From 60ce18fce2bd540885cf84c13031d10d98db5cd0 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 01 2017 03:34:42 +0000 Subject: import nss-softokn-3.28.3-6.el7 --- diff --git a/.gitignore b/.gitignore index 0e92371..34b9ed9 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/nss-softokn-3.16.2.3.tar.gz +SOURCES/nss-softokn-3.28.3.tar.gz diff --git a/.nss-softokn.metadata b/.nss-softokn.metadata index 4226477..aef55ae 100644 --- a/.nss-softokn.metadata +++ b/.nss-softokn.metadata @@ -1 +1 @@ -93048a6f84e161d641f77498ac27ca93d63dd584 SOURCES/nss-softokn-3.16.2.3.tar.gz +ead8285aeb4547630b376e29f9597a05482f3c6f SOURCES/nss-softokn-3.28.3.tar.gz diff --git a/SOURCES/CheckForPeqQ-or-PnoteqQ-before-adding-P-and-Q.patch b/SOURCES/CheckForPeqQ-or-PnoteqQ-before-adding-P-and-Q.patch deleted file mode 100644 index d9d49d9..0000000 --- a/SOURCES/CheckForPeqQ-or-PnoteqQ-before-adding-P-and-Q.patch +++ /dev/null @@ -1,64 +0,0 @@ -# HG changeset patch -# User Wan-Teh Chang -# Date 1430759760 25200 -# Node ID 2c05e861ce070a1c29083b00f987cc930974909d -# Parent ca159a08d006b28aff5b66545f9782a4a0e53349 -Bug 1125025: Check for P == Q or P == -Q before adding P and Q. -Check for P == -P before doubling P. r=rrelyea. - -diff --git a/lib/freebl/ecl/ecp_jac.c b/lib/freebl/ecl/ecp_jac.c ---- a/lib/freebl/ecl/ecp_jac.c -+++ b/lib/freebl/ecl/ecp_jac.c -@@ -139,16 +139,30 @@ ec_GFp_pt_add_jac_aff(const mp_int *px, - MP_CHECKOK(group->meth->field_mul(&A, pz, &B, group->meth)); - MP_CHECKOK(group->meth->field_mul(&A, qx, &A, group->meth)); - MP_CHECKOK(group->meth->field_mul(&B, qy, &B, group->meth)); - - /* C = A - px, D = B - py */ - MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth)); - MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth)); - -+ if (mp_cmp_z(&C) == 0) { -+ /* P == Q or P == -Q */ -+ if (mp_cmp_z(&D) == 0) { -+ /* P == Q */ -+ /* It is cheaper to double (qx, qy, 1) than (px, py, pz). */ -+ MP_DIGIT(&D, 0) = 1; /* Set D to 1. */ -+ MP_CHECKOK(ec_GFp_pt_dbl_jac(qx, qy, &D, rx, ry, rz, group)); -+ } else { -+ /* P == -Q */ -+ MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz)); -+ } -+ goto CLEANUP; -+ } -+ - /* C2 = C^2, C3 = C^3 */ - MP_CHECKOK(group->meth->field_sqr(&C, &C2, group->meth)); - MP_CHECKOK(group->meth->field_mul(&C, &C2, &C3, group->meth)); - - /* rz = pz * C */ - MP_CHECKOK(group->meth->field_mul(pz, &C, rz, group->meth)); - - /* C = px * C^2 */ -@@ -200,17 +214,18 @@ ec_GFp_pt_dbl_jac(const mp_int *px, cons - MP_DIGITS(&t1) = 0; - MP_DIGITS(&M) = 0; - MP_DIGITS(&S) = 0; - MP_CHECKOK(mp_init(&t0)); - MP_CHECKOK(mp_init(&t1)); - MP_CHECKOK(mp_init(&M)); - MP_CHECKOK(mp_init(&S)); - -- if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) { -+ /* P == inf or P == -P */ -+ if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES || mp_cmp_z(py) == 0) { - MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz)); - goto CLEANUP; - } - - if (mp_cmp_d(pz, 1) == 0) { - /* M = 3 * px^2 + a */ - MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth)); - MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth)); - - diff --git a/SOURCES/additional-covscan-fixes.patch b/SOURCES/additional-covscan-fixes.patch deleted file mode 100644 index 708c702..0000000 --- a/SOURCES/additional-covscan-fixes.patch +++ /dev/null @@ -1,73 +0,0 @@ -diff -up ./nss/lib/freebl/cts.c.1154764extras ./nss/lib/freebl/cts.c ---- ./nss/lib/freebl/cts.c.1154764extras 2015-01-12 13:53:36.393855248 -0800 -+++ ./nss/lib/freebl/cts.c 2015-01-12 13:53:36.548856551 -0800 -@@ -97,7 +97,7 @@ CTS_EncryptUpdate(CTSContext *cts, unsig - unsigned int tmp; - int fullblocks; - int written; -- char *saveout = outbuf; -+ char *saveout = (char *) outbuf; - SECStatus rv; - - if (inlen < blocksize) { -@@ -187,7 +187,7 @@ CTS_DecryptUpdate(CTSContext *cts, unsig - unsigned char Cn[MAX_BLOCK_SIZE]; /* block Cn */ - unsigned char lastBlock[MAX_BLOCK_SIZE]; - const unsigned char *tmp; -- char *saveout = outbuf; -+ char *saveout = (char *) outbuf; - unsigned int tmpLen; - int fullblocks, pad; - unsigned int i; -diff -up ./nss/lib/freebl/ldvector.c.1154764extras ./nss/lib/freebl/ldvector.c ---- ./nss/lib/freebl/ldvector.c.1154764extras 2015-01-12 13:53:36.541856492 -0800 -+++ ./nss/lib/freebl/ldvector.c 2015-01-12 13:53:36.549856559 -0800 -@@ -339,8 +339,6 @@ static const struct NSSLOWVectorStr nssv - const NSSLOWVector * - NSSLOW_GetVector(void) - { -- SECStatus rv; -- - /* POST check and stub init happens in FREEBL_GetVector() and - * NSSLOW_Init() respectively */ - return &nssvector; -diff -up ./nss/lib/freebl/lowhash_vector.c.1154764extras ./nss/lib/freebl/lowhash_vector.c ---- ./nss/lib/freebl/lowhash_vector.c.1154764extras 2015-01-12 13:53:36.542856500 -0800 -+++ ./nss/lib/freebl/lowhash_vector.c 2015-01-12 13:53:36.549856559 -0800 -@@ -107,8 +107,6 @@ static PRCallOnceType loadFreeBLOnce; - static PRStatus - freebl_RunLoaderOnce( void ) - { -- PRStatus status; -- - /* Don't have NSPR, so can use the real PR_CallOnce, implement a stripped - * down version. */ - if (loadFreeBLOnce.initialized) { -diff -up ./nss/lib/freebl/rsa.c.1154764extras ./nss/lib/freebl/rsa.c ---- ./nss/lib/freebl/rsa.c.1154764extras 2015-01-12 13:53:36.479855971 -0800 -+++ ./nss/lib/freebl/rsa.c 2015-01-12 13:53:36.549856559 -0800 -@@ -343,11 +343,10 @@ RSA_NewKey(int keySizeInBits, SECItem *p - if (rsa_fips186_verify(&p, &q, &d, keySizeInBits) ){ - break; - } -- prerr = PORT_GetError(); -- } else { - prerr = SEC_ERROR_NEED_RANDOM; /* retry with different values */ -+ } else { -+ prerr = PORT_GetError(); - } -- prerr = PORT_GetError(); - kiter++; - /* loop until have primes */ - } while (prerr == SEC_ERROR_NEED_RANDOM && kiter < max_attempts); -diff -up ./nss/lib/softoken/legacydb/lgfips.c.1154764extras ./nss/lib/softoken/legacydb/lgfips.c ---- ./nss/lib/softoken/legacydb/lgfips.c.1154764extras 2015-01-12 13:53:36.386855189 -0800 -+++ ./nss/lib/softoken/legacydb/lgfips.c 2015-01-12 13:53:36.550856568 -0800 -@@ -81,7 +81,6 @@ static void - lg_startup_tests(void) - { - PRBool fipsInstalled; -- SECStatus rv; - const char *libraryName = LG_LIB_NAME; - - PORT_Assert(!sftk_self_tests_ran); diff --git a/SOURCES/build-nss-softoken-only.patch b/SOURCES/build-nss-softoken-only.patch deleted file mode 100644 index 1ac89d6..0000000 --- a/SOURCES/build-nss-softoken-only.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -up nss/lib/Makefile.softokenonly nss/lib/Makefile ---- nss/lib/Makefile.softokenonly 2013-05-29 18:22:03.635077455 -0700 -+++ nss/lib/Makefile 2013-05-29 18:24:15.721185676 -0700 -@@ -68,8 +68,13 @@ UTIL_SRCDIR = - FREEBL_SRCDIR = - SOFTOKEN_SRCDIR = - else -+ifeq ($(NSS_BUILD_SOFTOKEN_ONLY),1) -+UTIL_SRCDIR = -+FREEBL_SRCDIR = freebl -+SOFTOKEN_SRCDIR = softoken - # default is to include all - UTIL_SRCDIR = util - FREEBL_SRCDIR = freebl - SOFTOKEN_SRCDIR = softoken - endif -+endif -diff -up nss/lib/manifest.mn.softokenonly nss/lib/manifest.mn ---- nss/lib/manifest.mn.softokenonly 2013-05-29 18:25:22.309716087 -0700 -+++ nss/lib/manifest.mn 2013-05-29 18:26:24.601206689 -0700 -@@ -17,18 +17,9 @@ DEPTH = .. - # ckfw (builtins module) - # crmf jar (not dll's) - DIRS = \ -- $(UTIL_SRCDIR) \ - $(FREEBL_SRCDIR) \ - $(SQLITE_SRCDIR) \ -- $(DBM_SRCDIR) \ - $(SOFTOKEN_SRCDIR) \ -- base dev pki \ -- libpkix \ -- certdb certhigh pk11wrap cryptohi nss \ -- $(ZLIB_SRCDIR) ssl \ -- pkcs12 pkcs7 smime \ -- crmf jar \ -- ckfw $(SYSINIT_SRCDIR) \ - $(NULL) - - # fortcrypt is no longer built diff --git a/SOURCES/limit-create-fipscheck.patch b/SOURCES/limit-create-fipscheck.patch deleted file mode 100644 index 038b559..0000000 --- a/SOURCES/limit-create-fipscheck.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -U10 ./nss/lib/softoken/fipstokn.c.limit-create-fipscheck ./nss/lib/softoken/fipstokn.c ---- ./nss/lib/softoken/fipstokn.c.limit-create-fipscheck 2014-12-19 13:18:57.374673644 +0100 -+++ ./nss/lib/softoken/fipstokn.c 2014-12-19 13:40:13.817982735 +0100 -@@ -742,27 +742,36 @@ - } - return rv; - } - - - /* FC_CreateObject creates a new object. */ - CK_RV FC_CreateObject(CK_SESSION_HANDLE hSession, - CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, - CK_OBJECT_HANDLE_PTR phObject) { - CK_OBJECT_CLASS * classptr; -+ CK_RV rv = CKR_OK; - -- SFTK_FIPSCHECK(); - CHECK_FORK(); - - classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS); - if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE; - -+ if (*classptr == CKO_NETSCAPE_NEWSLOT || *classptr == CKO_NETSCAPE_DELSLOT) { -+ if (sftk_fatalError) -+ return CKR_DEVICE_ERROR; -+ } else { -+ rv = sftk_fipsCheck(); -+ if (rv != CKR_OK) -+ return rv; -+ } -+ - /* FIPS can't create keys from raw key material */ - if (SFTK_IS_NONPUBLIC_KEY_OBJECT(*classptr)) { - rv = CKR_ATTRIBUTE_VALUE_INVALID; - } else { - rv = NSC_CreateObject(hSession,pTemplate,ulCount,phObject); - } - if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(*classptr)) { - sftk_AuditCreateObject(hSession,pTemplate,ulCount,phObject,rv); - } - return rv; diff --git a/SOURCES/nss-softokn-3.16-addG.patch b/SOURCES/nss-softokn-3.16-addG.patch deleted file mode 100644 index 31bcb8e..0000000 --- a/SOURCES/nss-softokn-3.16-addG.patch +++ /dev/null @@ -1,194 +0,0 @@ -diff -up ./nss/lib/freebl/pqg.c.addG ./nss/lib/freebl/pqg.c ---- ./nss/lib/freebl/pqg.c.addG 2014-09-22 14:29:55.360361453 -0700 -+++ ./nss/lib/freebl/pqg.c 2014-09-22 14:29:55.386361892 -0700 -@@ -1259,6 +1259,42 @@ pqg_ParamGen(unsigned int L, unsigned in - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } -+ -+ /* Initialize bignums */ -+ MP_DIGITS(&P) = 0; -+ MP_DIGITS(&Q) = 0; -+ MP_DIGITS(&G) = 0; -+ MP_DIGITS(&H) = 0; -+ MP_DIGITS(&l) = 0; -+ MP_DIGITS(&p0) = 0; -+ CHECK_MPI_OK( mp_init(&P) ); -+ CHECK_MPI_OK( mp_init(&Q) ); -+ CHECK_MPI_OK( mp_init(&G) ); -+ CHECK_MPI_OK( mp_init(&H) ); -+ CHECK_MPI_OK( mp_init(&l) ); -+ CHECK_MPI_OK( mp_init(&p0) ); -+ -+ /* parameters have been passed in, only generate G */ -+ if (*pParams != NULL) { -+ /* we only support G index generation if generating separate from PQ */ -+ if ((*pVfy != NULL) || (type == FIPS186_1_TYPE) || -+ ((*pVfy)->h.len != 1) || ((*pVfy)->h.data == NULL) || -+ ((*pVfy)->seed.data == NULL) || ((*pVfy)->seed.len == 0)) { -+ PORT_SetError(SEC_ERROR_INVALID_ARGS); -+ return SECFailure; -+ } -+ params = *pParams; -+ verify = *pVfy; -+ -+ /* fill in P Q, */ -+ SECITEM_TO_MPINT((*pParams)->prime, &P); -+ SECITEM_TO_MPINT((*pParams)->subPrime, &Q); -+ hashtype = getFirstHash(L,N); -+ CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, &(*pVfy)->seed, -+ (*pVfy)->h.data[0], &G) ); -+ MPINT_TO_SECITEM(&G, &(*pParams)->base, (*pParams)->arena); -+ goto cleanup; -+ } - /* Initialize an arena for the params. */ - arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE); - if (!arena) { -@@ -1517,8 +1553,12 @@ cleanup: - rv = SECFailure; - } - if (rv) { -- PORT_FreeArena(params->arena, PR_TRUE); -- PORT_FreeArena(verify->arena, PR_TRUE); -+ if (params) { -+ PORT_FreeArena(params->arena, PR_TRUE); -+ } -+ if (verify) { -+ PORT_FreeArena(verify->arena, PR_TRUE); -+ } - } - if (hit.data) { - SECITEM_FreeItem(&hit, PR_FALSE); -diff -up ./nss/lib/softoken/pkcs11c.c.addG ./nss/lib/softoken/pkcs11c.c ---- ./nss/lib/softoken/pkcs11c.c.addG 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/pkcs11c.c 2014-09-22 14:31:07.813585255 -0700 -@@ -1055,10 +1055,10 @@ finish_des: - context->destroy = (SFTKDestroy) AES_DestroyContext; - break; - -- case CKM_NETSCAPE_AES_KEY_WRAP_PAD: -+ case CKM_NSS_AES_KEY_WRAP_PAD: - context->doPad = PR_TRUE; - /* fall thru */ -- case CKM_NETSCAPE_AES_KEY_WRAP: -+ case CKM_NSS_AES_KEY_WRAP: - context->multi = PR_FALSE; - context->blockSize = 8; - if (key_type != CKK_AES) { -@@ -3497,10 +3497,17 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, - - attribute = sftk_FindAttribute(key, CKA_PRIME_BITS); - if (attribute == NULL) { -- return CKR_TEMPLATE_INCOMPLETE; -+ attribute =sftk_FindAttribute(key, CKA_PRIME); -+ if (attribute == NULL) { -+ return CKR_TEMPLATE_INCOMPLETE; -+ } else { -+ primeBits = attribute->attrib.ulValueLen; -+ sftk_FreeAttribute(attribute); -+ } -+ } else { -+ primeBits = (unsigned int) *(CK_ULONG *)attribute->attrib.pValue; -+ sftk_FreeAttribute(attribute); - } -- primeBits = (unsigned int) *(CK_ULONG *)attribute->attrib.pValue; -- sftk_FreeAttribute(attribute); - if (primeBits < 1024) { - j = PQG_PBITS_TO_INDEX(primeBits); - if (j == (unsigned int)-1) { -@@ -3508,7 +3515,7 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, - } - } - -- attribute = sftk_FindAttribute(key, CKA_NETSCAPE_PQG_SEED_BITS); -+ attribute = sftk_FindAttribute(key, CKA_NSS_PQG_SEED_BITS); - if (attribute != NULL) { - seedBits = (unsigned int) *(CK_ULONG *)attribute->attrib.pValue; - sftk_FreeAttribute(attribute); -@@ -3520,9 +3527,61 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, - sftk_FreeAttribute(attribute); - } - -+ /* if P and Q are supplied, we want to generate a new G */ -+ attribute = sftk_FindAttribute(key, CKA_PRIME); -+ if (attribute != NULL) { -+ PLArenaPool *arena; -+ -+ sftk_FreeAttribute(attribute); -+ arena = PORT_NewArena(1024); -+ if (arena == NULL) { -+ crv = CKR_HOST_MEMORY; -+ goto loser; -+ } -+ params = PORT_ArenaAlloc(arena, sizeof(*params)); -+ if (params == NULL) { -+ crv = CKR_HOST_MEMORY; -+ goto loser; -+ } -+ params->arena = arena; -+ crv = sftk_Attribute2SSecItem(arena, ¶ms->prime, key, CKA_PRIME); -+ if (rv != SECSuccess) { -+ goto loser; -+ } -+ crv = sftk_Attribute2SSecItem(arena, ¶ms->subPrime, -+ key, CKA_SUBPRIME); -+ if (crv != SECSuccess) { -+ goto loser; -+ } -+ -+ arena = PORT_NewArena(1024); -+ if (arena == NULL) { -+ crv = CKR_HOST_MEMORY; -+ goto loser; -+ } -+ vfy = PORT_ArenaAlloc(arena, sizeof(*vfy)); -+ if (vfy == NULL) { -+ crv = CKR_HOST_MEMORY; -+ goto loser; -+ } -+ vfy->arena = arena; -+ crv = sftk_Attribute2SSecItem(arena, &vfy->seed, key, CKA_NSS_PQG_SEED); -+ if (rv != SECSuccess) { -+ goto loser; -+ } -+ crv = sftk_Attribute2SSecItem(arena, &vfy->h, key, CKA_NSS_PQG_H); -+ if (crv != SECSuccess) { -+ goto loser; -+ } -+ sftk_DeleteAttributeType(key,CKA_PRIME); -+ sftk_DeleteAttributeType(key,CKA_SUBPRIME); -+ sftk_DeleteAttributeType(key,CKA_NSS_PQG_SEED); -+ sftk_DeleteAttributeType(key,CKA_NSS_PQG_H); -+ } -+ - sftk_DeleteAttributeType(key,CKA_PRIME_BITS); - sftk_DeleteAttributeType(key,CKA_SUBPRIME_BITS); -- sftk_DeleteAttributeType(key,CKA_NETSCAPE_PQG_SEED_BITS); -+ sftk_DeleteAttributeType(key,CKA_NSS_PQG_SEED_BITS); - - /* use the old PQG interface if we have old input data */ - if ((primeBits < 1024) || ((primeBits == 1024) && (subprimeBits == 0))) { -@@ -3559,17 +3618,19 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, - params->base.data, params->base.len); - if (crv != CKR_OK) goto loser; - counter = vfy->counter; -- crv = sftk_AddAttributeType(key,CKA_NETSCAPE_PQG_COUNTER, -+ crv = sftk_AddAttributeType(key,CKA_NSS_PQG_COUNTER, - &counter, sizeof(counter)); -- crv = sftk_AddAttributeType(key,CKA_NETSCAPE_PQG_SEED, -+ crv = sftk_AddAttributeType(key,CKA_NSS_PQG_SEED, - vfy->seed.data, vfy->seed.len); - if (crv != CKR_OK) goto loser; -- crv = sftk_AddAttributeType(key,CKA_NETSCAPE_PQG_H, -+ crv = sftk_AddAttributeType(key,CKA_NSS_PQG_H, - vfy->h.data, vfy->h.len); - if (crv != CKR_OK) goto loser; - - loser: -- PQG_DestroyParams(params); -+ if (params) { -+ PQG_DestroyParams(params); -+ } - - if (vfy) { - PQG_DestroyVerify(vfy); diff --git a/SOURCES/nss-softokn-3.16-add_encrypt_derive.patch b/SOURCES/nss-softokn-3.16-add_encrypt_derive.patch index 456d2b3..3669d1d 100644 --- a/SOURCES/nss-softokn-3.16-add_encrypt_derive.patch +++ b/SOURCES/nss-softokn-3.16-add_encrypt_derive.patch @@ -1,45 +1,45 @@ diff -up ./nss/lib/softoken/pkcs11.c.add_encrypt_derive ./nss/lib/softoken/pkcs11.c ---- ./nss/lib/softoken/pkcs11.c.add_encrypt_derive 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/pkcs11.c 2014-10-31 17:24:58.021526521 -0700 -@@ -442,11 +442,22 @@ static const struct mechanismList mechan +--- ./nss/lib/softoken/pkcs11.c.add_encrypt_derive 2017-02-17 14:20:06.000000000 +0100 ++++ ./nss/lib/softoken/pkcs11.c 2017-05-26 14:10:26.633700334 +0200 +@@ -423,11 +423,22 @@ static const struct mechanismList mechan #endif - /* --------------------- Secret Key Operations ------------------------ */ - {CKM_GENERIC_SECRET_KEY_GEN, {1, 32, CKF_GENERATE}, PR_TRUE}, -- {CKM_CONCATENATE_BASE_AND_KEY, {1, 32, CKF_GENERATE}, PR_FALSE}, -- {CKM_CONCATENATE_BASE_AND_DATA, {1, 32, CKF_GENERATE}, PR_FALSE}, -- {CKM_CONCATENATE_DATA_AND_BASE, {1, 32, CKF_GENERATE}, PR_FALSE}, -- {CKM_XOR_BASE_AND_DATA, {1, 32, CKF_GENERATE}, PR_FALSE}, -+ {CKM_CONCATENATE_BASE_AND_KEY, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_CONCATENATE_BASE_AND_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_CONCATENATE_DATA_AND_BASE, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_XOR_BASE_AND_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, - {CKM_EXTRACT_KEY_FROM_KEY, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_EXTRACT_KEY_FROM_KEY, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_DES_ECB_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_DES_CBC_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_DES3_ECB_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_DES3_CBC_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_AES_ECB_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_AES_CBC_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_CAMELLIA_ECB_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_CAMELLIA_CBC_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_SEED_ECB_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, -+ {CKM_SEED_CBC_ENCRYPT_DATA, {1, 32, CKF_DERIVE}, PR_FALSE}, - /* ---------------------- SSL Key Derivations ------------------------- */ - {CKM_SSL3_PRE_MASTER_KEY_GEN, {48, 48, CKF_GENERATE}, PR_FALSE}, - {CKM_SSL3_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, + /* --------------------- Secret Key Operations ------------------------ */ + { CKM_GENERIC_SECRET_KEY_GEN, { 1, 32, CKF_GENERATE }, PR_TRUE }, +- { CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_GENERATE }, PR_FALSE }, +- { CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE }, +- { CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_GENERATE }, PR_FALSE }, +- { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE }, ++ { CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, + { CKM_EXTRACT_KEY_FROM_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_EXTRACT_KEY_FROM_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_DES_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_DES_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_DES3_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_DES3_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_AES_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_AES_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_CAMELLIA_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_CAMELLIA_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_SEED_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, ++ { CKM_SEED_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE }, + /* ---------------------- SSL Key Derivations ------------------------- */ + { CKM_SSL3_PRE_MASTER_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_FALSE }, + { CKM_SSL3_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE }, diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs11c.c ---- ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive 2014-10-31 17:24:58.007526287 -0700 -+++ ./nss/lib/softoken/pkcs11c.c 2014-10-31 17:33:59.457507480 -0700 -@@ -5840,6 +5840,44 @@ static CK_RV sftk_ANSI_X9_63_kdf(CK_BYTE +--- ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive 2017-02-17 14:20:06.000000000 +0100 ++++ ./nss/lib/softoken/pkcs11c.c 2017-05-26 14:09:34.990901108 +0200 +@@ -6213,6 +6213,44 @@ sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_UL #endif /* NSS_DISABLE_ECC */ /* + * Handle The derive from a block encryption cipher + */ +CK_RV -+sftk_DeriveEncrypt(SFTKObject *key, CK_ULONG keySize, void *cipherInfo, -+ int blockSize, unsigned char *data, CK_ULONG len, SFTKCipher encrypt) ++sftk_DeriveEncrypt(SFTKObject *key, CK_ULONG keySize, void *cipherInfo, ++ int blockSize, unsigned char *data, CK_ULONG len, SFTKCipher encrypt) +{ + unsigned char *tmpdata = NULL; + SECStatus rv; @@ -47,28 +47,28 @@ diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs + CK_RV crv; + + if ((len % blockSize) != 0) { -+ return CKR_MECHANISM_PARAM_INVALID; ++ return CKR_MECHANISM_PARAM_INVALID; + } + if (keySize && (len < keySize)) { -+ return CKR_MECHANISM_PARAM_INVALID; ++ return CKR_MECHANISM_PARAM_INVALID; + } + if (keySize == 0) { -+ keySize = len; ++ keySize = len; + } + + tmpdata = PORT_Alloc(len); + if (tmpdata == NULL) { -+ return CKR_HOST_MEMORY; ++ return CKR_HOST_MEMORY; + } + rv = (*encrypt)(cipherInfo, tmpdata, &outLen, len, data, len); + if (rv != SECSuccess) { -+ crv = sftk_MapCryptError(PORT_GetError()); -+ PORT_ZFree(tmpdata, len); -+ return crv; ++ crv = sftk_MapCryptError(PORT_GetError()); ++ PORT_ZFree(tmpdata, len); ++ return crv; + } + -+ crv = sftk_forceAttribute (key,CKA_VALUE,tmpdata,keySize); -+ PORT_ZFree(tmpdata,len); ++ crv = sftk_forceAttribute(key, CKA_VALUE, tmpdata, keySize); ++ PORT_ZFree(tmpdata, len); + return crv; +} + @@ -76,158 +76,190 @@ diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs * SSL Key generation given pre master secret */ #define NUM_MIXERS 9 -@@ -5883,6 +5921,9 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h - CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; - CK_OBJECT_CLASS classType = CKO_SECRET_KEY; +@@ -6257,6 +6295,9 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; + CK_OBJECT_CLASS classType = CKO_SECRET_KEY; CK_KEY_DERIVATION_STRING_DATA *stringPtr; + CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr; + CK_DES_CBC_ENCRYPT_DATA_PARAMS *desEncryptPtr; + void *cipherInfo; - PRBool isTLS = PR_FALSE; - PRBool isSHA256 = PR_FALSE; - PRBool isDH = PR_FALSE; -@@ -5892,6 +5933,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h - unsigned char sha_out[SHA1_LENGTH]; - unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; - unsigned char key_block2[MD5_LENGTH]; -+ unsigned char des3key[24]; - PRBool isFIPS; - HASH_HashType hashType; - PRBool extractValue = PR_TRUE; -@@ -6544,6 +6586,136 @@ key_and_mac_derive_fail: - break; - } + CK_MECHANISM_TYPE mechanism = pMechanism->mechanism; + PRBool isTLS = PR_FALSE; + PRBool isDH = PR_FALSE; +@@ -6266,6 +6307,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + unsigned int outLen; + unsigned char sha_out[SHA1_LENGTH]; + unsigned char key_block[NUM_MIXERS * SFTK_MAX_MAC_LENGTH]; ++ unsigned char des3key[24]; + PRBool isFIPS; + HASH_HashType hashType; + PRBool extractValue = PR_TRUE; +@@ -6935,6 +6977,168 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + break; + } -+ case CKM_DES_ECB_ENCRYPT_DATA: -+ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter; -+ cipherInfo = DES_CreateContext( (unsigned char*)att->attrib.pValue, -+ NULL, NSS_DES, PR_TRUE); -+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } -+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, -+ stringPtr->pData, stringPtr->ulLen, (SFTKCipher) DES_Encrypt); -+ DES_DestroyContext(cipherInfo, PR_TRUE); -+ break; ++ case CKM_DES_ECB_ENCRYPT_DATA: ++ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter; ++ cipherInfo = DES_CreateContext((unsigned char *)att->attrib.pValue, ++ NULL, NSS_DES, PR_TRUE); ++ if (cipherInfo == NULL) { ++ crv = CKR_HOST_MEMORY; ++ break; ++ } ++ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, ++ stringPtr->pData, stringPtr->ulLen, (SFTKCipher)DES_Encrypt); ++ DES_DestroyContext(cipherInfo, PR_TRUE); ++ break; + -+ case CKM_DES_CBC_ENCRYPT_DATA: -+ desEncryptPtr = (CK_DES_CBC_ENCRYPT_DATA_PARAMS *) -+ pMechanism->pParameter; -+ cipherInfo = DES_CreateContext( (unsigned char*)att->attrib.pValue, -+ desEncryptPtr->iv, NSS_DES_CBC, PR_TRUE); -+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } -+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, -+ desEncryptPtr->pData, desEncryptPtr->length, -+ (SFTKCipher) DES_Encrypt); -+ DES_DestroyContext(cipherInfo, PR_TRUE); -+ break; ++ case CKM_DES_CBC_ENCRYPT_DATA: ++ desEncryptPtr = (CK_DES_CBC_ENCRYPT_DATA_PARAMS *) ++ pMechanism->pParameter; ++ cipherInfo = DES_CreateContext((unsigned char *)att->attrib.pValue, ++ desEncryptPtr->iv, NSS_DES_CBC, PR_TRUE); ++ if (cipherInfo == NULL) { ++ crv = CKR_HOST_MEMORY; ++ break; ++ } ++ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, ++ desEncryptPtr->pData, desEncryptPtr->length, ++ (SFTKCipher)DES_Encrypt); ++ DES_DestroyContext(cipherInfo, PR_TRUE); ++ break; + -+ case CKM_DES3_ECB_ENCRYPT_DATA: -+ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter; -+ if (att->attrib.ulValueLen == 16) { -+ PORT_Memcpy(des3key, att->attrib.pValue, 16); -+ PORT_Memcpy(des3key + 16, des3key, 8); -+ } else if (att->attrib.ulValueLen == 24) { -+ PORT_Memcpy(des3key, att->attrib.pValue, 24); -+ } else { -+ crv = CKR_KEY_SIZE_RANGE; break; -+ } -+ cipherInfo = DES_CreateContext( des3key, NULL, NSS_DES_EDE3, PR_TRUE); -+ PORT_Memset(des3key, 0, 24); -+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } -+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, -+ stringPtr->pData, stringPtr->ulLen, (SFTKCipher) DES_Encrypt); -+ DES_DestroyContext(cipherInfo, PR_TRUE); -+ break; ++ case CKM_DES3_ECB_ENCRYPT_DATA: ++ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter; ++ if (att->attrib.ulValueLen == 16) { ++ PORT_Memcpy(des3key, att->attrib.pValue, 16); ++ PORT_Memcpy(des3key + 16, des3key, 8); ++ } else if (att->attrib.ulValueLen == 24) { ++ PORT_Memcpy(des3key, att->attrib.pValue, 24); ++ } else { ++ crv = CKR_KEY_SIZE_RANGE; ++ break; ++ } ++ cipherInfo = DES_CreateContext(des3key, NULL, NSS_DES_EDE3, PR_TRUE); ++ PORT_Memset(des3key, 0, 24); ++ if (cipherInfo == NULL) { ++ crv = CKR_HOST_MEMORY; ++ break; ++ } ++ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, ++ stringPtr->pData, stringPtr->ulLen, (SFTKCipher)DES_Encrypt); ++ DES_DestroyContext(cipherInfo, PR_TRUE); ++ break; + -+ case CKM_DES3_CBC_ENCRYPT_DATA: -+ desEncryptPtr = (CK_DES_CBC_ENCRYPT_DATA_PARAMS *) -+ pMechanism->pParameter; -+ if (att->attrib.ulValueLen == 16) { -+ PORT_Memcpy(des3key, att->attrib.pValue, 16); -+ PORT_Memcpy(des3key + 16, des3key, 8); -+ } else if (att->attrib.ulValueLen == 24) { -+ PORT_Memcpy(des3key, att->attrib.pValue, 24); -+ } else { -+ crv = CKR_KEY_SIZE_RANGE; break; -+ } -+ cipherInfo = DES_CreateContext( des3key, desEncryptPtr->iv, -+ NSS_DES_EDE3_CBC, PR_TRUE); -+ PORT_Memset(des3key, 0, 24); -+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } -+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, -+ desEncryptPtr->pData, desEncryptPtr->length, -+ (SFTKCipher) DES_Encrypt); -+ DES_DestroyContext(cipherInfo, PR_TRUE); -+ break; ++ case CKM_DES3_CBC_ENCRYPT_DATA: ++ desEncryptPtr = (CK_DES_CBC_ENCRYPT_DATA_PARAMS *) ++ pMechanism->pParameter; ++ if (att->attrib.ulValueLen == 16) { ++ PORT_Memcpy(des3key, att->attrib.pValue, 16); ++ PORT_Memcpy(des3key + 16, des3key, 8); ++ } else if (att->attrib.ulValueLen == 24) { ++ PORT_Memcpy(des3key, att->attrib.pValue, 24); ++ } else { ++ crv = CKR_KEY_SIZE_RANGE; ++ break; ++ } ++ cipherInfo = DES_CreateContext(des3key, desEncryptPtr->iv, ++ NSS_DES_EDE3_CBC, PR_TRUE); ++ PORT_Memset(des3key, 0, 24); ++ if (cipherInfo == NULL) { ++ crv = CKR_HOST_MEMORY; ++ break; ++ } ++ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, ++ desEncryptPtr->pData, desEncryptPtr->length, ++ (SFTKCipher)DES_Encrypt); ++ DES_DestroyContext(cipherInfo, PR_TRUE); ++ break; + -+ case CKM_AES_ECB_ENCRYPT_DATA: -+ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter; -+ cipherInfo = AES_CreateContext( (unsigned char*)att->attrib.pValue, -+ NULL, NSS_AES, PR_TRUE, att->attrib.ulValueLen, 16); -+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } -+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, -+ stringPtr->pData, stringPtr->ulLen, (SFTKCipher) AES_Encrypt); -+ AES_DestroyContext(cipherInfo, PR_TRUE); -+ break; ++ case CKM_AES_ECB_ENCRYPT_DATA: ++ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter; ++ cipherInfo = AES_CreateContext((unsigned char *)att->attrib.pValue, ++ NULL, NSS_AES, PR_TRUE, att->attrib.ulValueLen, 16); ++ if (cipherInfo == NULL) { ++ crv = CKR_HOST_MEMORY; ++ break; ++ } ++ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, ++ stringPtr->pData, stringPtr->ulLen, (SFTKCipher)AES_Encrypt); ++ AES_DestroyContext(cipherInfo, PR_TRUE); ++ break; + -+ case CKM_AES_CBC_ENCRYPT_DATA: -+ aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *) -+ pMechanism->pParameter; -+ cipherInfo = AES_CreateContext( (unsigned char*)att->attrib.pValue, -+ aesEncryptPtr->iv, NSS_AES_CBC, -+ PR_TRUE, att->attrib.ulValueLen, 16); -+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } -+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, -+ aesEncryptPtr->pData, aesEncryptPtr->length, -+ (SFTKCipher) AES_Encrypt); -+ AES_DestroyContext(cipherInfo, PR_TRUE); -+ break; ++ case CKM_AES_CBC_ENCRYPT_DATA: ++ aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *) ++ pMechanism->pParameter; ++ cipherInfo = AES_CreateContext((unsigned char *)att->attrib.pValue, ++ aesEncryptPtr->iv, NSS_AES_CBC, ++ PR_TRUE, att->attrib.ulValueLen, 16); ++ if (cipherInfo == NULL) { ++ crv = CKR_HOST_MEMORY; ++ break; ++ } ++ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, ++ aesEncryptPtr->pData, aesEncryptPtr->length, ++ (SFTKCipher)AES_Encrypt); ++ AES_DestroyContext(cipherInfo, PR_TRUE); ++ break; + -+ case CKM_CAMELLIA_ECB_ENCRYPT_DATA: -+ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter; -+ cipherInfo = Camellia_CreateContext( (unsigned char*)att->attrib.pValue, -+ NULL, NSS_CAMELLIA, PR_TRUE,att->attrib.ulValueLen); -+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } -+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, -+ stringPtr->pData, stringPtr->ulLen, -+ (SFTKCipher) Camellia_Encrypt); -+ Camellia_DestroyContext(cipherInfo, PR_TRUE); -+ break; ++ case CKM_CAMELLIA_ECB_ENCRYPT_DATA: ++ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter; ++ cipherInfo = Camellia_CreateContext((unsigned char *)att->attrib.pValue, ++ NULL, NSS_CAMELLIA, PR_TRUE, att->attrib.ulValueLen); ++ if (cipherInfo == NULL) { ++ crv = CKR_HOST_MEMORY; ++ break; ++ } ++ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, ++ stringPtr->pData, stringPtr->ulLen, ++ (SFTKCipher)Camellia_Encrypt); ++ Camellia_DestroyContext(cipherInfo, PR_TRUE); ++ break; + -+ case CKM_CAMELLIA_CBC_ENCRYPT_DATA: -+ aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *) -+ pMechanism->pParameter; -+ cipherInfo = Camellia_CreateContext((unsigned char*)att->attrib.pValue, -+ aesEncryptPtr->iv,NSS_CAMELLIA_CBC, -+ PR_TRUE, att->attrib.ulValueLen); -+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } -+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, -+ aesEncryptPtr->pData, aesEncryptPtr->length, -+ (SFTKCipher) Camellia_Encrypt); -+ Camellia_DestroyContext(cipherInfo, PR_TRUE); -+ break; ++ case CKM_CAMELLIA_CBC_ENCRYPT_DATA: ++ aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *) ++ pMechanism->pParameter; ++ cipherInfo = Camellia_CreateContext((unsigned char *)att->attrib.pValue, ++ aesEncryptPtr->iv, NSS_CAMELLIA_CBC, ++ PR_TRUE, att->attrib.ulValueLen); ++ if (cipherInfo == NULL) { ++ crv = CKR_HOST_MEMORY; ++ break; ++ } ++ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, ++ aesEncryptPtr->pData, aesEncryptPtr->length, ++ (SFTKCipher)Camellia_Encrypt); ++ Camellia_DestroyContext(cipherInfo, PR_TRUE); ++ break; + -+ case CKM_SEED_ECB_ENCRYPT_DATA: -+ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter; -+ cipherInfo = SEED_CreateContext( (unsigned char*)att->attrib.pValue, -+ NULL, NSS_SEED, PR_TRUE); -+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } -+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, -+ stringPtr->pData, stringPtr->ulLen, (SFTKCipher) SEED_Encrypt); -+ SEED_DestroyContext(cipherInfo, PR_TRUE); -+ break; ++ case CKM_SEED_ECB_ENCRYPT_DATA: ++ stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter; ++ cipherInfo = SEED_CreateContext((unsigned char *)att->attrib.pValue, ++ NULL, NSS_SEED, PR_TRUE); ++ if (cipherInfo == NULL) { ++ crv = CKR_HOST_MEMORY; ++ break; ++ } ++ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, ++ stringPtr->pData, stringPtr->ulLen, (SFTKCipher)SEED_Encrypt); ++ SEED_DestroyContext(cipherInfo, PR_TRUE); ++ break; + -+ case CKM_SEED_CBC_ENCRYPT_DATA: -+ aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *) -+ pMechanism->pParameter; -+ cipherInfo = SEED_CreateContext( (unsigned char*)att->attrib.pValue, -+ aesEncryptPtr->iv, NSS_SEED_CBC, PR_TRUE); -+ if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; } -+ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, -+ aesEncryptPtr->pData, aesEncryptPtr->length, -+ (SFTKCipher) SEED_Encrypt); -+ SEED_DestroyContext(cipherInfo, PR_TRUE); -+ break; ++ case CKM_SEED_CBC_ENCRYPT_DATA: ++ aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *) ++ pMechanism->pParameter; ++ cipherInfo = SEED_CreateContext((unsigned char *)att->attrib.pValue, ++ aesEncryptPtr->iv, NSS_SEED_CBC, PR_TRUE); ++ if (cipherInfo == NULL) { ++ crv = CKR_HOST_MEMORY; ++ break; ++ } ++ crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16, ++ aesEncryptPtr->pData, aesEncryptPtr->length, ++ (SFTKCipher)SEED_Encrypt); ++ SEED_DestroyContext(cipherInfo, PR_TRUE); ++ break; + - case CKM_CONCATENATE_BASE_AND_DATA: - crv = sftk_DeriveSensitiveCheck(sourceKey,key); - if (crv != CKR_OK) break; + case CKM_CONCATENATE_BASE_AND_DATA: + crv = sftk_DeriveSensitiveCheck(sourceKey, key); + if (crv != CKR_OK) diff --git a/SOURCES/nss-softokn-3.16-block-sigchld.patch b/SOURCES/nss-softokn-3.16-block-sigchld.patch deleted file mode 100644 index 41b6b8f..0000000 --- a/SOURCES/nss-softokn-3.16-block-sigchld.patch +++ /dev/null @@ -1,109 +0,0 @@ -diff -up ./nss/lib/freebl/shvfy.c.block_sigchld ./nss/lib/freebl/shvfy.c ---- ./nss/lib/freebl/shvfy.c.block_sigchld 2014-10-23 10:38:01.494609227 -0700 -+++ ./nss/lib/freebl/shvfy.c 2014-10-23 10:44:35.395609071 -0700 -@@ -45,8 +45,50 @@ - #include - #include - #include --#include - #include -+#include -+ -+#define __USE_POSIX199309 1 /* need to use posix signal handler */ -+#include -+#include /* must be after signal.h */ -+ -+ -+/* -+ * handler to block our sigchld call to keep from confusing parent apps -+ */ -+static struct sigaction parent_handler; -+static int child_pid = 0; -+ -+static void -+handle_sigchld(int signum, siginfo_t *sinfo, void *utcx) -+{ -+ int status; -+ int save_errno = errno; -+ int ret; -+ -+ if ((signum == SIGCHLD) && (sinfo->si_pid == child_pid)) { -+ waitpid(sinfo->si_pid,&status, 0); -+ errno = save_errno; -+ return; -+ } -+ -+ -+ /* call parent, first set the parents mask */ -+ ret = sigprocmask(SIG_BLOCK, &parent_handler.sa_mask, NULL); -+ errno = save_errno; /* restore previous errno. allow parent to change -+ * errno if it needs to */ -+ if (ret < 0) { -+ return; -+ } -+ /* now call the parent */ -+ if (parent_handler.sa_flags & SA_SIGINFO) { -+ (*parent_handler.sa_sigaction)(signum, sinfo, utcx); -+ } else { -+ (*parent_handler.sa_handler)(signum); -+ } -+ /* libc/kernel should restore our mask as this point, so we don't -+ * need to restore the mask we set above. */ -+} - - /* - * This function returns an NSPR PRFileDesc * which the caller can read to -@@ -72,6 +114,8 @@ bl_OpenUnPrelink(const char *shName, int - pid_t child; - int argc = 0, argNext = 0; - struct stat statBuf; -+ struct sigaction our_handler; -+ sigset_t inMask,outMask; - int pipefd[2] = {-1,-1}; - int ret; - -@@ -155,6 +199,25 @@ bl_OpenUnPrelink(const char *shName, int - goto loser; - } - -+ child_pid = 0; -+ our_handler.sa_flags = SA_SIGINFO; -+ our_handler.sa_sigaction = handle_sigchld; -+ sigemptyset(&our_handler.sa_mask); -+ ret = sigaction(SIGCHLD, &our_handler, &parent_handler); -+ if (ret < 0) { -+ goto loser; -+ } -+ -+ /* don't accept a sigchild until we've set out child pid */ -+ sigemptyset(&inMask); -+ sigemptyset(&outMask); -+ sigaddset(&inMask,SIGCHLD); -+ ret = sigprocmask(SIG_BLOCK, &inMask, &outMask); -+ if (ret < 0) { -+ sigaction(SIGCHLD, &parent_handler, NULL); -+ goto loser; -+ } -+ - /* use vfork() so we don't trigger the pthread_at_fork() handlers */ - child = vfork(); - if (child < 0) goto loser; -@@ -174,6 +237,8 @@ bl_OpenUnPrelink(const char *shName, int - /* avoid at_exit() handlers */ - _exit(1); /* shouldn't reach here except on an error */ - } -+ child_pid = child; -+ sigprocmask(SIG_SETMASK, &outMask, 0); /* child is set,accept signals now */ - close(pipefd[1]); - pipefd[1] = -1; - -@@ -218,6 +283,9 @@ bl_CloseUnPrelink( PRFileDesc *file, int - /* reap the child */ - if (pid) { - waitpid(pid, NULL, 0); -+ /* restore the parent handler */ -+ sigaction(SIGCHLD, &parent_handler, NULL); -+ child_pid = 0; - } - } - #endif diff --git a/SOURCES/nss-softokn-3.16-fips-post.patch b/SOURCES/nss-softokn-3.16-fips-post.patch deleted file mode 100644 index 8b860ab..0000000 --- a/SOURCES/nss-softokn-3.16-fips-post.patch +++ /dev/null @@ -1,5220 +0,0 @@ -diff -up ./nss/cmd/bltest/blapitest.c.fips-post ./nss/cmd/bltest/blapitest.c ---- ./nss/cmd/bltest/blapitest.c.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/cmd/bltest/blapitest.c 2014-09-22 10:04:04.400776655 -0700 -@@ -3615,7 +3615,7 @@ int main(int argc, char **argv) - - /* Do FIPS self-test */ - if (bltest.commands[cmd_FIPS].activated) { -- CK_RV ckrv = sftk_fipsPowerUpSelfTest(); -+ CK_RV ckrv = sftk_FIPSEntryOK(); - fprintf(stdout, "CK_RV: %ld.\n", ckrv); - PORT_Free(cipherInfo); - if (ckrv == CKR_OK) -diff -up ./nss/cmd/shlibsign/Makefile.fips-post ./nss/cmd/shlibsign/Makefile -diff -up ./nss/lib/freebl/blapii.h.fips-post ./nss/lib/freebl/blapii.h ---- ./nss/lib/freebl/blapii.h.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/blapii.h 2014-09-22 10:04:04.401776672 -0700 -@@ -21,6 +21,9 @@ typedef void (*freeblDestroyFunc)(void * - - SEC_BEGIN_PROTOS - -+SECStatus BL_FIPSEntryOK(PRBool freeblOnly); -+PRBool BL_POSTRan(PRBool freeblOnly); -+ - #if defined(XP_UNIX) && !defined(NO_FORK_CHECK) - - extern PRBool bl_parentForkedAfterC_Initialize; -diff -up ./nss/lib/freebl/blname.c.fips-post ./nss/lib/freebl/blname.c ---- ./nss/lib/freebl/blname.c.fips-post 2014-09-22 10:04:04.402776689 -0700 -+++ ./nss/lib/freebl/blname.c 2014-09-22 10:18:14.993028403 -0700 -@@ -0,0 +1,93 @@ -+/* -+ * * blname.c - determine the freebl library name. -+ * * -+ * * This Source Code Form is subject to the terms of the Mozilla Public -+ * * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+static const char* default_name = -+ SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX; -+ -+/* getLibName() returns the name of the library to load. */ -+ -+#if defined(SOLARIS) && defined(__sparc) -+#include -+#include -+#include -+ -+ -+#if defined(NSS_USE_64) -+ -+const static char fpu_hybrid_shared_lib[] = "libfreebl_64fpu_3.so"; -+const static char int_hybrid_shared_lib[] = "libfreebl_64int_3.so"; -+const static char non_hybrid_shared_lib[] = "libfreebl_64fpu_3.so"; -+ -+const static char int_hybrid_isa[] = "sparcv9"; -+const static char fpu_hybrid_isa[] = "sparcv9+vis"; -+ -+#else -+ -+const static char fpu_hybrid_shared_lib[] = "libfreebl_32fpu_3.so"; -+const static char int_hybrid_shared_lib[] = "libfreebl_32int64_3.so"; -+/* This was for SPARC V8, now obsolete. */ -+const static char *const non_hybrid_shared_lib = NULL; -+ -+const static char int_hybrid_isa[] = "sparcv8plus"; -+const static char fpu_hybrid_isa[] = "sparcv8plus+vis"; -+ -+#endif -+ -+static const char * -+getLibName(void) -+{ -+ char * found_int_hybrid; -+ char * found_fpu_hybrid; -+ long buflen; -+ char buf[256]; -+ -+ buflen = sysinfo(SI_ISALIST, buf, sizeof buf); -+ if (buflen <= 0) -+ return NULL; -+ /* sysinfo output is always supposed to be NUL terminated, but ... */ -+ if (buflen < sizeof buf) -+ buf[buflen] = '\0'; -+ else -+ buf[(sizeof buf) - 1] = '\0'; -+ /* The ISA list is a space separated string of names of ISAs and -+ * ISA extensions, in order of decreasing performance. -+ * There are two different ISAs with which NSS's crypto code can be -+ * accelerated. If both are in the list, we take the first one. -+ * If one is in the list, we use it, and if neither then we use -+ * the base unaccelerated code. -+ */ -+ found_int_hybrid = strstr(buf, int_hybrid_isa); -+ found_fpu_hybrid = strstr(buf, fpu_hybrid_isa); -+ if (found_fpu_hybrid && -+ (!found_int_hybrid || -+ (found_int_hybrid - found_fpu_hybrid) >= 0)) { -+ return fpu_hybrid_shared_lib; -+ } -+ if (found_int_hybrid) { -+ return int_hybrid_shared_lib; -+ } -+ return non_hybrid_shared_lib; -+} -+ -+#elif defined(HPUX) && !defined(NSS_USE_64) && !defined(__ia64) -+#include -+ -+/* This code tests to see if we're running on a PA2.x CPU. -+** It returns true (1) if so, and false (0) otherwise. -+*/ -+static const char * -+getLibName(void) -+{ -+ long cpu = sysconf(_SC_CPU_VERSION); -+ return (cpu == CPU_PA_RISC2_0) -+ ? "libfreebl_32fpu_3.sl" -+ : "libfreebl_32int_3.sl" ; -+} -+#else -+/* default case, for platforms/ABIs that have only one freebl shared lib. */ -+static const char * getLibName(void) { return default_name; } -+#endif -diff -up ./nss/lib/freebl/fipsfreebl.c.fips-post ./nss/lib/freebl/fipsfreebl.c ---- ./nss/lib/freebl/fipsfreebl.c.fips-post 2014-09-22 10:04:04.404776722 -0700 -+++ ./nss/lib/freebl/fipsfreebl.c 2014-09-22 10:04:04.404776722 -0700 -@@ -0,0 +1,2246 @@ -+/* -+ * PKCS #11 FIPS Power-Up Self Test. -+ * -+ * This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+/* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */ -+ -+#ifdef FREEBL_NO_DEPEND -+#include "stubs.h" -+#endif -+ -+#include "blapi.h" -+#include "seccomon.h" /* Required for RSA and DSA. */ -+#include "secerr.h" -+#include "prtypes.h" -+ -+#ifdef NSS_ENABLE_ECC -+#include "ec.h" /* Required for ECDSA */ -+#endif -+ -+/* -+ * different platforms have different ways of calling and initial entry point -+ * when the dll/.so is loaded. Most platforms support either a posix pragma -+ * or the GCC attribute. Some platforms suppor a pre-defined name, and some -+ * platforms have a link line way of invoking this function. -+ */ -+ -+/* The pragma */ -+#if defined(USE_INIT_PRAGMA) -+#pragma init(bl_startup_tests) -+#endif -+ -+ -+/* GCC Attribute */ -+#ifdef __GNUC__ -+#define INIT_FUNCTION __attribute__((constructor)) -+#else -+#define INIT_FUNCTION -+#endif -+ -+static void INIT_FUNCTION bl_startup_tests(void); -+ -+ -+/* Windows pre-defined entry */ -+#ifdef XP_WIN -+#include -+#include -+ -+BOOL WINAPI DllMain( -+ HINSTANCE hinstDLL, // handle to DLL module -+ DWORD fdwReason, // reason for calling function -+ LPVOID lpReserved ) // reserved -+{ -+ // Perform actions based on the reason for calling. -+ switch( fdwReason ) -+ { -+ case DLL_PROCESS_ATTACH: -+ // Initialize once for each new process. -+ // Return FALSE to fail DLL load. -+ bl_startup_tests(); -+ break; -+ -+ case DLL_THREAD_ATTACH: -+ // Do thread-specific initialization. -+ break; -+ -+ case DLL_THREAD_DETACH: -+ // Do thread-specific cleanup. -+ break; -+ -+ case DLL_PROCESS_DETACH: -+ // Perform any necessary cleanup. -+ break; -+ } -+ return TRUE; // Successful DLL_PROCESS_ATTACH. -+} -+#endif -+ -+/* insert other platform dependent init entry points here, or modify -+ * the linker line */ -+ -+ -+/* FIPS preprocessor directives for RC2-ECB and RC2-CBC. */ -+#define FIPS_RC2_KEY_LENGTH 5 /* 40-bits */ -+#define FIPS_RC2_ENCRYPT_LENGTH 8 /* 64-bits */ -+#define FIPS_RC2_DECRYPT_LENGTH 8 /* 64-bits */ -+ -+ -+/* FIPS preprocessor directives for RC4. */ -+#define FIPS_RC4_KEY_LENGTH 5 /* 40-bits */ -+#define FIPS_RC4_ENCRYPT_LENGTH 8 /* 64-bits */ -+#define FIPS_RC4_DECRYPT_LENGTH 8 /* 64-bits */ -+ -+ -+/* FIPS preprocessor directives for DES-ECB and DES-CBC. */ -+#define FIPS_DES_ENCRYPT_LENGTH 8 /* 64-bits */ -+#define FIPS_DES_DECRYPT_LENGTH 8 /* 64-bits */ -+ -+ -+/* FIPS preprocessor directives for DES3-CBC and DES3-ECB. */ -+#define FIPS_DES3_ENCRYPT_LENGTH 8 /* 64-bits */ -+#define FIPS_DES3_DECRYPT_LENGTH 8 /* 64-bits */ -+ -+ -+/* FIPS preprocessor directives for AES-ECB and AES-CBC. */ -+#define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */ -+#define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */ -+#define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */ -+#define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */ -+#define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */ -+#define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */ -+ -+ -+/* FIPS preprocessor directives for message digests */ -+#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */ -+ -+ -+/* FIPS preprocessor directives for RSA. */ -+#define FIPS_RSA_TYPE siBuffer -+#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */ -+#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */ -+#define FIPS_RSA_MESSAGE_LENGTH 256 /* 2048-bits */ -+#define FIPS_RSA_COEFFICIENT_LENGTH 128 /* 1024-bits */ -+#define FIPS_RSA_PRIME0_LENGTH 128 /* 1024-bits */ -+#define FIPS_RSA_PRIME1_LENGTH 128 /* 1024-bits */ -+#define FIPS_RSA_EXPONENT0_LENGTH 128 /* 1024-bits */ -+#define FIPS_RSA_EXPONENT1_LENGTH 128 /* 1024-bits */ -+#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */ -+#define FIPS_RSA_ENCRYPT_LENGTH 256 /* 2048-bits */ -+#define FIPS_RSA_DECRYPT_LENGTH 256 /* 2048-bits */ -+#define FIPS_RSA_SIGNATURE_LENGTH 256 /* 2048-bits */ -+#define FIPS_RSA_MODULUS_LENGTH 256 /* 2048-bits */ -+ -+ -+/* FIPS preprocessor directives for DSA. */ -+#define FIPS_DSA_TYPE siBuffer -+#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */ -+#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */ -+#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */ -+#define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */ -+#define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */ -+ -+/* FIPS preprocessor directives for RNG. */ -+#define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */ -+ -+static SECStatus -+freebl_fips_RC2_PowerUpSelfTest( void ) -+{ -+ /* RC2 Known Key (40-bits). */ -+ static const PRUint8 rc2_known_key[] = { "RSARC" }; -+ -+ /* RC2-CBC Known Initialization Vector (64-bits). */ -+ static const PRUint8 rc2_cbc_known_initialization_vector[] = {"Security"}; -+ -+ /* RC2 Known Plaintext (64-bits). */ -+ static const PRUint8 rc2_ecb_known_plaintext[] = {"Netscape"}; -+ static const PRUint8 rc2_cbc_known_plaintext[] = {"Netscape"}; -+ -+ /* RC2 Known Ciphertext (64-bits). */ -+ static const PRUint8 rc2_ecb_known_ciphertext[] = { -+ 0x1a,0x71,0x33,0x54,0x8d,0x5c,0xd2,0x30}; -+ static const PRUint8 rc2_cbc_known_ciphertext[] = { -+ 0xff,0x41,0xdb,0x94,0x8a,0x4c,0x33,0xb3}; -+ -+ /* RC2 variables. */ -+ PRUint8 rc2_computed_ciphertext[FIPS_RC2_ENCRYPT_LENGTH]; -+ PRUint8 rc2_computed_plaintext[FIPS_RC2_DECRYPT_LENGTH]; -+ RC2Context * rc2_context; -+ unsigned int rc2_bytes_encrypted; -+ unsigned int rc2_bytes_decrypted; -+ SECStatus rc2_status; -+ -+ -+ /******************************************************/ -+ /* RC2-ECB Single-Round Known Answer Encryption Test: */ -+ /******************************************************/ -+ -+ rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -+ NULL, NSS_RC2, -+ FIPS_RC2_KEY_LENGTH ); -+ -+ if( rc2_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext, -+ &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH, -+ rc2_ecb_known_plaintext, -+ FIPS_RC2_DECRYPT_LENGTH ); -+ -+ RC2_DestroyContext( rc2_context, PR_TRUE ); -+ -+ if( ( rc2_status != SECSuccess ) || -+ ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) || -+ ( PORT_Memcmp( rc2_computed_ciphertext, rc2_ecb_known_ciphertext, -+ FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /******************************************************/ -+ /* RC2-ECB Single-Round Known Answer Decryption Test: */ -+ /******************************************************/ -+ -+ rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -+ NULL, NSS_RC2, -+ FIPS_RC2_KEY_LENGTH ); -+ -+ if( rc2_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext, -+ &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH, -+ rc2_ecb_known_ciphertext, -+ FIPS_RC2_ENCRYPT_LENGTH ); -+ -+ RC2_DestroyContext( rc2_context, PR_TRUE ); -+ -+ if( ( rc2_status != SECSuccess ) || -+ ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) || -+ ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext, -+ FIPS_RC2_DECRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /******************************************************/ -+ /* RC2-CBC Single-Round Known Answer Encryption Test: */ -+ /******************************************************/ -+ -+ rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -+ rc2_cbc_known_initialization_vector, -+ NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH ); -+ -+ if( rc2_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext, -+ &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH, -+ rc2_cbc_known_plaintext, -+ FIPS_RC2_DECRYPT_LENGTH ); -+ -+ RC2_DestroyContext( rc2_context, PR_TRUE ); -+ -+ if( ( rc2_status != SECSuccess ) || -+ ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) || -+ ( PORT_Memcmp( rc2_computed_ciphertext, rc2_cbc_known_ciphertext, -+ FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /******************************************************/ -+ /* RC2-CBC Single-Round Known Answer Decryption Test: */ -+ /******************************************************/ -+ -+ rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -+ rc2_cbc_known_initialization_vector, -+ NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH ); -+ -+ if( rc2_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext, -+ &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH, -+ rc2_cbc_known_ciphertext, -+ FIPS_RC2_ENCRYPT_LENGTH ); -+ -+ RC2_DestroyContext( rc2_context, PR_TRUE ); -+ -+ if( ( rc2_status != SECSuccess ) || -+ ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) || -+ ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext, -+ FIPS_RC2_DECRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ return( SECSuccess ); -+} -+ -+ -+static SECStatus -+freebl_fips_RC4_PowerUpSelfTest( void ) -+{ -+ /* RC4 Known Key (40-bits). */ -+ static const PRUint8 rc4_known_key[] = { "RSARC" }; -+ -+ /* RC4 Known Plaintext (64-bits). */ -+ static const PRUint8 rc4_known_plaintext[] = { "Netscape" }; -+ -+ /* RC4 Known Ciphertext (64-bits). */ -+ static const PRUint8 rc4_known_ciphertext[] = { -+ 0x29,0x33,0xc7,0x9a,0x9d,0x6c,0x09,0xdd}; -+ -+ /* RC4 variables. */ -+ PRUint8 rc4_computed_ciphertext[FIPS_RC4_ENCRYPT_LENGTH]; -+ PRUint8 rc4_computed_plaintext[FIPS_RC4_DECRYPT_LENGTH]; -+ RC4Context * rc4_context; -+ unsigned int rc4_bytes_encrypted; -+ unsigned int rc4_bytes_decrypted; -+ SECStatus rc4_status; -+ -+ -+ /**************************************************/ -+ /* RC4 Single-Round Known Answer Encryption Test: */ -+ /**************************************************/ -+ -+ rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH ); -+ -+ if( rc4_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ rc4_status = RC4_Encrypt( rc4_context, rc4_computed_ciphertext, -+ &rc4_bytes_encrypted, FIPS_RC4_ENCRYPT_LENGTH, -+ rc4_known_plaintext, FIPS_RC4_DECRYPT_LENGTH ); -+ -+ RC4_DestroyContext( rc4_context, PR_TRUE ); -+ -+ if( ( rc4_status != SECSuccess ) || -+ ( rc4_bytes_encrypted != FIPS_RC4_ENCRYPT_LENGTH ) || -+ ( PORT_Memcmp( rc4_computed_ciphertext, rc4_known_ciphertext, -+ FIPS_RC4_ENCRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /**************************************************/ -+ /* RC4 Single-Round Known Answer Decryption Test: */ -+ /**************************************************/ -+ -+ rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH ); -+ -+ if( rc4_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ rc4_status = RC4_Decrypt( rc4_context, rc4_computed_plaintext, -+ &rc4_bytes_decrypted, FIPS_RC4_DECRYPT_LENGTH, -+ rc4_known_ciphertext, FIPS_RC4_ENCRYPT_LENGTH ); -+ -+ RC4_DestroyContext( rc4_context, PR_TRUE ); -+ -+ if( ( rc4_status != SECSuccess ) || -+ ( rc4_bytes_decrypted != FIPS_RC4_DECRYPT_LENGTH ) || -+ ( PORT_Memcmp( rc4_computed_plaintext, rc4_known_plaintext, -+ FIPS_RC4_DECRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ return( SECSuccess ); -+} -+ -+ -+static SECStatus -+freebl_fips_DES_PowerUpSelfTest( void ) -+{ -+ /* DES Known Key (56-bits). */ -+ static const PRUint8 des_known_key[] = { "ANSI DES" }; -+ -+ /* DES-CBC Known Initialization Vector (64-bits). */ -+ static const PRUint8 des_cbc_known_initialization_vector[] = { "Security" }; -+ -+ /* DES Known Plaintext (64-bits). */ -+ static const PRUint8 des_ecb_known_plaintext[] = { "Netscape" }; -+ static const PRUint8 des_cbc_known_plaintext[] = { "Netscape" }; -+ -+ /* DES Known Ciphertext (64-bits). */ -+ static const PRUint8 des_ecb_known_ciphertext[] = { -+ 0x26,0x14,0xe9,0xc3,0x28,0x80,0x50,0xb0}; -+ static const PRUint8 des_cbc_known_ciphertext[] = { -+ 0x5e,0x95,0x94,0x5d,0x76,0xa2,0xd3,0x7d}; -+ -+ /* DES variables. */ -+ PRUint8 des_computed_ciphertext[FIPS_DES_ENCRYPT_LENGTH]; -+ PRUint8 des_computed_plaintext[FIPS_DES_DECRYPT_LENGTH]; -+ DESContext * des_context; -+ unsigned int des_bytes_encrypted; -+ unsigned int des_bytes_decrypted; -+ SECStatus des_status; -+ -+ -+ /******************************************************/ -+ /* DES-ECB Single-Round Known Answer Encryption Test: */ -+ /******************************************************/ -+ -+ des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_TRUE ); -+ -+ if( des_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ des_status = DES_Encrypt( des_context, des_computed_ciphertext, -+ &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH, -+ des_ecb_known_plaintext, -+ FIPS_DES_DECRYPT_LENGTH ); -+ -+ DES_DestroyContext( des_context, PR_TRUE ); -+ -+ if( ( des_status != SECSuccess ) || -+ ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) || -+ ( PORT_Memcmp( des_computed_ciphertext, des_ecb_known_ciphertext, -+ FIPS_DES_ENCRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /******************************************************/ -+ /* DES-ECB Single-Round Known Answer Decryption Test: */ -+ /******************************************************/ -+ -+ des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_FALSE ); -+ -+ if( des_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ des_status = DES_Decrypt( des_context, des_computed_plaintext, -+ &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH, -+ des_ecb_known_ciphertext, -+ FIPS_DES_ENCRYPT_LENGTH ); -+ -+ DES_DestroyContext( des_context, PR_TRUE ); -+ -+ if( ( des_status != SECSuccess ) || -+ ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) || -+ ( PORT_Memcmp( des_computed_plaintext, des_ecb_known_plaintext, -+ FIPS_DES_DECRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /******************************************************/ -+ /* DES-CBC Single-Round Known Answer Encryption Test. */ -+ /******************************************************/ -+ -+ des_context = DES_CreateContext( des_known_key, -+ des_cbc_known_initialization_vector, -+ NSS_DES_CBC, PR_TRUE ); -+ -+ if( des_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ des_status = DES_Encrypt( des_context, des_computed_ciphertext, -+ &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH, -+ des_cbc_known_plaintext, -+ FIPS_DES_DECRYPT_LENGTH ); -+ -+ DES_DestroyContext( des_context, PR_TRUE ); -+ -+ if( ( des_status != SECSuccess ) || -+ ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) || -+ ( PORT_Memcmp( des_computed_ciphertext, des_cbc_known_ciphertext, -+ FIPS_DES_ENCRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /******************************************************/ -+ /* DES-CBC Single-Round Known Answer Decryption Test. */ -+ /******************************************************/ -+ -+ des_context = DES_CreateContext( des_known_key, -+ des_cbc_known_initialization_vector, -+ NSS_DES_CBC, PR_FALSE ); -+ -+ if( des_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ des_status = DES_Decrypt( des_context, des_computed_plaintext, -+ &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH, -+ des_cbc_known_ciphertext, -+ FIPS_DES_ENCRYPT_LENGTH ); -+ -+ DES_DestroyContext( des_context, PR_TRUE ); -+ -+ if( ( des_status != SECSuccess ) || -+ ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) || -+ ( PORT_Memcmp( des_computed_plaintext, des_cbc_known_plaintext, -+ FIPS_DES_DECRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ return( SECSuccess ); -+} -+ -+ -+static SECStatus -+freebl_fips_DES3_PowerUpSelfTest( void ) -+{ -+ /* DES3 Known Key (56-bits). */ -+ static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" }; -+ -+ /* DES3-CBC Known Initialization Vector (64-bits). */ -+ static const PRUint8 des3_cbc_known_initialization_vector[] = { "Security" }; -+ -+ /* DES3 Known Plaintext (64-bits). */ -+ static const PRUint8 des3_ecb_known_plaintext[] = { "Netscape" }; -+ static const PRUint8 des3_cbc_known_plaintext[] = { "Netscape" }; -+ -+ /* DES3 Known Ciphertext (64-bits). */ -+ static const PRUint8 des3_ecb_known_ciphertext[] = { -+ 0x55,0x8e,0xad,0x3c,0xee,0x49,0x69,0xbe}; -+ static const PRUint8 des3_cbc_known_ciphertext[] = { -+ 0x43,0xdc,0x6a,0xc1,0xaf,0xa6,0x32,0xf5}; -+ -+ /* DES3 variables. */ -+ PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH]; -+ PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH]; -+ DESContext * des3_context; -+ unsigned int des3_bytes_encrypted; -+ unsigned int des3_bytes_decrypted; -+ SECStatus des3_status; -+ -+ -+ /*******************************************************/ -+ /* DES3-ECB Single-Round Known Answer Encryption Test. */ -+ /*******************************************************/ -+ -+ des3_context = DES_CreateContext( des3_known_key, NULL, -+ NSS_DES_EDE3, PR_TRUE ); -+ -+ if( des3_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext, -+ &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH, -+ des3_ecb_known_plaintext, -+ FIPS_DES3_DECRYPT_LENGTH ); -+ -+ DES_DestroyContext( des3_context, PR_TRUE ); -+ -+ if( ( des3_status != SECSuccess ) || -+ ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) || -+ ( PORT_Memcmp( des3_computed_ciphertext, des3_ecb_known_ciphertext, -+ FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /*******************************************************/ -+ /* DES3-ECB Single-Round Known Answer Decryption Test. */ -+ /*******************************************************/ -+ -+ des3_context = DES_CreateContext( des3_known_key, NULL, -+ NSS_DES_EDE3, PR_FALSE ); -+ -+ if( des3_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ des3_status = DES_Decrypt( des3_context, des3_computed_plaintext, -+ &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH, -+ des3_ecb_known_ciphertext, -+ FIPS_DES3_ENCRYPT_LENGTH ); -+ -+ DES_DestroyContext( des3_context, PR_TRUE ); -+ -+ if( ( des3_status != SECSuccess ) || -+ ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) || -+ ( PORT_Memcmp( des3_computed_plaintext, des3_ecb_known_plaintext, -+ FIPS_DES3_DECRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /*******************************************************/ -+ /* DES3-CBC Single-Round Known Answer Encryption Test. */ -+ /*******************************************************/ -+ -+ des3_context = DES_CreateContext( des3_known_key, -+ des3_cbc_known_initialization_vector, -+ NSS_DES_EDE3_CBC, PR_TRUE ); -+ -+ if( des3_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext, -+ &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH, -+ des3_cbc_known_plaintext, -+ FIPS_DES3_DECRYPT_LENGTH ); -+ -+ DES_DestroyContext( des3_context, PR_TRUE ); -+ -+ if( ( des3_status != SECSuccess ) || -+ ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) || -+ ( PORT_Memcmp( des3_computed_ciphertext, des3_cbc_known_ciphertext, -+ FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /*******************************************************/ -+ /* DES3-CBC Single-Round Known Answer Decryption Test. */ -+ /*******************************************************/ -+ -+ des3_context = DES_CreateContext( des3_known_key, -+ des3_cbc_known_initialization_vector, -+ NSS_DES_EDE3_CBC, PR_FALSE ); -+ -+ if( des3_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ des3_status = DES_Decrypt( des3_context, des3_computed_plaintext, -+ &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH, -+ des3_cbc_known_ciphertext, -+ FIPS_DES3_ENCRYPT_LENGTH ); -+ -+ DES_DestroyContext( des3_context, PR_TRUE ); -+ -+ if( ( des3_status != SECSuccess ) || -+ ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) || -+ ( PORT_Memcmp( des3_computed_plaintext, des3_cbc_known_plaintext, -+ FIPS_DES3_DECRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ return( SECSuccess ); -+} -+ -+ -+/* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/ -+static SECStatus -+freebl_fips_AES_PowerUpSelfTest( int aes_key_size ) -+{ -+ /* AES Known Key (up to 256-bits). */ -+ static const PRUint8 aes_known_key[] = -+ { "AES-128 RIJNDAELLEADNJIR 821-SEA" }; -+ -+ /* AES-CBC Known Initialization Vector (128-bits). */ -+ static const PRUint8 aes_cbc_known_initialization_vector[] = -+ { "SecurityytiruceS" }; -+ -+ /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */ -+ static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" }; -+ -+ /* AES Known Ciphertext (128-bit key). */ -+ static const PRUint8 aes_ecb128_known_ciphertext[] = { -+ 0x3c,0xa5,0x96,0xf3,0x34,0x6a,0x96,0xc1, -+ 0x03,0x88,0x16,0x7b,0x20,0xbf,0x35,0x47 }; -+ -+ static const PRUint8 aes_cbc128_known_ciphertext[] = { -+ 0xcf,0x15,0x1d,0x4f,0x96,0xe4,0x4f,0x63, -+ 0x15,0x54,0x14,0x1d,0x4e,0xd8,0xd5,0xea }; -+ -+ /* AES Known Ciphertext (192-bit key). */ -+ static const PRUint8 aes_ecb192_known_ciphertext[] = { -+ 0xa0,0x18,0x62,0xed,0x88,0x19,0xcb,0x62, -+ 0x88,0x1d,0x4d,0xfe,0x84,0x02,0x89,0x0e }; -+ -+ static const PRUint8 aes_cbc192_known_ciphertext[] = { -+ 0x83,0xf7,0xa4,0x76,0xd1,0x6f,0x07,0xbe, -+ 0x07,0xbc,0x43,0x2f,0x6d,0xad,0x29,0xe1 }; -+ -+ /* AES Known Ciphertext (256-bit key). */ -+ static const PRUint8 aes_ecb256_known_ciphertext[] = { -+ 0xdb,0xa6,0x52,0x01,0x8a,0x70,0xae,0x66, -+ 0x3a,0x99,0xd8,0x95,0x7f,0xfb,0x01,0x67 }; -+ -+ static const PRUint8 aes_cbc256_known_ciphertext[] = { -+ 0x37,0xea,0x07,0x06,0x31,0x1c,0x59,0x27, -+ 0xc5,0xc5,0x68,0x71,0x6e,0x34,0x40,0x16 }; -+ -+ const PRUint8 *aes_ecb_known_ciphertext = -+ ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : -+ ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext : -+ aes_ecb256_known_ciphertext; -+ -+ const PRUint8 *aes_cbc_known_ciphertext = -+ ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext : -+ ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext : -+ aes_cbc256_known_ciphertext; -+ -+ /* AES variables. */ -+ PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH]; -+ PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH]; -+ AESContext * aes_context; -+ unsigned int aes_bytes_encrypted; -+ unsigned int aes_bytes_decrypted; -+ SECStatus aes_status; -+ -+ /*check if aes_key_size is 128, 192, or 256 bits */ -+ if ((aes_key_size != FIPS_AES_128_KEY_SIZE) && -+ (aes_key_size != FIPS_AES_192_KEY_SIZE) && -+ (aes_key_size != FIPS_AES_256_KEY_SIZE)) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ /******************************************************/ -+ /* AES-ECB Single-Round Known Answer Encryption Test: */ -+ /******************************************************/ -+ -+ aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_TRUE, -+ aes_key_size, FIPS_AES_BLOCK_SIZE ); -+ -+ if( aes_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext, -+ &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH, -+ aes_known_plaintext, -+ FIPS_AES_DECRYPT_LENGTH ); -+ -+ AES_DestroyContext( aes_context, PR_TRUE ); -+ -+ if( ( aes_status != SECSuccess ) || -+ ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) || -+ ( PORT_Memcmp( aes_computed_ciphertext, aes_ecb_known_ciphertext, -+ FIPS_AES_ENCRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /******************************************************/ -+ /* AES-ECB Single-Round Known Answer Decryption Test: */ -+ /******************************************************/ -+ -+ aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_FALSE, -+ aes_key_size, FIPS_AES_BLOCK_SIZE ); -+ -+ if( aes_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ aes_status = AES_Decrypt( aes_context, aes_computed_plaintext, -+ &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH, -+ aes_ecb_known_ciphertext, -+ FIPS_AES_ENCRYPT_LENGTH ); -+ -+ AES_DestroyContext( aes_context, PR_TRUE ); -+ -+ if( ( aes_status != SECSuccess ) || -+ ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) || -+ ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext, -+ FIPS_AES_DECRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /******************************************************/ -+ /* AES-CBC Single-Round Known Answer Encryption Test. */ -+ /******************************************************/ -+ -+ aes_context = AES_CreateContext( aes_known_key, -+ aes_cbc_known_initialization_vector, -+ NSS_AES_CBC, PR_TRUE, aes_key_size, -+ FIPS_AES_BLOCK_SIZE ); -+ -+ if( aes_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext, -+ &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH, -+ aes_known_plaintext, -+ FIPS_AES_DECRYPT_LENGTH ); -+ -+ AES_DestroyContext( aes_context, PR_TRUE ); -+ -+ if( ( aes_status != SECSuccess ) || -+ ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) || -+ ( PORT_Memcmp( aes_computed_ciphertext, aes_cbc_known_ciphertext, -+ FIPS_AES_ENCRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ -+ /******************************************************/ -+ /* AES-CBC Single-Round Known Answer Decryption Test. */ -+ /******************************************************/ -+ -+ aes_context = AES_CreateContext( aes_known_key, -+ aes_cbc_known_initialization_vector, -+ NSS_AES_CBC, PR_FALSE, aes_key_size, -+ FIPS_AES_BLOCK_SIZE ); -+ -+ if( aes_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ aes_status = AES_Decrypt( aes_context, aes_computed_plaintext, -+ &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH, -+ aes_cbc_known_ciphertext, -+ FIPS_AES_ENCRYPT_LENGTH ); -+ -+ AES_DestroyContext( aes_context, PR_TRUE ); -+ -+ if( ( aes_status != SECSuccess ) || -+ ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) || -+ ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext, -+ FIPS_AES_DECRYPT_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ return( SECSuccess ); -+} -+ -+/* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */ -+static const PRUint8 known_hash_message[] = { -+ "The test message for the MD2, MD5, and SHA-1 hashing algorithms." }; -+ -+ -+static SECStatus -+freebl_fips_MD2_PowerUpSelfTest( void ) -+{ -+ /* MD2 Known Digest Message (128-bits). */ -+ static const PRUint8 md2_known_digest[] = { -+ 0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17, -+ 0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b}; -+ -+ /* MD2 variables. */ -+ MD2Context * md2_context; -+ unsigned int md2_bytes_hashed; -+ PRUint8 md2_computed_digest[MD2_LENGTH]; -+ -+ -+ /***********************************************/ -+ /* MD2 Single-Round Known Answer Hashing Test. */ -+ /***********************************************/ -+ -+ md2_context = MD2_NewContext(); -+ -+ if( md2_context == NULL ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ MD2_Begin( md2_context ); -+ -+ MD2_Update( md2_context, known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -+ -+ MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH ); -+ -+ MD2_DestroyContext( md2_context , PR_TRUE ); -+ -+ if( ( md2_bytes_hashed != MD2_LENGTH ) || -+ ( PORT_Memcmp( md2_computed_digest, md2_known_digest, -+ MD2_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ return( SECSuccess ); -+} -+ -+ -+static SECStatus -+freebl_fips_MD5_PowerUpSelfTest( void ) -+{ -+ /* MD5 Known Digest Message (128-bits). */ -+ static const PRUint8 md5_known_digest[] = { -+ 0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28, -+ 0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d}; -+ -+ /* MD5 variables. */ -+ PRUint8 md5_computed_digest[MD5_LENGTH]; -+ SECStatus md5_status; -+ -+ -+ /***********************************************/ -+ /* MD5 Single-Round Known Answer Hashing Test. */ -+ /***********************************************/ -+ -+ md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -+ -+ if( ( md5_status != SECSuccess ) || -+ ( PORT_Memcmp( md5_computed_digest, md5_known_digest, -+ MD5_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ return( SECSuccess ); -+} -+ -+/****************************************************/ -+/* Single Round HMAC SHA-X test */ -+/****************************************************/ -+static SECStatus -+freebl_fips_HMAC(unsigned char *hmac_computed, -+ const PRUint8 *secret_key, -+ unsigned int secret_key_length, -+ const PRUint8 *message, -+ unsigned int message_length, -+ HASH_HashType hashAlg ) -+{ -+ SECStatus hmac_status = SECFailure; -+ HMACContext *cx = NULL; -+ SECHashObject *hashObj = NULL; -+ unsigned int bytes_hashed = 0; -+ -+ hashObj = (SECHashObject *) HASH_GetRawHashObject(hashAlg); -+ -+ if (!hashObj) -+ return( SECFailure ); -+ -+ cx = HMAC_Create(hashObj, secret_key, -+ secret_key_length, -+ PR_TRUE); /* PR_TRUE for in FIPS mode */ -+ -+ if (cx == NULL) -+ return( SECFailure ); -+ -+ HMAC_Begin(cx); -+ HMAC_Update(cx, message, message_length); -+ hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed, -+ hashObj->length); -+ -+ HMAC_Destroy(cx, PR_TRUE); -+ -+ return( hmac_status ); -+} -+ -+static SECStatus -+freebl_fips_HMAC_PowerUpSelfTest( void ) -+{ -+ static const PRUint8 HMAC_known_secret_key[] = { -+ "Firefox and ThunderBird are awesome!"