1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2001
19
* the Initial Developer. All Rights Reserved.
23
* Alternatively, the contents of this file may be used under the terms of
24
* either the GNU General Public License Version 2 or later (the "GPL"), or
25
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26
* in which case the provisions of the GPL or the LGPL are applicable instead
27
* of those above. If you wish to allow use of your version of this file only
28
* under the terms of either the GPL or the LGPL, and not to allow others to
29
* use your version of this file under the terms of the MPL, indicate your
30
* decision by deleting the provisions above and replace them with the notice
31
* and other provisions required by the GPL or the LGPL. If you do not delete
32
* the provisions above, a recipient may use your version of this file under
33
* the terms of any one of the MPL, the GPL or the LGPL.
35
* ***** END LICENSE BLOCK ***** */
36
/* Thse functions are stub functions which will get replaced with calls through
50
/* Generate PQGParams and PQGVerify structs.
51
* Length of P specified by j. Length of h will match length of P.
52
* Length of SEED in bytes specified in seedBytes.
53
* seedBbytes must be in the range [20..255] or an error will result.
56
PK11_PQG_ParamGenSeedLen( unsigned int j, unsigned int seedBytes,
57
PQGParams **pParams, PQGVerify **pVfy)
59
PK11SlotInfo *slot = NULL;
60
CK_ATTRIBUTE genTemplate[5];
61
CK_ATTRIBUTE *attrs = genTemplate;
62
int count = sizeof(genTemplate)/sizeof(genTemplate[0]);
63
CK_MECHANISM mechanism;
64
CK_OBJECT_HANDLE objectID = CK_INVALID_HANDLE;
66
CK_ATTRIBUTE pTemplate[] = {
67
{ CKA_PRIME, NULL, 0 },
68
{ CKA_SUBPRIME, NULL, 0 },
69
{ CKA_BASE, NULL, 0 },
71
CK_ATTRIBUTE vTemplate[] = {
72
{ CKA_NETSCAPE_PQG_COUNTER, NULL, 0 },
73
{ CKA_NETSCAPE_PQG_SEED, NULL, 0 },
74
{ CKA_NETSCAPE_PQG_H, NULL, 0 },
76
int pTemplateCount = sizeof(pTemplate)/sizeof(pTemplate[0]);
77
int vTemplateCount = sizeof(vTemplate)/sizeof(vTemplate[0]);
78
PRArenaPool *parena = NULL;
79
PRArenaPool *varena = NULL;
80
PQGParams *params = NULL;
81
PQGVerify *verify = NULL;
82
CK_ULONG primeBits = PQG_INDEX_TO_PBITS(j);
83
CK_ULONG seedBits = seedBytes*8;
88
if (primeBits == (CK_ULONG)-1) {
89
PORT_SetError(SEC_ERROR_INVALID_ARGS);
92
PK11_SETATTRS(attrs, CKA_PRIME_BITS,&primeBits,sizeof(primeBits)); attrs++;
94
PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_SEED_BITS,
95
&seedBits, sizeof(seedBits)); attrs++;
97
count = attrs - genTemplate;
98
PR_ASSERT(count <= sizeof(genTemplate)/sizeof(CK_ATTRIBUTE));
100
slot = PK11_GetInternalSlot();
106
/* Initialize the Key Gen Mechanism */
107
mechanism.mechanism = CKM_DSA_PARAMETER_GEN;
108
mechanism.pParameter = NULL;
109
mechanism.ulParameterLen = 0;
111
PK11_EnterSlotMonitor(slot);
112
crv = PK11_GETTAB(slot)->C_GenerateKey(slot->session,
113
&mechanism, genTemplate, count, &objectID);
114
PK11_ExitSlotMonitor(slot);
117
PORT_SetError( PK11_MapError(crv) );
121
parena = PORT_NewArena(60);
126
crv = PK11_GetAttributes(parena, slot, objectID, pTemplate, pTemplateCount);
128
PORT_SetError( PK11_MapError(crv) );
133
params = (PQGParams *)PORT_ArenaAlloc(parena,sizeof(PQGParams));
134
if (params == NULL) {
139
params->arena = parena;
140
params->prime.type = siUnsignedInteger;
141
params->prime.data = pTemplate[0].pValue;
142
params->prime.len = pTemplate[0].ulValueLen;
143
params->subPrime.type = siUnsignedInteger;
144
params->subPrime.data = pTemplate[1].pValue;
145
params->subPrime.len = pTemplate[1].ulValueLen;
146
params->base.type = siUnsignedInteger;
147
params->base.data = pTemplate[2].pValue;
148
params->base.len = pTemplate[2].ulValueLen;
151
varena = PORT_NewArena(60);
156
