From ac61d905855a6832a9b1334bdc70043520bd05d9 Mon Sep 17 00:00:00 2001
From: Jonathan Bernard <jonathan@jdbernard.com>
Date: Fri, 3 Feb 2023 20:38:33 -0600
Subject: [PATCH] Update to track current version of bearssl.

---
 jwt_full.nimble                            |  2 +-
 src/main/jwt_full/jwt.nim                  |  2 +-
 src/main/jwt_full/private/crypto/ecdsa.nim | 23 ++++-----
 src/main/jwt_full/private/crypto/hash.nim  |  4 +-
 src/main/jwt_full/private/crypto/hmac.nim  | 10 ++--
 src/main/jwt_full/private/crypto/pem.nim   | 18 +++----
 src/main/jwt_full/private/crypto/rsa.nim   | 60 +++++++++++-----------
 7 files changed, 59 insertions(+), 60 deletions(-)

diff --git a/jwt_full.nimble b/jwt_full.nimble
index d3f03a0..2de4641 100644
--- a/jwt_full.nimble
+++ b/jwt_full.nimble
@@ -1,6 +1,6 @@
 # Package
 
-version       = "0.1.0"
+version       = "0.2.0"
 author        = "Jonathan Bernard"
 description   = "Full JWT, JWS, JWE, and JWK implementation for Nim, compliant with RFCs 7515-7519."
 license       = "GPL-3.0-or-later"
diff --git a/src/main/jwt_full/jwt.nim b/src/main/jwt_full/jwt.nim
index 65c229c..9d4ecf5 100644
--- a/src/main/jwt_full/jwt.nim
+++ b/src/main/jwt_full/jwt.nim
@@ -1,5 +1,5 @@
 # jwt_full/jwt.nim
-# Copyright 2021 Jonathan Bernard
+# Copyright © 2021 Jonathan Bernard
 
 ## ===============================
 ##             jwt
diff --git a/src/main/jwt_full/private/crypto/ecdsa.nim b/src/main/jwt_full/private/crypto/ecdsa.nim
index 6f296e2..b70994d 100644
--- a/src/main/jwt_full/private/crypto/ecdsa.nim
+++ b/src/main/jwt_full/private/crypto/ecdsa.nim
@@ -1,4 +1,3 @@
-import std/tables
 import bearssl, bearssl_pkey_decoder
 
 import ../../encoding
@@ -35,14 +34,14 @@ func fromBearSslCurveConst(curve: int32): EcCurve =
 func initEcPublicKeyObj(curve: EcCurve, q: string): EcPublicKeyObj =
   result = EcPublicKeyObj(curve: curve, q: q)
   result.bearKey.curve = curve.toBearSslCurveConst
-  result.bearKey.q = cast[ptr char](result.q.cstring)
-  result.bearKey.qlen = q.len
+  result.bearKey.q = cast[ptr byte](result.q.cstring)
+  result.bearKey.qlen = uint q.len
 
 func initEcPrivateKeyObj(curve: EcCurve, x: string): EcPrivateKeyObj =
   result = EcPrivateKeyObj(curve: curve, x: x)
   result.bearKey.curve = curve.toBearSslCurveConst
-  result.bearKey.x = cast[ptr char](result.x.cstring)
-  result.bearKey.xlen = x.len
+  result.bearKey.x = cast[ptr byte](result.x.cstring)
+  result.bearKey.xlen = uint x.len
 
 proc toEcPublicKey(jwk: JWK): EcPublicKeyObj =
   ## Convert an ECDSA public key in JWK format to the wrapper for BearSSL's
@@ -66,7 +65,7 @@ proc toEcPublicKey(pem: string): EcPublicKeyObj =
     cast[BearPemDecoderCallback](pkeyDecoderPush))
 
   let k = pkCtx.key.ec
-  return initEcPublicKeyObj(k.curve.fromBearSslCurveConst, $cstring(k.q))
+  return initEcPublicKeyObj(k.curve.fromBearSslCurveConst, $cast[cstring](k.q))
 