}; -+ -+ static const PRUint8 HMAC_known_secret_key_length -+ = sizeof HMAC_known_secret_key; -+ -+ /* known SHA1 hmac (20 bytes) */ -+ static const PRUint8 known_SHA1_hmac[] = { -+ 0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05, -+ 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e, -+ 0x5d, 0x0e, 0x1e, 0x11}; -+ -+ /* known SHA224 hmac (28 bytes) */ -+ static const PRUint8 known_SHA224_hmac[] = { -+ 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb, -+ 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8, -+ 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64, -+ 0x9a, 0xb8, 0x98, 0x4e}; -+ -+ /* known SHA256 hmac (32 bytes) */ -+ static const PRUint8 known_SHA256_hmac[] = { -+ 0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44, -+ 0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0, -+ 0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9, -+ 0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48}; -+ -+ /* known SHA384 hmac (48 bytes) */ -+ static const PRUint8 known_SHA384_hmac[] = { -+ 0xcd, 0x56, 0x14, 0xec, 0x05, 0x53, 0x06, 0x2b, -+ 0x7e, 0x9c, 0x8a, 0x18, 0x5e, 0xea, 0xf3, 0x91, -+ 0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b, -+ 0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d, -+ 0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa, -+ 0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87}; -+ -+ /* known SHA512 hmac (64 bytes) */ -+ static const PRUint8 known_SHA512_hmac[] = { -+ 0xf6, 0x0e, 0x97, 0x12, 0x00, 0x67, 0x6e, 0xb9, -+ 0x0c, 0xb2, 0x63, 0xf0, 0x60, 0xac, 0x75, 0x62, -+ 0x70, 0x95, 0x2a, 0x52, 0x22, 0xee, 0xdd, 0xd2, -+ 0x71, 0xb1, 0xe8, 0x26, 0x33, 0xd3, 0x13, 0x27, -+ 0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb, -+ 0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1, -+ 0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4, -+ 0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37}; -+ -+ SECStatus hmac_status; -+ PRUint8 hmac_computed[HASH_LENGTH_MAX]; -+ -+ /***************************************************/ -+ /* HMAC SHA-1 Single-Round Known Answer HMAC Test. */ -+ /***************************************************/ -+ -+ hmac_status = freebl_fips_HMAC(hmac_computed, -+ HMAC_known_secret_key, -+ HMAC_known_secret_key_length, -+ known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH, -+ HASH_AlgSHA1); -+ -+ if( ( hmac_status != SECSuccess ) || -+ ( PORT_Memcmp( hmac_computed, known_SHA1_hmac, -+ SHA1_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ /***************************************************/ -+ /* HMAC SHA-224 Single-Round Known Answer Test. */ -+ /***************************************************/ -+ -+ hmac_status = freebl_fips_HMAC(hmac_computed, -+ HMAC_known_secret_key, -+ HMAC_known_secret_key_length, -+ known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH, -+ HASH_AlgSHA224); -+ -+ if( ( hmac_status != SECSuccess ) || -+ ( PORT_Memcmp( hmac_computed, known_SHA224_hmac, -+ SHA224_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ /***************************************************/ -+ /* HMAC SHA-256 Single-Round Known Answer Test. */ -+ /***************************************************/ -+ -+ hmac_status = freebl_fips_HMAC(hmac_computed, -+ HMAC_known_secret_key, -+ HMAC_known_secret_key_length, -+ known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH, -+ HASH_AlgSHA256); -+ -+ if( ( hmac_status != SECSuccess ) || -+ ( PORT_Memcmp( hmac_computed, known_SHA256_hmac, -+ SHA256_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ /***************************************************/ -+ /* HMAC SHA-384 Single-Round Known Answer Test. */ -+ /***************************************************/ -+ -+ hmac_status = freebl_fips_HMAC(hmac_computed, -+ HMAC_known_secret_key, -+ HMAC_known_secret_key_length, -+ known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH, -+ HASH_AlgSHA384); -+ -+ if( ( hmac_status != SECSuccess ) || -+ ( PORT_Memcmp( hmac_computed, known_SHA384_hmac, -+ SHA384_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ /***************************************************/ -+ /* HMAC SHA-512 Single-Round Known Answer Test. */ -+ /***************************************************/ -+ -+ hmac_status = freebl_fips_HMAC(hmac_computed, -+ HMAC_known_secret_key, -+ HMAC_known_secret_key_length, -+ known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH, -+ HASH_AlgSHA512); -+ -+ if( ( hmac_status != SECSuccess ) || -+ ( PORT_Memcmp( hmac_computed, known_SHA512_hmac, -+ SHA512_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ return( SECSuccess ); -+} -+ -+static SECStatus -+freebl_fips_SHA_PowerUpSelfTest( void ) -+{ -+ /* SHA-1 Known Digest Message (160-bits). */ -+ static const PRUint8 sha1_known_digest[] = { -+ 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b, -+ 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0, -+ 0xe0,0x68,0x47,0x7a}; -+ -+ /* SHA-224 Known Digest Message (224-bits). */ -+ static const PRUint8 sha224_known_digest[] = { -+ 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f, -+ 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f, -+ 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f, -+ 0x8e,0x08,0xe5,0xcb}; -+ -+ /* SHA-256 Known Digest Message (256-bits). */ -+ static const PRUint8 sha256_known_digest[] = { -+ 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61, -+ 0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d, -+ 0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9, -+ 0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79}; -+ -+ /* SHA-384 Known Digest Message (384-bits). */ -+ static const PRUint8 sha384_known_digest[] = { -+ 0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3, -+ 0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe, -+ 0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8, -+ 0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b, -+ 0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3, -+ 0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72}; -+ -+ /* SHA-512 Known Digest Message (512-bits). */ -+ static const PRUint8 sha512_known_digest[] = { -+ 0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf, -+ 0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb, -+ 0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99, -+ 0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28, -+ 0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12, -+ 0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f, -+ 0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a, -+ 0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07}; -+ -+ /* SHA-X variables. */ -+ PRUint8 sha_computed_digest[HASH_LENGTH_MAX]; -+ SECStatus sha_status; -+ -+ /*************************************************/ -+ /* SHA-1 Single-Round Known Answer Hashing Test. */ -+ /*************************************************/ -+ -+ sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -+ -+ if( ( sha_status != SECSuccess ) || -+ ( PORT_Memcmp( sha_computed_digest, sha1_known_digest, -+ SHA1_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ /***************************************************/ -+ /* SHA-224 Single-Round Known Answer Hashing Test. */ -+ /***************************************************/ -+ -+ sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -+ -+ if( ( sha_status != SECSuccess ) || -+ ( PORT_Memcmp( sha_computed_digest, sha224_known_digest, -+ SHA224_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ /***************************************************/ -+ /* SHA-256 Single-Round Known Answer Hashing Test. */ -+ /***************************************************/ -+ -+ sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -+ -+ if( ( sha_status != SECSuccess ) || -+ ( PORT_Memcmp( sha_computed_digest, sha256_known_digest, -+ SHA256_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ /***************************************************/ -+ /* SHA-384 Single-Round Known Answer Hashing Test. */ -+ /***************************************************/ -+ -+ sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -+ -+ if( ( sha_status != SECSuccess ) || -+ ( PORT_Memcmp( sha_computed_digest, sha384_known_digest, -+ SHA384_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ /***************************************************/ -+ /* SHA-512 Single-Round Known Answer Hashing Test. */ -+ /***************************************************/ -+ -+ sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message, -+ FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -+ -+ if( ( sha_status != SECSuccess ) || -+ ( PORT_Memcmp( sha_computed_digest, sha512_known_digest, -+ SHA512_LENGTH ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ return( SECSuccess ); -+} -+ -+ -+static SECStatus -+freebl_fips_RSA_PowerUpSelfTest( void ) -+{ -+ /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */ -+ static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = { -+ 0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5, -+ 0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2, -+ 0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e, -+ 0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88, -+ 0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed, -+ 0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f, -+ 0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9, -+ 0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e, -+ 0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7, -+ 0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7, -+ 0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8, -+ 0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2, -+ 0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57, -+ 0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6, -+ 0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d, -+ 0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20, -+ 0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9, -+ 0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d, -+ 0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7, -+ 0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e, -+ 0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15, -+ 0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12, -+ 0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4, -+ 0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e, -+ 0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77, -+ 0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53, -+ 0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0, -+ 0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46, -+ 0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39, -+ 0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4, -+ 0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43, -+ 0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b}; -+ -+ /* RSA Known Public Key Values (24-bits). */ -+ static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] -+ = { 0x01, 0x00, 0x01 }; -+ /* RSA Known Private Key Values (version is 8-bits), */ -+ /* (private exponent is 2048-bits), */ -+ /* (private prime0 is 1024-bits), */ -+ /* (private prime1 is 1024-bits), */ -+ /* (private prime exponent0 is 1024-bits), */ -+ /* (private prime exponent1 is 1024-bits), */ -+ /* and (private coefficient is 1024-bits). */ -+ static const PRUint8 rsa_version[] = { 0x00 }; -+ -+ static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] -+ = {0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c, -+ 0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67, -+ 0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5, -+ 0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff, -+ 0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35, -+ 0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83, -+ 0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0, -+ 0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00, -+ 0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e, -+ 0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7, -+ 0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67, -+ 0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84, -+ 0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4, -+ 0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54, -+ 0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9, -+ 0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c, -+ 0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06, -+ 0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a, -+ 0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7, -+ 0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8, -+ 0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95, -+ 0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02, -+ 0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb, -+ 0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c, -+ 0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38, -+ 0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44, -+ 0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23, -+ 0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e, -+ 0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d, -+ 0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21, -+ 0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48, -+ 0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81 }; -+ -+ static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = { -+ 0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40, -+ 0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96, -+ 0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f, -+ 0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96, -+ 0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d, -+ 0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc, -+ 0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58, -+ 0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38, -+ 0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85, -+ 0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6, -+ 0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4, -+ 0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f, -+ 0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19, -+ 0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4, -+ 0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95, -+ 0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05}; -+ static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = { -+ 0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06, -+ 0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c, -+ 0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8, -+ 0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34, -+ 0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36, -+ 0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88, -+ 0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9, -+ 0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd, -+ 0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b, -+ 0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35, -+ 0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a, -+ 0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70, -+ 0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05, -+ 0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed, -+ 0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9, -+ 0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf}; -+ static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = { -+ 0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1, -+ 0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a, -+ 0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9, -+ 0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37, -+ 0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d, -+ 0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c, -+ 0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59, -+ 0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01, -+ 0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda, -+ 0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63, -+ 0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde, -+ 0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62, -+ 0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5, -+ 0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2, -+ 0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8, -+ 0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d}; -+ static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = { -+ 0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b, -+ 0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea, -+ 0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44, -+ 0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02, -+ 0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c, -+ 0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a, -+ 0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4, -+ 0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb, -+ 0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea, -+ 0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07, -+ 0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97, -+ 0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55, -+ 0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4, -+ 0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7, -+ 0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40, -+ 0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59}; -+ static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = { -+ 0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96, -+ 0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3, -+ 0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91, -+ 0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83, -+ 0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b, -+ 0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b, -+ 0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0, -+ 0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a, -+ 0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5, -+ 0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd, -+ 0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37, -+ 0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22, -+ 0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21, -+ 0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1, -+ 0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2, -+ 0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02}; -+ -+ /* RSA Known Plaintext Message (1024-bits). */ -+ static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = { -+ "Known plaintext message utilized" -+ "for RSA Encryption & Decryption" -+ "blocks SHA256, SHA384 and " -+ "SHA512 RSA Signature KAT tests. " -+ "Known plaintext message utilized" -+ "for RSA Encryption & Decryption" -+ "blocks SHA256, SHA384 and " -+ "SHA512 RSA Signature KAT tests."}; -+ -+ /* RSA Known Ciphertext (2048-bits). */ -+ static const PRUint8 rsa_known_ciphertext[] = { -+ 0x04, 0x12, 0x46, 0xe3, 0x6a, 0xee, 0xde, 0xdd, -+ 0x49, 0xa1, 0xd9, 0x83, 0xf7, 0x35, 0xf9, 0x70, -+ 0x88, 0x03, 0x2d, 0x01, 0x8b, 0xd1, 0xbf, 0xdb, -+ 0xe5, 0x1c, 0x85, 0xbe, 0xb5, 0x0b, 0x48, 0x45, -+ 0x7a, 0xf0, 0xa0, 0xe3, 0xa2, 0xbb, 0x4b, 0xf6, -+ 0x27, 0xd0, 0x1b, 0x12, 0xe3, 0x77, 0x52, 0x34, -+ 0x9e, 0x8e, 0x03, 0xd2, 0xf8, 0x79, 0x6e, 0x39, -+ 0x79, 0x53, 0x3c, 0x44, 0x14, 0x94, 0xbb, 0x8d, -+ 0xaa, 0x14, 0x44, 0xa0, 0x7b, 0xa5, 0x8c, 0x93, -+ 0x5f, 0x99, 0xa4, 0xa3, 0x6e, 0x7a, 0x38, 0x40, -+ 0x78, 0xfa, 0x36, 0x91, 0x5e, 0x9a, 0x9c, 0xba, -+ 0x1e, 0xd4, 0xf9, 0xda, 0x4b, 0x0f, 0xa8, 0xa3, -+ 0x1c, 0xf3, 0x3a, 0xd1, 0xa5, 0xb4, 0x51, 0x16, -+ 0xed, 0x4b, 0xcf, 0xec, 0x93, 0x7b, 0x90, 0x21, -+ 0xbc, 0x3a, 0xf4, 0x0b, 0xd1, 0x3a, 0x2b, 0xba, -+ 0xa6, 0x7d, 0x5b, 0x53, 0xd8, 0x64, 0xf9, 0x29, -+ 0x7b, 0x7f, 0x77, 0x3e, 0x51, 0x4c, 0x9a, 0x94, -+ 0xd2, 0x4b, 0x4a, 0x8d, 0x61, 0x74, 0x97, 0xae, -+ 0x53, 0x6a, 0xf4, 0x90, 0xc2, 0x2c, 0x49, 0xe2, -+ 0xfa, 0xeb, 0x91, 0xc5, 0xe5, 0x83, 0x13, 0xc9, -+ 0x44, 0x4b, 0x95, 0x2c, 0x57, 0x70, 0x15, 0x5c, -+ 0x64, 0x8d, 0x1a, 0xfd, 0x2a, 0xc7, 0xb2, 0x9c, -+ 0x5c, 0x99, 0xd3, 0x4a, 0xfd, 0xdd, 0xf6, 0x82, -+ 0x87, 0x8c, 0x5a, 0xc4, 0xa8, 0x0d, 0x2a, 0xef, -+ 0xc3, 0xa2, 0x7e, 0x8e, 0x67, 0x9f, 0x6f, 0x63, -+ 0xdb, 0xbb, 0x1d, 0x31, 0xc4, 0xbb, 0xbc, 0x13, -+ 0x3f, 0x54, 0xc6, 0xf6, 0xc5, 0x28, 0x32, 0xab, -+ 0x96, 0x42, 0x10, 0x36, 0x40, 0x92, 0xbb, 0x57, -+ 0x55, 0x38, 0xf5, 0x43, 0x7e, 0x43, 0xc4, 0x65, -+ 0x47, 0x64, 0xaa, 0x0f, 0x4c, 0xe9, 0x49, 0x16, -+ 0xec, 0x6a, 0x50, 0xfd, 0x14, 0x49, 0xca, 0xdb, -+ 0x44, 0x54, 0xca, 0xbe, 0xa3, 0x0e, 0x5f, 0xef}; -+ -+ -+ static const RSAPublicKey bl_public_key = { NULL, -+ { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus, -+ FIPS_RSA_MODULUS_LENGTH }, -+ { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent, -+ FIPS_RSA_PUBLIC_EXPONENT_LENGTH } -+ }; -+ static const RSAPrivateKey bl_private_key = { NULL, -+ { FIPS_RSA_TYPE, (unsigned char *)rsa_version, -+ FIPS_RSA_PRIVATE_VERSION_LENGTH }, -+ { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus, -+ FIPS_RSA_MODULUS_LENGTH }, -+ { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent, -+ FIPS_RSA_PUBLIC_EXPONENT_LENGTH }, -+ { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent, -+ FIPS_RSA_PRIVATE_EXPONENT_LENGTH }, -+ { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0, -+ FIPS_RSA_PRIME0_LENGTH }, -+ { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1, -+ FIPS_RSA_PRIME1_LENGTH }, -+ { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0, -+ FIPS_RSA_EXPONENT0_LENGTH }, -+ { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1, -+ FIPS_RSA_EXPONENT1_LENGTH }, -+ { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient, -+ FIPS_RSA_COEFFICIENT_LENGTH } -+ }; -+ -+ /* RSA variables. */ -+ SECStatus rsa_status; -+ RSAPublicKey rsa_public_key; -+ RSAPrivateKey rsa_private_key; -+ -+ PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH]; -+ PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH]; -+ -+ rsa_public_key = bl_public_key; -+ rsa_private_key = bl_private_key; -+ -+ /**************************************************/ -+ /* RSA Single-Round Known Answer Encryption Test. */ -+ /**************************************************/ -+ -+ /* Perform RSA Public Key Encryption. */ -+ rsa_status = RSA_PublicKeyOp(&rsa_public_key, -+ rsa_computed_ciphertext, -+ rsa_known_plaintext_msg); -+ -+ if( ( rsa_status != SECSuccess ) || -+ ( PORT_Memcmp( rsa_computed_ciphertext, rsa_known_ciphertext, -+ FIPS_RSA_ENCRYPT_LENGTH ) != 0 ) ) -+ goto rsa_loser; -+ -+ /**************************************************/ -+ /* RSA Single-Round Known Answer Decryption Test. */ -+ /**************************************************/ -+ -+ /* Perform RSA Private Key Decryption. */ -+ rsa_status = RSA_PrivateKeyOp(&rsa_private_key, -+ rsa_computed_plaintext, -+ rsa_known_ciphertext); -+ -+ if( ( rsa_status != SECSuccess ) || -+ ( PORT_Memcmp( rsa_computed_plaintext, rsa_known_plaintext_msg, -+ FIPS_RSA_DECRYPT_LENGTH ) != 0 ) ) -+ goto rsa_loser; -+ -+ return( SECSuccess ); -+ -+rsa_loser: -+ -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+} -+ -+#ifdef NSS_ENABLE_ECC -+ -+static SECStatus -+freebl_fips_ECDSA_Test(ECParams *ecparams, -+ const PRUint8 *knownSignature, -+ unsigned int knownSignatureLen) { -+ -+ /* ECDSA Known Seed info for curves nistp256 and nistk283 */ -+ static const PRUint8 ecdsa_Known_Seed[] = { -+ 0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11, -+ 0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1, -+ 0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc, -+ 0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f}; -+ -+ static const PRUint8 msg[] = { -+ "Firefox and ThunderBird are awesome!"}; -+ -+ unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */ -+ unsigned char sig[2*MAX_ECKEY_LEN]; -+ SECItem signature, digest; -+ ECPrivateKey *ecdsa_private_key = NULL; -+ ECPublicKey ecdsa_public_key; -+ SECStatus ecdsaStatus = SECSuccess; -+ -+ /* Generates a new EC key pair. The private key is a supplied -+ * random value (in seed) and the public key is the result of -+ * performing a scalar point multiplication of that value with -+ * the curve's base point. -+ */ -+ ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key, -+ ecdsa_Known_Seed, -+ sizeof(ecdsa_Known_Seed)); -+ if (ecdsaStatus != SECSuccess) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ -+ /* construct public key from private key. */ -+ ecdsa_public_key.ecParams = ecdsa_private_key->ecParams; -+ ecdsa_public_key.publicValue = ecdsa_private_key->publicValue; -+ -+ /* validate public key value */ -+ ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams, -+ &ecdsa_public_key.publicValue); -+ if (ecdsaStatus != SECSuccess) { -+ goto loser; -+ } -+ -+ /* validate public key value */ -+ ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams, -+ &ecdsa_private_key->publicValue); -+ if (ecdsaStatus != SECSuccess) { -+ goto loser; -+ } -+ -+ /***************************************************/ -+ /* ECDSA Single-Round Known Answer Signature Test. */ -+ /***************************************************/ -+ -+ ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg); -+ if (ecdsaStatus != SECSuccess) { -+ goto loser; -+ } -+ digest.type = siBuffer; -+ digest.data = sha1; -+ digest.len = SHA1_LENGTH; -+ -+ memset(sig, 0, sizeof sig); -+ signature.type = siBuffer; -+ signature.data = sig; -+ signature.len = sizeof sig; -+ -+ ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature, -+ &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed); -+ if (ecdsaStatus != SECSuccess) { -+ goto loser; -+ } -+ -+ if( ( signature.len != knownSignatureLen ) || -+ ( PORT_Memcmp( signature.data, knownSignature, -+ knownSignatureLen ) != 0 ) ) { -+ ecdsaStatus = SECFailure; -+ goto loser; -+ } -+ -+ /******************************************************/ -+ /* ECDSA Single-Round Known Answer Verification Test. */ -+ /******************************************************/ -+ -+ /* Perform ECDSA verification process. */ -+ ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest); -+ -+loser: -+ /* free the memory for the private key arena*/ -+ if (ecdsa_private_key != NULL) { -+ PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE); -+ } -+ -+ if (ecdsaStatus != SECSuccess) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); -+ } -+ return( SECSuccess ); -+} -+ -+static SECStatus -+freebl_fips_ECDSA_PowerUpSelfTest() { -+ -+ /* ECDSA Known curve nistp256 == ECCCurve_X9_62_PRIME_256V1 params */ -+ static const unsigned char p256_prime[] = { -+ 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00, -+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; -+ static const unsigned char p256_a[] = { -+ 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00, -+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFC}; -+ static const unsigned char p256_b[] = { -+ 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB,0xBD,0x55,0x76, -+ 0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,0x3B,0xCE, -+ 0x3C,0x3E,0x27,0xD2,0x60,0x4B}; -+ static const unsigned char p256_base[] = { 0x04, -+ 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC,0xE6,0xE5,0x63, -+ 0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,0xF4,0xA1, -+ 0x39,0x45,0xD8,0x98,0xC2,0x96, -+ 0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,0x8E,0xE7,0xEB,0x4A,0x7C, -+ 0x0F,0x9E,0x16,0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,0xCB,0xB6, -+ 0x40,0x68,0x37,0xBF,0x51,0xF5}; -+ static const unsigned char p256_order[] = { -+ 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF, -+ 0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,0xF3,0xB9, -+ 0xCA,0xC2,0xFC,0x63,0x25,0x51}; -+ static const unsigned char p256_encoding[] = { -+ 0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03, 0x01,0x07 }; -+ static const ECParams ecdsa_known_P256_Params = { -+ NULL, ec_params_named, /* arena, type */ -+ /* fieldID */ -+ { 256 , ec_field_GFp, /* size and type */ -+ {{siBuffer, p256_prime, sizeof(p256_prime)}}, /* u.prime */ -+ 0, 0, 0 }, -+ /* curve */ -+ { -+ /* a = curvea b = curveb */ -+ /* curve.a */ -+ { siBuffer, p256_a, sizeof(p256_a) }, -+ /* curve.b */ -+ { siBuffer, p256_b, sizeof(p256_b) }, -+ /* curve.seed */ -+ { siBuffer, NULL, 0} -+ }, -+ /* base = 04xy*/ -+ { siBuffer, p256_base, sizeof(p256_base) }, -+ /* order */ -+ { siBuffer, p256_order, sizeof(p256_order) }, -+ 1,/* cofactor */ -+ /* DEREncoding */ -+ { siBuffer, p256_encoding, sizeof(p256_encoding)}, -+ ECCurve_X9_62_PRIME_256V1, -+ /* curveOID */ -+ { siBuffer, p256_encoding+2, sizeof(p256_encoding)-2}, -+ }; -+ -+ -+ static const PRUint8 ecdsa_known_P256_signature[] = { -+ 0x07,0xb1,0xcb,0x57,0x20,0xa7,0x10,0xd6, -+ 0x9d,0x37,0x4b,0x1c,0xdc,0x35,0x90,0xff, -+ 0x1a,0x2d,0x98,0x95,0x1b,0x2f,0xeb,0x7f, -+ 0xbb,0x81,0xca,0xc0,0x69,0x75,0xea,0xc5, -+ 0x59,0x6a,0x62,0x49,0x3d,0x50,0xc9,0xe1, -+ 0x27,0x3b,0xff,0x9b,0x13,0x66,0x67,0xdd, -+ 0x7d,0xd1,0x0d,0x2d,0x7c,0x44,0x04,0x1b, -+ 0x16,0x21,0x12,0xc5,0xcb,0xbd,0x9e,0x75}; -+ -+#ifdef NSS_ECC_MORE_THAN_SUITE_B -+ /* ECDSA Known curve nistk283 == SEC_OID_SECG_EC_SECT283K1 params */ -+ static const unsigned char k283_poly[] = { -+ 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, -+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, -+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10,0xA1}; -+ static const unsigned char k283_a[] = { -+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, -+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, -+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; -+ static const unsigned char k283_b[] = { -+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, -+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, -+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01}; -+ static const unsigned char k283_base[] = { 0x04, -+ 0x05,0x03,0x21,0x3F,0x78,0xCA,0x44,0x88,0x3F,0x1A,0x3B,0x81,0x62, -+ 0xF1,0x88,0xE5,0x53,0xCD,0x26,0x5F,0x23,0xC1,0x56,0x7A,0x16,0x87, -+ 0x69,0x13,0xB0,0xC2,0xAC,0x24,0x58,0x49,0x28,0x36, -+ 0x01,0xCC,0xDA,0x38,0x0F,0x1C,0x9E,0x31,0x8D,0x90,0xF9,0x5D,0x07, -+ 0xE5,0x42,0x6F,0xE8,0x7E,0x45,0xC0,0xE8,0x18,0x46,0x98,0xE4,0x59, -+ 0x62,0x36,0x4E,0x34,0x11,0x61,0x77,0xDD,0x22,0x59}; -+ static const unsigned char k283_order[] = { -+ 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xE9,0xAE,0x2E,0xD0,0x75,0x77,0x26,0x5D, -+ 0xFF,0x7F,0x94,0x45,0x1E,0x06,0x1E,0x16,0x3C,0x61}; -+ static const PRUint8 k283_encoding[] = { -+ 0x06,0x05,0x2b,0x81,0x04,0x00,0x10}; -+ -+ static const ECParams ecdsa_known_K283_Params = { -+ NULL, ec_params_named, /* arena, type */ -+ /* fieldID */ -+ { 283 , ec_field_GF2m, /* size and type */ -+ {{siBuffer, p283_poly, sizeof(p283_poly)}}, /* u.poly */ -+ 0, 0, 0 }, -+ /* curve */ -+ { -+ /* a = curvea b = curveb */ -+ /* curve.a */ -+ { siBuffer, p283_a, sizeof(p283_a) }, -+ /* curve.b */ -+ { siBuffer, p283_b, sizeof(p283_b) }, -+ /* curve.seed */ -+ { siBuffer, NULL, 0} -+ }, -+ /* base = 04xy*/ -+ { siBuffer, p283_base, sizeof(p283_base) }, -+ /* order */ -+ { siBuffer, p283_order, sizeof(p283_order) }, -+ 4,/* cofactor */ -+ /* DEREncoding */ -+ { siBuffer, k283_encoding, sizeof(k283_encoding)}, -+ /* name */ -+ ECCurve_SECG_CHAR2_283K1, -+ /* curveOID */ -+ { siBuffer, k283_encoding+2, sizeof(k283_encoding)-2}, -+ }; -+ -+ static const PRUint8 ecdsa_known_K283_signature[] = { -+ 0x00,0x45,0x88,0xc0,0x79,0x09,0x07,0xd1, -+ 0x4e,0x88,0xe6,0xd5,0x2f,0x22,0x04,0x74, -+ 0x35,0x24,0x65,0xe8,0x15,0xde,0x90,0x66, -+ 0x94,0x70,0xdd,0x3a,0x14,0x70,0x02,0xd1, -+ 0xef,0x86,0xbd,0x15,0x00,0xd9,0xdc,0xfc, -+ 0x87,0x2e,0x7c,0x99,0xe2,0xe3,0x79,0xb8, -+ 0xd9,0x10,0x49,0x78,0x4b,0x59,0x8b,0x05, -+ 0x77,0xec,0x6c,0xe8,0x35,0xe6,0x2e,0xa9, -+ 0xf9,0x77,0x1f,0x71,0x86,0xa5,0x4a,0xd0}; -+#endif -+ ECParams ecparams; -+ -+ SECStatus rv; -+ -+ /* ECDSA GF(p) prime field curve test */ -+ ecparams = ecdsa_known_P256_Params; -+ rv = freebl_fips_ECDSA_Test(&ecparams, -+ ecdsa_known_P256_signature, -+ sizeof ecdsa_known_P256_signature ); -+ if (rv != SECSuccess) { -+ return( SECFailure ); -+ } -+ -+#ifdef NSS_ECC_MORE_THAN_SUITE_B -+ /* ECDSA GF(2m) binary field curve test */ -+ ecparams = ecdsa_known_K283_Params; -+ rv = freebl_fips_ECDSA_Test(&ecparams, -+ ecdsa_known_K283_signature, -+ sizeof ecdsa_known_K283_signature ); -+ if (rv != SECSuccess) { -+ return( SECFailure ); -+ } -+#endif -+ -+ return( SECSuccess ); -+} -+ -+#endif /* NSS_ENABLE_ECC */ -+ -+static SECStatus -+freebl_fips_DSA_PowerUpSelfTest( void ) -+{ -+ /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */ -+ static const PRUint8 dsa_P[] = { -+ 0x80,0xb0,0xd1,0x9d,0x6e,0xa4,0xf3,0x28, -+ 0x9f,0x24,0xa9,0x8a,0x49,0xd0,0x0c,0x63, -+ 0xe8,0x59,0x04,0xf9,0x89,0x4a,0x5e,0xc0, -+ 0x6d,0xd2,0x67,0x6b,0x37,0x81,0x83,0x0c, -+ 0xfe,0x3a,0x8a,0xfd,0xa0,0x3b,0x08,0x91, -+ 0x1c,0xcb,0xb5,0x63,0xb0,0x1c,0x70,0xd0, -+ 0xae,0xe1,0x60,0x2e,0x12,0xeb,0x54,0xc7, -+ 0xcf,0xc6,0xcc,0xae,0x97,0x52,0x32,0x63, -+ 0xd3,0xeb,0x55,0xea,0x2f,0x4c,0xd5,0xd7, -+ 0x3f,0xda,0xec,0x49,0x27,0x0b,0x14,0x56, -+ 0xc5,0x09,0xbe,0x4d,0x09,0x15,0x75,0x2b, -+ 0xa3,0x42,0x0d,0x03,0x71,0xdf,0x0f,0xf4, -+ 0x0e,0xe9,0x0c,0x46,0x93,0x3d,0x3f,0xa6, -+ 0x6c,0xdb,0xca,0xe5,0xac,0x96,0xc8,0x64, -+ 0x5c,0xec,0x4b,0x35,0x65,0xfc,0xfb,0x5a, -+ 0x1b,0x04,0x1b,0xa1,0x0e,0xfd,0x88,0x15}; -+ -+ static const PRUint8 dsa_Q[] = { -+ 0xad,0x22,0x59,0xdf,0xe5,0xec,0x4c,0x6e, -+ 0xf9,0x43,0xf0,0x4b,0x2d,0x50,0x51,0xc6, -+ 0x91,0x99,0x8b,0xcf}; -+ -+ static const PRUint8 dsa_G[] = { -+ 0x78,0x6e,0xa9,0xd8,0xcd,0x4a,0x85,0xa4, -+ 0x45,0xb6,0x6e,0x5d,0x21,0x50,0x61,0xf6, -+ 0x5f,0xdf,0x5c,0x7a,0xde,0x0d,0x19,0xd3, -+ 0xc1,0x3b,0x14,0xcc,0x8e,0xed,0xdb,0x17, -+ 0xb6,0xca,0xba,0x86,0xa9,0xea,0x51,0x2d, -+ 0xc1,0xa9,0x16,0xda,0xf8,0x7b,0x59,0x8a, -+ 0xdf,0xcb,0xa4,0x67,0x00,0x44,0xea,0x24, -+ 0x73,0xe5,0xcb,0x4b,0xaf,0x2a,0x31,0x25, -+ 0x22,0x28,0x3f,0x16,0x10,0x82,0xf7,0xeb, -+ 0x94,0x0d,0xdd,0x09,0x22,0x14,0x08,0x79, -+ 0xba,0x11,0x0b,0xf1,0xff,0x2d,0x67,0xac, -+ 0xeb,0xb6,0x55,0x51,0x69,0x97,0xa7,0x25, -+ 0x6b,0x9c,0xa0,0x9b,0xd5,0x08,0x9b,0x27, -+ 0x42,0x1c,0x7a,0x69,0x57,0xe6,0x2e,0xed, -+ 0xa9,0x5b,0x25,0xe8,0x1f,0xd2,0xed,0x1f, -+ 0xdf,0xe7,0x80,0x17,0xba,0x0d,0x4d,0x38}; -+ -+ /* DSA Known Random Values (known random key block is 160-bits) */ -+ /* and (known random signature block is 160-bits). */ -+ static const PRUint8 dsa_known_random_key_block[] = { -+ "Mozilla Rules World!"}; -+ static const PRUint8 dsa_known_random_signature_block[] = { -+ "Random DSA Signature"}; -+ -+ /* DSA Known Digest (160-bits) */ -+ static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" }; -+ -+ /* DSA Known Signature (320-bits). */ -+ static const PRUint8 dsa_known_signature[] = { -+ 0x25,0x7c,0x3a,0x79,0x32,0x45,0xb7,0x32, -+ 0x70,0xca,0x62,0x63,0x2b,0xf6,0x29,0x2c, -+ 0x22,0x2a,0x03,0xce,0x48,0x15,0x11,0x72, -+ 0x7b,0x7e,0xf5,0x7a,0xf3,0x10,0x3b,0xde, -+ 0x34,0xc1,0x9e,0xd7,0x27,0x9e,0x77,0x38}; -+ -+ /* DSA variables. */ -+ DSAPrivateKey * dsa_private_key; -+ SECStatus dsa_status; -+ SECItem dsa_signature_item; -+ SECItem dsa_digest_item; -+ DSAPublicKey dsa_public_key; -+ PRUint8 dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH]; -+ static const PQGParams dsa_pqg = { NULL, -+ { FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PRIME_LENGTH }, -+ { FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SUBPRIME_LENGTH }, -+ { FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BASE_LENGTH }}; -+ -+ /*******************************************/ -+ /* Generate a DSA public/private key pair. */ -+ /*******************************************/ -+ -+ /* Generate a DSA public/private key pair. */ -+ dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block, -+ &dsa_private_key); -+ -+ if( dsa_status != SECSuccess ) { -+ PORT_SetError( SEC_ERROR_NO_MEMORY ); -+ return( SECFailure ); -+ } -+ -+ /* construct public key from private key. */ -+ dsa_public_key.params = dsa_private_key->params; -+ dsa_public_key.publicValue = dsa_private_key->publicValue; -+ -+ /*************************************************/ -+ /* DSA Single-Round Known Answer Signature Test. */ -+ /*************************************************/ -+ -+ dsa_signature_item.data = dsa_computed_signature; -+ dsa_signature_item.len = sizeof dsa_computed_signature; -+ -+ dsa_digest_item.data = (unsigned char *)dsa_known_digest; -+ dsa_digest_item.len = SHA1_LENGTH; -+ -+ /* Perform DSA signature process. */ -+ dsa_status = DSA_SignDigestWithSeed( dsa_private_key, -+ &dsa_signature_item, -+ &dsa_digest_item, -+ dsa_known_random_signature_block ); -+ -+ if( ( dsa_status != SECSuccess ) || -+ ( dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH ) || -+ ( PORT_Memcmp( dsa_computed_signature, dsa_known_signature, -+ FIPS_DSA_SIGNATURE_LENGTH ) != 0 ) ) { -+ dsa_status = SECFailure; -+ } else { -+ -+ /****************************************************/ -+ /* DSA Single-Round Known Answer Verification Test. */ -+ /****************************************************/ -+ -+ /* Perform DSA verification process. */ -+ dsa_status = DSA_VerifyDigest( &dsa_public_key, -+ &dsa_signature_item, -+ &dsa_digest_item); -+ } -+ -+ PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE); -+ /* Don't free public key, it uses same arena as private key */ -+ -+ /* Verify DSA signature. */ -+ if( dsa_status != SECSuccess ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return SECFailure; -+ } -+ -+ return( SECSuccess ); -+ -+ -+} -+ -+static SECStatus -+freebl_fips_RNG_PowerUpSelfTest( void ) -+{ -+ static const PRUint8 Q[] = { -+ 0x85,0x89,0x9c,0x77,0xa3,0x79,0xff,0x1a, -+ 0x86,0x6f,0x2f,0x3e,0x2e,0xf9,0x8c,0x9c, -+ 0x9d,0xef,0xeb,0xed}; -+ static const PRUint8 GENX[] = { -+ 0x65,0x48,0xe3,0xca,0xac,0x64,0x2d,0xf7, -+ 0x7b,0xd3,0x4e,0x79,0xc9,0x7d,0xa6,0xa8, -+ 0xa2,0xc2,0x1f,0x8f,0xe9,0xb9,0xd3,0xa1, -+ 0x3f,0xf7,0x0c,0xcd,0xa6,0xca,0xbf,0xce, -+ 0x84,0x0e,0xb6,0xf1,0x0d,0xbe,0xa9,0xa3}; -+ static const PRUint8 rng_known_DSAX[] = { -+ 0x7a,0x86,0xf1,0x7f,0xbd,0x4e,0x6e,0xd9, -+ 0x0a,0x26,0x21,0xd0,0x19,0xcb,0x86,0x73, -+ 0x10,0x1f,0x60,0xd7}; -+ -+ -+ -+ SECStatus rng_status = SECSuccess; -+ PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH]; -+ -+ /*******************************************/ -+ /* Run the SP 800-90 Health tests */ -+ /*******************************************/ -+ rng_status = PRNGTEST_RunHealthTests(); -+ if (rng_status != SECSuccess) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return SECFailure; -+ } -+ -+ /*******************************************/ -+ /* Generate DSAX fow given Q. */ -+ /*******************************************/ -+ -+ rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX); -+ -+ /* Verify DSAX to perform the RNG integrity check */ -+ if( ( rng_status != SECSuccess ) || -+ ( PORT_Memcmp( DSAX, rng_known_DSAX, -+ (FIPS_DSA_SUBPRIME_LENGTH) ) != 0 ) ) { -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return SECFailure; -+ } -+ -+ return( SECSuccess ); -+} -+ -+static SECStatus -+freebl_fipsSoftwareIntegrityTest(const char *libname) -+{ -+ SECStatus rv = SECSuccess; -+ -+ /* make sure that our check file signatures are OK */ -+ if( !BLAPI_VerifySelf(libname) ) { -+ rv = SECFailure; -+ } -+ return rv; -+} -+ -+#define DO_FREEBL 1 -+#define DO_REST 2 -+ -+static SECStatus -+freebl_fipsPowerUpSelfTest( unsigned int tests ) -+{ -+ SECStatus rv; -+ -+ /* -+ * stand alone freebl. Test hash, and rng -+ */ -+ if (tests & DO_FREEBL) { -+ -+ /* MD2 Power-Up SelfTest(s). */ -+ rv = freebl_fips_MD2_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* MD5 Power-Up SelfTest(s). */ -+ rv = freebl_fips_MD5_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* SHA-X Power-Up SelfTest(s). */ -+ rv = freebl_fips_SHA_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* RNG Power-Up SelfTest(s). */ -+ rv = freebl_fips_RNG_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ } -+ -+ /* -+ * test the rest of the algorithms not accessed through freebl -+ * standalone */ -+ if (tests & DO_REST) { -+ -+ /* RC2 Power-Up SelfTest(s). */ -+ rv = freebl_fips_RC2_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* RC4 Power-Up SelfTest(s). */ -+ rv = freebl_fips_RC4_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* DES Power-Up SelfTest(s). */ -+ rv = freebl_fips_DES_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* DES3 Power-Up SelfTest(s). */ -+ rv = freebl_fips_DES3_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* AES Power-Up SelfTest(s) for 128-bit key. */ -+ rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* AES Power-Up SelfTest(s) for 192-bit key. */ -+ rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* AES Power-Up SelfTest(s) for 256-bit key. */ -+ rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* HMAC SHA-X Power-Up SelfTest(s). */ -+ rv = freebl_fips_HMAC_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* NOTE: RSA can only be tested in full freebl. It requires access to -+ * the locking primitives */ -+ /* RSA Power-Up SelfTest(s). */ -+ rv = freebl_fips_RSA_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+ /* DSA Power-Up SelfTest(s). */ -+ rv = freebl_fips_DSA_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+ -+#ifdef NSS_ENABLE_ECC -+ /* ECDSA Power-Up SelfTest(s). */ -+ rv = freebl_fips_ECDSA_PowerUpSelfTest(); -+ -+ if( rv != SECSuccess ) -+ return rv; -+#endif -+ } -+ /* Passed Power-Up SelfTest(s). */ -+ return( SECSuccess ); -+} -+ -+/* -+ * state variables. NOTE: freebl has two uses: a standalone use which -+ * provided limitted access to the hash functions throught the NSSLOWHASH_ -+ * interface and an joint use from softoken, using the function pointer -+ * table. The standalone use can operation without nspr or nss-util, while -+ * the joint use requires both to be loaded. Certain functions (like RSA) -+ * needs locking from NSPR, for instance. -+ * -+ * At load time, we need to handle the two uses separately. If nspr and -+ * nss-util are loaded, then we can run all the selftests, but if nspr and -+ * nss-util are not loaded, then we can't run all the selftests, and we need -+ * to prevent the softoken function pointer table from operating until the -+ * libraries are loaded and we try to use them. -+ */ -+static PRBool self_tests_freebl_ran = PR_FALSE; -+static PRBool self_tests_ran = PR_FALSE; -+static PRBool self_tests_freebl_success = PR_FALSE; -+static PRBool self_tests_success = PR_FALSE; -+static PRBool fips_mode_available = PR_FALSE; -+ -+/* -+ * accessors for freebl -+ */ -+PRBool BL_POSTRan(PRBool freebl_only) -+{ -+ SECStatus rv; -+ /* if the freebl self tests didn't run, there is something wrong with -+ * our on load tests */ -+ if (!self_tests_freebl_ran) { -+ return PR_FALSE; -+ } -+ /* if all the self tests have run, we are good */ -+ if (self_tests_ran) { -+ return PR_TRUE; -+ } -+ /* if we only care about the freebl tests, we are good */ -+ if (freebl_only) { -+ return PR_TRUE; -+ } -+ /* run the rest of the self tests */ -+ /* We could get there if freebl was loaded without the rest of the support -+ * libraries, but now we want to use more than just a standalone freebl. -+ * This requires the other libraries to be loaded. -+ * If they are now loaded, Try to run the rest of the selftests, -+ * otherwise fail (disabling access to these algorithms) */ -+ self_tests_ran = PR_TRUE; -+ BL_Init(); /* required by RSA */ -+ RNG_RNGInit(); /* required by RSA */ -+ rv = freebl_fipsPowerUpSelfTest(DO_REST); -+ if (rv == SECSuccess) { -+ self_tests_success = PR_TRUE; -+ } -+ return PR_TRUE; -+} -+ -+#include "blname.c" -+ -+/* -+ * This function is called at dll load time, the code tha makes this -+ * happen is platform specific on defined above. -+ */ -+static void -+bl_startup_tests(void) -+{ -+ const char *libraryName; -+ PRBool freebl_only = PR_FALSE; -+ SECStatus rv; -+ -+ PORT_Assert(self_tests_freebl_ran == PR_FALSE); -+ PORT_Assert(self_tests_success == PR_FALSE); -+ PORT_Assert(fips_mode_available == PR_FALSE); -+ self_tests_freebl_ran = PR_TRUE; /* we are running the tests */ -+ self_tests_success = PR_FALSE; /* force it just in case */ -+ self_tests_freebl_success = PR_FALSE; /* force it just in case */ -+ -+#ifdef FREEBL_NO_DEPEND -+ rv = FREEBL_InitStubs(); -+ if (rv != SECSuccess) { -+ freebl_only = PR_TRUE; -+ } -+#endif -+ -+ -+ self_tests_freebl_ran = PR_TRUE; /* we are running the tests */ -+ -+ if (!freebl_only) { -+ self_tests_ran = PR_TRUE; /* we're running all the tests */ -+ BL_Init(); /* needs to be called before RSA can be used */ -+ RNG_RNGInit(); -+ } -+ -+ /* always run the post tests */ -+ rv = freebl_fipsPowerUpSelfTest(freebl_only? DO_FREEBL : DO_FREEBL|DO_REST); -+ if (rv != SECSuccess) { -+ return; -+ } -+ -+ libraryName = getLibName(); -+ rv = freebl_fipsSoftwareIntegrityTest(libraryName); -+ if (rv != SECSuccess) { -+ return; -+ } -+ -+ /* posts are happy, allow the fips module to function now */ -+ self_tests_freebl_success = PR_TRUE; /* we always test the freebl stuff */ -+ if (!freebl_only) { -+ self_tests_success = PR_TRUE; -+ } -+} -+ -+/* -+ * this is called from the freebl init entry points that controll access to -+ * all other freebl functions. This prevents freebl from operating if our -+ * power on selftest failed. -+ */ -+SECStatus -+BL_FIPSEntryOK(PRBool freebl_only) { -+#ifdef NO_INIT_SUPPORT -+ /* this should only be set on platforms that can't handle one of the INIT -+ * schemes. This code allows those platforms to continue to function, -+ * though they don't meet the strict NIST requirements. If NO_INIT_SUPPORT -+ * is not set, and init support has not been properly enabled, freebl -+ * will always fail because of the test below */ -+ */ -+ if (!self_tests_freebl_ran) { -+ bl_startup_tests(); -+ } -+#endif -+ /* if the general self tests succeeded, we're done */ -+ if (self_tests_success) { -+ return SECSuccess; -+ } -+ /* standalone freebl can initialize */ -+ if (freebl_only & self_tests_freebl_success) { -+ return SECSuccess; -+ } -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ return SECFailure; -+} -+ -diff -up ./nss/lib/freebl/ldvector.c.fips-post ./nss/lib/freebl/ldvector.c ---- ./nss/lib/freebl/ldvector.c.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/ldvector.c 2014-09-22 10:13:18.650063194 -0700 -@@ -12,6 +12,7 @@ extern int FREEBL_InitStubs(void); - #include "loader.h" - #include "alghmac.h" - #include "hmacct.h" -+#include "blapii.h" - - - static const struct FREEBLVectorStr vector = -@@ -299,11 +300,20 @@ FREEBL_GetVector(void) - - /* force a reference that won't get optimized away */ - volatile char c; -+ SECStatus rv; - - c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0]; - #ifdef FREEBL_NO_DEPEND -- FREEBL_InitStubs(); -+ /* this entry point is only valid if nspr and nss-util has been loaded */ -+ rv = FREEBL_InitStubs(); -+ if (rv != SECSuccess) { -+ return NULL; -+ } - #endif -+ /* make sure the Full self tests have been run before continuing */ -+ BL_POSTRan(PR_FALSE); -+ -+ - return &vector; - } - -diff -up ./nss/lib/freebl/loader.c.fips-post ./nss/lib/freebl/loader.c ---- ./nss/lib/freebl/loader.c.fips-post 2014-09-22 10:04:04.406776756 -0700 -+++ ./nss/lib/freebl/loader.c 2014-09-22 10:15:15.869027191 -0700 -@@ -10,93 +10,7 @@ - #include "prerror.h" - #include "prinit.h" - #include "prenv.h" -- --static const char* default_name = -- SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX; -- --/* getLibName() returns the name of the library to load. */ -- --#if defined(SOLARIS) && defined(__sparc) --#include --#include --#include -- -- --#if defined(NSS_USE_64) -- --const static char fpu_hybrid_shared_lib[] = "libfreebl_64fpu_3.so"; --const static char int_hybrid_shared_lib[] = "libfreebl_64int_3.so"; --const static char non_hybrid_shared_lib[] = "libfreebl_64fpu_3.so"; -- --const static char int_hybrid_isa[] = "sparcv9"; --const static char fpu_hybrid_isa[] = "sparcv9+vis"; -- --#else -- --const static char fpu_hybrid_shared_lib[] = "libfreebl_32fpu_3.so"; --const static char int_hybrid_shared_lib[] = "libfreebl_32int64_3.so"; --/* This was for SPARC V8, now obsolete. */ --const static char *const non_hybrid_shared_lib = NULL; -- --const static char int_hybrid_isa[] = "sparcv8plus"; --const static char fpu_hybrid_isa[] = "sparcv8plus+vis"; -- --#endif -- --static const char * --getLibName(void) --{ -- char * found_int_hybrid; -- char * found_fpu_hybrid; -- long buflen; -- char buf[256]; -- -- buflen = sysinfo(SI_ISALIST, buf, sizeof buf); -- if (buflen <= 0) -- return NULL; -- /* sysinfo output is always supposed to be NUL terminated, but ... */ -- if (buflen < sizeof buf) -- buf[buflen] = '\0'; -- else -- buf[(sizeof buf) - 1] = '\0'; -- /* The ISA list is a space separated string of names of ISAs and -- * ISA extensions, in order of decreasing performance. -- * There are two different ISAs with which NSS's crypto code can be -- * accelerated. If both are in the list, we take the first one. -- * If one is in the list, we use it, and if neither then we use -- * the base unaccelerated code. -- */ -- found_int_hybrid = strstr(buf, int_hybrid_isa); -- found_fpu_hybrid = strstr(buf, fpu_hybrid_isa); -- if (found_fpu_hybrid && -- (!found_int_hybrid || -- (found_int_hybrid - found_fpu_hybrid) >= 0)) { -- return fpu_hybrid_shared_lib; -- } -- if (found_int_hybrid) { -- return int_hybrid_shared_lib; -- } -- return non_hybrid_shared_lib; --} -- --#elif defined(HPUX) && !defined(NSS_USE_64) && !defined(__ia64) --#include -- --/* This code tests to see if we're running on a PA2.x CPU. --** It returns true (1) if so, and false (0) otherwise. --*/ --static const char * --getLibName(void) --{ -- long cpu = sysconf(_SC_CPU_VERSION); -- return (cpu == CPU_PA_RISC2_0) -- ? "libfreebl_32fpu_3.sl" -- : "libfreebl_32int_3.sl" ; --} --#else --/* default case, for platforms/ABIs that have only one freebl shared lib. */ --static const char * getLibName(void) { return default_name; } --#endif -+#include "blname.c" - - #include "prio.h" - #include "prprf.h" -diff -up ./nss/lib/freebl/manifest.mn.fips-post ./nss/lib/freebl/manifest.mn ---- ./nss/lib/freebl/manifest.mn.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/manifest.mn 2014-09-22 10:04:04.406776756 -0700 -@@ -103,6 +103,7 @@ CSRCS = \ - drbg.c \ - cts.c \ - ctr.c \ -+ fipsfreebl.c \ - gcm.c \ - hmacct.c \ - rijndael.c \ -diff -up ./nss/lib/freebl/nsslowhash.c.fips-post ./nss/lib/freebl/nsslowhash.c ---- ./nss/lib/freebl/nsslowhash.c.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/nsslowhash.c 2014-09-22 10:04:04.407776773 -0700 -@@ -7,244 +7,11 @@ - #endif - #include "prtypes.h" - #include "secerr.h" --#include "pkcs11t.h" - #include "blapi.h" - #include "hasht.h" - #include "plhash.h" - #include "nsslowhash.h" -- --/* FIPS preprocessor directives for message digests */ --#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */ -- --/* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */ --static const PRUint8 known_hash_message[] = { -- "The test message for the MD2, MD5, and SHA-1 hashing algorithms." }; -- --static CK_RV --freebl_fips_MD2_PowerUpSelfTest( void ) --{ -- /* MD2 Known Digest Message (128-bits). */ -- static const PRUint8 md2_known_digest[] = { -- 0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17, -- 0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b}; -- -- /* MD2 variables. */ -- MD2Context * md2_context; -- unsigned int md2_bytes_hashed; -- PRUint8 md2_computed_digest[MD2_LENGTH]; -- -- -- /***********************************************/ -- /* MD2 Single-Round Known Answer Hashing Test. */ -- /***********************************************/ -- -- md2_context = MD2_NewContext(); -- -- if( md2_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- MD2_Begin( md2_context ); -- -- MD2_Update( md2_context, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH ); -- -- MD2_DestroyContext( md2_context , PR_TRUE ); -- -- if( ( md2_bytes_hashed != MD2_LENGTH ) || -- ( PORT_Memcmp( md2_computed_digest, md2_known_digest, -- MD2_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- -- -- --static CK_RV --freebl_fips_MD5_PowerUpSelfTest( void ) --{ -- /* MD5 Known Digest Message (128-bits). */ -- static const PRUint8 md5_known_digest[] = { -- 0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28, -- 0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d}; -- -- /* MD5 variables. */ -- PRUint8 md5_computed_digest[MD5_LENGTH]; -- SECStatus md5_status; -- -- -- /***********************************************/ -- /* MD5 Single-Round Known Answer Hashing Test. */ -- /***********************************************/ -- -- md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( md5_status != SECSuccess ) || -- ( PORT_Memcmp( md5_computed_digest, md5_known_digest, -- MD5_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- --static CK_RV --freebl_fips_SHA_PowerUpSelfTest( void ) --{ -- /* SHA-1 Known Digest Message (160-bits). */ -- static const PRUint8 sha1_known_digest[] = { -- 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b, -- 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0, -- 0xe0,0x68,0x47,0x7a}; -- -- /* SHA-224 Known Digest Message (224-bits). */ -- static const PRUint8 sha224_known_digest[] = { -- 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f, -- 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f, -- 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f, -- 0x8e,0x08,0xe5,0xcb}; -- -- /* SHA-256 Known Digest Message (256-bits). */ -- static const PRUint8 sha256_known_digest[] = { -- 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61, -- 0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d, -- 0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9, -- 0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79}; -- -- /* SHA-384 Known Digest Message (384-bits). */ -- static const PRUint8 sha384_known_digest[] = { -- 0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3, -- 0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe, -- 0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8, -- 0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b, -- 0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3, -- 0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72}; -- -- /* SHA-512 Known Digest Message (512-bits). */ -- static const PRUint8 sha512_known_digest[] = { -- 0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf, -- 0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb, -- 0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99, -- 0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28, -- 0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12, -- 0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f, -- 0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a, -- 0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07}; -- -- /* SHA-X variables. */ -- PRUint8 sha_computed_digest[HASH_LENGTH_MAX]; -- SECStatus sha_status; -- -- /*************************************************/ -- /* SHA-1 Single-Round Known Answer Hashing Test. */ -- /*************************************************/ -- -- sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( sha_status != SECSuccess ) || -- ( PORT_Memcmp( sha_computed_digest, sha1_known_digest, -- SHA1_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* SHA-224 Single-Round Known Answer Hashing Test. */ -- /***************************************************/ -- -- sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( sha_status != SECSuccess ) || -- ( PORT_Memcmp( sha_computed_digest, sha224_known_digest, -- SHA224_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* SHA-256 Single-Round Known Answer Hashing Test. */ -- /***************************************************/ -- -- sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( sha_status != SECSuccess ) || -- ( PORT_Memcmp( sha_computed_digest, sha256_known_digest, -- SHA256_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* SHA-384 Single-Round Known Answer Hashing Test. */ -- /***************************************************/ -- -- sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( sha_status != SECSuccess ) || -- ( PORT_Memcmp( sha_computed_digest, sha384_known_digest, -- SHA384_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* SHA-512 Single-Round Known Answer Hashing Test. */ -- /***************************************************/ -- -- sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( sha_status != SECSuccess ) || -- ( PORT_Memcmp( sha_computed_digest, sha512_known_digest, -- SHA512_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- -- --static CK_RV --freebl_fipsSoftwareIntegrityTest(void) --{ -- CK_RV crv = CKR_OK; -- -- /* make sure that our check file signatures are OK */ -- if (!BLAPI_VerifySelf(SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX)) { -- crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */ -- } -- return crv; --} -- --CK_RV --freebl_fipsPowerUpSelfTest( void ) --{ -- CK_RV rv; -- -- /* MD2 Power-Up SelfTest(s). */ -- rv = freebl_fips_MD2_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* MD5 Power-Up SelfTest(s). */ -- rv = freebl_fips_MD5_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* SHA-X Power-Up SelfTest(s). */ -- rv = freebl_fips_SHA_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* Software/Firmware Integrity Test. */ -- rv = freebl_fipsSoftwareIntegrityTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* Passed Power-Up SelfTest(s). */ -- return( CKR_OK ); --} -+#include "blapii.h" - - struct NSSLOWInitContextStr { - int count; -@@ -276,17 +43,13 @@ static int nsslow_GetFIPSEnabled(void) { - return 1; - } - -- --static int post = 0; --static int post_failed = 0; -- - static NSSLOWInitContext dummyContext = { 0 }; -+PRBool post_failed = PR_TRUE; - - NSSLOWInitContext * - NSSLOW_Init(void) - { - SECStatus rv; -- CK_RV crv; - #ifdef FREEBL_NO_DEPEND - PRBool nsprAvailable = PR_FALSE; - -@@ -295,22 +58,18 @@ NSSLOW_Init(void) - nsprAvailable = (rv == SECSuccess ) ? PR_TRUE : PR_FALSE; - #endif - -- if (post_failed) { -- return NULL; -- } -- -- -- if (!post && nsslow_GetFIPSEnabled()) { -- crv = freebl_fipsPowerUpSelfTest(); -- if (crv != CKR_OK) { -- post_failed = 1; -+ /* make sure the FIPS product is installed if we are trying to -+ * go into FIPS mode */ -+ if (nsslow_GetFIPSEnabled()) { -+ if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) { -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ post_failed = PR_TRUE; - return NULL; - } -- } -- post = 1; -- -+ } -+ post_failed = PR_FALSE; - -- return &dummyContext; -+ return &dummyContext; - } - - void -@@ -324,8 +83,6 @@ void - NSSLOW_Reset(NSSLOWInitContext *context) - { - PORT_Assert(context == &dummyContext); -- post_failed = 0; -- post = 0; - return; - } - -diff -up ./nss/lib/freebl/shvfy.c.fips-post ./nss/lib/freebl/shvfy.c ---- ./nss/lib/freebl/shvfy.c.