for validity as DSS PQG values.
1116 * If vfy is non-NULL, test PQGParams to make sure they were generated
1117 * using the specified seed, counter, and h values.
1118 *
1119 * Return value indicates whether Verification operation ran succesfully
1120 * to completion, but does not indicate if PQGParams are valid or not.
1121 * If return value is SECSuccess, then *pResult has these meanings:
1122 * SECSuccess: PQGParams are valid.
1123 * SECFailure: PQGParams are invalid.
1124 *
1125 * Verify the following 12 facts about PQG counter SEED g and h
1126 * 1. Q is 160 bits long.
1127 * 2. P is one of the 9 valid lengths.
1128 * 3. G < P
1129 * 4. P % Q == 1
1130 * 5. Q is prime
1131 * 6. P is prime
1132 * Steps 7-12 are done only if the optional PQGVerify is supplied.
1133 * 7. counter < 4096
1134 * 8. g >= 160 and g < 2048 (g is length of seed in bits)
1135 * 9. Q generated from SEED matches Q in PQGParams.
1136 * 10. P generated from (L, counter, g, SEED, Q) matches P in PQGParams.
1137 * 11. 1 < h < P-1
1138 * 12. G generated from h matches G in PQGParams.
1139 */
1145 /*
1146 * clean-up any global tables freebl may have allocated after it starts up.
1147 * This function is not thread safe and should be called only after the
1148 * library has been quiessed.
1149 */
1152 /* unload freebl shared library from memory */
1155 /**************************************************************************
1156 * Verify a given Shared library signature *
1157 **************************************************************************/
1160 /**************************************************************************
1161 * Verify Are Own Shared library signature *
1162 **************************************************************************/
1165 /*********************************************************************/
1168 SEC_END_PROTOS