MozillaWiki

Section C Table II: Difference between revisions

Page Discussion

Section C Table II (view source)

Revision as of 14:56, 20 May 2006

37 bytes removed ,  20 May 2006
no edit summary
mNo edit summary
No edit summary
Line 6: Line 6:
</tr>
</tr>


<tr>
<th>Certificate<br>Storage and<br>Retrieval</th>
<td>This <b>private</b> service consists of <b>six</b> routines used to perform certificate storage and retrieval including SEC_OpenPermCertDB(),
AddCertToPermDB(), SEC_TraversePermCerts(), SEC_FindPermCertByKey(), SEC_DeletePermCertificate(), and CERT_ClosePermCertDB().</td>
</tr>
<tr>
<th>Digital<br>Signatures</th>
<td>This <b>private</b> service consists of the <b>one</b> routine used to perform DSA signature generation, DSA_SignDigest(), and the <b>one</b> routine used to perform DSA signature verification, DSA_VerifyDigest(). This service also consists of the <b>three</b> routines used for RSA signature generation, verification, and entity association: RSA_Sign(), RSA_CheckSign(), and RSA_CheckSignRecover(), and the <b>three</b> raw routines used for RSA signature  generation, verification, and entity association: RSA_SignRaw(),
RSA_CheckSignRaw(), and RSA_CheckSignRecoverRaw(). In general, the key generation service must be invoked prior to invoking this service.</td>
</tr>
<tr>
<th>Encryption/ <br>
Decryption</th>
<td>This <b>private</b> service consists of the <b>four</b> routines used to perform DES Encryption/Decryption including DES_CreateContext(), DES_Encrypt(), DES_Decrypt(), and DES_DestroyContext(). Single-key DES service is provided by using the NSS_DES and NSS_DES_CBC modes with DES_CreateContext(). Triple-DES service is provided by using the NSS_DES_EDE3 and NSS_DES_EDE3_CBC modes with DES_CreateContext().</td>
</tr>
<tr>
<th>Hashing</th>
<td>This <b>public</b> service consists of the <b>eight</b> routines used to perform SHA-1 hashing including SHA1_NewContext(), SHA1_CloneContext(), SHA1_Begin(), SHA1_Update(), SHA1_End(), SHA1_HashBuf(), SHA1_Hash(), and
SHA1_DestroyContext().</td>
</tr>
<tr>
<th>Key<br>Generation</th>
<td>This <b>private</b> service is utilized to perform key generation and consists of the <b>six</b> routines used to perform DSA key generation including PQGParamGen(), PQG_ParamGenSeedLen(), PQG_VerifyParams(), DSA_CreateKeyGenContext(), DSA_NewKey(), and DSA_NewKeyFromSeed(), and the b>one</b> routine used for RSA private key generation called RSA_NewKey() (only used for entity association in public key exchange). When RSA_NewKey() is used in public key exchange between two parties, the Pairwise Consistency Test requires routines to check this symmetric algorithm. These consist of <b>two</b> routines used for entity association which include RSA_EncryptBlock(), and RSA_DecryptBlock(), and <b>two</b> raw routines used for entity association which include RSA_EncryptRaw(), and RSA_DecryptRaw().</td>
</tr>
<tr>
<th>PKCS #5<br>Password-Based<br>Encryption</th>
<td>The PKCS #5 API specifies a standard interface based upon the PKCS #5 standard which allows this <b>private</b> service to be used to perform password-based encryption and consists of the <b>five</b> routines including SEC_PKCS5GetSalt(), SEC_PKCS5GetIV(), SEC_PKCS5GetKey(), SEC_PKCS5CipherData(), and SEC_PKCS5CreateAlgorithmID().</td>
</tr>
<tr>
<tr>
<th>PKCS #11</th>
<th>PKCS #11</th>
<td>The PKCS #11 API specifies a standard interface based upon the PKCS #11 standard which allows for the selection of a FIPS PUB 140-1 mode of operation that provides both <b>public</b> and <b>private</b> services as well as a means of authentication into all <b>private</b> services, creates and maintains entry points for all FIPS PUB 140-1 specific routines including pk11_fipsPowerUpSelfTest() at initialization as well as on demand for subsequent logins, and enforces a pairwise consistency check on all key generation algorithms. NSS's FIPS PUB 140-1 PKCS #11 implementation defines the following standard crypto API:  
<td>The PKCS #11 API specifies a standard interface based upon the PKCS #11 standard, which allows for the selection of a FIPS 140-2 mode of operation that provides both <b>public</b> and <b>private</b> services as well as a means of authentication into all <b>private</b> services, creates and maintains entry points for all FIPS 140-2 specific routines including sftk_fipsPowerUpSelfTest() at initialization as well as on demand for subsequent logins, and enforces a pairwise consistency check on all key generation algorithms. NSS's FIPS 140-2 PKCS #11 implementation defines the following standard crypto API:  
<center>  
<center>  
<table border="1">
<table border="1">


