Update NSS to NSS 3.14 Beta 1.

mozilla/security/nss/lib/pk11wrap/pk11pqg.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* Thse functions are stub functions which will get replaced with calls through
  * PKCS #11.
  */
 
 #include "pk11func.h"
 #include "secmod.h"
 #include "secmodi.h"
 #include "secmodti.h"
 #include "pkcs11t.h"
 #include "pk11pqg.h"
 #include "secerr.h"
 
 
 /* Generate PQGParams and PQGVerify structs.
- * Length of P specified by j.  Length of h will match length of P.
+ * Length of P specified by L.
+ *   if L is greater than 1024 then the resulting verify parameters will be
+ *   DSA2.
+ * Length of Q specified by N. If zero, The PKCS #11 module will
+ *   pick an appropriately sized Q for P. If N is specified and L = 1024, then
+ *   the resulting verify parameters will be DSA2, Otherwise DSA1 parameters 
+ *   will be returned.
  * Length of SEED in bytes specified in seedBytes.
- * seedBbytes must be in the range [20..255] or an error will result.
+ *
+ * The underlying PKCS #11 module will check the values for L, N, 
+ * and seedBytes. The rules for softoken are:
+ * 
+ * If L <= 1024, then L must be between 512 and 1024 in increments of 64 bits.
+ * If L <= 1024, then N must be 0 or 160.
+ * If L >= 1024, then L and N must match the following table:
+ *   L=1024   N=0 or 160
+ *   L=2048   N=0 or 224
+ *   L=2048   N=256
+ *   L=3072   N=0 or 256
+ * if L <= 1024
+ *   seedBbytes must be in the range [20..256].
+ * if L >= 1024
+ *   seedBbytes must be in the range [20..L/16].
  */
 extern SECStatus
-PK11_PQG_ParamGenSeedLen( unsigned int j, unsigned int seedBytes,
-                                 PQGParams **pParams, PQGVerify **pVfy)
+PK11_PQG_ParamGenV2(unsigned int L, unsigned int N,
+         unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy)
 {
     PK11SlotInfo *slot = NULL;
     CK_ATTRIBUTE genTemplate[5];
     CK_ATTRIBUTE *attrs = genTemplate;
     int count = sizeof(genTemplate)/sizeof(genTemplate[0]);
     CK_MECHANISM mechanism;
     CK_OBJECT_HANDLE objectID = CK_INVALID_HANDLE;
     CK_RV crv;
     CK_ATTRIBUTE pTemplate[] = {
         { CKA_PRIME, NULL, 0 },
         { CKA_SUBPRIME, NULL, 0 },
         { CKA_BASE, NULL, 0 },
     };
     CK_ATTRIBUTE vTemplate[] = {
         { CKA_NETSCAPE_PQG_COUNTER, NULL, 0 },
         { CKA_NETSCAPE_PQG_SEED, NULL, 0 },
         { CKA_NETSCAPE_PQG_H, NULL, 0 },
     };
+    CK_ULONG primeBits = L;
+    CK_ULONG subPrimeBits = N;
     int pTemplateCount = sizeof(pTemplate)/sizeof(pTemplate[0]);
     int vTemplateCount = sizeof(vTemplate)/sizeof(vTemplate[0]);
     PRArenaPool *parena = NULL;
     PRArenaPool *varena = NULL;
     PQGParams *params = NULL;
     PQGVerify *verify = NULL;
-    CK_ULONG primeBits = PQG_INDEX_TO_PBITS(j);
     CK_ULONG seedBits = seedBytes*8;
 
     *pParams = NULL;
     *pVfy =  NULL;
 
     if (primeBits == (CK_ULONG)-1) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         goto loser;
     }
     PK11_SETATTRS(attrs, CKA_PRIME_BITS,&primeBits,sizeof(primeBits)); attrs++;
+    if (subPrimeBits != 0) {
+        PK11_SETATTRS(attrs, CKA_SUB_PRIME_BITS, 
+                                &subPrimeBits, sizeof(subPrimeBits)); attrs++;
+    }
     if (seedBits != 0) {
         PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_SEED_BITS, 
                                         &seedBits, sizeof(seedBits)); attrs++;
     }
     count = attrs - genTemplate;
     PR_ASSERT(count <= sizeof(genTemplate)/sizeof(CK_ATTRIBUTE));
 
     slot = PK11_GetInternalSlot();
     if (slot == NULL) {
         /* set error */
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);/* shouldn't happen */
         goto loser;
     }
 