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/shvfy.c 2014-09-22 10:04:04.407776773 -0700 -@@ -16,6 +16,7 @@ - #include "prmem.h" - #include "hasht.h" - #include "pqg.h" -+#include "blapii.h" - - /* - * Most modern version of Linux support a speed optimization scheme where an -@@ -273,8 +274,10 @@ readItem(PRFileDesc *fd, SECItem *item) - return SECSuccess; - } - --PRBool --BLAPI_SHVerify(const char *name, PRFuncPtr addr) -+static PRBool blapi_SHVerifyFile(const char *shName, PRBool self); -+ -+static PRBool -+blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self) - { - PRBool result = PR_FALSE; /* if anything goes wrong, - * the signature does not verify */ -@@ -283,7 +286,7 @@ BLAPI_SHVerify(const char *name, PRFuncP - if (!shName) { - goto loser; - } -- result = BLAPI_SHVerifyFile(shName); -+ result = blapi_SHVerifyFile(shName, self); - - loser: - if (shName != NULL) { -@@ -294,8 +297,20 @@ loser: - } - - PRBool -+BLAPI_SHVerify(const char *name, PRFuncPtr addr) -+{ -+ return blapi_SHVerify(name, addr, PR_FALSE); -+} -+ -+PRBool - BLAPI_SHVerifyFile(const char *shName) - { -+ return blapi_SHVerifyFile(shName, PR_FALSE); -+} -+ -+static PRBool -+blapi_SHVerifyFile(const char *shName, PRBool self) -+{ - char *checkName = NULL; - PRFileDesc *checkFD = NULL; - PRFileDesc *shFD = NULL; -@@ -320,6 +335,12 @@ BLAPI_SHVerifyFile(const char *shName) - hash.data = hashBuf; - hash.len = sizeof(hashBuf); - -+ /* If our integrity check was never ran or failed, fail any other -+ * integrity checks to prevent any token going into FIPS mode. */ -+ if (!self && (BL_FIPSEntryOK(PR_FALSE) != SECSuccess)) { -+ return PR_FALSE; -+ } -+ - if (!shName) { - goto loser; - } -@@ -504,5 +525,5 @@ BLAPI_VerifySelf(const char *name) - */ - return PR_TRUE; - } -- return BLAPI_SHVerify(name, (PRFuncPtr) decodeInt); -+ return blapi_SHVerify(name, (PRFuncPtr) decodeInt, PR_TRUE); - } -diff -up ./nss/lib/freebl/stubs.c.fips-post ./nss/lib/freebl/stubs.c ---- ./nss/lib/freebl/stubs.c.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/stubs.c 2014-09-22 10:04:04.408776789 -0700 -@@ -83,7 +83,7 @@ - /* - * this uses the loader weak attribute. it works automatically, but once - * freebl is loaded, the symbols are 'fixed' (later loading of NSPR or -- * libutil will not resolve these symbols. -+ * libutil will not resolve these symbols). - */ - - #define STUB_DECLARE(ret, fn, args) \ -@@ -116,6 +116,7 @@ STUB_DECLARE(void *,PORT_ZAlloc_Util,(si - STUB_DECLARE(void,PORT_ZFree_Util,(void *ptr, size_t len)); - - STUB_DECLARE(void,PR_Assert,(const char *s, const char *file, PRIntn ln)); -+STUB_DECLARE(PRStatus,PR_Access,(const char *name, PRAccessHow how)); - STUB_DECLARE(PRStatus,PR_CallOnce,(PRCallOnceType *once, PRCallOnceFN func)); - STUB_DECLARE(PRStatus,PR_Close,(PRFileDesc *fd)); - STUB_DECLARE(void,PR_DestroyLock,(PRLock *lock)); -@@ -339,6 +340,26 @@ PR_Seek_stub(PRFileDesc *fd, PROffset32 - return lseek(*lfd, offset, lwhence); - } - -+PRStatus PR_Access_stub(const char *name, PRAccessHow how) -+{ -+ int mode = F_OK; -+ int rv; -+ STUB_SAFE_CALL2(PR_Access, name, how); -+ switch (how) { -+ case PR_ACCESS_WRITE_OK: -+ mode = W_OK; -+ break; -+ case PR_ACCESS_READ_OK: -+ mode = R_OK; -+ break; -+ /* assume F_OK for all others */ -+ } -+ rv = access(name, mode); -+ if (rv == 0) { -+ return PR_SUCCESS; -+ } -+ return PR_FAILURE; -+} - - /* - * library -@@ -557,6 +578,7 @@ freebl_InitNSPR(void *lib) - STUB_FETCH_FUNCTION(PR_Seek); - STUB_FETCH_FUNCTION(PR_GetLibraryFilePathname); - STUB_FETCH_FUNCTION(PR_Assert); -+ STUB_FETCH_FUNCTION(PR_Access); - STUB_FETCH_FUNCTION(PR_Sleep); - STUB_FETCH_FUNCTION(PR_CallOnce); - STUB_FETCH_FUNCTION(PR_NewCondVar); -diff -up ./nss/lib/freebl/stubs.h.fips-post ./nss/lib/freebl/stubs.h ---- ./nss/lib/freebl/stubs.h.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/stubs.h 2014-09-22 10:04:04.408776789 -0700 -@@ -40,6 +40,7 @@ - #define NSS_SecureMemcmp NSS_SecureMemcmp_stub - - #define PR_Assert PR_Assert_stub -+#define PR_Access PR_Access_stub - #define PR_CallOnce PR_CallOnce_stub - #define PR_Close PR_Close_stub - #define PR_DestroyCondVar PR_DestroyCondVar_stub -diff -up ./nss/lib/softoken/fipstest.c.fips-post ./nss/lib/softoken/fipstest.c ---- ./nss/lib/softoken/fipstest.c.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/fipstest.c 2014-09-22 10:48:35.535568787 -0700 -@@ -5,52 +5,69 @@ - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - --#include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */ -- /* DES-CBC, DES3-ECB, DES3-CBC, RSA */ -- /* and DSA. */ --#include "seccomon.h" /* Required for RSA and DSA. */ --#include "lowkeyi.h" /* Required for RSA and DSA. */ --#include "pkcs11.h" /* Required for PKCS #11. */ -+#include "seccomon.h" -+#include "blapi.h" -+#include "softoken.h" -+#include "lowkeyi.h" -+#include "secoid.h" - #include "secerr.h" - --#ifndef NSS_DISABLE_ECC --#include "ec.h" /* Required for ECDSA */ -+/* -+ * different platforms have different ways of calling and initial entry point -+ * when the dll/.so is loaded. Most platforms support either a posix pragma -+ * or the GCC attribute. Some platforms suppor a pre-defined name, and some -+ * platforms have a link line way of invoking this function. -+ */ -+ -+/* The pragma */ -+#if defined(USE_INIT_PRAGMA) -+#pragma init(sftk_startup_tests) - #endif - -+/* GCC Attribute */ -+#ifdef __GNUC__ -+#define INIT_FUNCTION __attribute__((constructor)) -+#else -+#define INIT_FUNCTION -+#endif - --/* FIPS preprocessor directives for RC2-ECB and RC2-CBC. */ --#define FIPS_RC2_KEY_LENGTH 5 /* 40-bits */ --#define FIPS_RC2_ENCRYPT_LENGTH 8 /* 64-bits */ --#define FIPS_RC2_DECRYPT_LENGTH 8 /* 64-bits */ -- -- --/* FIPS preprocessor directives for RC4. */ --#define FIPS_RC4_KEY_LENGTH 5 /* 40-bits */ --#define FIPS_RC4_ENCRYPT_LENGTH 8 /* 64-bits */ --#define FIPS_RC4_DECRYPT_LENGTH 8 /* 64-bits */ -- -- --/* FIPS preprocessor directives for DES-ECB and DES-CBC. */ --#define FIPS_DES_ENCRYPT_LENGTH 8 /* 64-bits */ --#define FIPS_DES_DECRYPT_LENGTH 8 /* 64-bits */ -- -- --/* FIPS preprocessor directives for DES3-CBC and DES3-ECB. */ --#define FIPS_DES3_ENCRYPT_LENGTH 8 /* 64-bits */ --#define FIPS_DES3_DECRYPT_LENGTH 8 /* 64-bits */ -- -- --/* FIPS preprocessor directives for AES-ECB and AES-CBC. */ --#define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */ --#define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */ --#define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */ --#define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */ --#define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */ --#define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */ -+static void INIT_FUNCTION sftk_startup_tests(void); - -+/* Windows pre-defined entry */ -+#ifdef XP_WIN -+#include -+#include -+ -+BOOL WINAPI DllMain( -+ HINSTANCE hinstDLL, // handle to DLL module -+ DWORD fdwReason, // reason for calling function -+ LPVOID lpReserved ) // reserved -+{ -+ // Perform actions based on the reason for calling. -+ switch( fdwReason ) -+ { -+ case DLL_PROCESS_ATTACH: -+ // Initialize once for each new process. -+ // Return FALSE to fail DLL load. -+ sftk_startup_tests(); -+ break; -+ -+ case DLL_THREAD_ATTACH: -+ // Do thread-specific initialization. -+ break; -+ -+ case DLL_THREAD_DETACH: -+ // Do thread-specific cleanup. -+ break; -+ -+ case DLL_PROCESS_DETACH: -+ // Perform any necessary cleanup. -+ break; -+ } -+ return TRUE; // Successful DLL_PROCESS_ATTACH. -+} -+#endif - --/* FIPS preprocessor directives for message digests */ --#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */ - - - /* FIPS preprocessor directives for RSA. */ -@@ -69,1001 +86,8 @@ - #define FIPS_RSA_SIGNATURE_LENGTH 256 /* 2048-bits */ - #define FIPS_RSA_MODULUS_LENGTH 256 /* 2048-bits */ - -- --/* FIPS preprocessor directives for DSA. */ --#define FIPS_DSA_TYPE siBuffer --#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */ --#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */ --#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */ --#define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */ --#define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */ -- --/* FIPS preprocessor directives for RNG. */ --#define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */ -- --static CK_RV --sftk_fips_RC2_PowerUpSelfTest( void ) --{ -- /* RC2 Known Key (40-bits). */ -- static const PRUint8 rc2_known_key[] = { "RSARC" }; -- -- /* RC2-CBC Known Initialization Vector (64-bits). */ -- static const PRUint8 rc2_cbc_known_initialization_vector[] = {"Security"}; -- -- /* RC2 Known Plaintext (64-bits). */ -- static const PRUint8 rc2_ecb_known_plaintext[] = {"Netscape"}; -- static const PRUint8 rc2_cbc_known_plaintext[] = {"Netscape"}; -- -- /* RC2 Known Ciphertext (64-bits). */ -- static const PRUint8 rc2_ecb_known_ciphertext[] = { -- 0x1a,0x71,0x33,0x54,0x8d,0x5c,0xd2,0x30}; -- static const PRUint8 rc2_cbc_known_ciphertext[] = { -- 0xff,0x41,0xdb,0x94,0x8a,0x4c,0x33,0xb3}; -- -- /* RC2 variables. */ -- PRUint8 rc2_computed_ciphertext[FIPS_RC2_ENCRYPT_LENGTH]; -- PRUint8 rc2_computed_plaintext[FIPS_RC2_DECRYPT_LENGTH]; -- RC2Context * rc2_context; -- unsigned int rc2_bytes_encrypted; -- unsigned int rc2_bytes_decrypted; -- SECStatus rc2_status; -- -- -- /******************************************************/ -- /* RC2-ECB Single-Round Known Answer Encryption Test: */ -- /******************************************************/ -- -- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -- NULL, NSS_RC2, -- FIPS_RC2_KEY_LENGTH ); -- -- if( rc2_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext, -- &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH, -- rc2_ecb_known_plaintext, -- FIPS_RC2_DECRYPT_LENGTH ); -- -- RC2_DestroyContext( rc2_context, PR_TRUE ); -- -- if( ( rc2_status != SECSuccess ) || -- ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( rc2_computed_ciphertext, rc2_ecb_known_ciphertext, -- FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /******************************************************/ -- /* RC2-ECB Single-Round Known Answer Decryption Test: */ -- /******************************************************/ -- -- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -- NULL, NSS_RC2, -- FIPS_RC2_KEY_LENGTH ); -- -- if( rc2_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext, -- &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH, -- rc2_ecb_known_ciphertext, -- FIPS_RC2_ENCRYPT_LENGTH ); -- -- RC2_DestroyContext( rc2_context, PR_TRUE ); -- -- if( ( rc2_status != SECSuccess ) || -- ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext, -- FIPS_RC2_DECRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /******************************************************/ -- /* RC2-CBC Single-Round Known Answer Encryption Test: */ -- /******************************************************/ -- -- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -- rc2_cbc_known_initialization_vector, -- NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH ); -- -- if( rc2_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext, -- &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH, -- rc2_cbc_known_plaintext, -- FIPS_RC2_DECRYPT_LENGTH ); -- -- RC2_DestroyContext( rc2_context, PR_TRUE ); -- -- if( ( rc2_status != SECSuccess ) || -- ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( rc2_computed_ciphertext, rc2_cbc_known_ciphertext, -- FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /******************************************************/ -- /* RC2-CBC Single-Round Known Answer Decryption Test: */ -- /******************************************************/ -- -- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -- rc2_cbc_known_initialization_vector, -- NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH ); -- -- if( rc2_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext, -- &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH, -- rc2_cbc_known_ciphertext, -- FIPS_RC2_ENCRYPT_LENGTH ); -- -- RC2_DestroyContext( rc2_context, PR_TRUE ); -- -- if( ( rc2_status != SECSuccess ) || -- ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext, -- FIPS_RC2_DECRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- -- --static CK_RV --sftk_fips_RC4_PowerUpSelfTest( void ) --{ -- /* RC4 Known Key (40-bits). */ -- static const PRUint8 rc4_known_key[] = { "RSARC" }; -- -- /* RC4 Known Plaintext (64-bits). */ -- static const PRUint8 rc4_known_plaintext[] = { "Netscape" }; -- -- /* RC4 Known Ciphertext (64-bits). */ -- static const PRUint8 rc4_known_ciphertext[] = { -- 0x29,0x33,0xc7,0x9a,0x9d,0x6c,0x09,0xdd}; -- -- /* RC4 variables. */ -- PRUint8 rc4_computed_ciphertext[FIPS_RC4_ENCRYPT_LENGTH]; -- PRUint8 rc4_computed_plaintext[FIPS_RC4_DECRYPT_LENGTH]; -- RC4Context * rc4_context; -- unsigned int rc4_bytes_encrypted; -- unsigned int rc4_bytes_decrypted; -- SECStatus rc4_status; -- -- -- /**************************************************/ -- /* RC4 Single-Round Known Answer Encryption Test: */ -- /**************************************************/ -- -- rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH ); -- -- if( rc4_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- rc4_status = RC4_Encrypt( rc4_context, rc4_computed_ciphertext, -- &rc4_bytes_encrypted, FIPS_RC4_ENCRYPT_LENGTH, -- rc4_known_plaintext, FIPS_RC4_DECRYPT_LENGTH ); -- -- RC4_DestroyContext( rc4_context, PR_TRUE ); -- -- if( ( rc4_status != SECSuccess ) || -- ( rc4_bytes_encrypted != FIPS_RC4_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( rc4_computed_ciphertext, rc4_known_ciphertext, -- FIPS_RC4_ENCRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /**************************************************/ -- /* RC4 Single-Round Known Answer Decryption Test: */ -- /**************************************************/ -- -- rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH ); -- -- if( rc4_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- rc4_status = RC4_Decrypt( rc4_context, rc4_computed_plaintext, -- &rc4_bytes_decrypted, FIPS_RC4_DECRYPT_LENGTH, -- rc4_known_ciphertext, FIPS_RC4_ENCRYPT_LENGTH ); -- -- RC4_DestroyContext( rc4_context, PR_TRUE ); -- -- if( ( rc4_status != SECSuccess ) || -- ( rc4_bytes_decrypted != FIPS_RC4_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( rc4_computed_plaintext, rc4_known_plaintext, -- FIPS_RC4_DECRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- -- --static CK_RV --sftk_fips_DES_PowerUpSelfTest( void ) --{ -- /* DES Known Key (56-bits). */ -- static const PRUint8 des_known_key[] = { "ANSI DES" }; -- -- /* DES-CBC Known Initialization Vector (64-bits). */ -- static const PRUint8 des_cbc_known_initialization_vector[] = { "Security" }; -- -- /* DES Known Plaintext (64-bits). */ -- static const PRUint8 des_ecb_known_plaintext[] = { "Netscape" }; -- static const PRUint8 des_cbc_known_plaintext[] = { "Netscape" }; -- -- /* DES Known Ciphertext (64-bits). */ -- static const PRUint8 des_ecb_known_ciphertext[] = { -- 0x26,0x14,0xe9,0xc3,0x28,0x80,0x50,0xb0}; -- static const PRUint8 des_cbc_known_ciphertext[] = { -- 0x5e,0x95,0x94,0x5d,0x76,0xa2,0xd3,0x7d}; -- -- /* DES variables. */ -- PRUint8 des_computed_ciphertext[FIPS_DES_ENCRYPT_LENGTH]; -- PRUint8 des_computed_plaintext[FIPS_DES_DECRYPT_LENGTH]; -- DESContext * des_context; -- unsigned int des_bytes_encrypted; -- unsigned int des_bytes_decrypted; -- SECStatus des_status; -- -- -- /******************************************************/ -- /* DES-ECB Single-Round Known Answer Encryption Test: */ -- /******************************************************/ -- -- des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_TRUE ); -- -- if( des_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- des_status = DES_Encrypt( des_context, des_computed_ciphertext, -- &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH, -- des_ecb_known_plaintext, -- FIPS_DES_DECRYPT_LENGTH ); -- -- DES_DestroyContext( des_context, PR_TRUE ); -- -- if( ( des_status != SECSuccess ) || -- ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( des_computed_ciphertext, des_ecb_known_ciphertext, -- FIPS_DES_ENCRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /******************************************************/ -- /* DES-ECB Single-Round Known Answer Decryption Test: */ -- /******************************************************/ -- -- des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_FALSE ); -- -- if( des_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- des_status = DES_Decrypt( des_context, des_computed_plaintext, -- &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH, -- des_ecb_known_ciphertext, -- FIPS_DES_ENCRYPT_LENGTH ); -- -- DES_DestroyContext( des_context, PR_TRUE ); -- -- if( ( des_status != SECSuccess ) || -- ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( des_computed_plaintext, des_ecb_known_plaintext, -- FIPS_DES_DECRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /******************************************************/ -- /* DES-CBC Single-Round Known Answer Encryption Test. */ -- /******************************************************/ -- -- des_context = DES_CreateContext( des_known_key, -- des_cbc_known_initialization_vector, -- NSS_DES_CBC, PR_TRUE ); -- -- if( des_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- des_status = DES_Encrypt( des_context, des_computed_ciphertext, -- &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH, -- des_cbc_known_plaintext, -- FIPS_DES_DECRYPT_LENGTH ); -- -- DES_DestroyContext( des_context, PR_TRUE ); -- -- if( ( des_status != SECSuccess ) || -- ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( des_computed_ciphertext, des_cbc_known_ciphertext, -- FIPS_DES_ENCRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /******************************************************/ -- /* DES-CBC Single-Round Known Answer Decryption Test. */ -- /******************************************************/ -- -- des_context = DES_CreateContext( des_known_key, -- des_cbc_known_initialization_vector, -- NSS_DES_CBC, PR_FALSE ); -- -- if( des_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- des_status = DES_Decrypt( des_context, des_computed_plaintext, -- &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH, -- des_cbc_known_ciphertext, -- FIPS_DES_ENCRYPT_LENGTH ); -- -- DES_DestroyContext( des_context, PR_TRUE ); -- -- if( ( des_status != SECSuccess ) || -- ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( des_computed_plaintext, des_cbc_known_plaintext, -- FIPS_DES_DECRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- -- --static CK_RV --sftk_fips_DES3_PowerUpSelfTest( void ) --{ -- /* DES3 Known Key (56-bits). */ -- static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" }; -- -- /* DES3-CBC Known Initialization Vector (64-bits). */ -- static const PRUint8 des3_cbc_known_initialization_vector[] = { "Security" }; -- -- /* DES3 Known Plaintext (64-bits). */ -- static const PRUint8 des3_ecb_known_plaintext[] = { "Netscape" }; -- static const PRUint8 des3_cbc_known_plaintext[] = { "Netscape" }; -- -- /* DES3 Known Ciphertext (64-bits). */ -- static const PRUint8 des3_ecb_known_ciphertext[] = { -- 0x55,0x8e,0xad,0x3c,0xee,0x49,0x69,0xbe}; -- static const PRUint8 des3_cbc_known_ciphertext[] = { -- 0x43,0xdc,0x6a,0xc1,0xaf,0xa6,0x32,0xf5}; -- -- /* DES3 variables. */ -- PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH]; -- PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH]; -- DESContext * des3_context; -- unsigned int des3_bytes_encrypted; -- unsigned int des3_bytes_decrypted; -- SECStatus des3_status; -- -- -- /*******************************************************/ -- /* DES3-ECB Single-Round Known Answer Encryption Test. */ -- /*******************************************************/ -- -- des3_context = DES_CreateContext( des3_known_key, NULL, -- NSS_DES_EDE3, PR_TRUE ); -- -- if( des3_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext, -- &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH, -- des3_ecb_known_plaintext, -- FIPS_DES3_DECRYPT_LENGTH ); -- -- DES_DestroyContext( des3_context, PR_TRUE ); -- -- if( ( des3_status != SECSuccess ) || -- ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( des3_computed_ciphertext, des3_ecb_known_ciphertext, -- FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /*******************************************************/ -- /* DES3-ECB Single-Round Known Answer Decryption Test. */ -- /*******************************************************/ -- -- des3_context = DES_CreateContext( des3_known_key, NULL, -- NSS_DES_EDE3, PR_FALSE ); -- -- if( des3_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- des3_status = DES_Decrypt( des3_context, des3_computed_plaintext, -- &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH, -- des3_ecb_known_ciphertext, -- FIPS_DES3_ENCRYPT_LENGTH ); -- -- DES_DestroyContext( des3_context, PR_TRUE ); -- -- if( ( des3_status != SECSuccess ) || -- ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( des3_computed_plaintext, des3_ecb_known_plaintext, -- FIPS_DES3_DECRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /*******************************************************/ -- /* DES3-CBC Single-Round Known Answer Encryption Test. */ -- /*******************************************************/ -- -- des3_context = DES_CreateContext( des3_known_key, -- des3_cbc_known_initialization_vector, -- NSS_DES_EDE3_CBC, PR_TRUE ); -- -- if( des3_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext, -- &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH, -- des3_cbc_known_plaintext, -- FIPS_DES3_DECRYPT_LENGTH ); -- -- DES_DestroyContext( des3_context, PR_TRUE ); -- -- if( ( des3_status != SECSuccess ) || -- ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( des3_computed_ciphertext, des3_cbc_known_ciphertext, -- FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /*******************************************************/ -- /* DES3-CBC Single-Round Known Answer Decryption Test. */ -- /*******************************************************/ -- -- des3_context = DES_CreateContext( des3_known_key, -- des3_cbc_known_initialization_vector, -- NSS_DES_EDE3_CBC, PR_FALSE ); -- -- if( des3_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- des3_status = DES_Decrypt( des3_context, des3_computed_plaintext, -- &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH, -- des3_cbc_known_ciphertext, -- FIPS_DES3_ENCRYPT_LENGTH ); -- -- DES_DestroyContext( des3_context, PR_TRUE ); -- -- if( ( des3_status != SECSuccess ) || -- ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( des3_computed_plaintext, des3_cbc_known_plaintext, -- FIPS_DES3_DECRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- -- --/* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/ --static CK_RV --sftk_fips_AES_PowerUpSelfTest( int aes_key_size ) --{ -- /* AES Known Key (up to 256-bits). */ -- static const PRUint8 aes_known_key[] = -- { "AES-128 RIJNDAELLEADNJIR 821-SEA" }; -- -- /* AES-CBC Known Initialization Vector (128-bits). */ -- static const PRUint8 aes_cbc_known_initialization_vector[] = -- { "SecurityytiruceS" }; -- -- /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */ -- static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" }; -- -- /* AES Known Ciphertext (128-bit key). */ -- static const PRUint8 aes_ecb128_known_ciphertext[] = { -- 0x3c,0xa5,0x96,0xf3,0x34,0x6a,0x96,0xc1, -- 0x03,0x88,0x16,0x7b,0x20,0xbf,0x35,0x47 }; -- -- static const PRUint8 aes_cbc128_known_ciphertext[] = { -- 0xcf,0x15,0x1d,0x4f,0x96,0xe4,0x4f,0x63, -- 0x15,0x54,0x14,0x1d,0x4e,0xd8,0xd5,0xea }; -- -- /* AES Known Ciphertext (192-bit key). */ -- static const PRUint8 aes_ecb192_known_ciphertext[] = { -- 0xa0,0x18,0x62,0xed,0x88,0x19,0xcb,0x62, -- 0x88,0x1d,0x4d,0xfe,0x84,0x02,0x89,0x0e }; -- -- static const PRUint8 aes_cbc192_known_ciphertext[] = { -- 0x83,0xf7,0xa4,0x76,0xd1,0x6f,0x07,0xbe, -- 0x07,0xbc,0x43,0x2f,0x6d,0xad,0x29,0xe1 }; -- -- /* AES Known Ciphertext (256-bit key). */ -- static const PRUint8 aes_ecb256_known_ciphertext[] = { -- 0xdb,0xa6,0x52,0x01,0x8a,0x70,0xae,0x66, -- 0x3a,0x99,0xd8,0x95,0x7f,0xfb,0x01,0x67 }; -- -- static const PRUint8 aes_cbc256_known_ciphertext[] = { -- 0x37,0xea,0x07,0x06,0x31,0x1c,0x59,0x27, -- 0xc5,0xc5,0x68,0x71,0x6e,0x34,0x40,0x16 }; -- -- const PRUint8 *aes_ecb_known_ciphertext = -- ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : -- ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext : -- aes_ecb256_known_ciphertext; -- -- const PRUint8 *aes_cbc_known_ciphertext = -- ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext : -- ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext : -- aes_cbc256_known_ciphertext; -- -- /* AES variables. */ -- PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH]; -- PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH]; -- AESContext * aes_context; -- unsigned int aes_bytes_encrypted; -- unsigned int aes_bytes_decrypted; -- SECStatus aes_status; -- -- /*check if aes_key_size is 128, 192, or 256 bits */ -- if ((aes_key_size != FIPS_AES_128_KEY_SIZE) && -- (aes_key_size != FIPS_AES_192_KEY_SIZE) && -- (aes_key_size != FIPS_AES_256_KEY_SIZE)) -- return( CKR_DEVICE_ERROR ); -- -- /******************************************************/ -- /* AES-ECB Single-Round Known Answer Encryption Test: */ -- /******************************************************/ -- -- aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_TRUE, -- aes_key_size, FIPS_AES_BLOCK_SIZE ); -- -- if( aes_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext, -- &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH, -- aes_known_plaintext, -- FIPS_AES_DECRYPT_LENGTH ); -- -- AES_DestroyContext( aes_context, PR_TRUE ); -- -- if( ( aes_status != SECSuccess ) || -- ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( aes_computed_ciphertext, aes_ecb_known_ciphertext, -- FIPS_AES_ENCRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /******************************************************/ -- /* AES-ECB Single-Round Known Answer Decryption Test: */ -- /******************************************************/ -- -- aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_FALSE, -- aes_key_size, FIPS_AES_BLOCK_SIZE ); -- -- if( aes_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- aes_status = AES_Decrypt( aes_context, aes_computed_plaintext, -- &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH, -- aes_ecb_known_ciphertext, -- FIPS_AES_ENCRYPT_LENGTH ); -- -- AES_DestroyContext( aes_context, PR_TRUE ); -- -- if( ( aes_status != SECSuccess ) || -- ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext, -- FIPS_AES_DECRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /******************************************************/ -- /* AES-CBC Single-Round Known Answer Encryption Test. */ -- /******************************************************/ -- -- aes_context = AES_CreateContext( aes_known_key, -- aes_cbc_known_initialization_vector, -- NSS_AES_CBC, PR_TRUE, aes_key_size, -- FIPS_AES_BLOCK_SIZE ); -- -- if( aes_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext, -- &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH, -- aes_known_plaintext, -- FIPS_AES_DECRYPT_LENGTH ); -- -- AES_DestroyContext( aes_context, PR_TRUE ); -- -- if( ( aes_status != SECSuccess ) || -- ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( aes_computed_ciphertext, aes_cbc_known_ciphertext, -- FIPS_AES_ENCRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- -- /******************************************************/ -- /* AES-CBC Single-Round Known Answer Decryption Test. */ -- /******************************************************/ -- -- aes_context = AES_CreateContext( aes_known_key, -- aes_cbc_known_initialization_vector, -- NSS_AES_CBC, PR_FALSE, aes_key_size, -- FIPS_AES_BLOCK_SIZE ); -- -- if( aes_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- aes_status = AES_Decrypt( aes_context, aes_computed_plaintext, -- &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH, -- aes_cbc_known_ciphertext, -- FIPS_AES_ENCRYPT_LENGTH ); -- -- AES_DestroyContext( aes_context, PR_TRUE ); -- -- if( ( aes_status != SECSuccess ) || -- ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext, -- FIPS_AES_DECRYPT_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- --/* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */ --static const PRUint8 known_hash_message[] = { -- "The test message for the MD2, MD5, and SHA-1 hashing algorithms." }; -- -- --static CK_RV --sftk_fips_MD2_PowerUpSelfTest( void ) --{ -- /* MD2 Known Digest Message (128-bits). */ -- static const PRUint8 md2_known_digest[] = { -- 0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17, -- 0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b}; -- -- /* MD2 variables. */ -- MD2Context * md2_context; -- unsigned int md2_bytes_hashed; -- PRUint8 md2_computed_digest[MD2_LENGTH]; -- -- -- /***********************************************/ -- /* MD2 Single-Round Known Answer Hashing Test. */ -- /***********************************************/ -- -- md2_context = MD2_NewContext(); -- -- if( md2_context == NULL ) -- return( CKR_HOST_MEMORY ); -- -- MD2_Begin( md2_context ); -- -- MD2_Update( md2_context, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH ); -- -- MD2_DestroyContext( md2_context , PR_TRUE ); -- -- if( ( md2_bytes_hashed != MD2_LENGTH ) || -- ( PORT_Memcmp( md2_computed_digest, md2_known_digest, -- MD2_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- -- --static CK_RV --sftk_fips_MD5_PowerUpSelfTest( void ) --{ -- /* MD5 Known Digest Message (128-bits). */ -- static const PRUint8 md5_known_digest[] = { -- 0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28, -- 0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d}; -- -- /* MD5 variables. */ -- PRUint8 md5_computed_digest[MD5_LENGTH]; -- SECStatus md5_status; -- -- -- /***********************************************/ -- /* MD5 Single-Round Known Answer Hashing Test. */ -- /***********************************************/ -- -- md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( md5_status != SECSuccess ) || -- ( PORT_Memcmp( md5_computed_digest, md5_known_digest, -- MD5_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- --/****************************************************/ --/* Single Round HMAC SHA-X test */ --/****************************************************/ --static SECStatus --sftk_fips_HMAC(unsigned char *hmac_computed, -- const PRUint8 *secret_key, -- unsigned int secret_key_length, -- const PRUint8 *message, -- unsigned int message_length, -- HASH_HashType hashAlg ) --{ -- SECStatus hmac_status = SECFailure; -- HMACContext *cx = NULL; -- SECHashObject *hashObj = NULL; -- unsigned int bytes_hashed = 0; -- -- hashObj = (SECHashObject *) HASH_GetRawHashObject(hashAlg); -- -- if (!hashObj) -- return( SECFailure ); -- -- cx = HMAC_Create(hashObj, secret_key, -- secret_key_length, -- PR_TRUE); /* PR_TRUE for in FIPS mode */ -- -- if (cx == NULL) -- return( SECFailure ); -- -- HMAC_Begin(cx); -- HMAC_Update(cx, message, message_length); -- hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed, -- hashObj->length); -- -- HMAC_Destroy(cx, PR_TRUE); -- -- return( hmac_status ); --} -- --static CK_RV --sftk_fips_HMAC_PowerUpSelfTest( void ) --{ -- static const PRUint8 HMAC_known_secret_key[] = { -- "Firefox and ThunderBird are awesome!"}; -- -- static const PRUint8 HMAC_known_secret_key_length -- = sizeof HMAC_known_secret_key; -- -- /* known SHA1 hmac (20 bytes) */ -- static const PRUint8 known_SHA1_hmac[] = { -- 0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05, -- 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e, -- 0x5d, 0x0e, 0x1e, 0x11}; -- -- /* known SHA224 hmac (28 bytes) */ -- static const PRUint8 known_SHA224_hmac[] = { -- 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb, -- 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8, -- 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64, -- 0x9a, 0xb8, 0x98, 0x4e}; -- -- /* known SHA256 hmac (32 bytes) */ -- static const PRUint8 known_SHA256_hmac[] = { -- 0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44, -- 0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0, -- 0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9, -- 0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48}; -- -- /* known SHA384 hmac (48 bytes) */ -- static const PRUint8 known_SHA384_hmac[] = { -- 0xcd, 0x56, 0x14, 0xec, 0x05, 0x53, 0x06, 0x2b, -- 0x7e, 0x9c, 0x8a, 0x18, 0x5e, 0xea, 0xf3, 0x91, -- 0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b, -- 0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d, -- 0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa, -- 0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87}; -- -- /* known SHA512 hmac (64 bytes) */ -- static const PRUint8 known_SHA512_hmac[] = { -- 0xf6, 0x0e, 0x97, 0x12, 0x00, 0x67, 0x6e, 0xb9, -- 0x0c, 0xb2, 0x63, 0xf0, 0x60, 0xac, 0x75, 0x62, -- 0x70, 0x95, 0x2a, 0x52, 0x22, 0xee, 0xdd, 0xd2, -- 0x71, 0xb1, 0xe8, 0x26, 0x33, 0xd3, 0x13, 0x27, -- 0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb, -- 0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1, -- 0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4, -- 0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37}; -- -- SECStatus hmac_status; -- PRUint8 hmac_computed[HASH_LENGTH_MAX]; -- -- /***************************************************/ -- /* HMAC SHA-1 Single-Round Known Answer HMAC Test. */ -- /***************************************************/ -- -- hmac_status = sftk_fips_HMAC(hmac_computed, -- HMAC_known_secret_key, -- HMAC_known_secret_key_length, -- known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH, -- HASH_AlgSHA1); -- -- if( ( hmac_status != SECSuccess ) || -- ( PORT_Memcmp( hmac_computed, known_SHA1_hmac, -- SHA1_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* HMAC SHA-224 Single-Round Known Answer Test. */ -- /***************************************************/ -- -- hmac_status = sftk_fips_HMAC(hmac_computed, -- HMAC_known_secret_key, -- HMAC_known_secret_key_length, -- known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH, -- HASH_AlgSHA224); -- -- if( ( hmac_status != SECSuccess ) || -- ( PORT_Memcmp( hmac_computed, known_SHA224_hmac, -- SHA224_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* HMAC SHA-256 Single-Round Known Answer Test. */ -- /***************************************************/ -- -- hmac_status = sftk_fips_HMAC(hmac_computed, -- HMAC_known_secret_key, -- HMAC_known_secret_key_length, -- known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH, -- HASH_AlgSHA256); -- -- if( ( hmac_status != SECSuccess ) || -- ( PORT_Memcmp( hmac_computed, known_SHA256_hmac, -- SHA256_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* HMAC SHA-384 Single-Round Known Answer Test. */ -- /***************************************************/ -- -- hmac_status = sftk_fips_HMAC(hmac_computed, -- HMAC_known_secret_key, -- HMAC_known_secret_key_length, -- known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH, -- HASH_AlgSHA384); -- -- if( ( hmac_status != SECSuccess ) || -- ( PORT_Memcmp( hmac_computed, known_SHA384_hmac, -- SHA384_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* HMAC SHA-512 Single-Round Known Answer Test. */ -- /***************************************************/ -- -- hmac_status = sftk_fips_HMAC(hmac_computed, -- HMAC_known_secret_key, -- HMAC_known_secret_key_length, -- known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH, -- HASH_AlgSHA512); -- -- if( ( hmac_status != SECSuccess ) || -- ( PORT_Memcmp( hmac_computed, known_SHA512_hmac, -- SHA512_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- --static CK_RV --sftk_fips_SHA_PowerUpSelfTest( void ) --{ -- /* SHA-1 Known Digest Message (160-bits). */ -- static const PRUint8 sha1_known_digest[] = { -- 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b, -- 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0, -- 0xe0,0x68,0x47,0x7a}; -- -- /* SHA-224 Known Digest Message (224-bits). */ -- static const PRUint8 sha224_known_digest[] = { -- 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f, -- 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f, -- 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f, -- 0x8e,0x08,0xe5,0xcb}; -- -- /* SHA-256 Known Digest Message (256-bits). */ -- static const PRUint8 sha256_known_digest[] = { -- 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61, -- 0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d, -- 0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9, -- 0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79}; -- -- /* SHA-384 Known Digest Message (384-bits). */ -- static const PRUint8 sha384_known_digest[] = { -- 0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3, -- 0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe, -- 0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8, -- 0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b, -- 0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3, -- 0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72}; -- -- /* SHA-512 Known Digest Message (512-bits). */ -- static const PRUint8 sha512_known_digest[] = { -- 0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf, -- 0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb, -- 0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99, -- 0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28, -- 0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12, -- 0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f, -- 0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a, -- 0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07}; -- -- /* SHA-X variables. */ -- PRUint8 sha_computed_digest[HASH_LENGTH_MAX]; -- SECStatus sha_status; -- -- /*************************************************/ -- /* SHA-1 Single-Round Known Answer Hashing Test. */ -- /*************************************************/ -- -- sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( sha_status != SECSuccess ) || -- ( PORT_Memcmp( sha_computed_digest, sha1_known_digest, -- SHA1_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* SHA-224 Single-Round Known Answer Hashing Test. */ -- /***************************************************/ -- -- sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( sha_status != SECSuccess ) || -- ( PORT_Memcmp( sha_computed_digest, sha224_known_digest, -- SHA224_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* SHA-256 Single-Round Known Answer Hashing Test. */ -- /***************************************************/ -- -- sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( sha_status != SECSuccess ) || -- ( PORT_Memcmp( sha_computed_digest, sha256_known_digest, -- SHA256_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* SHA-384 Single-Round Known Answer Hashing Test. */ -- /***************************************************/ -- -- sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( sha_status != SECSuccess ) || -- ( PORT_Memcmp( sha_computed_digest, sha384_known_digest, -- SHA384_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- /***************************************************/ -- /* SHA-512 Single-Round Known Answer Hashing Test. */ -- /***************************************************/ -- -- sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( sha_status != SECSuccess ) || -- ( PORT_Memcmp( sha_computed_digest, sha512_known_digest, -- SHA512_LENGTH ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- - /* --* Single round RSA Signature Known Answer Test -+* Test the softoken RSA_HashSign and RSH_HashCheckSign. - */ - static SECStatus - sftk_fips_RSA_PowerUpSigSelfTest (HASH_HashType shaAlg, -@@ -1155,7 +179,7 @@ loser: - - } - --static CK_RV -+static SECStatus - sftk_fips_RSA_PowerUpSelfTest( void ) - { - /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */ -@@ -1336,41 +360,6 @@ sftk_fips_RSA_PowerUpSelfTest( void ) - "blocks SHA256, SHA384 and " - "SHA512 RSA Signature KAT tests."}; - -- /* RSA Known Ciphertext (2048-bits). */ -- static const PRUint8 rsa_known_ciphertext[] = { -- 0x04, 0x12, 0x46, 0xe3, 0x6a, 0xee, 0xde, 0xdd, -- 0x49, 0xa1, 0xd9, 0x83, 0xf7, 0x35, 0xf9, 0x70, -- 0x88, 0x03, 0x2d, 0x01, 0x8b, 0xd1, 0xbf, 0xdb, -- 0xe5, 0x1c, 0x85, 0xbe, 0xb5, 0x0b, 0x48, 0x45, -- 0x7a, 0xf0, 0xa0, 0xe3, 0xa2, 0xbb, 0x4b, 0xf6, -- 0x27, 0xd0, 0x1b, 0x12, 0xe3, 0x77, 0x52, 0x34, -- 0x9e, 0x8e, 0x03, 0xd2, 0xf8, 0x79, 0x6e, 0x39, -- 0x79, 0x53, 0x3c, 0x44, 0x14, 0x94, 0xbb, 0x8d, -- 0xaa, 0x14, 0x44, 0xa0, 0x7b, 0xa5, 0x8c, 0x93, -- 0x5f, 0x99, 0xa4, 0xa3, 0x6e, 0x7a, 0x38, 0x40, -- 0x78, 0xfa, 0x36, 0x91, 0x5e, 0x9a, 0x9c, 0xba, -- 0x1e, 0xd4, 0xf9, 0xda, 0x4b, 0x0f, 0xa8, 0xa3, -- 0x1c, 0xf3, 0x3a, 0xd1, 0xa5, 0xb4, 0x51, 0x16, -- 0xed, 0x4b, 0xcf, 0xec, 0x93, 0x7b, 0x90, 0x21, -- 0xbc, 0x3a, 0xf4, 0x0b, 0xd1, 0x3a, 0x2b, 0xba, -- 0xa6, 0x7d, 0x5b, 0x53, 0xd8, 0x64, 0xf9, 0x29, -- 0x7b, 0x7f, 0x77, 0x3e, 0x51, 0x4c, 0x9a, 0x94, -- 0xd2, 0x4b, 0x4a, 0x8d, 0x61, 0x74, 0x97, 0xae, -- 0x53, 0x6a, 0xf4, 0x90, 0xc2, 0x2c, 0x49, 0xe2, -- 0xfa, 0xeb, 0x91, 0xc5, 0xe5, 0x83, 0x13, 0xc9, -- 0x44, 0x4b, 0x95, 0x2c, 0x57, 0x70, 0x15, 0x5c, -- 0x64, 0x8d, 0x1a, 0xfd, 0x2a, 0xc7, 0xb2, 0x9c, -- 0x5c, 0x99, 0xd3, 0x4a, 0xfd, 0xdd, 0xf6, 0x82, -- 0x87, 0x8c, 0x5a, 0xc4, 0xa8, 0x0d, 0x2a, 0xef, -- 0xc3, 0xa2, 0x7e, 0x8e, 0x67, 0x9f, 0x6f, 0x63, -- 0xdb, 0xbb, 0x1d, 0x31, 0xc4, 0xbb, 0xbc, 0x13, -- 0x3f, 0x54, 0xc6, 0xf6, 0xc5, 0x28, 0x32, 0xab, -- 0x96, 0x42, 0x10, 0x36, 0x40, 0x92, 0xbb, 0x57, -- 0x55, 0x38, 0xf5, 0x43, 0x7e, 0x43, 0xc4, 0x65, -- 0x47, 0x64, 0xaa, 0x0f, 0x4c, 0xe9, 0x49, 0x16, -- 0xec, 0x6a, 0x50, 0xfd, 0x14, 0x49, 0xca, 0xdb, -- 0x44, 0x54, 0xca, 0xbe, 0xa3, 0x0e, 0x5f, 0xef}; -- - /* RSA Known Signed Hash (2048-bits). */ - static const PRUint8 rsa_known_sha256_signature[] = { - 0x8c, 0x2d, 0x2e, 0xfb, 0x37, 0xb5, 0x6f, 0x38, -@@ -1514,8 +503,6 @@ sftk_fips_RSA_PowerUpSelfTest( void ) - - NSSLOWKEYPublicKey low_public_key = { NULL, NSSLOWKEYRSAKey, }; - NSSLOWKEYPrivateKey low_private_key = { NULL, NSSLOWKEYRSAKey, }; -- PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH]; -- PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH]; - - /****************************************/ - /* Compose RSA Public/Private Key Pair. */ -@@ -1533,7 +520,7 @@ sftk_fips_RSA_PowerUpSelfTest( void ) - - if( rsa_public_arena == NULL ) { - PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( CKR_HOST_MEMORY ); -+ return( SECFailure ); - } - - /* Create some space for the RSA private key. */ -@@ -1542,7 +529,7 @@ sftk_fips_RSA_PowerUpSelfTest( void ) - if( rsa_private_arena == NULL ) { - PORT_FreeArena( rsa_public_arena, PR_TRUE ); - PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( CKR_HOST_MEMORY ); -+ return( SECFailure ); - } - - rsa_public_key->arena = rsa_public_arena; -@@ -1550,33 +537,9 @@ sftk_fips_RSA_PowerUpSelfTest( void ) - #endif - - /**************************************************/ -- /* RSA Single-Round Known Answer Encryption Test. */ -- /**************************************************/ -- -- /* Perform RSA Public Key Encryption. */ -- rsa_status = RSA_PublicKeyOp(&rsa_public_key->u.rsa, -- rsa_computed_ciphertext, -- rsa_known_plaintext_msg); -- -- if( ( rsa_status != SECSuccess ) || -- ( PORT_Memcmp( rsa_computed_ciphertext, rsa_known_ciphertext, -- FIPS_RSA_ENCRYPT_LENGTH ) != 0 ) ) -- goto rsa_loser; -- -- /**************************************************/ -- /* RSA Single-Round Known Answer Decryption Test. */ -+ /* RSA Hash tests */ - /**************************************************/ - -- /* Perform RSA Private Key Decryption. */ -- rsa_status = RSA_PrivateKeyOp(&rsa_private_key->u.rsa, -- rsa_computed_plaintext, -- rsa_known_ciphertext); -- -- if( ( rsa_status != SECSuccess ) || -- ( PORT_Memcmp( rsa_computed_plaintext, rsa_known_plaintext_msg, -- FIPS_RSA_DECRYPT_LENGTH ) != 0 ) ) -- goto rsa_loser; -- - rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA256, - rsa_public_key, rsa_private_key, - rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, -@@ -1602,499 +565,88 @@ sftk_fips_RSA_PowerUpSelfTest( void ) - nsslowkey_DestroyPublicKey( rsa_public_key ); - nsslowkey_DestroyPrivateKey( rsa_private_key ); - -- return( CKR_OK ); -+ return( SECSuccess ); - - rsa_loser: - - nsslowkey_DestroyPublicKey( rsa_public_key ); - nsslowkey_DestroyPrivateKey( rsa_private_key ); - -- return( CKR_DEVICE_ERROR ); -+ PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -+ return( SECFailure ); - } - --#ifndef NSS_DISABLE_ECC - --static CK_RV --sftk_fips_ECDSA_Test(const PRUint8 *encodedParams, -- unsigned int encodedParamsLen, -- const PRUint8 *knownSignature, -- unsigned int knownSignatureLen) { -- -- /* ECDSA Known Seed info for curves nistp256 and nistk283 */ -- static const PRUint8 ecdsa_Known_Seed[] = { -- 0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11, -- 0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1, -- 0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc, -- 0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f}; -- -- static const PRUint8 msg[] = { -- "Firefox and ThunderBird are awesome!"}; -- -- unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */ -- unsigned char sig[2*MAX_ECKEY_LEN]; -- SECItem signature, digest; -- SECItem encodedparams; -- ECParams *ecparams = NULL; -- ECPrivateKey *ecdsa_private_key = NULL; -- ECPublicKey ecdsa_public_key; -- SECStatus ecdsaStatus = SECSuccess; -- -- /* construct the ECDSA private/public key pair */ -- encodedparams.type = siBuffer; -- encodedparams.data = (unsigned char *) encodedParams; -- encodedparams.len = encodedParamsLen; -- -- if (EC_DecodeParams(&encodedparams, &ecparams) != SECSuccess) { -- return( CKR_DEVICE_ERROR ); -- } -+static PRBool sftk_self_tests_ran = PR_FALSE; -+static PRBool sftk_self_tests_success = PR_FALSE; - -- /* Generates a new EC key pair. The private key is a supplied -- * random value (in seed) and the public key is the result of -- * performing a scalar point multiplication of that value with -- * the curve's base point. -- */ -- ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key, -- ecdsa_Known_Seed, -- sizeof(ecdsa_Known_Seed)); -- /* free the ecparams they are no longer needed */ -- PORT_FreeArena(ecparams->arena, PR_FALSE); -- ecparams = NULL; -- if (ecdsaStatus != SECSuccess) { -- return ( CKR_DEVICE_ERROR ); -- } -- -- /* construct public key from private key. */ -- ecdsaStatus = EC_CopyParams(ecdsa_private_key->ecParams.arena, -- &ecdsa_public_key.ecParams, -- &ecdsa_private_key->ecParams); -- if (ecdsaStatus != SECSuccess) { -- goto loser; -- } -- ecdsa_public_key.publicValue = ecdsa_private_key->publicValue; -- -- /* validate public key value */ -- ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams, -- &ecdsa_public_key.publicValue); -- if (ecdsaStatus != SECSuccess) { -- goto loser; -- } -- -- /* validate public key value */ -- ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams, -- &ecdsa_private_key->publicValue); -- if (ecdsaStatus != SECSuccess) { -- goto loser; -- } -- -- /***************************************************/ -- /* ECDSA Single-Round Known Answer Signature Test. */ -- /***************************************************/ -- -- ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg); -- if (ecdsaStatus != SECSuccess) { -- goto loser; -- } -- digest.type = siBuffer; -- digest.data = sha1; -- digest.len = SHA1_LENGTH; -- -- memset(sig, 0, sizeof sig); -- signature.type = siBuffer; -- signature.data = sig; -- signature.len = sizeof sig; -- -- ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature, -- &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed); -- if (ecdsaStatus != SECSuccess) { -- goto loser; -- } -- -- if( ( signature.len != knownSignatureLen ) || -- ( PORT_Memcmp( signature.data, knownSignature, -- knownSignatureLen ) != 0 ) ) { -- ecdsaStatus = SECFailure; -- goto loser; -+/* -+ * This function is called at dll load time, the code tha makes this -+ * happen is platform specific on defined above. -+ */ -+static void -+sftk_startup_tests(void) -+{ -+ SECStatus rv; -+ const char *libraryName = SOFTOKEN_LIB_NAME; -+ -+ PORT_Assert(!sftk_self_tests_ran); -+ PORT_Assert(!sftk_self_tests_success); -+ sftk_self_tests_ran = PR_TRUE; -+ sftk_self_tests_success = PR_FALSE; /* just in case */ -+ -+ /* need to initiallize the oid library before the RSA tests */ -+ rv = SECOID_Init(); -+ if (rv != SECSuccess) { -+ return; -+ } -+ /* make sure freebl is initialized, or our RSA check -+ * may fail. This is normally done at freebl load time, but it's -+ * possible we may have shut freebl down without unloading it. */ -+ rv = BL_Init(); -+ if (rv != SECSuccess) { -+ return; -+ } -+ -+ rv = RNG_RNGInit(); -+ if (rv != SECSuccess) { -+ return; - } -- -- /******************************************************/ -- /* ECDSA Single-Round Known Answer Verification Test. */ -- /******************************************************/ -- -- /* Perform ECDSA verification process. */ -- ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest); -- --loser: -- /* free the memory for the private key arena*/ -- if (ecdsa_private_key != NULL) { -- PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE); -+ /* check the RSA combined functions in softoken */ -+ rv = sftk_fips_RSA_PowerUpSelfTest(); -+ if (rv !=SECSuccess) { -+ return; - } -- -- if (ecdsaStatus != SECSuccess) { -- return CKR_DEVICE_ERROR ; -+ if (!BLAPI_SHVerify(libraryName, -+ (PRFuncPtr) &sftk_fips_RSA_PowerUpSelfTest)) { -+ /* something is wrong with the library, fail without enabling -+ * the token */ -+ return; - } -- return( CKR_OK ); -+ sftk_self_tests_success = PR_TRUE; - } - --static CK_RV --sftk_fips_ECDSA_PowerUpSelfTest() { -- -- /* ECDSA Known curve nistp256 == SEC_OID_SECG_EC_SECP256R1 params */ -- static const PRUint8 ecdsa_known_P256_EncodedParams[] = { -- 0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03, -- 0x01,0x07}; -- -- static const PRUint8 ecdsa_known_P256_signature[] = { -- 0x07,0xb1,0xcb,0x57,0x20,0xa7,0x10,0xd6, -- 0x9d,0x37,0x4b,0x1c,0xdc,0x35,0x90,0xff, -- 0x1a,0x2d,0x98,0x95,0x1b,0x2f,0xeb,0x7f, -- 0xbb,0x81,0xca,0xc0,0x69,0x75,0xea,0xc5, -- 0x59,0x6a,0x62,0x49,0x3d,0x50,0xc9,0xe1, -- 0x27,0x3b,0xff,0x9b,0x13,0x66,0x67,0xdd, -- 0x7d,0xd1,0x0d,0x2d,0x7c,0x44,0x04,0x1b, -- 0x16,0x21,0x12,0xc5,0xcb,0xbd,0x9e,0x75}; -- --#ifdef NSS_ECC_MORE_THAN_SUITE_B -- /* ECDSA Known curve nistk283 == SEC_OID_SECG_EC_SECT283K1 params */ -- static const PRUint8 ecdsa_known_K283_EncodedParams[] = { -- 0x06,0x05,0x2b,0x81,0x04,0x00,0x10}; -- -- static const PRUint8 ecdsa_known_K283_signature[] = { -- 0x00,0x45,0x88,0xc0,0x79,0x09,0x07,0xd1, -- 0x4e,0x88,0xe6,0xd5,0x2f,0x22,0x04,0x74, -- 0x35,0x24,0x65,0xe8,0x15,0xde,0x90,0x66, -- 0x94,0x70,0xdd,0x3a,0x14,0x70,0x02,0xd1, -- 0xef,0x86,0xbd,0x15,0x00,0xd9,0xdc,0xfc, -- 0x87,0x2e,0x7c,0x99,0xe2,0xe3,0x79,0xb8, -- 0xd9,0x10,0x49,0x78,0x4b,0x59,0x8b,0x05, -- 0x77,0xec,0x6c,0xe8,0x35,0xe6,0x2e,0xa9, -- 0xf9,0x77,0x1f,0x71,0x86,0xa5,0x4a,0xd0}; --#endif -- -- CK_RV crv; -- -- /* ECDSA GF(p) prime field curve test */ -- crv = sftk_fips_ECDSA_Test(ecdsa_known_P256_EncodedParams, -- sizeof ecdsa_known_P256_EncodedParams, -- ecdsa_known_P256_signature, -- sizeof ecdsa_known_P256_signature ); -- if (crv != CKR_OK) { -- return( CKR_DEVICE_ERROR ); -- } - --#ifdef NSS_ECC_MORE_THAN_SUITE_B -- /* ECDSA GF(2m) binary field curve test */ -- crv = sftk_fips_ECDSA_Test(ecdsa_known_K283_EncodedParams, -- sizeof ecdsa_known_K283_EncodedParams, -- ecdsa_known_K283_signature, -- sizeof ecdsa_known_K283_signature ); -- if (crv != CKR_OK) { -- return( CKR_DEVICE_ERROR ); -+/* -+ * this is called from nsc_Common_Initizialize entry points that gates access -+ * to * all other pkcs11 functions. This prevents softoken operation if our -+ * power on selftest failed. -+ */ -+CK_RV -+sftk_FIPSEntryOK() { -+#ifdef NO_INIT_SUPPORT -+ /* this should only be set on platforms that can't handle one of the INIT -+ * schemes. This code allows those platforms to continue to function, -+ * though they don't meet the strict NIST requirements. If NO_INIT_SUPPORT -+ * is noe set, and init support has not been properly enabled, softken -+ * will always fail because of the test below -+ */ -+ if (!sftk_self_tests_ran) { -+ sftk_startup_tests(); - } - #endif -- -- return( CKR_OK ); --} -- --#endif /* NSS_DISABLE_ECC */ -- --static CK_RV --sftk_fips_DSA_PowerUpSelfTest( void ) --{ -- /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */ -- static const PRUint8 dsa_P[] = { -- 0x80,0xb0,0xd1,0x9d,0x6e,0xa4,0xf3,0x28, -- 0x9f,0x24,0xa9,0x8a,0x49,0xd0,0x0c,0x63, -- 0xe8,0x59,0x04,0xf9,0x89,0x4a,0x5e,0xc0, -- 0x6d,0xd2,0x67,0x6b,0x37,0x81,0x83,0x0c, -- 0xfe,0x3a,0x8a,0xfd,0xa0,0x3b,0x08,0x91, -- 0x1c,0xcb,0xb5,0x63,0xb0,0x1c,0x70,0xd0, -- 0xae,0xe1,0x60,0x2e,0x12,0xeb,0x54,0xc7, -- 0xcf,0xc6,0xcc,0xae,0x97,0x52,0x32,0x63, -- 0xd3,0xeb,0x55,0xea,0x2f,0x4c,0xd5,0xd7, -- 0x3f,0xda,0xec,0x49,0x27,0x0b,0x14,0x56, -- 0xc5,0x09,0xbe,0x4d,0x09,0x15,0x75,0x2b, -- 0xa3,0x42,0x0d,0x03,0x71,0xdf,0x0f,0xf4, -- 0x0e,0xe9,0x0c,0x46,0x93,0x3d,0x3f,0xa6, -- 0x6c,0xdb,0xca,0xe5,0xac,0x96,0xc8,0x64, -- 0x5c,0xec,0x4b,0x35,0x65,0xfc,0xfb,0x5a, -- 0x1b,0x04,0x1b,0xa1,0x0e,0xfd,0x88,0x15}; -- -- static const PRUint8 dsa_Q[] = { -- 0xad,0x22,0x59,0xdf,0xe5,0xec,0x4c,0x6e, -- 0xf9,0x43,0xf0,0x4b,0x2d,0x50,0x51,0xc6, -- 0x91,0x99,0x8b,0xcf}; -- -- static const PRUint8 dsa_G[] = { -- 0x78,0x6e,0xa9,0xd8,0xcd,0x4a,0x85,0xa4, -- 0x45,0xb6,0x6e,0x5d,0x21,0x50,0x61,0xf6, -- 0x5f,0xdf,0x5c,0x7a,0xde,0x0d,0x19,0xd3, -- 0xc1,0x3b,0x14,0xcc,0x8e,0xed,0xdb,0x17, -- 0xb6,0xca,0xba,0x86,0xa9,0xea,0x51,0x2d, -- 0xc1,0xa9,0x16,0xda,0xf8,0x7b,0x59,0x8a, -- 0xdf,0xcb,0xa4,0x67,0x00,0x44,0xea,0x24, -- 0x73,0xe5,0xcb,0x4b,0xaf,0x2a,0x31,0x25, -- 0x22,0x28,0x3f,0x16,0x10,0x82,0xf7,0xeb, -- 0x94,0x0d,0xdd,0x09,0x22,0x14,0x08,0x79, -- 0xba,0x11,0x0b,0xf1,0xff,0x2d,0x67,0xac, -- 0xeb,0xb6,0x55,0x51,0x69,0x97,0xa7,0x25, -- 0x6b,0x9c,0xa0,0x9b,0xd5,0x08,0x9b,0x27, -- 0x42,0x1c,0x7a,0x69,0x57,0xe6,0x2e,0xed, -- 0xa9,0x5b,0x25,0xe8,0x1f,0xd2,0xed,0x1f, -- 0xdf,0xe7,0x80,0x17,0xba,0x0d,0x4d,0x38}; -- -- /* DSA Known Random Values (known random key block is 160-bits) */ -- /* and (known random signature block is 160-bits). */ -- static const PRUint8 dsa_known_random_key_block[] = { -- "Mozilla Rules World!"}; -- static const PRUint8 dsa_known_random_signature_block[] = { -- "Random DSA Signature"}; -- -- /* DSA Known Digest (160-bits) */ -- static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" }; -- -- /* DSA Known Signature (320-bits). */ -- static const PRUint8 dsa_known_signature[] = { -- 0x25,0x7c,0x3a,0x79,0x32,0x45,0xb7,0x32, -- 0x70,0xca,0x62,0x63,0x2b,0xf6,0x29,0x2c, -- 0x22,0x2a,0x03,0xce,0x48,0x15,0x11,0x72, -- 0x7b,0x7e,0xf5,0x7a,0xf3,0x10,0x3b,0xde, -- 0x34,0xc1,0x9e,0xd7,0x27,0x9e,0x77,0x38}; -- -- /* DSA variables. */ -- DSAPrivateKey * dsa_private_key; -- SECStatus dsa_status; -- SECItem dsa_signature_item; -- SECItem dsa_digest_item; -- DSAPublicKey dsa_public_key; -- PRUint8 dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH]; -- static const PQGParams dsa_pqg = { NULL, -- { FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PRIME_LENGTH }, -- { FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SUBPRIME_LENGTH }, -- { FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BASE_LENGTH }}; -- -- /*******************************************/ -- /* Generate a DSA public/private key pair. */ -- /*******************************************/ -- -- /* Generate a DSA public/private key pair. */ -- dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block, -- &dsa_private_key); -- -- if( dsa_status != SECSuccess ) -- return( CKR_HOST_MEMORY ); -- -- /* construct public key from private key. */ -- dsa_public_key.params = dsa_private_key->params; -- dsa_public_key.publicValue = dsa_private_key->publicValue; -- -- /*************************************************/ -- /* DSA Single-Round Known Answer Signature Test. */ -- /*************************************************/ -- -- dsa_signature_item.data = dsa_computed_signature; -- dsa_signature_item.len = sizeof dsa_computed_signature; -- -- dsa_digest_item.data = (unsigned char *)dsa_known_digest; -- dsa_digest_item.len = SHA1_LENGTH; -- -- /* Perform DSA signature process. */ -- dsa_status = DSA_SignDigestWithSeed( dsa_private_key, -- &dsa_signature_item, -- &dsa_digest_item, -- dsa_known_random_signature_block ); -- -- if( ( dsa_status != SECSuccess ) || -- ( dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH ) || -- ( PORT_Memcmp( dsa_computed_signature, dsa_known_signature, -- FIPS_DSA_SIGNATURE_LENGTH ) != 0 ) ) { -- dsa_status = SECFailure; -- } else { -- -- /****************************************************/ -- /* DSA Single-Round Known Answer Verification Test. */ -- /****************************************************/ -- -- /* Perform DSA verification process. */ -- dsa_status = DSA_VerifyDigest( &dsa_public_key, -- &dsa_signature_item, -- &dsa_digest_item); -+ if (!sftk_self_tests_success) { -+ return CKR_DEVICE_ERROR; - } -- -- PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE); -- /* Don't free public key, it uses same arena as private key */ -- -- /* Verify DSA signature. */ -- if( dsa_status != SECSuccess ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); -- -- --} -- --static CK_RV --sftk_fips_RNG_PowerUpSelfTest( void ) --{ -- static const PRUint8 Q[] = { -- 0x85,0x89,0x9c,0x77,0xa3,0x79,0xff,0x1a, -- 0x86,0x6f,0x2f,0x3e,0x2e,0xf9,0x8c,0x9c, -- 0x9d,0xef,0xeb,0xed}; -- static const PRUint8 GENX[] = { -- 0x65,0x48,0xe3,0xca,0xac,0x64,0x2d,0xf7, -- 0x7b,0xd3,0x4e,0x79,0xc9,0x7d,0xa6,0xa8, -- 0xa2,0xc2,0x1f,0x8f,0xe9,0xb9,0xd3,0xa1, -- 0x3f,0xf7,0x0c,0xcd,0xa6,0xca,0xbf,0xce, -- 0x84,0x0e,0xb6,0xf1,0x0d,0xbe,0xa9,0xa3}; -- static const PRUint8 rng_known_DSAX[] = { -- 0x7a,0x86,0xf1,0x7f,0xbd,0x4e,0x6e,0xd9, -- 0x0a,0x26,0x21,0xd0,0x19,0xcb,0x86,0x73, -- 0x10,0x1f,0x60,0xd7}; -- -- -- -- SECStatus rng_status = SECSuccess; -- PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH]; -- -- /*******************************************/ -- /* Run the SP 800-90 Health tests */ -- /*******************************************/ -- rng_status = PRNGTEST_RunHealthTests(); -- if (rng_status != SECSuccess) { -- return (CKR_DEVICE_ERROR); -- } -- -- /*******************************************/ -- /* Generate DSAX fow given Q. */ -- /*******************************************/ -- -- rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX); -- -- /* Verify DSAX to perform the RNG integrity check */ -- if( ( rng_status != SECSuccess ) || -- ( PORT_Memcmp( DSAX, rng_known_DSAX, -- (FIPS_DSA_SUBPRIME_LENGTH) ) != 0 ) ) -- return( CKR_DEVICE_ERROR ); -- -- return( CKR_OK ); --} -- --static CK_RV --sftk_fipsSoftwareIntegrityTest(void) --{ -- CK_RV crv = CKR_OK; -- -- /* make sure that our check file signatures are OK */ -- if( !BLAPI_VerifySelf( NULL ) || -- !BLAPI_SHVerify( SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_fips_HMAC ) ) { -- crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */ -- } -- return crv; --} -- --CK_RV --sftk_fipsPowerUpSelfTest( void ) --{ -- CK_RV rv; -- -- /* RC2 Power-Up SelfTest(s). */ -- rv = sftk_fips_RC2_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* RC4 Power-Up SelfTest(s). */ -- rv = sftk_fips_RC4_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* DES Power-Up SelfTest(s). */ -- rv = sftk_fips_DES_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* DES3 Power-Up SelfTest(s). */ -- rv = sftk_fips_DES3_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* AES Power-Up SelfTest(s) for 128-bit key. */ -- rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* AES Power-Up SelfTest(s) for 192-bit key. */ -- rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* AES Power-Up SelfTest(s) for 256-bit key. */ -- rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* MD2 Power-Up SelfTest(s). */ -- rv = sftk_fips_MD2_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* MD5 Power-Up SelfTest(s). */ -- rv = sftk_fips_MD5_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* SHA-X Power-Up SelfTest(s). */ -- rv = sftk_fips_SHA_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* HMAC SHA-X Power-Up SelfTest(s). */ -- rv = sftk_fips_HMAC_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* RSA Power-Up SelfTest(s). */ -- rv = sftk_fips_RSA_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* DSA Power-Up SelfTest(s). */ -- rv = sftk_fips_DSA_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* RNG Power-Up SelfTest(s). */ -- rv = sftk_fips_RNG_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; -- --#ifndef NSS_DISABLE_ECC -- /* ECDSA Power-Up SelfTest(s). */ -- rv = sftk_fips_ECDSA_PowerUpSelfTest(); -- -- if( rv != CKR_OK ) -- return rv; --#endif -- -- /* Software/Firmware Integrity Test. */ -- rv = sftk_fipsSoftwareIntegrityTest(); -- -- if( rv != CKR_OK ) -- return rv; -- -- /* Passed Power-Up SelfTest(s). */ -- return( CKR_OK ); --} -- -+ return CKR_OK; -+ } -diff -up ./nss/lib/softoken/fipstokn.c.fips-post ./nss/lib/softoken/fipstokn.c ---- ./nss/lib/softoken/fipstokn.c.fips-post 2014-09-22 10:04:04.411776839 -0700 -+++ ./nss/lib/softoken/fipstokn.c 2014-09-22 10:56:54.614934107 -0700 -@@ -426,21 +426,44 @@ CK_RV FC_GetFunctionList(CK_FUNCTION_LIS - /* sigh global so pkcs11 can read it */ - PRBool nsf_init = PR_FALSE; - -+void fc_log_init_error(CK_RV crv) { -+ if (sftk_audit_enabled) { -+ char msg[128]; -+ PR_snprintf(msg,sizeof msg, -+ "C_Initialize()=0x%08lX " -+ "power-up self-tests failed", -+ (PRUint32)crv); -+ sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg); -+ } -+} -+ -+ - /* FC_Initialize initializes the PKCS #11 library. */ - CK_RV FC_Initialize(CK_VOID_PTR pReserved) { - const char *envp; - CK_RV crv; - -+ if ((envp = PR_GetEnv("NSS_ENABLE_AUDIT")) != NULL) { -+ sftk_audit_enabled = (atoi(envp) == 1); -+ } -+ -+ /* At this point we should have already done post and integrity checks. -+ * if we haven't, it probably means the FIPS product has not been installed -+ * or the tests failed. Don't let an application try to enter FIPS mode */ -+ crv = sftk_FIPSEntryOK(); -+ if (crv != CKR_OK) { -+ sftk_fatalError = PR_TRUE; -+ fc_log_init_error(crv); -+ return crv; -+ } -+ -+ - sftk_ForkReset(pReserved, &crv); - - if (nsf_init) { - return CKR_CRYPTOKI_ALREADY_INITIALIZED; - } - -- if ((envp = PR_GetEnv("NSS_ENABLE_AUDIT")) != NULL) { -- sftk_audit_enabled = (atoi(envp) == 1); -- } -- - crv = nsc_CommonInitialize(pReserved, PR_TRUE); - - /* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/ -@@ -450,21 +473,6 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserve - } - - sftk_fatalError = PR_FALSE; /* any error has been reset */ -- -- crv = sftk_fipsPowerUpSelfTest(); -- if (crv != CKR_OK) { -- nsc_CommonFinalize(NULL, PR_TRUE); -- sftk_fatalError = PR_TRUE; -- if (sftk_audit_enabled) { -- char msg[128]; -- PR_snprintf(msg,sizeof msg, -- "C_Initialize()=0x%08lX " -- "power-up self-tests failed", -- (PRUint32)crv); -- sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg); -- } -- return crv; -- } - nsf_init = PR_TRUE; - isLevel2 = PR_TRUE; /* assume level 2 unless we learn otherwise */ - -diff -up ./nss/lib/softoken/legacydb/lgdb.h.fips-post ./nss/lib/softoken/legacydb/lgdb.h ---- ./nss/lib/softoken/legacydb/lgdb.h.