<tbody>
<tr>
<tr>
<td valign="Top" width="20%"><b><font face="Palatino"><font size="-1">  
<td valign="Top" width="20%"><b><font face="Palatino"><font size="-1">  
Line 54: Line 20:


<tr>
<tr>
<td valign="Top" width="20%"><font face="Palatino"><font size="-1"> FIPS PUB 140-2</font></font> <br>
<td valign="Top" width="20%"><font face="Palatino"><font size="-1"> FIPS 140-2</font></font> <br>
<font face="Palatino"><font size="-1">specific</font></font></td>
<font face="Palatino"><font size="-1">specific</font></font></td>
<td valign="Top" width="26%"><font face="Palatino"><font size="-1"> FC_GetFunctionList</font></font></td>
<td valign="Top" width="26%"><font face="Palatino"><font size="-1"> FC_GetFunctionList</font></font></td>


<td valign="Top" width="54%"><font face="Palatino"><font size="-1"> Return the list of FIPS PUB 140-1 functions</font></font></td>
<td valign="Top" width="54%"><font face="Palatino"><font size="-1"> Return the list of FIPS 140-2 functions</font></font></td>
</tr>
</tr>


Line 515: Line 481:
</tr>
</tr>
   
   
</tbody>
</table>
</table>
</center>
</center>
</td>
</td>
</tr>
<tr>
<th>Certificate<br>Storage and<br>Retrieval</th>
<td>This <b>private</b> service consists of <b>six</b> routines used to perform certificate storage and retrieval including SEC_OpenPermCertDB(),
AddCertToPermDB(), SEC_TraversePermCerts(), SEC_FindPermCertByKey(), SEC_DeletePermCertificate(), and CERT_ClosePermCertDB().</td>
</tr>
<tr>
<th>Digital<br>Signatures</th>
<td>This <b>private</b> service consists of the <b>one</b> routine used to perform DSA signature generation, DSA_SignDigest(), and the <b>one</b> routine used to perform DSA signature verification, DSA_VerifyDigest(). This service also consists of the <b>three</b> routines used for RSA signature generation, verification, and entity association: RSA_Sign(), RSA_CheckSign(), and RSA_CheckSignRecover(), and the <b>three</b> raw routines used for RSA signature  generation, verification, and entity association: RSA_SignRaw(),
RSA_CheckSignRaw(), and RSA_CheckSignRecoverRaw(). In general, the key generation service must be invoked prior to invoking this service.</td>
</tr>
<tr>
<th>Encryption/ <br>
Decryption</th>
<td>This <b>private</b> service consists of the <b>four</b> routines used to perform DES Encryption/Decryption including DES_CreateContext(), DES_Encrypt(), DES_Decrypt(), and DES_DestroyContext(). Single-key DES service is provided by using the NSS_DES and NSS_DES_CBC modes with DES_CreateContext(). Triple-DES service is provided by using the NSS_DES_EDE3 and NSS_DES_EDE3_CBC modes with DES_CreateContext().</td>
</tr>
<tr>
<th>Hashing</th>
<td>This <b>public</b> service consists of the <b>eight</b> routines used to perform SHA-1 hashing including SHA1_NewContext(), SHA1_CloneContext(), SHA1_Begin(), SHA1_Update(), SHA1_End(), SHA1_HashBuf(), SHA1_Hash(), and
SHA1_DestroyContext().</td>
</tr>
<tr>
<th>Key<br>Generation</th>
<td>This <b>private</b> service is utilized to perform key generation and consists of the <b>six</b> routines used to perform DSA key generation including PQGParamGen(), PQG_ParamGenSeedLen(), PQG_VerifyParams(), DSA_CreateKeyGenContext(), DSA_NewKey(), and DSA_NewKeyFromSeed(), and the b>one</b> routine used for RSA private key generation called RSA_NewKey() (only used for entity association in public key exchange). When RSA_NewKey() is used in public key exchange between two parties, the Pairwise Consistency Test requires routines to check this symmetric algorithm. These consist of <b>two</b> routines used for entity association which include RSA_EncryptBlock(), and RSA_DecryptBlock(), and <b>two</b> raw routines used for entity association which include RSA_EncryptRaw(), and RSA_DecryptRaw().</td>
</tr>
<tr>
<th>PKCS #5<br>Password-Based<br>Encryption</th>
<td>The PKCS #5 API specifies a standard interface based upon the PKCS #5 standard which allows this <b>private</b> service to be used to perform password-based encryption and consists of the <b>five</b> routines including SEC_PKCS5GetSalt(), SEC_PKCS5GetIV(), SEC_PKCS5GetKey(), SEC_PKCS5CipherData(), and SEC_PKCS5CreateAlgorithmID().</td>
</tr>
</tr>
<tr>
<tr>
Wtchang
canmove, Confirmed users
937

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/26344"