Document DSA and SHA.
New function BN_pseudo_rand(). Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when generating DSA primes (why not use BN_is_prime()?)
This commit is contained in:
Ulf Möller
94
doc/crypto/DSA_generate_parameters.pod
Normal file
94
doc/crypto/DSA_generate_parameters.pod
Normal file
@@ -0,0 +1,94 @@
|
||||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
DSA_generate_parameters - Generate DSA parameters
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/dsa.h>
|
||||
|
||||
DSA * DSA_generate_parameters(int bits, unsigned char *seed,
|
||||
int seed_len, int *counter_ret, unsigned long *h_ret,
|
||||
void (*callback)(), void *cb_arg);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
DSA_generate_parameters() generates primes p and q and a generator g
|
||||
for use in the DSA.
|
||||
|
||||
B<bits> is the length of the prime to be generated; the DSS allows a
|
||||
maximum of 1024 bits.
|
||||
|
||||
If B<seed> is NULL or B<seed_len> E<lt> 20, the primes will be
|
||||
generated at random. Otherwise, the seed is used to generate
|
||||
them. If the given seed does not yield a prime q, a new random
|
||||
seed is chosen and placed at B<seed>.
|
||||
|
||||
DSA_generate_parameters() places the iteration count in
|
||||
*B<counter_ret> and a counter used for finding a generator in
|
||||
*B<h_ret>, unless these are NULL.
|
||||
|
||||
A callback function may be used to provide feedback about the progress
|
||||
of the key generation. If B<callback> is not B<NULL>, it will be
|
||||
called as follows:
|
||||
|
||||
=over 4
|
||||
|
||||
=item *
|
||||
|
||||
When the the m-th candidate for q is generated, B<callback(0, m,
|
||||
cb_arg)> is called.
|
||||
|
||||
=item *
|
||||
|
||||
B<callback(1, j++, cb_arg)> is called in the inner loop of the
|
||||
Miller-Rabin primality test.
|
||||
|
||||
=item *
|
||||
|
||||
When a prime q has been found, B<callback(2, 0, cb_arg)> and
|
||||
B<callback(3, 0, cb_arg)> are called.
|
||||
|
||||
=item *
|
||||
|
||||
While candidates for p are being tested, B<callback(1, j++, cb_arg)>
|
||||
is called in the inner loop of the Miller-Rabin primality test, then
|
||||
B<callback(0, counter, cb_arg)> is called when the next candidate
|
||||
is chosen.
|
||||
|
||||
=item *
|
||||
|
||||
When p has been found, B<callback(2, 1, cb_arg)> is called.
|
||||
|
||||
=item *
|
||||
|
||||
When the generator has been found, B<callback(3, 1, cb_arg)> is called.
|
||||
|
||||
=back
|
||||
|
||||
=head1 RETURN VALUE
|
||||
|
||||
DSA_generate_parameters() returns a pointer to the DSA structure, or
|
||||
NULL if the parameter generation fails. The error codes can be
|
||||
obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
The deterministic generation of p does not follow the NIST algorithm:
|
||||
r0 is SHA1(s+k+1), but should be SHA1(s+j+k) with j_0=2,
|
||||
j_counter=j_counter-1 + n + 1.
|
||||
|
||||
Seed lengths E<gt> 20 are not supported.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
|
||||
L<DSA_free(3)|DSA_free(3)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
|
||||
argument was added in SSLeay 0.9.0.
|
||||
|
||||
=cut
|
||||
Reference in New Issue
Block a user