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/legacydb/lgdb.h 2014-09-22 10:04:04.411776839 -0700 -@@ -67,6 +67,9 @@ NSSLOWKEYDBHandle *lg_getKeyDB(SDB *sdb) - - const char *lg_EvaluateConfigDir(const char *configdir, char **domain); - -+/* verify the FIPS selftests ran and were successful */ -+PRBool lg_FIPSEntryOK(void); -+ - - /* - * object handle modifiers -diff -up ./nss/lib/softoken/legacydb/lgfips.c.fips-post ./nss/lib/softoken/legacydb/lgfips.c ---- ./nss/lib/softoken/legacydb/lgfips.c.fips-post 2014-09-22 10:04:04.412776856 -0700 -+++ ./nss/lib/softoken/legacydb/lgfips.c 2014-09-22 10:04:04.412776856 -0700 -@@ -0,0 +1,120 @@ -+/* -+ * PKCS #11 FIPS Power-Up Self Test. -+ * -+ * This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+/* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */ -+ -+#include "seccomon.h" -+#include "lgdb.h" -+#include "blapi.h" -+ -+/* -+ * different platforms have different ways of calling and initial entry point -+ * when the dll/.so is loaded. Most platforms support either a posix pragma -+ * or the GCC attribute. Some platforms suppor a pre-defined name, and some -+ * platforms have a link line way of invoking this function. -+ */ -+ -+/* The pragma */ -+#if defined(USE_INIT_PRAGMA) -+#pragma init(lg_startup_tests) -+#endif -+ -+ -+/* GCC Attribute */ -+#ifdef __GNUC__ -+#define INIT_FUNCTION __attribute__((constructor)) -+#else -+#define INIT_FUNCTION -+#endif -+ -+static void INIT_FUNCTION lg_startup_tests(void); -+ -+/* Windows pre-defined entry */ -+#ifdef XP_WIN -+#include -+#include -+ -+BOOL WINAPI DllMain( -+ HINSTANCE hinstDLL, // handle to DLL module -+ DWORD fdwReason, // reason for calling function -+ LPVOID lpReserved ) // reserved -+{ -+ // Perform actions based on the reason for calling. -+ switch( fdwReason ) -+ { -+ case DLL_PROCESS_ATTACH: -+ // Initialize once for each new process. -+ // Return FALSE to fail DLL load. -+ lg_startup_tests(); -+ break; -+ -+ case DLL_THREAD_ATTACH: -+ // Do thread-specific initialization. -+ break; -+ -+ case DLL_THREAD_DETACH: -+ // Do thread-specific cleanup. -+ break; -+ -+ case DLL_PROCESS_DETACH: -+ // Perform any necessary cleanup. -+ break; -+ } -+ return TRUE; // Successful DLL_PROCESS_ATTACH. -+} -+#endif -+ -+static PRBool lg_self_tests_ran = PR_FALSE; -+static PRBool lg_self_tests_success = PR_FALSE; -+ -+static void -+lg_local_function(void) {} -+ -+/* -+ * This function is called at dll load time, the code tha makes this -+ * happen is platform specific on defined above. -+ */ -+static void -+lg_startup_tests(void) -+{ -+ PRBool fipsInstalled; -+ SECStatus rv; -+ const char *libraryName = LG_LIB_NAME; -+ -+ PORT_Assert(!sftk_self_tests_ran); -+ PORT_Assert(!sftk_self_tests_success); -+ PORT_Assert(!sftk_fips_mode_available); -+ lg_self_tests_ran = PR_TRUE; -+ lg_self_tests_success = PR_FALSE; /* just in case */ -+ -+ /* no self tests required for the legacy db, only the integrity check */ -+ /* check the integrity of our shared library */ -+ if (!BLAPI_SHVerify(libraryName, (PRFuncPtr) &lg_local_function)) { -+ /* something is wrong with the library, fail without enabling -+ * the fips token */ -+ return; -+ } -+ /* FIPS product has been installed and is functioning, allow -+ * the module to operate in fips mode */ -+ lg_self_tests_success = PR_TRUE; -+} -+ -+PRBool -+lg_FIPSEntryOK() { -+#ifdef NO_INIT_SUPPORT -+ /* this should only be set on platforms that can't handle one of the INIT -+ * schemes. This code allows those platforms to continue to function, -+ * though they don't meet the strict NIST requirements. If NO_INIT_SUPPORT -+ * is not set, and init support has not been properly enabled, softken -+ * will always fail because of the test below */ -+ */ -+ if (!lg_self_tests_ran) { -+ lg_startup_tests(); -+ } -+#endif -+ return lg_self_tests_success; -+} -+ -diff -up ./nss/lib/softoken/legacydb/lginit.c.fips-post ./nss/lib/softoken/legacydb/lginit.c ---- ./nss/lib/softoken/legacydb/lginit.c.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/legacydb/lginit.c 2014-09-22 10:04:04.412776856 -0700 -@@ -505,6 +505,7 @@ lg_init(SDB **pSdb, int flags, NSSLOWCER - LGPrivate *lgdb_p = NULL; - CK_RV error = CKR_HOST_MEMORY; - -+ - *pSdb = NULL; - sdb = (SDB *) PORT_Alloc(sizeof(SDB)); - if (sdb == NULL) { -@@ -529,7 +530,6 @@ lg_init(SDB **pSdb, int flags, NSSLOWCER - - sdb->private = lgdb_p; - sdb->version = 0; -- /*sdb->sdb_type = SDB_LEGACY; */ - sdb->sdb_flags = flags; - sdb->app_private = NULL; - sdb->sdb_FindObjectsInit = lg_FindObjectsInit; -@@ -592,11 +592,17 @@ legacy_Open(const char *configdir, const - { - CK_RV crv = CKR_OK; - SECStatus rv; -- PRBool readOnly = (flags == SDB_RDONLY)? PR_TRUE: PR_FALSE; -+ PRBool readOnly = ((flags & 0x7) == SDB_RDONLY)? PR_TRUE: PR_FALSE; - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_dbm_rcsid[0] + __nss_dbm_sccsid[0]; - -+ if (flags & SDB_FIPS) { -+ if (!lg_FIPSEntryOK()) { -+ return CKR_DEVICE_ERROR; -+ } -+ } -+ - rv = SECOID_Init(); - if (SECSuccess != rv) { - return CKR_DEVICE_ERROR; -diff -up ./nss/lib/softoken/legacydb/manifest.mn.fips-post ./nss/lib/softoken/legacydb/manifest.mn ---- ./nss/lib/softoken/legacydb/manifest.mn.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/legacydb/manifest.mn 2014-09-22 10:04:04.412776856 -0700 -@@ -12,7 +12,7 @@ LIBRARY_NAME = nssdbm - LIBRARY_VERSION = 3 - MAPFILE = $(OBJDIR)/nssdbm.def - --DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DLG_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" - - CSRCS = \ - dbmshim.c \ -@@ -21,6 +21,7 @@ CSRCS = \ - lgcreate.c \ - lgdestroy.c \ - lgfind.c \ -+ lgfips.c \ - lginit.c \ - lgutil.c \ - lowcert.c \ -diff -up ./nss/lib/softoken/lgglue.c.fips-post ./nss/lib/softoken/lgglue.c ---- ./nss/lib/softoken/lgglue.c.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/lgglue.c 2014-09-22 10:04:04.412776856 -0700 -@@ -246,29 +246,14 @@ static const char *LEGACY_LIB_NAME = - * 2 bools to tell us if we've check the legacy library successfully or - * not. Initialize on startup to false by the C BSS segment; - */ --static PRBool legacy_glue_libCheckFailed; /* set if we failed the check */ --static PRBool legacy_glue_libCheckSucceeded; /* set if we passed the check */ - static PRLibrary *legacy_glue_lib = NULL; - static SECStatus --sftkdbLoad_Legacy(PRBool isFIPS) -+sftkdbLoad_Legacy() - { - PRLibrary *lib = NULL; - LGSetCryptFunc setCryptFunction = NULL; - - if (legacy_glue_lib) { -- /* this check is necessary because it's possible we loaded the -- * legacydb to read secmod.db, which told us whether we were in -- * FIPS mode or not. */ -- if (isFIPS && !legacy_glue_libCheckSucceeded) { -- if (legacy_glue_libCheckFailed || -- !BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) { -- legacy_glue_libCheckFailed = PR_TRUE; -- /* don't clobber legacy glue to avoid race. just let it -- * get cleared in shutdown */ -- return SECFailure; -- } -- legacy_glue_libCheckSucceeded = PR_TRUE; -- } - return SECSuccess; - } - -@@ -298,15 +283,6 @@ sftkdbLoad_Legacy(PRBool isFIPS) - return SECFailure; - } - -- /* verify the loaded library if we are in FIPS mode */ -- if (isFIPS) { -- if (!BLAPI_SHVerify(LEGACY_LIB_NAME,(PRFuncPtr)legacy_glue_open)) { -- PR_UnloadLibrary(lib); -- return SECFailure; -- } -- legacy_glue_libCheckSucceeded = PR_TRUE; -- } -- - setCryptFunction(sftkdb_encrypt_stub,sftkdb_decrypt_stub); - legacy_glue_lib = lib; - return SECSuccess; -@@ -314,12 +290,12 @@ sftkdbLoad_Legacy(PRBool isFIPS) - - CK_RV - sftkdbCall_open(const char *dir, const char *certPrefix, const char *keyPrefix, -- int certVersion, int keyVersion, int flags, PRBool isFIPS, -+ int certVersion, int keyVersion, int flags, - SDB **certDB, SDB **keyDB) - { - SECStatus rv; - -- rv = sftkdbLoad_Legacy(isFIPS); -+ rv = sftkdbLoad_Legacy(); - if (rv != SECSuccess) { - return CKR_GENERAL_ERROR; - } -@@ -428,8 +404,6 @@ sftkdbCall_Shutdown(void) - legacy_glue_releaseSecmod = NULL; - legacy_glue_deleteSecmod = NULL; - legacy_glue_addSecmod = NULL; -- legacy_glue_libCheckFailed = PR_FALSE; -- legacy_glue_libCheckSucceeded = PR_FALSE; - return crv; - } - -diff -up ./nss/lib/softoken/lgglue.h.fips-post ./nss/lib/softoken/lgglue.h ---- ./nss/lib/softoken/lgglue.h.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/lgglue.h 2014-09-22 10:04:04.413776873 -0700 -@@ -43,7 +43,7 @@ typedef void (*LGSetCryptFunc)(LGEncrypt - */ - CK_RV sftkdbCall_open(const char *dir, const char *certPrefix, - const char *keyPrefix, -- int certVersion, int keyVersion, int flags, PRBool isFIPS, -+ int certVersion, int keyVersion, int flags, - SDB **certDB, SDB **keyDB); - char ** sftkdbCall_ReadSecmodDB(const char *appName, const char *filename, - const char *dbname, char *params, PRBool rw); -diff -up ./nss/lib/softoken/sdb.c.fips-post ./nss/lib/softoken/sdb.c ---- ./nss/lib/softoken/sdb.c.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/sdb.c 2014-09-22 10:04:04.413776873 -0700 -@@ -1696,7 +1696,7 @@ static const char ALTER_CMD[] = - - CK_RV - sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate, -- int *newInit, int flags, PRUint32 accessOps, SDB **pSdb) -+ int *newInit, int inFlags, PRUint32 accessOps, SDB **pSdb) - { - int i; - char *initStr = NULL; -@@ -1712,6 +1712,7 @@ sdb_init(char *dbname, char *table, sdbD - char *env; - PRBool enableCache = PR_FALSE; - PRBool create; -+ int flags = inFlags & 0x7; - - *pSdb = NULL; - *inUpdate = 0; -@@ -1927,7 +1928,7 @@ sdb_init(char *dbname, char *table, sdbD - sdb_p->sqlXactThread = NULL; - sdb->private = sdb_p; - sdb->version = 0; -- sdb->sdb_flags = flags | SDB_HAS_META; -+ sdb->sdb_flags = inFlags | SDB_HAS_META; - sdb->app_private = NULL; - sdb->sdb_FindObjectsInit = sdb_FindObjectsInit; - sdb->sdb_FindObjects = sdb_FindObjects; -diff -up ./nss/lib/softoken/sdb.h.fips-post ./nss/lib/softoken/sdb.h ---- ./nss/lib/softoken/sdb.h.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/sdb.h 2014-09-22 10:04:04.413776873 -0700 -@@ -74,5 +74,6 @@ CK_RV s_shutdown(); - #define SDB_RDWR 2 - #define SDB_CREATE 4 - #define SDB_HAS_META 8 -+#define SDB_FIPS 0x10 - - #endif -diff -up ./nss/lib/softoken/sftkdb.c.fips-post ./nss/lib/softoken/sftkdb.c ---- ./nss/lib/softoken/sftkdb.c.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/sftkdb.c 2014-09-22 10:04:04.414776890 -0700 -@@ -2585,6 +2585,9 @@ sftk_DBInit(const char *configdir, const - if (!readOnly) { - flags = SDB_CREATE; - } -+ if (isFIPS) { -+ flags |= SDB_FIPS; -+ } - - *certDB = NULL; - *keyDB = NULL; -@@ -2600,11 +2603,11 @@ sftk_DBInit(const char *configdir, const - switch (dbType) { - case NSS_DB_TYPE_LEGACY: - crv = sftkdbCall_open(confdir, certPrefix, keyPrefix, 8, 3, flags, -- isFIPS, noCertDB? NULL : &certSDB, noKeyDB ? NULL: &keySDB); -+ noCertDB? NULL : &certSDB, noKeyDB ? NULL: &keySDB); - break; - case NSS_DB_TYPE_MULTIACCESS: - crv = sftkdbCall_open(configdir, certPrefix, keyPrefix, 8, 3, flags, -- isFIPS, noCertDB? NULL : &certSDB, noKeyDB ? NULL: &keySDB); -+ noCertDB? NULL : &certSDB, noKeyDB ? NULL: &keySDB); - break; - case NSS_DB_TYPE_SQL: - case NSS_DB_TYPE_EXTERN: /* SHOULD open a loadable db */ -@@ -2616,12 +2619,12 @@ sftk_DBInit(const char *configdir, const - * the exists. - */ - if (crv != CKR_OK) { -- if ((flags == SDB_RDONLY) && -+ if (((flags & SDB_RDONLY) == SDB_RDONLY) && - sftk_hasLegacyDB(confdir, certPrefix, keyPrefix, 8, 3)) { - /* we have legacy databases, if we failed to open the new format - * DB's read only, just use the legacy ones */ - crv = sftkdbCall_open(confdir, certPrefix, -- keyPrefix, 8, 3, flags, isFIPS, -+ keyPrefix, 8, 3, flags, - noCertDB? NULL : &certSDB, noKeyDB ? NULL : &keySDB); - } - /* Handle the database merge case. -@@ -2692,7 +2695,7 @@ sftk_DBInit(const char *configdir, const - CK_RV crv2; - - crv2 = sftkdbCall_open(confdir, certPrefix, keyPrefix, 8, 3, flags, -- isFIPS, noCertDB ? NULL : &updateCert, -+ noCertDB ? NULL : &updateCert, - noKeyDB ? NULL : &updateKey); - if (crv2 == CKR_OK) { - if (*certDB) { -diff -up ./nss/lib/softoken/softoken.h.fips-post ./nss/lib/softoken/softoken.h ---- ./nss/lib/softoken/softoken.h.fips-post 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/softoken/softoken.h 2014-09-22 10:04:04.414776890 -0700 -@@ -55,10 +55,10 @@ extern unsigned char * CBC_PadBuffer(PLA - - /****************************************/ - /* --** Power-Up selftests required for FIPS and invoked only --** under PKCS #11 FIPS mode. -+** Power-Up selftests are required for FIPS. - */ --extern CK_RV sftk_fipsPowerUpSelfTest( void ); -+/* make sure Power-up selftests have been run. */ -+extern CK_RV sftk_FIPSEntryOK( void ); - - /* - ** make known fixed PKCS #11 key types to their sizes in bytes diff --git a/SOURCES/nss-softokn-3.16-fips-rem-old-test.patch b/SOURCES/nss-softokn-3.16-fips-rem-old-test.patch deleted file mode 100644 index 91a2a35..0000000 --- a/SOURCES/nss-softokn-3.16-fips-rem-old-test.patch +++ /dev/null @@ -1,504 +0,0 @@ -diff -up ./nss/lib/freebl/fipsfreebl.c.rm-old-test ./nss/lib/freebl/fipsfreebl.c ---- ./nss/lib/freebl/fipsfreebl.c.rm-old-test 2014-09-22 11:09:25.936527081 -0700 -+++ ./nss/lib/freebl/fipsfreebl.c 2014-09-22 11:09:25.953527366 -0700 -@@ -145,373 +145,6 @@ BOOL WINAPI DllMain( - #define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */ - - static SECStatus --freebl_fips_RC2_PowerUpSelfTest( void ) --{ -- /* RC2 Known Key (40-bits). */ -- static const PRUint8 rc2_known_key[] = { "RSARC" }; -- -- /* RC2-CBC Known Initialization Vector (64-bits). */ -- static const PRUint8 rc2_cbc_known_initialization_vector[] = {"Security"}; -- -- /* RC2 Known Plaintext (64-bits). */ -- static const PRUint8 rc2_ecb_known_plaintext[] = {"Netscape"}; -- static const PRUint8 rc2_cbc_known_plaintext[] = {"Netscape"}; -- -- /* RC2 Known Ciphertext (64-bits). */ -- static const PRUint8 rc2_ecb_known_ciphertext[] = { -- 0x1a,0x71,0x33,0x54,0x8d,0x5c,0xd2,0x30}; -- static const PRUint8 rc2_cbc_known_ciphertext[] = { -- 0xff,0x41,0xdb,0x94,0x8a,0x4c,0x33,0xb3}; -- -- /* RC2 variables. */ -- PRUint8 rc2_computed_ciphertext[FIPS_RC2_ENCRYPT_LENGTH]; -- PRUint8 rc2_computed_plaintext[FIPS_RC2_DECRYPT_LENGTH]; -- RC2Context * rc2_context; -- unsigned int rc2_bytes_encrypted; -- unsigned int rc2_bytes_decrypted; -- SECStatus rc2_status; -- -- -- /******************************************************/ -- /* RC2-ECB Single-Round Known Answer Encryption Test: */ -- /******************************************************/ -- -- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -- NULL, NSS_RC2, -- FIPS_RC2_KEY_LENGTH ); -- -- if( rc2_context == NULL ) { -- PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( SECFailure ); -- } -- -- rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext, -- &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH, -- rc2_ecb_known_plaintext, -- FIPS_RC2_DECRYPT_LENGTH ); -- -- RC2_DestroyContext( rc2_context, PR_TRUE ); -- -- if( ( rc2_status != SECSuccess ) || -- ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( rc2_computed_ciphertext, rc2_ecb_known_ciphertext, -- FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- -- /******************************************************/ -- /* RC2-ECB Single-Round Known Answer Decryption Test: */ -- /******************************************************/ -- -- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -- NULL, NSS_RC2, -- FIPS_RC2_KEY_LENGTH ); -- -- if( rc2_context == NULL ) { -- PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( SECFailure ); -- } -- -- rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext, -- &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH, -- rc2_ecb_known_ciphertext, -- FIPS_RC2_ENCRYPT_LENGTH ); -- -- RC2_DestroyContext( rc2_context, PR_TRUE ); -- -- if( ( rc2_status != SECSuccess ) || -- ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext, -- FIPS_RC2_DECRYPT_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- -- /******************************************************/ -- /* RC2-CBC Single-Round Known Answer Encryption Test: */ -- /******************************************************/ -- -- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -- rc2_cbc_known_initialization_vector, -- NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH ); -- -- if( rc2_context == NULL ) { -- PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( SECFailure ); -- } -- -- rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext, -- &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH, -- rc2_cbc_known_plaintext, -- FIPS_RC2_DECRYPT_LENGTH ); -- -- RC2_DestroyContext( rc2_context, PR_TRUE ); -- -- if( ( rc2_status != SECSuccess ) || -- ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( rc2_computed_ciphertext, rc2_cbc_known_ciphertext, -- FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- -- /******************************************************/ -- /* RC2-CBC Single-Round Known Answer Decryption Test: */ -- /******************************************************/ -- -- rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH, -- rc2_cbc_known_initialization_vector, -- NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH ); -- -- if( rc2_context == NULL ) { -- PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( SECFailure ); -- } -- -- rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext, -- &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH, -- rc2_cbc_known_ciphertext, -- FIPS_RC2_ENCRYPT_LENGTH ); -- -- RC2_DestroyContext( rc2_context, PR_TRUE ); -- -- if( ( rc2_status != SECSuccess ) || -- ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext, -- FIPS_RC2_DECRYPT_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- return( SECSuccess ); --} -- -- --static SECStatus --freebl_fips_RC4_PowerUpSelfTest( void ) --{ -- /* RC4 Known Key (40-bits). */ -- static const PRUint8 rc4_known_key[] = { "RSARC" }; -- -- /* RC4 Known Plaintext (64-bits). */ -- static const PRUint8 rc4_known_plaintext[] = { "Netscape" }; -- -- /* RC4 Known Ciphertext (64-bits). */ -- static const PRUint8 rc4_known_ciphertext[] = { -- 0x29,0x33,0xc7,0x9a,0x9d,0x6c,0x09,0xdd}; -- -- /* RC4 variables. */ -- PRUint8 rc4_computed_ciphertext[FIPS_RC4_ENCRYPT_LENGTH]; -- PRUint8 rc4_computed_plaintext[FIPS_RC4_DECRYPT_LENGTH]; -- RC4Context * rc4_context; -- unsigned int rc4_bytes_encrypted; -- unsigned int rc4_bytes_decrypted; -- SECStatus rc4_status; -- -- -- /**************************************************/ -- /* RC4 Single-Round Known Answer Encryption Test: */ -- /**************************************************/ -- -- rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH ); -- -- if( rc4_context == NULL ) { -- PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( SECFailure ); -- } -- -- rc4_status = RC4_Encrypt( rc4_context, rc4_computed_ciphertext, -- &rc4_bytes_encrypted, FIPS_RC4_ENCRYPT_LENGTH, -- rc4_known_plaintext, FIPS_RC4_DECRYPT_LENGTH ); -- -- RC4_DestroyContext( rc4_context, PR_TRUE ); -- -- if( ( rc4_status != SECSuccess ) || -- ( rc4_bytes_encrypted != FIPS_RC4_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( rc4_computed_ciphertext, rc4_known_ciphertext, -- FIPS_RC4_ENCRYPT_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- -- /**************************************************/ -- /* RC4 Single-Round Known Answer Decryption Test: */ -- /**************************************************/ -- -- rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH ); -- -- if( rc4_context == NULL ) { -- PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( SECFailure ); -- } -- -- rc4_status = RC4_Decrypt( rc4_context, rc4_computed_plaintext, -- &rc4_bytes_decrypted, FIPS_RC4_DECRYPT_LENGTH, -- rc4_known_ciphertext, FIPS_RC4_ENCRYPT_LENGTH ); -- -- RC4_DestroyContext( rc4_context, PR_TRUE ); -- -- if( ( rc4_status != SECSuccess ) || -- ( rc4_bytes_decrypted != FIPS_RC4_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( rc4_computed_plaintext, rc4_known_plaintext, -- FIPS_RC4_DECRYPT_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- return( SECSuccess ); --} -- -- --static SECStatus --freebl_fips_DES_PowerUpSelfTest( void ) --{ -- /* DES Known Key (56-bits). */ -- static const PRUint8 des_known_key[] = { "ANSI DES" }; -- -- /* DES-CBC Known Initialization Vector (64-bits). */ -- static const PRUint8 des_cbc_known_initialization_vector[] = { "Security" }; -- -- /* DES Known Plaintext (64-bits). */ -- static const PRUint8 des_ecb_known_plaintext[] = { "Netscape" }; -- static const PRUint8 des_cbc_known_plaintext[] = { "Netscape" }; -- -- /* DES Known Ciphertext (64-bits). */ -- static const PRUint8 des_ecb_known_ciphertext[] = { -- 0x26,0x14,0xe9,0xc3,0x28,0x80,0x50,0xb0}; -- static const PRUint8 des_cbc_known_ciphertext[] = { -- 0x5e,0x95,0x94,0x5d,0x76,0xa2,0xd3,0x7d}; -- -- /* DES variables. */ -- PRUint8 des_computed_ciphertext[FIPS_DES_ENCRYPT_LENGTH]; -- PRUint8 des_computed_plaintext[FIPS_DES_DECRYPT_LENGTH]; -- DESContext * des_context; -- unsigned int des_bytes_encrypted; -- unsigned int des_bytes_decrypted; -- SECStatus des_status; -- -- -- /******************************************************/ -- /* DES-ECB Single-Round Known Answer Encryption Test: */ -- /******************************************************/ -- -- des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_TRUE ); -- -- if( des_context == NULL ) { -- PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( SECFailure ); -- } -- -- des_status = DES_Encrypt( des_context, des_computed_ciphertext, -- &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH, -- des_ecb_known_plaintext, -- FIPS_DES_DECRYPT_LENGTH ); -- -- DES_DestroyContext( des_context, PR_TRUE ); -- -- if( ( des_status != SECSuccess ) || -- ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( des_computed_ciphertext, des_ecb_known_ciphertext, -- FIPS_DES_ENCRYPT_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- -- /******************************************************/ -- /* DES-ECB Single-Round Known Answer Decryption Test: */ -- /******************************************************/ -- -- des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_FALSE ); -- -- if( des_context == NULL ) { -- PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( SECFailure ); -- } -- -- des_status = DES_Decrypt( des_context, des_computed_plaintext, -- &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH, -- des_ecb_known_ciphertext, -- FIPS_DES_ENCRYPT_LENGTH ); -- -- DES_DestroyContext( des_context, PR_TRUE ); -- -- if( ( des_status != SECSuccess ) || -- ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( des_computed_plaintext, des_ecb_known_plaintext, -- FIPS_DES_DECRYPT_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- -- /******************************************************/ -- /* DES-CBC Single-Round Known Answer Encryption Test. */ -- /******************************************************/ -- -- des_context = DES_CreateContext( des_known_key, -- des_cbc_known_initialization_vector, -- NSS_DES_CBC, PR_TRUE ); -- -- if( des_context == NULL ) { -- PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( SECFailure ); -- } -- -- des_status = DES_Encrypt( des_context, des_computed_ciphertext, -- &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH, -- des_cbc_known_plaintext, -- FIPS_DES_DECRYPT_LENGTH ); -- -- DES_DestroyContext( des_context, PR_TRUE ); -- -- if( ( des_status != SECSuccess ) || -- ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) || -- ( PORT_Memcmp( des_computed_ciphertext, des_cbc_known_ciphertext, -- FIPS_DES_ENCRYPT_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- -- /******************************************************/ -- /* DES-CBC Single-Round Known Answer Decryption Test. */ -- /******************************************************/ -- -- des_context = DES_CreateContext( des_known_key, -- des_cbc_known_initialization_vector, -- NSS_DES_CBC, PR_FALSE ); -- -- if( des_context == NULL ) { -- PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( SECFailure ); -- } -- -- des_status = DES_Decrypt( des_context, des_computed_plaintext, -- &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH, -- des_cbc_known_ciphertext, -- FIPS_DES_ENCRYPT_LENGTH ); -- -- DES_DestroyContext( des_context, PR_TRUE ); -- -- if( ( des_status != SECSuccess ) || -- ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) || -- ( PORT_Memcmp( des_computed_plaintext, des_cbc_known_plaintext, -- FIPS_DES_DECRYPT_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- return( SECSuccess ); --} -- -- --static SECStatus - freebl_fips_DES3_PowerUpSelfTest( void ) - { - /* DES3 Known Key (56-bits). */ -@@ -846,82 +479,6 @@ freebl_fips_AES_PowerUpSelfTest( int aes - static const PRUint8 known_hash_message[] = { - "The test message for the MD2, MD5, and SHA-1 hashing algorithms." }; - -- --static SECStatus --freebl_fips_MD2_PowerUpSelfTest( void ) --{ -- /* MD2 Known Digest Message (128-bits). */ -- static const PRUint8 md2_known_digest[] = { -- 0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17, -- 0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b}; -- -- /* MD2 variables. */ -- MD2Context * md2_context; -- unsigned int md2_bytes_hashed; -- PRUint8 md2_computed_digest[MD2_LENGTH]; -- -- -- /***********************************************/ -- /* MD2 Single-Round Known Answer Hashing Test. */ -- /***********************************************/ -- -- md2_context = MD2_NewContext(); -- -- if( md2_context == NULL ) { -- PORT_SetError( SEC_ERROR_NO_MEMORY ); -- return( SECFailure ); -- } -- -- MD2_Begin( md2_context ); -- -- MD2_Update( md2_context, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH ); -- -- MD2_DestroyContext( md2_context , PR_TRUE ); -- -- if( ( md2_bytes_hashed != MD2_LENGTH ) || -- ( PORT_Memcmp( md2_computed_digest, md2_known_digest, -- MD2_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- return( SECSuccess ); --} -- -- --static SECStatus --freebl_fips_MD5_PowerUpSelfTest( void ) --{ -- /* MD5 Known Digest Message (128-bits). */ -- static const PRUint8 md5_known_digest[] = { -- 0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28, -- 0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d}; -- -- /* MD5 variables. */ -- PRUint8 md5_computed_digest[MD5_LENGTH]; -- SECStatus md5_status; -- -- -- /***********************************************/ -- /* MD5 Single-Round Known Answer Hashing Test. */ -- /***********************************************/ -- -- md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message, -- FIPS_KNOWN_HASH_MESSAGE_LENGTH ); -- -- if( ( md5_status != SECSuccess ) || -- ( PORT_Memcmp( md5_computed_digest, md5_known_digest, -- MD5_LENGTH ) != 0 ) ) { -- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE ); -- return( SECFailure ); -- } -- -- return( SECSuccess ); --} -- - /****************************************************/ - /* Single Round HMAC SHA-X test */ - /****************************************************/ -@@ -2000,18 +1557,6 @@ freebl_fipsPowerUpSelfTest( unsigned int - */ - if (tests & DO_FREEBL) { - -- /* MD2 Power-Up SelfTest(s). */ -- rv = freebl_fips_MD2_PowerUpSelfTest(); -- -- if( rv != SECSuccess ) -- return rv; -- -- /* MD5 Power-Up SelfTest(s). */ -- rv = freebl_fips_MD5_PowerUpSelfTest(); -- -- if( rv != SECSuccess ) -- return rv; -- - /* SHA-X Power-Up SelfTest(s). */ - rv = freebl_fips_SHA_PowerUpSelfTest(); - -@@ -2030,24 +1575,6 @@ freebl_fipsPowerUpSelfTest( unsigned int - * standalone */ - if (tests & DO_REST) { - -- /* RC2 Power-Up SelfTest(s). */ -- rv = freebl_fips_RC2_PowerUpSelfTest(); -- -- if( rv != SECSuccess ) -- return rv; -- -- /* RC4 Power-Up SelfTest(s). */ -- rv = freebl_fips_RC4_PowerUpSelfTest(); -- -- if( rv != SECSuccess ) -- return rv; -- -- /* DES Power-Up SelfTest(s). */ -- rv = freebl_fips_DES_PowerUpSelfTest(); -- -- if( rv != SECSuccess ) -- return rv; -- - /* DES3 Power-Up SelfTest(s). */ - rv = freebl_fips_DES3_PowerUpSelfTest(); - diff --git a/SOURCES/nss-softokn-3.16-fips.patch b/SOURCES/nss-softokn-3.16-fips.patch deleted file mode 100644 index bc75455..0000000 --- a/SOURCES/nss-softokn-3.16-fips.patch +++ /dev/null @@ -1,435 +0,0 @@ -diff -up ./nss/lib/freebl/ctr.c.fips ./nss/lib/freebl/ctr.c ---- ./nss/lib/freebl/ctr.c.fips 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/ctr.c 2014-09-22 11:03:48.410869823 -0700 -@@ -30,6 +30,7 @@ CTR_InitContext(CTRContext *ctr, void *c - } - - /* Invariant: 0 < ctr->bufPtr <= blocksize */ -+ ctr->checkWrap = PR_FALSE; - ctr->bufPtr = blocksize; /* no unused data in the buffer */ - ctr->cipher = cipher; - ctr->context = context; -@@ -40,6 +41,10 @@ CTR_InitContext(CTRContext *ctr, void *c - return SECFailure; - } - PORT_Memcpy(ctr->counter, ctrParams->cb, blocksize); -+ if (ctr->counterBits < 64) { -+ PORT_Memcpy(ctr->counterFirst, ctr->counter, blocksize); -+ ctr->checkWrap = PR_TRUE; -+ } - return SECSuccess; - } - -@@ -147,6 +152,12 @@ CTR_Update(CTRContext *ctr, unsigned cha - rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, - ctr->counter, blocksize, blocksize); - ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); -+ if (ctr->checkWrap) { -+ if (PORT_Memcmp(ctr->counter, ctr->counterFirst, blocksize) == 0) { -+ PORT_SetError(SEC_ERROR_INVALID_ARGS); -+ return SECFailure; -+ } -+ } - if (rv != SECSuccess) { - return SECFailure; - } -@@ -162,6 +173,12 @@ CTR_Update(CTRContext *ctr, unsigned cha - rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, - ctr->counter, blocksize, blocksize); - ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); -+ if (ctr->checkWrap) { -+ if (PORT_Memcmp(ctr->counter, ctr->counterFirst, blocksize) == 0) { -+ PORT_SetError(SEC_ERROR_INVALID_ARGS); -+ return SECFailure; -+ } -+ } - if (rv != SECSuccess) { - return SECFailure; - } -diff -up ./nss/lib/freebl/ctr.h.fips ./nss/lib/freebl/ctr.h ---- ./nss/lib/freebl/ctr.h.fips 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/ctr.h 2014-09-22 11:03:48.411869840 -0700 -@@ -14,6 +14,8 @@ struct CTRContextStr { - void *context; - unsigned char counter[MAX_BLOCK_SIZE]; - unsigned char buffer[MAX_BLOCK_SIZE]; -+ unsigned char counterFirst[MAX_BLOCK_SIZE]; /* counter overlfow value */ -+ PRBool checkWrap; /*check for counter overflow*/ - unsigned long counterBits; - unsigned int bufPtr; - }; -diff -up ./nss/lib/freebl/cts.c.fips ./nss/lib/freebl/cts.c ---- ./nss/lib/freebl/cts.c.fips 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/cts.c 2014-09-22 11:03:48.411869840 -0700 -@@ -97,6 +97,7 @@ CTS_EncryptUpdate(CTSContext *cts, unsig - unsigned int tmp; - int fullblocks; - int written; -+ char *saveout = outbuf; - SECStatus rv; - - if (inlen < blocksize) { -@@ -141,6 +142,8 @@ CTS_EncryptUpdate(CTSContext *cts, unsig - PORT_Memset(lastBlock, 0, blocksize); - if (rv == SECSuccess) { - *outlen = written + blocksize; -+ } else { -+ PORT_Memset(saveout, 0, written+blocksize); - } - return rv; - } -@@ -184,6 +187,7 @@ CTS_DecryptUpdate(CTSContext *cts, unsig - unsigned char Cn[MAX_BLOCK_SIZE]; /* block Cn */ - unsigned char lastBlock[MAX_BLOCK_SIZE]; - const unsigned char *tmp; -+ char *saveout = outbuf; - unsigned int tmpLen; - int fullblocks, pad; - unsigned int i; -@@ -281,6 +285,8 @@ CTS_DecryptUpdate(CTSContext *cts, unsig - rv = (*cts->cipher)(cts->context, Pn, &tmpLen, blocksize, lastBlock, - blocksize, blocksize); - if (rv != SECSuccess) { -+ PORT_Memset(lastBlock, 0, blocksize); -+ PORT_Memset(saveout, 0, *outlen); - return SECFailure; - } - /* make up for the out of order CBC decryption */ -diff -up ./nss/lib/freebl/dh.c.fips ./nss/lib/freebl/dh.c ---- ./nss/lib/freebl/dh.c.fips 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/dh.c 2014-09-22 11:03:48.412869857 -0700 -@@ -173,8 +173,8 @@ DH_NewKey(DHParams *params, DHPrivateKey - /* Generate private key xa */ - SECITEM_AllocItem(arena, &key->privateValue, - dh_GetSecretKeyLen(params->prime.len)); -- RNG_GenerateGlobalRandomBytes(key->privateValue.data, -- key->privateValue.len); -+ CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(key->privateValue.data, -+ key->privateValue.len)); - SECITEM_TO_MPINT( key->privateValue, &xa ); - /* xa < p */ - CHECK_MPI_OK( mp_mod(&xa, &p, &xa) ); -@@ -191,8 +191,10 @@ cleanup: - MP_TO_SEC_ERROR(err); - rv = SECFailure; - } -- if (rv) -+ if (rv) { -+ *privKey = NULL; - PORT_FreeArena(arena, PR_TRUE); -+ } - return rv; - } - -@@ -254,6 +256,10 @@ DH_Derive(SECItem *publicValue, - } - /* allocate a buffer which can hold the entire derived secret. */ - secret = PORT_Alloc(len); -+ if (secret == NULL) { -+ err = MP_MEM; -+ goto cleanup; -+ } - /* grab the derived secret */ - err = mp_to_unsigned_octets(&ZZ, secret, len); - if (err >= 0) err = MP_OKAY; -@@ -267,7 +273,10 @@ DH_Derive(SECItem *publicValue, - nb = outBytes; - else - nb = len; -- SECITEM_AllocItem(NULL, derivedSecret, nb); -+ if (SECITEM_AllocItem(NULL, derivedSecret, nb) == NULL) { -+ err = MP_MEM; -+ goto cleanup; -+ } - if (len < nb) { - unsigned int offset = nb - len; - memset(derivedSecret->data, 0, offset); -@@ -342,11 +351,19 @@ KEA_Derive(SECItem *prime, - /* allocate a buffer for the full derived secret */ - len = mp_unsigned_octet_size(&w); - secret = PORT_Alloc(len); -+ if (secret == NULL) { -+ err = MP_MEM; -+ goto cleanup; -+ } - /* grab the secret */ - err = mp_to_unsigned_octets(&w, secret, len); - if (err > 0) err = MP_OKAY; - /* allocate output buffer */ -- SECITEM_AllocItem(NULL, derivedSecret, KEA_DERIVED_SECRET_LEN); -+ if (SECITEM_AllocItem(NULL, derivedSecret, KEA_DERIVED_SECRET_LEN) -+ == NULL) { -+ err = MP_MEM; -+ goto cleanup; -+ } - memset(derivedSecret->data, 0, derivedSecret->len); - /* copy in the 128 lsb of the secret */ - if (len >= KEA_DERIVED_SECRET_LEN) { -@@ -369,6 +386,8 @@ cleanup: - PORT_ZFree(secret, len); - if (err) { - MP_TO_SEC_ERROR(err); -+ if (derivedSecret->data) -+ PORT_ZFree(derivedSecret->data, derivedSecret->len); - return SECFailure; - } - return SECSuccess; -diff -up ./nss/lib/freebl/drbg.c.fips ./nss/lib/freebl/drbg.c ---- ./nss/lib/freebl/drbg.c.fips 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/drbg.c 2014-09-22 11:03:48.413869874 -0700 -@@ -76,7 +76,7 @@ struct RNGContextStr { - #define V(rng) (((rng)->V_Data)+1) - #define VSize(rng) ((sizeof (rng)->V_Data) -1) - PRUint8 C[PRNG_SEEDLEN]; /* internal state variables */ -- PRUint8 oldV[PRNG_SEEDLEN]; /* for continuous rng checking */ -+ PRUint8 lastOutput[SHA256_LENGTH]; /* for continuous rng checking */ - /* If we get calls for the PRNG to return less than the length of our - * hash, we extend the request for a full hash (since we'll be doing - * the full hash anyway). Future requests for random numbers are fulfilled -@@ -280,6 +280,8 @@ prng_Hashgen(RNGContext *rng, PRUint8 *r - unsigned int no_of_returned_bytes) - { - PRUint8 data[VSize(rng)]; -+ PRUint8 thisHash[SHA256_LENGTH]; -+ PRUint8 *lastHash = rng->lastOutput; - - PORT_Memcpy(data, V(rng), VSize(rng)); - while (no_of_returned_bytes) { -@@ -290,14 +292,25 @@ prng_Hashgen(RNGContext *rng, PRUint8 *r - - SHA256_Begin(&ctx); - SHA256_Update(&ctx, data, sizeof data); -- SHA256_End(&ctx, returned_bytes, &len, no_of_returned_bytes); -+ SHA256_End(&ctx, thisHash, &len, SHA256_LENGTH); -+ if (PORT_Memcmp(lastHash, thisHash, len) == 0) { -+ rng->isValid = PR_FALSE; -+ break; -+ } -+ if (no_of_returned_bytes < SHA256_LENGTH) { -+ len = no_of_returned_bytes; -+ } -+ PORT_Memcpy(returned_bytes, thisHash, len); -+ lastHash = returned_bytes; - returned_bytes += len; - no_of_returned_bytes -= len; - /* The carry parameter is a bool (increment or not). - * This increments data if no_of_returned_bytes is not zero */ - PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, no_of_returned_bytes); - } -+ PORT_Memcpy(rng->lastOutput, thisHash, SHA256_LENGTH); - PORT_Memset(data, 0, sizeof data); -+ PORT_Memset(thisHash, 0, sizeof thisHash); - } - - /* -@@ -342,8 +355,13 @@ prng_generateNewBytes(RNGContext *rng, - } - - if (no_of_returned_bytes == SHA256_LENGTH) { -- /* short_cut to hashbuf and save a copy and a clear */ -+ /* short_cut to hashbuf and a couple of copies and clears */ - SHA256_HashBuf(returned_bytes, V(rng), VSize(rng) ); -+ /* continuous rng check */ -+ if (memcmp(rng->lastOutput, returned_bytes, SHA256_LENGTH) == 0) { -+ rng->isValid = PR_FALSE; -+ } -+ PORT_Memcpy(rng->lastOutput, returned_bytes, sizeof rng->lastOutput); - } else { - prng_Hashgen(rng, returned_bytes, no_of_returned_bytes); - } -@@ -356,13 +374,12 @@ prng_generateNewBytes(RNGContext *rng, - sizeof rng->reseed_counter) - PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, 1); - -- /* continuous rng check */ -- if (memcmp(V(rng), rng->oldV, sizeof rng->oldV) == 0) { -- rng->isValid = PR_FALSE; -+ /* if the prng failed, don't return any output, signal softoken */ -+ if (!rng->isValid) { -+ PORT_Memset(returned_bytes, 0, no_of_returned_bytes); - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } -- PORT_Memcpy(rng->oldV, V(rng), sizeof rng->oldV); - return SECSuccess; - } - -diff -up ./nss/lib/freebl/ec.c.fips ./nss/lib/freebl/ec.c ---- ./nss/lib/freebl/ec.c.fips 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/ec.c 2014-09-22 11:03:48.413869874 -0700 -@@ -376,7 +376,7 @@ cleanup: - rv = SECFailure; - } - if (rv != SECSuccess && privKeyBytes) { -- PORT_Free(privKeyBytes); -+ PORT_ZFree(privKeyBytes,2*len); - privKeyBytes = NULL; - } - return privKeyBytes; -@@ -1061,7 +1061,7 @@ cleanup: - mp_clear(&v); - mp_clear(&n); - -- if (pointC.data) SECITEM_FreeItem(&pointC, PR_FALSE); -+ if (pointC.data) SECITEM_ZfreeItem(&pointC, PR_FALSE); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; -diff -up ./nss/lib/freebl/gcm.c.fips ./nss/lib/freebl/gcm.c ---- ./nss/lib/freebl/gcm.c.fips 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/gcm.c 2014-09-22 11:03:48.414869890 -0700 -@@ -192,9 +192,7 @@ gcmHash_DestroyContext(gcmHashContext *g - mp_clear(&ghash->H); - mp_clear(&ghash->X); - mp_clear(&ghash->C_i); -- MP_DIGITS(&ghash->H) = 0; -- MP_DIGITS(&ghash->X) = 0; -- MP_DIGITS(&ghash->C_i) = 0; -+ PORT_Memset(ghash, 0, sizeof(gcmHashContext)); - if (freeit) { - PORT_Free(ghash); - } -@@ -267,6 +265,7 @@ gcm_HashMult(gcmHashContext *ghash, cons - } - rv = SECSuccess; - cleanup: -+ PORT_Memset(tmp_buf, 0, sizeof(tmp_buf)); - if (rv != SECSuccess) { - MP_TO_SEC_ERROR(err); - } -@@ -366,6 +365,7 @@ cleanup: - static void - gcmHash_DestroyContext(gcmHashContext *ghash, PRBool freeit) - { -+ PORT_Memset(ghash, 0, sizeof(gcmHashContext)); - if (freeit) { - PORT_Free(ghash); - } -@@ -423,6 +423,7 @@ gcm_HashMult(gcmHashContext *ghash, cons - } - GCM_TRACE_X(ghash, "X%d = ") - } -+ PORT_Memset(C_i, 0, sizeof(C_i)); - return SECSuccess; - } - -@@ -538,26 +539,30 @@ gcmHash_Final(gcmHashContext *ghash, uns - - rv = gcmHash_Sync(ghash, blocksize); - if (rv != SECSuccess) { -- return SECFailure; -+ goto cleanup; - } - - rv = gcm_HashMult(ghash, ghash->counterBuf, (GCM_HASH_LEN_LEN*2)/blocksize, - blocksize); - if (rv != SECSuccess) { -- return SECFailure; -+ goto cleanup; - } - - GCM_TRACE_X(ghash, "GHASH(H,A,C) = ") - - rv = gcm_getX(ghash, T, blocksize); - if (rv != SECSuccess) { -- return SECFailure; -+ goto cleanup; - } - - if (maxout > blocksize) maxout = blocksize; - PORT_Memcpy(outbuf, T, maxout); - *outlen = maxout; -- return SECSuccess; -+ rv = SECSuccess; -+ -+cleanup: -+ PORT_Memset(T, 0, sizeof(T)); -+ return rv; - } - - SECStatus -@@ -695,6 +700,8 @@ GCM_DestroyContext(GCMContext *gcm, PRBo - * allocated data (like mp_int's) */ - CTR_DestroyContext(&gcm->ctr_context, PR_FALSE); - gcmHash_DestroyContext(&gcm->ghash_context, PR_FALSE); -+ PORT_Memset(&gcm->tagBits, 0, sizeof(gcm->tagBits)); -+ PORT_Memset(gcm->tagKey, 0, sizeof(gcm->tagKey)); - if (freeit) { - PORT_Free(gcm); - } -@@ -838,8 +845,10 @@ GCM_DecryptUpdate(GCMContext *gcm, unsig - if (NSS_SecureMemcmp(tag, intag, tagBytes) != 0) { - /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */ - PORT_SetError(SEC_ERROR_BAD_DATA); -+ PORT_Memset(tag, 0, sizeof(tag)); - return SECFailure; - } -+ PORT_Memset(tag, 0, sizeof(tag)); - /* finish the decryption */ - return CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout, - inbuf, inlen, blocksize); -diff -up ./nss/lib/freebl/pqg.c.fips ./nss/lib/freebl/pqg.c ---- ./nss/lib/freebl/pqg.c.fips 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/pqg.c 2014-09-22 11:03:48.414869890 -0700 -@@ -701,6 +701,7 @@ cleanup: - mp_clear(&a); - mp_clear(&z); - mp_clear(&two_length_minus_1); -+ PORT_Memset(x, 0, sizeof(x)); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; -@@ -856,6 +857,7 @@ cleanup: - mp_clear(&c); - mp_clear(&c0); - mp_clear(&one); -+ PORT_Memset(x, 0, sizeof(x)); - if (err) { - MP_TO_SEC_ERROR(err); - rv = SECFailure; -diff -up ./nss/lib/freebl/rijndael.c.fips ./nss/lib/freebl/rijndael.c ---- ./nss/lib/freebl/rijndael.c.fips 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/rijndael.c 2014-09-22 11:03:48.415869907 -0700 -@@ -1164,6 +1164,7 @@ AES_InitContext(AESContext *cx, const un - AES_DestroyContext(cx, PR_FALSE); - return rv; - } -+ cx->mode = mode; - - /* finally, set up any mode specific contexts */ - switch (mode) { -@@ -1287,6 +1288,23 @@ AES_Encrypt(AESContext *cx, unsigned cha - return SECFailure; - } - *outputLen = inputLen; -+#if UINT_MAX > MP_32BIT_MAX -+ /* -+ * we can guarentee that GSM won't overlfow if we limit the input to -+ * 2^36 bytes. For simplicity, we are limiting it to 2^32 for now. -+ * -+ * We do it here to cover both hardware and software GCM operations. -+ */ -+ PR_STATIC_ASSERT(sizeof(unsigned int) > 4); -+ if ((cx->mode == NSS_AES_GCM) && (inputLen > MP_32_BIT_MAX)) { -+ PORT_SetError(SEC_ERROR_OUTPUT_LEN); -+ return SECFailure; -+ } -+#else -+ /* if we can't pass in a 32_bit number, then no such check needed */ -+ PR_STATIC_ASSERT(sizeof(unsigned int) <= 4); -+#endif -+ - return (*cx->worker)(cx->worker_cx, output, outputLen, maxOutputLen, - input, inputLen, blocksize); - } -diff -up ./nss/lib/freebl/rijndael.h.fips ./nss/lib/freebl/rijndael.h ---- ./nss/lib/freebl/rijndael.h.fips 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/rijndael.h 2014-09-22 11:03:48.415869907 -0700 -@@ -62,6 +62,7 @@ struct AESContextStr - freeblDestroyFunc destroy; - void *worker_cx; - PRBool isBlock; -+ int mode; - }; - - #endif /* _RIJNDAEL_H_ */ diff --git a/SOURCES/nss-softokn-3.16-fips_user_slots.patch b/SOURCES/nss-softokn-3.16-fips_user_slots.patch deleted file mode 100644 index 5f0b926..0000000 --- a/SOURCES/nss-softokn-3.16-fips_user_slots.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff -up ./nss/lib/softoken/fipstokn.c.fips_user_slots ./nss/lib/softoken/fipstokn.c ---- ./nss/lib/softoken/fipstokn.c.fips_user_slots 2014-11-04 15:34:07.524248232 -0800 -+++ ./nss/lib/softoken/fipstokn.c 2014-11-04 15:37:22.774525906 -0800 -@@ -546,8 +546,10 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, - CHECK_FORK(); - - SFTK_FIPSFATALCHECK(); -- if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID; -- /* FIPS Slot supports all functions */ -+ if ((slotID == FIPS_SLOT_ID) || (slotID >=SFTK_MIN_FIPS_USER_SLOT_ID)) { -+ slotID = NETSCAPE_SLOT_ID; -+ } -+ /* FIPS Slots support all functions */ - return NSC_GetMechanismList(slotID,pMechanismList,pusCount); - } - -@@ -559,8 +561,10 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, - CHECK_FORK(); - - SFTK_FIPSFATALCHECK(); -- if (slotID == FIPS_SLOT_ID) slotID = NETSCAPE_SLOT_ID; -- /* FIPS Slot supports all functions */ -+ if ((slotID == FIPS_SLOT_ID) || (slotID >=SFTK_MIN_FIPS_USER_SLOT_ID)) { -+ slotID = NETSCAPE_SLOT_ID; -+ } -+ /* FIPS Slots support all functions */ - return NSC_GetMechanismInfo(slotID,type,pInfo); - } - diff --git a/SOURCES/nss-softokn-3.16-fipstest-186-4.patch b/SOURCES/nss-softokn-3.16-fipstest-186-4.patch deleted file mode 100644 index cf8b566..0000000 --- a/SOURCES/nss-softokn-3.16-fipstest-186-4.patch +++ /dev/null @@ -1,157 +0,0 @@ -diff -up ./nss/cmd/fipstest/fipstest.c.fipstest-186-4 ./nss/cmd/fipstest/fipstest.c ---- ./nss/cmd/fipstest/fipstest.c.fipstest-186-4 2014-10-16 15:08:57.655496722 -0700 -+++ ./nss/cmd/fipstest/fipstest.c 2014-10-16 15:14:09.808725748 -0700 -@@ -5129,6 +5129,118 @@ loser: - } - } - -+static void -+pad(unsigned char *buf, int pad_len, unsigned char *src, int src_len) -+{ -+ int offset = 0; -+ /* this shouldn't happen, fail right away rather than produce bad output */ -+ if (pad_len < src_len) { -+ fprintf(stderr, "data bigger than expected! %d > %d\n", src_len, pad_len); -+ exit(1); -+ } -+ -+ offset = pad_len - src_len; -+ memset(buf, 0, offset); -+ memcpy(buf+offset, src, src_len); -+ return; -+} -+ -+ -+/* -+ * Perform the DSA Key Pair Generation Test. -+ * -+ * reqfn is the pathname of the REQUEST file. -+ * -+ * The output RESPONSE file is written to stdout. -+ */ -+void -+rsa_keypair_test(char *reqfn) -+{ -+ char buf[800]; /* holds one line from the input REQUEST file -+ * or to the output RESPONSE file. -+ * 800 to hold (384 public key (x2 for HEX) + 1'\n' -+ */ -+ unsigned char buf2[400]; /* can't need more then 1/2 buf length */ -+ FILE *rsareq; /* input stream from the REQUEST file */ -+ FILE *rsaresp; /* output stream to the RESPONSE file */ -+ int count; -+ int i; -+ int keySize; /* key size in bits*/ -+ int len; /* key size in bytes */ -+ int len2; /* key size in bytes/2 (prime size) */ -+ SECItem e; -+ unsigned char default_e[] = { 0x1, 0x0, 0x1 }; -+ -+ e.data = default_e; -+ e.len = sizeof (default_e); -+ -+ rsareq = fopen(reqfn, "r"); -+ rsaresp = stdout; -+ while (fgets(buf, sizeof buf, rsareq) != NULL) { -+ /* a comment or blank line */ -+ if (buf[0] == '#' || buf[0] == '\n') { -+ fputs(buf, rsaresp); -+ continue; -+ } -+ -+ /* [Mod = x] */ -+ if (buf[0] == '[') { -+ if (buf[1] == 'm') { -+ if (sscanf(buf, "[mod = %d]", &keySize) != 1) { -+ goto loser; -+ } -+ len = keySize/8; -+ len2 = keySize/16; -+ } -+ fputs(buf, rsaresp); -+ continue; -+ } -+ /* N = ...*/ -+ if (buf[0] == 'N') { -+ -+ if (sscanf(buf, "N = %d", &count) != 1) { -+ goto loser; -+ } -+ -+ /* Generate a DSA key, and output the key pair for N times */ -+ for (i = 0; i < count; i++) { -+ RSAPrivateKey *rsakey = NULL; -+ if ((rsakey = RSA_NewKey(keySize, &e)) == NULL) { -+ fprintf(rsaresp, "ERROR: Unable to generate RSA key"); -+ goto loser; -+ } -+ pad(buf2,len,rsakey->publicExponent.data, -+ rsakey->publicExponent.len); -+ to_hex_str(buf, buf2, len); -+ fprintf(rsaresp, "e = %s\n", buf); -+ pad(buf2,len2,rsakey->prime1.data, -+ rsakey->prime1.len); -+ to_hex_str(buf, buf2, len2); -+ fprintf(rsaresp, "p = %s\n", buf); -+ pad(buf2,len2,rsakey->prime2.data, -+ rsakey->prime2.len); -+ to_hex_str(buf, buf2, len2); -+ fprintf(rsaresp, "q = %s\n", buf); -+ pad(buf2,len,rsakey->modulus.data, -+ rsakey->modulus.len); -+ to_hex_str(buf, buf2, len); -+ fprintf(rsaresp, "n = %s\n", buf); -+ pad(buf2,len,rsakey->privateExponent.data, -+ rsakey->privateExponent.len); -+ to_hex_str(buf, buf2, len); -+ fprintf(rsaresp, "d = %s\n", buf); -+ fprintf(rsaresp, "\n"); -+ PORT_FreeArena(rsakey->arena, PR_TRUE); -+ rsakey = NULL; -+ } -+ continue; -+ } -+ -+ } -+loser: -+ fclose(rsareq); -+} -+ - /* - * Perform the RSA Signature Generation Test. - * -@@ -5940,7 +6052,10 @@ int main(int argc, char **argv) - } else if (strcmp(argv[2], "sigver") == 0) { - /* Signature Verification Test */ - rsa_sigver_test(argv[3]); -- } -+ } else if (strcmp(argv[2], "keypair") == 0) { -+ /* Key Pair Generation Test */ -+ rsa_keypair_test(argv[3]); -+ } - /*************/ - /* HMAC */ - /*************/ -diff -up ./nss/cmd/fipstest/rsa.sh.fipstest-186-4 ./nss/cmd/fipstest/rsa.sh ---- ./nss/cmd/fipstest/rsa.sh.fipstest-186-4 2014-10-16 15:08:57.656496739 -0700 -+++ ./nss/cmd/fipstest/rsa.sh 2014-10-16 15:08:57.662496840 -0700 -@@ -23,6 +23,9 @@ if [ ${COMMAND} = "verify" ]; then - #The Fax file has the private exponent and the salt value, remove it - #also remove the false reason - sh ./validate1.sh ${TESTDIR} SigVer15_186-3.req ' ' '-e /^SaltVal/d -e/^d.=/d -e /^p.=/d -e /^q.=/d -e /^EM.with/d -e /^Result.=.F/s;.(.*);;' -+# -+# currently don't have a way to verify the RSA keygen -+# - exit 0 - fi - -@@ -35,3 +38,9 @@ request=SigVer15_186-3.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest rsa sigver ${REQDIR}/$request > ${RSPDIR}/$response -+ -+#request=KeyGen_186-3.req -+request=KeyGen_RandomProbablyPrime3_3.req -+response=`echo $request | sed -e "s/req/rsp/"` -+echo $request $response -+fipstest rsa keypair ${REQDIR}/$request > ${RSPDIR}/$response diff --git a/SOURCES/nss-softokn-3.16-fipstest.patch b/SOURCES/nss-softokn-3.16-fipstest.patch deleted file mode 100644 index 918a8e2..0000000 --- a/SOURCES/nss-softokn-3.16-fipstest.patch +++ /dev/null @@ -1,5532 +0,0 @@ -diff -up ./nss/cmd/fipstest/aesgcm.sh.fipstest ./nss/cmd/fipstest/aesgcm.sh ---- ./nss/cmd/fipstest/aesgcm.sh.fipstest 2014-09-22 11:47:43.486241359 -0700 -+++ ./nss/cmd/fipstest/aesgcm.sh 2014-09-22 11:47:43.485241342 -0700 -@@ -0,0 +1,63 @@ -+#!/bin/sh -+# -+# A Bourne shell script for running the NIST AES Algorithm Validation Suite -+# -+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment -+# variables appropriately so that the fipstest command and the NSPR and NSS -+# shared libraries/DLLs are on the search path. Then run this script in the -+# directory where the REQUEST (.req) files reside. The script generates the -+# RESPONSE (.rsp) files in the same directory. -+ -+BASEDIR=${1-.} -+TESTDIR=${BASEDIR}/AES_GCM -+COMMAND=${2-run} -+REQDIR=${TESTDIR}/req -+RSPDIR=${TESTDIR}/resp -+ -+gcm_decrypt_requests=" -+gcmDecrypt128.req -+gcmDecrypt192.req -+gcmDecrypt256.req -+" -+ -+gcm_encrypt_extiv_requests=" -+gcmEncryptExtIV128.req -+gcmEncryptExtIV192.req -+gcmEncryptExtIV256.req -+" -+gcm_encrypt_intiv_requests=" -+" -+ -+#gcm_encrypt_intiv_requests=" -+#gcmEncryptIntIV128.req -+#gcmEncryptIntIV192.req -+#gcmEncryptIntIV256.req -+#" -+ -+if [ ${COMMAND} = "verify" ]; then -+ for request in $gcm_decrypt_requests $gcm_encrypt_extiv_requests; do -+ sh ./validate1.sh ${TESTDIR} $request ' ' '-e /Reason:/d' -+ done -+ for request in $gcm_encrypt_intiv_requests; do -+ name=`basename $request .req` -+ echo ">>>>> $name" -+ fipstest aes gcm decrypt ${RSPDIR}/$name.rsp | grep FAIL -+ done -+ exit 0 -+fi -+ -+for request in $gcm_decrypt_requests; do -+ response=`echo $request | sed -e "s/req/rsp/"` -+ echo $request $response -+ fipstest aes gcm decrypt ${REQDIR}/$request > ${RSPDIR}/$response -+done -+for request in $gcm_encrypt_intiv_requests; do -+ response=`echo $request | sed -e "s/req/rsp/"` -+ echo $request $response -+ fipstest aes gcm encrypt_intiv ${REQDIR}/$request > ${RSPDIR}/$response -+done -+for request in $gcm_encrypt_extiv_requests; do -+ response=`echo $request | sed -e "s/req/rsp/"` -+ echo $request $response -+ fipstest aes gcm encrypt_extiv ${REQDIR}/$request > ${RSPDIR}/$response -+done -diff -up ./nss/cmd/fipstest/aes.sh.fipstest ./nss/cmd/fipstest/aes.sh ---- ./nss/cmd/fipstest/aes.sh.fipstest 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/cmd/fipstest/aes.sh 2014-09-22 11:47:43.486241359 -0700 -@@ -1,8 +1,4 @@ - #!/bin/sh --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. -- - # - # A Bourne shell script for running the NIST AES Algorithm Validation Suite - # -@@ -12,6 +8,12 @@ - # directory where the REQUEST (.req) files reside. The script generates the - # RESPONSE (.rsp) files in the same directory. - -+BASEDIR=${1-.} -+TESTDIR=${BASEDIR}/AES -+COMMAND=${2-run} -+REQDIR=${TESTDIR}/req -+RSPDIR=${TESTDIR}/resp -+ - cbc_kat_requests=" - CBCGFSbox128.req - CBCGFSbox192.req -@@ -66,33 +68,40 @@ ECBMMT192.req - ECBMMT256.req - " - --for request in $ecb_kat_requests; do -+if [ ${COMMAND} = "verify" ]; then -+ for request in $cbc_kat_requests $cbc_mct_requests $cbc_mmt_requests $ecb_kat_requests $ecb_mct_requests $ecb_mmt_requests; do -+ sh ./validate1.sh ${TESTDIR} $request -+ done -+ exit 0 -+fi -+ -+for request in $cbc_kat_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest aes kat ecb $request > $response -+ fipstest aes kat cbc ${REQDIR}/$request > ${RSPDIR}/$response - done --for request in $ecb_mmt_requests; do -+for request in $cbc_mct_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest aes mmt ecb $request > $response -+ fipstest aes mct cbc ${REQDIR}/$request > ${RSPDIR}/$response - done --for request in $ecb_mct_requests; do -+for request in $cbc_mmt_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest aes mct ecb $request > $response -+ fipstest aes mmt cbc ${REQDIR}/$request > ${RSPDIR}/$response - done --for request in $cbc_kat_requests; do -+for request in $ecb_kat_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest aes kat cbc $request > $response -+ fipstest aes kat ecb ${REQDIR}/$request > ${RSPDIR}/$response - done --for request in $cbc_mmt_requests; do -+for request in $ecb_mct_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest aes mmt cbc $request > $response -+ fipstest aes mct ecb ${REQDIR}/$request > ${RSPDIR}/$response - done --for request in $cbc_mct_requests; do -+for request in $ecb_mmt_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest aes mct cbc $request > $response -+ fipstest aes mmt ecb ${REQDIR}/$request > ${RSPDIR}/$response - done -diff -up ./nss/cmd/fipstest/dsa.sh.fipstest ./nss/cmd/fipstest/dsa.sh ---- ./nss/cmd/fipstest/dsa.sh.fipstest 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/cmd/fipstest/dsa.sh 2014-09-22 11:47:43.486241359 -0700 -@@ -1,8 +1,4 @@ - #!/bin/sh --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. -- - # - # A Bourne shell script for running the NIST DSA Validation System - # -@@ -11,28 +7,61 @@ - # shared libraries/DLLs are on the search path. Then run this script in the - # directory where the REQUEST (.req) files reside. The script generates the - # RESPONSE (.rsp) files in the same directory. -+BASEDIR=${1-.} -+TESTDIR=${BASEDIR}/DSA2 -+COMMAND=${2-run} -+REQDIR=${TESTDIR}/req -+RSPDIR=${TESTDIR}/resp -+ -+ -+# -+# several of the DSA tests do use known answer tests to verify the result. -+# in those cases, feed generated tests back into the fipstest tool and -+# see if we can verify those value. NOTE: th PQGVer and SigVer tests verify -+# the dsa pqgver and dsa sigver functions, so we know they can detect errors -+# in those PQGGen and SigGen. Only the KeyPair verify is potentially circular. -+# -+if [ ${COMMAND} = "verify" ]; then -+# verify generated keys -+ name=KeyPair -+ echo ">>>>> $name" -+ fipstest dsa keyver ${RSPDIR}/$name.rsp | grep ^Result.=.F -+# verify generated pqg values -+ name=PQGGen -+ echo ">>>>> $name" -+ fipstest dsa pqgver ${RSPDIR}/$name.rsp | grep ^Result.=.F -+# verify PQGVer with known answer -+# sh ./validate1.sh ${TESTDIR} PQGVer.req ' ' '-e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;' -+# verify signatures -+ name=SigGen -+ echo ">>>>> $name" -+ fipstest dsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F -+# verify SigVer with known answer -+ sh ./validate1.sh ${TESTDIR} SigVer.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);;' -+ exit 0 -+fi - - request=KeyPair.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response --fipstest dsa keypair $request > $response -+fipstest dsa keypair ${REQDIR}/$request > ${RSPDIR}/$response - - request=PQGGen.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response --fipstest dsa pqggen $request > $response -+fipstest dsa pqggen ${REQDIR}/$request > ${RSPDIR}/$response - --request=PQGVer.req -+request=PQGVer1863.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response --fipstest dsa pqgver $request > $response -+fipstest dsa pqgver ${REQDIR}/$request > ${RSPDIR}/$response - - request=SigGen.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response --fipstest dsa siggen $request > $response -+fipstest dsa siggen ${REQDIR}/$request > ${RSPDIR}/$response - - request=SigVer.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response --fipstest dsa sigver $request > $response -+fipstest dsa sigver ${REQDIR}/$request > ${RSPDIR}/$response -diff -up ./nss/cmd/fipstest/ecdsa.sh.fipstest ./nss/cmd/fipstest/ecdsa.sh ---- ./nss/cmd/fipstest/ecdsa.sh.fipstest 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/cmd/fipstest/ecdsa.sh 2014-09-22 11:47:43.487241376 -0700 -@@ -1,8 +1,4 @@ - #!/bin/sh --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. -- - # - # A Bourne shell script for running the NIST ECDSA Validation System - # -@@ -11,23 +7,50 @@ - # shared libraries/DLLs are on the search path. Then run this script in the - # directory where the REQUEST (.req) files reside. The script generates the - # RESPONSE (.rsp) files in the same directory. -+BASEDIR=${1-.} -+TESTDIR=${BASEDIR}/ECDSA2 -+COMMAND=${2-run} -+REQDIR=${TESTDIR}/req -+RSPDIR=${TESTDIR}/resp -+ -+# -+# several of the ECDSA tests do not use known answer tests to verify the result. -+# In those cases, feed generated tests back into the fipstest tool and -+# see if we can verify those value. NOTE: PQGVer and SigVer tests verify -+# the dsa pqgver and dsa sigver functions, so we know they can detect errors -+# in those PQGGen and SigGen. Only the KeyPair verify is potentially circular. -+# -+if [ ${COMMAND} = "verify" ]; then -+# verify generated keys -+ name=KeyPair -+ echo ">>>>> $name" -+ fipstest ecdsa keyver ${RSPDIR}/$name.rsp | grep ^Result.=.F -+ sh ./validate1.sh ${TESTDIR} PKV.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;' -+# verify signatures -+ name=SigGen -+ echo ">>>>> $name" -+ fipstest ecdsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F -+# verify SigVer with known answer -+ sh ./validate1.sh ${TESTDIR} SigVer.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;' -+ exit 0 -+fi - - request=KeyPair.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response --fipstest ecdsa keypair $request > $response -+fipstest ecdsa keypair ${REQDIR}/$request > ${RSPDIR}/$response - - request=PKV.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response --fipstest ecdsa pkv $request > $response -+fipstest ecdsa pkv ${REQDIR}/$request > ${RSPDIR}/$response - - request=SigGen.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response --fipstest ecdsa siggen $request > $response -+fipstest ecdsa siggen ${REQDIR}/$request > ${RSPDIR}/$response - - request=SigVer.