Section C Table II

From MozillaWiki
Revision as of 19:59, 12 April 2006 by Neil.williams (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
</tbody>
Table II. Services
Name of Service Description of Service in Terms of Routines
Certificate

Storage and

Retrieval		 This private service consists of six routines used

to perform certificate storage and retrieval including SEC_OpenPermCertDB(),

AddCertToPermDB(), SEC_TraversePermCerts(), SEC_FindPermCertByKey(), SEC_DeletePermCertificate(), and CERT_ClosePermCertDB().
Digital
Signatures		 This private service consists of the one routine used to perform DSA signature generation, DSA_SignDigest(), and the one routine used to perform DSA signature verification, DSA_VerifyDigest(). This service also consists of the three routines used for RSA signature

generation, verification, and entity association: RSA_Sign(), RSA_CheckSign(), and RSA_CheckSignRecover(), and the three raw routines used for RSA signature generation, verification, and entity association: RSA_SignRaw(), RSA_CheckSignRaw(), and RSA_CheckSignRecoverRaw(). In general, the key

generation service must be invoked prior to invoking this service.
Encryption/
Decryption		 This private service consists of the four routines used to perform DES Encryption/Decryption including DES_CreateContext(), DES_Encrypt(), DES_Decrypt(), and DES_DestroyContext(). Single-key DES service is provided by using the NSS_DES and NSS_DES_CBC modes with DES_CreateContext(). Triple-DES service is provided by using the NSS_DES_EDE3 and NSS_DES_EDE3_CBC modes with DES_CreateContext().
Hashing This public service consists of the eight routines

used to perform SHA-1 hashing including SHA1_NewContext(), SHA1_CloneContext(), SHA1_Begin(), SHA1_Update(), SHA1_End(), SHA1_HashBuf(), SHA1_Hash(), and

SHA1_DestroyContext().
Key
Generation		 This private service is utilized to perform key generation and consists of the six routines used to perform DSA key generation including PQGParamGen(), PQG_ParamGenSeedLen(), PQG_VerifyParams(), DSA_CreateKeyGenContext(), DSA_NewKey(), and DSA_NewKeyFromSeed(), and the b>one routine used for RSA private key generation called RSA_NewKey() (only used for entity association in public key exchange). When RSA_NewKey() is used in public key exchange between two parties, the Pairwise Consistency Test requires routines to check this symmetric algorithm. These consist of two routines used for entity association which include RSA_EncryptBlock(), and RSA_DecryptBlock(), and two raw routines used for entity association which include RSA_EncryptRaw(), and RSA_DecryptRaw().
PKCS #5

Password-Based

Encryption		 The PKCS #5 API specifies a standard interface based upon the PKCS #5 standard which allows this private service to be used to perform password-based encryption and consists of the five routines including SEC_PKCS5GetSalt(), SEC_PKCS5GetIV(), SEC_PKCS5GetKey(), SEC_PKCS5CipherData(), and SEC_PKCS5CreateAlgorithmID().
PKCS #11 The PKCS #11 API specifies a standard interface based upon the PKCS #11 standard which allows for the selection of a FIPS PUB 140-1 mode of operation that provides both public and private services as well as a means of authentication into all private services, creates and maintains entry points for all FIPS PUB 140-1 specific routines including pk11_fipsPowerUpSelfTest() at initialization as well as on demand for subsequent logins, and enforces a pairwise consistency check on all key generation algorithms. NSS's FIPS PUB 140-1 PKCS #11 implementation defines the following standard crypto API:
<tbody> </tbody>
Category Function Description
FIPS PUB 140-2
specific		 FC_GetFunctionList Return the list of FIPS PUB 140-1 functions

General

purpose		 FC_Initialize initializes Cryptoki
FC_Finalize finalizes Cryptoki (1.1)
FC_GetInfo obtains general information about Cryptoki
Slot and

token

management		 FC_GetSlotList obtains a list of slots in the system
FC_GetSlotInfo obtains information about a particular slot
FC_GetTokenInfo obtains information about a particular token
FC_GetMechansimList obtains a list of mechanisms supported by a token
FC_GetMechanismInfo obtains information about a particular mechanism
FC_InitToken initializes a token
FC_InitPIN initializes the normal user?s PIN
FC_SetPIN modifies the PIN of the current user
Session management FC_OpenSession opens a connection or "session" between an application and a particular token
FC_CloseSession closes a session
FC_CloseAllSessions closes all sessions with a token
FC_GetSessionInfo obtains information about the session
FC_GetOperationState saves the state of the cryptographic operation in a session (1.1)
FC_SetOperationState restores the state of the cryptographic operation in a session (1.1)
FC_Login logs into a token
FC_Logout logs out from a token
Object
management		 FC_CreateObject creates an object
FC_CopyObject creates a copy of an object
FC_DestroyObject destroys an object
FC_GetObjectSize obtains the size of an object in bytes
FC_GetAttributeValue obtains an attribute value of an object
FC_SetAttributeValue modifies an attribute value of an object
FC_FindObjectsInit initializes an object search operation
FC_FindObjects continues an object search operation
FC_FindObjectsFinal finishes an object search operation (1.1)