+    /* make sure the internal slot can handle DSA2 type parameters. */
+    if (primeBits > 1024) {
+        CK_MECHANISM_INFO mechanism_info;
+
+        if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
+        crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
+                        CKM_DSA_PARAMETER_GEN, &mechanism_info);
+        if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
+        /* a bug in the old softoken left CKM_DSA_PARAMETER_GEN off of the
+         * mechanism List. If we get a failure asking for this value, we know
+         * it can't handle DSA2 */
+        if ((crv != CKR_OK) || (mechanism_info.ulMaxKeySize < primeBits)) {
+            PK11_FreeSlot(slot);
+            slot = PK11_GetBestSlotWithAttributes(CKM_DSA_PARAMETER_GEN, 0,
+                                                primeBits, NULL);
+            if (slot == NULL) {
+                PORT_SetError(SEC_ERROR_NO_TOKEN); /* can happen */
+                goto loser;
+            }
+            /* ditch seedBits in this case, they are NSS specific and at
+             * this point we have a token that claims to handle DSA2 */
+            if (seedBits) {
+                attrs--;
+            }
+        }
+    }
+
     /* Initialize the Key Gen Mechanism */
     mechanism.mechanism = CKM_DSA_PARAMETER_GEN;
     mechanism.pParameter = NULL;
     mechanism.ulParameterLen = 0;
 
     PK11_EnterSlotMonitor(slot);
     crv = PK11_GETTAB(slot)->C_GenerateKey(slot->session,
                          &mechanism, genTemplate, count, &objectID);
     PK11_ExitSlotMonitor(slot);
 
@@ skipping 76 matching lines @@
     if (varena != NULL) {
         PORT_FreeArena(varena,PR_FALSE);
     }
     if (slot) {
         PK11_FreeSlot(slot);
     }
     return SECFailure;
 }
 
 /* Generate PQGParams and PQGVerify structs.
+ * Length of P specified by j.  Length of h will match length of P.
+ * Length of SEED in bytes specified in seedBytes.
+ * seedBbytes must be in the range [20..255] or an error will result.
+ */
+extern SECStatus
+PK11_PQG_ParamGenSeedLen( unsigned int j, unsigned int seedBytes,
+                                 PQGParams **pParams, PQGVerify **pVfy)
+{
+    unsigned int primeBits = PQG_INDEX_TO_PBITS(j);
+    return PK11_PQG_ParamGenV2(primeBits, 0, seedBytes, pParams, pVfy);
+}
+
+/* Generate PQGParams and PQGVerify structs.
  * Length of seed and length of h both equal length of P. 
  * All lengths are specified by "j", according to the table above.
  */
 extern SECStatus
 PK11_PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy)
 {
-    return PK11_PQG_ParamGenSeedLen(j, 0, pParams, pVfy);
+    unsigned int primeBits = PQG_INDEX_TO_PBITS(j);
+    return PK11_PQG_ParamGenV2(primeBits, 0, 0, pParams, pVfy);
 }
 
 /*  Test PQGParams for validity as DSS PQG values.
  *  If vfy is non-NULL, test PQGParams to make sure they were generated
  *       using the specified seed, counter, and h values.
  *
  *  Return value indicates whether Verification operation ran successfully
  *  to completion, but does not indicate if PQGParams are valid or not.
  *  If return value is SECSuccess, then *pResult has these meanings:
  *       SECSuccess: PQGParams are valid.
@@ skipping 26 matching lines @@
     CK_ULONG counter;
     CK_RV crv;
 
     attrs = keyTempl;
     PK11_SETATTRS(attrs, CKA_CLASS, &class, sizeof(class)); attrs++;
     PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType)); attrs++;
     PK11_SETATTRS(attrs, CKA_PRIME, params->prime.data, 
                                                 params->prime.len); attrs++;
     PK11_SETATTRS(attrs, CKA_SUBPRIME, params->subPrime.data, 
                                                 params->subPrime.len); attrs++;
-    PK11_SETATTRS(attrs, CKA_BASE,params->base.data,params->base.len); attrs++;
+    if (params->base.len) {
+        PK11_SETATTRS(attrs, CKA_BASE,params->base.data,params->base.len);
+         attrs++;
+    }
     PK11_SETATTRS(attrs, CKA_TOKEN, &ckfalse, sizeof(ckfalse)); attrs++;
     if (vfy) {
-        counter = vfy->counter;
-        PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_COUNTER, 
+        if (vfy->counter != -1) {
+            counter = vfy->counter;
+            PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_COUNTER, 
                         &counter, sizeof(counter)); attrs++;
+        }
         PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_SEED, 
                         vfy->seed.data, vfy->seed.len); attrs++;
-        PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_H, 
+        if (vfy->h.len) {
+            PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_H, 
                         vfy->h.data, vfy->h.len); attrs++;
+        }
     }
 
     keyCount = attrs - keyTempl;
     PORT_Assert(keyCount <= sizeof(keyTempl)/sizeof(keyTempl[0]));
 
 
     slot = PK11_GetInternalSlot();
     if (slot == NULL) {
         return SECFailure;
     }
@@ skipping 187 matching lines @@
 
 
 /**************************************************************************
  * Fills in caller's "h" SECItem with the h value in verify.
  * Contents can be freed by calling SECITEM_FreeItem(h, PR_FALSE);      
  **************************************************************************/
 extern SECStatus 
 PK11_PQG_GetHFromVerify(const PQGVerify *verify, SECItem * h) {
     return SECITEM_CopyItem(NULL, h, &verify->h);
 }