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response --fipstest ecdsa sigver $request > $response -+fipstest ecdsa sigver ${REQDIR}/$request > ${RSPDIR}/$response -diff -up ./nss/cmd/fipstest/fipstest.c.fipstest ./nss/cmd/fipstest/fipstest.c ---- ./nss/cmd/fipstest/fipstest.c.fipstest 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/cmd/fipstest/fipstest.c 2014-09-22 11:49:03.518587576 -0700 -@@ -17,6 +17,21 @@ - #include "hasht.h" - #include "lowkeyi.h" - #include "softoken.h" -+#include "pkcs11t.h" -+#define __PASTE(x,y) x##y -+#undef CK_PKCS11_FUNCTION_INFO -+#undef CK_NEED_ARG_LIST -+#define CK_EXTERN extern -+#define CK_PKCS11_FUNCTION_INFO(func) \ -+ CK_RV __PASTE(NS,func) -+#define CK_NEED_ARG_LIST 1 -+#include "pkcs11f.h" -+#undef CK_PKCS11_FUNCTION_INFO -+#undef CK_NEED_ARG_LIST -+#undef __PASTE -+#define SSL3_RANDOM_LENGTH 32 -+ -+ - - #if 0 - #include "../../lib/freebl/mpi/mpi.h" -@@ -46,18 +61,18 @@ hex_to_byteval(const char *c2, unsigned - unsigned char offset; - *byteval = 0; - for (i=0; i<2; i++) { -- if (c2[i] >= '0' && c2[i] <= '9') { -- offset = c2[i] - '0'; -- *byteval |= offset << 4*(1-i); -- } else if (c2[i] >= 'a' && c2[i] <= 'f') { -- offset = c2[i] - 'a'; -- *byteval |= (offset + 10) << 4*(1-i); -- } else if (c2[i] >= 'A' && c2[i] <= 'F') { -- offset = c2[i] - 'A'; -- *byteval |= (offset + 10) << 4*(1-i); -- } else { -- return SECFailure; -- } -+ if (c2[i] >= '0' && c2[i] <= '9') { -+ offset = c2[i] - '0'; -+ *byteval |= offset << 4*(1-i); -+ } else if (c2[i] >= 'a' && c2[i] <= 'f') { -+ offset = c2[i] - 'a'; -+ *byteval |= (offset + 10) << 4*(1-i); -+ } else if (c2[i] >= 'A' && c2[i] <= 'F') { -+ offset = c2[i] - 'A'; -+ *byteval |= (offset + 10) << 4*(1-i); -+ } else { -+ return SECFailure; -+ } - } - return SECSuccess; - } -@@ -68,12 +83,12 @@ byteval_to_hex(unsigned char byteval, ch - int i; - unsigned char offset; - for (i=0; i<2; i++) { -- offset = (byteval >> 4*(1-i)) & 0x0f; -- if (offset < 10) { -- c2[i] = '0' + offset; -- } else { -- c2[i] = a + offset - 10; -- } -+ offset = (byteval >> 4*(1-i)) & 0x0f; -+ if (offset < 10) { -+ c2[i] = '0' + offset; -+ } else { -+ c2[i] = a + offset - 10; -+ } - } - return SECSuccess; - } -@@ -83,7 +98,7 @@ to_hex_str(char *str, const unsigned cha - { - unsigned int i; - for (i=0; i 2*len) { -- /* -- * The input hex string is too long, but we allow it if the -- * extra digits are leading 0's. -- */ -- for (j = 0; j < nxdigit-2*len; j++) { -- if (str[j] != '0') { -- return PR_FALSE; -- } -- } -- /* skip leading 0's */ -- str += nxdigit-2*len; -- nxdigit = 2*len; -+ /* -+ * The input hex string is too long, but we allow it if the -+ * extra digits are leading 0's. -+ */ -+ for (j = 0; j < nxdigit-2*len; j++) { -+ if (str[j] != '0') { -+ return PR_FALSE; -+ } -+ } -+ /* skip leading 0's */ -+ str += nxdigit-2*len; -+ nxdigit = 2*len; - } - for (i=0, j=0; i< len; i++) { -- if (2*i < 2*len-nxdigit) { -- /* Handle a short input as if we padded it with leading 0's. */ -- if (2*i+1 < 2*len-nxdigit) { -- buf[i] = 0; -- } else { -- char tmp[2]; -- tmp[0] = '0'; -- tmp[1] = str[j]; -- hex_to_byteval(tmp, &buf[i]); -- j++; -- } -- } else { -- hex_to_byteval(&str[j], &buf[i]); -- j += 2; -- } -+ if (2*i < 2*len-nxdigit) { -+ /* Handle a short input as if we padded it with leading 0's. */ -+ if (2*i+1 < 2*len-nxdigit) { -+ buf[i] = 0; -+ } else { -+ char tmp[2]; -+ tmp[0] = '0'; -+ tmp[1] = str[j]; -+ hex_to_byteval(tmp, &buf[i]); -+ j++; -+ } -+ } else { -+ hex_to_byteval(&str[j], &buf[i]); -+ j += 2; -+ } - } - return PR_TRUE; - } -@@ -292,7 +307,7 @@ tdea_kat_mmt(char *reqfn) - int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */ - unsigned char key[24]; /* TDEA 3 key bundle */ - unsigned int numKeys = 0; -- unsigned char iv[8]; /* for all modes except ECB */ -+ unsigned char iv[8]; /* for all modes except ECB */ - unsigned char plaintext[8*20]; /* 1 to 20 blocks */ - unsigned int plaintextlen; - unsigned char ciphertext[8*20]; /* 1 to 20 blocks */ -@@ -876,14 +891,14 @@ aes_encrypt_buf( - - cx = AES_CreateContext(key, iv, mode, PR_TRUE, keysize, 16); - if (cx == NULL) { -- goto loser; -+ goto loser; - } - rv = AES_Encrypt(cx, output, outputlen, maxoutputlen, input, inputlen); - if (rv != SECSuccess) { -- goto loser; -+ goto loser; - } - if (*outputlen != inputlen) { -- goto loser; -+ goto loser; - } - AES_DestroyContext(cx, PR_TRUE); - cx = NULL; -@@ -894,26 +909,26 @@ aes_encrypt_buf( - */ - cx = AES_CreateContext(key, iv, mode, PR_FALSE, keysize, 16); - if (cx == NULL) { -- goto loser; -+ goto loser; - } - rv = AES_Decrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck, -- output, *outputlen); -+ output, *outputlen); - if (rv != SECSuccess) { -- goto loser; -+ goto loser; - } - if (doublechecklen != *outputlen) { -- goto loser; -+ goto loser; - } - AES_DestroyContext(cx, PR_TRUE); - cx = NULL; - if (memcmp(doublecheck, input, inputlen) != 0) { -- goto loser; -+ goto loser; - } - rv = SECSuccess; - - loser: - if (cx != NULL) { -- AES_DestroyContext(cx, PR_TRUE); -+ AES_DestroyContext(cx, PR_TRUE); - } - return rv; - } -@@ -933,15 +948,15 @@ aes_decrypt_buf( - - cx = AES_CreateContext(key, iv, mode, PR_FALSE, keysize, 16); - if (cx == NULL) { -- goto loser; -+ goto loser; - } - rv = AES_Decrypt(cx, output, outputlen, maxoutputlen, -- input, inputlen); -+ input, inputlen); - if (rv != SECSuccess) { -- goto loser; -+ goto loser; - } - if (*outputlen != inputlen) { -- goto loser; -+ goto loser; - } - AES_DestroyContext(cx, PR_TRUE); - cx = NULL; -@@ -952,43 +967,38 @@ aes_decrypt_buf( - */ - cx = AES_CreateContext(key, iv, mode, PR_TRUE, keysize, 16); - if (cx == NULL) { -- goto loser; -+ goto loser; - } - rv = AES_Encrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck, -- output, *outputlen); -+ output, *outputlen); - if (rv != SECSuccess) { -- goto loser; -+ goto loser; - } - if (doublechecklen != *outputlen) { -- goto loser; -+ goto loser; - } - AES_DestroyContext(cx, PR_TRUE); - cx = NULL; - if (memcmp(doublecheck, input, inputlen) != 0) { -- goto loser; -+ goto loser; - } - rv = SECSuccess; - - loser: - if (cx != NULL) { -- AES_DestroyContext(cx, PR_TRUE); -+ AES_DestroyContext(cx, PR_TRUE); - } - return rv; - } -- - /* -- * Perform the AES Known Answer Test (KAT) or Multi-block Message -- * Test (MMT) in ECB or CBC mode. The KAT (there are four types) -- * and MMT have the same structure: given the key and IV (CBC mode -- * only), encrypt the given plaintext or decrypt the given ciphertext. -- * So we can handle them the same way. -+ * Perform the AES GCM tests. - * - * reqfn is the pathname of the REQUEST file. - * - * The output RESPONSE file is written to stdout. - */ - void --aes_kat_mmt(char *reqfn) -+aes_gcm(char *reqfn, int encrypt) - { - char buf[512]; /* holds one line from the input REQUEST file. - * needs to be large enough to hold the longest -@@ -997,214 +1007,435 @@ aes_kat_mmt(char *reqfn) - FILE *aesreq; /* input stream from the REQUEST file */ - FILE *aesresp; /* output stream to the RESPONSE file */ - int i, j; -- int mode; /* NSS_AES (ECB) or NSS_AES_CBC */ -- int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ - unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; -- unsigned char iv[16]; /* for all modes except ECB */ -+ unsigned char iv[128]; /* handle large gcm IV's */ - unsigned char plaintext[10*16]; /* 1 to 10 blocks */ - unsigned int plaintextlen; -- unsigned char ciphertext[10*16]; /* 1 to 10 blocks */ -+ unsigned char ciphertext[11*16]; /* 1 to 10 blocks + tag */ - unsigned int ciphertextlen; -+ unsigned char aad[10*16]; /* 1 to 10 blocks + tag */ -+ unsigned int aadlen; -+ unsigned int tagbits; -+ unsigned int taglen; -+ unsigned int ivlen; -+ CK_GCM_PARAMS params; - SECStatus rv; - - aesreq = fopen(reqfn, "r"); - aesresp = stdout; - while (fgets(buf, sizeof buf, aesreq) != NULL) { -- /* a comment or blank line */ -- if (buf[0] == '#' || buf[0] == '\n') { -- fputs(buf, aesresp); -- continue; -- } -- /* [ENCRYPT] or [DECRYPT] */ -- if (buf[0] == '[') { -- if (strncmp(&buf[1], "ENCRYPT", 7) == 0) { -- encrypt = 1; -- } else { -- encrypt = 0; -- } -- fputs(buf, aesresp); -- continue; -- } -- /* "COUNT = x" begins a new data set */ -- if (strncmp(buf, "COUNT", 5) == 0) { -- mode = NSS_AES; -- /* zeroize the variables for the test with this data set */ -- memset(key, 0, sizeof key); -- keysize = 0; -- memset(iv, 0, sizeof iv); -- memset(plaintext, 0, sizeof plaintext); -- plaintextlen = 0; -- memset(ciphertext, 0, sizeof ciphertext); -- ciphertextlen = 0; -- fputs(buf, aesresp); -- continue; -- } -- /* KEY = ... */ -- if (strncmp(buf, "KEY", 3) == 0) { -- i = 3; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- for (j=0; isxdigit(buf[i]); i+=2,j++) { -- hex_to_byteval(&buf[i], &key[j]); -- } -- keysize = j; -- fputs(buf, aesresp); -- continue; -- } -- /* IV = ... */ -- if (strncmp(buf, "IV", 2) == 0) { -- mode = NSS_AES_CBC; -- i = 2; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- for (j=0; j\n". -+ * line "CIPHERTEXT = <320 hex digits>\n". - */ - FILE *aesreq; /* input stream from the REQUEST file */ - FILE *aesresp; /* output stream to the RESPONSE file */ - int i, j; -+ int mode; /* NSS_AES (ECB) or NSS_AES_CBC */ - int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ - unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; -- unsigned char plaintext[16]; /* PT[j] */ -- unsigned char plaintext_1[16]; /* PT[j-1] */ -- unsigned char ciphertext[16]; /* CT[j] */ -+ unsigned char iv[16]; /* for all modes except ECB */ -+ unsigned char plaintext[10*16]; /* 1 to 10 blocks */ -+ unsigned int plaintextlen; -+ unsigned char ciphertext[10*16]; /* 1 to 10 blocks */ -+ unsigned int ciphertextlen; -+ SECStatus rv; -+ -+ aesreq = fopen(reqfn, "r"); -+ aesresp = stdout; -+ while (fgets(buf, sizeof buf, aesreq) != NULL) { -+ /* a comment or blank line */ -+ if (buf[0] == '#' || buf[0] == '\n') { -+ fputs(buf, aesresp); -+ continue; -+ } -+ /* [ENCRYPT] or [DECRYPT] */ -+ if (buf[0] == '[') { -+ if (strncmp(&buf[1], "ENCRYPT", 7) == 0) { -+ encrypt = 1; -+ } else { -+ encrypt = 0; -+ } -+ fputs(buf, aesresp); -+ continue; -+ } -+ /* "COUNT = x" begins a new data set */ -+ if (strncmp(buf, "COUNT", 5) == 0) { -+ mode = NSS_AES; -+ /* zeroize the variables for the test with this data set */ -+ memset(key, 0, sizeof key); -+ keysize = 0; -+ memset(iv, 0, sizeof iv); -+ memset(plaintext, 0, sizeof plaintext); -+ plaintextlen = 0; -+ memset(ciphertext, 0, sizeof ciphertext); -+ ciphertextlen = 0; -+ fputs(buf, aesresp); -+ continue; -+ } -+ /* KEY = ... */ -+ if (strncmp(buf, "KEY", 3) == 0) { -+ i = 3; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j=0; isxdigit(buf[i]); i+=2,j++) { -+ hex_to_byteval(&buf[i], &key[j]); -+ } -+ keysize = j; -+ fputs(buf, aesresp); -+ continue; -+ } -+ /* IV = ... */ -+ if (strncmp(buf, "IV", 2) == 0) { -+ mode = NSS_AES_CBC; -+ i = 2; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j=0; j\n". -+ */ -+ FILE *aesreq; /* input stream from the REQUEST file */ -+ FILE *aesresp; /* output stream to the RESPONSE file */ -+ int i, j; -+ int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ -+ unsigned char key[32]; /* 128, 192, or 256 bits */ -+ unsigned int keysize; -+ unsigned char plaintext[16]; /* PT[j] */ -+ unsigned char plaintext_1[16]; /* PT[j-1] */ -+ unsigned char ciphertext[16]; /* CT[j] */ - unsigned char ciphertext_1[16]; /* CT[j-1] */ - unsigned char doublecheck[16]; - unsigned int outputlen; -- AESContext *cx = NULL; /* the operation being tested */ -+ AESContext *cx = NULL; /* the operation being tested */ - AESContext *cx2 = NULL; /* the inverse operation done in parallel - * to doublecheck our result. - */ -@@ -1213,246 +1444,246 @@ aes_ecb_mct(char *reqfn) - aesreq = fopen(reqfn, "r"); - aesresp = stdout; - while (fgets(buf, sizeof buf, aesreq) != NULL) { -- /* a comment or blank line */ -- if (buf[0] == '#' || buf[0] == '\n') { -- fputs(buf, aesresp); -- continue; -- } -- /* [ENCRYPT] or [DECRYPT] */ -- if (buf[0] == '[') { -- if (strncmp(&buf[1], "ENCRYPT", 7) == 0) { -- encrypt = 1; -- } else { -- encrypt = 0; -- } -- fputs(buf, aesresp); -- continue; -- } -- /* "COUNT = x" begins a new data set */ -- if (strncmp(buf, "COUNT", 5) == 0) { -- /* zeroize the variables for the test with this data set */ -- memset(key, 0, sizeof key); -- keysize = 0; -- memset(plaintext, 0, sizeof plaintext); -- memset(ciphertext, 0, sizeof ciphertext); -- continue; -- } -- /* KEY = ... */ -- if (strncmp(buf, "KEY", 3) == 0) { -- /* Key[0] = Key */ -- i = 3; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- for (j=0; isxdigit(buf[i]); i+=2,j++) { -- hex_to_byteval(&buf[i], &key[j]); -- } -- keysize = j; -- continue; -- } -- /* PLAINTEXT = ... */ -- if (strncmp(buf, "PLAINTEXT", 9) == 0) { -- /* sanity check */ -- if (!encrypt) { -- goto loser; -- } -- /* PT[0] = PT */ -- i = 9; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- for (j=0; j=0; j--) { -+ if (last < 0) { -+ last = (hash[i] & (1 << j)) ? 1 : 0; -+ fprintf(out, "%d ", last); -+ count = 1; -+ } else if (hash[i] & (1 << j)) { -+ if (last) { -+ count++; -+ } else { -+ last = 0; -+ fprintf(out, "%d ", count); -+ count = 1; -+ z++; -+ } -+ } else { -+ if (!last) { -+ count++; -+ } else { -+ last = 1; -+ fprintf(out, "%d ", count); -+ count = 1; -+ z++; -+ } -+ } -+ } - } - fprintf(out, "^\n"); - fseek(out, start, SEEK_SET); -@@ -1827,23 +2058,23 @@ int get_next_line(FILE *req, char *key, - int w = 0; - int c; - while ((c = fgetc(req)) != EOF) { -- if (ignore) { -- fprintf(rsp, "%c", c); -- if (c == '\n') return ignore; -- } else if (c == '\n') { -- break; -- } else if (c == '#') { -- ignore = 1; -- fprintf(rsp, "%c", c); -- } else if (c == '=') { -- writeto[w] = '\0'; -- w = 0; -- writeto = val; -- } else if (c == ' ' || c == '[' || c == ']') { -- continue; -- } else { -- writeto[w++] = c; -- } -+ if (ignore) { -+ fprintf(rsp, "%c", c); -+ if (c == '\n') return ignore; -+ } else if (c == '\n') { -+ break; -+ } else if (c == '#') { -+ ignore = 1; -+ fprintf(rsp, "%c", c); -+ } else if (c == '=') { -+ writeto[w] = '\0'; -+ w = 0; -+ writeto = val; -+ } else if (c == ' ' || c == '[' || c == ']') { -+ continue; -+ } else { -+ writeto[w++] = c; -+ } - } - writeto[w] = '\0'; - return (c == EOF) ? -1 : ignore; -@@ -1948,34 +2179,149 @@ getECParams(const char *curve) - SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */ - int i, numCurves; - -- if (curve != NULL) { -- numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); -- for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); -- i++) { -- if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) -- curveOidTag = nameTagPair[i].curveOidTag; -- } -+ if (curve != NULL) { -+ numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); -+ for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); -+ i++) { -+ if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) -+ curveOidTag = nameTagPair[i].curveOidTag; -+ } -+ } -+ -+ /* Return NULL if curve name is not recognized */ -+ if ((curveOidTag == SEC_OID_UNKNOWN) || -+ (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { -+ fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); -+ return NULL; -+ } -+ -+ ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); -+ -+ /* -+ * ecparams->data needs to contain the ASN encoding of an object ID (OID) -+ * representing the named curve. The actual OID is in -+ * oidData->oid.data so we simply prepend 0x06 and OID length -+ */ -+ ecparams->data[0] = SEC_ASN1_OBJECT_ID; -+ ecparams->data[1] = oidData->oid.len; -+ memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); -+ -+ return ecparams; -+} -+ -+/* -+ * HASH_ functions are available to full NSS apps and internally inside -+ * freebl, but not exported to users of freebl. Create short stubs to -+ * replace the functionality for fipstest. -+ */ -+SECStatus -+fips_hashBuf(HASH_HashType type, unsigned char *hashBuf, -+ unsigned char *msg, int len) -+{ -+ SECStatus rv = SECFailure; -+ -+ switch (type) { -+ case HASH_AlgSHA1: -+ rv = SHA1_HashBuf(hashBuf, msg, len); -+ break; -+ case HASH_AlgSHA224: -+ rv = SHA224_HashBuf(hashBuf, msg, len); -+ break; -+ case HASH_AlgSHA256: -+ rv = SHA256_HashBuf(hashBuf, msg, len); -+ break; -+ case HASH_AlgSHA384: -+ rv = SHA384_HashBuf(hashBuf, msg, len); -+ break; -+ case HASH_AlgSHA512: -+ rv = SHA512_HashBuf(hashBuf, msg, len); -+ break; -+ default: -+ break; -+ } -+ return rv; -+} -+ -+int -+fips_hashLen(HASH_HashType type) -+{ -+ int len = 0; -+ -+ switch (type) { -+ case HASH_AlgSHA1: -+ len = SHA1_LENGTH; -+ break; -+ case HASH_AlgSHA224: -+ len = SHA224_LENGTH; -+ break; -+ case HASH_AlgSHA256: -+ len = SHA256_LENGTH; -+ break; -+ case HASH_AlgSHA384: -+ len = SHA384_LENGTH; -+ break; -+ case HASH_AlgSHA512: -+ len = SHA512_LENGTH; -+ break; -+ default: -+ break; - } -+ return len; -+} - -- /* Return NULL if curve name is not recognized */ -- if ((curveOidTag == SEC_OID_UNKNOWN) || -- (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { -- fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); -- return NULL; -- } -+SECOidTag -+fips_hashOid(HASH_HashType type) -+{ -+ SECOidTag oid = SEC_OID_UNKNOWN; - -- ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); -+ switch (type) { -+ case HASH_AlgSHA1: -+ oid = SEC_OID_SHA1; -+ break; -+ case HASH_AlgSHA224: -+ oid = SEC_OID_SHA224; -+ break; -+ case HASH_AlgSHA256: -+ oid = SEC_OID_SHA256; -+ break; -+ case HASH_AlgSHA384: -+ oid = SEC_OID_SHA384; -+ break; -+ case HASH_AlgSHA512: -+ oid = SEC_OID_SHA512; -+ break; -+ default: -+ break; -+ } -+ return oid; -+} - -- /* -- * ecparams->data needs to contain the ASN encoding of an object ID (OID) -- * representing the named curve. The actual OID is in -- * oidData->oid.data so we simply prepend 0x06 and OID length -- */ -- ecparams->data[0] = SEC_ASN1_OBJECT_ID; -- ecparams->data[1] = oidData->oid.len; -- memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); -+HASH_HashType -+sha_get_hashType(int hashbits) -+{ -+ HASH_HashType hashType = HASH_AlgNULL; - -- return ecparams; -+ switch (hashbits) { -+ case 1: -+ case (SHA1_LENGTH*PR_BITS_PER_BYTE): -+ hashType = HASH_AlgSHA1; -+ break; -+ case (SHA224_LENGTH*PR_BITS_PER_BYTE): -+ hashType = HASH_AlgSHA224; -+ break; -+ case (SHA256_LENGTH*PR_BITS_PER_BYTE): -+ hashType = HASH_AlgSHA256; -+ break; -+ case (SHA384_LENGTH*PR_BITS_PER_BYTE): -+ hashType = HASH_AlgSHA384; -+ break; -+ case (SHA512_LENGTH*PR_BITS_PER_BYTE): -+ hashType = HASH_AlgSHA512; -+ break; -+ default: -+ break; -+ } -+ return hashType; - } - - /* -@@ -1996,7 +2342,7 @@ ecdsa_keypair_test(char *reqfn) - FILE *ecdsareq; /* input stream from the REQUEST file */ - FILE *ecdsaresp; /* output stream to the RESPONSE file */ - char curve[16]; /* "nistxddd" */ -- ECParams *ecparams; -+ ECParams *ecparams = NULL; - int N; - int i; - unsigned int len; -@@ -2005,81 +2351,95 @@ ecdsa_keypair_test(char *reqfn) - ecdsaresp = stdout; - strcpy(curve, "nist"); - while (fgets(buf, sizeof buf, ecdsareq) != NULL) { -- /* a comment or blank line */ -- if (buf[0] == '#' || buf[0] == '\n') { -- fputs(buf, ecdsaresp); -- continue; -- } -- /* [X-ddd] */ -- if (buf[0] == '[') { -- const char *src; -- char *dst; -- SECItem *encodedparams; -- -- src = &buf[1]; -- dst = &curve[4]; -- *dst++ = tolower(*src); -- src += 2; /* skip the hyphen */ -- *dst++ = *src++; -- *dst++ = *src++; -- *dst++ = *src++; -- *dst = '\0'; -- encodedparams = getECParams(curve); -- if (encodedparams == NULL) { -- goto loser; -- } -- if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { -- goto loser; -- } -- SECITEM_FreeItem(encodedparams, PR_TRUE); -- fputs(buf, ecdsaresp); -- continue; -- } -- /* N = x */ -- if (buf[0] == 'N') { -- if (sscanf(buf, "N = %d", &N) != 1) { -- goto loser; -- } -- for (i = 0; i < N; i++) { -- ECPrivateKey *ecpriv; -+ /* a comment or blank line */ -+ if (buf[0] == '#' || buf[0] == '\n') { -+ fputs(buf, ecdsaresp); -+ continue; -+ } -+ /* [X-ddd] */ -+ if (buf[0] == '[') { -+ const char *src; -+ char *dst; -+ SECItem *encodedparams; - -- if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { -- goto loser; -- } -- fputs("d = ", ecdsaresp); -- to_hex_str(buf, ecpriv->privateValue.data, -- ecpriv->privateValue.len); -- fputs(buf, ecdsaresp); -- fputc('\n', ecdsaresp); -- if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) -- != SECSuccess) { -- goto loser; -- } -- len = ecpriv->publicValue.len; -- if (len%2 == 0) { -- goto loser; -- } -- len = (len-1)/2; -- if (ecpriv->publicValue.data[0] -- != EC_POINT_FORM_UNCOMPRESSED) { -- goto loser; -- } -- fputs("Qx = ", ecdsaresp); -- to_hex_str(buf, &ecpriv->publicValue.data[1], len); -- fputs(buf, ecdsaresp); -- fputc('\n', ecdsaresp); -- fputs("Qy = ", ecdsaresp); -- to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); -- fputs(buf, ecdsaresp); -- fputc('\n', ecdsaresp); -- fputc('\n', ecdsaresp); -- PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); -- } -- PORT_FreeArena(ecparams->arena, PR_FALSE); -- continue; -- } -+ if (buf[1] == 'B') { -+ fputs(buf, ecdsaresp); -+ continue; -+ } -+ if (ecparams) { -+ PORT_FreeArena(ecparams->arena, PR_FALSE); -+ ecparams = NULL; -+ } -+ -+ src = &buf[1]; -+ dst = &curve[4]; -+ *dst++ = tolower(*src); -+ src += 2; /* skip the hyphen */ -+ *dst++ = *src++; -+ *dst++ = *src++; -+ *dst++ = *src++; -+ *dst = '\0'; -+ encodedparams = getECParams(curve); -+ if (encodedparams == NULL) { -+ fprintf(stderr, "Unknown curve %s.", curve); -+ goto loser; -+ } -+ if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { -+ fprintf(stderr, "Curve %s not supported.\n", curve); -+ goto loser; -+ } -+ SECITEM_FreeItem(encodedparams, PR_TRUE); -+ fputs(buf, ecdsaresp); -+ continue; -+ } -+ /* N = x */ -+ if (buf[0] == 'N') { -+ if (sscanf(buf, "N = %d", &N) != 1) { -+ goto loser; -+ } -+ for (i = 0; i < N; i++) { -+ ECPrivateKey *ecpriv; -+ -+ if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { -+ goto loser; -+ } -+ fputs("d = ", ecdsaresp); -+ to_hex_str(buf, ecpriv->privateValue.data, -+ ecpriv->privateValue.len); -+ fputs(buf, ecdsaresp); -+ fputc('\n', ecdsaresp); -+ if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) -+ != SECSuccess) { -+ goto loser; -+ } -+ len = ecpriv->publicValue.len; -+ if (len%2 == 0) { -+ goto loser; -+ } -+ len = (len-1)/2; -+ if (ecpriv->publicValue.data[0] -+ != EC_POINT_FORM_UNCOMPRESSED) { -+ goto loser; -+ } -+ fputs("Qx = ", ecdsaresp); -+ to_hex_str(buf, &ecpriv->publicValue.data[1], len); -+ fputs(buf, ecdsaresp); -+ fputc('\n', ecdsaresp); -+ fputs("Qy = ", ecdsaresp); -+ to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); -+ fputs(buf, ecdsaresp); -+ fputc('\n', ecdsaresp); -+ fputc('\n', ecdsaresp); -+ PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); -+ } -+ continue; -+ } - } - loser: -+ if (ecparams) { -+ PORT_FreeArena(ecparams->arena, PR_FALSE); -+ ecparams = NULL; -+ } - fclose(ecdsareq); - } - -@@ -2111,92 +2471,94 @@ ecdsa_pkv_test(char *reqfn) - strcpy(curve, "nist"); - pubkey.data = NULL; - while (fgets(buf, sizeof buf, ecdsareq) != NULL) { -- /* a comment or blank line */ -- if (buf[0] == '#' || buf[0] == '\n') { -- fputs(buf, ecdsaresp); -- continue; -- } -- /* [X-ddd] */ -- if (buf[0] == '[') { -- const char *src; -- char *dst; -- SECItem *encodedparams; -- -- src = &buf[1]; -- dst = &curve[4]; -- *dst++ = tolower(*src); -- src += 2; /* skip the hyphen */ -- *dst++ = *src++; -- *dst++ = *src++; -- *dst++ = *src++; -- *dst = '\0'; -- if (ecparams != NULL) { -- PORT_FreeArena(ecparams->arena, PR_FALSE); -- ecparams = NULL; -- } -- encodedparams = getECParams(curve); -- if (encodedparams == NULL) { -- goto loser; -- } -- if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { -- goto loser; -- } -- SECITEM_FreeItem(encodedparams, PR_TRUE); -- len = (ecparams->fieldID.size + 7) >> 3; -- if (pubkey.data != NULL) { -- PORT_Free(pubkey.data); -- pubkey.data = NULL; -- } -- SECITEM_AllocItem(NULL, &pubkey, 2*len+1); -- if (pubkey.data == NULL) { -- goto loser; -- } -- pubkey.data[0] = EC_POINT_FORM_UNCOMPRESSED; -- fputs(buf, ecdsaresp); -- continue; -- } -- /* Qx = ... */ -- if (strncmp(buf, "Qx", 2) == 0) { -- fputs(buf, ecdsaresp); -- i = 2; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- keyvalid = from_hex_str(&pubkey.data[1], len, &buf[i]); -- continue; -- } -- /* Qy = ... */ -- if (strncmp(buf, "Qy", 2) == 0) { -- fputs(buf, ecdsaresp); -- if (!keyvalid) { -- fputs("Result = F\n", ecdsaresp); -- continue; -- } -- i = 2; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- keyvalid = from_hex_str(&pubkey.data[1+len], len, &buf[i]); -- if (!keyvalid) { -- fputs("Result = F\n", ecdsaresp); -- continue; -- } -- if (EC_ValidatePublicKey(ecparams, &pubkey) == SECSuccess) { -- fputs("Result = P\n", ecdsaresp); -- } else if (PORT_GetError() == SEC_ERROR_BAD_KEY) { -- fputs("Result = F\n", ecdsaresp); -- } else { -- goto loser; -- } -- continue; -- } -+ /* a comment or blank line */ -+ if (buf[0] == '#' || buf[0] == '\n') { -+ fputs(buf, ecdsaresp); -+ continue; -+ } -+ /* [X-ddd] */ -+ if (buf[0] == '[') { -+ const char *src; -+ char *dst; -+ SECItem *encodedparams; -+ -+ src = &buf[1]; -+ dst = &curve[4]; -+ *dst++ = tolower(*src); -+ src += 2; /* skip the hyphen */ -+ *dst++ = *src++; -+ *dst++ = *src++; -+ *dst++ = *src++; -+ *dst = '\0'; -+ if (ecparams != NULL) { -+ PORT_FreeArena(ecparams->arena, PR_FALSE); -+ ecparams = NULL; -+ } -+ encodedparams = getECParams(curve); -+ if (encodedparams == NULL) { -+ fprintf(stderr, "Unknown curve %s.", curve); -+ goto loser; -+ } -+ if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { -+ fprintf(stderr, "Curve %s not supported.\n", curve); -+ goto loser; -+ } -+ SECITEM_FreeItem(encodedparams, PR_TRUE); -+ len = (ecparams->fieldID.size + 7) >> 3; -+ if (pubkey.data != NULL) { -+ PORT_Free(pubkey.data); -+ pubkey.data = NULL; -+ } -+ SECITEM_AllocItem(NULL, &pubkey, 2*len+1); -+ if (pubkey.data == NULL) { -+ goto loser; -+ } -+ pubkey.data[0] = EC_POINT_FORM_UNCOMPRESSED; -+ fputs(buf, ecdsaresp); -+ continue; -+ } -+ /* Qx = ... */ -+ if (strncmp(buf, "Qx", 2) == 0) { -+ fputs(buf, ecdsaresp); -+ i = 2; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ keyvalid = from_hex_str(&pubkey.data[1], len, &buf[i]); -+ continue; -+ } -+ /* Qy = ... */ -+ if (strncmp(buf, "Qy", 2) == 0) { -+ fputs(buf, ecdsaresp); -+ if (!keyvalid) { -+ fputs("Result = F\n", ecdsaresp); -+ continue; -+ } -+ i = 2; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ keyvalid = from_hex_str(&pubkey.data[1+len], len, &buf[i]); -+ if (!keyvalid) { -+ fputs("Result = F\n", ecdsaresp); -+ continue; -+ } -+ if (EC_ValidatePublicKey(ecparams, &pubkey) == SECSuccess) { -+ fputs("Result = P\n", ecdsaresp); -+ } else if (PORT_GetError() == SEC_ERROR_BAD_KEY) { -+ fputs("Result = F\n", ecdsaresp); -+ } else { -+ goto loser; -+ } -+ continue; -+ } - } - loser: - if (ecparams != NULL) { -- PORT_FreeArena(ecparams->arena, PR_FALSE); -+ PORT_FreeArena(ecparams->arena, PR_FALSE); - } - if (pubkey.data != NULL) { -- PORT_Free(pubkey.data); -+ PORT_Free(pubkey.data); - } - fclose(ecdsareq); - } -@@ -2224,7 +2586,9 @@ ecdsa_siggen_test(char *reqfn) - unsigned int len; - unsigned char msg[512]; /* message to be signed (<= 128 bytes) */ - unsigned int msglen; -- unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ -+ unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ -+ unsigned int shaLength = 0; /* length of SHA */ -+ HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */ - unsigned char sig[2*MAX_ECKEY_LEN]; - SECItem signature, digest; - -@@ -2232,111 +2596,135 @@ ecdsa_siggen_test(char *reqfn) - ecdsaresp = stdout; - strcpy(curve, "nist"); - while (fgets(buf, sizeof buf, ecdsareq) != NULL) { -- /* a comment or blank line */ -- if (buf[0] == '#' || buf[0] == '\n') { -- fputs(buf, ecdsaresp); -- continue; -- } -- /* [X-ddd] */ -- if (buf[0] == '[') { -- const char *src; -- char *dst; -- SECItem *encodedparams; -- -- src = &buf[1]; -- dst = &curve[4]; -- *dst++ = tolower(*src); -- src += 2; /* skip the hyphen */ -- *dst++ = *src++; -- *dst++ = *src++; -- *dst++ = *src++; -- *dst = '\0'; -- if (ecparams != NULL) { -- PORT_FreeArena(ecparams->arena, PR_FALSE); -- ecparams = NULL; -- } -- encodedparams = getECParams(curve); -- if (encodedparams == NULL) { -- goto loser; -- } -- if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { -- goto loser; -- } -- SECITEM_FreeItem(encodedparams, PR_TRUE); -- fputs(buf, ecdsaresp); -- continue; -- } -- /* Msg = ... */ -- if (strncmp(buf, "Msg", 3) == 0) { -- ECPrivateKey *ecpriv; -+ /* a comment or blank line */ -+ if (buf[0] == '#' || buf[0] == '\n') { -+ fputs(buf, ecdsaresp); -+ continue; -+ } -+ /* [X-ddd] */ -+ if (buf[0] == '[') { -+ const char *src; -+ char *dst; -+ SECItem *encodedparams; -+ -+ src = &buf[1]; -+ dst = &curve[4]; -+ *dst++ = tolower(*src); -+ src += 2; /* skip the hyphen */ -+ *dst++ = *src++; -+ *dst++ = *src++; -+ *dst++ = *src++; -+ *dst = '\0'; -+ src++; /* skip the comma */ -+ /* set the SHA Algorithm */ -+ if (strncmp(src, "SHA-1", 5) == 0) { -+ shaAlg = HASH_AlgSHA1; -+ } else if (strncmp(src, "SHA-224", 7) == 0) { -+ shaAlg = HASH_AlgSHA224; -+ } else if (strncmp(src, "SHA-256", 7) == 0) { -+ shaAlg = HASH_AlgSHA256; -+ } else if (strncmp(src, "SHA-384", 7)== 0) { -+ shaAlg = HASH_AlgSHA384; -+ } else if (strncmp(src, "SHA-512", 7) == 0) { -+ shaAlg = HASH_AlgSHA512; -+ } else { -+ fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type"); -+ goto loser; -+ } -+ if (ecparams != NULL) { -+ PORT_FreeArena(ecparams->arena, PR_FALSE); -+ ecparams = NULL; -+ } -+ encodedparams = getECParams(curve); -+ if (encodedparams == NULL) { -+ fprintf(stderr, "Unknown curve %s.", curve); -+ goto loser; -+ } -+ if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { -+ fprintf(stderr, "Curve %s not supported.\n", curve); -+ goto loser; -+ } -+ SECITEM_FreeItem(encodedparams, PR_TRUE); -+ fputs(buf, ecdsaresp); -+ continue; -+ } -+ /* Msg = ... */ -+ if (strncmp(buf, "Msg", 3) == 0) { -+ ECPrivateKey *ecpriv; - -- i = 3; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- for (j=0; isxdigit(buf[i]); i+=2,j++) { -- hex_to_byteval(&buf[i], &msg[j]); -- } -- msglen = j; -- if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) { -- goto loser; -- } -- fputs(buf, ecdsaresp); -+ i = 3; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j=0; isxdigit(buf[i]); i+=2,j++) { -+ hex_to_byteval(&buf[i], &msg[j]); -+ } -+ msglen = j; -+ shaLength = fips_hashLen(shaAlg); -+ if (fips_hashBuf(shaAlg,sha,msg,msglen) != SECSuccess) { -+ if (shaLength == 0) { -+ fprintf(ecdsaresp, "ERROR: SHAAlg not defined."); -+ } -+ fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x", -+ shaLength == 160 ? 1 : shaLength); -+ goto loser; -+ } -+ fputs(buf, ecdsaresp); - -- if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { -- goto loser; -- } -- if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) -- != SECSuccess) { -- goto loser; -- } -- len = ecpriv->publicValue.len; -- if (len%2 == 0) { -- goto loser; -- } -- len = (len-1)/2; -- if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) { -- goto loser; -- } -- fputs("Qx = ", ecdsaresp); -- to_hex_str(buf, &ecpriv->publicValue.data[1], len); -- fputs(buf, ecdsaresp); -- fputc('\n', ecdsaresp); -- fputs("Qy = ", ecdsaresp); -- to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); -- fputs(buf, ecdsaresp); -- fputc('\n', ecdsaresp); -- -- digest.type = siBuffer; -- digest.data = sha1; -- digest.len = sizeof sha1; -- signature.type = siBuffer; -- signature.data = sig; -- signature.len = sizeof sig; -- if (ECDSA_SignDigest(ecpriv, &signature, &digest) != SECSuccess) { -- goto loser; -- } -- len = signature.len; -- if (len%2 != 0) { -- goto loser; -- } -- len = len/2; -- fputs("R = ", ecdsaresp); -- to_hex_str(buf, &signature.data[0], len); -- fputs(buf, ecdsaresp); -- fputc('\n', ecdsaresp); -- fputs("S = ", ecdsaresp); -- to_hex_str(buf, &signature.data[len], len); -- fputs(buf, ecdsaresp); -- fputc('\n', ecdsaresp); -+ if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { -+ goto loser; -+ } -+ if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) -+ != SECSuccess) { -+ goto loser; -+ } -+ len = ecpriv->publicValue.len; -+ if (len%2 == 0) { -+ goto loser; -+ } -+ len = (len-1)/2; -+ if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) { -+ goto loser; -+ } -+ fputs("Qx = ", ecdsaresp); -+ to_hex_str(buf, &ecpriv->publicValue.data[1], len); -+ fputs(buf, ecdsaresp); -+ fputc('\n', ecdsaresp); -+ fputs("Qy = ", ecdsaresp); -+ to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); -+ fputs(buf, ecdsaresp); -+ fputc('\n', ecdsaresp); - -- PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); -- continue; -- } -+ digest.type = siBuffer; -+ digest.data = sha; -+ digest.len = shaLength; -+ signature.type = siBuffer; -+ signature.data = sig; -+ signature.len = sizeof sig; -+ if (ECDSA_SignDigest(ecpriv, &signature, &digest) != SECSuccess) { -+ goto loser; -+ } -+ len = signature.len; -+ if (len%2 != 0) { -+ goto loser; -+ } -+ len = len/2; -+ fputs("R = ", ecdsaresp); -+ to_hex_str(buf, &signature.data[0], len); -+ fputs(buf, ecdsaresp); -+ fputc('\n', ecdsaresp); -+ fputs("S = ", ecdsaresp); -+ to_hex_str(buf, &signature.data[len], len); -+ fputs(buf, ecdsaresp); -+ fputc('\n', ecdsaresp); -+ -+ PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); -+ continue; -+ } - } - loser: - if (ecparams != NULL) { -- PORT_FreeArena(ecparams->arena, PR_FALSE); -+ PORT_FreeArena(ecparams->arena, PR_FALSE); - } - fclose(ecdsareq); - } -@@ -2364,7 +2752,9 @@ ecdsa_sigver_test(char *reqfn) - unsigned int olen; /* length in bytes of the base point order */ - unsigned char msg[512]; /* message that was signed (<= 128 bytes) */ - unsigned int msglen; -- unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ -+ unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ -+ unsigned int shaLength = 0; /* length of SHA */ -+ HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */ - unsigned char sig[2*MAX_ECKEY_LEN]; - SECItem signature, digest; - PRBool keyvalid = PR_TRUE; -@@ -2375,158 +2765,182 @@ ecdsa_sigver_test(char *reqfn) - ecpub.ecParams.arena = NULL; - strcpy(curve, "nist"); - while (fgets(buf, sizeof buf, ecdsareq) != NULL) { -- /* a comment or blank line */ -- if (buf[0] == '#' || buf[0] == '\n') { -- fputs(buf, ecdsaresp); -- continue; -- } -- /* [X-ddd] */ -- if (buf[0] == '[') { -- const char *src; -- char *dst; -- SECItem *encodedparams; -- ECParams *ecparams; -- -- src = &buf[1]; -- dst = &curve[4]; -- *dst++ = tolower(*src); -- src += 2; /* skip the hyphen */ -- *dst++ = *src++; -- *dst++ = *src++; -- *dst++ = *src++; -- *dst = '\0'; -- encodedparams = getECParams(curve); -- if (encodedparams == NULL) { -- goto loser; -- } -- if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { -- goto loser; -- } -- SECITEM_FreeItem(encodedparams, PR_TRUE); -- if (ecpub.ecParams.arena != NULL) { -- PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); -- } -- ecpub.ecParams.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -- if (ecpub.ecParams.arena == NULL) { -- goto loser; -- } -- if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams) -- != SECSuccess) { -- goto loser; -- } -- PORT_FreeArena(ecparams->arena, PR_FALSE); -- flen = (ecpub.ecParams.fieldID.size + 7) >> 3; -- olen = ecpub.ecParams.order.len; -- if (2*olen > sizeof sig) { -- goto loser; -- } -- ecpub.publicValue.type = siBuffer; -- ecpub.publicValue.data = NULL; -- ecpub.publicValue.len = 0; -- SECITEM_AllocItem(ecpub.ecParams.arena, -- &ecpub.publicValue, 2*flen+1); -- if (ecpub.publicValue.data == NULL) { -- goto loser; -- } -- ecpub.publicValue.data[0] = EC_POINT_FORM_UNCOMPRESSED; -- fputs(buf, ecdsaresp); -- continue; -- } -- /* Msg = ... */ -- if (strncmp(buf, "Msg", 3) == 0) { -- i = 3; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- for (j=0; isxdigit(buf[i]); i+=2,j++) { -- hex_to_byteval(&buf[i], &msg[j]); -- } -- msglen = j; -- if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) { -- goto loser; -- } -- fputs(buf, ecdsaresp); -+ /* a comment or blank line */ -+ if (buf[0] == '#' || buf[0] == '\n') { -+ fputs(buf, ecdsaresp); -+ continue; -+ } -+ /* [X-ddd] */ -+ if (buf[0] == '[') { -+ const char *src; -+ char *dst; -+ SECItem *encodedparams; -+ ECParams *ecparams; -+ -+ src = &buf[1]; -+ dst = &curve[4]; -+ *dst++ = tolower(*src); -+ src += 2; /* skip the hyphen */ -+ *dst++ = *src++; -+ *dst++ = *src++; -+ *dst++ = *src++; -+ *dst = '\0'; -+ src++; /* skip the comma */ -+ /* set the SHA Algorithm */ -+ if (strncmp(src, "SHA-1", 5) == 0) { -+ shaAlg = HASH_AlgSHA1; -+ } else if (strncmp(src, "SHA-224", 7) == 0) { -+ shaAlg = HASH_AlgSHA224; -+ } else if (strncmp(src, "SHA-256", 7) == 0) { -+ shaAlg = HASH_AlgSHA256; -+ } else if (strncmp(src, "SHA-384", 7)== 0) { -+ shaAlg = HASH_AlgSHA384; -+ } else if (strncmp(src, "SHA-512", 7) == 0) { -+ shaAlg = HASH_AlgSHA512; -+ } else { -+ fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type"); -+ goto loser; -+ } -+ encodedparams = getECParams(curve); -+ if (encodedparams == NULL) { -+ fprintf(stderr, "Unknown curve %s.", curve); -+ goto loser; -+ } -+ if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { -+ fprintf(stderr, "Curve %s not supported.\n", curve); -+ goto loser; -+ } -+ SECITEM_FreeItem(encodedparams, PR_TRUE); -+ if (ecpub.ecParams.arena != NULL) { -+ PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); -+ } -+ ecpub.ecParams.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); -+ if (ecpub.ecParams.arena == NULL) { -+ goto loser; -+ } -+ if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams) -+ != SECSuccess) { -+ goto loser; -+ } -+ PORT_FreeArena(ecparams->arena, PR_FALSE); -+ flen = (ecpub.ecParams.fieldID.size + 7) >> 3; -+ olen = ecpub.ecParams.order.len; -+ if (2*olen > sizeof sig) { -+ goto loser; -+ } -+ ecpub.publicValue.type = siBuffer; -+ ecpub.publicValue.data = NULL; -+ ecpub.publicValue.len = 0; -+ SECITEM_AllocItem(ecpub.ecParams.arena, -+ &ecpub.publicValue, 2*flen+1); -+ if (ecpub.publicValue.data == NULL) { -+ goto loser; -+ } -+ ecpub.publicValue.data[0] = EC_POINT_FORM_UNCOMPRESSED; -+ fputs(buf, ecdsaresp); -+ continue; -+ } -+ /* Msg = ... */ -+ if (strncmp(buf, "Msg", 3) == 0) { -+ i = 3; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j=0; isxdigit(buf[i]); i+=2,j++) { -+ hex_to_byteval(&buf[i], &msg[j]); -+ } -+ msglen = j; -+ shaLength = fips_hashLen(shaAlg); -+ if (fips_hashBuf(shaAlg,sha,msg,msglen) != SECSuccess) { -+ if (shaLength == 0) { -+ fprintf(ecdsaresp, "ERROR: SHAAlg not defined."); -+ } -+ fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x", -+ shaLength == 160 ? 1 : shaLength); -+ goto loser; -+ } -+ fputs(buf, ecdsaresp); - -- digest.type = siBuffer; -- digest.data = sha1; -- digest.len = sizeof sha1; -+ digest.type = siBuffer; -+ digest.data = sha; -+ digest.len = shaLength; - -- continue; -- } -- /* Qx = ... */ -- if (strncmp(buf, "Qx", 2) == 0) { -- fputs(buf, ecdsaresp); -- i = 2; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- keyvalid = from_hex_str(&ecpub.publicValue.data[1], flen, -- &buf[i]); -- continue; -- } -- /* Qy = ... */ -- if (strncmp(buf, "Qy", 2) == 0) { -- fputs(buf, ecdsaresp); -- if (!keyvalid) { -- continue; -- } -- i = 2; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- keyvalid = from_hex_str(&ecpub.publicValue.data[1+flen], flen, -- &buf[i]); -- if (!keyvalid) { -- continue; -- } -- if (EC_ValidatePublicKey(&ecpub.ecParams, &ecpub.publicValue) -- != SECSuccess) { -- if (PORT_GetError() == SEC_ERROR_BAD_KEY) { -- keyvalid = PR_FALSE; -- } else { -- goto loser; -- } -- } -- continue; -- } -- /* R = ... */ -- if (buf[0] == 'R') { -- fputs(buf, ecdsaresp); -- i = 1; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- sigvalid = from_hex_str(sig, olen, &buf[i]); -- continue; -- } -- /* S = ... */ -- if (buf[0] == 'S') { -- fputs(buf, ecdsaresp); -- i = 1; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- if (sigvalid) { -- sigvalid = from_hex_str(&sig[olen], olen, &buf[i]); -- } -- signature.type = siBuffer; -- signature.data = sig; -- signature.len = 2*olen; -- -- if (!keyvalid || !sigvalid) { -- fputs("Result = F\n", ecdsaresp); -- } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest) -- == SECSuccess) { -- fputs("Result = P\n", ecdsaresp); -- } else { -- fputs("Result = F\n", ecdsaresp); -- } -- continue; -- } -+ continue; -+ } -+ /* Qx = ... */ -+ if (strncmp(buf, "Qx", 2) == 0) { -+ fputs(buf, ecdsaresp); -+ i = 2; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ keyvalid = from_hex_str(&ecpub.publicValue.data[1], flen, -+ &buf[i]); -+ continue; -+ } -+ /* Qy = ... */ -+ if (strncmp(buf, "Qy", 2) == 0) { -+ fputs(buf, ecdsaresp); -+ if (!keyvalid) { -+ continue; -+ } -+ i = 2; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ keyvalid = from_hex_str(&ecpub.publicValue.data[1+flen], flen, -+ &buf[i]); -+ if (!keyvalid) { -+ continue; -+ } -+ if (EC_ValidatePublicKey(&ecpub.ecParams, &ecpub.publicValue) -+ != SECSuccess) { -+ if (PORT_GetError() == SEC_ERROR_BAD_KEY) { -+ keyvalid = PR_FALSE; -+ } else { -+ goto loser; -+ } -+ } -+ continue; -+ } -+ /* R = ... */ -+ if (buf[0] == 'R') { -+ fputs(buf, ecdsaresp); -+ i = 1; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ sigvalid = from_hex_str(sig, olen, &buf[i]); -+ continue; -+ } -+ /* S = ... */ -+ if (buf[0] == 'S') { -+ fputs(buf, ecdsaresp); -+ i = 1; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ if (sigvalid) { -+ sigvalid = from_hex_str(&sig[olen], olen, &buf[i]); -+ } -+ signature.type = siBuffer; -+ signature.data = sig; -+ signature.len = 2*olen; -+ -+ if (!keyvalid || !sigvalid) { -+ fputs("Result = F\n", ecdsaresp); -+ } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest) -+ == SECSuccess) { -+ fputs("Result = P\n", ecdsaresp); -+ } else { -+ fputs("Result = F\n", ecdsaresp); -+ } -+ continue; -+ } - } - loser: - if (ecpub.ecParams.arena != NULL) { -- PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); -+ PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); - } - fclose(ecdsareq); - } -@@ -2543,8 +2957,8 @@ alloc_value(char *buf, int *len) - int i, count; - - if (strncmp(buf, "", 6) == 0) { -- *len = 0; -- return NULL; -+ *len = 0; -+ return NULL; - } - - /* find the length of the number */ -@@ -2552,17 +2966,17 @@ alloc_value(char *buf, int *len) - *len = count/2; - - if (*len == 0) { -- return NULL; -+ return NULL; - } - - value = PORT_Alloc(*len); - if (!value) { -- *len = 0; -- return NULL; -+ *len = 0; -+ return NULL; - } -- -+ - for (i=0; i<*len; buf+=2 , i++) { -- hex_to_byteval(buf, &value[i]); -+ hex_to_byteval(buf, &value[i]); - } - - -@@ -2574,7 +2988,7 @@ isblankline(char *b) - { - while (isspace(*b)) b++; - if ((*b == '\n') || (*b == 0)) { -- return PR_TRUE; -+ return PR_TRUE; - } - return PR_FALSE; - } -@@ -2608,9 +3022,9 @@ drbg(char *reqfn) - int additionalInputLen = 0; - unsigned char *entropyInput = NULL; - int entropyInputLen = 0; -- unsigned char predictedreturn_bytes[SHA256_LENGTH]; -- unsigned char return_bytes[SHA256_LENGTH]; -- int return_bytes_len = SHA256_LENGTH; -+ unsigned char *predictedreturn_bytes = NULL; -+ unsigned char *return_bytes = NULL; -+ int return_bytes_len = 0; - enum { NONE, INSTANTIATE, GENERATE, RESEED, RESULT } command = - NONE; - PRBool genResult = PR_FALSE; -@@ -2621,23 +3035,23 @@ drbg(char *reqfn) - while (fgets(buf, sizeof buf, rngreq) != NULL) { - switch (command) { - case INSTANTIATE: -- if (debug) { -- fputs("# PRNGTEST_Instantiate(",rngresp); -- to_hex_str(buf2,entropyInput, entropyInputLen); -- fputs(buf2,rngresp); -- fprintf(rngresp,",%d,",entropyInputLen); -- to_hex_str(buf2,nonce, nonceLen); -- fputs(buf2,rngresp); -- fprintf(rngresp,",%d,",nonceLen); -- to_hex_str(buf2,personalizationString, -- personalizationStringLen); -- fputs(buf2,rngresp); -- fprintf(rngresp,",%d)\n", personalizationStringLen); -- } -+ if (debug) { -+ fputs("# PRNGTEST_Instantiate(",rngresp); -+ to_hex_str(buf2,entropyInput, entropyInputLen); -+ fputs(buf2,rngresp); -+ fprintf(rngresp,",%d,",entropyInputLen); -+ to_hex_str(buf2,nonce, nonceLen); -+ fputs(buf2,rngresp); -+ fprintf(rngresp,",%d,",nonceLen); -+ to_hex_str(buf2,personalizationString, -+ personalizationStringLen); -+ fputs(buf2,rngresp); -+ fprintf(rngresp,",%d)\n", personalizationStringLen); -+ } - rv = PRNGTEST_Instantiate(entropyInput, entropyInputLen, - nonce, nonceLen, - personalizationString, -- personalizationStringLen); -+ personalizationStringLen); - if (rv != SECSuccess) { - goto loser; - } -@@ -2646,17 +3060,17 @@ drbg(char *reqfn) - case GENERATE: - case RESULT: - memset(return_bytes, 0, return_bytes_len); -- if (debug) { -- fputs("# PRNGTEST_Generate(returnbytes",rngresp); -- fprintf(rngresp,",%d,", return_bytes_len); -- to_hex_str(buf2,additionalInput, additionalInputLen); -- fputs(buf2,rngresp); -- fprintf(rngresp,",%d)\n",additionalInputLen); -- } -+ if (debug) { -+ fputs("# PRNGTEST_Generate(returnbytes",rngresp); -+ fprintf(rngresp,",%d,", return_bytes_len); -+ to_hex_str(buf2,additionalInput, additionalInputLen); -+ fputs(buf2,rngresp); -+ fprintf(rngresp,",%d)\n",additionalInputLen); -+ } - rv = PRNGTEST_Generate((PRUint8 *) return_bytes, -- return_bytes_len, -+ return_bytes_len, - (PRUint8 *) additionalInput, -- additionalInputLen); -+ additionalInputLen); - if (rv != SECSuccess) { - goto loser; - } -@@ -2666,9 +3080,9 @@ drbg(char *reqfn) - to_hex_str(buf2, return_bytes, return_bytes_len); - fputs(buf2, rngresp); - fputc('\n', rngresp); -- if (debug) { -- fputs("# PRNGTEST_Uninstantiate()\n",rngresp); -- } -+ if (debug) { -+ fputs("# PRNGTEST_Uninstantiate()\n",rngresp); -+ } - rv = PRNGTEST_Uninstantiate(); - if (rv != SECSuccess) { - goto loser; -@@ -2678,23 +3092,23 @@ drbg(char *reqfn) - to_hex_str(buf2, return_bytes, return_bytes_len); - fputs(buf2, rngresp); - fputc('\n', rngresp); -- } -+ } - - memset(additionalInput, 0, additionalInputLen); - break; - - case RESEED: - if (entropyInput || additionalInput) { -- if (debug) { -- fputs("# PRNGTEST_Reseed(",rngresp); -- fprintf(rngresp,",%d,", return_bytes_len); -- to_hex_str(buf2,entropyInput, entropyInputLen); -- fputs(buf2,rngresp); -- fprintf(rngresp,",%d,", entropyInputLen); -- to_hex_str(buf2,additionalInput, additionalInputLen); -- fputs(buf2,rngresp); -- fprintf(rngresp,",%d)\n",additionalInputLen); -- } -+ if (debug) { -+ fputs("# PRNGTEST_Reseed(",rngresp); -+ fprintf(rngresp,",%d,", return_bytes_len); -+ to_hex_str(buf2,entropyInput, entropyInputLen); -+ fputs(buf2,rngresp); -+ fprintf(rngresp,",%d,", entropyInputLen); -+ to_hex_str(buf2,additionalInput, additionalInputLen); -+ fputs(buf2,rngresp); -+ fprintf(rngresp,",%d)\n",additionalInputLen); -+ } - rv = PRNGTEST_Reseed(entropyInput, entropyInputLen, - additionalInput, additionalInputLen); - if (rv != SECSuccess) { -@@ -2736,6 +3150,28 @@ drbg(char *reqfn) - fputs(buf, rngresp); - continue; - } -+ -+ if (strncmp(buf, "[ReturnedBitsLen", 16) == 0) { -+ if (return_bytes) { -+ PORT_ZFree(return_bytes, return_bytes_len); -+ return_bytes = NULL; -+ } -+ if (predictedreturn_bytes) { -+ PORT_ZFree(predictedreturn_bytes, return_bytes_len); -+ predictedreturn_bytes = NULL; -+ } -+ return_bytes_len = 0; -+ if (sscanf(buf, "[ReturnedBitsLen = %d]", &return_bytes_len) != 1) { -+ goto loser; -+ } -+ return_bytes_len = return_bytes_len/8; -+ if (return_bytes_len > 0) { -+ return_bytes = PORT_Alloc(return_bytes_len); -+ predictedreturn_bytes = PORT_Alloc(return_bytes_len); -+ } -+ fputs(buf, rngresp); -+ continue; -+ } - - if (strncmp(buf, "[EntropyInputLen", 16) == 0) { - if (entropyInput) { -@@ -2746,7 +3182,7 @@ drbg(char *reqfn) - if (sscanf(buf, "[EntropyInputLen = %d]", &entropyInputLen) != 1) { - goto loser; - } -- entropyInputLen = entropyInputLen/8; -+ entropyInputLen = entropyInputLen/8; - if (entropyInputLen > 0) { - entropyInput = PORT_Alloc(entropyInputLen); - } -@@ -2764,7 +3200,7 @@ drbg(char *reqfn) - if (sscanf(buf, "[NonceLen = %d]", &nonceLen) != 1) { - goto loser; - } -- nonceLen = nonceLen/8; -+ nonceLen = nonceLen/8; - if (nonceLen > 0) { - nonce = PORT_Alloc(nonceLen); - } -@@ -2782,7 +3218,7 @@ drbg(char *reqfn) - if (sscanf(buf, "[PersonalizationStringLen = %d]", &personalizationStringLen) != 1) { - goto loser; - } -- personalizationStringLen = personalizationStringLen / 8; -+ personalizationStringLen = personalizationStringLen / 8; - if (personalizationStringLen > 0) { - personalizationString = PORT_Alloc(personalizationStringLen); - } -@@ -2801,7 +3237,7 @@ drbg(char *reqfn) - if (sscanf(buf, "[AdditionalInputLen = %d]", &additionalInputLen) != 1) { - goto loser; - } -- additionalInputLen = additionalInputLen/8; -+ additionalInputLen = additionalInputLen/8; - if (additionalInputLen > 0) { - additionalInput = PORT_Alloc(additionalInputLen); - } -@@ -2938,7 +3374,7 @@ drbg(char *reqfn) - - if (memcmp(return_bytes, - predictedreturn_bytes, return_bytes_len) != 0) { -- if (debug) { -+ if (debug) { - fprintf(rngresp, "# Generate failed:\n"); - fputs( "# predicted=", rngresp); - to_hex_str(buf, predictedreturn_bytes, -@@ -2948,7 +3384,7 @@ drbg(char *reqfn) - fputs(buf2, rngresp); - fputc('\n', rngresp); - -- } else { -+ } else { - fprintf(stderr, "Generate failed:\n"); - fputs( " predicted=", stderr); - to_hex_str(buf, predictedreturn_bytes, -@@ -2957,10 +3393,133 @@ drbg(char *reqfn) - fputs("\n actual = ", stderr); - fputs(buf2, stderr); - fputc('\n', stderr); -- } -+ } -+ } -+ memset(predictedreturn_bytes, 0 , sizeof predictedreturn_bytes); -+ -+ continue; -+ } -+ } -+loser: -+ fclose(rngreq); -+} -+ -+/* -+ * Perform the RNG Variable Seed Test (VST) for the RNG algorithm -+ * "DSA - Generation of X", used both as specified and as a generic -+ * purpose RNG. The presence of "Q = ..." in the REQUEST file -+ * indicates we are using the algorithm as specified. -+ * -+ * reqfn is the pathname of the REQUEST file. -+ * -+ * The output RESPONSE file is written to stdout. -+ */ -+void -+rng_vst(char *reqfn) -+{ -+ char buf[256]; /* holds one line from the input REQUEST file. -+ * needs to be large enough to hold the longest -+ * line "XSeed = <128 hex digits>\n". -+ */ -+ FILE *rngreq; /* input stream from the REQUEST file */ -+ FILE *rngresp; /* output stream to the RESPONSE file */ -+ unsigned int i, j; -+ unsigned char Q[DSA1_SUBPRIME_LEN]; -+ PRBool hasQ = PR_FALSE; -+ unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ -+ unsigned char XKey[512/8]; -+ unsigned char XSeed[512/8]; -+ unsigned char GENX[DSA1_SIGNATURE_LEN]; -+ unsigned char DSAX[DSA1_SUBPRIME_LEN]; -+ SECStatus rv; -+ -+ rngreq = fopen(reqfn, "r"); -+ rngresp = stdout; -+ while (fgets(buf, sizeof buf, rngreq) != NULL) { -+ /* a comment or blank line */ -+ if (buf[0] == '#' || buf[0] == '\n') { -+ fputs(buf, rngresp); -+ continue; -+ } -+ /* [Xchange - SHA1] */ -+ if (buf[0] == '[') { -+ fputs(buf, rngresp); -+ continue; -+ } -+ /* Q = ... */ -+ if (buf[0] == 'Q') { -+ i = 1; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j=0; j\n". -- */ -- FILE *rngreq; /* input stream from the REQUEST file */ -- FILE *rngresp; /* output stream to the RESPONSE file */ -- unsigned int i, j; -- unsigned char Q[DSA1_SUBPRIME_LEN]; -- PRBool hasQ = PR_FALSE; -- unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ -- unsigned char XKey[512/8]; -- unsigned char XSeed[512/8]; -- unsigned char GENX[DSA1_SIGNATURE_LEN]; -- unsigned char DSAX[DSA1_SUBPRIME_LEN]; -- SECStatus rv; -- -- rngreq = fopen(reqfn, "r"); -- rngresp = stdout; -- while (fgets(buf, sizeof buf, rngreq) != NULL) { -- /* a comment or blank line */ -- if (buf[0] == '#' || buf[0] == '\n') { -- fputs(buf, rngresp); -- continue; -- } -- /* [Xchange - SHA1] */ -- if (buf[0] == '[') { -- fputs(buf, rngresp); -- continue; -- } -- /* Q = ... */ -- if (buf[0] == 'Q') { -- i = 1; -- while (isspace(buf[i]) || buf[i] == '=') { -- i++; -- } -- for (j=0; j1024) { -@@ -3816,13 +4137,13 @@ dsa_keypair_test(char *reqfn) - if (PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES, - &pqg, &vfy) != SECSuccess) { - fprintf(dsaresp, -- "ERROR: Unable to generate PQG parameters"); -+ "ERROR: Unable to generate PQG parameters"); - goto loser; - } -- } else { -+ } else { - if (PQG_ParamGenV2(L, N, N, &pqg, &vfy) != SECSuccess) { - fprintf(dsaresp, -- "ERROR: Unable to generate PQG parameters"); -+ "ERROR: Unable to generate PQG parameters"); - goto loser; - } - } -@@ -3871,7 +4192,7 @@ loser: - */ - typedef enum { - FIPS186_1,/* Generate/Verify P,Q & G according to FIPS 186-1 */ -- A_1_1_2, /* Generate Probable P & Q */ -+ A_1_2_1, /* Generate Provable P & Q */ - A_1_1_3, /* Verify Probable P & Q */ - A_1_2_2, /* Verify Provable P & Q */ - A_2_1, /* Generate Unverifiable G */ -@@ -3919,37 +4240,37 @@ dsa_pqgver_test(char *reqfn) - /* [A.xxxxx ] */ - if (buf[0] == '[' && buf[1] == 'A') { - -- if (strncmp(&buf[1],"A.1.1.3",7) == 0) { -- type = A_1_1_3; -- } else if (strncmp(&buf[1],"A.2.2",5) == 0) { -- type = A_2_2; -- } else if (strncmp(&buf[1],"A.2.4",5) == 0) { -- type = A_2_4; -- } else if (strncmp(&buf[1],"A.1.2.2",7) == 0) { -- type = A_1_2_2; -- /* validate our output from PQGGEN */ -- } else if (strncmp(&buf[1],"A.1.1.2",7) == 0) { -- type = A_2_4; /* validate PQ and G together */ -- } else { -- fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); -- exit(1); -- } -- -+ if (strncmp(&buf[1],"A.1.1.3",7) == 0) { -+ type = A_1_1_3; -+ } else if (strncmp(&buf[1],"A.2.2",5) == 0) { -+ type = A_2_2; -+ } else if (strncmp(&buf[1],"A.2.4",5) == 0) { -+ type = A_2_4; -+ } else if (strncmp(&buf[1],"A.1.2.2",7) == 0) { -+ type = A_1_2_2; -+ /* validate our output from PQGGEN */ -+ } else if (strncmp(&buf[1],"A.1.1.2",7) == 0) { -+ type = A_2_4; /* validate PQ and G together */ -+ } else { -+ fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); -+ exit(1); -+ } -+ - fputs(buf, dsaresp); - continue; - } -- -+ - - /* [Mod = x] */ - if (buf[0] == '[') { - -- if (type == FIPS186_1) { -+ if (type == FIPS186_1) { - N=160; - if (sscanf(buf, "[mod = %d]", &L) != 1) { - goto loser; -- } -- } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { -- goto loser; -+ } -+ } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { -+ goto loser; - } - - if (pqg.prime.data) { /* P */ -@@ -3973,17 +4294,17 @@ dsa_pqgver_test(char *reqfn) - /*calculate the size of p, g, and h then allocate items */ - pghSize = L/8; - -- pqg.base.data = vfy.h.data = NULL; -- vfy.seed.len = pqg.base.len = vfy.h.len = 0; -+ pqg.base.data = vfy.h.data = NULL; -+ vfy.seed.len = pqg.base.len = vfy.h.len = 0; - SECITEM_AllocItem(NULL, &pqg.prime, pghSize); - SECITEM_AllocItem(NULL, &vfy.seed, pghSize*3); -- if (type == A_2_2) { -- SECITEM_AllocItem(NULL, &vfy.h, pghSize); -- vfy.h.len = pghSize; -- } else if (type == A_2_4) { -- SECITEM_AllocItem(NULL, &vfy.h, 1); -- vfy.h.len = 1; -- } -+ if (type == A_2_2) { -+ SECITEM_AllocItem(NULL, &vfy.h, pghSize); -+ vfy.h.len = pghSize; -+ } else if (type == A_2_4) { -+ SECITEM_AllocItem(NULL, &vfy.h, 1); -+ vfy.h.len = 1; -+ } - pqg.prime.len = pghSize; - /* q is always N bits */ - SECITEM_AllocItem(NULL, &pqg.subPrime, N/8); -@@ -4042,24 +4363,24 @@ dsa_pqgver_test(char *reqfn) - if (strncmp(buf, "Seed", 4) == 0) { - i = 4; - } else if (strncmp(buf, "domain_parameter_seed", 21) == 0) { -- i = 21; -- } else if (strncmp(buf,"firstseed",9) == 0) { -- i = 9; -- } else { -- i = 0; -- } -- if (i) { -+ i = 21; -+ } else if (strncmp(buf,"firstseed",9) == 0) { -+ i = 9; -+ } else { -+ i = 0; -+ } -+ if (i) { - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &vfy.seed.data[j]); - } -- vfy.seed.len = j; -+ vfy.seed.len = j; - - fputs(buf, dsaresp); -- if (type == A_2_4) { -- SECStatus result; -+ if (type == A_2_4) { -+ SECStatus result; - - /* Verify the Parameters */ - SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); -@@ -4071,49 +4392,49 @@ dsa_pqgver_test(char *reqfn) - } else { - fprintf(dsaresp, "Result = F\n"); - } -- } -+ } - continue; - } -- if ((strncmp(buf,"pseed",5) == 0) || -- (strncmp(buf,"qseed",5) == 0)) -- { -- i = 5; -+ if ((strncmp(buf,"pseed",5) == 0) || -+ (strncmp(buf,"qseed",5) == 0)) -+ { -+ i = 5; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=vfy.seed.len; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &vfy.seed.data[j]); - } -- vfy.seed.len = j; -+ vfy.seed.len = j; - fputs(buf, dsaresp); - - continue; -- } -+ } - if (strncmp(buf, "index", 4) == 0) { -- i=5; -+ i=5; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } -- hex_to_byteval(&buf[i], &vfy.h.data[0]); -- vfy.h.len = 1; -+ hex_to_byteval(&buf[i], &vfy.h.data[0]); -+ vfy.h.len = 1; - fputs(buf, dsaresp); -- } -+ } - - /* c = ... or counter=*/ - if (buf[0] == 'c') { -- if (strncmp(buf,"counter", 7) == 0) { -+ if (strncmp(buf,"counter", 7) == 0) { - if (sscanf(buf, "counter = %u", &vfy.counter) != 1) { - goto loser; -- } -- } else { -+ } -+ } else { - if (sscanf(buf, "c = %u", &vfy.counter) != 1) { - goto loser; -- } -+ } - } - - fputs(buf, dsaresp); - if (type == A_1_1_3) { -- SECStatus result; -+ SECStatus result; - /* only verify P and Q, we have everything now. do it */ - SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); - if (rv != SECSuccess) { -@@ -4128,17 +4449,17 @@ dsa_pqgver_test(char *reqfn) - } - continue; - } -- if (strncmp(buf,"pgen_counter", 12) == 0) { -+ if (strncmp(buf,"pgen_counter", 12) == 0) { - if (sscanf(buf, "pgen_counter = %u", &vfy.counter) != 1) { - goto loser; -- } -+ } - fputs(buf, dsaresp); -- continue; -- } -- if (strncmp(buf,"qgen_counter", 12) == 0) { -+ continue; -+ } -+ if (strncmp(buf,"qgen_counter", 12) == 0) { - fputs(buf, dsaresp); - if (type == A_1_2_2) { -- SECStatus result; -+ SECStatus result; - /* only verify P and Q, we have everything now. do it */ - SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); - if (rv != SECSuccess) { -@@ -4151,8 +4472,8 @@ dsa_pqgver_test(char *reqfn) - } - fprintf(dsaresp, "\n"); - } -- continue; -- } -+ continue; -+ } - /* H = ... */ - if (buf[0] == 'H') { - SECStatus rv, result = SECFailure; -@@ -4164,18 +4485,18 @@ dsa_pqgver_test(char *reqfn) - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &vfy.h.data[j]); - } -- vfy.h.len = j; -+ vfy.h.len = j; - fputs(buf, dsaresp); - -- /* this should be a byte value. Remove the leading zeros. If -- * it doesn't reduce to a byte, PQG_VerifyParams will catch it -- if (type == A_2_2) { -- data_save = vfy.h.data; -- while(vfy.h.data[0] && (vfy.h.len > 1)) { -- vfy.h.data++; -- vfy.h.len--; -- } -- } */ -+ /* this should be a byte value. Remove the leading zeros. If -+ * it doesn't reduce to a byte, PQG_VerifyParams will catch it -+ if (type == A_2_2) { -+ data_save = vfy.h.data; -+ while(vfy.h.data[0] && (vfy.h.len > 1)) { -+ vfy.h.data++; -+ vfy.h.len--; -+ } -+ } */ - - /* Verify the Parameters */ - rv = PQG_VerifyParams(&pqg, &vfy, &result); -@@ -4232,6 +4553,7 @@ dsa_pqggen_test(char *reqfn) - int L; - int i; - unsigned int j; -+ int output_g = 1; - PQGParams *pqg = NULL; - PQGVerify *vfy = NULL; - unsigned int keySizeIndex; -@@ -4248,21 +4570,23 @@ dsa_pqggen_test(char *reqfn) - - /* [A.xxxxx ] */ - if (buf[0] == '[' && buf[1] == 'A') { -- if (strncmp(&buf[1],"A.1.1.2",7) == 0) { -- type = A_1_1_2; -- } else if (strncmp(&buf[1],"A.2.1",5) == 0) { -- fprintf(stderr, "NSS only Generates G with P&Q\n"); -- exit(1); -- } else if (strncmp(&buf[1],"A.2.3",5) == 0) { -- fprintf(stderr, "NSS only Generates G with P&Q\n"); -- exit(1); -- } else if (strncmp(&buf[1],"A.1.2.1",7) == 0) { -- fprintf(stderr, "NSS does not support Shawe-Taylor Primes\n"); -+ if (strncmp(&buf[1],"A.1.1.2",7) == 0) { -+ fprintf(stderr, "NSS does Generate Probablistic Primes\n"); - exit(1); -- } else { -- fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); -- exit(1); -- } -+ } else if (strncmp(&buf[1],"A.2.1",5) == 0) { -+ type = A_1_2_1; -+ output_g = 1; -+ exit(1); -+ } else if (strncmp(&buf[1],"A.2.3",5) == 0) { -+ fprintf(stderr, "NSS only Generates G with P&Q\n"); -+ exit(1); -+ } else if (strncmp(&buf[1],"A.1.2.1",7) == 0) { -+ type = A_1_2_1; -+ output_g = 0; -+ } else { -+ fprintf(stderr, "Unknown dsa pqggen test %s\n", &buf[1]); -+ exit(1); -+ } - fputs(buf, dsaresp); - continue; - } -@@ -4270,19 +4594,19 @@ dsa_pqggen_test(char *reqfn) - /* [Mod = ... ] */ - if (buf[0] == '[') { - -- if (type == FIPS186_1) { -+ if (type == FIPS186_1) { - N=160; - if (sscanf(buf, "[mod = %d]", &L) != 1) { - goto loser; -- } -- } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { -- goto loser; -+ } -+ } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { -+ goto loser; - } - - fputs(buf, dsaresp); - fputc('\n', dsaresp); - -- if (type == FIPS186_1) { -+ if (type == FIPS186_1) { - /************************************************************ - * PQG_ParamGenSeedLen doesn't take a key size, it takes an - * index that points to a valid key size. -@@ -4299,7 +4623,11 @@ dsa_pqggen_test(char *reqfn) - } - /* N = ... */ - if (buf[0] == 'N') { -- if (sscanf(buf, "N = %d", &count) != 1) { -+ if (strncmp(buf, "Num", 3) == 0) { -+ if (sscanf(buf, "Num = %d", &count) != 1) { -+ goto loser; -+ } -+ } else if (sscanf(buf, "N = %d", &count) != 1) { - goto loser; - } - for (i = 0; i < count; i++) { -@@ -4320,24 +4648,38 @@ dsa_pqggen_test(char *reqfn) - fprintf(dsaresp, "P = %s\n", buf); - to_hex_str(buf, pqg->subPrime.data, pqg->subPrime.len); - fprintf(dsaresp, "Q = %s\n", buf); -- to_hex_str(buf, pqg->base.data, pqg->base.len); -- fprintf(dsaresp, "G = %s\n", buf); -- if (type == FIPS186_1) { -+ if (output_g) { -+ to_hex_str(buf, pqg->base.data, pqg->base.len); -+ fprintf(dsaresp, "G = %s\n", buf); -+ } -+ if (type == FIPS186_1) { - to_hex_str(buf, vfy->seed.data, vfy->seed.len); - fprintf(dsaresp, "Seed = %s\n", buf); - fprintf(dsaresp, "c = %d\n", vfy->counter); - to_hex_str(buf, vfy->h.data, vfy->h.len); - fputs("H = ", dsaresp); - for (j=vfy->h.len; j< pqg->prime.len; j++) { -- fprintf(dsaresp, "00"); -+ fprintf(dsaresp, "00"); - } - fprintf(dsaresp, "%s\n", buf); -- } else { -- fprintf(dsaresp, "counter = %d\n", vfy->counter); -- fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); -- to_hex_str(buf, vfy->seed.data, vfy->seed.len); -- fprintf(dsaresp, "domain_parameter_seed = %s\n", buf); -- } -+ } else { -+ unsigned int seedlen = vfy->seed.len/2; -+ unsigned int pgen_counter = vfy->counter >> 16; -+ unsigned int qgen_counter = vfy->counter & 0xffff; -+ /*fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); */ -+ to_hex_str(buf, vfy->seed.data, seedlen); -+ fprintf(dsaresp, "pseed = %s\n", buf); -+ to_hex_str(buf, vfy->seed.data+seedlen, seedlen); -+ fprintf(dsaresp, "qseed = %s\n", buf); -+ fprintf(dsaresp, "pgen_counter = %d\n", vfy->counter); -+ fprintf(dsaresp, "qgen_counter = %d\n", vfy->counter); -+ if (output_g) { -+ to_hex_str(buf, vfy->seed.data, vfy->seed.len); -+ fprintf(dsaresp, "domain_parameter_seed = %s\n", buf); -+ fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); -+ } -+ -+ } - fputc('\n', dsaresp); - if(pqg!=NULL) { - PQG_DestroyParams(pqg); -@@ -4423,7 +4765,7 @@ dsa_siggen_test(char *reqfn) - if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, & N, - &hashNum) != 3) { - use_dsa1 = PR_TRUE; -- hashNum = 1; -+ hashNum = 1; - if (sscanf(buf, "[mod = %d]", &modulus) != 1) { - goto loser; - } -@@ -4470,11 +4812,11 @@ dsa_siggen_test(char *reqfn) - goto loser; - } - -- hashType = sha_get_hashType(hashNum); -- if (hashType == HASH_AlgNULL) { -- fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); -- goto loser; -- } -+ hashType = sha_get_hashType(hashNum); -+ if (hashType == HASH_AlgNULL) { -+ fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); -+ goto loser; -+ } - continue; - } - -@@ -4483,10 +4825,10 @@ dsa_siggen_test(char *reqfn) - unsigned char msg[128]; /* MAX msg 128 */ - unsigned int len = 0; - -- if (hashType == HASH_AlgNULL) { -- fprintf(dsaresp, "ERROR: Hash Alg not set"); -- goto loser; -- } -+ if (hashType == HASH_AlgNULL) { -+ fprintf(dsaresp, "ERROR: Hash Alg not set"); -+ goto loser; -+ } - - memset(hashBuf, 0, sizeof hashBuf); - memset(sig, 0, sizeof sig); -@@ -4500,7 +4842,7 @@ dsa_siggen_test(char *reqfn) - } - if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) { - fprintf(dsaresp, "ERROR: Unable to generate SHA% digest", -- hashNum); -+ hashNum); - goto loser; - } - -@@ -4595,8 +4937,8 @@ dsa_sigver_test(char *reqfn) - - if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, & N, - &hashNum) != 3) { -- N=160; -- hashNum = 1; -+ N=160; -+ hashNum = 1; - if (sscanf(buf, "[mod = %d]", &L) != 1) { - goto loser; - } -@@ -4628,11 +4970,11 @@ dsa_sigver_test(char *reqfn) - SECITEM_AllocItem(NULL, &pubkey.params.subPrime, N/8); - pubkey.params.subPrime.len = N/8; - -- hashType = sha_get_hashType(hashNum); -- if (hashType == HASH_AlgNULL) { -- fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); -- goto loser; -- } -+ hashType = sha_get_hashType(hashNum); -+ if (hashType == HASH_AlgNULL) { -+ fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); -+ goto loser; -+ } - - continue; - } -@@ -4686,10 +5028,10 @@ dsa_sigver_test(char *reqfn) - unsigned char msg[128]; /* MAX msg 128 */ - memset(hashBuf, 0, sizeof hashBuf); - -- if (hashType == HASH_AlgNULL) { -- fprintf(dsaresp, "ERROR: Hash Alg not set"); -- goto loser; -- } -+ if (hashType == HASH_AlgNULL) { -+ fprintf(dsaresp, "ERROR: Hash Alg not set"); -+ goto loser; -+ } - - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { -@@ -4700,7 +5042,7 @@ dsa_sigver_test(char *reqfn) - } - if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) { - fprintf(dsaresp, "ERROR: Unable to generate SHA-%d digest", -- hashNum); -+ hashNum); - goto loser; - } - -@@ -4740,17 +5082,17 @@ dsa_sigver_test(char *reqfn) - - /* S = ... */ - if (buf[0] == 'S') { -- if (hashType == HASH_AlgNULL) { -- fprintf(dsaresp, "ERROR: Hash Alg not set"); -- goto loser; -- } -+ if (hashType == HASH_AlgNULL) { -+ fprintf(dsaresp, "ERROR: Hash Alg not set"); -+ goto loser; -+ } - - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=pubkey.params.subPrime.len; -- j< pubkey.params.subPrime.len*2; i+=2,j++) { -+ j< pubkey.params.subPrime.len*2; i+=2,j++) { - hex_to_byteval(&buf[i], &sig[j]); - } - fputs(buf, dsaresp); -@@ -4767,7 +5109,7 @@ dsa_sigver_test(char *reqfn) - } else { - fprintf(dsaresp, "Result = F\n"); - } -- fprintf(dsaresp, "\n"); -+ fprintf(dsaresp, "\n"); - continue; - } - } -@@ -4945,16 +5287,16 @@ rsa_siggen_test(char *reqfn) - for (j=0; isxdigit(buf[i]) && j < sizeof(msg); i+=2,j++) { - hex_to_byteval(&buf[i], &msg[j]); - } -- shaLength = fips_hashLen(shaAlg); -- if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { -- if (shaLength == 0) { -- fprintf(rsaresp, "ERROR: SHAAlg not defined."); -- } -+ shaLength = fips_hashLen(shaAlg); -+ if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { -+ if (shaLength == 0) { -+ fprintf(rsaresp, "ERROR: SHAAlg not defined."); -+ } - fprintf(rsaresp, "ERROR: Unable to generate SHA%x", -- shaLength == 160 ? 