File jss-ECC-HSM-FIPS.patch of Package jss

Index: jss/security/jss/org/mozilla/jss/crypto/Algorithm.c
===================================================================
--- jss.orig/security/jss/org/mozilla/jss/crypto/Algorithm.c	2011-10-04 20:07:40.000000000 +0300
+++ jss/security/jss/org/mozilla/jss/crypto/Algorithm.c	2011-10-04 21:28:51.810046501 +0300
@@ -113,6 +113,7 @@
 /* 50 */    {SEC_OID_HMAC_SHA256, SEC_OID_TAG},
 /* 51 */    {SEC_OID_HMAC_SHA384, SEC_OID_TAG},
-/* 52 */    {SEC_OID_HMAC_SHA512, SEC_OID_TAG}
+/* 52 */    {SEC_OID_HMAC_SHA512, SEC_OID_TAG},
+/* 53 */    {SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST, SEC_OID_TAG},
 /* REMEMBER TO UPDATE NUM_ALGS!!! */
 };
 
Index: jss/security/jss/org/mozilla/jss/crypto/Algorithm.h
===================================================================
--- jss.orig/security/jss/org/mozilla/jss/crypto/Algorithm.h	2011-10-04 20:07:40.000000000 +0300
+++ jss/security/jss/org/mozilla/jss/crypto/Algorithm.h	2011-10-04 21:29:22.378047472 +0300
@@ -56,7 +56,7 @@
     JSS_AlgType type;
 } JSS_AlgInfo;
 
-#define NUM_ALGS 53
+#define NUM_ALGS 54
 
 extern JSS_AlgInfo JSS_AlgTable[];
 extern CK_ULONG JSS_symkeyUsage[];
Index: jss/security/jss/org/mozilla/jss/crypto/Algorithm.java
===================================================================
--- jss.orig/security/jss/org/mozilla/jss/crypto/Algorithm.java	2011-10-04 20:07:40.000000000 +0300
+++ jss/security/jss/org/mozilla/jss/crypto/Algorithm.java	2011-10-04 21:32:14.706052947 +0300
@@ -236,5 +236,6 @@
     protected static final short SEC_OID_HMAC_SHA256=50;
     protected static final short SEC_OID_HMAC_SHA384=51;
     protected static final short SEC_OID_HMAC_SHA512=52;
+    protected static final short SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST=53;
 
 }
Index: jss/security/jss/org/mozilla/jss/crypto/KeyPairAlgorithm.java
===================================================================
--- jss.orig/security/jss/org/mozilla/jss/crypto/KeyPairAlgorithm.java	2011-10-04 20:07:40.000000000 +0300
+++ jss/security/jss/org/mozilla/jss/crypto/KeyPairAlgorithm.java	2011-10-04 21:28:09.678045162 +0300
@@ -94,7 +94,12 @@
     DSAFamily = new Algorithm(SEC_OID_ANSIX9_DSA_SIGNATURE, "DSA");
 
     public static final Algorithm
-    ECFamily = new Algorithm(SEC_OID_ANSIX962_EC_PUBLIC_KEY, "EC");
+
+//    To support both ECDSA and ECDH, it is best to provide two EC Families;
+//    However, since there is no token that does only CKM_DERIVE to
+//    date, we will just do ECDSA for now as it is sufficient enough today.
+//    This fix will support tokens that do not do ECDH
+    ECFamily = new Algorithm(SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST, "EC");
 
     public static final KeyPairAlgorithm
     RSA = new KeyPairAlgorithm(CKM_RSA_PKCS_KEY_PAIR_GEN, "RSA", RSAFamily);
Index: jss/security/jss/org/mozilla/jss/crypto/SignatureAlgorithm.java
===================================================================
--- jss.orig/security/jss/org/mozilla/jss/crypto/SignatureAlgorithm.java	2011-10-04 20:07:40.000000000 +0300
+++ jss/security/jss/org/mozilla/jss/crypto/SignatureAlgorithm.java	2011-10-04 21:28:09.678045162 +0300
@@ -124,7 +124,7 @@
      * operates on its input, which should be a hash.
      */
     public static final SignatureAlgorithm
-    ECSignature = new SignatureAlgorithm(SEC_OID_ANSIX962_EC_PUBLIC_KEY, 
+    ECSignature = new SignatureAlgorithm(SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST, 
 	"EC",
         null, null, ANSI_X962_OID.subBranch(2).subBranch(1) );