 proc toEcPrivateKey(jwk: JWK): EcPrivateKeyObj =
   ## Convert an ECDSA private key in JWK format to the wrapper for BearSSL's
@@ -81,12 +80,12 @@ proc toEcPrivateKey(jwk: JWK): EcPrivateKeyObj =
 
 proc toEcPrivateKey(pem: string): EcPrivateKeyObj =
   var skCtx: SkeyDecoderContext
-  skeyDecoderInit(addr skCtx)
+  skeyDecoderInit(skCtx)
   decodePem(pem, "EC PRIVATE KEY", addr skCtx,
     cast[BearPemDecoderCallback](skeyDecoderPush))
 
   let k = skCtx.key.ec
-  return initEcPrivateKeyObj(k.curve.fromBearSslCurveConst, $cstring(k.x))
+  return initEcPrivateKeyObj(k.curve.fromBearSslCurveConst, $cast[cstring](k.x))
 
 proc getEcHashCfg(alg: JwtAlgorithm): HashCfg =
   let hashAlg = case alg:
@@ -137,11 +136,11 @@ proc bearEcVerify(
   let ecVerifyImpl = ecdsaVrfyRawGetDefault()
   let resultCode = ecVerifyImpl(
     addr ecAllM15,
-    cast[ptr char](unsafeAddr hashed[0]),
-    hashed.len,
+    hashed.cstring,
+    uint hashed.len,
     unsafeAddr key.bearKey,
-    cast[ptr char](unsafeAddr signature[0]),
-    signature.len)
+    signature.cstring,
+    uint signature.len)
 
   result = resultCode == 1
 
diff --git a/src/main/jwt_full/private/crypto/hash.nim b/src/main/jwt_full/private/crypto/hash.nim
index 4ada3ea..034d310 100644
--- a/src/main/jwt_full/private/crypto/hash.nim
+++ b/src/main/jwt_full/private/crypto/hash.nim
@@ -66,5 +66,5 @@ proc hash*(data: string, alg: HashAlgorithm): string =
   let hashCfg = hashConfig(alg)
   result = newString(hashCfg.size)
   hashCfg.vtable.init(pCtx)
-  hashCfg.vtable.update(pCtx, unsafeAddr data[0], data.len)
-  hashCfg.vtable.output(pCtx, addr result[0])
+  hashCfg.vtable.update(pCtx, data.cstring, uint data.len)
+  hashCfg.vtable.out(pCtx, addr result[0])
diff --git a/src/main/jwt_full/private/crypto/hmac.nim b/src/main/jwt_full/private/crypto/hmac.nim
index 706b3f7..0948984 100644
--- a/src/main/jwt_full/private/crypto/hmac.nim
+++ b/src/main/jwt_full/private/crypto/hmac.nim
@@ -26,13 +26,13 @@ proc bearHMAC(message: string, alg: JwtAlgorithm, key: string): string =
   var keyCtx: HmacKeyContext
   var hmacCtx: HmacContext
 
-  hmacKeyInit(addr keyCtx, vtable, key.cstring, key.len)
-  hmacInit(addr hmacCtx, addr keyCtx, 0)
-  hmacUpdate(addr hmacCtx, message.cstring, message.len)
+  hmacKeyInit(keyCtx, vtable, key.cstring, uint key.len)
+  hmacInit(hmacCtx, keyCtx, uint 0)
+  hmacUpdate(hmacCtx, message.cstring, uint message.len)
 
-  let resLen = hmacSize(addr hmacCtx)
+  let resLen = hmacSize(hmacCtx)
   result = newString(resLen)
-  discard hmacOut(addr hmacCtx, addr result[0])
+  discard hmacOut(hmacCtx, addr result[0])
 
 proc hmac*(message: string, alg: JwtAlgorithm, key: string): string =
   return bearHMAC(message, alg, key)
diff --git a/src/main/jwt_full/private/crypto/pem.nim b/src/main/jwt_full/private/crypto/pem.nim
index a22df62..da6f42d 100644
--- a/src/main/jwt_full/private/crypto/pem.nim
+++ b/src/main/jwt_full/private/crypto/pem.nim
@@ -3,7 +3,7 @@ import bearssl
 # Taken from  nim-bearssl/decls.nim
 {.pragma: bearSslFunc, cdecl, gcsafe, noSideEffect, raises: [].}
 
