#41 Allow caller to supply DSA parameters

Enhancement_Request
open
nobody
5
2001-04-04
2001-04-04
Carl Dawson
No

The PKCS11 CSP uses a hard-coded set of DSA community
parameters, and does not use/accept caller supplied
DSA community parameters. I have implemented a work
around that allows the caller to set these parameters
by creating a DSA KeyGen context for the required key
length, updating the context with the caller's DSA
parameters, and lastly call the GenerateKeyPair()
function. E.g.

CSSM_CSP_CreateKeyGenContext( hCSP, CSSM_ALGID_DSA,
<key-size-in-bits>, ...);

CSSM_CONTEXT_ATTRIBUTE Params[3];
Params[0].AttributeType = CSSM_ATTRIBUTE_PRIME;
Params[0].AttributeLength = sizeof( CSSM_DATA);
Params[0].Attribute.Data = &pDSAParams->p;
Params[1].AttributeType = CSSM_ATTRIBUTE_SUBPRIME;
Params[1].AttributeLength = sizeof( CSSM_DATA);
Params[1].Attribute.Data = &pDSAParams->q;
Params[2].AttributeType = CSSM_ATTRIBUTE_BASE;
Params[2].AttributeLength = sizeof( CSSM_DATA);
Params[2].Attribute.Data = &pDSAParams->g;

CSSM_UpdateContextAttributes( hCC, 3, Params);

CSSM_GenerateKeyPair( hCC, CSSM_KEYUSE_...);

The patch made to the beast of a function
ADDIN_CSM_GenerateKeyPair() in the module
addins\intel\cssmcsp\pkcs_2_0\csp_kgen.c (search for
CHD to locate) allows the above approach to work,
while retaining previous behaviour (i.e. Certificate
Manager still works by picking up and using thee hard
coded DSA parameters).

Discussion

  • Carl Dawson
    Carl Dawson
    2001-04-04

    PKCS11 key generation functions

     
    Attachments