crv = PK11_GetAttributes(varena, slot, objectID, vTemplate, vTemplateCount);
158
PORT_SetError( PK11_MapError(crv) );
163
verify = (PQGVerify *)PORT_ArenaAlloc(varena,sizeof(PQGVerify));
164
if (verify == NULL) {
168
verify->arena = varena;
169
verify->counter = (unsigned int)(*(CK_ULONG*)vTemplate[0].pValue);
170
verify->seed.type = siUnsignedInteger;
171
verify->seed.data = vTemplate[1].pValue;
172
verify->seed.len = vTemplate[1].ulValueLen;
173
verify->h.type = siUnsignedInteger;
174
verify->h.data = vTemplate[2].pValue;
175
verify->h.len = vTemplate[2].ulValueLen;
177
PK11_DestroyObject(slot,objectID);
186
if (objectID != CK_INVALID_HANDLE) {
187
PK11_DestroyObject(slot,objectID);
189
if (parena != NULL) {
190
PORT_FreeArena(parena,PR_FALSE);
192
if (varena != NULL) {
193
PORT_FreeArena(varena,PR_FALSE);
201
/* Generate PQGParams and PQGVerify structs.
202
* Length of seed and length of h both equal length of P.
203
* All lengths are specified by "j", according to the table above.
206
PK11_PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy)
208
return PK11_PQG_ParamGenSeedLen(j, 0, pParams, pVfy);
211
/* Test PQGParams for validity as DSS PQG values.
212
* If vfy is non-NULL, test PQGParams to make sure they were generated
213
* using the specified seed, counter, and h values.
215
* Return value indicates whether Verification operation ran succesfully
216
* to completion, but does not indicate if PQGParams are valid or not.
217
* If return value is SECSuccess, then *pResult has these meanings:
218
* SECSuccess: PQGParams are valid.
219
* SECFailure: PQGParams are invalid.
223
PK11_PQG_VerifyParams(const PQGParams *params, const PQGVerify *vfy,
226
CK_ATTRIBUTE keyTempl[] = {
227
{ CKA_CLASS, NULL, 0 },
228
{ CKA_KEY_TYPE, NULL, 0 },
229
{ CKA_PRIME, NULL, 0 },
230
{ CKA_SUBPRIME, NULL, 0 },
231
{ CKA_BASE, NULL, 0 },
232
{ CKA_TOKEN, NULL, 0 },
233
{ CKA_NETSCAPE_PQG_COUNTER, NULL, 0 },
234
{ CKA_NETSCAPE_PQG_SEED, NULL, 0 },
235
{ CKA_NETSCAPE_PQG_H, NULL, 0 },
238
CK_BBOOL ckfalse = CK_FALSE;
239
CK_OBJECT_CLASS class = CKO_KG_PARAMETERS;
240
CK_KEY_TYPE keyType = CKK_DSA;
241
SECStatus rv = SECSuccess;
244
CK_OBJECT_HANDLE objectID;
249
PK11_SETATTRS(attrs, CKA_CLASS, &class, sizeof(class)); attrs++;
250
PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType)); attrs++;
251
PK11_SETATTRS(attrs, CKA_PRIME, params->prime.data,
252
params->prime.len); attrs++;
253
PK11_SETATTRS(attrs, CKA_SUBPRIME, params->subPrime.data,
254
params->subPrime.len); attrs++;
255
PK11_SETATTRS(attrs, CKA_BASE,params->base.data,params->base.len); attrs++;
256
PK11_SETATTRS(attrs, CKA_TOKEN, &ckfalse, sizeof(ckfalse)); attrs++;
258
counter = vfy->counter;
259
PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_COUNTER,
260
&counter, sizeof(counter)); attrs++;
261
PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_SEED,
262
vfy->seed.data, vfy->seed.len); attrs++;
263
PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_H,
264
vfy->h.data, vfy->h.len); attrs++;
267
keyCount = attrs - keyTempl;
268
PORT_Assert(keyCount <= sizeof(keyTempl)/sizeof(keyTempl[0]));
271
slot = PK11_GetInternalSlot();
276
PK11_EnterSlotMonitor(slot);
277
crv = PK11_GETTAB(slot)->C_CreateObject(slot->session, keyTempl, keyCount,
279
PK11_ExitSlotMonitor(slot);
281
/* throw away the keys, we only wanted the return code */
282
PK11_DestroyObject(slot,objectID);
285
*result = SECSuccess;
286
if (crv == CKR_ATTRIBUTE_VALUE_INVALID) {
287
*result = SECFailure;
288
} else if (crv != CKR_OK) {
289
PORT_SetError( PK11_MapError(crv) );
298
/**************************************************************************
299
* Free the PQGParams struct and the things it points to. *
300
