You observe that, for the encrypt/decrypt test, pk11_PairwiseConsistencyCheck calls PK11_GetPrivateModulusLen to get the length of the modulus and that this function attempts to read out the CKA_MODULUS from the private key, which apparently fails for some PKCS11 modules, which (I gather) makes life difficult.
You observe that, for the sign/verify test, pk11_PairwiseConsistencyCheck calls PK11_SignatureLen (instead of PK11_GetPrivateModulusLen) to get the modulus length. PK11_SignatureLen calls PK11_GetPrivateModulusLen, and if that fails, it then calls pk11_backupGetSignLength, which actually calls C_Sign to get the length it returns.
You wonder why pk11_PairwiseConsistencyCheck doesn't use the same or similar algorithms for both the encrypt/decrypt and the sign/verify tests.
Finally, you wonder why the code doesn't try to get the value of CKA_MODULUS_BITS first, in both cases.
Do I understand your message correctly?
I believe I know the answers to some of these questions, and I have some similar questions of my own.
pk11_backupGetSignLength only works with keys that have the CKA_SIGN attribute set to TRUE. Consequenly, one would expect it would fail with many decryption private keys. I'm pretty sure that's why NSS doesn't attempt to call pk11_backupGetSignLength in the encrypt/decrypt case.
Since pk11_PairwiseConsistencyCheck takes both the public and private keys as arguments, and since the length of the modulus is readily available in the public key structure, I wonder why it doesn't look there instead.
As to why NSS does not try CKA_MODULUS_BITS first, I think the answer is simply the age of the code. This code was written originally for PKCS 11 v1.0 which (IIRC) didn't have CKA_MODULUS_BITS. It just wasn't an option when the code was written, I think.
I also strongly suspect that the reason that the signing test has a fallback path and the encryption test doesn't is that NSS has never encountered this problem with any PKCS11 modules before in the encryption test. That wheel didn't squeak, so it didn't get grease.
What PKCS11 module is it that isn't willing to give out the CKA_MODULUS from the private key? It is a *public* value, after all.
I invite you to (a) file an NSS bug about this in bugzilla (you can use this message for the initial description), and (b) contribute a patch that fixes this problem to your satisfaction by attaching it to the bug report. Really! This is your chance for fame and glory! :)
-- Nelson B
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