Encryption and

decryption		 FC_EncryptInit initializes an encryption operation
FC_Encrypt encrypts single-part data
FC_EncryptUpdate continues a multiple-part encryption operation
FC_EncryptFinal finishes a multiple-part encryption operation
FC_DecryptInit initializes a decryption operation
FC_Decrypt decrypts single-part encrypted data
FC_DecryptUpdate continues a multiple-part decryption operation
FC_DecryptFinal finishes a multiple-part decryption operation 
Message
digesting		 FC_DigestInit initializes a message-digesting operation
FC_Digest digests single-part data
FC_DigestUpdate continues a multiple-part digesting operation
FC_DigestKey 
continues a multi-part message-digesting operation by digesting the value
of a secret key as part of the data already digested (1.1)
FC_DigestFinal finishes a multiple-part digesting operation 
Signature

and

verification		 FC_SignInit initializes a signature operation
FC_Sign signs single-part data
FC_SignUpdate continues a multiple-part signature operation
FC_SignFinal finishes a multiple-part signature operation
FC_SignRecoverInit 
initializes a signature operation, where the data can be recovered from
the signature
FC_SignRecover signs single-part data, where the data can be recovered from the signature
FC_VerifyInit initializes a verification operation
FC_Verify verifies a signature on single-part data
FC_VerifyUpdate continues a multiple-part verification operation
FC_VerifyFinal finishes a multiple-part verification operation
FC_VerifyRecoverInit 
initializes a verification operation where the data is recovered from
the signature
FC_VerifyRecover 
verifies a signature on single-part data, where the data is recovered
from the signature		 
Dual-function

cryptographic


operations		 FC_DigestEncryptUpdate continues a multiple-part digesting and encryption operation (1.1)
FC_DecryptDigestUpdate continues a multiple-part decryption and digesting operation (1.1)
FC_SignEncryptUpdate continues a multiple-part signing and encryption operation (1.1)
FC_DecryptVerifyUpdate continues a multiple-part decryption and verify operation (1.1) 
Key
management		 FC_GenerateKey generates a secret key
FC_GenerateKeyPair generates a public-key/private-key pair
FC_WrapKey wraps (encrypts) a key
FC_UnwrapKey unwraps (decrypts) a key
FC_DeriveKey derives a key from a base key 
Random number
generation		 FC_SeedRandom mixes in additional seed material to the random number generator
FC_GenerateRandom generates random data
Function management FC_GetFunctionStatus obtains updated status of a function running in parallel with the application
FC_CancelFunction cancels a function running in parallel with the application
Callbacks Notify processes notifications from Cryptoki
PKCS #12 
Personal 

Information
Exchange		 The PKCS #12 API will specify a standard interface based upon

the forthcoming PKCS #12 standard which allows this private service to be used to exchange data such as private keys and certificates between two parties and consists of the eight routines including SEC_PKCS12CreateExportContext, 

SEC_PKCS12CreatePasswordPrivSafe(), SEC_PKCS12AddCertAndKey(), SEC_PKCS12Encode(), 
SEC_PKCS12DestroyExportContext(), SEC_PKCS12DecoderStart(), SEC_PKCS12DecoderUpdate(),
and SEC_PKCS12DecoderFinish().
Prime 
Number
Generation		 This public service consists of the two routines used for generating a prime number including mpp_make_prime() and mpp_pprime().
Private Key 
Storage and
Retrieval		 This private service is utilized to perform private key 
storage and retrieval and consists of the seven routines including
SECKEY_OpenKeyDB(), SECKEY_TraverseKeys(), SECKEY_UpdateKeyDBPass1() SECKEY_UpdateKeyDBPass2(),
SECKEY_FindKeyByPublicKey(), SECKEY_DeleteKey(), and SECKEY_CloseKeyDB().
Pseudorandom 
Number
Generation		 This public service consists of the four routines 
used for global pseudorandom number generation including RNG_RNGInit(), 
RNG_GenerateGlobalRandomBytes(), RNG_RandomUpdate(), and RNG_RNGShutdown(), 
and the three routines used for seeding pseudorandom number generation 
including RNG_GetNoise(), RNG_SystemInfoForRNG(), and RNG_FileForRNG().

A continuous pseudorandom number generator test is performed whenever a new

pseudorandom number is generated.
SSL Session ID 
Cache 

(Secret
Management)		 This public service consists of the five routines 
used to perform session ID cache management including SSL_ConfigServerSessionIDCache(),
ssl_FreeSID(), ssl_LookupSID(), ssl_ChooseSessionIDProcs(), and SSL_ClearSessionCache().
TLS pseudorandom function (PRF) TLS pseudorandom function (PRF) is utilized by SSL 3.0 protocol 
to produce FIPS 140-1 compliant hashes of security relevant data items [pre-master secret]. See <a href="../sslchanges/index.html">SSL changes in Security

Module 1.01</a>

for full details.
Retrieved from "https://wiki.mozilla.org/index.php?title=Section_C_Table_II&oldid=23876"