1 : shaLength); -+ shaLength == 160 ? 1 : shaLength); - goto loser; - } -- shaOid = fips_hashOid(shaAlg); -+ shaOid = fips_hashOid(shaAlg); - - /* Perform RSA signature with the RSA private key. */ - rv = RSA_HashSign( shaOid, -@@ -5169,13 +5511,13 @@ rsa_sigver_test(char *reqfn) - hex_to_byteval(&buf[i], &msg[j]); - } - -- shaLength = fips_hashLen(shaAlg); -- if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { -- if (shaLength == 0) { -- fprintf(rsaresp, "ERROR: SHAAlg not defined."); -- } -+ shaLength = fips_hashLen(shaAlg); -+ if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { -+ if (shaLength == 0) { -+ fprintf(rsaresp, "ERROR: SHAAlg not defined."); -+ } - fprintf(rsaresp, "ERROR: Unable to generate SHA%x", -- shaLength == 160 ? 1 : shaLength); -+ shaLength == 160 ? 1 : shaLength); - goto loser; - } - -@@ -5208,6 +5550,8 @@ rsa_sigver_test(char *reqfn) - signatureLength = j; - fputs(buf, rsaresp); - -+ shaOid = fips_hashOid(shaAlg); -+ - /* Perform RSA verification with the RSA public key. */ - rv = RSA_HashCheckSign( shaOid, - rsa_public_key, -@@ -5233,6 +5577,295 @@ loser: - } - } - -+void -+tls(char *reqfn) -+{ -+ char buf[256]; /* holds one line from the input REQUEST file. -+ * needs to be large enough to hold the longest -+ * line "XSeed = <128 hex digits>\n". -+ */ -+ unsigned char *pms = NULL; -+ int pms_len; -+ unsigned char *master_secret = NULL; -+ unsigned char *key_block = NULL; -+ int key_block_len; -+ unsigned char serverHello_random[SSL3_RANDOM_LENGTH]; -+ unsigned char clientHello_random[SSL3_RANDOM_LENGTH]; -+ unsigned char server_random[SSL3_RANDOM_LENGTH]; -+ unsigned char client_random[SSL3_RANDOM_LENGTH]; -+ FILE *tlsreq; /* input stream from the REQUEST file */ -+ FILE *tlsresp; /* output stream to the RESPONSE file */ -+ unsigned int i, j; -+ CK_SLOT_ID slotList[10]; -+ CK_SLOT_ID slotID; -+ CK_ULONG slotListCount = sizeof(slotList)/sizeof(slotList[0]); -+ CK_ULONG count; -+ static const CK_C_INITIALIZE_ARGS pk11args= { -+ NULL, NULL, NULL, NULL, CKF_LIBRARY_CANT_CREATE_OS_THREADS , -+ "flags=readOnly,noCertDB,noModDB", NULL }; -+ static const CK_OBJECT_CLASS ck_secret = CKO_SECRET_KEY; -+ static const CK_KEY_TYPE ck_generic = CKK_GENERIC_SECRET; -+ static const CK_BBOOL ck_false = CK_FALSE; -+ static const CK_BBOOL ck_true = CK_TRUE; -+ static const CK_ULONG one = 1; -+ CK_ATTRIBUTE create_template[] = { -+ { CKA_VALUE, NULL, 0 }, -+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, -+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, -+ { CKA_DERIVE, &ck_true, sizeof (ck_true) }, -+ }; -+ CK_ULONG create_template_count = -+ sizeof(create_template)/sizeof(create_template[0]); -+ CK_ATTRIBUTE derive_template[] = { -+ { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, -+ { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, -+ { CKA_DERIVE, &ck_true, sizeof(ck_true) }, -+ { CKA_VALUE_LEN, &one, sizeof(one) }, -+ }; -+ CK_ULONG derive_template_count = -+ sizeof(derive_template)/sizeof(derive_template[0]); -+ CK_ATTRIBUTE master_template = -+ { CKA_VALUE, NULL, 0 }; -+ CK_ATTRIBUTE kb1_template = -+ { CKA_VALUE, NULL, 0 }; -+ CK_ATTRIBUTE kb2_template = -+ { CKA_VALUE, NULL, 0 }; -+ -+ -+ CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE , NULL, 0 }; -+ CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE , NULL, 0}; -+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; -+ CK_SSL3_KEY_MAT_PARAMS key_block_params; -+ CK_SSL3_KEY_MAT_OUT key_material; -+ CK_RV crv; -+ -+ /* set up PKCS #11 parameters */ -+ master_params.pVersion = NULL; -+ master_params.RandomInfo.pClientRandom = clientHello_random; -+ master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random); -+ master_params.RandomInfo.pServerRandom = serverHello_random; -+ master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random); -+ master_mech.pParameter = (void *) &master_params; -+ master_mech.ulParameterLen = sizeof(master_params); -+ key_block_params.ulMacSizeInBits = 0; -+ key_block_params.ulKeySizeInBits = 0; -+ key_block_params.ulIVSizeInBits = 0; -+ key_block_params.bIsExport = PR_FALSE; /* ignored anyway for TLS mech */ -+ key_block_params.RandomInfo.pClientRandom = client_random; -+ key_block_params.RandomInfo.ulClientRandomLen = sizeof(client_random); -+ key_block_params.RandomInfo.pServerRandom = server_random; -+ key_block_params.RandomInfo.ulServerRandomLen = sizeof(server_random); -+ key_block_params.pReturnedKeyMaterial = &key_material; -+ key_block_mech.pParameter = (void *) &key_block_params; -+ key_block_mech.ulParameterLen = sizeof(key_block_params); -+ -+ -+ crv = NSC_Initialize((CK_VOID_PTR)&pk11args); -+ if (crv != CKR_OK) { -+ fprintf(stderr,"NSC_Initialize failed crv=0x%x\n",crv); -+ goto loser; -+ } -+ count = slotListCount; -+ crv = NSC_GetSlotList(PR_TRUE,slotList, &count); -+ if (crv != CKR_OK) { -+ fprintf(stderr,"NSC_GetSlotList failed crv=0x%x\n",crv); -+ goto loser; -+ } -+ if ((count > slotListCount) || count < 1) { -+ fprintf(stderr, -+"NSC_GetSlotList returned too many or too few slots: %d slots max=%d min=1\n", -+ count, slotListCount); -+ goto loser; -+ } -+ slotID = slotList[0]; -+ tlsreq = fopen(reqfn, "r"); -+ tlsresp = stdout; -+ while (fgets(buf, sizeof buf, tlsreq) != NULL) { -+ /* a comment or blank line */ -+ if (buf[0] == '#' || buf[0] == '\n') { -+ fputs(buf, tlsresp); -+ continue; -+ } -+ /* [Xchange - SHA1] */ -+ if (buf[0] == '[') { -+ if (strncmp(buf, "[TLS", 4) == 0) { -+ if (buf[7] == '0') { -+ master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE; -+ key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE; -+ } else if (buf[7] == '2') { -+ master_mech.mechanism = -+ CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; -+ key_block_mech.mechanism = -+ CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; -+ } else { -+ fprintf(stderr, "Unknown TLS type %x\n", buf); -+ goto loser; -+ } -+ } -+ if (strncmp(buf, "[pre-master", 11) == 0) { -+ if (sscanf(buf, "[pre-master secret length = %d]", -+ &pms_len) != 1) { -+ goto loser; -+ } -+ pms_len = pms_len/8; -+ pms = malloc(pms_len); -+ master_secret = malloc(pms_len); -+ create_template[0].pValue = pms; -+ create_template[0].ulValueLen = pms_len; -+ master_template.pValue = master_secret; -+ master_template.ulValueLen = pms_len; -+ } -+ if (strncmp(buf, "[key", 4) == 0) { -+ if (sscanf(buf, "[key block length = %d]", &key_block_len) != 1) { -+ goto loser; -+ } -+ key_block_params.ulKeySizeInBits = 8; -+ key_block_params.ulIVSizeInBits = key_block_len/2-8; -+ key_block_len=key_block_len/8; -+ key_block = malloc(key_block_len); -+ kb1_template.pValue = &key_block[0]; -+ kb1_template.ulValueLen = 1; -+ kb2_template.pValue = &key_block[1]; -+ kb2_template.ulValueLen = 1; -+ key_material.pIVClient = &key_block[2]; -+ key_material.pIVServer = &key_block[2+key_block_len/2-1]; -+ } -+ fputs(buf, tlsresp); -+ continue; -+ } -+ /* "COUNT = x" begins a new data set */ -+ if (strncmp(buf, "COUNT", 5) == 0) { -+ /* zeroize the variables for the test with this data set */ -+ memset(pms, 0, pms_len); -+ memset(master_secret, 0, pms_len); -+ memset(key_block, 0, key_block_len); -+ fputs(buf, tlsresp); -+ continue; -+ } -+ /* pre_master_secret = ... */ -+ if (strncmp(buf, "pre_master_secret", 17) == 0) { -+ i = 17; -+ while (isspace(buf[i]) || buf[i] == '=') { -+ i++; -+ } -+ for (j=0; j.req */ -- if ( strcmp(argv[2], "kat") == 0) { -- /* Known Answer Test (KAT) */ -- aes_kat_mmt(argv[4]); -- } else if (strcmp(argv[2], "mmt") == 0) { -- /* Multi-block Message Test (MMT) */ -- aes_kat_mmt(argv[4]); -- } else if (strcmp(argv[2], "mct") == 0) { -- /* Monte Carlo Test (MCT) */ -- if ( strcmp(argv[3], "ecb") == 0) { -- /* ECB mode */ -- aes_ecb_mct(argv[4]); -- } else if (strcmp(argv[3], "cbc") == 0) { -- /* CBC mode */ -- aes_cbc_mct(argv[4]); -- } -- } -+ /* argv[2]=kat|mmt|mct argv[3]=ecb|cbc argv[4]=.req */ -+ if ( strcmp(argv[2], "kat") == 0) { -+ /* Known Answer Test (KAT) */ -+ aes_kat_mmt(argv[4]); -+ } else if (strcmp(argv[2], "mmt") == 0) { -+ /* Multi-block Message Test (MMT) */ -+ aes_kat_mmt(argv[4]); -+ } else if (strcmp(argv[2], "gcm") == 0) { -+ if ( strcmp(argv[3], "decrypt") == 0) { -+ aes_gcm(argv[4],0); -+ } else if (strcmp(argv[3], "encrypt_extiv") == 0) { -+ aes_gcm(argv[4],1); -+ } else if (strcmp(argv[3], "encrypt_intiv") == 0) { -+ aes_gcm(argv[4],2); -+ } -+ } else if (strcmp(argv[2], "mct") == 0) { -+ /* Monte Carlo Test (MCT) */ -+ if ( strcmp(argv[3], "ecb") == 0) { -+ /* ECB mode */ -+ aes_ecb_mct(argv[4]); -+ } else if (strcmp(argv[3], "cbc") == 0) { -+ /* CBC mode */ -+ aes_cbc_mct(argv[4]); -+ } -+ } - /*************/ - /* SHA */ - /*************/ -diff -up ./nss/cmd/fipstest/hmac.sh.fipstest ./nss/cmd/fipstest/hmac.sh ---- ./nss/cmd/fipstest/hmac.sh.fipstest 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/cmd/fipstest/hmac.sh 2014-09-22 11:47:43.492241460 -0700 -@@ -1,8 +1,4 @@ - #!/bin/sh --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. -- - # - # A Bourne shell script for running the NIST HMAC Algorithm Validation Suite - # -@@ -11,14 +7,26 @@ - # shared libraries/DLLs are on the search path. Then run this script in the - # directory where the REQUEST (.req) files reside. The script generates the - # RESPONSE (.rsp) files in the same directory. -+ -+BASEDIR=${1-.} -+TESTDIR=${BASEDIR}/HMAC -+COMMAND=${2-run} -+REQDIR=${TESTDIR}/req -+RSPDIR=${TESTDIR}/resp - - hmac_requests=" - HMAC.req - " - -+if [ ${COMMAND} = "verify" ]; then -+ for request in $hmac_requests; do -+ sh ./validate1.sh ${TESTDIR} $request -+ done -+ exit 0 -+fi - for request in $hmac_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest hmac $request > $response -+ fipstest hmac ${REQDIR}/$request > ${RSPDIR}/$response - done - -diff -up ./nss/cmd/fipstest/rng.sh.fipstest ./nss/cmd/fipstest/rng.sh ---- ./nss/cmd/fipstest/rng.sh.fipstest 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/cmd/fipstest/rng.sh 2014-09-22 11:47:43.493241477 -0700 -@@ -1,8 +1,4 @@ - #!/bin/sh --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. -- - # - # A Bourne shell script for running the NIST RNG Validation Suite - # -@@ -11,13 +7,24 @@ - # shared libraries/DLLs are on the search path. Then run this script in the - # directory where the REQUEST (.req) files reside. The script generates the - # RESPONSE (.rsp) files in the same directory. -+BASEDIR=${1-.} -+TESTDIR=${BASEDIR}/DRBG800-90A -+COMMAND=${2-run} -+REQDIR=${TESTDIR}/req -+RSPDIR=${TESTDIR}/resp - - drbg_requests=" --SHA256_DRBG.req -+Hash_DRBG.req - " - -+if [ ${COMMAND} = "verify" ]; then -+ for request in $drbg_requests; do -+ sh ./validate1.sh ${TESTDIR} $request -+ done -+ exit 0 -+fi - for request in $drbg_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest drbg $request > $response -+ fipstest drbg ${REQDIR}/$request > ${RSPDIR}/$response - done -diff -up ./nss/cmd/fipstest/rsa.sh.fipstest ./nss/cmd/fipstest/rsa.sh ---- ./nss/cmd/fipstest/rsa.sh.fipstest 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/cmd/fipstest/rsa.sh 2014-09-22 11:47:43.493241477 -0700 -@@ -1,8 +1,4 @@ - #!/bin/sh --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. -- - # - # A Bourne shell script for running the NIST RSA Validation System - # -@@ -11,14 +7,31 @@ - # shared libraries/DLLs are on the search path. Then run this script in the - # directory where the REQUEST (.req) files reside. The script generates the - # RESPONSE (.rsp) files in the same directory. -+BASEDIR=${1-.} -+TESTDIR=${BASEDIR}/RSA2 -+COMMAND=${2-run} -+REQDIR=${TESTDIR}/req -+RSPDIR=${TESTDIR}/resp - -+if [ ${COMMAND} = "verify" ]; then -+#verify the signatures. The fax file does not have any known answers, so -+#use our own verify function. -+ name=SigGen15_186-3 -+ echo ">>>>> $name" -+ fipstest rsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F -+# fipstest rsa sigver ${REQDIR}/SigVer15_186-3.req | grep ^Result.=.F -+#The Fax file has the private exponent and the salt value, remove it -+#also remove the false reason -+ sh ./validate1.sh ${TESTDIR} SigVer15_186-3.req ' ' '-e /^SaltVal/d -e/^d.=/d -e /^p.=/d -e /^q.=/d -e /^EM.with/d -e /^Result.=.F/s;.(.*);;' -+ exit 0 -+fi - --request=SigGen15.req -+request=SigGen15_186-3.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response --fipstest rsa siggen $request > $response -+fipstest rsa siggen ${REQDIR}/$request > ${RSPDIR}/$response - --request=SigVer15.req -+request=SigVer15_186-3.req - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response --fipstest rsa sigver $request > $response -+fipstest rsa sigver ${REQDIR}/$request > ${RSPDIR}/$response -diff -up ./nss/cmd/fipstest/runtest.sh.fipstest ./nss/cmd/fipstest/runtest.sh ---- ./nss/cmd/fipstest/runtest.sh.fipstest 2014-09-22 11:47:43.493241477 -0700 -+++ ./nss/cmd/fipstest/runtest.sh 2014-09-22 11:47:43.493241477 -0700 -@@ -0,0 +1,12 @@ -+#!/bin/sh -+TESTDIR=${1-.} -+COMMAND=${2-run} -+TESTS="aes aesgcm dsa ecdsa hmac tls rng rsa sha tdea" -+if [ ${NSS_ENABLE_ECC}x = 1x ]; then -+ TESTS=${TESTS} ecdsa -+fi -+for i in $TESTS -+do -+ echo "********************Running $i tests" -+ sh ./${i}.sh ${TESTDIR} ${COMMAND} -+done -diff -up ./nss/cmd/fipstest/sha.sh.fipstest ./nss/cmd/fipstest/sha.sh ---- ./nss/cmd/fipstest/sha.sh.fipstest 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/cmd/fipstest/sha.sh 2014-09-22 11:47:43.494241494 -0700 -@@ -1,8 +1,4 @@ - #!/bin/sh --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. -- - # - # A Bourne shell script for running the NIST SHA Algorithm Validation Suite - # -@@ -11,9 +7,15 @@ - # shared libraries/DLLs are on the search path. Then run this script in the - # directory where the REQUEST (.req) files reside. The script generates the - # RESPONSE (.rsp) files in the same directory. -+BASEDIR=${1-.} -+TESTDIR=${BASEDIR}/SHA -+COMMAND=${2-run} -+REQDIR=${TESTDIR}/req -+RSPDIR=${TESTDIR}/resp - - sha_ShortMsg_requests=" - SHA1ShortMsg.req -+SHA224ShortMsg.req - SHA256ShortMsg.req - SHA384ShortMsg.req - SHA512ShortMsg.req -@@ -21,6 +23,7 @@ SHA512ShortMsg.req - - sha_LongMsg_requests=" - SHA1LongMsg.req -+SHA224LongMsg.req - SHA256LongMsg.req - SHA384LongMsg.req - SHA512LongMsg.req -@@ -28,23 +31,32 @@ SHA512LongMsg.req - - sha_Monte_requests=" - SHA1Monte.req -+SHA224Monte.req - SHA256Monte.req - SHA384Monte.req - SHA512Monte.req - " -+ -+if [ ${COMMAND} = "verify" ]; then -+ for request in $sha_ShortMsg_requests $sha_LongMsg_requests $sha_Monte_requests; do -+ sh ./validate1.sh ${TESTDIR} $request -+ done -+ exit 0 -+fi -+ - for request in $sha_ShortMsg_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest sha $request > $response -+ fipstest sha ${REQDIR}/$request > ${RSPDIR}/$response - done - for request in $sha_LongMsg_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest sha $request > $response -+ fipstest sha ${REQDIR}/$request > ${RSPDIR}/$response - done - for request in $sha_Monte_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest sha $request > $response -+ fipstest sha ${REQDIR}/$request > ${RSPDIR}/$response - done - -diff -up ./nss/cmd/fipstest/tdea.sh.fipstest ./nss/cmd/fipstest/tdea.sh ---- ./nss/cmd/fipstest/tdea.sh.fipstest 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/cmd/fipstest/tdea.sh 2014-09-22 11:47:43.494241494 -0700 -@@ -1,8 +1,4 @@ - #!/bin/sh --# This Source Code Form is subject to the terms of the Mozilla Public --# License, v. 2.0. If a copy of the MPL was not distributed with this --# file, You can obtain one at http://mozilla.org/MPL/2.0/. -- - # - # A Bourne shell script for running the NIST tdea Algorithm Validation Suite - # -@@ -12,6 +8,12 @@ - # directory where the REQUEST (.req) files reside. The script generates the - # RESPONSE (.rsp) files in the same directory. - -+BASEDIR=${1-.} -+TESTDIR=${BASEDIR}/TDES -+COMMAND=${2-run} -+REQDIR=${TESTDIR}/req -+RSPDIR=${TESTDIR}/resp -+ - #CBC_Known_Answer_tests - #Initial Permutation KAT - #Permutation Operation KAT -@@ -59,33 +61,42 @@ TECBMMT2.req - TECBMMT3.req - " - --for request in $ecb_mmt_requests; do -+ -+if [ ${COMMAND} = "verify" ]; then -+ for request in $cbc_kat_requests $cbc_monte_requests $cbc_mmt_requests $ecb_kat_requests $ecb_monte_requests $ecb_mmt_requests -+ do -+ sh ./validate1.sh ${TESTDIR} $request "-e /^NumKeys/d" -+ done -+ exit 0 -+fi -+ -+for request in $cbc_kat_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest tdea mmt ecb $request > $response -+ fipstest tdea kat cbc ${REQDIR}/$request > ${RSPDIR}/$response - done --for request in $ecb_kat_requests; do -+for request in $cbc_mmt_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest tdea kat ecb $request > $response -+ fipstest tdea mmt cbc ${REQDIR}/$request > ${RSPDIR}/$response - done --for request in $ecb_monte_requests; do -+for request in $cbc_monte_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest tdea mct ecb $request > $response -+ fipstest tdea mct cbc ${REQDIR}/$request > ${RSPDIR}/$response - done --for request in $cbc_mmt_requests; do -+for request in $ecb_kat_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest tdea mmt cbc $request > $response -+ fipstest tdea kat ecb ${REQDIR}/$request > ${RSPDIR}/$response - done --for request in $cbc_kat_requests; do -+for request in $ecb_mmt_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest tdea kat cbc $request > $response -+ fipstest tdea mmt ecb ${REQDIR}/$request > ${RSPDIR}/$response - done --for request in $cbc_monte_requests; do -+for request in $ecb_monte_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response -- fipstest tdea mct cbc $request > $response -+ fipstest tdea mct ecb ${REQDIR}/$request > ${RSPDIR}/$response - done -diff -up ./nss/cmd/fipstest/tls.sh.fipstest ./nss/cmd/fipstest/tls.sh ---- ./nss/cmd/fipstest/tls.sh.fipstest 2014-09-22 11:47:43.494241494 -0700 -+++ ./nss/cmd/fipstest/tls.sh 2014-09-22 11:47:43.494241494 -0700 -@@ -0,0 +1,30 @@ -+#!/bin/sh -+# -+# A Bourne shell script for running the NIST RNG Validation Suite -+# -+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment -+# variables appropriately so that the fipstest command and the NSPR and NSS -+# shared libraries/DLLs are on the search path. Then run this script in the -+# directory where the REQUEST (.req) files reside. The script generates the -+# RESPONSE (.rsp) files in the same directory. -+BASEDIR=${1-.} -+TESTDIR=${BASEDIR}/KDF135 -+COMMAND=${2-run} -+REQDIR=${TESTDIR}/req -+RSPDIR=${TESTDIR}/resp -+ -+drbg_requests=" -+tls.req -+" -+ -+if [ ${COMMAND} = "verify" ]; then -+ for request in $drbg_requests; do -+ sh ./validate1.sh ${TESTDIR} $request -+ done -+ exit 0 -+fi -+for request in $drbg_requests; do -+ response=`echo $request | sed -e "s/req/rsp/"` -+ echo $request $response -+ fipstest tls ${REQDIR}/$request > ${RSPDIR}/$response -+done -diff -up ./nss/cmd/fipstest/validate1.sh.fipstest ./nss/cmd/fipstest/validate1.sh ---- ./nss/cmd/fipstest/validate1.sh.fipstest 2014-09-22 11:47:43.495241511 -0700 -+++ ./nss/cmd/fipstest/validate1.sh 2014-09-22 11:47:43.495241511 -0700 -@@ -0,0 +1,15 @@ -+#!/bin/sh -+TESTDIR=${1-.} -+request=${2} -+extraneous_response=${3} -+extraneous_fax=${4} -+name=`basename $request .req` -+echo ">>>>> $name" -+sed -e 's; ;;g' -e 's; ; ;g' -e '/^#/d' $extraneous_response ${TESTDIR}/resp/${name}.rsp > /tmp/y1 -+size=`sum /tmp/y1 | awk '{ print $NF }'` -+if [ $size -eq 0 ]; then -+ echo "${TESTDIR}/resp/${name}.rsp: empty" -+ exit 1; -+fi -+sed -e 's; ;;g' -e 's; ; ;g' -e '/^#/d' $extraneous_fax ${TESTDIR}/fax/${name}.fax > /tmp/y2 -+diff -i -w -B /tmp/y1 /tmp/y2 -diff -up ./nss/cmd/fipstest/validate.sh.fipstest ./nss/cmd/fipstest/validate.sh ---- ./nss/cmd/fipstest/validate.sh.fipstest 2014-09-22 11:47:43.495241511 -0700 -+++ ./nss/cmd/fipstest/validate.sh 2014-09-22 11:47:43.495241511 -0700 -@@ -0,0 +1,2 @@ -+#!/bin/sh -+sh ./runtest.sh ${1-.} verify diff --git a/SOURCES/nss-softokn-3.16-freebl_dyload.patch b/SOURCES/nss-softokn-3.16-freebl_dyload.patch deleted file mode 100644 index 071b89f..0000000 --- a/SOURCES/nss-softokn-3.16-freebl_dyload.patch +++ /dev/null @@ -1,442 +0,0 @@ -diff -up ./nss/lib/freebl/blname.c.freebl-dyload ./nss/lib/freebl/blname.c ---- ./nss/lib/freebl/blname.c.freebl-dyload 2014-11-17 15:50:32.580158978 -0800 -+++ ./nss/lib/freebl/blname.c 2014-11-17 15:50:32.736161778 -0800 -@@ -5,8 +5,13 @@ - * * License, v. 2.0. If a copy of the MPL was not distributed with this - * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -+#if defined(FREEBL_LOWHASH) -+static const char* default_name = -+ SHLIB_PREFIX"freeblpriv"SHLIB_VERSION"."SHLIB_SUFFIX; -+#else - static const char* default_name = - SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX; -+#endif - - /* getLibName() returns the name of the library to load. */ - -diff -up ./nss/lib/freebl/freebl_hash_vector.def.freebl-dyload ./nss/lib/freebl/freebl_hash_vector.def ---- ./nss/lib/freebl/freebl_hash_vector.def.freebl-dyload 2014-11-17 15:50:32.737161796 -0800 -+++ ./nss/lib/freebl/freebl_hash_vector.def 2014-11-17 15:50:32.737161796 -0800 -@@ -0,0 +1,34 @@ -+;+# -+;+# This Source Code Form is subject to the terms of the Mozilla Public -+;+# License, v. 2.0. If a copy of the MPL was not distributed with this -+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/. -+;+# -+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS -+;+# 1. For all unix platforms, the string ";-" means "remove this line" -+;+# 2. For all unix platforms, the string " DATA " will be removed from any -+;+# line on which it occurs. -+;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX. -+;+# On AIX, lines containing ";+" will be removed. -+;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed. -+;+# 5. For all unix platforms, after the above processing has taken place, -+;+# all characters after the first ";" on the line will be removed. -+;+# And for AIX, the first ";" will also be removed. -+;+# This file is passed directly to windows. Since ';' is a comment, all UNIX -+;+# directives are hidden behind ";", ";+", and ";-" -+;+ -+;+NSSprivate_3.11 { # NSS 3.11 release -+;+ global: -+LIBRARY freebl3 ;- -+EXPORTS ;- -+FREEBL_GetVector; -+;+ local: -+;+ *; -+;+}; -+;+NSSprivate_3.16 { # NSS 3.11 release -+;+ global: -+LIBRARY freebl3 ;- -+EXPORTS ;- -+NSSLOW_GetVector; -+;+ local: -+;+ *; -+;+}; -diff -up ./nss/lib/freebl/ldvector.c.freebl-dyload ./nss/lib/freebl/ldvector.c ---- ./nss/lib/freebl/ldvector.c.freebl-dyload 2014-11-17 15:50:32.583159032 -0800 -+++ ./nss/lib/freebl/ldvector.c 2014-11-17 15:50:32.737161796 -0800 -@@ -14,7 +14,6 @@ extern int FREEBL_InitStubs(void); - #include "hmacct.h" - #include "blapii.h" - -- - static const struct FREEBLVectorStr vector = - { - -@@ -292,6 +291,8 @@ static const struct FREEBLVectorStr vect - /* End of Version 3.017 */ - }; - -+ -+ - const FREEBLVector * - FREEBL_GetVector(void) - { -@@ -317,3 +318,31 @@ FREEBL_GetVector(void) - return &vector; - } - -+ -+#ifdef FREEBL_LOWHASH -+static const struct NSSLOWVectorStr nssvector = -+{ -+ sizeof nssvector, -+ NSSLOW_VERSION, -+ FREEBL_GetVector, -+ NSSLOW_Init, -+ NSSLOW_Shutdown, -+ NSSLOW_Reset, -+ NSSLOWHASH_NewContext, -+ NSSLOWHASH_Begin, -+ NSSLOWHASH_Update, -+ NSSLOWHASH_End, -+ NSSLOWHASH_Destroy, -+ NSSLOWHASH_Length -+}; -+ -+const NSSLOWVector * -+NSSLOW_GetVector(void) -+{ -+ SECStatus rv; -+ -+ /* POST check and stub init happens in FREEBL_GetVector() and -+ * NSSLOW_Init() respectively */ -+ return &nssvector; -+} -+#endif -diff -up ./nss/lib/freebl/loader.h.freebl-dyload ./nss/lib/freebl/loader.h ---- ./nss/lib/freebl/loader.h.freebl-dyload 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/loader.h 2014-11-17 15:50:32.738161814 -0800 -@@ -10,6 +10,7 @@ - - #include "blapi.h" - -+ - #define FREEBL_VERSION 0x0311 - - struct FREEBLVectorStr { -@@ -713,8 +714,43 @@ struct FREEBLVectorStr { - - typedef struct FREEBLVectorStr FREEBLVector; - -+#ifdef FREEBL_LOWHASH -+#include "nsslowhash.h" -+ -+#define NSSLOW_VERSION 0x0300 -+ -+struct NSSLOWVectorStr { -+ unsigned short length; /* of this struct in bytes */ -+ unsigned short version; /* of this struct. */ -+ const FREEBLVector *(*p_FREEBL_GetVector)(void); -+ NSSLOWInitContext *(*p_NSSLOW_Init)(void); -+ void (*p_NSSLOW_Shutdown)(NSSLOWInitContext *context); -+ void (*p_NSSLOW_Reset)(NSSLOWInitContext *context); -+ NSSLOWHASHContext *(*p_NSSLOWHASH_NewContext)( -+ NSSLOWInitContext *initContext, -+ HASH_HashType hashType); -+ void (*p_NSSLOWHASH_Begin)(NSSLOWHASHContext *context); -+ void (*p_NSSLOWHASH_Update)(NSSLOWHASHContext *context, -+ const unsigned char *buf, -+ unsigned int len); -+ void (*p_NSSLOWHASH_End)(NSSLOWHASHContext *context, -+ unsigned char *buf, -+ unsigned int *ret, unsigned int len); -+ void (*p_NSSLOWHASH_Destroy)(NSSLOWHASHContext *context); -+ unsigned int (*p_NSSLOWHASH_Length)(NSSLOWHASHContext *context); -+}; -+ -+typedef struct NSSLOWVectorStr NSSLOWVector; -+#endif -+ - SEC_BEGIN_PROTOS - -+#ifdef FREEBL_LOWHASH -+typedef const NSSLOWVector * NSSLOWGetVectorFn(void); -+ -+extern NSSLOWGetVectorFn NSSLOW_GetVector; -+#endif -+ - typedef const FREEBLVector * FREEBLGetVectorFn(void); - - extern FREEBLGetVectorFn FREEBL_GetVector; -diff -up ./nss/lib/freebl/lowhash_vector.c.freebl-dyload ./nss/lib/freebl/lowhash_vector.c ---- ./nss/lib/freebl/lowhash_vector.c.freebl-dyload 2014-11-17 15:50:32.739161832 -0800 -+++ ./nss/lib/freebl/lowhash_vector.c 2014-11-17 16:56:14.683766156 -0800 -@@ -0,0 +1,213 @@ -+/* -+ * loader.c - load platform dependent DSO containing freebl implementation. -+ * -+ * This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+#define _GNU_SOURCE 1 -+#include "loader.h" -+#include "prmem.h" -+#include "prerror.h" -+#include "prinit.h" -+#include "prenv.h" -+#include "blname.c" -+ -+#include "prio.h" -+#include "prprf.h" -+#include -+#include "prsystem.h" -+#include "nsslowhash.h" -+#include -+#include "pratom.h" -+ -+static const char *NameOfThisSharedLib = -+ SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX; -+ -+static PRLibrary* blLib; -+ -+#define LSB(x) ((x)&0xff) -+#define MSB(x) ((x)>>8) -+ -+static const NSSLOWVector *vector; -+static const char *libraryName = NULL; -+ -+/* pretty much only glibc uses this, make sure we don't have any depenencies -+ * on nspr.. */ -+#undef PORT_Alloc -+#undef PORT_Free -+#define PORT_Alloc malloc -+#define PR_Malloc malloc -+#define PORT_Free free -+#define PR_Free free -+#define PR_GetDirectorySeparator() '/' -+#define PR_LoadLibraryWithFlags(libspec,flags) \ -+ (PRLibrary*)dlopen(libSpec.value.pathname,RTLD_NOW|RTLD_LOCAL) -+#define PR_GetLibraryFilePathname(name,addr) \ -+ freebl_lowhash_getLibraryFilePath(addr) -+ -+static char * -+freebl_lowhash_getLibraryFilePath(void *addr) -+{ -+ Dl_info dli; -+ if (dladdr(addr, &dli) == 0) { -+ return NULL; -+ } -+ return strdup(dli.dli_fname); -+} -+#include "genload.c" -+ -+ -+/* This function must be run only once. */ -+/* determine if hybrid platform, then actually load the DSO. */ -+static PRStatus -+freebl_LoadDSO( void ) -+{ -+ PRLibrary * handle; -+ const char * name = getLibName(); -+ -+ if (!name) { -+ PR_SetError(PR_LOAD_LIBRARY_ERROR, 0); -+ return PR_FAILURE; -+ } -+ handle = loader_LoadLibrary(name); -+ if (handle) { -+ void *address = dlsym(handle, "NSSLOW_GetVector"); -+ PRStatus status; -+ if (address) { -+ NSSLOWGetVectorFn * getVector = (NSSLOWGetVectorFn *)address; -+ const NSSLOWVector * dsoVector = getVector(); -+ if (dsoVector) { -+ unsigned short dsoVersion = dsoVector->version; -+ unsigned short myVersion = NSSLOW_VERSION; -+ if (MSB(dsoVersion) == MSB(myVersion) && -+ LSB(dsoVersion) >= LSB(myVersion) && -+ dsoVector->length >= sizeof(NSSLOWVector)) { -+ vector = dsoVector; -+ libraryName = name; -+ blLib = handle; -+ return PR_SUCCESS; -+ } -+ } -+ } -+ status = dlclose(handle); -+ PORT_Assert(PR_SUCCESS == status); -+ } -+ return PR_FAILURE; -+} -+ -+static PRCallOnceType loadFreeBLOnce; -+/* remove when NSPR pratom.h is updated. s390 has atomic intrinsics, -+ * but nspr doesn't know it. */ -+#if defined(__s390__) || defined(__s390x__) -+#undef PR_ATOMIC_SET -+#define PR_ATOMIC_SET(val, newval) __sync_lock_test_and_set(val, newval) -+#endif -+ -+static PRStatus -+freebl_RunLoaderOnce( void ) -+{ -+ PRStatus status; -+ -+ /* Don't have NSPR, so can use the real PR_CallOnce, implement a stripped -+ * down version. */ -+ if (loadFreeBLOnce.initialized) { -+ return loadFreeBLOnce.status; -+ } -+ /* PR_ATOMIC_SET macro is implemented with compiler intrinsics, if we don't -+ * have the intrinsic, it will be set to an NSPR PR_Atomic function, which -+ * will show up as missing at build time. If we get that missing function, -+ * Then we'll need to implement a PR_AtomicSet() function for that platform -+ */ -+ if (PR_ATOMIC_SET(&loadFreeBLOnce.inProgress,1) == 0) { -+ loadFreeBLOnce.status = freebl_LoadDSO(); -+ loadFreeBLOnce.initialized = 1; -+ } else { -+ /* shouldn't have a lot of takers on the else clause, which is good -+ * since we don't have condition variables yet. -+ * 'initialized' only ever gets set (not cleared) so we don't -+ * need the traditional locks. */ -+ while (!loadFreeBLOnce.initialized) { -+ sleep(1); /* don't have condition variables, just give up the CPU */ -+ } -+ } -+ -+ return loadFreeBLOnce.status; -+} -+ -+const FREEBLVector *FREEBL_GetVector(void) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return NULL; -+ return (vector->p_FREEBL_GetVector)(); -+} -+ -+NSSLOWInitContext *NSSLOW_Init(void) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return NULL; -+ return (vector->p_NSSLOW_Init)(); -+} -+ -+void NSSLOW_Shutdown(NSSLOWInitContext *context) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return; -+ (vector->p_NSSLOW_Shutdown)(context); -+} -+ -+void NSSLOW_Reset(NSSLOWInitContext *context) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return; -+ (vector->p_NSSLOW_Reset)(context); -+} -+ -+NSSLOWHASHContext *NSSLOWHASH_NewContext( -+ NSSLOWInitContext *initContext, -+ HASH_HashType hashType) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return NULL; -+ return (vector->p_NSSLOWHASH_NewContext)(initContext, hashType); -+} -+ -+void NSSLOWHASH_Begin(NSSLOWHASHContext *context) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return; -+ (vector->p_NSSLOWHASH_Begin)(context); -+} -+ -+void NSSLOWHASH_Update(NSSLOWHASHContext *context, -+ const unsigned char *buf, -+ unsigned int len) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return; -+ (vector->p_NSSLOWHASH_Update)(context, buf, len); -+} -+ -+void NSSLOWHASH_End(NSSLOWHASHContext *context, -+ unsigned char *buf, -+ unsigned int *ret, unsigned int len) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return; -+ (vector->p_NSSLOWHASH_End)(context, buf, ret, len); -+} -+ -+void NSSLOWHASH_Destroy(NSSLOWHASHContext *context) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return; -+ (vector->p_NSSLOWHASH_Destroy)(context); -+} -+ -+unsigned int NSSLOWHASH_Length(NSSLOWHASHContext *context) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return -1; -+ return (vector->p_NSSLOWHASH_Length)(context); -+} -+ -diff -up ./nss/lib/freebl/Makefile.freebl-dyload ./nss/lib/freebl/Makefile ---- ./nss/lib/freebl/Makefile.freebl-dyload 2014-11-17 15:50:32.684160845 -0800 -+++ ./nss/lib/freebl/Makefile 2014-11-17 15:50:32.739161832 -0800 -@@ -46,13 +46,24 @@ ifeq ($(FREEBL_NO_DEPEND),1) - endif - - ifeq ($(FREEBL_LOWHASH),1) -+ DEFINES += -DFREEBL_LOWHASH - LOWHASH_SRCS = nsslowhash.c - LOWHASH_EXPORTS = nsslowhash.h -- MAPFILE_SOURCE = freebl_hash.def -+ MAPFILE_SOURCE = freebl_hash_vector.def -+ FREEBL_BUILD_LOWHASH = 1 - else - MAPFILE_SOURCE = freebl.def - endif - -+ifdef FREEBL_LOWHASH_BUILD -+ CSRCS = lowhash_vector.c -+ SIMPLE_OBJS = $(CSRCS:.c=$(OBJ_SUFFIX)) -+ OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS)) -+ ALL_TRASH := $(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \ -+ $(NOSUCHFILE) so_locations -+ MAPFILE_SOURCE = freebl_hash.def -+endif -+ - # FREEBL_USE_PRELINK - # - # Most modern version of Linux support a speed optimization scheme where an -@@ -574,6 +585,17 @@ release_md libs:: $(SINGLE_SHLIB_DIR) - - endif - -+ifdef FREEBL_BUILD_LOWHASH -+SINGLE_SHLIB_DIR = $(OBJDIR)/$(OS_TARGET)_SINGLE_SHLIB -+ALL_TRASH += $(SINGLE_SHLIB_DIR) -+$(SINGLE_SHLIB_DIR): -+ -mkdir $(SINGLE_SHLIB_DIR) -+ -+release_md libs:: $(SINGLE_SHLIB_DIR) -+ $(MAKE) FREEBL_LOWHASH_BUILD=1 FREEBL_CHILD_BUILD=1 \ -+ OBJDIR=$(SINGLE_SHLIB_DIR) $@ -+endif -+ - # multiple shared libraries - - ######################## ABI32_FPU stuff ######################### -diff -up ./nss/lib/freebl/manifest.mn.freebl-dyload ./nss/lib/freebl/manifest.mn ---- ./nss/lib/freebl/manifest.mn.freebl-dyload 2014-11-17 15:50:32.583159032 -0800 -+++ ./nss/lib/freebl/manifest.mn 2014-11-17 15:50:32.739161832 -0800 -@@ -29,6 +29,12 @@ ifdef FREEBL_CHILD_BUILD - ifdef USE_ABI64_FPU - LIBRARY_NAME = freebl_64fpu - endif -+ ifdef FREEBL_LOWHASH -+ LIBRARY_NAME = freeblpriv -+ endif -+ ifdef FREEBL_LOWHASH_BUILD -+ LIBRARY_NAME = freebl -+ endif - endif - - # if the library name contains _, we prefix the version with _ diff --git a/SOURCES/nss-softokn-3.16-lowhash-test.patch b/SOURCES/nss-softokn-3.16-lowhash-test.patch deleted file mode 100644 index d8afbe3..0000000 --- a/SOURCES/nss-softokn-3.16-lowhash-test.patch +++ /dev/null @@ -1,441 +0,0 @@ -diff -up ./nss/cmd/lowhashtest/lowhashtest.c.lowhash-test ./nss/cmd/lowhashtest/lowhashtest.c ---- ./nss/cmd/lowhashtest/lowhashtest.c.lowhash-test 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/cmd/lowhashtest/lowhashtest.c 2014-09-22 11:10:55.537028950 -0700 -@@ -1,23 +1,29 @@ - #include - #include - #include -- --#include "nspr.h" -+#include - - /* nss headers */ --#include "prtypes.h" --#include "plgetopt.h" --#include "hasht.h" -+#include "prtypes.h" -+#include "hasht.h" - #include "nsslowhash.h" --#include "secport.h" --#include "hasht.h" --#include "basicutil.h" - - static char *progName = NULL; - -+static void -+dump(FILE *io, const unsigned char *buf, int len) -+{ -+ int i; -+ for (i=0; i < len; i++) { -+ if (i!=0) fprintf(io,", "); -+ fprintf(io, "0x%02x",buf[i]); -+ } -+ fprintf(io, "\n"); -+} -+ - static int test_long_message(NSSLOWInitContext *initCtx, - HASH_HashType algoType, unsigned int hashLen, -- const PRUint8 expected[], PRUint8 results[]) -+ const unsigned char expected[], unsigned char results[]) - { - unsigned int len, i, rv = 0; - NSSLOWHASHContext *ctx; -@@ -27,11 +33,11 @@ static int test_long_message(NSSLOWInitC - * buffer and call update 1,000 times. - */ - unsigned char buf[1000]; -- (void) PORT_Memset(buf, 'a', sizeof(buf)); -+ (void) memset(buf, 'a', sizeof(buf)); - - ctx = NSSLOWHASH_NewContext(initCtx, algoType); - if (ctx == NULL) { -- SECU_PrintError(progName, "Couldn't get hash context\n"); -+ fprintf(stderr,"%s: Couldn't get hash context\n", progName); - return 1; - } - -@@ -41,12 +47,14 @@ static int test_long_message(NSSLOWInitC - } - - NSSLOWHASH_End(ctx, results, &len, hashLen); -- PR_ASSERT(len == hashLen); -- PR_ASSERT(PORT_Memcmp(expected, results, hashLen) == 0); -- if (PORT_Memcmp(expected, results, len) != 0) { -- SECU_PrintError(progName, "Hash mismatch\n"); -- SECU_PrintBuf(stdout, "Expected: ", expected, hashLen); -- SECU_PrintBuf(stdout, "Actual: ", results, len); -+ assert(len == hashLen); -+ assert(memcmp(expected, results, hashLen) == 0); -+ if (memcmp(expected, results, len) != 0) { -+ fprintf(stderr,"%s: Hash mismatch\n", progName); -+ fprintf(stderr," Expected: (len=%d) ", hashLen); -+ dump(stderr,expected, hashLen); -+ fprintf(stderr," Actual: (len=%d) ", len); -+ dump(stderr, results, len); - rv = 1; - } - -@@ -57,33 +65,33 @@ static int test_long_message(NSSLOWInitC - } - - static int test_long_message_sha1(NSSLOWInitContext *initCtx) { -- PRUint8 results[SHA1_LENGTH]; -+ unsigned char results[SHA1_LENGTH]; - /* Test vector from FIPS 180-2: appendix B.3. */ - - /* 34aa973c d4c4daa4 f61eeb2b dbad2731 6534016f. */ -- static const PRUint8 expected[SHA256_LENGTH] = -+ static const unsigned char expected[SHA256_LENGTH] = - { 0x34,0xaa,0x97,0x3c, 0xd4,0xc4,0xda,0xa4, 0xf6,0x1e,0xeb,0x2b, - 0xdb,0xad,0x27,0x31, 0x65,0x34,0x01,0x6f }; - unsigned char buf[1000]; -- (void) PORT_Memset(buf, 'a', sizeof(buf)); -+ (void) memset(buf, 'a', sizeof(buf)); - return test_long_message(initCtx, HASH_AlgSHA1, - SHA1_LENGTH, &expected[0], results); - } - - static int test_long_message_sha256(NSSLOWInitContext *initCtx) { -- PRUint8 results[SHA256_LENGTH]; -+ unsigned char results[SHA256_LENGTH]; - /* cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0. */ -- static const PRUint8 expected[SHA256_LENGTH] = -+ static const unsigned char expected[SHA256_LENGTH] = - { 0xcd,0xc7,0x6e,0x5c, 0x99,0x14,0xfb,0x92, 0x81,0xa1,0xc7,0xe2, 0x84,0xd7,0x3e,0x67, - 0xf1,0x80,0x9a,0x48, 0xa4,0x97,0x20,0x0e, 0x04,0x6d,0x39,0xcc, 0xc7,0x11,0x2c,0xd0 }; - unsigned char buf[1000]; -- (void) PORT_Memset(buf, 'a', sizeof(buf)); -+ (void) memset(buf, 'a', sizeof(buf)); - return test_long_message(initCtx, HASH_AlgSHA256, - SHA256_LENGTH, &expected[0], results); - } - - static int test_long_message_sha384(NSSLOWInitContext *initCtx) { -- PRUint8 results[SHA384_LENGTH]; -+ unsigned char results[SHA384_LENGTH]; - /* Test vector from FIPS 180-2: appendix B.3. */ - /* - 9d0e1809716474cb -@@ -93,7 +101,7 @@ static int test_long_message_sha384(NSSL - 07b8b3dc38ecc4eb - ae97ddd87f3d8985. - */ -- static const PRUint8 expected[SHA384_LENGTH] = -+ static const unsigned char expected[SHA384_LENGTH] = - { 0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb, - 0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c, - 0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52, -@@ -101,22 +109,22 @@ static int test_long_message_sha384(NSSL - 0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb, - 0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 }; - unsigned char buf[1000]; -- (void) PORT_Memset(buf, 'a', sizeof(buf)); -+ (void) memset(buf, 'a', sizeof(buf)); - - return test_long_message(initCtx, HASH_AlgSHA384, - SHA384_LENGTH, &expected[0], results); - } - - static int test_long_message_sha512(NSSLOWInitContext *initCtx) { -- PRUint8 results[SHA512_LENGTH]; -+ unsigned char results[SHA512_LENGTH]; - /* Test vector from FIPS 180-2: appendix B.3. */ -- static const PRUint8 expected[SHA512_LENGTH] = -+ static const unsigned char expected[SHA512_LENGTH] = - { 0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63, - 0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb, - 0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b, - 0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b}; - unsigned char buf[1000]; -- (void) PORT_Memset(buf, 'a', sizeof(buf)); -+ (void) memset(buf, 'a', sizeof(buf)); - - return test_long_message(initCtx, HASH_AlgSHA512, - SHA512_LENGTH, &expected[0], results); -@@ -126,7 +134,7 @@ static int test_long_message_sha512(NSSL - static int testMessageDigest(NSSLOWInitContext *initCtx, - HASH_HashType algoType, unsigned int hashLen, - const unsigned char *message, -- const PRUint8 expected[], PRUint8 results[]) -+ const unsigned char expected[], unsigned char results[]) - { - NSSLOWHASHContext *ctx; - unsigned int len; -@@ -134,20 +142,22 @@ static int testMessageDigest(NSSLOWInitC - - ctx = NSSLOWHASH_NewContext(initCtx, algoType); - if (ctx == NULL) { -- SECU_PrintError(progName, "Couldn't get hash context\n"); -+ fprintf(stderr, "%s: Couldn't get hash context\n", progName); - return 1; - } - - NSSLOWHASH_Begin(ctx); -- NSSLOWHASH_Update(ctx, message, PORT_Strlen((const char *)message)); -+ NSSLOWHASH_Update(ctx, message, strlen((const char *)message)); - NSSLOWHASH_End(ctx, results, &len, hashLen); -- PR_ASSERT(len == hashLen); -- PR_ASSERT(PORT_Memcmp(expected, results, len) == 0); -+ assert(len == hashLen); -+ assert(memcmp(expected, results, len) == 0); - -- if (PORT_Memcmp(expected, results, len) != 0) { -- SECU_PrintError(progName, "Hash mismatch\n"); -- SECU_PrintBuf(stdout, "Expected: ", expected, hashLen); -- SECU_PrintBuf(stdout, "Actual: ", results, len); -+ if (memcmp(expected, results, len) != 0) { -+ fprintf(stderr,"%s: Hash mismatch\n", progName); -+ fprintf(stderr," Expected: (len=%d) ", hashLen); -+ dump(stderr,expected, hashLen); -+ fprintf(stderr," Actual: (len=%d) ", len); -+ dump(stderr, results, len); - rv = 1; - } - -@@ -164,7 +174,7 @@ static int testMD5(NSSLOWInitContext *in - - static const struct { - const unsigned char *input; -- const PRUint8 result[MD5_LENGTH]; -+ const unsigned char result[MD5_LENGTH]; - } md5tests[] = { - { (unsigned char *) "", - {0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e} }, -@@ -182,7 +192,7 @@ static int testMD5(NSSLOWInitContext *in - "12345678901234567890", - {0x57,0xed,0xf4,0xa2,0x2b,0xe3,0xc9,0x55,0xac,0x49,0xda,0x2e,0x21,0x07,0xb6,0x7a} } - }; -- PRUint8 results[MD5_LENGTH]; -+ unsigned char results[MD5_LENGTH]; - int rv = 0, cnt, numTests; - - numTests = sizeof(md5tests)/sizeof(md5tests[0]); -@@ -203,7 +213,7 @@ static int testSHA1(NSSLOWInitContext *i - { - static const struct { - const unsigned char *input; -- const PRUint8 result[SHA1_LENGTH]; -+ const unsigned char result[SHA1_LENGTH]; - } sha1tests[] = { - /* one block messsage */ - { (const unsigned char *) -@@ -222,7 +232,7 @@ static int testSHA1(NSSLOWInitContext *i - } - }; - -- PRUint8 results[SHA1_LENGTH]; -+ unsigned char results[SHA1_LENGTH]; - int rv = 0, cnt, numTests; - - numTests = sizeof(sha1tests)/sizeof(sha1tests[0]); -@@ -240,7 +250,7 @@ static int testSHA224(NSSLOWInitContext - { - static const struct { - const unsigned char *input; -- const PRUint8 result[SHA224_LENGTH]; -+ const unsigned char result[SHA224_LENGTH]; - } sha224tests[] = { - /* one block messsage */ - { (const unsigned char *) "abc", -@@ -254,7 +264,7 @@ static int testSHA224(NSSLOWInitContext - } - }; - -- PRUint8 results[SHA224_LENGTH]; -+ unsigned char results[SHA224_LENGTH]; - int rv = 0, cnt, numTests; - - numTests = sizeof(sha224tests)/sizeof(sha224tests[0]); -@@ -271,7 +281,7 @@ static int testSHA256(NSSLOWInitContext - { - static const struct { - const unsigned char *input; -- const PRUint8 result[SHA256_LENGTH]; -+ const unsigned char result[SHA256_LENGTH]; - } sha256tests[] = { - /* Test vectors from FIPS 180-2: appendix B.1. */ - { (unsigned char *) "abc", -@@ -285,7 +295,7 @@ static int testSHA256(NSSLOWInitContext - } - }; - -- PRUint8 results[SHA256_LENGTH]; -+ unsigned char results[SHA256_LENGTH]; - int rv = 0, cnt, numTests; - - numTests = sizeof(sha256tests)/sizeof(sha256tests[0]); -@@ -303,7 +313,7 @@ static int testSHA384(NSSLOWInitContext - { - static const struct { - const unsigned char *input; -- const PRUint8 result[SHA384_LENGTH]; -+ const unsigned char result[SHA384_LENGTH]; - } sha384tests[] = { - /* Test vector from FIPS 180-2: appendix D, single-block message. */ - { (unsigned char *) "abc", -@@ -334,7 +344,7 @@ static int testSHA384(NSSLOWInitContext - 0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39} } - }; - -- PRUint8 results[SHA384_LENGTH]; -+ unsigned char results[SHA384_LENGTH]; - int rv = 0, cnt, numTests; - - numTests = sizeof(sha384tests)/sizeof(sha384tests[0]); -@@ -353,7 +363,7 @@ int testSHA512(NSSLOWInitContext *initCt - { - static const struct { - const unsigned char *input; -- const PRUint8 result[SHA512_LENGTH]; -+ const unsigned char result[SHA512_LENGTH]; - } sha512tests[] = { - /* Test vectors from FIPS 180-2: appendix C.1. */ - { (unsigned char *) "abc", -@@ -372,7 +382,7 @@ int testSHA512(NSSLOWInitContext *initCt - } - }; - -- PRUint8 results[SHA512_LENGTH]; -+ unsigned char results[SHA512_LENGTH]; - int rv = 0, cnt, numTests; - - numTests = sizeof(sha512tests)/sizeof(sha512tests[0]); -@@ -406,7 +416,7 @@ int main(int argc, char **argv) - - initCtx = NSSLOW_Init(); - if (initCtx == NULL) { -- SECU_PrintError(progName, "Couldn't initialize for hashing\n"); -+ fprintf(stderr, "%s: Couldn't initialize for hashing\n", progName); - return 1; - } - -@@ -430,7 +440,7 @@ int main(int argc, char **argv) - } else if (strcmp(argv[1], "SHA512") == 0) { - rv += testSHA512(initCtx); - } else { -- SECU_PrintError(progName, "Unsupported hash type %s\n", argv[0]); -+ fprintf(stderr,"%s: Unsupported hash type %s\n", progName, argv[0]); - Usage(progName); - } - -diff -up ./nss/lib/freebl/nsslowhash.c.lowhash-test ./nss/lib/freebl/nsslowhash.c ---- ./nss/lib/freebl/nsslowhash.c.lowhash-test 2014-09-22 11:10:55.518028631 -0700 -+++ ./nss/lib/freebl/nsslowhash.c 2014-09-22 11:10:55.545029084 -0700 -@@ -28,6 +28,13 @@ static int nsslow_GetFIPSEnabled(void) { - FILE *f; - char d; - size_t size; -+ char *env = getenv("NSS_FIPS"); -+ -+ /* if the enviroment variable is set, force fips anyway. This lets us -+ * test FIPS mode even if the system isn't in FIPS mode */ -+ if (env && *env == '1') { -+ return 1; -+ } - - f = fopen("/proc/sys/crypto/fips_enabled", "r"); - if (!f) -diff -up ./nss/tests/lowhash/lowhash.sh.lowhash-test ./nss/tests/lowhash/lowhash.sh ---- ./nss/tests/lowhash/lowhash.sh.lowhash-test 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/tests/lowhash/lowhash.sh 2014-09-22 11:10:55.546029101 -0700 -@@ -95,3 +95,100 @@ lowhash_init - lowhash_test - lowhash_cleanup - echo "lowhash.sh done" -+#! /bin/bash -+# -+# This Source Code Form is subject to the terms of the Mozilla Public -+# License, v. 2.0. If a copy of the MPL was not distributed with this -+# file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+######################################################################## -+# mozilla/security/nss/tests/lowhash/lowhash.sh -+# -+# Script to test basic functionallity of the NSSLoHash API -+# -+# included from -+# -------------- -+# all.sh -+# -+# needs to work on all Linux platforms -+# -+# tests implemented: -+# lowash (verify encryption cert - bugzilla bug 119059) -+# -+# special strings -+# --------------- -+# -+######################################################################## -+ -+errors=0 -+ -+############################## lowhash_init ############################## -+# local shell function to initialize this script -+######################################################################## -+lowhash_init() -+{ -+ SCRIPTNAME=lowhash.sh # sourced - $0 would point to all.sh -+ -+ if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for -+ CLEANUP="${SCRIPTNAME}" # cleaning this script will do it -+ fi -+ -+ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then -+ cd ../common -+ . ./init.sh -+ fi -+ LOWHASHDIR=../lowhash -+ mkdir -p ${LOWHASHDIR} -+ if [ -f /proc/sys/crypto/fips_enabled ]; then -+ FVAL=`cat /proc/sys/crypto/fips_enabled` -+ html_head "Lowhash Tests - /proc/sys/crypto/fips_enabled is ${FVAL}" -+ else -+ html_head "Lowhash Tests" -+ fi -+ cd ${LOWHASHDIR} -+} -+ -+############################## lowhash_test ############################## -+# local shell function to test basic the NSS Low Hash API both in -+# FIPS 140 compliant mode and not -+######################################################################## -+lowhash_test() -+{ -+ if [ ! -f ${BINDIR}/lowhashtest -a \ -+ ! -f ${BINDIR}/lowhashtest${PROG_SUFFIX} ]; then -+ echo "freebl lowhash not supported in this plaform." -+ else -+ TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512" -+ OLD_MODE=`echo ${NSS_FIPS}` -+ for fips_mode in 0 1; do -+ echo "lowhashtest with fips mode=${fips_mode}" -+ export NSS_FIPS=${fips_mode} -+ for TEST in ${TESTS} -+ do -+ echo "lowhashtest ${TEST}" -+ ${BINDIR}/lowhashtest ${TEST} 2>&1 -+ RESULT=$? -+ html_msg ${RESULT} 0 "lowhashtest with fips mode=${fips_mode} for ${TEST}" -+ done -+ done -+ export NSS_FIPS=${OLD_MODE} -+ fi -+} -+ -+############################## lowhash_cleanup ############################ -+# local shell function to finish this script (no exit since it might be -+# sourced) -+######################################################################## -+lowhash_cleanup() -+{ -+ html "
" -+ cd ${QADIR} -+ . common/cleanup.sh -+} -+ -+################## main ################################################# -+ -+lowhash_init -+lowhash_test -+lowhash_cleanup -+echo "lowhash.sh done" diff --git a/SOURCES/nss-softokn-3.16-ppc-no-init_support.patch b/SOURCES/nss-softokn-3.16-ppc-no-init_support.patch deleted file mode 100644 index 656e4b4..0000000 --- a/SOURCES/nss-softokn-3.16-ppc-no-init_support.patch +++ /dev/null @@ -1,101 +0,0 @@ -diff -up ./nss/lib/freebl/fipsfreebl.c.ppc_no_init_support ./nss/lib/freebl/fipsfreebl.c ---- ./nss/lib/freebl/fipsfreebl.c.ppc_no_init_support 2014-10-17 18:49:18.235965317 -0700 -+++ ./nss/lib/freebl/fipsfreebl.c 2014-10-17 18:49:18.256965469 -0700 -@@ -33,7 +33,7 @@ - - - /* GCC Attribute */ --#ifdef __GNUC__ -+#if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT) - #define INIT_FUNCTION __attribute__((constructor)) - #else - #define INIT_FUNCTION -@@ -1748,12 +1748,12 @@ bl_startup_tests(void) - */ - SECStatus - BL_FIPSEntryOK(PRBool freebl_only) { --#ifdef NO_INIT_SUPPORT -+#ifdef NSS_NO_INIT_SUPPORT - /* this should only be set on platforms that can't handle one of the INIT - * schemes. This code allows those platforms to continue to function, -- * though they don't meet the strict NIST requirements. If NO_INIT_SUPPORT -+ * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT - * is not set, and init support has not been properly enabled, freebl -- * will always fail because of the test below */ -+ * will always fail because of the test below - */ - if (!self_tests_freebl_ran) { - bl_startup_tests(); -diff -up ./nss/lib/freebl/Makefile.ppc_no_init_support ./nss/lib/freebl/Makefile ---- ./nss/lib/freebl/Makefile.ppc_no_init_support 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/Makefile 2014-10-17 18:49:18.257965476 -0700 -@@ -87,6 +87,10 @@ ifdef LINUX - DEFINES += -D__GNU_SOURCE=1 - endif - endif -+ifdef NSS_NO_INIT_SUPPORT -+ DEFINES += -DNSS_NO_INIT_SUPPORT -+endif -+ - ifdef FREEBL_PRELINK_COMMAND - DEFINES +=-DFREEBL_PRELINK_COMMAND=\"$(FREEBL_PRELINK_COMMAND)\" - endif -@@ -220,6 +224,11 @@ ifeq ($(CPU_ARCH),arm) - DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512 - MPI_SRCS += mpi_arm.c - endif -+ifeq ($(CPU_ARCH),ppc) -+ifdef USE_64 -+ DEFINES += -DNSS_NO_INIT_SUPPORT -+endif # USE_64 -+endif # ppc - endif # Linux - - ifeq ($(OS_TARGET),AIX) -diff -up ./nss/lib/softoken/fipstest.c.ppc_no_init_support ./nss/lib/softoken/fipstest.c ---- ./nss/lib/softoken/fipstest.c.ppc_no_init_support 2014-10-17 18:49:18.213965159 -0700 -+++ ./nss/lib/softoken/fipstest.c 2014-10-17 18:49:18.257965476 -0700 -@@ -25,7 +25,7 @@ - #endif - - /* GCC Attribute */ --#ifdef __GNUC__ -+#if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT) - #define INIT_FUNCTION __attribute__((constructor)) - #else - #define INIT_FUNCTION -@@ -634,11 +634,11 @@ sftk_startup_tests(void) - */ - CK_RV - sftk_FIPSEntryOK() { --#ifdef NO_INIT_SUPPORT -+#ifdef NSS_NO_INIT_SUPPORT - /* this should only be set on platforms that can't handle one of the INIT - * schemes. This code allows those platforms to continue to function, -- * though they don't meet the strict NIST requirements. If NO_INIT_SUPPORT -- * is noe set, and init support has not been properly enabled, softken -+ * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT -+ * is not set, and init support has not been properly enabled, softken - * will always fail because of the test below - */ - if (!sftk_self_tests_ran) { -diff -up ./nss/lib/softoken/Makefile.ppc_no_init_support ./nss/lib/softoken/Makefile ---- ./nss/lib/softoken/Makefile.ppc_no_init_support 2014-10-17 18:49:18.258965483 -0700 -+++ ./nss/lib/softoken/Makefile 2014-10-17 18:51:41.124993988 -0700 -@@ -20,6 +20,16 @@ include $(CORE_DEPTH)/coreconf/config.mk - # (3) Include "component" configuration information. (OPTIONAL) # - ####################################################################### - -+ifdef NSS_NO_INIT_SUPPORT -+ DEFINES += -DNSS_NO_INIT_SUPPORT -+endif -+ifeq ($(OS_TARGET),Linux) -+ifeq ($(CPU_ARCH),ppc) -+ifdef USE_64 -+ DEFINES += -DNSS_NO_INIT_SUPPORT -+endif # USE_64 -+endif # ppc -+endif # Linux - - - ####################################################################### diff --git a/SOURCES/nss-softokn-3.16-rsa-fips-186.patch b/SOURCES/nss-softokn-3.16-rsa-fips-186.patch deleted file mode 100644 index dea9c54..0000000 --- a/SOURCES/nss-softokn-3.16-rsa-fips-186.patch +++ /dev/null @@ -1,147 +0,0 @@ -diff -up ./nss/lib/freebl/mpi/mpprime.c.fips-186-4 ./nss/lib/freebl/mpi/mpprime.c ---- ./nss/lib/freebl/mpi/mpprime.c.fips-186-4 2014-06-24 13:45:27.000000000 -0700 -+++ ./nss/lib/freebl/mpi/mpprime.c 2014-10-16 09:54:02.787374811 -0700 -@@ -410,31 +410,32 @@ mp_err mpp_make_prime(mp_int *start, mp_ - MP_DIGITS(&q) = 0; - MP_CHECKOK( mp_init(&trial) ); - MP_CHECKOK( mp_init(&q) ); -- /* values taken from table 4.4, HandBook of Applied Cryptography */ -- if (nBits >= 1300) { -- num_tests = 2; -- } else if (nBits >= 850) { -+ /* values originally taken from table 4.4, -+ * HandBook of Applied Cryptography, augmented by FIPS-186 -+ * requirements, Table C.2 and C.3 */ -+ if (nBits >= 2000) { - num_tests = 3; -- } else if (nBits >= 650) { -+ } else if (nBits >= 1536) { - num_tests = 4; -- } else if (nBits >= 550) { -+ } else if (nBits >= 1024) { - num_tests = 5; -- } else if (nBits >= 450) { -+ } else if (nBits >= 550) { - num_tests = 6; -- } else if (nBits >= 400) { -+ } else if (nBits >= 450) { - num_tests = 7; -- } else if (nBits >= 350) { -+ } else if (nBits >= 400) { - num_tests = 8; -- } else if (nBits >= 300) { -+ } else if (nBits >= 350) { - num_tests = 9; -+ } else if (nBits >= 300) { -+ num_tests = 10; - } else if (nBits >= 250) { -- num_tests = 12; -+ num_tests = 20; - } else if (nBits >= 200) { -- num_tests = 15; -- } else if (nBits >= 150) { -- num_tests = 18; -+ num_tests = 41; - } else if (nBits >= 100) { -- num_tests = 27; -+ num_tests = 38; /* funny anomaly in the FIPS tables, for aux primes, the -+ * required more iterations for larger aux primes */ - } else - num_tests = 50; - -diff -up ./nss/lib/freebl/rsa.c.fips-186-4 ./nss/lib/freebl/rsa.c ---- ./nss/lib/freebl/rsa.c.fips-186-4 2014-10-16 09:54:02.784374761 -0700 -+++ ./nss/lib/freebl/rsa.c 2014-10-16 15:08:33.946099491 -0700 -@@ -138,7 +138,7 @@ rsa_build_from_primes(const mp_int *p, c - CHECK_MPI_OK( mp_sub_d(p, 1, &psub1) ); - CHECK_MPI_OK( mp_sub_d(q, 1, &qsub1) ); - if (needPublicExponent || needPrivateExponent) { -- CHECK_MPI_OK( mp_mul(&psub1, &qsub1, &phi) ); -+ CHECK_MPI_OK( mp_lcm(&psub1, &qsub1, &phi) ); - /* 3. Compute d = e**-1 mod(phi) */ - /* or e = d**-1 mod(phi) as necessary */ - if (needPublicExponent) { -@@ -226,6 +226,45 @@ cleanup: - } - - /* -+ * make sure the key components meet fips186 requirements. -+ */ -+static PRBool -+rsa_fips186_verify(mp_int *p, mp_int *q, mp_int *d, int keySizeInBits) -+{ -+ mp_int pq_diff; -+ mp_err err = MP_OKAY; -+ PRBool ret=PR_FALSE; -+ -+ if (keySizeInBits < 250) { -+ /* not a valid FIPS length, no point in our other tests */ -+ /* if you are here, and in FIPS mode, you are outside the security -+ * policy */ -+ return PR_TRUE; -+ } -+ -+ /* p & q are already known to be greater then sqrt(2)*2^(keySize/2-1) */ -+ /* we also know that gcd(p-1,e) = 1 and gcd(q-1,e) = 1 because the -+ * mp_invmod() function will fail. */ -+ /* now check p-q > 2^(keysize/2-100) */ -+ MP_DIGITS(&pq_diff) = 0; -+ CHECK_MPI_OK( mp_init(&pq_diff) ); -+ /* NSS always has p > q, so we know pq_diff is positive */ -+ CHECK_MPI_OK( mp_sub(p,q,&pq_diff) ); -+ if ((unsigned)mpl_significant_bits(&pq_diff) < (keySizeInBits/2 - 100)) { -+ goto cleanup; -+ } -+ /* now verify d is large enough*/ -+ if ((unsigned)mpl_significant_bits(d) < (keySizeInBits/2)) { -+ goto cleanup; -+ } -+ ret = PR_TRUE; -+ -+cleanup: -+ mp_clear(&pq_diff); -+ return ret; -+} -+ -+/* - ** Generate and return a new RSA public and private key. - ** Both keys are encoded in a single RSAPrivateKey structure. - ** "cx" is the random number generator context -@@ -241,6 +280,7 @@ RSA_NewKey(int keySizeInBits, SECItem *p - unsigned int primeLen; - mp_int p, q, e, d; - int kiter; -+ int max_attempts; - mp_err err = MP_OKAY; - SECStatus rv = SECSuccess; - int prerr = 0; -@@ -281,6 +321,7 @@ RSA_NewKey(int keySizeInBits, SECItem *p - /* 3. Set the public exponent */ - SECITEM_TO_MPINT(*publicExponent, &e); - kiter = 0; -+ max_attempts = 5*(keySizeInBits/2); /* FIPS 186-4 B.3.3 steps 4.7 and 5.8 */ - do { - prerr = 0; - PORT_SetError(0); -@@ -298,12 +339,18 @@ RSA_NewKey(int keySizeInBits, SECItem *p - &e, PR_FALSE, /* needPublicExponent=false */ - &d, PR_TRUE, /* needPrivateExponent=true */ - key, keySizeInBits); -- if (rv == SECSuccess) -- break; /* generated two good primes */ -+ if (rv == SECSuccess) { -+ if (rsa_fips186_verify(&p, &q, &d, keySizeInBits) ){ -+ break; -+ } -+ prerr = PORT_GetError(); -+ } else { -+ prerr = SEC_ERROR_NEED_RANDOM; /* retry with different values */ -+ } - prerr = PORT_GetError(); - kiter++; - /* loop until have primes */ -- } while (prerr == SEC_ERROR_NEED_RANDOM && kiter < MAX_KEY_GEN_ATTEMPTS); -+ } while (prerr == SEC_ERROR_NEED_RANDOM && kiter < max_attempts); - if (prerr) - goto cleanup; - cleanup: diff --git a/SOURCES/nss-softokn-3.16-sha384-key-derive.patch b/SOURCES/nss-softokn-3.16-sha384-key-derive.patch deleted file mode 100644 index 4333382..0000000 --- a/SOURCES/nss-softokn-3.16-sha384-key-derive.