Re: CKA_SIGN and CKA_VERIFY

Mon, 08 Feb 2010 11:32:22 -0800 

Shailendra N Jain wrote:

Hi,

 In the sample that I am working on, I need to decrypt the mac appended
plaintext. But while verifying the MAC, I am using the below context to call PK11_DigestFinal. 

PK11_CreateContextBySymKey(CKM_MD5_HMAC, CKA_VERIFY, mk, &noParams);

(where mk is MAC key.)
But the call PK11_DigestFinal is returning -8191 (Library failure). The code is failing at the below place 
in security/nss/lib/pk11wrap/pk11cxt.c

    case CKA_VERIFY:
        crv=PK11_GETTAB(context->slot)->C_VerifyFinal(context->session,
                                data,len);


Can someone please advise what could be the cause of the error?

Thanks,
Shailendra
Also in the function below from nss/lib/pk11wrap/pk11cxt.c, why C_SignInit is getting called for CKA_VERIFY? Shouldn't it be C_VerifyInit ? 

/*
 * Context initialization. Used by all flavors of CreateContext
 */
static SECStatus
pk11_context_init(PK11Context *context, CK_MECHANISM *mech_info)
{
    CK_RV crv;
    PK11SymKey *symKey = context->key;
    SECStatus rv = SECSuccess;

    switch (context->operation) {
    case CKA_ENCRYPT:
        crv=PK11_GETTAB(context->slot)->C_EncryptInit(context->session,
                                mech_info, symKey->objectID);
        break;
    case CKA_DECRYPT:
        if (context->fortezzaHack) {
            CK_ULONG count = 0;;
            /* generate the IV for fortezza */
            crv=PK11_GETTAB(context->slot)->C_EncryptInit(context->session,
                                mech_info, symKey->objectID);
            if (crv != CKR_OK) break;
            PK11_GETTAB(context->slot)->C_EncryptFinal(context->session,
                                NULL, &count);
        }
        crv=PK11_GETTAB(context->slot)->C_DecryptInit(context->session,
                                mech_info, symKey->objectID);
        break;
    case CKA_SIGN:
        crv=PK11_GETTAB(context->slot)->C_SignInit(context->session,
                                mech_info, symKey->objectID);
        break;
    case CKA_VERIFY:
        crv=PK11_GETTAB(context->slot)->C_SignInit(context->session,
                                mech_info, symKey->objectID);
        break;
    case CKA_DIGEST:
        crv=PK11_GETTAB(context->slot)->C_DigestInit(context->session,
                                mech_info);
        break;
    default:
        crv = CKR_OPERATION_NOT_INITIALIZED;
        break;
    }

    if (crv != CKR_OK) {
        PORT_SetError( PK11_MapError(crv) );
        return SECFailure;
    }

    /*
     * handle session starvation case.. use our last session to multiplex
     */
    if (!context->ownSession) {
        context->savedData = pk11_saveContext(context,context->savedData,
                                &context->savedLength);
        if (context->savedData == NULL) rv = SECFailure;
        /* clear out out session for others to use */
        pk11_Finalize(context);
    }
    return rv;
}

Regards,
Shailendra

--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to