-type BearPemDecoderCallback* = proc(keyCtx: pointer, data: pointer, dataLen: int) {.bearSslFunc.}
+type BearPemDecoderCallback* = proc(destCtx: pointer, src: pointer, dataLen: uint) {.bearSslFunc.}
 
 proc decodePem*(
     pem: string,
@@ -13,30 +13,30 @@ proc decodePem*(
   ) =
 
   var pemCtx: PemDecoderContext
-  pemDecoderInit(addr pemCtx)
+  pemDecoderInit(pemCtx)
 
-  var offset = 0
-  var bytesRemaining = len(pem)
+  var offset: uint = 0
+  var bytesRemaining: uint = uint len(pem)
   var readingObj = false
 
   while bytesRemaining > 0:
-    let bytesRead = pemDecoderPush(addr pemCtx, unsafeAddr pem[offset], bytesRemaining)
+    let bytesRead = pemDecoderPush(pemCtx, unsafeAddr pem[offset], uint bytesRemaining)
     offset += bytesRead
     bytesRemaining -= bytesRead
 
-    case pemDecoderEvent(addr pemCtx):
+    case pemDecoderEvent(pemCtx):
       of PEM_BEGIN_OBJ:
         if readingObj:
           raise newException(ValueError,
             "Invalid PEM: saw a second BEGIN before seeing END.")
 
-        if pemDecoderName(addr pemCtx) != expectedObjectName:
+        if pemDecoderName(pemCtx) != expectedObjectName:
           raise newException(ValueError,
             "Invalid PEM: expected BEGIN " & expectedObjectName &
-            " but got BEGIN " & $pemDecoderName(addr pemCtx))
+            " but got BEGIN " & $pemDecoderName(pemCtx))
 
         readingObj = true
-        pemDecoderSetdest(addr pemCtx, callback, keyCtx)
+        pemDecoderSetdest(pemCtx, callback, keyCtx)
 
       of PEM_END_OBJ:
         if readingObj: readingObj = false
diff --git a/src/main/jwt_full/private/crypto/rsa.nim b/src/main/jwt_full/private/crypto/rsa.nim
index 865cf47..4f57987 100644
--- a/src/main/jwt_full/private/crypto/rsa.nim
+++ b/src/main/jwt_full/private/crypto/rsa.nim
@@ -19,24 +19,24 @@ type
 
 func initRsaPublicKeyObj(n, e: string): RsaPublicKeyObj =
   result = RsaPublicKeyObj(n: n, e: e)
-  result.bearKey.n = cast[ptr char](result.n.cstring)
-  result.bearKey.nlen = result.n.len
-  result.bearKey.e = cast[ptr char](result.e.cstring)
-  result.bearKey.elen = result.e.len
+  result.bearKey.n = cast[ptr byte](result.n.cstring)
+  result.bearKey.nlen = uint result.n.len
+  result.bearKey.e = cast[ptr byte](result.e.cstring)
+  result.bearKey.elen = uint result.e.len
 
 func initRsaPrivateKeyObj(nBitLen: int, p, q, dp, dq, iq: string): RsaPrivateKeyObj =
   result = RsaPrivateKeyObj(p: p, q: q, dp: dp, dq: dq, iq: iq)
   result.bearKey.nBitLen = cast[uint32](nBitLen)
-  result.bearKey.p = cast[ptr char](result.p.cstring)
-  result.bearKey.plen = result.p.len
-  result.bearKey.q = cast[ptr char](result.q.cstring)
-  result.bearKey.qlen = result.q.len
-  result.bearKey.dp = cast[ptr char](result.dp.cstring)
-  result.bearKey.dplen = result.dp.len
-  result.bearKey.dq = cast[ptr char](result.dq.cstring)
-  result.bearKey.dqlen = result.dq.len
-  result.bearKey.iq = cast[ptr char](result.iq.cstring)
-  result.bearKey.iqlen = result.iq.len
+  result.bearKey.p = cast[ptr byte](result.p.cstring)
+  result.bearKey.plen = uint result.p.len
+  result.bearKey.q = cast[ptr byte](result.q.cstring)
+  result.bearKey.qlen = uint result.q.len
+  result.bearKey.dp = cast[ptr byte](result.dp.cstring)
+  result.bearKey.dplen = uint result.dp.len
+  result.bearKey.dq = cast[ptr byte](result.dq.cstring)
+  result.bearKey.dqlen = uint result.dq.len
+  result.bearKey.iq = cast[ptr byte](result.iq.cstring)
+  result.bearKey.iqlen = uint result.iq.len
 