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff -up ./nss/lib/softoken/pkcs11c.c.sha384_key_derive ./nss/lib/softoken/pkcs11c.c ---- ./nss/lib/softoken/pkcs11c.c.sha384_key_derive 2015-05-28 14:14:14.326097673 -0700 -+++ ./nss/lib/softoken/pkcs11c.c 2015-05-28 14:35:51.208984276 -0700 -@@ -5974,7 +5974,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h - int i; - unsigned int outLen; - unsigned char sha_out[SHA1_LENGTH]; -- unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; -+ unsigned char key_block[NUM_MIXERS * SFTK_MAX_MAC_LENGTH]; - unsigned char key_block2[MD5_LENGTH]; - unsigned char des3key[24]; - PRBool isFIPS; -@@ -6245,19 +6245,24 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h - CK_SSL3_KEY_MAT_OUT * ssl3_keys_out; - CK_ULONG effKeySize; - unsigned int block_needed; -+ unsigned int max_block_size = NUM_MIXERS * MD5_LENGTH; - unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; - unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; - - if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) { - CK_TLS12_KEY_MAT_PARAMS *tls12_keys = - (CK_TLS12_KEY_MAT_PARAMS *) pMechanism->pParameter; -+ SECHashObject *rawHash; - tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism); - if (tlsPrfHash == HASH_AlgNULL) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } -+ rawHash = HASH_GetRawHashObject(tlsPrfHash); -+ max_block_size = NUM_MIXERS*rawHash->length; - } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) { - tlsPrfHash = HASH_AlgSHA256; -+ max_block_size = NUM_MIXERS*SHA256_LENGTH; - } - - if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) { -@@ -6322,9 +6327,9 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h - } - block_needed = 2 * (macSize + effKeySize + - ((!ssl3_keys->bIsExport) * IVSize)); -- PORT_Assert(block_needed <= sizeof key_block); -- if (block_needed > sizeof key_block) -- block_needed = sizeof key_block; -+ PORT_Assert(block_needed <= max_block_size); -+ if (block_needed > max_block_size) -+ block_needed = max_block_size; - - /* - * generate the key material: This looks amazingly similar to the diff --git a/SOURCES/nss-softokn-3.16-tls12-mechanisms-fipstest.patch b/SOURCES/nss-softokn-3.16-tls12-mechanisms-fipstest.patch deleted file mode 100644 index 902d4dc..0000000 --- a/SOURCES/nss-softokn-3.16-tls12-mechanisms-fipstest.patch +++ /dev/null @@ -1,83 +0,0 @@ -diff -up nss/cmd/fipstest/fipstest.c.1212106 nss/cmd/fipstest/fipstest.c ---- nss/cmd/fipstest/fipstest.c.1212106 2015-04-28 15:10:27.428991019 -0700 -+++ nss/cmd/fipstest/fipstest.c 2015-04-28 15:14:18.281661223 -0700 -@@ -5746,12 +5746,13 @@ tls(char *reqfn) - - CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE , NULL, 0 }; - CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE , NULL, 0}; -- CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; -- CK_SSL3_KEY_MAT_PARAMS key_block_params; -+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; -+ CK_TLS12_KEY_MAT_PARAMS key_block_params; - CK_SSL3_KEY_MAT_OUT key_material; - CK_RV crv; - - /* set up PKCS #11 parameters */ -+ master_params.prfHashMechanism = CKM_SHA256; - master_params.pVersion = NULL; - master_params.RandomInfo.pClientRandom = clientHello_random; - master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random); -@@ -5759,6 +5760,7 @@ tls(char *reqfn) - master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random); - master_mech.pParameter = (void *) &master_params; - master_mech.ulParameterLen = sizeof(master_params); -+ key_block_params.prfHashMechanism = CKM_SHA256; - key_block_params.ulMacSizeInBits = 0; - key_block_params.ulKeySizeInBits = 0; - key_block_params.ulIVSizeInBits = 0; -@@ -5801,14 +5803,35 @@ tls(char *reqfn) - /* [Xchange - SHA1] */ - if (buf[0] == '[') { - if (strncmp(buf, "[TLS", 4) == 0) { -- if (buf[7] == '0') { -- master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE; -- key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE; -- } else if (buf[7] == '2') { -- master_mech.mechanism = -- CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; -- key_block_mech.mechanism = -- CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; -+ if (buf[7] == '0') { -+ master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE; -+ key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE; -+ master_mech.ulParameterLen = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); -+ key_block_mech.ulParameterLen = sizeof(CK_SSL3_KEY_MAT_PARAMS); -+ } else if (buf[7] == '2') { -+ if (strncmp(&buf[10], "SHA-1", 5) == 0) { -+ master_params.prfHashMechanism = CKM_SHA_1; -+ key_block_params.prfHashMechanism = CKM_SHA_1; -+ } else if (strncmp(&buf[10], "SHA-224", 7) == 0) { -+ master_params.prfHashMechanism = CKM_SHA224; -+ key_block_params.prfHashMechanism = CKM_SHA224; -+ } else if (strncmp(&buf[10], "SHA-256", 7) == 0) { -+ master_params.prfHashMechanism = CKM_SHA256; -+ key_block_params.prfHashMechanism = CKM_SHA256; -+ } else if (strncmp(&buf[10], "SHA-384", 7)== 0) { -+ master_params.prfHashMechanism = CKM_SHA384; -+ key_block_params.prfHashMechanism = CKM_SHA384; -+ } else if (strncmp(&buf[10], "SHA-512", 7) == 0) { -+ master_params.prfHashMechanism = CKM_SHA512; -+ key_block_params.prfHashMechanism = CKM_SHA512; -+ } else { -+ fprintf(tlsresp, "ERROR: Unable to find prf Hash type"); -+ goto loser; -+ } -+ master_mech.mechanism = CKM_TLS12_MASTER_KEY_DERIVE; -+ key_block_mech.mechanism = CKM_TLS12_KEY_AND_MAC_DERIVE; -+ master_mech.ulParameterLen = sizeof(master_params); -+ key_block_mech.ulParameterLen = sizeof(key_block_params); - } else { - fprintf(stderr, "Unknown TLS type %x\n", buf); - goto loser; -@@ -6121,6 +6144,11 @@ int main(int argc, char **argv) - } else if (strcmp(argv[1], "ddrbg") == 0) { - debug = 1; - drbg(argv[2]); -+ /*************/ -+ /* TLS */ -+ /*************/ -+ } else if (strcmp(argv[1], "tls") == 0) { -+ tls(argv[2]); - } - return 0; - } diff --git a/SOURCES/nss-softokn-3.16-tls12-mechanisms.patch b/SOURCES/nss-softokn-3.16-tls12-mechanisms.patch deleted file mode 100644 index d215993..0000000 --- a/SOURCES/nss-softokn-3.16-tls12-mechanisms.patch +++ /dev/null @@ -1,493 +0,0 @@ -diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c ---- a/lib/softoken/pkcs11.c -+++ b/lib/softoken/pkcs11.c -@@ -388,16 +388,17 @@ static const struct mechanismList mechan - {CKM_SHA256_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, - {CKM_SHA384, {0, 0, CKF_DIGEST}, PR_FALSE}, - {CKM_SHA384_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, - {CKM_SHA384_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, - {CKM_SHA512, {0, 0, CKF_DIGEST}, PR_FALSE}, - {CKM_SHA512_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, - {CKM_SHA512_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, - {CKM_TLS_PRF_GENERAL, {0, 512, CKF_SN_VR}, PR_FALSE}, -+ {CKM_TLS12_MAC, {0, 512, CKF_SN_VR}, PR_FALSE}, - {CKM_NSS_TLS_PRF_GENERAL_SHA256, - {0, 512, CKF_SN_VR}, PR_FALSE}, - /* ------------------------- HKDF Operations -------------------------- */ - {CKM_NSS_HKDF_SHA1, {1, 128, CKF_DERIVE}, PR_TRUE}, - {CKM_NSS_HKDF_SHA256, {1, 128, CKF_DERIVE}, PR_TRUE}, - {CKM_NSS_HKDF_SHA384, {1, 128, CKF_DERIVE}, PR_TRUE}, - {CKM_NSS_HKDF_SHA512, {1, 128, CKF_DERIVE}, PR_TRUE}, - /* ------------------------- CAST Operations --------------------------- */ -@@ -468,22 +469,25 @@ static const struct mechanismList mechan - {CKM_MD5_KEY_DERIVATION, { 0, 16, CKF_DERIVE}, PR_FALSE}, - {CKM_MD2_KEY_DERIVATION, { 0, 16, CKF_DERIVE}, PR_FALSE}, - {CKM_SHA1_KEY_DERIVATION, { 0, 20, CKF_DERIVE}, PR_FALSE}, - {CKM_SHA224_KEY_DERIVATION, { 0, 28, CKF_DERIVE}, PR_FALSE}, - {CKM_SHA256_KEY_DERIVATION, { 0, 32, CKF_DERIVE}, PR_FALSE}, - {CKM_SHA384_KEY_DERIVATION, { 0, 48, CKF_DERIVE}, PR_FALSE}, - {CKM_SHA512_KEY_DERIVATION, { 0, 64, CKF_DERIVE}, PR_FALSE}, - {CKM_TLS_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, -+ {CKM_TLS12_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, - {CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256, - {48, 48, CKF_DERIVE}, PR_FALSE}, - {CKM_TLS_MASTER_KEY_DERIVE_DH, {8, 128, CKF_DERIVE}, PR_FALSE}, -+ {CKM_TLS12_MASTER_KEY_DERIVE_DH, {8, 128, CKF_DERIVE}, PR_FALSE}, - {CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256, - {8, 128, CKF_DERIVE}, PR_FALSE}, - {CKM_TLS_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, -+ {CKM_TLS12_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, - {CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, - {48, 48, CKF_DERIVE}, PR_FALSE}, - /* ---------------------- PBE Key Derivations ------------------------ */ - {CKM_PBE_MD2_DES_CBC, {8, 8, CKF_DERIVE}, PR_TRUE}, - {CKM_PBE_MD5_DES_CBC, {8, 8, CKF_DERIVE}, PR_TRUE}, - /* ------------------ NETSCAPE PBE Key Derivations ------------------- */ - {CKM_NETSCAPE_PBE_SHA1_DES_CBC, { 8, 8, CKF_GENERATE}, PR_TRUE}, - {CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, {24,24, CKF_GENERATE}, PR_TRUE}, -diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c ---- a/lib/softoken/pkcs11c.c -+++ b/lib/softoken/pkcs11c.c -@@ -2512,20 +2527,62 @@ finish_rsa: - crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, - *(CK_ULONG *)pMechanism->pParameter); - break; - case CKM_SSL3_SHA1_MAC: - crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, - *(CK_ULONG *)pMechanism->pParameter); - break; - case CKM_TLS_PRF_GENERAL: -- crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); -+ crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); - break; -+ case CKM_TLS12_MAC: { -+ CK_TLS12_MAC_PARAMS *tls12_mac_params; -+ HASH_HashType tlsPrfHash; -+ const char *label; -+ -+ if (pMechanism->ulParameterLen != sizeof(CK_TLS12_MAC_PARAMS)) { -+ crv = CKR_MECHANISM_PARAM_INVALID; -+ break; -+ } -+ tls12_mac_params = (CK_TLS12_MAC_PARAMS *)pMechanism->pParameter; -+ if (tls12_mac_params->prfMechanism == CKM_TLS_PRF) { -+ /* The TLS 1.0 and 1.1 PRF */ -+ tlsPrfHash = HASH_AlgNULL; -+ if (tls12_mac_params->ulMacLength != 12) { -+ crv = CKR_MECHANISM_PARAM_INVALID; -+ break; -+ } -+ } else { -+ /* The hash function for the TLS 1.2 PRF */ -+ tlsPrfHash = -+ GetHashTypeFromMechanism(tls12_mac_params->prfMechanism); -+ if (tlsPrfHash == HASH_AlgNULL || -+ tls12_mac_params->ulMacLength < 12) { -+ crv = CKR_MECHANISM_PARAM_INVALID; -+ break; -+ } -+ } -+ if (tls12_mac_params->ulServerOrClient == 1) { -+ label = "server finished"; -+ } else if (tls12_mac_params->ulServerOrClient == 2) { -+ label = "client finished"; -+ } else { -+ crv = CKR_MECHANISM_PARAM_INVALID; -+ break; -+ } -+ crv = sftk_TLSPRFInit(context, key, key_type, tlsPrfHash, -+ tls12_mac_params->ulMacLength); -+ if (crv == CKR_OK) { -+ context->hashUpdate(context->hashInfo, label, 15); -+ } -+ break; -+ } - case CKM_NSS_TLS_PRF_GENERAL_SHA256: -- crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); -+ crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); - break; - - case CKM_NSS_HMAC_CONSTANT_TIME: { - sftk_MACConstantTimeCtx *ctx = - sftk_HMACConstantTime_New(pMechanism,key); - CK_ULONG *intpointer; - - if (ctx == NULL) { -@@ -3109,20 +3166,20 @@ finish_rsa: - crv = sftk_doSSLMACInit(context,SEC_OID_MD5,key, - *(CK_ULONG *)pMechanism->pParameter); - break; - case CKM_SSL3_SHA1_MAC: - crv = sftk_doSSLMACInit(context,SEC_OID_SHA1,key, - *(CK_ULONG *)pMechanism->pParameter); - break; - case CKM_TLS_PRF_GENERAL: -- crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); -+ crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); - break; - case CKM_NSS_TLS_PRF_GENERAL_SHA256: -- crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); -+ crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); - break; - - default: - crv = CKR_MECHANISM_INVALID; - break; - } - - if (crv != CKR_OK) { -@@ -5916,22 +5973,23 @@ - CK_ULONG tmpKeySize; - CK_ULONG IVSize; - CK_ULONG keySize = 0; - CK_RV crv = CKR_OK; - CK_BBOOL cktrue = CK_TRUE; - CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; - CK_OBJECT_CLASS classType = CKO_SECRET_KEY; - CK_KEY_DERIVATION_STRING_DATA *stringPtr; -+ CK_MECHANISM_TYPE mechanism = pMechanism->mechanism; - CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr; - CK_DES_CBC_ENCRYPT_DATA_PARAMS *desEncryptPtr; - void *cipherInfo; - PRBool isTLS = PR_FALSE; -- PRBool isSHA256 = PR_FALSE; - PRBool isDH = PR_FALSE; -+ HASH_HashType tlsPrfHash = HASH_AlgNULL; - SECStatus rv; - int i; - unsigned int outLen; - unsigned char sha_out[SHA1_LENGTH]; - unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; - unsigned char key_block2[MD5_LENGTH]; - unsigned char des3key[24]; - PRBool isFIPS; -@@ -5969,17 +6027,17 @@ - } - } - if (crv != CKR_OK) { sftk_FreeObject(key); return crv; } - - if (keySize == 0) { - keySize = sftk_MapKeySize(keyType); - } - -- switch (pMechanism->mechanism) { -+ switch (mechanism) { - case CKM_NSS_JPAKE_ROUND2_SHA1: /* fall through */ - case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */ - case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */ - case CKM_NSS_JPAKE_ROUND2_SHA512: - extractValue = PR_FALSE; - classType = CKO_PRIVATE_KEY; - break; - case CKM_NSS_JPAKE_FINAL_SHA1: /* fall through */ -@@ -6017,39 +6075,57 @@ - att = sftk_FindAttribute(sourceKey,CKA_VALUE); - if (att == NULL) { - sftk_FreeObject(key); - sftk_FreeObject(sourceKey); - return CKR_KEY_HANDLE_INVALID; - } - } - -- switch (pMechanism->mechanism) { -+ switch (mechanism) { - /* - * generate the master secret - */ -+ case CKM_TLS12_MASTER_KEY_DERIVE: -+ case CKM_TLS12_MASTER_KEY_DERIVE_DH: - case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256: - case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: -- isSHA256 = PR_TRUE; -- /* fall thru */ - case CKM_TLS_MASTER_KEY_DERIVE: - case CKM_TLS_MASTER_KEY_DERIVE_DH: -- isTLS = PR_TRUE; -- /* fall thru */ - case CKM_SSL3_MASTER_KEY_DERIVE: - case CKM_SSL3_MASTER_KEY_DERIVE_DH: - { - CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ssl3_master; - SSL3RSAPreMasterSecret * rsa_pms; - unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; - -- if ((pMechanism->mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || -- (pMechanism->mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || -- (pMechanism->mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) -- isDH = PR_TRUE; -+ if ((mechanism == CKM_TLS12_MASTER_KEY_DERIVE) || -+ (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { -+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS *tls12_master = -+ (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *) pMechanism->pParameter; -+ tlsPrfHash = GetHashTypeFromMechanism(tls12_master->prfHashMechanism); -+ if (tlsPrfHash == HASH_AlgNULL) { -+ crv = CKR_MECHANISM_PARAM_INVALID; -+ break; -+ } -+ } else if ((mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256) || -+ (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) { -+ tlsPrfHash = HASH_AlgSHA256; -+ } -+ -+ if ((mechanism != CKM_SSL3_MASTER_KEY_DERIVE) && -+ (mechanism != CKM_SSL3_MASTER_KEY_DERIVE_DH)) { -+ isTLS = PR_TRUE; -+ } -+ if ((mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || -+ (mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || -+ (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256) || -+ (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { -+ isDH = PR_TRUE; -+ } - - /* first do the consistancy checks */ - if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { - crv = CKR_KEY_TYPE_INCONSISTENT; - break; - } - att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); - if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue != -@@ -6106,18 +6182,18 @@ - - crsr.data = crsrdata; - crsr.len = sizeof crsrdata; - master.data = key_block; - master.len = SSL3_MASTER_SECRET_LENGTH; - pms.data = (unsigned char*)att->attrib.pValue; - pms.len = att->attrib.ulValueLen; - -- if (isSHA256) { -- status = TLS_P_hash(HASH_AlgSHA256, &pms, "master secret", -+ if (tlsPrfHash != HASH_AlgNULL) { -+ status = TLS_P_hash(tlsPrfHash, &pms, "master secret", - &crsr, &master, isFIPS); - } else { - status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS); - } - if (status != SECSuccess) { - crv = CKR_FUNCTION_FAILED; - break; - } -@@ -6170,31 +6246,44 @@ - if (crv != CKR_OK) break; - /* While we're here, we might as well force this, too. */ - crv = sftk_forceAttribute(key,CKA_DERIVE,&cktrue,sizeof(CK_BBOOL)); - if (crv != CKR_OK) break; - } - break; - } - -+ case CKM_TLS12_KEY_AND_MAC_DERIVE: - case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: -- isSHA256 = PR_TRUE; -- /* fall thru */ - case CKM_TLS_KEY_AND_MAC_DERIVE: -- isTLS = PR_TRUE; -- /* fall thru */ - case CKM_SSL3_KEY_AND_MAC_DERIVE: - { - CK_SSL3_KEY_MAT_PARAMS *ssl3_keys; - CK_SSL3_KEY_MAT_OUT * ssl3_keys_out; - CK_ULONG effKeySize; - unsigned int block_needed; - unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; - unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; - -+ if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) { -+ CK_TLS12_KEY_MAT_PARAMS *tls12_keys = -+ (CK_TLS12_KEY_MAT_PARAMS *) pMechanism->pParameter; -+ tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism); -+ if (tlsPrfHash == HASH_AlgNULL) { -+ crv = CKR_MECHANISM_PARAM_INVALID; -+ break; -+ } -+ } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) { -+ tlsPrfHash = HASH_AlgSHA256; -+ } -+ -+ if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) { -+ isTLS = PR_TRUE; -+ } -+ - crv = sftk_DeriveSensitiveCheck(sourceKey,key); - if (crv != CKR_OK) break; - - if (att->attrib.ulValueLen != SSL3_MASTER_SECRET_LENGTH) { - crv = CKR_KEY_FUNCTION_NOT_PERMITTED; - break; - } - att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); -@@ -6264,18 +6353,18 @@ - - srcr.data = srcrdata; - srcr.len = sizeof srcrdata; - keyblk.data = key_block; - keyblk.len = block_needed; - master.data = (unsigned char*)att->attrib.pValue; - master.len = att->attrib.ulValueLen; - -- if (isSHA256) { -- status = TLS_P_hash(HASH_AlgSHA256, &master, "key expansion", -+ if (tlsPrfHash != HASH_AlgNULL) { -+ status = TLS_P_hash(tlsPrfHash, &master, "key expansion", - &srcr, &keyblk, isFIPS); - } else { - status = TLS_PRF(&master, "key expansion", &srcr, &keyblk, - isFIPS); - } - if (status != SECSuccess) { - goto key_and_mac_derive_fail; - } -@@ -7011,17 +7100,17 @@ - SEC_ASN1_GET(SEC_OctetStringTemplate), - &ecPoint); - if (rv != SECSuccess) { - goto ec_loser; - } - ecPoint = newPoint; - } - -- if (pMechanism->mechanism == CKM_ECDH1_COFACTOR_DERIVE) { -+ if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) { - withCofactor = PR_TRUE; - } else { - /* When not using cofactor derivation, one should - * validate the public key to avoid small subgroup - * attacks. - */ - if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) - != SECSuccess) { -diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h ---- a/lib/softoken/pkcs11i.h -+++ b/lib/softoken/pkcs11i.h -@@ -25,6 +25,11 @@ - * the expense of space. - */ - -+ -+/* Was present in older nss-util, is missing in newer. Definition required to build. */ -+#define CKM_TLS12_MAC 0x000003E5 -+ -+ - /* - * The attribute allocation strategy is static allocation: - * Attributes are pre-allocated as part of the session object and used from -@@ -733,13 +733,14 @@ void sftk_MACConstantTime_DestroyContext - /**************************************** - * implement TLS Pseudo Random Function (PRF) - */ - - extern CK_RV - sftk_TLSPRFInit(SFTKSessionContext *context, - SFTKObject * key, - CK_KEY_TYPE key_type, -- HASH_HashType hash_alg); -+ HASH_HashType hash_alg, -+ unsigned int out_len); - - SEC_END_PROTOS - - #endif /* _PKCS11I_H_ */ -diff --git a/lib/softoken/tlsprf.c b/lib/softoken/tlsprf.c ---- a/lib/softoken/tlsprf.c -+++ b/lib/softoken/tlsprf.c -@@ -1,16 +1,17 @@ - /* tlsprf.c - TLS Pseudo Random Function (PRF) implementation - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - - #include "pkcs11i.h" - #include "blapi.h" -+#include "secerr.h" - - #define SFTK_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb))) - - static void sftk_TLSPRFNull(void *data, PRBool freeit) - { - return; - } - -@@ -18,16 +19,17 @@ typedef struct { - PRUint32 cxSize; /* size of allocated block, in bytes. */ - PRUint32 cxBufSize; /* sizeof buffer at cxBufPtr. */ - unsigned char *cxBufPtr; /* points to real buffer, may be cxBuf. */ - PRUint32 cxKeyLen; /* bytes of cxBufPtr containing key. */ - PRUint32 cxDataLen; /* bytes of cxBufPtr containing data. */ - SECStatus cxRv; /* records failure of void functions. */ - PRBool cxIsFIPS; /* true if conforming to FIPS 198. */ - HASH_HashType cxHashAlg; /* hash algorithm to use for TLS 1.2+ */ -+ unsigned int cxOutLen; /* bytes of output if nonzero */ - unsigned char cxBuf[512]; /* actual size may be larger than 512. */ - } TLSPRFContext; - - static void - sftk_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data, - unsigned int data_len) - { - PRUint32 bytesUsed = cx->cxKeyLen + cx->cxDataLen; -@@ -82,17 +84,24 @@ sftk_TLSPRFUpdate(TLSPRFContext *cx, - - secretItem.data = cx->cxBufPtr; - secretItem.len = cx->cxKeyLen; - - seedItem.data = cx->cxBufPtr + cx->cxKeyLen; - seedItem.len = cx->cxDataLen; - - sigItem.data = sig; -- sigItem.len = maxLen; -+ if (cx->cxOutLen == 0) { -+ sigItem.len = maxLen; -+ } else if (cx->cxOutLen <= maxLen) { -+ sigItem.len = cx->cxOutLen; -+ } else { -+ PORT_SetError(SEC_ERROR_OUTPUT_LEN); -+ return SECFailure; -+ } - - if (cx->cxHashAlg != HASH_AlgNULL) { - rv = TLS_P_hash(cx->cxHashAlg, &secretItem, NULL, &seedItem, &sigItem, - cx->cxIsFIPS); - } else { - rv = TLS_PRF(&secretItem, NULL, &seedItem, &sigItem, cx->cxIsFIPS); - } - if (rv == SECSuccess && sigLen != NULL) -@@ -137,17 +146,18 @@ sftk_TLSPRFHashDestroy(TLSPRFContext *cx - PORT_ZFree(cx, cx->cxSize); - } - } - - CK_RV - sftk_TLSPRFInit(SFTKSessionContext *context, - SFTKObject * key, - CK_KEY_TYPE key_type, -- HASH_HashType hash_alg) -+ HASH_HashType hash_alg, -+ unsigned int out_len) - { - SFTKAttribute * keyVal; - TLSPRFContext * prf_cx; - CK_RV crv = CKR_HOST_MEMORY; - PRUint32 keySize; - PRUint32 blockSize; - - if (key_type != CKK_GENERIC_SECRET) -@@ -164,16 +174,17 @@ sftk_TLSPRFInit(SFTKSessionContext *cont - prf_cx->cxSize = blockSize; - prf_cx->cxKeyLen = keySize; - prf_cx->cxDataLen = 0; - prf_cx->cxBufSize = blockSize - SFTK_OFFSETOF(TLSPRFContext, cxBuf); - prf_cx->cxRv = SECSuccess; - prf_cx->cxIsFIPS = (key->slot->slotID == FIPS_SLOT_ID); - prf_cx->cxBufPtr = prf_cx->cxBuf; - prf_cx->cxHashAlg = hash_alg; -+ prf_cx->cxOutLen = out_len; - if (keySize) - PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize); - - context->hashInfo = (void *) prf_cx; - context->cipherInfo = (void *) prf_cx; - context->hashUpdate = (SFTKHash) sftk_TLSPRFHashUpdate; - context->end = (SFTKEnd) sftk_TLSPRFEnd; - context->update = (SFTKCipher) sftk_TLSPRFUpdate; diff --git a/SOURCES/nss-softokn-3.16.allow_level1_init.patch b/SOURCES/nss-softokn-3.16.allow_level1_init.patch deleted file mode 100644 index ee12b40..0000000 --- a/SOURCES/nss-softokn-3.16.allow_level1_init.patch +++ /dev/null @@ -1,64 +0,0 @@ -diff -up ./nss/lib/softoken/fipstokn.c.allow_level1_init ./nss/lib/softoken/fipstokn.c ---- ./nss/lib/softoken/fipstokn.c.allow_level1_init 2014-11-04 13:49:38.110171007 -0800 -+++ ./nss/lib/softoken/fipstokn.c 2014-11-04 14:22:55.241646058 -0800 -@@ -595,8 +595,14 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, - CHECK_FORK(); - - if (sftk_fatalError) return CKR_DEVICE_ERROR; -- if ((rv = sftk_newPinCheck(pPin,ulPinLen)) == CKR_OK) { -+ /* NSC_InitPIN will only work once per database. We can either initialize -+ * it to level1 (pin len == 0) or level2. If we initialize to level 2, then -+ * we need to make sure the pin meets FIPS requirements */ -+ if ((ulPinLen== 0) || ((rv = sftk_newPinCheck(pPin,ulPinLen)) == CKR_OK)) { - rv = NSC_InitPIN(hSession,pPin,ulPinLen); -+ if (rv == CKR_OK) { -+ isLevel2 = (ulPinLen > 0) ? PR_TRUE : PR_FALSE; -+ } - } - if (sftk_audit_enabled) { - char msg[128]; -@@ -622,6 +628,12 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, - if ((rv = sftk_fipsCheck()) == CKR_OK && - (rv = sftk_newPinCheck(pNewPin,usNewLen)) == CKR_OK) { - rv = NSC_SetPIN(hSession,pOldPin,usOldLen,pNewPin,usNewLen); -+ if (rv == CKR_OK) { -+ /* if we set the password in level1 we now go -+ * to level2. NOTE: we don't allow the user to -+ * go from level2 to level1 */ -+ isLevel2 = PR_TRUE; -+ } - } - if (sftk_audit_enabled) { - char msg[128]; -diff -up ./nss/lib/softoken/pkcs11.c.allow_level1_init ./nss/lib/softoken/pkcs11.c ---- ./nss/lib/softoken/pkcs11.c.allow_level1_init 2014-11-04 13:49:38.178172148 -0800 -+++ ./nss/lib/softoken/pkcs11.c 2014-11-04 14:21:06.712827288 -0800 -@@ -2444,7 +2444,12 @@ SFTK_SlotReInit(SFTKSlot *slot, char *co - if ((slot->minimumPinLen == 0) && (params->pwRequired)) { - slot->minimumPinLen = 1; - } -- if ((moduleIndex == NSC_FIPS_MODULE) && -+ /* Make sure the pin len is set to the Minimum allowed value for fips -+ * when in FIPS mode. NOTE: we don't set it if the database has not -+ * been initialized yet so that we can init into level1 mode if needed -+ */ -+ if ((sftkdb_HasPasswordSet(slot->keyDB) == SECSuccess) && -+ (moduleIndex == NSC_FIPS_MODULE) && - (slot->minimumPinLen < FIPS_MIN_PIN)) { - slot->minimumPinLen = FIPS_MIN_PIN; - } -@@ -3576,6 +3581,14 @@ CK_RV NSC_InitPIN(CK_SESSION_HANDLE hSes - /* Now update our local copy of the pin */ - if (rv == SECSuccess) { - if (ulPinLen == 0) slot->needLogin = PR_FALSE; -+ /* database has been initialized, now force min password in FIPS -+ * mode. NOTE: if we are in level1, we may not have a password, but -+ * forcing it now will prevent an insufficient password from being set. -+ */ -+ if ((sftk_GetModuleIndex(slot->slotID) == NSC_FIPS_MODULE) && -+ (slot->minimumPinLen < FIPS_MIN_PIN)) { -+ slot->minimumPinLen = FIPS_MIN_PIN; -+ } - return CKR_OK; - } - crv = CKR_PIN_INCORRECT; diff --git a/SOURCES/nss-softokn-3.28-fix-fips-login.patch b/SOURCES/nss-softokn-3.28-fix-fips-login.patch new file mode 100644 index 0000000..d8464e9 --- /dev/null +++ b/SOURCES/nss-softokn-3.28-fix-fips-login.patch @@ -0,0 +1,107 @@ +diff -up ./nss/lib/softoken/fipstokn.c.fix-fips-login ./nss/lib/softoken/fipstokn.c +--- ./nss/lib/softoken/fipstokn.c.fix-fips-login 2017-02-17 05:20:06.000000000 -0800 ++++ ./nss/lib/softoken/fipstokn.c 2017-05-05 15:29:23.934308889 -0700 +@@ -540,7 +540,10 @@ FC_GetTokenInfo(CK_SLOT_ID slotID, CK_TO + + crv = NSC_GetTokenInfo(slotID, pInfo); + if (crv == CKR_OK) { +- if ((pInfo->flags & CKF_LOGIN_REQUIRED) == 0) { ++ /* use the global database to figure out if we are running in ++ * FIPS 140 Level 1 or Level 2 */ ++ if (slotID == FIPS_SLOT_ID && ++ (pInfo->flags & CKF_LOGIN_REQUIRED) == 0) { + isLevel2 = PR_FALSE; + } + } +@@ -616,7 +619,8 @@ FC_InitPIN(CK_SESSION_HANDLE hSession, + * we need to make sure the pin meets FIPS requirements */ + if ((ulPinLen == 0) || ((rv = sftk_newPinCheck(pPin, ulPinLen)) == CKR_OK)) { + rv = NSC_InitPIN(hSession, pPin, ulPinLen); +- if (rv == CKR_OK) { ++ if ((rv == CKR_OK) && ++ (sftk_SlotIDFromSessionHandle(hSession) == FIPS_SLOT_ID)) { + isLevel2 = (ulPinLen > 0) ? PR_TRUE : PR_FALSE; + } + } +@@ -644,7 +648,8 @@ FC_SetPIN(CK_SESSION_HANDLE hSession, CK + if ((rv = sftk_fipsCheck()) == CKR_OK && + (rv = sftk_newPinCheck(pNewPin, usNewLen)) == CKR_OK) { + rv = NSC_SetPIN(hSession, pOldPin, usOldLen, pNewPin, usNewLen); +- if (rv == CKR_OK) { ++ if ((rv == CKR_OK) && ++ (sftk_SlotIDFromSessionHandle(hSession) == FIPS_SLOT_ID)) { + /* if we set the password in level1 we now go + * to level2. NOTE: we don't allow the user to + * go from level2 to level1 */ +@@ -705,12 +710,24 @@ FC_GetSessionInfo(CK_SESSION_HANDLE hSes + + rv = NSC_GetSessionInfo(hSession, pInfo); + if (rv == CKR_OK) { +- if ((isLoggedIn) && (pInfo->state == CKS_RO_PUBLIC_SESSION)) { +- pInfo->state = CKS_RO_USER_FUNCTIONS; +- } +- if ((isLoggedIn) && (pInfo->state == CKS_RW_PUBLIC_SESSION)) { +- pInfo->state = CKS_RW_USER_FUNCTIONS; +- } ++ /* handle the case where the auxilary slot doesn't require login. ++ * piggy back on the main token's login state */ ++ if (isLoggedIn && ++ ((pInfo->state == CKS_RO_PUBLIC_SESSION) || ++ (pInfo->state == CKS_RW_PUBLIC_SESSION))) { ++ CK_RV crv; ++ CK_TOKEN_INFO tInfo; ++ crv = NSC_GetTokenInfo(sftk_SlotIDFromSessionHandle(hSession), ++ &tInfo); ++ /* if the token doesn't login, use our global login state */ ++ if ((crv == CKR_OK) && ((tInfo.flags & CKF_LOGIN_REQUIRED) == 0)) { ++ if (pInfo->state == CKS_RO_PUBLIC_SESSION) { ++ pInfo->state = CKS_RO_USER_FUNCTIONS; ++ } else { ++ pInfo->state = CKS_RW_USER_FUNCTIONS; ++ } ++ } ++ } + } + return rv; + } +diff -up ./nss/lib/softoken/pkcs11.c.fix-fips-login ./nss/lib/softoken/pkcs11.c +--- ./nss/lib/softoken/pkcs11.c.fix-fips-login 2017-05-05 15:33:02.247012129 -0700 ++++ ./nss/lib/softoken/pkcs11.c 2017-05-05 15:34:43.399727983 -0700 +@@ -2370,17 +2370,22 @@ sftk_SlotFromID(CK_SLOT_ID slotID, PRBoo + return slot; + } + +-SFTKSlot * +-sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle) ++CK_SLOT_ID ++sftk_SlotIDFromSessionHandle(CK_SESSION_HANDLE handle) + { + CK_ULONG slotIDIndex = (handle >> 24) & 0x7f; + CK_ULONG moduleIndex = (handle >> 31) & 1; + + if (slotIDIndex >= nscSlotCount[moduleIndex]) { +- return NULL; ++ return (CK_SLOT_ID)-1; + } ++ return nscSlotList[moduleIndex][slotIDIndex]; ++} + +- return sftk_SlotFromID(nscSlotList[moduleIndex][slotIDIndex], PR_FALSE); ++SFTKSlot * ++sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle) ++{ ++ return sftk_SlotFromID(sftk_SlotIDFromSessionHandle(handle), PR_FALSE); + } + + static CK_RV +diff -up ./nss/lib/softoken/pkcs11i.h.fix-fips-login ./nss/lib/softoken/pkcs11i.h +--- ./nss/lib/softoken/pkcs11i.h.fix-fips-login 2017-02-17 05:20:06.000000000 -0800 ++++ ./nss/lib/softoken/pkcs11i.h 2017-05-05 15:29:23.934308889 -0700 +@@ -667,6 +667,7 @@ extern CK_RV sftk_handleObject(SFTKObjec + + extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all); + extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle); ++extern CK_SLOT_ID sftk_SlotIDFromSessionHandle(CK_SESSION_HANDLE handle); + extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle); + extern void sftk_FreeSession(SFTKSession *session); + extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, diff --git a/SOURCES/nss-softokn-allow-level1.patch b/SOURCES/nss-softokn-allow-level1.patch deleted file mode 100644 index 859f912..0000000 --- a/SOURCES/nss-softokn-allow-level1.patch +++ /dev/null @@ -1,42 +0,0 @@ -diff -up ./nss/lib/softoken/fipstokn.c.allow_level1 ./nss/lib/softoken/fipstokn.c ---- ./nss/lib/softoken/fipstokn.c.allow_level1 2013-10-11 11:47:31.265670032 -0700 -+++ ./nss/lib/softoken/fipstokn.c 2013-10-11 11:58:12.730655827 -0700 -@@ -97,6 +97,7 @@ libaudit_init(void) - * ******************** Password Utilities ******************************* - */ - static PRBool isLoggedIn = PR_FALSE; -+static PRBool isLevel2 = PR_TRUE; - PRBool sftk_fatalError = PR_FALSE; - - /* -@@ -197,7 +198,7 @@ static CK_RV sftk_newPinCheck(CK_CHAR_PT - static CK_RV sftk_fipsCheck(void) { - if (sftk_fatalError) - return CKR_DEVICE_ERROR; -- if (!isLoggedIn) -+ if (isLevel2 && !isLoggedIn) - return CKR_USER_NOT_LOGGED_IN; - return CKR_OK; - } -@@ -498,6 +499,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserve - return crv; - } - nsf_init = PR_TRUE; -+ isLevel2 = PR_TRUE; /* assume level 2 unless we learn otherwise */ - - return CKR_OK; - } -@@ -552,8 +554,11 @@ CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, - CHECK_FORK(); - - crv = NSC_GetTokenInfo(slotID,pInfo); -- if (crv == CKR_OK) -- pInfo->flags |= CKF_LOGIN_REQUIRED; -+ if (crv == CKR_OK) { -+ if ((pInfo->flags & CKF_LOGIN_REQUIRED) == 0) { -+ isLevel2 = PR_FALSE; -+ } -+ } - return crv; - - } diff --git a/SOURCES/nss-softokn-basicutil-dependency.patch b/SOURCES/nss-softokn-basicutil-dependency.patch new file mode 100644 index 0000000..861e2e4 --- /dev/null +++ b/SOURCES/nss-softokn-basicutil-dependency.patch @@ -0,0 +1,417 @@ +# HG changeset patch +# User Daiki Ueno +# Date 1483701049 -3600 +# Fri Jan 06 12:10:49 2017 +0100 +# Node ID 85673cf4a82728084850deb2f05bda2778480341 +# Parent 697aaeda536948589fb6759e235f7e1486b524b3 +Move SSLNamedGroup references from basicutil.h to secutil.h + +diff --git a/cmd/lib/basicutil.c b/cmd/lib/basicutil.c +--- a/cmd/lib/basicutil.c ++++ b/cmd/lib/basicutil.c +@@ -25,7 +25,6 @@ + #endif + + #include "secoid.h" +-#include "sslt.h" + + extern long DER_GetInteger(const SECItem *src); + +@@ -732,98 +731,3 @@ SECU_SECItemHexStringToBinary(SECItem *s + srcdest->len /= 2; + return SECSuccess; + } +- +-SSLNamedGroup +-groupNameToNamedGroup(char *name) +-{ +- if (PL_strlen(name) == 4) { +- if (!strncmp(name, "P256", 4)) { +- return ssl_grp_ec_secp256r1; +- } +- if (!strncmp(name, "P384", 4)) { +- return ssl_grp_ec_secp384r1; +- } +- if (!strncmp(name, "P521", 4)) { +- return ssl_grp_ec_secp521r1; +- } +- } +- if (PL_strlen(name) == 6) { +- if (!strncmp(name, "x25519", 6)) { +- return ssl_grp_ec_curve25519; +- } +- if (!strncmp(name, "FF2048", 6)) { +- return ssl_grp_ffdhe_2048; +- } +- if (!strncmp(name, "FF3072", 6)) { +- return ssl_grp_ffdhe_3072; +- } +- if (!strncmp(name, "FF4096", 6)) { +- return ssl_grp_ffdhe_4096; +- } +- if (!strncmp(name, "FF6144", 6)) { +- return ssl_grp_ffdhe_6144; +- } +- if (!strncmp(name, "FF8192", 6)) { +- return ssl_grp_ffdhe_8192; +- } +- } +- +- return ssl_grp_none; +-} +- +-SECStatus +-parseGroupList(const char *arg, SSLNamedGroup **enabledGroups, +- unsigned int *enabledGroupsCount) +-{ +- SSLNamedGroup *groups; +- char *str; +- char *p; +- unsigned int numValues = 0; +- unsigned int count = 0; +- +- /* Count the number of groups. */ +- str = PORT_Strdup(arg); +- if (!str) { +- return SECFailure; +- } +- p = strtok(str, ","); +- while (p) { +- ++numValues; +- p = strtok(NULL, ","); +- } +- PORT_Free(str); +- str = NULL; +- groups = PORT_ZNewArray(SSLNamedGroup, numValues); +- if (!groups) { +- goto done; +- } +- +- /* Get group names. */ +- str = PORT_Strdup(arg); +- if (!str) { +- goto done; +- } +- p = strtok(str, ","); +- while (p) { +- SSLNamedGroup group = groupNameToNamedGroup(p); +- if (group == ssl_grp_none) { +- count = 0; +- goto done; +- } +- groups[count++] = group; +- p = strtok(NULL, ","); +- } +- +-done: +- if (str) { +- PORT_Free(str); +- } +- if (!count) { +- PORT_Free(groups); +- return SECFailure; +- } +- +- *enabledGroupsCount = count; +- *enabledGroups = groups; +- return SECSuccess; +-} +diff --git a/cmd/lib/basicutil.h b/cmd/lib/basicutil.h +--- a/cmd/lib/basicutil.h ++++ b/cmd/lib/basicutil.h +@@ -13,7 +13,6 @@ + #include "base64.h" + #include "secasn1.h" + #include "secder.h" +-#include "sslt.h" + #include + + #ifdef SECUTIL_NEW +@@ -113,10 +112,6 @@ SECU_ParseCommandLine(int argc, char **a + char * + SECU_GetOptionArg(const secuCommand *cmd, int optionNum); + +-SECStatus parseGroupList(const char *arg, SSLNamedGroup **enabledGroups, +- unsigned int *enabledGroupsCount); +-SSLNamedGroup groupNameToNamedGroup(char *name); +- + /* + * + * Error messaging +diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c +--- a/cmd/lib/secutil.c ++++ b/cmd/lib/secutil.c +@@ -3875,3 +3875,98 @@ SECU_HexString2SECItem(PLArenaPool *aren + + return item; + } ++ ++SSLNamedGroup ++groupNameToNamedGroup(char *name) ++{ ++ if (PL_strlen(name) == 4) { ++ if (!strncmp(name, "P256", 4)) { ++ return ssl_grp_ec_secp256r1; ++ } ++ if (!strncmp(name, "P384", 4)) { ++ return ssl_grp_ec_secp384r1; ++ } ++ if (!strncmp(name, "P521", 4)) { ++ return ssl_grp_ec_secp521r1; ++ } ++ } ++ if (PL_strlen(name) == 6) { ++ if (!strncmp(name, "x25519", 6)) { ++ return ssl_grp_ec_curve25519; ++ } ++ if (!strncmp(name, "FF2048", 6)) { ++ return ssl_grp_ffdhe_2048; ++ } ++ if (!strncmp(name, "FF3072", 6)) { ++ return ssl_grp_ffdhe_3072; ++ } ++ if (!strncmp(name, "FF4096", 6)) { ++ return ssl_grp_ffdhe_4096; ++ } ++ if (!strncmp(name, "FF6144", 6)) { ++ return ssl_grp_ffdhe_6144; ++ } ++ if (!strncmp(name, "FF8192", 6)) { ++ return ssl_grp_ffdhe_8192; ++ } ++ } ++ ++ return ssl_grp_none; ++} ++ ++SECStatus ++parseGroupList(const char *arg, SSLNamedGroup **enabledGroups, ++ unsigned int *enabledGroupsCount) ++{ ++ SSLNamedGroup *groups; ++ char *str; ++ char *p; ++ unsigned int numValues = 0; ++ unsigned int count = 0; ++ ++ /* Count the number of groups. */ ++ str = PORT_Strdup(arg); ++ if (!str) { ++ return SECFailure; ++ } ++ p = strtok(str, ","); ++ while (p) { ++ ++numValues; ++ p = strtok(NULL, ","); ++ } ++ PORT_Free(str); ++ str = NULL; ++ groups = PORT_ZNewArray(SSLNamedGroup, numValues); ++ if (!groups) { ++ goto done; ++ } ++ ++ /* Get group names. */ ++ str = PORT_Strdup(arg); ++ if (!str) { ++ goto done; ++ } ++ p = strtok(str, ","); ++ while (p) { ++ SSLNamedGroup group = groupNameToNamedGroup(p); ++ if (group == ssl_grp_none) { ++ count = 0; ++ goto done; ++ } ++ groups[count++] = group; ++ p = strtok(NULL, ","); ++ } ++ ++done: ++ if (str) { ++ PORT_Free(str); ++ } ++ if (!count) { ++ PORT_Free(groups); ++ return SECFailure; ++ } ++ ++ *enabledGroupsCount = count; ++ *enabledGroups = groups; ++ return SECSuccess; ++} +diff --git a/cmd/lib/secutil.h b/cmd/lib/secutil.h +--- a/cmd/lib/secutil.h ++++ b/cmd/lib/secutil.h +@@ -408,6 +408,10 @@ SECU_ParseSSLVersionRangeString(const ch + extern SECItem *SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, + const char *str); + ++SECStatus parseGroupList(const char *arg, SSLNamedGroup **enabledGroups, ++ unsigned int *enabledGroupsCount); ++SSLNamedGroup groupNameToNamedGroup(char *name); ++ + /* + * + * Error messaging +# HG changeset patch +# User Daiki Ueno +# Date 1483695727 -3600 +# Fri Jan 06 10:42:07 2017 +0100 +# Node ID 93a3a5494fad25ba55c2133453c3300719216b18 +# Parent 85673cf4a82728084850deb2f05bda2778480341 +Move SECU_HexString2SECItem to basicutil.c + +Also add the stub declaration in basicutil.h, and remove unnecesary +#include for secutil.h in some files. + +diff --git a/cmd/ecperf/ecperf.c b/cmd/ecperf/ecperf.c +--- a/cmd/ecperf/ecperf.c ++++ b/cmd/ecperf/ecperf.c +@@ -9,7 +9,6 @@ + #include "basicutil.h" + #include "pkcs11.h" + #include "nspr.h" +-#include "secutil.h" + #include + + #define __PASTE(x, y) x##y +@@ -106,6 +105,8 @@ typedef struct ThreadDataStr { + int isSign; + } ThreadData; + ++typedef SECItem SECKEYECParams; ++ + void + PKCS11Thread(void *data) + { +diff --git a/cmd/fbectest/fbectest.c b/cmd/fbectest/fbectest.c +--- a/cmd/fbectest/fbectest.c ++++ b/cmd/fbectest/fbectest.c +@@ -9,7 +9,6 @@ + #include "basicutil.h" + #include "secder.h" + #include "secitem.h" +-#include "secutil.h" + #include "nspr.h" + #include + +diff --git a/cmd/lib/basicutil.c b/cmd/lib/basicutil.c +--- a/cmd/lib/basicutil.c ++++ b/cmd/lib/basicutil.c +@@ -731,3 +731,46 @@ SECU_SECItemHexStringToBinary(SECItem *s + srcdest->len /= 2; + return SECSuccess; + } ++ ++SECItem * ++SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str) ++{ ++ int i = 0; ++ int byteval = 0; ++ int tmp = PORT_Strlen(str); ++ ++ PORT_Assert(arena); ++ PORT_Assert(item); ++ ++ if ((tmp % 2) != 0) { ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ return NULL; ++ } ++ ++ item = SECITEM_AllocItem(arena, item, tmp / 2); ++ if (item == NULL) { ++ return NULL; ++ } ++ ++ while (str[i]) { ++ if ((str[i] >= '0') && (str[i] <= '9')) { ++ tmp = str[i] - '0'; ++ } else if ((str[i] >= 'a') && (str[i] <= 'f')) { ++ tmp = str[i] - 'a' + 10; ++ } else if ((str[i] >= 'A') && (str[i] <= 'F')) { ++ tmp = str[i] - 'A' + 10; ++ } else { ++ /* item is in arena and gets freed by the caller */ ++ return NULL; ++ } ++ ++ byteval = byteval * 16 + tmp; ++ if ((i % 2) != 0) { ++ item->data[i / 2] = byteval; ++ byteval = 0; ++ } ++ i++; ++ } ++ ++ return item; ++} +diff --git a/cmd/lib/basicutil.h b/cmd/lib/basicutil.h +--- a/cmd/lib/basicutil.h ++++ b/cmd/lib/basicutil.h +@@ -81,6 +81,12 @@ SECStatus + SECU_SECItemHexStringToBinary(SECItem *srcdest); + + /* ++** Read a hex string into a SecItem. ++*/ ++extern SECItem *SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, ++ const char *str); ++ ++/* + * + * Utilities for parsing security tools command lines + * +diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c +--- a/cmd/lib/secutil.c ++++ b/cmd/lib/secutil.c +@@ -3833,49 +3833,6 @@ SECU_ParseSSLVersionRangeString(const ch + return SECSuccess; + } + +-SECItem * +-SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str) +-{ +- int i = 0; +- int byteval = 0; +- int tmp = PORT_Strlen(str); +- +- PORT_Assert(arena); +- PORT_Assert(item); +- +- if ((tmp % 2) != 0) { +- PORT_SetError(SEC_ERROR_INVALID_ARGS); +- return NULL; +- } +- +- item = SECITEM_AllocItem(arena, item, tmp / 2); +- if (item == NULL) { +- return NULL; +- } +- +- while (str[i]) { +- if ((str[i] >= '0') && (str[i] <= '9')) { +- tmp = str[i] - '0'; +- } else if ((str[i] >= 'a') && (str[i] <= 'f')) { +- tmp = str[i] - 'a' + 10; +- } else if ((str[i] >= 'A') && (str[i] <= 'F')) { +- tmp = str[i] - 'A' + 10; +- } else { +- /* item is in arena and gets freed by the caller */ +- return NULL; +- } +- +- byteval = byteval * 16 + tmp; +- if ((i % 2) != 0) { +- item->data[i / 2] = byteval; +- byteval = 0; +- } +- i++; +- } +- +- return item; +-} +- + SSLNamedGroup + groupNameToNamedGroup(char *name) + { diff --git a/SOURCES/nss-softokn-ec-derive-pubkey-check.patch b/SOURCES/nss-softokn-ec-derive-pubkey-check.patch new file mode 100644 index 0000000..a2f42c3 --- /dev/null +++ b/SOURCES/nss-softokn-ec-derive-pubkey-check.patch @@ -0,0 +1,48 @@ +diff -up ./nss/lib/freebl/ec.c.ec-derive-pubkey-check ./nss/lib/freebl/ec.c +--- ./nss/lib/freebl/ec.c.ec-derive-pubkey-check 2017-03-23 15:54:08.182526259 -0700 ++++ ./nss/lib/freebl/ec.c 2017-03-23 15:59:37.407142251 -0700 +@@ -565,6 +565,15 @@ ECDH_Derive(SECItem *publicValue, + return SECFailure; + } + ++ /* ++ * Make sure the point is on the requested curve to avoid ++ * certain small subgroup attacks. ++ */ ++ if (EC_ValidatePublicKey(ecParams, publicValue) != SECSuccess) { ++ PORT_SetError(SEC_ERROR_BAD_KEY); ++ return SECFailure; ++ } ++ + /* Perform curve specific multiplication using ECMethod */ + if (ecParams->fieldID.type == ec_field_plain) { + const ECMethod *method; +@@ -580,10 +589,6 @@ ECDH_Derive(SECItem *publicValue, + PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + return SECFailure; + } +- if (method->validate(publicValue) != SECSuccess) { +- PORT_SetError(SEC_ERROR_BAD_KEY); +- return SECFailure; +- } + return method->mul(derivedSecret, privateValue, publicValue); + } + +diff -up ./nss/lib/softoken/pkcs11c.c.ec-derive-pubkey-check ./nss/lib/softoken/pkcs11c.c +--- ./nss/lib/softoken/pkcs11c.c.ec-derive-pubkey-check 2017-02-17 05:20:06.000000000 -0800 ++++ ./nss/lib/softoken/pkcs11c.c 2017-03-23 15:54:08.184526293 -0700 +@@ -7247,14 +7247,6 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + + if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) { + withCofactor = PR_TRUE; +- } else { +- /* When not using cofactor derivation, one should +- * validate the public key to avoid small subgroup +- * attacks. +- */ +- if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) != SECSuccess) { +- goto ec_loser; +- } + } + + rv = ECDH_Derive(&ecPoint, &privKey->u.ec.ecParams, &ecScalar, diff --git a/SOURCES/nss-softokn-fix-drbg.patch b/SOURCES/nss-softokn-fix-drbg.patch new file mode 100644 index 0000000..c945b63 --- /dev/null +++ b/SOURCES/nss-softokn-fix-drbg.patch @@ -0,0 +1,97 @@ +# HG changeset patch +# User Franziskus Kiefer +# Date 1491394302 -7200 +# Wed Apr 05 14:11:42 2017 +0200 +# Branch NSS_3_28_BRANCH +# Node ID 7248d38b76e569d2f89b20598fcdca595c3a2e6a +# Parent 6eb39ead39e0b3f6269fd9660a4426187f5302a8 +Bug 1345089 - add prng kat tests, r=ttaubert + +diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h +--- a/lib/freebl/blapi.h ++++ b/lib/freebl/blapi.h +@@ -1469,6 +1469,12 @@ FIPS186Change_ReduceModQForDSA(const uns + const unsigned char *q, + unsigned char *xj); + ++/* To allow NIST KAT tests */ ++extern SECStatus ++PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len, ++ const PRUint8 *nonce, unsigned int nonce_len, ++ const PRUint8 *personal_string, unsigned int ps_len); ++ + /* + * The following functions are for FIPS poweron self test and FIPS algorithm + * testing. +diff --git a/lib/freebl/drbg.c b/lib/freebl/drbg.c +--- a/lib/freebl/drbg.c ++++ b/lib/freebl/drbg.c +@@ -99,7 +99,8 @@ struct RNGContextStr { + * RNG_RandomUpdate. */ + PRUint8 additionalDataCache[PRNG_ADDITONAL_DATA_CACHE_SIZE]; + PRUint32 additionalAvail; +- PRBool isValid; /* false if RNG reaches an invalid state */ ++ PRBool isValid; /* false if RNG reaches an invalid state */ ++ PRBool isKatTest; /* true if running NIST PRNG KAT tests */ + }; + + typedef struct RNGContextStr RNGContext; +@@ -150,7 +151,7 @@ prng_Hash_df(PRUint8 *requested_bytes, u + } + + /* +- * Hash_DRBG Instantiate NIST SP 800-80 10.1.1.2 ++ * Hash_DRBG Instantiate NIST SP 800-90 10.1.1.2 + * + * NOTE: bytes & len are entropy || nonce || personalization_string. In + * normal operation, NSS calculates them all together in a single call. +@@ -158,9 +159,11 @@ prng_Hash_df(PRUint8 *requested_bytes, u + static SECStatus + prng_instantiate(RNGContext *rng, const PRUint8 *bytes, unsigned int len) + { +- if (len < PRNG_SEEDLEN) { +- /* if the seedlen is to small, it's probably because we failed to get +- * enough random data */ ++ if (!rng->isKatTest && len < PRNG_SEEDLEN) { ++ /* If the seedlen is too small, it's probably because we failed to get ++ * enough random data. ++ * This is stricter than NIST SP800-90A requires. Don't enforce it for ++ * tests. */ + PORT_SetError(SEC_ERROR_NEED_RANDOM); + return SECFailure; + } +@@ -272,7 +275,7 @@ prng_reseed_test(RNGContext *rng, const + + #define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \ + PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ +- PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry) ++ PRNG_ADD_CARRY_ONLY(dest, dest_len - len - 1, carry) + + /* + * This function expands the internal state of the prng to fulfill any number +@@ -441,6 +444,7 @@ rng_init(void) + } + /* the RNG is in a valid state */ + globalrng->isValid = PR_TRUE; ++ globalrng->isKatTest = PR_FALSE; + + /* fetch one random value so that we can populate rng->oldV for our + * continous random number test. */ +@@ -696,6 +700,17 @@ RNG_RNGShutdown(void) + * entropy we may have previously collected. */ + RNGContext testContext; + ++SECStatus ++PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len, ++ const PRUint8 *nonce, unsigned int nonce_len, ++ const PRUint8 *personal_string, unsigned int ps_len) ++{ ++ testContext.isKatTest = PR_TRUE; ++ return PRNGTEST_Instantiate(entropy, entropy_len, ++ nonce, nonce_len, ++ personal_string, ps_len); ++} ++ + /* + * Test vector API. Use NIST SP 800-90 general interface so one of the + * other NIST SP 800-90 algorithms may be used in the future. diff --git a/SOURCES/nss-softokn-fix-error-handling.patch b/SOURCES/nss-softokn-fix-error-handling.patch deleted file mode 100644 index 58fdcce..0000000 --- a/SOURCES/nss-softokn-fix-error-handling.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up ./nss/lib/softoken/pkcs11c.c.1154764 ./nss/lib/softoken/pkcs11c.c ---- ./nss/lib/softoken/pkcs11c.c.1154764 2015-01-12 13:53:36.488856046 -0800 -+++ ./nss/lib/softoken/pkcs11c.c 2015-01-12 13:53:36.552856584 -0800 -@@ -3523,12 +3523,12 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, - } - params->arena = arena; - crv = sftk_Attribute2SSecItem(arena, ¶ms->prime, key, CKA_PRIME); -- if (rv != SECSuccess) { -+ if (crv != CKR_OK) { - goto loser; - } - crv = sftk_Attribute2SSecItem(arena, ¶ms->subPrime, - key, CKA_SUBPRIME); -- if (crv != SECSuccess) { -+ if (crv != CKR_OK) { - goto loser; - } - -@@ -3544,7 +3544,7 @@ nsc_parameter_gen(CK_KEY_TYPE key_type, - } - vfy->arena = arena; - crv = sftk_Attribute2SSecItem(arena, &vfy->seed, key, CKA_NSS_PQG_SEED); -- if (rv != SECSuccess) { -+ if (crv != CKR_OK) { - goto loser; - } - crv = sftk_Attribute2SSecItem(arena, &vfy->h, key, CKA_NSS_PQG_H); diff --git a/SOURCES/nss-softokn-pkcs12-rsa-pss.patch b/SOURCES/nss-softokn-pkcs12-rsa-pss.patch new file mode 100644 index 0000000..b6195fa --- /dev/null +++ b/SOURCES/nss-softokn-pkcs12-rsa-pss.patch @@ -0,0 +1,11 @@ +diff -up ./nss/lib/softoken/pkcs11c.c.pkcs12-rsa-pss ./nss/lib/softoken/pkcs11c.c +--- ./nss/lib/softoken/pkcs11c.c.pkcs12-rsa-pss 2017-03-23 15:32:39.172593148 -0700 ++++ ./nss/lib/softoken/pkcs11c.c 2017-03-23 15:33:20.789301538 -0700 +@@ -5592,6 +5592,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, S + + switch (SECOID_GetAlgorithmTag(&pki->algorithm)) { + case SEC_OID_PKCS1_RSA_ENCRYPTION: ++ case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: + keyTemplate = nsslowkey_RSAPrivateKeyTemplate; + paramTemplate = NULL; + paramDest = NULL; diff --git a/SOURCES/nss-softokn-pkcs12-sha2.patch b/SOURCES/nss-softokn-pkcs12-sha2.patch new file mode 100644 index 0000000..2e40df3 --- /dev/null +++ b/SOURCES/nss-softokn-pkcs12-sha2.patch @@ -0,0 +1,94 @@ +diff -up ./nss/lib/softoken/lowpbe.c.pkcs12-sha2 ./nss/lib/softoken/lowpbe.c +--- ./nss/lib/softoken/lowpbe.c.pkcs12-sha2 2017-02-17 05:20:06.000000000 -0800 ++++ ./nss/lib/softoken/lowpbe.c 2017-03-23 10:34:22.320526927 -0700 +@@ -408,7 +408,6 @@ loser: + return result; + } + +-#define HMAC_BUFFER 64 + #define NSSPBE_ROUNDUP(x, y) ((((x) + ((y)-1)) / (y)) * (y)) + #define NSSPBE_MIN(x, y) ((x) < (y) ? (x) : (y)) + /* +@@ -430,6 +429,7 @@ nsspkcs5_PKCS12PBE(const SECHashObject * + int iter; + unsigned char *iterBuf; + void *hash = NULL; ++ unsigned int bufferLength; + + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!arena) { +@@ -439,8 +439,11 @@ nsspkcs5_PKCS12PBE(const SECHashObject * + /* how many hash object lengths are needed */ + c = (bytesNeeded + (hashLength - 1)) / hashLength; + ++ /* 64 if 0 < hashLength <= 32, 128 if 32 < hashLength <= 64 */ ++ bufferLength = NSSPBE_ROUNDUP(hashLength * 2, 64); ++ + /* initialize our buffers */ +- D.len = HMAC_BUFFER; ++ D.len = bufferLength; + /* B and D are the same length, use one alloc go get both */ + D.data = (unsigned char *)PORT_ArenaZAlloc(arena, D.len * 2); + B.len = D.len; +@@ -452,8 +455,8 @@ nsspkcs5_PKCS12PBE(const SECHashObject * + goto loser; + } + +- SLen = NSSPBE_ROUNDUP(salt->len, HMAC_BUFFER); +- PLen = NSSPBE_ROUNDUP(pwitem->len, HMAC_BUFFER); ++ SLen = NSSPBE_ROUNDUP(salt->len, bufferLength); ++ PLen = NSSPBE_ROUNDUP(pwitem->len, bufferLength); + I.len = SLen + PLen; + I.data = (unsigned char *)PORT_ArenaZAlloc(arena, I.len); + if (I.data == NULL) { +diff -up ./nss/lib/softoken/pkcs11c.c.pkcs12-sha2 ./nss/lib/softoken/pkcs11c.c +--- ./nss/lib/softoken/pkcs11c.c.pkcs12-sha2 2017-02-17 05:20:06.000000000 -0800 ++++ ./nss/lib/softoken/pkcs11c.c 2017-03-23 10:34:22.322526961 -0700 +@@ -3971,6 +3971,22 @@ nsc_SetupHMACKeyGen(CK_MECHANISM_PTR pMe + params->hashType = HASH_AlgMD2; + params->keyLen = 16; + break; ++ case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN: ++ params->hashType = HASH_AlgSHA224; ++ params->keyLen = 28; ++ break; ++ case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN: ++ params->hashType = HASH_AlgSHA256; ++ params->keyLen = 32; ++ break; ++ case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN: ++ params->hashType = HASH_AlgSHA384; ++ params->keyLen = 48; ++ break; ++ case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN: ++ params->hashType = HASH_AlgSHA512; ++ params->keyLen = 64; ++ break; + default: + PORT_FreeArena(arena, PR_TRUE); + return CKR_MECHANISM_INVALID; +@@ -4189,6 +4205,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi + case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN: + case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN: + case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN: ++ case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN: ++ case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN: ++ case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN: ++ case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN: + key_gen_type = nsc_pbe; + key_type = CKK_GENERIC_SECRET; + crv = nsc_SetupHMACKeyGen(pMechanism, &pbe_param); +diff -up ./nss/lib/softoken/pkcs11.c.pkcs12-sha2 ./nss/lib/softoken/pkcs11.c +--- ./nss/lib/softoken/pkcs11.c.pkcs12-sha2 2017-02-17 05:20:06.000000000 -0800 ++++ ./nss/lib/softoken/pkcs11.c 2017-03-23 10:34:22.321526944 -0700 +@@ -480,6 +480,10 @@ static const struct mechanismList mechan + { CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, { 20, 20, CKF_GENERATE }, PR_TRUE }, + { CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE }, + { CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE }, ++ { CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 28, 28, CKF_GENERATE }, PR_TRUE }, ++ { CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 32, 32, CKF_GENERATE }, PR_TRUE }, ++ { CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_TRUE }, ++ { CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN, { 64, 64, CKF_GENERATE }, PR_TRUE }, + /* ------------------ AES Key Wrap (also encrypt) ------------------- */ + { CKM_NETSCAPE_AES_KEY_WRAP, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE }, + { CKM_NETSCAPE_AES_KEY_WRAP_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE }, diff --git a/SOURCES/nss-softokn-pss-modulus-bits.patch b/SOURCES/nss-softokn-pss-modulus-bits.patch new file mode 100644 index 0000000..74e1e7d --- /dev/null +++ b/SOURCES/nss-softokn-pss-modulus-bits.patch @@ -0,0 +1,1570 @@ +# HG changeset patch +# User Tim Taubert +# Date 1485772089 -3600 +# Mon Jan 30 11:28:09 2017 +0100 +# Branch NSS_3_29_BRANCH +# Node ID 1bbd8a1ba5a38334b8a9f9371319db139a81fe54 +# Parent e8afdd255bae83dceee408343773b956e0198efc +Bug 1334474 - Support RSA-PSS signatures with (modulus_bits % 8 > 0) r=franziskus + +Differential Revision: https://nss-review.dev.mozaws.net/D180 +* * * +Bug 1334474 - Fix 1025-bit RSA-PSS signatures on Linux r=bustage + +diff --git a/gtests/pk11_gtest/pk11_rsapss_unittest.cc b/gtests/pk11_gtest/pk11_rsapss_unittest.cc +--- a/gtests/pk11_gtest/pk11_rsapss_unittest.cc ++++ b/gtests/pk11_gtest/pk11_rsapss_unittest.cc +@@ -12,115 +12,9 @@ + #include "gtest/gtest.h" + #include "scoped_ptrs.h" + +-namespace nss_test { +- +-// RSA-PSS test vectors, pss-vect.txt, Example 1: A 1024-bit RSA Key Pair +-// +-const uint8_t kTestVector1Spki[] = { +- 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, +- 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, +- 0x89, 0x02, 0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, +- 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, +- 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, +- 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, +- 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, +- 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, +- 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, +- 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, +- 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, +- 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, +- 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, +- 0x37, 0x02, 0x03, 0x01, 0x00, 0x01}; +-// RSA-PSS test vectors, pss-vect.txt, Example 1.1 +-const uint8_t kTestVector1Data[] = { +- 0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb, +- 0xbc, 0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54, +- 0x75, 0xcc, 0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c, +- 0xe2, 0x39, 0x2e, 0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15, +- 0x6a, 0x0d, 0x8d, 0x52, 0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09, +- 0x57, 0x86, 0xcb, 0x76, 0x97, 0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe, +- 0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5, 0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2, +- 0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67, 0x69, 0x3f, 0x90, 0xdf, 0xb0, +- 0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44, 0x72, 0xc0, 0x0e, 0x5f, +- 0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06, 0xce, 0x78, 0xe0, +- 0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0, 0x31, 0x7e, +- 0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38, 0x08, +- 0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc, +- 0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41, +- 0x62, 0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9, +- 0xea, 0x8f, 0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16, +- 0xbe, 0x02, 0x54, 0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26, +- 0x76, 0xe0, 0x8a, 0xed, 0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67, +- 0xd0}; +-const uint8_t kTestVector1Sig[] = { +- 0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38, +- 0x8e, 0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1, +- 0x85, 0xdf, 0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd, +- 0x44, 0xdc, 0x86, 0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2, +- 0x26, 0xf3, 0xec, 0x22, 0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31, +- 0xf5, 0x05, 0x12, 0x15, 0xdf, 0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa, +- 0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14, 0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4, +- 0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa, 0x35, 0x42, 0xff, 0xee, 0x65, +- 0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d, 0xeb, 0x27, 0xdc, 0xa1, +- 0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00, 0xf1, 0xff, 0x2b, +- 0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c}; ++#include "pk11_rsapss_vectors.h" + +-// RSA-PSS test vectors, pss-vect.txt, Example 10: A 2048-bit RSA Key Pair +-// +-const uint8_t kTestVector2Spki[] = { +- 0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, +- 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00, +- 0x30, 0x82, 0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a, +- 0xc4, 0xcb, 0x02, 0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70, +- 0xef, 0x99, 0x1c, 0x56, 0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa, +- 0x89, 0x37, 0xce, 0xa5, 0x7b, 0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00, +- 0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22, 0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27, +- 0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80, 0x90, 0xfe, 0xe2, 0xa7, 0xad, +- 0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49, 0x97, 0xc7, 0xa4, 0x2d, +- 0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f, 0xe5, 0x21, 0xc1, +- 0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e, 0x4c, 0x7e, +- 0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57, 0x7e, +- 0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62, +- 0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc, +- 0x95, 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79, +- 0x25, 0xfe, 0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea, +- 0x45, 0x49, 0xc5, 0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9, +- 0x1f, 0xff, 0x58, 0x73, 0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70, +- 0x5a, 0x33, 0xe3, 0x91, 0x90, 0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1, +- 0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c, 0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17, +- 0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d, 0xce, 0x09, 0xcb, 0x4a, 0xd0, +- 0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98, 0xee, 0x27, 0xcf, 0x55, +- 0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec, 0x8b, 0x17, 0x4b, +- 0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21, 0xae, 0x05, +- 0x02, 0x03, 0x01, 0x00, 0x01}; +-// RSA-PSS test vectors, pss-vect.txt, Example 10.1 +-const uint8_t kTestVector2Data[] = { +- 0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9, +- 0x68, 0x03, 0x27, 0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f, +- 0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a, 0x3a, 0xd6, 0x09}; +-const uint8_t kTestVector2Sig[] = { +- 0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b, +- 0x19, 0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f, +- 0xce, 0x54, 0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd, +- 0xfd, 0xac, 0xe1, 0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14, +- 0x8e, 0xba, 0xd7, 0xa0, 0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5, +- 0x72, 0x7d, 0x05, 0xf2, 0x1e, 0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20, +- 0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a, 0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6, +- 0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59, 0x61, 0xc8, 0xbf, 0xad, 0x74, +- 0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39, 0x3e, 0x72, 0x23, 0x73, +- 0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55, 0x5b, 0x0e, 0xc0, +- 0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76, 0x14, 0xce, +- 0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95, 0x16, +- 0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d, +- 0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8, +- 0xfe, 0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77, +- 0x55, 0x92, 0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00, +- 0x0b, 0xe2, 0x5b, 0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86, +- 0x18, 0x4d, 0xd1, 0xc8, 0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f, +- 0x60, 0x66, 0x3d, 0xe7, 0xf5, 0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f, +- 0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4, 0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1, +- 0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2, 0x38, 0x52, 0x30, 0xd0, 0x70, +- 0xd0, 0x7e, 0x16, 0x66}; ++namespace nss_test { + + static unsigned char* toUcharPtr(const uint8_t* v) { + return const_cast(static_cast(v)); +@@ -152,7 +46,7 @@ class Pkcs11RsaPssVectorTest : public Pk + + // Hash the data. + std::vector hashBuf(hLen); +- SECItem hash = {siBuffer, &hashBuf[0], ++ SECItem hash = {siBuffer, hashBuf.data(), + static_cast(hashBuf.size())}; + SECStatus rv = PK11_HashBuf(hashOid, hash.data, toUcharPtr(data), data_len); + EXPECT_EQ(rv, SECSuccess); +@@ -165,11 +59,63 @@ class Pkcs11RsaPssVectorTest : public Pk + nullptr); + EXPECT_EQ(rv, SECSuccess); + } ++ ++ void SignAndVerify(const uint8_t* pkcs8, size_t pkcs8_len, ++ const uint8_t* spki, size_t spki_len, const uint8_t* data, ++ size_t data_len) { ++ // Sign with PSS/SHA-1. ++ SECOidTag hashOid = SEC_OID_SHA1; ++ CK_MECHANISM_TYPE hashMech = CKM_SHA_1; ++ CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA1; ++ ++ ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); ++ ASSERT_TRUE(slot); ++ ++ SECItem pkcs8Item = {siBuffer, toUcharPtr(pkcs8), ++ static_cast(pkcs8_len)}; ++ ++ // Import PKCS #8. ++ SECKEYPrivateKey* key = nullptr; ++ SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( ++ slot.get(), &pkcs8Item, nullptr, nullptr, false, false, KU_ALL, &key, ++ nullptr); ++ EXPECT_TRUE(rv == SECSuccess && !!key); ++ ScopedSECKEYPrivateKey privKey(key); ++ ++ // Set up PSS parameters. ++ unsigned int hLen = HASH_ResultLenByOidTag(hashOid); ++ CK_RSA_PKCS_PSS_PARAMS rsaPssParams = {hashMech, mgf, hLen}; ++ SECItem params = {siBuffer, reinterpret_cast(&rsaPssParams), ++ sizeof(rsaPssParams)}; ++ ++ // Hash the data. ++ std::vector hashBuf(hLen); ++ SECItem hash = {siBuffer, hashBuf.data(), ++ static_cast(hashBuf.size())}; ++ rv = PK11_HashBuf(hashOid, hash.data, toUcharPtr(data), data_len); ++ EXPECT_EQ(rv, SECSuccess); ++ ++ // Prepare signature buffer. ++ uint32_t len = PK11_SignatureLen(privKey.get()); ++ std::vector sigBuf(len); ++ SECItem sig = {siBuffer, sigBuf.data(), ++ static_cast(sigBuf.size())}; ++ ++ CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS; ++ rv = PK11_SignWithMechanism(privKey.get(), mech, ¶ms, &sig, &hash); ++ EXPECT_EQ(rv, SECSuccess); ++ ++ // Verify. ++ Verify(spki, spki_len, data, data_len, sig.data, sig.len); ++ } + }; + + #define PSS_TEST_VECTOR_VERIFY(spki, data, sig) \ + Verify(spki, sizeof(spki), data, sizeof(data), sig, sizeof(sig)); + ++#define PSS_TEST_VECTOR_SIGN_VERIFY(pkcs8, spki, data) \ ++ SignAndVerify(pkcs8, sizeof(pkcs8), spki, sizeof(spki), data, sizeof(data)); ++ + TEST_F(Pkcs11RsaPssTest, GenerateAndSignAndVerify) { + // Sign data with a 1024-bit RSA key, using PSS/SHA-256. + SECOidTag hashOid = SEC_OID_SHA256; +@@ -232,11 +178,100 @@ TEST_F(Pkcs11RsaPssTest, GenerateAndSign + TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature1) { + PSS_TEST_VECTOR_VERIFY(kTestVector1Spki, kTestVector1Data, kTestVector1Sig); + } ++TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify1) { ++ PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector1Pkcs8, kTestVector1Spki, ++ kTestVector1Data); ++} + +-// RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair ++// RSA-PSS test vectors, pss-vect.txt, Example 2.1: A 1025-bit RSA Key Pair + // + TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature2) { + PSS_TEST_VECTOR_VERIFY(kTestVector2Spki, kTestVector2Data, kTestVector2Sig); + } ++TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify2) { ++ PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector2Pkcs8, kTestVector2Spki, ++ kTestVector2Data); ++} ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 3.1: A 1026-bit RSA Key Pair ++// ++TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature3) { ++ PSS_TEST_VECTOR_VERIFY(kTestVector3Spki, kTestVector3Data, kTestVector3Sig); ++} ++TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify3) { ++ PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector3Pkcs8, kTestVector3Spki, ++ kTestVector3Data); ++} ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 4.1: A 1027-bit RSA Key Pair ++// ++TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature4) { ++ PSS_TEST_VECTOR_VERIFY(kTestVector4Spki, kTestVector4Data, kTestVector4Sig); ++} ++TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify4) { ++ PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector4Pkcs8, kTestVector4Spki, ++ kTestVector4Data); ++} ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 5.1: A 1028-bit RSA Key Pair ++// ++TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature5) { ++ PSS_TEST_VECTOR_VERIFY(kTestVector5Spki, kTestVector5Data, kTestVector5Sig); ++} ++TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify5) { ++ PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector5Pkcs8, kTestVector5Spki, ++ kTestVector5Data); ++} ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 6.1: A 1029-bit RSA Key Pair ++// ++TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature6) { ++ PSS_TEST_VECTOR_VERIFY(kTestVector6Spki, kTestVector6Data, kTestVector6Sig); ++} ++TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify6) { ++ PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector6Pkcs8, kTestVector6Spki, ++ kTestVector6Data); ++} ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 7.1: A 1030-bit RSA Key Pair ++// ++TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature7) { ++ PSS_TEST_VECTOR_VERIFY(kTestVector7Spki, kTestVector7Data, kTestVector7Sig); ++} ++TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify7) { ++ PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector7Pkcs8, kTestVector7Spki, ++ kTestVector7Data); ++} ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 8.1: A 1031-bit RSA Key Pair ++// ++TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature8) { ++ PSS_TEST_VECTOR_VERIFY(kTestVector8Spki, kTestVector8Data, kTestVector8Sig); ++} ++TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify8) { ++ PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector8Pkcs8, kTestVector8Spki, ++ kTestVector8Data); ++} ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 9.1: A 1536-bit RSA Key Pair ++// ++TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature9) { ++ PSS_TEST_VECTOR_VERIFY(kTestVector9Spki, kTestVector9Data, kTestVector9Sig); ++} ++TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify9) { ++ PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector9Pkcs8, kTestVector9Spki, ++ kTestVector9Data); ++} ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair ++// ++TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature10) { ++ PSS_TEST_VECTOR_VERIFY(kTestVector10Spki, kTestVector10Data, ++ kTestVector10Sig); ++} ++TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify10) { ++ PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector10Pkcs8, kTestVector10Spki, ++ kTestVector10Data); ++} + + } // namespace nss_test +diff --git a/gtests/pk11_gtest/pk11_rsapss_vectors.h b/gtests/pk11_gtest/pk11_rsapss_vectors.h +new file mode 100644 +--- /dev/null ++++ b/gtests/pk11_gtest/pk11_rsapss_vectors.h +@@ -0,0 +1,1083 @@ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this file, ++ * You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++namespace nss_test { ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 1: A 1024-bit RSA Key Pair ++// ++const uint8_t kTestVector1Pkcs8[] = { ++ 0x30, 0x82, 0x02, 0x72, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, ++ 0x02, 0x5c, 0x30, 0x82, 0x02, 0x58, 0x02, 0x01, 0x00, 0x02, 0x81, 0x80, ++ 