Fix DSA / BLAPI interface by creating stub functions that have the smimetk_branch
authorchrisk%netscape.com
Mon, 12 Jun 2000 23:40:28 +0000
branchsmimetk_branch
changeset 360 a2900e842b0ee950e69aec220a45bdd6305ee341
parent 359 d2cafc99bbc3f6f1610aeaba89e227c1b343fe07
child 363 be432b736b56ac6e92594786e7016cf09af70bb3
push idunknown
push userunknown
push dateunknown
Fix DSA / BLAPI interface by creating stub functions that have the correct signature for being called via context->update or context->verify.
security/nss/lib/cryptohi/secvfy.c
security/nss/lib/softoken/pkcs11c.c
--- a/security/nss/lib/cryptohi/secvfy.c
+++ b/security/nss/lib/cryptohi/secvfy.c
@@ -285,41 +285,43 @@ VFY_End(VFYContext *cx)
  * matches it!
  */
 SECStatus
 VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig,
 		 SECOidTag algid, void *wincx)
 {
     SECStatus rv;
     VFYContext *cx;
+    SECItem dsasig;
 
     rv = SECFailure;
 
     cx = VFY_CreateContext(key, sig, algid, wincx);
     if (cx != NULL) {
 	switch (key->keyType) {
 	case rsaKey:
 	    if (PORT_Memcmp(digest->data, cx->digest, digest->len)) {
 		PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
 	    } else {
 		rv = SECSuccess;
 	    }
 	    break;
 	case fortezzaKey:
 	case dsaKey:
-	     if (PK11_Verify(cx->key,sig,digest,wincx) != SECSuccess) {
+	    dsasig.data = &cx->digest[0];
+	    dsasig.len = DSA_SIGNATURE_LEN; /* magic size of dsa signature */
+	    if (PK11_Verify(cx->key, &dsasig, digest, cx->wincx) != SECSuccess) {
 		PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
 	    } else {
 		rv = SECSuccess;
 	    }
 	    break;
 	default:
 	    break;
 	}
-
 	VFY_DestroyContext(cx, PR_TRUE);
     }
     return rv;
 }
 
 SECStatus
 VFY_VerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
 	       SECItem *sig, SECOidTag algid, void *wincx)
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -1912,16 +1912,47 @@ pk11_HashSign(PK11HashSignInfo *info,uns
   loser:
     SGN_DestroyDigestInfo(di);
     if (arena != NULL) {
 	PORT_FreeArena(arena, PR_FALSE);
     }
     return rv;
 }
 
+static SECStatus
+nsc_DSA_Verify_Stub(void *ctx, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
+			    CK_BYTE_PTR pData, CK_ULONG ulDataLen)
+{
+    SECItem signature, digest;
+
+    signature.data = pSignature;
+    signature.len = ulSignatureLen;
+    digest.data = pData;
+    digest.len = ulDataLen;
+    return DSA_VerifyDigest((DSAPublicKey *)ctx, &signature, &digest);
+}
+
+static SECStatus
+nsc_DSA_Sign_Stub(void *ctx, CK_BYTE_PTR pSignature,
+			    CK_ULONG_PTR ulSignatureLen, CK_ULONG maxulSignatureLen,
+			    CK_BYTE_PTR pData, CK_ULONG ulDataLen)
+{
+    SECItem signature = { 0 }, digest;
+    SECStatus rv;
+
+    (void)SECITEM_AllocItem(NULL, &signature, maxulSignatureLen);
+    digest.data = pData;
+    digest.len = ulDataLen;
+    rv = DSA_SignDigest((DSAPrivateKey *)ctx, &signature, &digest);
+    *ulSignatureLen = signature.len;
+    PORT_Memcpy(pSignature, signature.data, signature.len);
+    SECITEM_FreeItem(&signature, PR_FALSE);
+    return rv;
+}
+
 /* NSC_SignInit setups up the signing operations. There are three basic
  * types of signing:
  *	(1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
  *  to data in a single Sign operation (which often looks a lot like an
  *  encrypt, with data coming in and data going out).
  *	(2) Hash based signing, where we continually hash the data, then apply
  *  some sort of signature to the end.
  *	(3) Block Encryption CBC MAC's, where the Data is encrypted with a key,
@@ -2054,19 +2085,19 @@ finish_rsa:
 	    crv = CKR_KEY_TYPE_INCONSISTENT;
 	    break;
 	}
 	privKey = pk11_GetPrivKey(key,CKK_DSA);
 	if (privKey == NULL) {
 	    crv = CKR_HOST_MEMORY;
 	    break;
 	}
-	context->cipherInfo = DSA_CreateSignContext(privKey);
-	context->update     = (PK11Cipher) DSA_SignDigest;
-	context->destroy    = (PK11Destroy) DSA_DestroySignContext;
+	context->cipherInfo = &(privKey->u.dsa);
+	context->update     = (PK11Cipher) nsc_DSA_Sign_Stub;
+	context->destroy    = pk11_Null;
 
         if (key->objectInfo != privKey) SECKEY_LowDestroyPrivateKey(privKey);
 	break;
     case CKM_MD2_HMAC_GENERAL:
 	crv = pk11_doHMACInit(context,SEC_OID_MD2,key,
 				*(CK_ULONG *)pMechanism->pParameter);
 	break;
     case CKM_MD2_HMAC:
@@ -2460,19 +2491,19 @@ finish_rsa:
 	    break;
 	}
 	context->multi = PR_FALSE;
 	pubKey = pk11_GetPubKey(key,CKK_DSA);
 	if (pubKey == NULL) {
 	    crv = CKR_HOST_MEMORY;
 	    break;
 	}
-	context->cipherInfo = DSA_CreateVerifyContext(pubKey);
-	context->verify     = (PK11Verify) DSA_VerifyDigest;
-	context->destroy    = (PK11Destroy) DSA_DestroyVerifyContext;
+	context->cipherInfo = &(pubKey->u.dsa);
+	context->verify     = (PK11Verify) nsc_DSA_Verify_Stub;
+	context->destroy    = pk11_Null;
 	break;
 
     case CKM_MD2_HMAC_GENERAL:
 	crv = pk11_doHMACInit(context,SEC_OID_MD2,key,
 				*(CK_ULONG *)pMechanism->pParameter);
 	break;
     case CKM_MD2_HMAC:
 	crv = pk11_doHMACInit(context,SEC_OID_MD2,key,MD2_LENGTH);
@@ -2513,17 +2544,16 @@ finish_rsa:
 	pk11_FreeSession(session);
 	return crv;
     }
     pk11_SetContextByType(session, PK11_VERIFY, context);
     pk11_FreeSession(session);
     return CKR_OK;
 }
 
-
 /* NSC_Verify verifies a signature in a single-part operation, 
  * where the signature is an appendix to the data, 
  * and plaintext cannot be recovered from the signature */
 CK_RV NSC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
     CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
 {
     PK11Session *session;
     PK11SessionContext *context;