 proc toRsaPublicKey(jwk: JWK): RsaPublicKeyObj =
   ## Convert an RSA public key in JWK format to the wrapper for BearSSL's
@@ -60,7 +60,7 @@ proc toRsaPublicKey(pem: string): RsaPublicKeyObj =
     cast[BearPemDecoderCallback](pkeyDecoderPush))
 
   let k = pkCtx.key.rsa
-  return initRsaPublicKeyObj($cstring(k.n), $cstring(k.e))
+  return initRsaPublicKeyObj($cast[cstring](k.n), $cast[cstring](k.e))
 
 
 proc toRsaPrivateKey(jwk: JWK): RsaPrivateKeyObj =
@@ -111,7 +111,7 @@ proc toRsaPrivateKey(jwk: JWK): RsaPrivateKeyObj =
 
 proc toRsaPrivateKey(pem: string): RsaPrivateKeyObj =
   var skCtx: SkeyDecoderContext
-  skeyDecoderInit(addr skCtx)
+  skeyDecoderInit(skCtx)
   decodePem(pem, "RSA PRIVATE KEY", addr skCtx,
     cast[BearPemDecoderCallback](skeyDecoderPush))
 
@@ -119,11 +119,11 @@ proc toRsaPrivateKey(pem: string): RsaPrivateKeyObj =
 
   return initRsaPrivateKeyObj(
     cast[int](k.nBitLen),
-    $cstring(k.p),
-    $cstring(k.q),
-    $cstring(k.dp),
-    $cstring(k.dq),
-    $cstring(k.iq))
+    $cast[cstring](k.p),
+    $cast[cstring](k.q),
+    $cast[cstring](k.dp),
+    $cast[cstring](k.dq),
+    $cast[cstring](k.iq))
 
 proc getRsaHashCfg(alg: JwtAlgorithm): HashCfg =
   let hashAlg = case alg:
@@ -148,11 +148,11 @@ proc bearRsaSign(
   result = newString((key.bearKey.nBitLen + 7) div 8)
 
   let errCode = rsaSignImpl(
-    cast[ptr char](hashCfg.oid),
-    cast[ptr char](unsafeAddr hashed[0]),
-    hashed.len,
+    cast[ptr byte](hashCfg.oid),
+    cast[ptr byte](unsafeAddr hashed[0]),
+    uint hashed.len,
     unsafeAddr key.bearKey,
-    cast[ptr char](addr result[0]))
+    cast[ptr byte](addr result[0]))
 
   if errCode != 1: raise newException(Exception, "RSA signature failed")
 
@@ -169,12 +169,12 @@ proc bearRsaVerify(
   var recoveredHash = newString(hashCfg.size)
 
   let errCode = rsaVerifyImpl(
-    cast[ptr char](unsafeAddr signature[0]),
-    signature.len,
-    cast[ptr char](hashCfg.oid),
-    hashed.len,
+    cast[ptr byte](unsafeAddr signature[0]),
+    uint signature.len,
+    cast[ptr byte](hashCfg.oid),
+    uint hashed.len,
     unsafeAddr key.bearKey,
-    cast[ptr char](addr recoveredHash[0]))
+    cast[ptr byte](addr recoveredHash[0]))
 
   if errCode != 1: return false
   return hashed == recoveredHash