**************************************************************************/
302
PK11_PQG_DestroyParams(PQGParams *params) {
303
PQG_DestroyParams(params);
307
/**************************************************************************
308
* Free the PQGVerify struct and the things it points to. *
309
**************************************************************************/
311
PK11_PQG_DestroyVerify(PQGVerify *vfy) {
312
PQG_DestroyVerify(vfy);
316
/**************************************************************************
317
* Return a pointer to a new PQGParams struct that is constructed from *
318
* copies of the arguments passed in. *
319
* Return NULL on failure. *
320
**************************************************************************/
322
PK11_PQG_NewParams(const SECItem * prime, const SECItem * subPrime,
323
const SECItem * base) {
324
return PQG_NewParams(prime, subPrime, base);
328
/**************************************************************************
329
* Fills in caller's "prime" SECItem with the prime value in params.
330
* Contents can be freed by calling SECITEM_FreeItem(prime, PR_FALSE);
331
**************************************************************************/
333
PK11_PQG_GetPrimeFromParams(const PQGParams *params, SECItem * prime) {
334
return PQG_GetPrimeFromParams(params, prime);
338
/**************************************************************************
339
* Fills in caller's "subPrime" SECItem with the prime value in params.
340
* Contents can be freed by calling SECITEM_FreeItem(subPrime, PR_FALSE);
341
**************************************************************************/
343
PK11_PQG_GetSubPrimeFromParams(const PQGParams *params, SECItem * subPrime) {
344
return PQG_GetSubPrimeFromParams(params, subPrime);
348
/**************************************************************************
349
* Fills in caller's "base" SECItem with the base value in params.
350
* Contents can be freed by calling SECITEM_FreeItem(base, PR_FALSE);
351
**************************************************************************/
353
PK11_PQG_GetBaseFromParams(const PQGParams *params, SECItem *base) {
354
return PQG_GetBaseFromParams(params, base);
358
/**************************************************************************
359
* Return a pointer to a new PQGVerify struct that is constructed from *
360
* copies of the arguments passed in. *
361
* Return NULL on failure. *
362
**************************************************************************/
364
PK11_PQG_NewVerify(unsigned int counter, const SECItem * seed,
366
return PQG_NewVerify(counter, seed, h);
370
/**************************************************************************
371
* Returns "counter" value from the PQGVerify.
372
**************************************************************************/
374
PK11_PQG_GetCounterFromVerify(const PQGVerify *verify) {
375
return PQG_GetCounterFromVerify(verify);
378
/**************************************************************************
379
* Fills in caller's "seed" SECItem with the seed value in verify.
380
* Contents can be freed by calling SECITEM_FreeItem(seed, PR_FALSE);
381
**************************************************************************/
383
PK11_PQG_GetSeedFromVerify(const PQGVerify *verify, SECItem *seed) {
384
return PQG_GetSeedFromVerify(verify, seed);
388
/**************************************************************************
389
* Fills in caller's "h" SECItem with the h value in verify.
390
* Contents can be freed by calling SECITEM_FreeItem(h, PR_FALSE);
391
**************************************************************************/
393
PK11_PQG_GetHFromVerify(const PQGVerify *verify, SECItem * h) {
394
return PQG_GetHFromVerify(verify, h);