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc, ++ 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4, ++ 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, ++ 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, ++ 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, ++ 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, ++ 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, ++ 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, ++ 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, ++ 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, ++ 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37, 0x02, 0x03, 0x01, 0x00, ++ 0x01, 0x02, 0x81, 0x80, 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, ++ 0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf, ++ 0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, ++ 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, ++ 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, ++ 0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, ++ 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27, ++ 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, ++ 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, ++ 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, ++ 0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25, ++ 0x02, 0x40, 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73, ++ 0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5, ++ 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7, ++ 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, ++ 0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, ++ 0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43, 0x02, 0x40, 0xb6, 0x9d, 0xca, 0x1c, ++ 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, ++ 0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, ++ 0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba, ++ 0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63, ++ 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd, ++ 0x02, 0x40, 0x28, 0xfa, 0x13, 0x93, 0x86, 0x55, 0xbe, 0x1f, 0x8a, 0x15, ++ 0x9c, 0xba, 0xca, 0x5a, 0x72, 0xea, 0x19, 0x0c, 0x30, 0x08, 0x9e, 0x19, ++ 0xcd, 0x27, 0x4a, 0x55, 0x6f, 0x36, 0xc4, 0xf6, 0xe1, 0x9f, 0x55, 0x4b, ++ 0x34, 0xc0, 0x77, 0x79, 0x04, 0x27, 0xbb, 0xdd, 0x8d, 0xd3, 0xed, 0xe2, ++ 0x44, 0x83, 0x28, 0xf3, 0x85, 0xd8, 0x1b, 0x30, 0xe8, 0xe4, 0x3b, 0x2f, ++ 0xff, 0xa0, 0x27, 0x86, 0x19, 0x79, 0x02, 0x40, 0x1a, 0x8b, 0x38, 0xf3, ++ 0x98, 0xfa, 0x71, 0x20, 0x49, 0x89, 0x8d, 0x7f, 0xb7, 0x9e, 0xe0, 0xa7, ++ 0x76, 0x68, 0x79, 0x12, 0x99, 0xcd, 0xfa, 0x09, 0xef, 0xc0, 0xe5, 0x07, ++ 0xac, 0xb2, 0x1e, 0xd7, 0x43, 0x01, 0xef, 0x5b, 0xfd, 0x48, 0xbe, 0x45, ++ 0x5e, 0xae, 0xb6, 0xe1, 0x67, 0x82, 0x55, 0x82, 0x75, 0x80, 0xa8, 0xe4, ++ 0xe8, 0xe1, 0x41, 0x51, 0xd1, 0x51, 0x0a, 0x82, 0xa3, 0xf2, 0xe7, 0x29, ++ 0x02, 0x40, 0x27, 0x15, 0x6a, 0xba, 0x41, 0x26, 0xd2, 0x4a, 0x81, 0xf3, ++ 0xa5, 0x28, 0xcb, 0xfb, 0x27, 0xf5, 0x68, 0x86, 0xf8, 0x40, 0xa9, 0xf6, ++ 0xe8, 0x6e, 0x17, 0xa4, 0x4b, 0x94, 0xfe, 0x93, 0x19, 0x58, 0x4b, 0x8e, ++ 0x22, 0xfd, 0xde, 0x1e, 0x5a, 0x2e, 0x3b, 0xd8, 0xaa, 0x5b, 0xa8, 0xd8, ++ 0x58, 0x41, 0x94, 0xeb, 0x21, 0x90, 0xac, 0xf8, 0x32, 0xb8, 0x47, 0xf1, ++ 0x3a, 0x3d, 0x24, 0xa7, 0x9f, 0x4d}; ++const uint8_t kTestVector1Spki[] = { ++ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, ++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, ++ 0x89, 0x02, 0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, ++ 0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, ++ 0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, ++ 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, ++ 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, ++ 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, ++ 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, ++ 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, ++ 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, ++ 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, ++ 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, ++ 0x37, 0x02, 0x03, 0x01, 0x00, 0x01}; ++// RSA-PSS test vectors, pss-vect.txt, Example 1.1 ++const uint8_t kTestVector1Data[] = { ++ 0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb, ++ 0xbc, 0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54, ++ 0x75, 0xcc, 0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c, ++ 0xe2, 0x39, 0x2e, 0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15, ++ 0x6a, 0x0d, 0x8d, 0x52, 0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09, ++ 0x57, 0x86, 0xcb, 0x76, 0x97, 0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe, ++ 0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5, 0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2, ++ 0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67, 0x69, 0x3f, 0x90, 0xdf, 0xb0, ++ 0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44, 0x72, 0xc0, 0x0e, 0x5f, ++ 0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06, 0xce, 0x78, 0xe0, ++ 0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0, 0x31, 0x7e, ++ 0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38, 0x08, ++ 0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc, ++ 0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41, ++ 0x62, 0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9, ++ 0xea, 0x8f, 0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16, ++ 0xbe, 0x02, 0x54, 0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26, ++ 0x76, 0xe0, 0x8a, 0xed, 0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67, ++ 0xd0}; ++const uint8_t kTestVector1Sig[] = { ++ 0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38, ++ 0x8e, 0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1, ++ 0x85, 0xdf, 0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd, ++ 0x44, 0xdc, 0x86, 0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2, ++ 0x26, 0xf3, 0xec, 0x22, 0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31, ++ 0xf5, 0x05, 0x12, 0x15, 0xdf, 0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa, ++ 0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14, 0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4, ++ 0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa, 0x35, 0x42, 0xff, 0xee, 0x65, ++ 0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d, 0xeb, 0x27, 0xdc, 0xa1, ++ 0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00, 0xf1, 0xff, 0x2b, ++ 0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c}; ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 2: A 1025-bit RSA Key Pair ++// ++const uint8_t kTestVector2Pkcs8[] = { ++ 0x30, 0x82, 0x02, 0x75, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, ++ 0x02, 0x5f, 0x30, 0x82, 0x02, 0x5b, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, ++ 0x01, 0xd4, 0x0c, 0x1b, 0xcf, 0x97, 0xa6, 0x8a, 0xe7, 0xcd, 0xbd, 0x8a, ++ 0x7b, 0xf3, 0xe3, 0x4f, 0xa1, 0x9d, 0xcc, 0xa4, 0xef, 0x75, 0xa4, 0x74, ++ 0x54, 0x37, 0x5f, 0x94, 0x51, 0x4d, 0x88, 0xfe, 0xd0, 0x06, 0xfb, 0x82, ++ 0x9f, 0x84, 0x19, 0xff, 0x87, 0xd6, 0x31, 0x5d, 0xa6, 0x8a, 0x1f, 0xf3, ++ 0xa0, 0x93, 0x8e, 0x9a, 0xbb, 0x34, 0x64, 0x01, 0x1c, 0x30, 0x3a, 0xd9, ++ 0x91, 0x99, 0xcf, 0x0c, 0x7c, 0x7a, 0x8b, 0x47, 0x7d, 0xce, 0x82, 0x9e, ++ 0x88, 0x44, 0xf6, 0x25, 0xb1, 0x15, 0xe5, 0xe9, 0xc4, 0xa5, 0x9c, 0xf8, ++ 0xf8, 0x11, 0x3b, 0x68, 0x34, 0x33, 0x6a, 0x2f, 0xd2, 0x68, 0x9b, 0x47, ++ 0x2c, 0xbb, 0x5e, 0x5c, 0xab, 0xe6, 0x74, 0x35, 0x0c, 0x59, 0xb6, 0xc1, ++ 0x7e, 0x17, 0x68, 0x74, 0xfb, 0x42, 0xf8, 0xfc, 0x3d, 0x17, 0x6a, 0x01, ++ 0x7e, 0xdc, 0x61, 0xfd, 0x32, 0x6c, 0x4b, 0x33, 0xc9, 0x02, 0x03, 0x01, ++ 0x00, 0x01, 0x02, 0x81, 0x80, 0x02, 0x7d, 0x14, 0x7e, 0x46, 0x73, 0x05, ++ 0x73, 0x77, 0xfd, 0x1e, 0xa2, 0x01, 0x56, 0x57, 0x72, 0x17, 0x6a, 0x7d, ++ 0xc3, 0x83, 0x58, 0xd3, 0x76, 0x04, 0x56, 0x85, 0xa2, 0xe7, 0x87, 0xc2, ++ 0x3c, 0x15, 0x57, 0x6b, 0xc1, 0x6b, 0x9f, 0x44, 0x44, 0x02, 0xd6, 0xbf, ++ 0xc5, 0xd9, 0x8a, 0x3e, 0x88, 0xea, 0x13, 0xef, 0x67, 0xc3, 0x53, 0xec, ++ 0xa0, 0xc0, 0xdd, 0xba, 0x92, 0x55, 0xbd, 0x7b, 0x8b, 0xb5, 0x0a, 0x64, ++ 0x4a, 0xfd, 0xfd, 0x1d, 0xd5, 0x16, 0x95, 0xb2, 0x52, 0xd2, 0x2e, 0x73, ++ 0x18, 0xd1, 0xb6, 0x68, 0x7a, 0x1c, 0x10, 0xff, 0x75, 0x54, 0x5f, 0x3d, ++ 0xb0, 0xfe, 0x60, 0x2d, 0x5f, 0x2b, 0x7f, 0x29, 0x4e, 0x36, 0x01, 0xea, ++ 0xb7, 0xb9, 0xd1, 0xce, 0xcd, 0x76, 0x7f, 0x64, 0x69, 0x2e, 0x3e, 0x53, ++ 0x6c, 0xa2, 0x84, 0x6c, 0xb0, 0xc2, 0xdd, 0x48, 0x6a, 0x39, 0xfa, 0x75, ++ 0xb1, 0x02, 0x41, 0x01, 0x66, 0x01, 0xe9, 0x26, 0xa0, 0xf8, 0xc9, 0xe2, ++ 0x6e, 0xca, 0xb7, 0x69, 0xea, 0x65, 0xa5, 0xe7, 0xc5, 0x2c, 0xc9, 0xe0, ++ 0x80, 0xef, 0x51, 0x94, 0x57, 0xc6, 0x44, 0xda, 0x68, 0x91, 0xc5, 0xa1, ++ 0x04, 0xd3, 0xea, 0x79, 0x55, 0x92, 0x9a, 0x22, 0xe7, 0xc6, 0x8a, 0x7a, ++ 0xf9, 0xfc, 0xad, 0x77, 0x7c, 0x3c, 0xcc, 0x2b, 0x9e, 0x3d, 0x36, 0x50, ++ 0xbc, 0xe4, 0x04, 0x39, 0x9b, 0x7e, 0x59, 0xd1, 0x02, 0x41, 0x01, 0x4e, ++ 0xaf, 0xa1, 0xd4, 0xd0, 0x18, 0x4d, 0xa7, 0xe3, 0x1f, 0x87, 0x7d, 0x12, ++ 0x81, 0xdd, 0xda, 0x62, 0x56, 0x64, 0x86, 0x9e, 0x83, 0x79, 0xe6, 0x7a, ++ 0xd3, 0xb7, 0x5e, 0xae, 0x74, 0xa5, 0x80, 0xe9, 0x82, 0x7a, 0xbd, 0x6e, ++ 0xb7, 0xa0, 0x02, 0xcb, 0x54, 0x11, 0xf5, 0x26, 0x67, 0x97, 0x76, 0x8f, ++ 0xb8, 0xe9, 0x5a, 0xe4, 0x0e, 0x3e, 0x8a, 0x01, 0xf3, 0x5f, 0xf8, 0x9e, ++ 0x56, 0xc0, 0x79, 0x02, 0x40, 0xe2, 0x47, 0xcc, 0xe5, 0x04, 0x93, 0x9b, ++ 0x8f, 0x0a, 0x36, 0x09, 0x0d, 0xe2, 0x00, 0x93, 0x87, 0x55, 0xe2, 0x44, ++ 0x4b, 0x29, 0x53, 0x9a, 0x7d, 0xa7, 0xa9, 0x02, 0xf6, 0x05, 0x68, 0x35, ++ 0xc0, 0xdb, 0x7b, 0x52, 0x55, 0x94, 0x97, 0xcf, 0xe2, 0xc6, 0x1a, 0x80, ++ 0x86, 0xd0, 0x21, 0x3c, 0x47, 0x2c, 0x78, 0x85, 0x18, 0x00, 0xb1, 0x71, ++ 0xf6, 0x40, 0x1d, 0xe2, 0xe9, 0xc2, 0x75, 0x6f, 0x31, 0x02, 0x40, 0xb1, ++ 0x2f, 0xba, 0x75, 0x78, 0x55, 0xe5, 0x86, 0xe4, 0x6f, 0x64, 0xc3, 0x8a, ++ 0x70, 0xc6, 0x8b, 0x3f, 0x54, 0x8d, 0x93, 0xd7, 0x87, 0xb3, 0x99, 0x99, ++ 0x9d, 0x4c, 0x8f, 0x0b, 0xbd, 0x25, 0x81, 0xc2, 0x1e, 0x19, 0xed, 0x00, ++ 0x18, 0xa6, 0xd5, 0xd3, 0xdf, 0x86, 0x42, 0x4b, 0x3a, 0xbc, 0xad, 0x40, ++ 0x19, 0x9d, 0x31, 0x49, 0x5b, 0x61, 0x30, 0x9f, 0x27, 0xc1, 0xbf, 0x55, ++ 0xd4, 0x87, 0xc1, 0x02, 0x40, 0x56, 0x4b, 0x1e, 0x1f, 0xa0, 0x03, 0xbd, ++ 0xa9, 0x1e, 0x89, 0x09, 0x04, 0x25, 0xaa, 0xc0, 0x5b, 0x91, 0xda, 0x9e, ++ 0xe2, 0x50, 0x61, 0xe7, 0x62, 0x8d, 0x5f, 0x51, 0x30, 0x4a, 0x84, 0x99, ++ 0x2f, 0xdc, 0x33, 0x76, 0x2b, 0xd3, 0x78, 0xa5, 0x9f, 0x03, 0x0a, 0x33, ++ 0x4d, 0x53, 0x2b, 0xd0, 0xda, 0xe8, 0xf2, 0x98, 0xea, 0x9e, 0xd8, 0x44, ++ 0x63, 0x6a, 0xd5, 0xfb, 0x8c, 0xbd, 0xc0, 0x3c, 0xad}; ++const uint8_t kTestVector2Spki[] = { ++ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, ++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, ++ 0x89, 0x02, 0x81, 0x81, 0x01, 0xd4, 0x0c, 0x1b, 0xcf, 0x97, 0xa6, 0x8a, ++ 0xe7, 0xcd, 0xbd, 0x8a, 0x7b, 0xf3, 0xe3, 0x4f, 0xa1, 0x9d, 0xcc, 0xa4, ++ 0xef, 0x75, 0xa4, 0x74, 0x54, 0x37, 0x5f, 0x94, 0x51, 0x4d, 0x88, 0xfe, ++ 0xd0, 0x06, 0xfb, 0x82, 0x9f, 0x84, 0x19, 0xff, 0x87, 0xd6, 0x31, 0x5d, ++ 0xa6, 0x8a, 0x1f, 0xf3, 0xa0, 0x93, 0x8e, 0x9a, 0xbb, 0x34, 0x64, 0x01, ++ 0x1c, 0x30, 0x3a, 0xd9, 0x91, 0x99, 0xcf, 0x0c, 0x7c, 0x7a, 0x8b, 0x47, ++ 0x7d, 0xce, 0x82, 0x9e, 0x88, 0x44, 0xf6, 0x25, 0xb1, 0x15, 0xe5, 0xe9, ++ 0xc4, 0xa5, 0x9c, 0xf8, 0xf8, 0x11, 0x3b, 0x68, 0x34, 0x33, 0x6a, 0x2f, ++ 0xd2, 0x68, 0x9b, 0x47, 0x2c, 0xbb, 0x5e, 0x5c, 0xab, 0xe6, 0x74, 0x35, ++ 0x0c, 0x59, 0xb6, 0xc1, 0x7e, 0x17, 0x68, 0x74, 0xfb, 0x42, 0xf8, 0xfc, ++ 0x3d, 0x17, 0x6a, 0x01, 0x7e, 0xdc, 0x61, 0xfd, 0x32, 0x6c, 0x4b, 0x33, ++ 0xc9, 0x02, 0x03, 0x01, 0x00, 0x01}; ++// RSA-PSS test vectors, pss-vect.txt, Example 2.1 ++const uint8_t kTestVector2Data[] = { ++ 0xda, 0xba, 0x03, 0x20, 0x66, 0x26, 0x3f, 0xae, 0xdb, 0x65, 0x98, ++ 0x48, 0x11, 0x52, 0x78, 0xa5, 0x2c, 0x44, 0xfa, 0xa3, 0xa7, 0x6f, ++ 0x37, 0x51, 0x5e, 0xd3, 0x36, 0x32, 0x10, 0x72, 0xc4, 0x0a, 0x9d, ++ 0x9b, 0x53, 0xbc, 0x05, 0x01, 0x40, 0x78, 0xad, 0xf5, 0x20, 0x87, ++ 0x51, 0x46, 0xaa, 0xe7, 0x0f, 0xf0, 0x60, 0x22, 0x6d, 0xcb, 0x7b, ++ 0x1f, 0x1f, 0xc2, 0x7e, 0x93, 0x60}; ++const uint8_t kTestVector2Sig[] = { ++ 0x01, 0x4c, 0x5b, 0xa5, 0x33, 0x83, 0x28, 0xcc, 0xc6, 0xe7, 0xa9, 0x0b, ++ 0xf1, 0xc0, 0xab, 0x3f, 0xd6, 0x06, 0xff, 0x47, 0x96, 0xd3, 0xc1, 0x2e, ++ 0x4b, 0x63, 0x9e, 0xd9, 0x13, 0x6a, 0x5f, 0xec, 0x6c, 0x16, 0xd8, 0x88, ++ 0x4b, 0xdd, 0x99, 0xcf, 0xdc, 0x52, 0x14, 0x56, 0xb0, 0x74, 0x2b, 0x73, ++ 0x68, 0x68, 0xcf, 0x90, 0xde, 0x09, 0x9a, 0xdb, 0x8d, 0x5f, 0xfd, 0x1d, ++ 0xef, 0xf3, 0x9b, 0xa4, 0x00, 0x7a, 0xb7, 0x46, 0xce, 0xfd, 0xb2, 0x2d, ++ 0x7d, 0xf0, 0xe2, 0x25, 0xf5, 0x46, 0x27, 0xdc, 0x65, 0x46, 0x61, 0x31, ++ 0x72, 0x1b, 0x90, 0xaf, 0x44, 0x53, 0x63, 0xa8, 0x35, 0x8b, 0x9f, 0x60, ++ 0x76, 0x42, 0xf7, 0x8f, 0xab, 0x0a, 0xb0, 0xf4, 0x3b, 0x71, 0x68, 0xd6, ++ 0x4b, 0xae, 0x70, 0xd8, 0x82, 0x78, 0x48, 0xd8, 0xef, 0x1e, 0x42, 0x1c, ++ 0x57, 0x54, 0xdd, 0xf4, 0x2c, 0x25, 0x89, 0xb5, 0xb3}; ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 3: A 1026-bit RSA Key Pair ++// ++const uint8_t kTestVector3Pkcs8[] = { ++ 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, ++ 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, ++ 0x02, 0xf2, 0x46, 0xef, 0x45, 0x1e, 0xd3, 0xee, 0xbb, 0x9a, 0x31, 0x02, ++ 0x00, 0xcc, 0x25, 0x85, 0x9c, 0x04, 0x8e, 0x4b, 0xe7, 0x98, 0x30, 0x29, ++ 0x91, 0x11, 0x2e, 0xb6, 0x8c, 0xe6, 0xdb, 0x67, 0x4e, 0x28, 0x0d, 0xa2, ++ 0x1f, 0xed, 0xed, 0x1a, 0xe7, 0x48, 0x80, 0xca, 0x52, 0x2b, 0x18, 0xdb, ++ 0x24, 0x93, 0x85, 0x01, 0x28, 0x27, 0xc5, 0x15, 0xf0, 0xe4, 0x66, 0xa1, ++ 0xff, 0xa6, 0x91, 0xd9, 0x81, 0x70, 0x57, 0x4e, 0x9d, 0x0e, 0xad, 0xb0, ++ 0x87, 0x58, 0x6c, 0xa4, 0x89, 0x33, 0xda, 0x3c, 0xc9, 0x53, 0xd9, 0x5b, ++ 0xd0, 0xed, 0x50, 0xde, 0x10, 0xdd, 0xcb, 0x67, 0x36, 0x10, 0x7d, 0x6c, ++ 0x83, 0x1c, 0x7f, 0x66, 0x3e, 0x83, 0x3c, 0xa4, 0xc0, 0x97, 0xe7, 0x00, ++ 0xce, 0x0f, 0xb9, 0x45, 0xf8, 0x8f, 0xb8, 0x5f, 0xe8, 0xe5, 0xa7, 0x73, ++ 0x17, 0x25, 0x65, 0xb9, 0x14, 0xa4, 0x71, 0xa4, 0x43, 0x02, 0x03, 0x01, ++ 0x00, 0x01, 0x02, 0x81, 0x80, 0x65, 0x14, 0x51, 0x73, 0x3b, 0x56, 0xde, ++ 0x5a, 0xc0, 0xa6, 0x89, 0xa4, 0xae, 0xb6, 0xe6, 0x89, 0x4a, 0x69, 0x01, ++ 0x4e, 0x07, 0x6c, 0x88, 0xdd, 0x7a, 0x66, 0x7e, 0xab, 0x32, 0x32, 0xbb, ++ 0xcc, 0xd2, 0xfc, 0x44, 0xba, 0x2f, 0xa9, 0xc3, 0x1d, 0xb4, 0x6f, 0x21, ++ 0xed, 0xd1, 0xfd, 0xb2, 0x3c, 0x5c, 0x12, 0x8a, 0x5d, 0xa5, 0xba, 0xb9, ++ 0x1e, 0x7f, 0x95, 0x2b, 0x67, 0x75, 0x9c, 0x7c, 0xff, 0x70, 0x54, 0x15, ++ 0xac, 0x9f, 0xa0, 0x90, 0x7c, 0x7c, 0xa6, 0x17, 0x8f, 0x66, 0x8f, 0xb9, ++ 0x48, 0xd8, 0x69, 0xda, 0x4c, 0xc3, 0xb7, 0x35, 0x6f, 0x40, 0x08, 0xdf, ++ 0xd5, 0x44, 0x9d, 0x32, 0xee, 0x02, 0xd9, 0xa4, 0x77, 0xeb, 0x69, 0xfc, ++ 0x29, 0x26, 0x6e, 0x5d, 0x90, 0x70, 0x51, 0x23, 0x75, 0xa5, 0x0f, 0xbb, ++ 0xcc, 0x27, 0xe2, 0x38, 0xad, 0x98, 0x42, 0x5f, 0x6e, 0xbb, 0xf8, 0x89, ++ 0x91, 0x02, 0x41, 0x01, 0xbd, 0x36, 0xe1, 0x8e, 0xce, 0x4b, 0x0f, 0xdb, ++ 0x2e, 0x9c, 0x9d, 0x54, 0x8b, 0xd1, 0xa7, 0xd6, 0xe2, 0xc2, 0x1c, 0x6f, ++ 0xdc, 0x35, 0x07, 0x4a, 0x1d, 0x05, 0xb1, 0xc6, 0xc8, 0xb3, 0xd5, 0x58, ++ 0xea, 0x26, 0x39, 0xc9, 0xa9, 0xa4, 0x21, 0x68, 0x01, 0x69, 0x31, 0x72, ++ 0x52, 0x55, 0x8b, 0xd1, 0x48, 0xad, 0x21, 0x5a, 0xac, 0x55, 0x0e, 0x2d, ++ 0xcf, 0x12, 0xa8, 0x2d, 0x0e, 0xbf, 0xe8, 0x53, 0x02, 0x41, 0x01, 0xb1, ++ 0xb6, 0x56, 0xad, 0x86, 0xd8, 0xe1, 0x9d, 0x5d, 0xc8, 0x62, 0x92, 0xb3, ++ 0xa1, 0x92, 0xfd, 0xf6, 0xe0, 0xdd, 0x37, 0x87, 0x7b, 0xad, 0x14, 0x82, ++ 0x2f, 0xa0, 0x01, 0x90, 0xca, 0xb2, 0x65, 0xf9, 0x0d, 0x3f, 0x02, 0x05, ++ 0x7b, 0x6f, 0x54, 0xd6, 0xec, 0xb1, 0x44, 0x91, 0xe5, 0xad, 0xea, 0xce, ++ 0xbc, 0x48, 0xbf, 0x0e, 0xbd, 0x2a, 0x2a, 0xd2, 0x6d, 0x40, 0x2e, 0x54, ++ 0xf6, 0x16, 0x51, 0x02, 0x40, 0x1f, 0x27, 0x79, 0xfd, 0x2e, 0x3e, 0x5e, ++ 0x6b, 0xae, 0x05, 0x53, 0x95, 0x18, 0xfb, 0xa0, 0xcd, 0x0e, 0xad, 0x1a, ++ 0xa4, 0x51, 0x3a, 0x7c, 0xba, 0x18, 0xf1, 0xcf, 0x10, 0xe3, 0xf6, 0x81, ++ 0x95, 0x69, 0x3d, 0x27, 0x8a, 0x0f, 0x0e, 0xe7, 0x2f, 0x89, 0xf9, 0xbc, ++ 0x76, 0x0d, 0x80, 0xe2, 0xf9, 0xd0, 0x26, 0x1d, 0x51, 0x65, 0x01, 0xc6, ++ 0xae, 0x39, 0xf1, 0x4a, 0x47, 0x6c, 0xe2, 0xcc, 0xf5, 0x02, 0x41, 0x01, ++ 0x1a, 0x0d, 0x36, 0x79, 0x4b, 0x04, 0xa8, 0x54, 0xaa, 0xb4, 0xb2, 0x46, ++ 0x2d, 0x43, 0x9a, 0x50, 0x46, 0xc9, 0x1d, 0x94, 0x0b, 0x2b, 0xc6, 0xf7, ++ 0x5b, 0x62, 0x95, 0x6f, 0xef, 0x35, 0xa2, 0xa6, 0xe6, 0x3c, 0x53, 0x09, ++ 0x81, 0x7f, 0x30, 0x7b, 0xbf, 0xf9, 0xd5, 0x9e, 0x7e, 0x33, 0x1b, 0xd3, ++ 0x63, 0xf6, 0xd6, 0x68, 0x49, 0xb1, 0x83, 0x46, 0xad, 0xea, 0x16, 0x9f, ++ 0x0a, 0xe9, 0xae, 0xc1, 0x02, 0x40, 0x0b, 0x30, 0xf0, 0xec, 0xf5, 0x58, ++ 0x75, 0x2f, 0xb3, 0xa6, 0xce, 0x4b, 0xa2, 0xb8, 0xc6, 0x75, 0xf6, 0x59, ++ 0xeb, 0xa6, 0xc3, 0x76, 0x58, 0x5a, 0x1b, 0x39, 0x71, 0x2d, 0x03, 0x8a, ++ 0xe3, 0xd2, 0xb4, 0x6f, 0xcb, 0x41, 0x8a, 0xe1, 0x5d, 0x09, 0x05, 0xda, ++ 0x64, 0x40, 0xe1, 0x51, 0x3a, 0x30, 0xb9, 0xb7, 0xd6, 0x66, 0x8f, 0xbc, ++ 0x5e, 0x88, 0xe5, 0xab, 0x7a, 0x17, 0x5e, 0x73, 0xba, 0x35}; ++const uint8_t kTestVector3Spki[] = { ++ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, ++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, ++ 0x89, 0x02, 0x81, 0x81, 0x02, 0xf2, 0x46, 0xef, 0x45, 0x1e, 0xd3, 0xee, ++ 0xbb, 0x9a, 0x31, 0x02, 0x00, 0xcc, 0x25, 0x85, 0x9c, 0x04, 0x8e, 0x4b, ++ 0xe7, 0x98, 0x30, 0x29, 0x91, 0x11, 0x2e, 0xb6, 0x8c, 0xe6, 0xdb, 0x67, ++ 0x4e, 0x28, 0x0d, 0xa2, 0x1f, 0xed, 0xed, 0x1a, 0xe7, 0x48, 0x80, 0xca, ++ 0x52, 0x2b, 0x18, 0xdb, 0x24, 0x93, 0x85, 0x01, 0x28, 0x27, 0xc5, 0x15, ++ 0xf0, 0xe4, 0x66, 0xa1, 0xff, 0xa6, 0x91, 0xd9, 0x81, 0x70, 0x57, 0x4e, ++ 0x9d, 0x0e, 0xad, 0xb0, 0x87, 0x58, 0x6c, 0xa4, 0x89, 0x33, 0xda, 0x3c, ++ 0xc9, 0x53, 0xd9, 0x5b, 0xd0, 0xed, 0x50, 0xde, 0x10, 0xdd, 0xcb, 0x67, ++ 0x36, 0x10, 0x7d, 0x6c, 0x83, 0x1c, 0x7f, 0x66, 0x3e, 0x83, 0x3c, 0xa4, ++ 0xc0, 0x97, 0xe7, 0x00, 0xce, 0x0f, 0xb9, 0x45, 0xf8, 0x8f, 0xb8, 0x5f, ++ 0xe8, 0xe5, 0xa7, 0x73, 0x17, 0x25, 0x65, 0xb9, 0x14, 0xa4, 0x71, 0xa4, ++ 0x43, 0x02, 0x03, 0x01, 0x00, 0x01}; ++// RSA-PSS test vectors, pss-vect.txt, Example 3.1 ++const uint8_t kTestVector3Data[] = { ++ 0x59, 0x4b, 0x37, 0x33, 0x3b, 0xbb, 0x2c, 0x84, 0x52, 0x4a, ++ 0x87, 0xc1, 0xa0, 0x1f, 0x75, 0xfc, 0xec, 0x0e, 0x32, 0x56, ++ 0xf1, 0x08, 0xe3, 0x8d, 0xca, 0x36, 0xd7, 0x0d, 0x00, 0x57}; ++const uint8_t kTestVector3Sig[] = { ++ 0x00, 0x88, 0xb1, 0x35, 0xfb, 0x17, 0x94, 0xb6, 0xb9, 0x6c, 0x4a, 0x3e, ++ 0x67, 0x81, 0x97, 0xf8, 0xca, 0xc5, 0x2b, 0x64, 0xb2, 0xfe, 0x90, 0x7d, ++ 0x6f, 0x27, 0xde, 0x76, 0x11, 0x24, 0x96, 0x4a, 0x99, 0xa0, 0x1a, 0x88, ++ 0x27, 0x40, 0xec, 0xfa, 0xed, 0x6c, 0x01, 0xa4, 0x74, 0x64, 0xbb, 0x05, ++ 0x18, 0x23, 0x13, 0xc0, 0x13, 0x38, 0xa8, 0xcd, 0x09, 0x72, 0x14, 0xcd, ++ 0x68, 0xca, 0x10, 0x3b, 0xd5, 0x7d, 0x3b, 0xc9, 0xe8, 0x16, 0x21, 0x3e, ++ 0x61, 0xd7, 0x84, 0xf1, 0x82, 0x46, 0x7a, 0xbf, 0x8a, 0x01, 0xcf, 0x25, ++ 0x3e, 0x99, 0xa1, 0x56, 0xea, 0xa8, 0xe3, 0xe1, 0xf9, 0x0e, 0x3c, 0x6e, ++ 0x4e, 0x3a, 0xa2, 0xd8, 0x3e, 0xd0, 0x34, 0x5b, 0x89, 0xfa, 0xfc, 0x9c, ++ 0x26, 0x07, 0x7c, 0x14, 0xb6, 0xac, 0x51, 0x45, 0x4f, 0xa2, 0x6e, 0x44, ++ 0x6e, 0x3a, 0x2f, 0x15, 0x3b, 0x2b, 0x16, 0x79, 0x7f}; ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 4: A 1027-bit RSA Key Pair ++// ++const uint8_t kTestVector4Pkcs8[] = { ++ 0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, ++ 0x02, 0x62, 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, ++ 0x05, 0x4a, 0xdb, 0x78, 0x86, 0x44, 0x7e, 0xfe, 0x6f, 0x57, 0xe0, 0x36, ++ 0x8f, 0x06, 0xcf, 0x52, 0xb0, 0xa3, 0x37, 0x07, 0x60, 0xd1, 0x61, 0xce, ++ 0xf1, 0x26, 0xb9, 0x1b, 0xe7, 0xf8, 0x9c, 0x42, 0x1b, 0x62, 0xa6, 0xec, ++ 0x1d, 0xa3, 0xc3, 0x11, 0xd7, 0x5e, 0xd5, 0x0e, 0x0a, 0xb5, 0xff, 0xf3, ++ 0xfd, 0x33, 0x8a, 0xcc, 0x3a, 0xa8, 0xa4, 0xe7, 0x7e, 0xe2, 0x63, 0x69, ++ 0xac, 0xb8, 0x1b, 0xa9, 0x00, 0xfa, 0x83, 0xf5, 0x30, 0x0c, 0xf9, 0xbb, ++ 0x6c, 0x53, 0xad, 0x1d, 0xc8, 0xa1, 0x78, 0xb8, 0x15, 0xdb, 0x42, 0x35, ++ 0xa9, 0xa9, 0xda, 0x0c, 0x06, 0xde, 0x4e, 0x61, 0x5e, 0xa1, 0x27, 0x7c, ++ 0xe5, 0x59, 0xe9, 0xc1, 0x08, 0xde, 0x58, 0xc1, 0x4a, 0x81, 0xaa, 0x77, ++ 0xf5, 0xa6, 0xf8, 0xd1, 0x33, 0x54, 0x94, 0x49, 0x88, 0x48, 0xc8, 0xb9, ++ 0x59, 0x40, 0x74, 0x0b, 0xe7, 0xbf, 0x7c, 0x37, 0x05, 0x02, 0x03, 0x01, ++ 0x00, 0x01, 0x02, 0x81, 0x80, 0xfa, 0x04, 0x1f, 0x8c, 0xd9, 0x69, 0x7c, ++ 0xee, 0xd3, 0x8e, 0xc8, 0xca, 0xa2, 0x75, 0x52, 0x3b, 0x4d, 0xd7, 0x2b, ++ 0x09, 0xa3, 0x01, 0xd3, 0x54, 0x1d, 0x72, 0xf5, 0xd3, 0x1c, 0x05, 0xcb, ++ 0xce, 0x2d, 0x69, 0x83, 0xb3, 0x61, 0x83, 0xaf, 0x10, 0x69, 0x0b, 0xd4, ++ 0x6c, 0x46, 0x13, 0x1e, 0x35, 0x78, 0x94, 0x31, 0xa5, 0x56, 0x77, 0x1d, ++ 0xd0, 0x04, 0x9b, 0x57, 0x46, 0x1b, 0xf0, 0x60, 0xc1, 0xf6, 0x84, 0x72, ++ 0xe8, 0xa6, 0x7c, 0x25, 0xf3, 0x57, 0xe5, 0xb6, 0xb4, 0x73, 0x8f, 0xa5, ++ 0x41, 0xa7, 0x30, 0x34, 0x6b, 0x4a, 0x07, 0x64, 0x9a, 0x2d, 0xfa, 0x80, ++ 0x6a, 0x69, 0xc9, 0x75, 0xb6, 0xab, 0xa6, 0x46, 0x78, 0xac, 0xc7, 0xf5, ++ 0x91, 0x3e, 0x89, 0xc6, 0x22, 0xf2, 0xd8, 0xab, 0xb1, 0xe3, 0xe3, 0x25, ++ 0x54, 0xe3, 0x9d, 0xf9, 0x4b, 0xa6, 0x0c, 0x00, 0x2e, 0x38, 0x7d, 0x90, ++ 0x11, 0x02, 0x41, 0x02, 0x92, 0x32, 0x33, 0x6d, 0x28, 0x38, 0x94, 0x5d, ++ 0xba, 0x9d, 0xd7, 0x72, 0x3f, 0x4e, 0x62, 0x4a, 0x05, 0xf7, 0x37, 0x5b, ++ 0x92, 0x7a, 0x87, 0xab, 0xe6, 0xa8, 0x93, 0xa1, 0x65, 0x8f, 0xd4, 0x9f, ++ 0x47, 0xf6, 0xc7, 0xb0, 0xfa, 0x59, 0x6c, 0x65, 0xfa, 0x68, 0xa2, 0x3f, ++ 0x0a, 0xb4, 0x32, 0x96, 0x2d, 0x18, 0xd4, 0x34, 0x3b, 0xd6, 0xfd, 0x67, ++ 0x1a, 0x5e, 0xa8, 0xd1, 0x48, 0x41, 0x39, 0x95, 0x02, 0x41, 0x02, 0x0e, ++ 0xf5, 0xef, 0xe7, 0xc5, 0x39, 0x4a, 0xed, 0x22, 0x72, 0xf7, 0xe8, 0x1a, ++ 0x74, 0xf4, 0xc0, 0x2d, 0x14, 0x58, 0x94, 0xcb, 0x1b, 0x3c, 0xab, 0x23, ++ 0xa9, 0xa0, 0x71, 0x0a, 0x2a, 0xfc, 0x7e, 0x33, 0x29, 0xac, 0xbb, 0x74, ++ 0x3d, 0x01, 0xf6, 0x80, 0xc4, 0xd0, 0x2a, 0xfb, 0x4c, 0x8f, 0xde, 0x7e, ++ 0x20, 0x93, 0x08, 0x11, 0xbb, 0x2b, 0x99, 0x57, 0x88, 0xb5, 0xe8, 0x72, ++ 0xc2, 0x0b, 0xb1, 0x02, 0x41, 0x02, 0x6e, 0x7e, 0x28, 0x01, 0x0e, 0xcf, ++ 0x24, 0x12, 0xd9, 0x52, 0x3a, 0xd7, 0x04, 0x64, 0x7f, 0xb4, 0xfe, 0x9b, ++ 0x66, 0xb1, 0xa6, 0x81, 0x58, 0x1b, 0x0e, 0x15, 0x55, 0x3a, 0x89, 0xb1, ++ 0x54, 0x28, 0x28, 0x89, 0x8f, 0x27, 0x24, 0x3e, 0xba, 0xb4, 0x5f, 0xf5, ++ 0xe1, 0xac, 0xb9, 0xd4, 0xdf, 0x1b, 0x05, 0x1f, 0xbc, 0x62, 0x82, 0x4d, ++ 0xbc, 0x6f, 0x6c, 0x93, 0x26, 0x1a, 0x78, 0xb9, 0xa7, 0x59, 0x02, 0x41, ++ 0x01, 0x2d, 0xdc, 0xc8, 0x6e, 0xf6, 0x55, 0x99, 0x8c, 0x39, 0xdd, 0xae, ++ 0x11, 0x71, 0x86, 0x69, 0xe5, 0xe4, 0x6c, 0xf1, 0x49, 0x5b, 0x07, 0xe1, ++ 0x3b, 0x10, 0x14, 0xcd, 0x69, 0xb3, 0xaf, 0x68, 0x30, 0x4a, 0xd2, 0xa6, ++ 0xb6, 0x43, 0x21, 0xe7, 0x8b, 0xf3, 0xbb, 0xca, 0x9b, 0xb4, 0x94, 0xe9, ++ 0x1d, 0x45, 0x17, 0x17, 0xe2, 0xd9, 0x75, 0x64, 0xc6, 0x54, 0x94, 0x65, ++ 0xd0, 0x20, 0x5c, 0xf4, 0x21, 0x02, 0x41, 0x01, 0x06, 0x00, 0xc4, 0xc2, ++ 0x18, 0x47, 0x45, 0x9f, 0xe5, 0x76, 0x70, 0x3e, 0x2e, 0xbe, 0xca, 0xe8, ++ 0xa5, 0x09, 0x4e, 0xe6, 0x3f, 0x53, 0x6b, 0xf4, 0xac, 0x68, 0xd3, 0xc1, ++ 0x3e, 0x5e, 0x4f, 0x12, 0xac, 0x5c, 0xc1, 0x0a, 0xb6, 0xa2, 0xd0, 0x5a, ++ 0x19, 0x92, 0x14, 0xd1, 0x82, 0x47, 0x47, 0xd5, 0x51, 0x90, 0x96, 0x36, ++ 0xb7, 0x74, 0xc2, 0x2c, 0xac, 0x0b, 0x83, 0x75, 0x99, 0xab, 0xcc, 0x75}; ++const uint8_t kTestVector4Spki[] = { ++ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, ++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, ++ 0x89, 0x02, 0x81, 0x81, 0x05, 0x4a, 0xdb, 0x78, 0x86, 0x44, 0x7e, 0xfe, ++ 0x6f, 0x57, 0xe0, 0x36, 0x8f, 0x06, 0xcf, 0x52, 0xb0, 0xa3, 0x37, 0x07, ++ 0x60, 0xd1, 0x61, 0xce, 0xf1, 0x26, 0xb9, 0x1b, 0xe7, 0xf8, 0x9c, 0x42, ++ 0x1b, 0x62, 0xa6, 0xec, 0x1d, 0xa3, 0xc3, 0x11, 0xd7, 0x5e, 0xd5, 0x0e, ++ 0x0a, 0xb5, 0xff, 0xf3, 0xfd, 0x33, 0x8a, 0xcc, 0x3a, 0xa8, 0xa4, 0xe7, ++ 0x7e, 0xe2, 0x63, 0x69, 0xac, 0xb8, 0x1b, 0xa9, 0x00, 0xfa, 0x83, 0xf5, ++ 0x30, 0x0c, 0xf9, 0xbb, 0x6c, 0x53, 0xad, 0x1d, 0xc8, 0xa1, 0x78, 0xb8, ++ 0x15, 0xdb, 0x42, 0x35, 0xa9, 0xa9, 0xda, 0x0c, 0x06, 0xde, 0x4e, 0x61, ++ 0x5e, 0xa1, 0x27, 0x7c, 0xe5, 0x59, 0xe9, 0xc1, 0x08, 0xde, 0x58, 0xc1, ++ 0x4a, 0x81, 0xaa, 0x77, 0xf5, 0xa6, 0xf8, 0xd1, 0x33, 0x54, 0x94, 0x49, ++ 0x88, 0x48, 0xc8, 0xb9, 0x59, 0x40, 0x74, 0x0b, 0xe7, 0xbf, 0x7c, 0x37, ++ 0x05, 0x02, 0x03, 0x01, 0x00, 0x01}; ++// RSA-PSS test vectors, pss-vect.txt, Example 4.1 ++const uint8_t kTestVector4Data[] = {0x9f, 0xb0, 0x3b, 0x82, ++ 0x7c, 0x82, 0x17, 0xd9}; ++const uint8_t kTestVector4Sig[] = { ++ 0x03, 0x23, 0xd5, 0xb7, 0xbf, 0x20, 0xba, 0x45, 0x39, 0x28, 0x9a, 0xe4, ++ 0x52, 0xae, 0x42, 0x97, 0x08, 0x0f, 0xef, 0xf4, 0x51, 0x84, 0x23, 0xff, ++ 0x48, 0x11, 0xa8, 0x17, 0x83, 0x7e, 0x7d, 0x82, 0xf1, 0x83, 0x6c, 0xdf, ++ 0xab, 0x54, 0x51, 0x4f, 0xf0, 0x88, 0x7b, 0xdd, 0xee, 0xbf, 0x40, 0xbf, ++ 0x99, 0xb0, 0x47, 0xab, 0xc3, 0xec, 0xfa, 0x6a, 0x37, 0xa3, 0xef, 0x00, ++ 0xf4, 0xa0, 0xc4, 0xa8, 0x8a, 0xae, 0x09, 0x04, 0xb7, 0x45, 0xc8, 0x46, ++ 0xc4, 0x10, 0x7e, 0x87, 0x97, 0x72, 0x3e, 0x8a, 0xc8, 0x10, 0xd9, 0xe3, ++ 0xd9, 0x5d, 0xfa, 0x30, 0xff, 0x49, 0x66, 0xf4, 0xd7, 0x5d, 0x13, 0x76, ++ 0x8d, 0x20, 0x85, 0x7f, 0x2b, 0x14, 0x06, 0xf2, 0x64, 0xcf, 0xe7, 0x5e, ++ 0x27, 0xd7, 0x65, 0x2f, 0x4b, 0x5e, 0xd3, 0x57, 0x5f, 0x28, 0xa7, 0x02, ++ 0xf8, 0xc4, 0xed, 0x9c, 0xf9, 0xb2, 0xd4, 0x49, 0x48}; ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 5: A 1028-bit RSA Key Pair ++// ++const uint8_t kTestVector5Pkcs8[] = { ++ 0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, ++ 0x02, 0x62, 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, ++ 0x0d, 0x10, 0xf6, 0x61, 0xf2, 0x99, 0x40, 0xf5, 0xed, 0x39, 0xaa, 0x26, ++ 0x09, 0x66, 0xde, 0xb4, 0x78, 0x43, 0x67, 0x9d, 0x2b, 0x6f, 0xb2, 0x5b, ++ 0x3d, 0xe3, 0x70, 0xf3, 0xac, 0x7c, 0x19, 0x91, 0x63, 0x91, 0xfd, 0x25, ++ 0xfb, 0x52, 0x7e, 0xbf, 0xa6, 0xa4, 0xb4, 0xdf, 0x45, 0xa1, 0x75, 0x9d, ++ 0x99, 0x6c, 0x4b, 0xb4, 0xeb, 0xd1, 0x88, 0x28, 0xc4, 0x4f, 0xc5, 0x2d, ++ 0x01, 0x91, 0x87, 0x17, 0x40, 0x52, 0x5f, 0x47, 0xa4, 0xb0, 0xcc, 0x8d, ++ 0xa3, 0x25, 0xed, 0x8a, 0xa6, 0x76, 0xb0, 0xd0, 0xf6, 0x26, 0xe0, 0xa7, ++ 0x7f, 0x07, 0x69, 0x21, 0x70, 0xac, 0xac, 0x80, 0x82, 0xf4, 0x2f, 0xaa, ++ 0x7d, 0xc7, 0xcd, 0x12, 0x3e, 0x73, 0x0e, 0x31, 0xa8, 0x79, 0x85, 0x20, ++ 0x4c, 0xab, 0xcb, 0xe6, 0x67, 0x0d, 0x43, 0xa2, 0xdd, 0x2b, 0x2d, 0xde, ++ 0xf5, 0xe0, 0x53, 0x92, 0xfc, 0x21, 0x3b, 0xc5, 0x07, 0x02, 0x03, 0x01, ++ 0x00, 0x01, 0x02, 0x81, 0x81, 0x03, 0xce, 0x08, 0xb1, 0x04, 0xff, 0xf3, ++ 0x96, 0xa9, 0x79, 0xbd, 0x3e, 0x4e, 0x46, 0x92, 0x5b, 0x63, 0x19, 0xdd, ++ 0xb6, 0x3a, 0xcb, 0xcf, 0xd8, 0x19, 0xf1, 0x7d, 0x16, 0xb8, 0x07, 0x7b, ++ 0x3a, 0x87, 0x10, 0x1f, 0xf3, 0x4b, 0x77, 0xfe, 0x48, 0xb8, 0xb2, 0x05, ++ 0xa9, 0x6e, 0x91, 0x51, 0xba, 0x8e, 0xce, 0xa6, 0x4d, 0x0c, 0xce, 0x7b, ++ 0x23, 0xc3, 0xe6, 0xa6, 0xb8, 0x30, 0x58, 0xbc, 0x49, 0xda, 0xe8, 0x16, ++ 0xae, 0x73, 0x6d, 0xb5, 0xa4, 0x70, 0x8e, 0x2a, 0xd4, 0x35, 0x23, 0x2b, ++ 0x56, 0x7f, 0x90, 0x96, 0xce, 0x59, 0xff, 0x28, 0x06, 0x1e, 0x79, 0xab, ++ 0x1c, 0x02, 0xd7, 0x17, 0xe6, 0xb2, 0x3c, 0xea, 0x6d, 0xb8, 0xeb, 0x51, ++ 0x92, 0xfa, 0x7c, 0x1e, 0xab, 0x22, 0x7d, 0xba, 0x74, 0x62, 0x1c, 0x45, ++ 0x60, 0x18, 0x96, 0xee, 0xf1, 0x37, 0x92, 0xc8, 0x44, 0x0b, 0xeb, 0x15, ++ 0xaa, 0xc1, 0x02, 0x41, 0x03, 0xf2, 0xf3, 0x31, 0xf4, 0x14, 0x2d, 0x4f, ++ 0x24, 0xb4, 0x3a, 0xa1, 0x02, 0x79, 0xa8, 0x96, 0x52, 0xd4, 0xe7, 0x53, ++ 0x72, 0x21, 0xa1, 0xa7, 0xb2, 0xa2, 0x5d, 0xeb, 0x55, 0x1e, 0x5d, 0xe9, ++ 0xac, 0x49, 0x74, 0x11, 0xc2, 0x27, 0xa9, 0x4e, 0x45, 0xf9, 0x1c, 0x2d, ++ 0x1c, 0x13, 0xcc, 0x04, 0x6c, 0xf4, 0xce, 0x14, 0xe3, 0x2d, 0x05, 0x87, ++ 0x34, 0x21, 0x0d, 0x44, 0xa8, 0x7e, 0xe1, 0xb7, 0x3f, 0x02, 0x41, 0x03, ++ 0x4f, 0x09, 0x0d, 0x73, 0xb5, 0x58, 0x03, 0x03, 0x0c, 0xf0, 0x36, 0x1a, ++ 0x5d, 0x80, 0x81, 0xbf, 0xb7, 0x9f, 0x85, 0x15, 0x23, 0xfe, 0xac, 0x0a, ++ 0x21, 0x24, 0xd0, 0x8d, 0x40, 0x13, 0xff, 0x08, 0x48, 0x77, 0x71, 0xa8, ++ 0x70, 0xd0, 0x47, 0x9d, 0xc0, 0x68, 0x6c, 0x62, 0xf7, 0x71, 0x8d, 0xfe, ++ 0xcf, 0x02, 0x4b, 0x17, 0xc9, 0x26, 0x76, 0x78, 0x05, 0x91, 0x71, 0x33, ++ 0x9c, 0xc0, 0x08, 0x39, 0x02, 0x41, 0x02, 0xaa, 0x66, 0x3a, 0xdb, 0xf5, ++ 0x1a, 0xb8, 0x87, 0xa0, 0x18, 0xcb, 0x42, 0x6e, 0x78, 0xbc, 0x2f, 0xe1, ++ 0x82, 0xdc, 0xb2, 0xf7, 0xbc, 0xb5, 0x04, 0x41, 0xd1, 0x7f, 0xdf, 0x0f, ++ 0x06, 0x79, 0x8b, 0x50, 0x71, 0xc6, 0xe2, 0xf5, 0xfe, 0xb4, 0xd5, 0x4a, ++ 0xd8, 0x18, 0x23, 0x11, 0xc1, 0xef, 0x62, 0xd4, 0xc4, 0x9f, 0x18, 0xd1, ++ 0xf5, 0x1f, 0x54, 0xb2, 0xd2, 0xcf, 0xfb, 0xa4, 0xda, 0x1b, 0xe5, 0x02, ++ 0x41, 0x02, 0xbb, 0xe7, 0x06, 0x07, 0x8b, 0x5c, 0x0b, 0x39, 0x15, 0x12, ++ 0xd4, 0x11, 0xdb, 0x1b, 0x19, 0x9b, 0x5a, 0x56, 0x64, 0xb8, 0x40, 0x42, ++ 0xea, 0xd3, 0x7f, 0xe9, 0x94, 0xae, 0x72, 0xb9, 0x53, 0x2d, 0xfb, 0xfb, ++ 0x3e, 0x9e, 0x69, 0x81, 0xa0, 0xfb, 0xb8, 0x06, 0x51, 0x31, 0x41, 0xb7, ++ 0xc2, 0x16, 0x3f, 0xe5, 0x6c, 0x39, 0x5e, 0x4b, 0xfa, 0xee, 0x57, 0xe3, ++ 0x83, 0x3f, 0x9b, 0x91, 0x8d, 0xf9, 0x02, 0x40, 0x02, 0x42, 0xb6, 0xcd, ++ 0x00, 0xd3, 0x0a, 0x76, 0x7a, 0xee, 0x9a, 0x89, 0x8e, 0xad, 0x45, 0x3c, ++ 0x8e, 0xae, 0xa6, 0x3d, 0x50, 0x0b, 0x7d, 0x1e, 0x00, 0x71, 0x3e, 0xda, ++ 0xe5, 0x1c, 0xe3, 0x6b, 0x23, 0xb6, 0x64, 0xdf, 0x26, 0xe6, 0x3e, 0x26, ++ 0x6e, 0xc8, 0xf7, 0x6e, 0x6e, 0x63, 0xed, 0x1b, 0xa4, 0x1e, 0xb0, 0x33, ++ 0xb1, 0x20, 0xf7, 0xea, 0x52, 0x12, 0xae, 0x21, 0xa9, 0x8f, 0xbc, 0x16}; ++const uint8_t kTestVector5Spki[] = { ++ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, ++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, ++ 0x89, 0x02, 0x81, 0x81, 0x0d, 0x10, 0xf6, 0x61, 0xf2, 0x99, 0x40, 0xf5, ++ 0xed, 0x39, 0xaa, 0x26, 0x09, 0x66, 0xde, 0xb4, 0x78, 0x43, 0x67, 0x9d, ++ 0x2b, 0x6f, 0xb2, 0x5b, 0x3d, 0xe3, 0x70, 0xf3, 0xac, 0x7c, 0x19, 0x91, ++ 0x63, 0x91, 0xfd, 0x25, 0xfb, 0x52, 0x7e, 0xbf, 0xa6, 0xa4, 0xb4, 0xdf, ++ 0x45, 0xa1, 0x75, 0x9d, 0x99, 0x6c, 0x4b, 0xb4, 0xeb, 0xd1, 0x88, 0x28, ++ 0xc4, 0x4f, 0xc5, 0x2d, 0x01, 0x91, 0x87, 0x17, 0x40, 0x52, 0x5f, 0x47, ++ 0xa4, 0xb0, 0xcc, 0x8d, 0xa3, 0x25, 0xed, 0x8a, 0xa6, 0x76, 0xb0, 0xd0, ++ 0xf6, 0x26, 0xe0, 0xa7, 0x7f, 0x07, 0x69, 0x21, 0x70, 0xac, 0xac, 0x80, ++ 0x82, 0xf4, 0x2f, 0xaa, 0x7d, 0xc7, 0xcd, 0x12, 0x3e, 0x73, 0x0e, 0x31, ++ 0xa8, 0x79, 0x85, 0x20, 0x4c, 0xab, 0xcb, 0xe6, 0x67, 0x0d, 0x43, 0xa2, ++ 0xdd, 0x2b, 0x2d, 0xde, 0xf5, 0xe0, 0x53, 0x92, 0xfc, 0x21, 0x3b, 0xc5, ++ 0x07, 0x02, 0x03, 0x01, 0x00, 0x01}; ++// RSA-PSS test vectors, pss-vect.txt, Example 5.1 ++const uint8_t kTestVector5Data[] = { ++ 0x30, 0xc7, 0xd5, 0x57, 0x45, 0x8b, 0x43, 0x6d, 0xec, 0xfd, 0xc1, 0x4d, ++ 0x06, 0xcb, 0x7b, 0x96, 0xb0, 0x67, 0x18, 0xc4, 0x8d, 0x7d, 0xe5, 0x74, ++ 0x82, 0xa8, 0x68, 0xae, 0x7f, 0x06, 0x58, 0x70, 0xa6, 0x21, 0x65, 0x06, ++ 0xd1, 0x1b, 0x77, 0x93, 0x23, 0xdf, 0xdf, 0x04, 0x6c, 0xf5, 0x77, 0x51, ++ 0x29, 0x13, 0x4b, 0x4d, 0x56, 0x89, 0xe4, 0xd9, 0xc0, 0xce, 0x1e, 0x12, ++ 0xd7, 0xd4, 0xb0, 0x6c, 0xb5, 0xfc, 0x58, 0x20, 0xde, 0xcf, 0xa4, 0x1b, ++ 0xaf, 0x59, 0xbf, 0x25, 0x7b, 0x32, 0xf0, 0x25, 0xb7, 0x67, 0x9b, 0x44, ++ 0x5b, 0x94, 0x99, 0xc9, 0x25, 0x55, 0x14, 0x58, 0x85, 0x99, 0x2f, 0x1b, ++ 0x76, 0xf8, 0x48, 0x91, 0xee, 0x4d, 0x3b, 0xe0, 0xf5, 0x15, 0x0f, 0xd5, ++ 0x90, 0x1e, 0x3a, 0x4c, 0x8e, 0xd4, 0x3f, 0xd3, 0x6b, 0x61, 0xd0, 0x22, ++ 0xe6, 0x5a, 0xd5, 0x00, 0x8d, 0xbf, 0x33, 0x29, 0x3c, 0x22, 0xbf, 0xbf, ++ 0xd0, 0x73, 0x21, 0xf0, 0xf1, 0xd5, 0xfa, 0x9f, 0xdf, 0x00, 0x14, 0xc2, ++ 0xfc, 0xb0, 0x35, 0x8a, 0xad, 0x0e, 0x35, 0x4b, 0x0d, 0x29}; ++const uint8_t kTestVector5Sig[] = { ++ 0x0b, 0xa3, 0x73, 0xf7, 0x6e, 0x09, 0x21, 0xb7, 0x0a, 0x8f, 0xbf, 0xe6, ++ 0x22, 0xf0, 0xbf, 0x77, 0xb2, 0x8a, 0x3d, 0xb9, 0x8e, 0x36, 0x10, 0x51, ++ 0xc3, 0xd7, 0xcb, 0x92, 0xad, 0x04, 0x52, 0x91, 0x5a, 0x4d, 0xe9, 0xc0, ++ 0x17, 0x22, 0xf6, 0x82, 0x3e, 0xeb, 0x6a, 0xdf, 0x7e, 0x0c, 0xa8, 0x29, ++ 0x0f, 0x5d, 0xe3, 0xe5, 0x49, 0x89, 0x0a, 0xc2, 0xa3, 0xc5, 0x95, 0x0a, ++ 0xb2, 0x17, 0xba, 0x58, 0x59, 0x08, 0x94, 0x95, 0x2d, 0xe9, 0x6f, 0x8d, ++ 0xf1, 0x11, 0xb2, 0x57, 0x52, 0x15, 0xda, 0x6c, 0x16, 0x15, 0x90, 0xc7, ++ 0x45, 0xbe, 0x61, 0x24, 0x76, 0xee, 0x57, 0x8e, 0xd3, 0x84, 0xab, 0x33, ++ 0xe3, 0xec, 0xe9, 0x74, 0x81, 0xa2, 0x52, 0xf5, 0xc7, 0x9a, 0x98, 0xb5, ++ 0x53, 0x2a, 0xe0, 0x0c, 0xdd, 0x62, 0xf2, 0xec, 0xc0, 0xcd, 0x1b, 0xae, ++ 0xfe, 0x80, 0xd8, 0x0b, 0x96, 0x21, 0x93, 0xec, 0x1d}; ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 6: A 1029-bit RSA Key Pair ++// ++const uint8_t kTestVector6Pkcs8[] = { ++ 0x30, 0x82, 0x02, 0x79, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, ++ 0x02, 0x63, 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, ++ 0x16, 0x4c, 0xa3, 0x1c, 0xff, 0x60, 0x9f, 0x3a, 0x0e, 0x71, 0x01, 0xb0, ++ 0x39, 0xf2, 0xe4, 0xfe, 0x6d, 0xd3, 0x75, 0x19, 0xab, 0x98, 0x59, 0x8d, ++ 0x17, 0x9e, 0x17, 0x49, 0x96, 0x59, 0x80, 0x71, 0xf4, 0x7d, 0x3a, 0x04, ++ 0x55, 0x91, 0x58, 0xd7, 0xbe, 0x37, 0x3c, 0xf1, 0xaa, 0x53, 0xf0, 0xaa, ++ 0x6e, 0xf0, 0x90, 0x39, 0xe5, 0x67, 0x8c, 0x2a, 0x4c, 0x63, 0x90, 0x05, ++ 0x14, 0xc8, 0xc4, 0xf8, 0xaa, 0xed, 0x5d, 0xe1, 0x2a, 0x5f, 0x10, 0xb0, ++ 0x9c, 0x31, 0x1a, 0xf8, 0xc0, 0xff, 0xb5, 0xb7, 0xa2, 0x97, 0xf2, 0xef, ++ 0xc6, 0x3b, 0x8d, 0x6b, 0x05, 0x10, 0x93, 0x1f, 0x0b, 0x98, 0xe4, 0x8b, ++ 0xf5, 0xfc, 0x6e, 0xc4, 0xe7, 0xb8, 0xdb, 0x1f, 0xfa, 0xeb, 0x08, 0xc3, ++ 0x8e, 0x02, 0xad, 0xb8, 0xf0, 0x3a, 0x48, 0x22, 0x9c, 0x99, 0xe9, 0x69, ++ 0x43, 0x1f, 0x61, 0xcb, 0x8c, 0x4d, 0xc6, 0x98, 0xd1, 0x02, 0x03, 0x01, ++ 0x00, 0x01, 0x02, 0x81, 0x81, 0x03, 0xb6, 0x64, 0xee, 0x3b, 0x75, 0x66, ++ 0x72, 0x3f, 0xc6, 0xea, 0xf2, 0x8a, 0xbb, 0x43, 0x0a, 0x39, 0x80, 0xf1, ++ 0x12, 0x6c, 0x81, 0xde, 0x8a, 0xd7, 0x09, 0xea, 0xb3, 0x9a, 0xc9, 0xdc, ++ 0xd0, 0xb1, 0x55, 0x0b, 0x37, 0x29, 0xd8, 0x70, 0x68, 0xe9, 0x52, 0x00, ++ 0x9d, 0xf5, 0x44, 0x53, 0x4c, 0x1f, 0x50, 0x82, 0x9a, 0x78, 0xf4, 0x59, ++ 0x1e, 0xb8, 0xfd, 0x57, 0x14, 0x04, 0x26, 0xa6, 0xbb, 0x04, 0x05, 0xb6, ++ 0xa6, 0xf5, 0x1a, 0x57, 0xd9, 0x26, 0x7b, 0x7b, 0xbc, 0x65, 0x33, 0x91, ++ 0xa6, 0x99, 0xa2, 0xa9, 0x0d, 0xac, 0x8a, 0xe2, 0x26, 0xbc, 0xc6, 0x0f, ++ 0xa8, 0xcd, 0x93, 0x4c, 0x73, 0xc7, 0xb0, 0x3b, 0x1f, 0x6b, 0x81, 0x81, ++ 0x58, 0x63, 0x18, 0x38, 0xa8, 0x61, 0x2e, 0x6e, 0x6e, 0xa9, 0x2b, 0xe2, ++ 0x4f, 0x83, 0x24, 0xfa, 0xf5, 0xb1, 0xfd, 0x85, 0x87, 0x22, 0x52, 0x67, ++ 0xba, 0x6f, 0x02, 0x41, 0x04, 0xf0, 0x54, 0x8c, 0x96, 0x26, 0xab, 0x1e, ++ 0xbf, 0x12, 0x44, 0x93, 0x47, 0x41, 0xd9, 0x9a, 0x06, 0x22, 0x0e, 0xfa, ++ 0x2a, 0x58, 0x56, 0xaa, 0x0e, 0x75, 0x73, 0x0b, 0x2e, 0xc9, 0x6a, 0xdc, ++ 0x86, 0xbe, 0x89, 0x4f, 0xa2, 0x80, 0x3b, 0x53, 0xa5, 0xe8, 0x5d, 0x27, ++ 0x6a, 0xcb, 0xd2, 0x9a, 0xb8, 0x23, 0xf8, 0x0a, 0x73, 0x91, 0xbb, 0x54, ++ 0xa5, 0x05, 0x16, 0x72, 0xfb, 0x04, 0xee, 0xb5, 0x43, 0x02, 0x41, 0x04, ++ 0x83, 0xe0, 0xae, 0x47, 0x91, 0x55, 0x87, 0x74, 0x3f, 0xf3, 0x45, 0x36, ++ 0x2b, 0x55, 0x5d, 0x39, 0x62, 0xd9, 0x8b, 0xb6, 0xf1, 0x5f, 0x84, 0x8b, ++ 0x4c, 0x92, 0xb1, 0x77, 0x1c, 0xa8, 0xed, 0x10, 0x7d, 0x8d, 0x3e, 0xe6, ++ 0x5e, 0xc4, 0x45, 0x17, 0xdd, 0x0f, 0xaa, 0x48, 0x1a, 0x38, 0x7e, 0x90, ++ 0x2f, 0x7a, 0x2e, 0x74, 0x7c, 0x26, 0x9e, 0x7e, 0xa4, 0x44, 0x80, 0xbc, ++ 0x53, 0x8b, 0x8e, 0x5b, 0x02, 0x41, 0x03, 0xa8, 0xe8, 0xae, 0xa9, 0x92, ++ 0x0c, 0x1a, 0xa3, 0xb2, 0xf0, 0xd8, 0x46, 0xe4, 0xb8, 0x50, 0xd8, 0x1c, ++ 0xa3, 0x06, 0xa5, 0x1c, 0x83, 0x54, 0x4f, 0x94, 0x9f, 0x64, 0xf9, 0x0d, ++ 0xcf, 0x3f, 0x8e, 0x26, 0x61, 0xf0, 0x7e, 0x56, 0x12, 0x20, 0xa1, 0x80, ++ 0x38, 0x8f, 0xbe, 0x27, 0x3e, 0x70, 0xe2, 0xe5, 0xdc, 0xa8, 0x3a, 0x0e, ++ 0x13, 0x48, 0xdd, 0x64, 0x90, 0xc7, 0x31, 0xd6, 0xec, 0xe1, 0xab, 0x02, ++ 0x41, 0x01, 0x35, 0xbd, 0xcd, 0xb6, 0x0b, 0xf2, 0x19, 0x7c, 0x43, 0x6e, ++ 0xd3, 0x4b, 0x32, 0xcd, 0x8b, 0x4f, 0xc7, 0x77, 0x78, 0x83, 0x2b, 0xa7, ++ 0x67, 0x03, 0x55, 0x1f, 0xb2, 0x42, 0xb3, 0x01, 0x69, 0x95, 0x93, 0xaf, ++ 0x77, 0xfd, 0x8f, 0xc3, 0x94, 0xa8, 0x52, 0x6a, 0xd2, 0x3c, 0xc4, 0x1a, ++ 0x03, 0x80, 0x6b, 0xd8, 0x97, 0xfe, 0x4b, 0x0e, 0xa6, 0x46, 0x55, 0x8a, ++ 0xad, 0xdc, 0xc9, 0x9e, 0x8a, 0x25, 0x02, 0x41, 0x03, 0x04, 0xc0, 0x3d, ++ 0x9c, 0x73, 0x65, 0x03, 0xa9, 0x84, 0xab, 0xbd, 0x9b, 0xa2, 0x23, 0x01, ++ 0x40, 0x7c, 0x4a, 0x2a, 0xb1, 0xdd, 0x85, 0x76, 0x64, 0x81, 0xb6, 0x0d, ++ 0x45, 0x40, 0x11, 0x52, 0xe6, 0x92, 0xbe, 0x14, 0xf4, 0x12, 0x1d, 0x9a, ++ 0xa3, 0xfd, 0x6e, 0x0b, 0x4d, 0x1d, 0x3a, 0x97, 0x35, 0x38, 0xa3, 0x1d, ++ 0x42, 0xee, 0x6e, 0x1e, 0x5e, 0xf6, 0x20, 0x23, 0x1a, 0x2b, 0xba, 0xf3, ++ 0x5f}; ++const uint8_t kTestVector6Spki[] = { ++ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, ++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, ++ 0x89, 0x02, 0x81, 0x81, 0x16, 0x4c, 0xa3, 0x1c, 0xff, 0x60, 0x9f, 0x3a, ++ 0x0e, 0x71, 0x01, 0xb0, 0x39, 0xf2, 0xe4, 0xfe, 0x6d, 0xd3, 0x75, 0x19, ++ 0xab, 0x98, 0x59, 0x8d, 0x17, 0x9e, 0x17, 0x49, 0x96, 0x59, 0x80, 0x71, ++ 0xf4, 0x7d, 0x3a, 0x04, 0x55, 0x91, 0x58, 0xd7, 0xbe, 0x37, 0x3c, 0xf1, ++ 0xaa, 0x53, 0xf0, 0xaa, 0x6e, 0xf0, 0x90, 0x39, 0xe5, 0x67, 0x8c, 0x2a, ++ 0x4c, 0x63, 0x90, 0x05, 0x14, 0xc8, 0xc4, 0xf8, 0xaa, 0xed, 0x5d, 0xe1, ++ 0x2a, 0x5f, 0x10, 0xb0, 0x9c, 0x31, 0x1a, 0xf8, 0xc0, 0xff, 0xb5, 0xb7, ++ 0xa2, 0x97, 0xf2, 0xef, 0xc6, 0x3b, 0x8d, 0x6b, 0x05, 0x10, 0x93, 0x1f, ++ 0x0b, 0x98, 0xe4, 0x8b, 0xf5, 0xfc, 0x6e, 0xc4, 0xe7, 0xb8, 0xdb, 0x1f, ++ 0xfa, 0xeb, 0x08, 0xc3, 0x8e, 0x02, 0xad, 0xb8, 0xf0, 0x3a, 0x48, 0x22, ++ 0x9c, 0x99, 0xe9, 0x69, 0x43, 0x1f, 0x61, 0xcb, 0x8c, 0x4d, 0xc6, 0x98, ++ 0xd1, 0x02, 0x03, 0x01, 0x00, 0x01}; ++// RSA-PSS test vectors, pss-vect.txt, Example 6.1 ++const uint8_t kTestVector6Data[] = { ++ 0x0a, 0x20, 0xb7, 0x74, 0xad, 0xdc, 0x2f, 0xa5, 0x12, 0x45, 0xed, ++ 0x7c, 0xb9, 0xda, 0x60, 0x9e, 0x50, 0xca, 0xc6, 0x63, 0x6a, 0x52, ++ 0x54, 0x3f, 0x97, 0x45, 0x8e, 0xed, 0x73, 0x40, 0xf8, 0xd5, 0x3f, ++ 0xfc, 0x64, 0x91, 0x8f, 0x94, 0x90, 0x78, 0xee, 0x03, 0xef, 0x60, ++ 0xd4, 0x2b, 0x5f, 0xec, 0x24, 0x60, 0x50, 0xbd, 0x55, 0x05, 0xcd, ++ 0x8c, 0xb5, 0x97, 0xba, 0xd3, 0xc4, 0xe7, 0x13, 0xb0, 0xef, 0x30, ++ 0x64, 0x4e, 0x76, 0xad, 0xab, 0xb0, 0xde, 0x01, 0xa1, 0x56, 0x1e, ++ 0xfb, 0x25, 0x51, 0x58, 0xc7, 0x4f, 0xc8, 0x01, 0xe6, 0xe9, 0x19, ++ 0xe5, 0x81, 0xb4, 0x6f, 0x0f, 0x0d, 0xdd, 0x08, 0xe4, 0xf3, 0x4c, ++ 0x78, 0x10, 0xb5, 0xed, 0x83, 0x18, 0xf9, 0x1d, 0x7c, 0x8c}; ++const uint8_t kTestVector6Sig[] = { ++ 0x04, 0xc0, 0xcf, 0xac, 0xec, 0x04, 0xe5, 0xba, 0xdb, 0xec, 0xe1, 0x59, ++ 0xa5, 0xa1, 0x10, 0x3f, 0x69, 0xb3, 0xf3, 0x2b, 0xa5, 0x93, 0xcb, 0x4c, ++ 0xc4, 0xb1, 0xb7, 0xab, 0x45, 0x59, 0x16, 0xa9, 0x6a, 0x27, 0xcd, 0x26, ++ 0x78, 0xea, 0x0f, 0x46, 0xba, 0x37, 0xf7, 0xfc, 0x9c, 0x86, 0x32, 0x5f, ++ 0x29, 0x73, 0x3b, 0x38, 0x9f, 0x1d, 0x97, 0xf4, 0x3e, 0x72, 0x01, 0xc0, ++ 0xf3, 0x48, 0xfc, 0x45, 0xfe, 0x42, 0x89, 0x23, 0x35, 0x36, 0x2e, 0xee, ++ 0x01, 0x8b, 0x5b, 0x16, 0x1f, 0x2f, 0x93, 0x93, 0x03, 0x12, 0x25, 0xc7, ++ 0x13, 0x01, 0x2a, 0x57, 0x6b, 0xc8, 0x8e, 0x23, 0x05, 0x24, 0x89, 0x86, ++ 0x8d, 0x90, 0x10, 0xcb, 0xf0, 0x33, 0xec, 0xc5, 0x68, 0xe8, 0xbc, 0x15, ++ 0x2b, 0xdc, 0x59, 0xd5, 0x60, 0xe4, 0x12, 0x91, 0x91, 0x5d, 0x28, 0x56, ++ 0x52, 0x08, 0xe2, 0x2a, 0xee, 0xc9, 0xef, 0x85, 0xd1}; ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 7: A 1030-bit RSA Key Pair ++// ++const uint8_t kTestVector7Pkcs8[] = { ++ 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, ++ 0x02, 0x61, 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, ++ 0x37, 0xc9, 0xda, 0x4a, 0x66, 0xc8, 0xc4, 0x08, 0xb8, 0xda, 0x27, 0xd0, ++ 0xc9, 0xd7, 0x9f, 0x8c, 0xcb, 0x1e, 0xaf, 0xc1, 0xd2, 0xfe, 0x48, 0x74, ++ 0x6d, 0x94, 0x0b, 0x7c, 0x4e, 0xf5, 0xde, 0xe1, 0x8a, 0xd1, 0x26, 0x47, ++ 0xce, 0xfa, 0xa0, 0xc4, 0xb3, 0x18, 0x8b, 0x22, 0x1c, 0x51, 0x53, 0x86, ++ 0x75, 0x9b, 0x93, 0xf0, 0x20, 0x24, 0xb2, 0x5a, 0xb9, 0x24, 0x2f, 0x83, ++ 0x57, 0xd8, 0xf3, 0xfd, 0x49, 0x64, 0x0e, 0xe5, 0xe6, 0x43, 0xea, 0xf6, ++ 0xc6, 0x4d, 0xee, 0xfa, 0x70, 0x89, 0x72, 0x7c, 0x8f, 0xf0, 0x39, 0x93, ++ 0x33, 0x39, 0x15, 0xc6, 0xef, 0x21, 0xbf, 0x59, 0x75, 0xb6, 0xe5, 0x0d, ++ 0x11, 0x8b, 0x51, 0x00, 0x8e, 0xc3, 0x3e, 0x9f, 0x01, 0xa0, 0xa5, 0x45, ++ 0xa1, 0x0a, 0x83, 0x6a, 0x43, 0xdd, 0xbc, 0xa9, 0xd8, 0xb5, 0xc5, 0xd3, ++ 0x54, 0x80, 0x22, 0xd7, 0x06, 0x4e, 0xa2, 0x9a, 0xb3, 0x02, 0x03, 0x01, ++ 0x00, 0x01, 0x02, 0x81, 0x80, 0x3b, 0xed, 0x99, 0x90, 0x52, 0xd9, 0x57, ++ 0xbc, 0x06, 0xd6, 0x51, 0xee, 0xf6, 0xe3, 0xa9, 0x80, 0x94, 0xb1, 0x62, ++ 0x1b, 0xd3, 0x8b, 0x54, 0x49, 0xbd, 0x6c, 0x4a, 0xea, 0x3d, 0xe7, 0xe0, ++ 0x84, 0x67, 0x9a, 0x44, 0x84, 0xde, 0xd2, 0x5b, 0xe0, 0xf0, 0x82, 0x6c, ++ 0xf3, 0x37, 0x78, 0x25, 0x41, 0x4b, 0x14, 0xd4, 0xd6, 0x1d, 0xb1, 0x4d, ++ 0xe6, 0x26, 0xfb, 0xb8, 0x0e, 0x5f, 0x4f, 0xae, 0xc9, 0x56, 0xf9, 0xa0, ++ 0xa2, 0xd2, 0x4f, 0x99, 0x57, 0x63, 0x80, 0xf0, 0x84, 0xeb, 0x62, 0xe4, ++ 0x6a, 0x57, 0xd5, 0x54, 0x27, 0x8b, 0x53, 0x56, 0x26, 0x19, 0x3c, 0xe0, ++ 0x20, 0x60, 0x57, 0x5e, 0xb6, 0x6c, 0x57, 0x98, 0xd3, 0x6f, 0x6c, 0x5d, ++ 0x40, 0xfb, 0x00, 0xd8, 0x09, 0xb4, 0x2a, 0x73, 0x10, 0x2c, 0x1c, 0x74, ++ 0xee, 0x95, 0xbd, 0x71, 0x42, 0x0f, 0xff, 0xef, 0x63, 0x18, 0xb5, 0x2c, ++ 0x29, 0x02, 0x41, 0x07, 0xee, 0xfb, 0x42, 0x4b, 0x0e, 0x3a, 0x40, 0xe4, ++ 0x20, 0x8e, 0xe5, 0xaf, 0xb2, 0x80, 0xb2, 0x23, 0x17, 0x30, 0x81, 0x14, ++ 0xdd, 0xe0, 0xb4, 0xb6, 0x4f, 0x73, 0x01, 0x84, 0xec, 0x68, 0xda, 0x6c, ++ 0xe2, 0x86, 0x7a, 0x9f, 0x48, 0xed, 0x77, 0x26, 0xd5, 0xe2, 0x61, 0x4e, ++ 0xd0, 0x4a, 0x54, 0x10, 0x73, 0x6c, 0x8c, 0x71, 0x4e, 0xe7, 0x02, 0x47, ++ 0x42, 0x98, 0xc6, 0x29, 0x2a, 0xf0, 0x75, 0x35, 0x02, 0x41, 0x07, 0x08, ++ 0x30, 0xdb, 0xf9, 0x47, 0xea, 0xc0, 0x22, 0x8d, 0xe2, 0x63, 0x14, 0xb5, ++ 0x9b, 0x66, 0x99, 0x4c, 0xc6, 0x0e, 0x83, 0x60, 0xe7, 0x5d, 0x38, 0x76, ++ 0x29, 0x8f, 0x8f, 0x8a, 0x7d, 0x14, 0x1d, 0xa0, 0x64, 0xe5, 0xca, 0x02, ++ 0x6a, 0x97, 0x3e, 0x28, 0xf2, 0x54, 0x73, 0x8c, 0xee, 0x66, 0x9c, 0x72, ++ 0x1b, 0x03, 0x4c, 0xb5, 0xf8, 0xe2, 0x44, 0xda, 0xdd, 0x7c, 0xd1, 0xe1, ++ 0x59, 0xd5, 0x47, 0x02, 0x41, 0x05, 0x24, 0xd2, 0x0c, 0x3d, 0x95, 0xcf, ++ 0xf7, 0x5a, 0xf2, 0x31, 0x34, 0x83, 0x22, 0x7d, 0x87, 0x02, 0x71, 0x7a, ++ 0xa5, 0x76, 0xde, 0x15, 0x5f, 0x96, 0x05, 0x15, 0x50, 0x1a, 0xdb, 0x1d, ++ 0x70, 0xe1, 0xc0, 0x4d, 0xe9, 0x1b, 0x75, 0xb1, 0x61, 0xdb, 0xf0, 0x39, ++ 0x83, 0x56, 0x12, 0x7e, 0xde, 0xda, 0x7b, 0xbc, 0x19, 0xa3, 0x2d, 0xc1, ++ 0x62, 0x1c, 0xc9, 0xf5, 0x3c, 0x26, 0x5d, 0x0c, 0xe3, 0x31, 0x02, 0x41, ++ 0x05, 0xf9, 0x84, 0xa1, 0xf2, 0x3c, 0x93, 0x8d, 0x6a, 0x0e, 0x89, 0x72, ++ 0x4b, 0xcf, 0x3d, 0xd9, 0x3f, 0x99, 0x46, 0x92, 0x60, 0x37, 0xfe, 0x7c, ++ 0x6b, 0x13, 0xa2, 0x9e, 0x52, 0x84, 0x85, 0x5f, 0x89, 0x08, 0x95, 0x91, ++ 0xd4, 0x40, 0x97, 0x56, 0x27, 0xbf, 0x5c, 0x9e, 0x3a, 0x8b, 0x5c, 0xa7, ++ 0x9c, 0x77, 0x2a, 0xd2, 0x73, 0xe4, 0x0d, 0x32, 0x1a, 0xf4, 0xa6, 0xc9, ++ 0x7d, 0xfd, 0xed, 0x78, 0xd3, 0x02, 0x40, 0xdd, 0xd9, 0x18, 0xad, 0xad, ++ 0xa2, 0x9d, 0xca, 0xb9, 0x81, 0xff, 0x9a, 0xcb, 0xa4, 0x25, 0x70, 0x23, ++ 0xc0, 0x9a, 0x38, 0x01, 0xcc, 0xce, 0x09, 0x8c, 0xe2, 0x68, 0xf8, 0x55, ++ 0xd0, 0xdf, 0x57, 0x0c, 0xd6, 0xe7, 0xb9, 0xb1, 0x4b, 0xd9, 0xa5, 0xa9, ++ 0x25, 0x4c, 0xbc, 0x31, 0x5b, 0xe6, 0xf8, 0xba, 0x1e, 0x25, 0x46, 0xdd, ++ 0xd5, 0x69, 0xc5, 0xea, 0x19, 0xee, 0xd8, 0x35, 0x3b, 0xde, 0x5e}; ++const uint8_t kTestVector7Spki[] = { ++ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, ++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, ++ 0x89, 0x02, 0x81, 0x81, 0x37, 0xc9, 0xda, 0x4a, 0x66, 0xc8, 0xc4, 0x08, ++ 0xb8, 0xda, 0x27, 0xd0, 0xc9, 0xd7, 0x9f, 0x8c, 0xcb, 0x1e, 0xaf, 0xc1, ++ 0xd2, 0xfe, 0x48, 0x74, 0x6d, 0x94, 0x0b, 0x7c, 0x4e, 0xf5, 0xde, 0xe1, ++ 0x8a, 0xd1, 0x26, 0x47, 0xce, 0xfa, 0xa0, 0xc4, 0xb3, 0x18, 0x8b, 0x22, ++ 0x1c, 0x51, 0x53, 0x86, 0x75, 0x9b, 0x93, 0xf0, 0x20, 0x24, 0xb2, 0x5a, ++ 0xb9, 0x24, 0x2f, 0x83, 0x57, 0xd8, 0xf3, 0xfd, 0x49, 0x64, 0x0e, 0xe5, ++ 0xe6, 0x43, 0xea, 0xf6, 0xc6, 0x4d, 0xee, 0xfa, 0x70, 0x89, 0x72, 0x7c, ++ 0x8f, 0xf0, 0x39, 0x93, 0x33, 0x39, 0x15, 0xc6, 0xef, 0x21, 0xbf, 0x59, ++ 0x75, 0xb6, 0xe5, 0x0d, 0x11, 0x8b, 0x51, 0x00, 0x8e, 0xc3, 0x3e, 0x9f, ++ 0x01, 0xa0, 0xa5, 0x45, 0xa1, 0x0a, 0x83, 0x6a, 0x43, 0xdd, 0xbc, 0xa9, ++ 0xd8, 0xb5, 0xc5, 0xd3, 0x54, 0x80, 0x22, 0xd7, 0x06, 0x4e, 0xa2, 0x9a, ++ 0xb3, 0x02, 0x03, 0x01, 0x00, 0x01}; ++// RSA-PSS test vectors, pss-vect.txt, Example 7.1 ++const uint8_t kTestVector7Data[] = { ++ 0x9e, 0xad, 0x0e, 0x01, 0x94, 0x56, 0x40, 0x67, 0x4e, 0xb4, 0x1c, 0xad, ++ 0x43, 0x5e, 0x23, 0x74, 0xea, 0xef, 0xa8, 0xad, 0x71, 0x97, 0xd9, 0x79, ++ 0x13, 0xc4, 0x49, 0x57, 0xd8, 0xd8, 0x3f, 0x40, 0xd7, 0x6e, 0xe6, 0x0e, ++ 0x39, 0xbf, 0x9c, 0x0f, 0x9e, 0xaf, 0x30, 0x21, 0x42, 0x1a, 0x07, 0x4d, ++ 0x1a, 0xde, 0x96, 0x2c, 0x6e, 0x9d, 0x3d, 0xc3, 0xbb, 0x17, 0x4f, 0xe4, ++ 0xdf, 0xe6, 0x52, 0xb0, 0x91, 0x15, 0x49, 0x5b, 0x8f, 0xd2, 0x79, 0x41, ++ 0x74, 0x02, 0x0a, 0x06, 0x02, 0xb5, 0xca, 0x51, 0x84, 0x8c, 0xfc, 0x96, ++ 0xce, 0x5e, 0xb5, 0x7f, 0xc0, 0xa2, 0xad, 0xc1, 0xdd, 0xa3, 0x6a, 0x7c, ++ 0xc4, 0x52, 0x64, 0x1a, 0x14, 0x91, 0x1b, 0x37, 0xe4, 0x5b, 0xfa, 0x11, ++ 0xda, 0xa5, 0xc7, 0xec, 0xdb, 0x74, 0xf6, 0xd0, 0x10, 0x0d, 0x1d, 0x3e, ++ 0x39, 0xe7, 0x52, 0x80, 0x0e, 0x20, 0x33, 0x97, 0xde, 0x02, 0x33, 0x07, ++ 0x7b, 0x9a, 0x88, 0x85, 0x55, 0x37, 0xfa, 0xe9, 0x27, 0xf9, 0x24, 0x38, ++ 0x0d, 0x78, 0x0f, 0x98, 0xe1, 0x8d, 0xcf, 0xf3, 0x9c, 0x5e, 0xa7, 0x41, ++ 0xb1, 0x7d, 0x6f, 0xdd, 0x18, 0x85, 0xbc, 0x9d, 0x58, 0x14, 0x82, 0xd7, ++ 0x71, 0xce, 0xb5, 0x62, 0xd7, 0x8a, 0x8b, 0xf8, 0x8f, 0x0c, 0x75, 0xb1, ++ 0x13, 0x63, 0xe5, 0xe3, 0x6c, 0xd4, 0x79, 0xce, 0xb0, 0x54, 0x5f, 0x9d, ++ 0xa8, 0x42, 0x03, 0xe0, 0xe6, 0xe5, 0x08, 0x37, 0x5c, 0xc9, 0xe8, 0x44, ++ 0xb8, 0x8b, 0x7a, 0xc7, 0xa0, 0xa2, 0x01, 0xea, 0x0f, 0x1b, 0xee, 0x9a, ++ 0x2c, 0x57, 0x79, 0x20, 0xca, 0x02, 0xc0, 0x1b, 0x9d, 0x83, 0x20, 0xe9, ++ 0x74, 0xa5, 0x6f, 0x4e, 0xfb, 0x57, 0x63, 0xb9, 0x62, 0x55, 0xab, 0xbf, ++ 0x80, 0x37, 0xbf, 0x18, 0x02, 0xcf, 0x01, 0x8f, 0x56, 0x37, 0x94, 0x93, ++ 0xe5, 0x69, 0xa9}; ++const uint8_t kTestVector7Sig[] = { ++ 0x18, 0x7f, 0x39, 0x07, 0x23, 0xc8, 0x90, 0x25, 0x91, 0xf0, 0x15, 0x4b, ++ 0xae, 0x6d, 0x4e, 0xcb, 0xff, 0xe0, 0x67, 0xf0, 0xe8, 0xb7, 0x95, 0x47, ++ 0x6e, 0xa4, 0xf4, 0xd5, 0x1c, 0xcc, 0x81, 0x05, 0x20, 0xbb, 0x3c, 0xa9, ++ 0xbc, 0xa7, 0xd0, 0xb1, 0xf2, 0xea, 0x8a, 0x17, 0xd8, 0x73, 0xfa, 0x27, ++ 0x57, 0x0a, 0xcd, 0x64, 0x2e, 0x38, 0x08, 0x56, 0x1c, 0xb9, 0xe9, 0x75, ++ 0xcc, 0xfd, 0x80, 0xb2, 0x3d, 0xc5, 0x77, 0x1c, 0xdb, 0x33, 0x06, 0xa5, ++ 0xf2, 0x31, 0x59, 0xda, 0xcb, 0xd3, 0xaa, 0x2d, 0xb9, 0x3d, 0x46, 0xd7, ++ 0x66, 0xe0, 0x9e, 0xd1, 0x5d, 0x90, 0x0a, 0xd8, 0x97, 0xa8, 0xd2, 0x74, ++ 0xdc, 0x26, 0xb4, 0x7e, 0x99, 0x4a, 0x27, 0xe9, 0x7e, 0x22, 0x68, 0xa7, ++ 0x66, 0x53, 0x3a, 0xe4, 0xb5, 0xe4, 0x2a, 0x2f, 0xca, 0xf7, 0x55, 0xc1, ++ 0xc4, 0x79, 0x4b, 0x29, 0x4c, 0x60, 0x55, 0x58, 0x23}; ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 8: A 1031-bit RSA Key Pair ++// ++const uint8_t kTestVector8Pkcs8[] = { ++ 0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, ++ 0x02, 0x62, 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, ++ 0x49, 0x53, 0x70, 0xa1, 0xfb, 0x18, 0x54, 0x3c, 0x16, 0xd3, 0x63, 0x1e, ++ 0x31, 0x63, 0x25, 0x5d, 0xf6, 0x2b, 0xe6, 0xee, 0xe8, 0x90, 0xd5, 0xf2, ++ 0x55, 0x09, 0xe4, 0xf7, 0x78, 0xa8, 0xea, 0x6f, 0xbb, 0xbc, 0xdf, 0x85, ++ 0xdf, 0xf6, 0x4e, 0x0d, 0x97, 0x20, 0x03, 0xab, 0x36, 0x81, 0xfb, 0xba, ++ 0x6d, 0xd4, 0x1f, 0xd5, 0x41, 0x82, 0x9b, 0x2e, 0x58, 0x2d, 0xe9, 0xf2, ++ 0xa4, 0xa4, 0xe0, 0xa2, 0xd0, 0x90, 0x0b, 0xef, 0x47, 0x53, 0xdb, 0x3c, ++ 0xee, 0x0e, 0xe0, 0x6c, 0x7d, 0xfa, 0xe8, 0xb1, 0xd5, 0x3b, 0x59, 0x53, ++ 0x21, 0x8f, 0x9c, 0xce, 0xea, 0x69, 0x5b, 0x08, 0x66, 0x8e, 0xde, 0xaa, ++ 0xdc, 0xed, 0x94, 0x63, 0xb1, 0xd7, 0x90, 0xd5, 0xeb, 0xf2, 0x7e, 0x91, ++ 0x15, 0xb4, 0x6c, 0xad, 0x4d, 0x9a, 0x2b, 0x8e, 0xfa, 0xb0, 0x56, 0x1b, ++ 0x08, 0x10, 0x34, 0x47, 0x39, 0xad, 0xa0, 0x73, 0x3f, 0x02, 0x03, 0x01, ++ 0x00, 0x01, 0x02, 0x81, 0x80, 0x6c, 0x66, 0xff, 0xe9, 0x89, 0x80, 0xc3, ++ 0x8f, 0xcd, 0xea, 0xb5, 0x15, 0x98, 0x98, 0x83, 0x61, 0x65, 0xf4, 0xb4, ++ 0xb8, 0x17, 0xc4, 0xf6, 0xa8, 0xd4, 0x86, 0xee, 0x4e, 0xa9, 0x13, 0x0f, ++ 0xe9, 0xb9, 0x09, 0x2b, 0xd1, 0x36, 0xd1, 0x84, 0xf9, 0x5f, 0x50, 0x4a, ++ 0x60, 0x7e, 0xac, 0x56, 0x58, 0x46, 0xd2, 0xfd, 0xd6, 0x59, 0x7a, 0x89, ++ 0x67, 0xc7, 0x39, 0x6e, 0xf9, 0x5a, 0x6e, 0xee, 0xbb, 0x45, 0x78, 0xa6, ++ 0x43, 0x96, 0x6d, 0xca, 0x4d, 0x8e, 0xe3, 0xde, 0x84, 0x2d, 0xe6, 0x32, ++ 0x79, 0xc6, 0x18, 0x15, 0x9c, 0x1a, 0xb5, 0x4a, 0x89, 0x43, 0x7b, 0x6a, ++ 0x61, 0x20, 0xe4, 0x93, 0x0a, 0xfb, 0x52, 0xa4, 0xba, 0x6c, 0xed, 0x8a, ++ 0x49, 0x47, 0xac, 0x64, 0xb3, 0x0a, 0x34, 0x97, 0xcb, 0xe7, 0x01, 0xc2, ++ 0xd6, 0x26, 0x6d, 0x51, 0x72, 0x19, 0xad, 0x0e, 0xc6, 0xd3, 0x47, 0xdb, ++ 0xe9, 0x02, 0x41, 0x08, 0xda, 0xd7, 0xf1, 0x13, 0x63, 0xfa, 0xa6, 0x23, ++ 0xd5, 0xd6, 0xd5, 0xe8, 0xa3, 0x19, 0x32, 0x8d, 0x82, 0x19, 0x0d, 0x71, ++ 0x27, 0xd2, 0x84, 0x6c, 0x43, 0x9b, 0x0a, 0xb7, 0x26, 0x19, 0xb0, 0xa4, ++ 0x3a, 0x95, 0x32, 0x0e, 0x4e, 0xc3, 0x4f, 0xc3, 0xa9, 0xce, 0xa8, 0x76, ++ 0x42, 0x23, 0x05, 0xbd, 0x76, 0xc5, 0xba, 0x7b, 0xe9, 0xe2, 0xf4, 0x10, ++ 0xc8, 0x06, 0x06, 0x45, 0xa1, 0xd2, 0x9e, 0xdb, 0x02, 0x41, 0x08, 0x47, ++ 0xe7, 0x32, 0x37, 0x6f, 0xc7, 0x90, 0x0f, 0x89, 0x8e, 0xa8, 0x2e, 0xb2, ++ 0xb0, 0xfc, 0x41, 0x85, 0x65, 0xfd, 0xae, 0x62, 0xf7, 0xd9, 0xec, 0x4c, ++ 0xe2, 0x21, 0x7b, 0x97, 0x99, 0x0d, 0xd2, 0x72, 0xdb, 0x15, 0x7f, 0x99, ++ 0xf6, 0x3c, 0x0d, 0xcb, 0xb9, 0xfb, 0xac, 0xdb, 0xd4, 0xc4, 0xda, 0xdb, ++ 0x6d, 0xf6, 0x77, 0x56, 0x35, 0x8c, 0xa4, 0x17, 0x48, 0x25, 0xb4, 0x8f, ++ 0x49, 0x70, 0x6d, 0x02, 0x41, 0x05, 0xc2, 0xa8, 0x3c, 0x12, 0x4b, 0x36, ++ 0x21, 0xa2, 0xaa, 0x57, 0xea, 0x2c, 0x3e, 0xfe, 0x03, 0x5e, 0xff, 0x45, ++ 0x60, 0xf3, 0x3d, 0xde, 0xbb, 0x7a, 0xda, 0xb8, 0x1f, 0xce, 0x69, 0xa0, ++ 0xc8, 0xc2, 0xed, 0xc1, 0x65, 0x20, 0xdd, 0xa8, 0x3d, 0x59, 0xa2, 0x3b, ++ 0xe8, 0x67, 0x96, 0x3a, 0xc6, 0x5f, 0x2c, 0xc7, 0x10, 0xbb, 0xcf, 0xb9, ++ 0x6e, 0xe1, 0x03, 0xde, 0xb7, 0x71, 0xd1, 0x05, 0xfd, 0x85, 0x02, 0x41, ++ 0x04, 0xca, 0xe8, 0xaa, 0x0d, 0x9f, 0xaa, 0x16, 0x5c, 0x87, 0xb6, 0x82, ++ 0xec, 0x14, 0x0b, 0x8e, 0xd3, 0xb5, 0x0b, 0x24, 0x59, 0x4b, 0x7a, 0x3b, ++ 0x2c, 0x22, 0x0b, 0x36, 0x69, 0xbb, 0x81, 0x9f, 0x98, 0x4f, 0x55, 0x31, ++ 0x0a, 0x1a, 0xe7, 0x82, 0x36, 0x51, 0xd4, 0xa0, 0x2e, 0x99, 0x44, 0x79, ++ 0x72, 0x59, 0x51, 0x39, 0x36, 0x34, 0x34, 0xe5, 0xe3, 0x0a, 0x7e, 0x7d, ++ 0x24, 0x15, 0x51, 0xe1, 0xb9, 0x02, 0x41, 0x07, 0xd3, 0xe4, 0x7b, 0xf6, ++ 0x86, 0x60, 0x0b, 0x11, 0xac, 0x28, 0x3c, 0xe8, 0x8d, 0xbb, 0x3f, 0x60, ++ 0x51, 0xe8, 0xef, 0xd0, 0x46, 0x80, 0xe4, 0x4c, 0x17, 0x1e, 0xf5, 0x31, ++ 0xb8, 0x0b, 0x2b, 0x7c, 0x39, 0xfc, 0x76, 0x63, 0x20, 0xe2, 0xcf, 0x15, ++ 0xd8, 0xd9, 0x98, 0x20, 0xe9, 0x6f, 0xf3, 0x0d, 0xc6, 0x96, 0x91, 0x83, ++ 0x9c, 0x4b, 0x40, 0xd7, 0xb0, 0x6e, 0x45, 0x30, 0x7d, 0xc9, 0x1f, 0x3f}; ++const uint8_t kTestVector8Spki[] = { ++ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, ++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, ++ 0x89, 0x02, 0x81, 0x81, 0x49, 0x53, 0x70, 0xa1, 0xfb, 0x18, 0x54, 0x3c, ++ 0x16, 0xd3, 0x63, 0x1e, 0x31, 0x63, 0x25, 0x5d, 0xf6, 0x2b, 0xe6, 0xee, ++ 0xe8, 0x90, 0xd5, 0xf2, 0x55, 0x09, 0xe4, 0xf7, 0x78, 0xa8, 0xea, 0x6f, ++ 0xbb, 0xbc, 0xdf, 0x85, 0xdf, 0xf6, 0x4e, 0x0d, 0x97, 0x20, 0x03, 0xab, ++ 0x36, 0x81, 0xfb, 0xba, 0x6d, 0xd4, 0x1f, 0xd5, 0x41, 0x82, 0x9b, 0x2e, ++ 0x58, 0x2d, 0xe9, 0xf2, 0xa4, 0xa4, 0xe0, 0xa2, 0xd0, 0x90, 0x0b, 0xef, ++ 0x47, 0x53, 0xdb, 0x3c, 0xee, 0x0e, 0xe0, 0x6c, 0x7d, 0xfa, 0xe8, 0xb1, ++ 0xd5, 0x3b, 0x59, 0x53, 0x21, 0x8f, 0x9c, 0xce, 0xea, 0x69, 0x5b, 0x08, ++ 0x66, 0x8e, 0xde, 0xaa, 0xdc, 0xed, 0x94, 0x63, 0xb1, 0xd7, 0x90, 0xd5, ++ 0xeb, 0xf2, 0x7e, 0x91, 0x15, 0xb4, 0x6c, 0xad, 0x4d, 0x9a, 0x2b, 0x8e, ++ 0xfa, 0xb0, 0x56, 0x1b, 0x08, 0x10, 0x34, 0x47, 0x39, 0xad, 0xa0, 0x73, ++ 0x3f, 0x02, 0x03, 0x01, 0x00, 0x01}; ++// RSA-PSS test vectors, pss-vect.txt, Example 8.1 ++const uint8_t kTestVector8Data[] = { ++ 0x81, 0x33, 0x2f, 0x4b, 0xe6, 0x29, 0x48, 0x41, 0x5e, 0xa1, 0xd8, 0x99, ++ 0x79, 0x2e, 0xea, 0xcf, 0x6c, 0x6e, 0x1d, 0xb1, 0xda, 0x8b, 0xe1, 0x3b, ++ 0x5c, 0xea, 0x41, 0xdb, 0x2f, 0xed, 0x46, 0x70, 0x92, 0xe1, 0xff, 0x39, ++ 0x89, 0x14, 0xc7, 0x14, 0x25, 0x97, 0x75, 0xf5, 0x95, 0xf8, 0x54, 0x7f, ++ 0x73, 0x56, 0x92, 0xa5, 0x75, 0xe6, 0x92, 0x3a, 0xf7, 0x8f, 0x22, 0xc6, ++ 0x99, 0x7d, 0xdb, 0x90, 0xfb, 0x6f, 0x72, 0xd7, 0xbb, 0x0d, 0xd5, 0x74, ++ 0x4a, 0x31, 0xde, 0xcd, 0x3d, 0xc3, 0x68, 0x58, 0x49, 0x83, 0x6e, 0xd3, ++ 0x4a, 0xec, 0x59, 0x63, 0x04, 0xad, 0x11, 0x84, 0x3c, 0x4f, 0x88, 0x48, ++ 0x9f, 0x20, 0x97, 0x35, 0xf5, 0xfb, 0x7f, 0xda, 0xf7, 0xce, 0xc8, 0xad, ++ 0xdc, 0x58, 0x18, 0x16, 0x8f, 0x88, 0x0a, 0xcb, 0xf4, 0x90, 0xd5, 0x10, ++ 0x05, 0xb7, 0xa8, 0xe8, 0x4e, 0x43, 0xe5, 0x42, 0x87, 0x97, 0x75, 0x71, ++ 0xdd, 0x99, 0xee, 0xa4, 0xb1, 0x61, 0xeb, 0x2d, 0xf1, 0xf5, 0x10, 0x8f, ++ 0x12, 0xa4, 0x14, 0x2a, 0x83, 0x32, 0x2e, 0xdb, 0x05, 0xa7, 0x54, 0x87, ++ 0xa3, 0x43, 0x5c, 0x9a, 0x78, 0xce, 0x53, 0xed, 0x93, 0xbc, 0x55, 0x08, ++ 0x57, 0xd7, 0xa9, 0xfb}; ++const uint8_t kTestVector8Sig[] = { ++ 0x02, 0x62, 0xac, 0x25, 0x4b, 0xfa, 0x77, 0xf3, 0xc1, 0xac, 0xa2, 0x2c, ++ 0x51, 0x79, 0xf8, 0xf0, 0x40, 0x42, 0x2b, 0x3c, 0x5b, 0xaf, 0xd4, 0x0a, ++ 0x8f, 0x21, 0xcf, 0x0f, 0xa5, 0xa6, 0x67, 0xcc, 0xd5, 0x99, 0x3d, 0x42, ++ 0xdb, 0xaf, 0xb4, 0x09, 0xc5, 0x20, 0xe2, 0x5f, 0xce, 0x2b, 0x1e, 0xe1, ++ 0xe7, 0x16, 0x57, 0x7f, 0x1e, 0xfa, 0x17, 0xf3, 0xda, 0x28, 0x05, 0x2f, ++ 0x40, 0xf0, 0x41, 0x9b, 0x23, 0x10, 0x6d, 0x78, 0x45, 0xaa, 0xf0, 0x11, ++ 0x25, 0xb6, 0x98, 0xe7, 0xa4, 0xdf, 0xe9, 0x2d, 0x39, 0x67, 0xbb, 0x00, ++ 0xc4, 0xd0, 0xd3, 0x5b, 0xa3, 0x55, 0x2a, 0xb9, 0xa8, 0xb3, 0xee, 0xf0, ++ 0x7c, 0x7f, 0xec, 0xdb, 0xc5, 0x42, 0x4a, 0xc4, 0xdb, 0x1e, 0x20, 0xcb, ++ 0x37, 0xd0, 0xb2, 0x74, 0x47, 0x69, 0x94, 0x0e, 0xa9, 0x07, 0xe1, 0x7f, ++ 0xbb, 0xca, 0x67, 0x3b, 0x20, 0x52, 0x23, 0x80, 0xc5}; ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 9: A 1536-bit RSA Key Pair ++// ++const uint8_t kTestVector9Pkcs8[] = { ++ 0x30, 0x82, 0x03, 0x92, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, ++ 0x03, 0x7c, 0x30, 0x82, 0x03, 0x78, 0x02, 0x01, 0x00, 0x02, 0x81, 0xc0, ++ 0xe6, 0xbd, 0x69, 0x2a, 0xc9, 0x66, 0x45, 0x79, 0x04, 0x03, 0xfd, 0xd0, ++ 0xf5, 0xbe, 0xb8, 0xb9, 0xbf, 0x92, 0xed, 0x10, 0x00, 0x7f, 0xc3, 0x65, ++ 0x04, 0x64, 0x19, 0xdd, 0x06, 0xc0, 0x5c, 0x5b, 0x5b, 0x2f, 0x48, 0xec, ++ 0xf9, 0x89, 0xe4, 0xce, 0x26, 0x91, 0x09, 0x97, 0x9c, 0xbb, 0x40, 0xb4, ++ 0xa0, 0xad, 0x24, 0xd2, 0x24, 0x83, 0xd1, 0xee, 0x31, 0x5a, 0xd4, 0xcc, ++ 0xb1, 0x53, 0x42, 0x68, 0x35, 0x26, 0x91, 0xc5, 0x24, 0xf6, 0xdd, 0x8e, ++ 0x6c, 0x29, 0xd2, 0x24, 0xcf, 0x24, 0x69, 0x73, 0xae, 0xc8, 0x6c, 0x5b, ++ 0xf6, 0xb1, 0x40, 0x1a, 0x85, 0x0d, 0x1b, 0x9a, 0xd1, 0xbb, 0x8c, 0xbc, ++ 0xec, 0x47, 0xb0, 0x6f, 0x0f, 0x8c, 0x7f, 0x45, 0xd3, 0xfc, 0x8f, 0x31, ++ 0x92, 0x99, 0xc5, 0x43, 0x3d, 0xdb, 0xc2, 0xb3, 0x05, 0x3b, 0x47, 0xde, ++ 0xd2, 0xec, 0xd4, 0xa4, 0xca, 0xef, 0xd6, 0x14, 0x83, 0x3d, 0xc8, 0xbb, ++ 0x62, 0x2f, 0x31, 0x7e, 0xd0, 0x76, 0xb8, 0x05, 0x7f, 0xe8, 0xde, 0x3f, ++ 0x84, 0x48, 0x0a, 0xd5, 0xe8, 0x3e, 0x4a, 0x61, 0x90, 0x4a, 0x4f, 0x24, ++ 0x8f, 0xb3, 0x97, 0x02, 0x73, 0x57, 0xe1, 0xd3, 0x0e, 0x46, 0x31, 0x39, ++ 0x81, 0x5c, 0x6f, 0xd4, 0xfd, 0x5a, 0xc5, 0xb8, 0x17, 0x2a, 0x45, 0x23, ++ 0x0e, 0xcb, 0x63, 0x18, 0xa0, 0x4f, 0x14, 0x55, 0xd8, 0x4e, 0x5a, 0x8b, ++ 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0xc0, 0x6a, 0x7f, 0xd8, 0x4f, ++ 0xb8, 0x5f, 0xad, 0x07, 0x3b, 0x34, 0x40, 0x6d, 0xb7, 0x4f, 0x8d, 0x61, ++ 0xa6, 0xab, 0xc1, 0x21, 0x96, 0xa9, 0x61, 0xdd, 0x79, 0x56, 0x5e, 0x9d, ++ 0xa6, 0xe5, 0x18, 0x7b, 0xce, 0x2d, 0x98, 0x02, 0x50, 0xf7, 0x35, 0x95, ++ 0x75, 0x35, 0x92, 0x70, 0xd9, 0x15, 0x90, 0xbb, 0x0e, 0x42, 0x7c, 0x71, ++ 0x46, 0x0b, 0x55, 0xd5, 0x14, 0x10, 0xb1, 0x91, 0xbc, 0xf3, 0x09, 0xfe, ++ 0xa1, 0x31, 0xa9, 0x2c, 0x8e, 0x70, 0x27, 0x38, 0xfa, 0x71, 0x9f, 0x1e, ++ 0x00, 0x41, 0xf5, 0x2e, 0x40, 0xe9, 0x1f, 0x22, 0x9f, 0x4d, 0x96, 0xa1, ++ 0xe6, 0xf1, 0x72, 0xe1, 0x55, 0x96, 0xb4, 0x51, 0x0a, 0x6d, 0xae, 0xc2, ++ 0x61, 0x05, 0xf2, 0xbe, 0xbc, 0x53, 0x31, 0x6b, 0x87, 0xbd, 0xf2, 0x13, ++ 0x11, 0x66, 0x60, 0x70, 0xe8, 0xdf, 0xee, 0x69, 0xd5, 0x2c, 0x71, 0xa9, ++ 0x76, 0xca, 0xae, 0x79, 0xc7, 0x2b, 0x68, 0xd2, 0x85, 0x80, 0xdc, 0x68, ++ 0x6d, 0x9f, 0x51, 0x29, 0xd2, 0x25, 0xf8, 0x2b, 0x3d, 0x61, 0x55, 0x13, ++ 0xa8, 0x82, 0xb3, 0xdb, 0x91, 0x41, 0x6b, 0x48, 0xce, 0x08, 0x88, 0x82, ++ 0x13, 0xe3, 0x7e, 0xeb, 0x9a, 0xf8, 0x00, 0xd8, 0x1c, 0xab, 0x32, 0x8c, ++ 0xe4, 0x20, 0x68, 0x99, 0x03, 0xc0, 0x0c, 0x7b, 0x5f, 0xd3, 0x1b, 0x75, ++ 0x50, 0x3a, 0x6d, 0x41, 0x96, 0x84, 0xd6, 0x29, 0x02, 0x60, 0xf8, 0xeb, ++ 0x97, 0xe9, 0x8d, 0xf1, 0x26, 0x64, 0xee, 0xfd, 0xb7, 0x61, 0x59, 0x6a, ++ 0x69, 0xdd, 0xcd, 0x0e, 0x76, 0xda, 0xec, 0xe6, 0xed, 0x4b, 0xf5, 0xa1, ++ 0xb5, 0x0a, 0xc0, 0x86, 0xf7, 0x92, 0x8a, 0x4d, 0x2f, 0x87, 0x26, 0xa7, ++ 0x7e, 0x51, 0x5b, 0x74, 0xda, 0x41, 0x98, 0x8f, 0x22, 0x0b, 0x1c, 0xc8, ++ 0x7a, 0xa1, 0xfc, 0x81, 0x0c, 0xe9, 0x9a, 0x82, 0xf2, 0xd1, 0xce, 0x82, ++ 0x1e, 0xdc, 0xed, 0x79, 0x4c, 0x69, 0x41, 0xf4, 0x2c, 0x7a, 0x1a, 0x0b, ++ 0x8c, 0x4d, 0x28, 0xc7, 0x5e, 0xc6, 0x0b, 0x65, 0x22, 0x79, 0xf6, 0x15, ++ 0x4a, 0x76, 0x2a, 0xed, 0x16, 0x5d, 0x47, 0xde, 0xe3, 0x67, 0x02, 0x60, ++ 0xed, 0x4d, 0x71, 0xd0, 0xa6, 0xe2, 0x4b, 0x93, 0xc2, 0xe5, 0xf6, 0xb4, ++ 0xbb, 0xe0, 0x5f, 0x5f, 0xb0, 0xaf, 0xa0, 0x42, 0xd2, 0x04, 0xfe, 0x33, ++ 0x78, 0xd3, 0x65, 0xc2, 0xf2, 0x88, 0xb6, 0xa8, 0xda, 0xd7, 0xef, 0xe4, ++ 0x5d, 0x15, 0x3e, 0xef, 0x40, 0xca, 0xcc, 0x7b, 0x81, 0xff, 0x93, 0x40, ++ 0x02, 0xd1, 0x08, 0x99, 0x4b, 0x94, 0xa5, 0xe4, 0x72, 0x8c, 0xd9, 0xc9, ++ 0x63, 0x37, 0x5a, 0xe4, 0x99, 0x65, 0xbd, 0xa5, 0x5c, 0xbf, 0x0e, 0xfe, ++ 0xd8, 0xd6, 0x55, 0x3b, 0x40, 0x27, 0xf2, 0xd8, 0x62, 0x08, 0xa6, 0xe6, ++ 0xb4, 0x89, 0xc1, 0x76, 0x12, 0x80, 0x92, 0xd6, 0x29, 0xe4, 0x9d, 0x3d, ++ 0x02, 0x60, 0x2b, 0xb6, 0x8b, 0xdd, 0xfb, 0x0c, 0x4f, 0x56, 0xc8, 0x55, ++ 0x8b, 0xff, 0xaf, 0x89, 0x2d, 0x80, 0x43, 0x03, 0x78, 0x41, 0xe7, 0xfa, ++ 0x81, 0xcf, 0xa6, 0x1a, 0x38, 0xc5, 0xe3, 0x9b, 0x90, 0x1c, 0x8e, 0xe7, ++ 0x11, 0x22, 0xa5, 0xda, 0x22, 0x27, 0xbd, 0x6c, 0xde, 0xeb, 0x48, 0x14, ++ 0x52, 0xc1, 0x2a, 0xd3, 0xd6, 0x1d, 0x5e, 0x4f, 0x77, 0x6a, 0x0a, 0xb5, ++ 0x56, 0x59, 0x1b, 0xef, 0xe3, 0xe5, 0x9e, 0x5a, 0x7f, 0xdd, 0xb8, 0x34, ++ 0x5e, 0x1f, 0x2f, 0x35, 0xb9, 0xf4, 0xce, 0xe5, 0x7c, 0x32, 0x41, 0x4c, ++ 0x08, 0x6a, 0xec, 0x99, 0x3e, 0x93, 0x53, 0xe4, 0x80, 0xd9, 0xee, 0xc6, ++ 0x28, 0x9f, 0x02, 0x60, 0x4f, 0xf8, 0x97, 0x70, 0x9f, 0xad, 0x07, 0x97, ++ 0x46, 0x49, 0x45, 0x78, 0xe7, 0x0f, 0xd8, 0x54, 0x61, 0x30, 0xee, 0xab, ++ 0x56, 0x27, 0xc4, 0x9b, 0x08, 0x0f, 0x05, 0xee, 0x4a, 0xd9, 0xf3, 0xe4, ++ 0xb7, 0xcb, 0xa9, 0xd6, 0xa5, 0xdf, 0xf1, 0x13, 0xa4, 0x1c, 0x34, 0x09, ++ 0x33, 0x68, 0x33, 0xf1, 0x90, 0x81, 0x6d, 0x8a, 0x6b, 0xc4, 0x2e, 0x9b, ++ 0xec, 0x56, 0xb7, 0x56, 0x7d, 0x0f, 0x3c, 0x9c, 0x69, 0x6d, 0xb6, 0x19, ++ 0xb2, 0x45, 0xd9, 0x01, 0xdd, 0x85, 0x6d, 0xb7, 0xc8, 0x09, 0x2e, 0x77, ++ 0xe9, 0xa1, 0xcc, 0xcd, 0x56, 0xee, 0x4d, 0xba, 0x42, 0xc5, 0xfd, 0xb6, ++ 0x1a, 0xec, 0x26, 0x69, 0x02, 0x60, 0x77, 0xb9, 0xd1, 0x13, 0x7b, 0x50, ++ 0x40, 0x4a, 0x98, 0x27, 0x29, 0x31, 0x6e, 0xfa, 0xfc, 0x7d, 0xfe, 0x66, ++ 0xd3, 0x4e, 0x5a, 0x18, 0x26, 0x00, 0xd5, 0xf3, 0x0a, 0x0a, 0x85, 0x12, ++ 0x05, 0x1c, 0x56, 0x0d, 0x08, 0x1d, 0x4d, 0x0a, 0x18, 0x35, 0xec, 0x3d, ++ 0x25, 0xa6, 0x0f, 0x4e, 0x4d, 0x6a, 0xa9, 0x48, 0xb2, 0xbf, 0x3d, 0xbb, ++ 0x5b, 0x12, 0x4c, 0xbb, 0xc3, 0x48, 0x92, 0x55, 0xa3, 0xa9, 0x48, 0x37, ++ 0x2f, 0x69, 0x78, 0x49, 0x67, 0x45, 0xf9, 0x43, 0xe1, 0xdb, 0x4f, 0x18, ++ 0x38, 0x2c, 0xea, 0xa5, 0x05, 0xdf, 0xc6, 0x57, 0x57, 0xbb, 0x3f, 0x85, ++ 0x7a, 0x58, 0xdc, 0xe5, 0x21, 0x56}; ++const uint8_t kTestVector9Spki[] = { ++ 0x30, 0x81, 0xdf, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, ++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0xcd, 0x00, 0x30, 0x81, ++ 0xc9, 0x02, 0x81, 0xc1, 0x00, 0xe6, 0xbd, 0x69, 0x2a, 0xc9, 0x66, 0x45, ++ 0x79, 0x04, 0x03, 0xfd, 0xd0, 0xf5, 0xbe, 0xb8, 0xb9, 0xbf, 0x92, 0xed, ++ 0x10, 0x00, 0x7f, 0xc3, 0x65, 0x04, 0x64, 0x19, 0xdd, 0x06, 0xc0, 0x5c, ++ 0x5b, 0x5b, 0x2f, 0x48, 0xec, 0xf9, 0x89, 0xe4, 0xce, 0x26, 0x91, 0x09, ++ 0x97, 0x9c, 0xbb, 0x40, 0xb4, 0xa0, 0xad, 0x24, 0xd2, 0x24, 0x83, 0xd1, ++ 0xee, 0x31, 0x5a, 0xd4, 0xcc, 0xb1, 0x53, 0x42, 0x68, 0x35, 0x26, 0x91, ++ 0xc5, 0x24, 0xf6, 0xdd, 0x8e, 0x6c, 0x29, 0xd2, 0x24, 0xcf, 0x24, 0x69, ++ 0x73, 0xae, 0xc8, 0x6c, 0x5b, 0xf6, 0xb1, 0x40, 0x1a, 0x85, 0x0d, 0x1b, ++ 0x9a, 0xd1, 0xbb, 0x8c, 0xbc, 0xec, 0x47, 0xb0, 0x6f, 0x0f, 0x8c, 0x7f, ++ 0x45, 0xd3, 0xfc, 0x8f, 0x31, 0x92, 0x99, 0xc5, 0x43, 0x3d, 0xdb, 0xc2, ++ 0xb3, 0x05, 0x3b, 0x47, 0xde, 0xd2, 0xec, 0xd4, 0xa4, 0xca, 0xef, 0xd6, ++ 0x14, 0x83, 0x3d, 0xc8, 0xbb, 0x62, 0x2f, 0x31, 0x7e, 0xd0, 0x76, 0xb8, ++ 0x05, 0x7f, 0xe8, 0xde, 0x3f, 0x84, 0x48, 0x0a, 0xd5, 0xe8, 0x3e, 0x4a, ++ 0x61, 0x90, 0x4a, 0x4f, 0x24, 0x8f, 0xb3, 0x97, 0x02, 0x73, 0x57, 0xe1, ++ 0xd3, 0x0e, 0x46, 0x31, 0x39, 0x81, 0x5c, 0x6f, 0xd4, 0xfd, 0x5a, 0xc5, ++ 0xb8, 0x17, 0x2a, 0x45, 0x23, 0x0e, 0xcb, 0x63, 0x18, 0xa0, 0x4f, 0x14, ++ 0x55, 0xd8, 0x4e, 0x5a, 0x8b, 0x02, 0x03, 0x01, 0x00, 0x01}; ++// RSA-PSS test vectors, pss-vect.txt, Example 9.1 ++const uint8_t kTestVector9Data[] = { ++ 0xa8, 0x8e, 0x26, 0x58, 0x55, 0xe9, 0xd7, 0xca, 0x36, 0xc6, 0x87, 0x95, ++ 0xf0, 0xb3, 0x1b, 0x59, 0x1c, 0xd6, 0x58, 0x7c, 0x71, 0xd0, 0x60, 0xa0, ++ 0xb3, 0xf7, 0xf3, 0xea, 0xef, 0x43, 0x79, 0x59, 0x22, 0x02, 0x8b, 0xc2, ++ 0xb6, 0xad, 0x46, 0x7c, 0xfc, 0x2d, 0x7f, 0x65, 0x9c, 0x53, 0x85, 0xaa, ++ 0x70, 0xba, 0x36, 0x72, 0xcd, 0xde, 0x4c, 0xfe, 0x49, 0x70, 0xcc, 0x79, ++ 0x04, 0x60, 0x1b, 0x27, 0x88, 0x72, 0xbf, 0x51, 0x32, 0x1c, 0x4a, 0x97, ++ 0x2f, 0x3c, 0x95, 0x57, 0x0f, 0x34, 0x45, 0xd4, 0xf5, 0x79, 0x80, 0xe0, ++ 0xf2, 0x0d, 0xf5, 0x48, 0x46, 0xe6, 0xa5, 0x2c, 0x66, 0x8f, 0x12, 0x88, ++ 0xc0, 0x3f, 0x95, 0x00, 0x6e, 0xa3, 0x2f, 0x56, 0x2d, 0x40, 0xd5, 0x2a, ++ 0xf9, 0xfe, 0xb3, 0x2f, 0x0f, 0xa0, 0x6d, 0xb6, 0x5b, 0x58, 0x8a, 0x23, ++ 0x7b, 0x34, 0xe5, 0x92, 0xd5, 0x5c, 0xf9, 0x79, 0xf9, 0x03, 0xa6, 0x42, ++ 0xef, 0x64, 0xd2, 0xed, 0x54, 0x2a, 0xa8, 0xc7, 0x7d, 0xc1, 0xdd, 0x76, ++ 0x2f, 0x45, 0xa5, 0x93, 0x03, 0xed, 0x75, 0xe5, 0x41, 0xca, 0x27, 0x1e, ++ 0x2b, 0x60, 0xca, 0x70, 0x9e, 0x44, 0xfa, 0x06, 0x61, 0x13, 0x1e, 0x8d, ++ 0x5d, 0x41, 0x63, 0xfd, 0x8d, 0x39, 0x85, 0x66, 0xce, 0x26, 0xde, 0x87, ++ 0x30, 0xe7, 0x2f, 0x9c, 0xca, 0x73, 0x76, 0x41, 0xc2, 0x44, 0x15, 0x94, ++ 0x20, 0x63, 0x70, 0x28, 0xdf, 0x0a, 0x18, 0x07, 0x9d, 0x62, 0x08, 0xea, ++ 0x8b, 0x47, 0x11, 0xa2, 0xc7, 0x50, 0xf5}; ++const uint8_t kTestVector9Sig[] = { ++ 0x58, 0x61, 0x07, 0x22, 0x6c, 0x3c, 0xe0, 0x13, 0xa7, 0xc8, 0xf0, 0x4d, ++ 0x1a, 0x6a, 0x29, 0x59, 0xbb, 0x4b, 0x8e, 0x20, 0x5b, 0xa4, 0x3a, 0x27, ++ 0xb5, 0x0f, 0x12, 0x41, 0x11, 0xbc, 0x35, 0xef, 0x58, 0x9b, 0x03, 0x9f, ++ 0x59, 0x32, 0x18, 0x7c, 0xb6, 0x96, 0xd7, 0xd9, 0xa3, 0x2c, 0x0c, 0x38, ++ 0x30, 0x0a, 0x5c, 0xdd, 0xa4, 0x83, 0x4b, 0x62, 0xd2, 0xeb, 0x24, 0x0a, ++ 0xf3, 0x3f, 0x79, 0xd1, 0x3d, 0xfb, 0xf0, 0x95, 0xbf, 0x59, 0x9e, 0x0d, ++ 0x96, 0x86, 0x94, 0x8c, 0x19, 0x64, 0x74, 0x7b, 0x67, 0xe8, 0x9c, 0x9a, ++ 0xba, 0x5c, 0xd8, 0x50, 0x16, 0x23, 0x6f, 0x56, 0x6c, 0xc5, 0x80, 0x2c, ++ 0xb1, 0x3e, 0xad, 0x51, 0xbc, 0x7c, 0xa6, 0xbe, 0xf3, 0xb9, 0x4d, 0xcb, ++ 0xdb, 0xb1, 0xd5, 0x70, 0x46, 0x97, 0x71, 0xdf, 0x0e, 0x00, 0xb1, 0xa8, ++ 0xa0, 0x67, 0x77, 0x47, 0x2d, 0x23, 0x16, 0x27, 0x9e, 0xda, 0xe8, 0x64, ++ 0x74, 0x66, 0x8d, 0x4e, 0x1e, 0xff, 0xf9, 0x5f, 0x1d, 0xe6, 0x1c, 0x60, ++ 0x20, 0xda, 0x32, 0xae, 0x92, 0xbb, 0xf1, 0x65, 0x20, 0xfe, 0xf3, 0xcf, ++ 0x4d, 0x88, 0xf6, 0x11, 0x21, 0xf2, 0x4b, 0xbd, 0x9f, 0xe9, 0x1b, 0x59, ++ 0xca, 0xf1, 0x23, 0x5b, 0x2a, 0x93, 0xff, 0x81, 0xfc, 0x40, 0x3a, 0xdd, ++ 0xf4, 0xeb, 0xde, 0xa8, 0x49, 0x34, 0xa9, 0xcd, 0xaf, 0x8e, 0x1a, 0x9e}; ++ ++// RSA-PSS test vectors, pss-vect.txt, Example 10: A 2048-bit RSA Key Pair ++// ++const uint8_t kTestVector10Pkcs8[] = { ++ 0x30, 0x82, 0x04, 0xb9, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, ++ 0x04, 0xa3, 0x30, 0x82, 0x04, 0x9f, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, ++ 0x00, 0xa5, 0xdd, 0x86, 0x7a, 0xc4, 0xcb, 0x02, 0xf9, 0x0b, 0x94, 0x57, ++ 0xd4, 0x8c, 0x14, 0xa7, 0x70, 0xef, 0x99, 0x1c, 0x56, 0xc3, 0x9c, 0x0e, ++ 0xc6, 0x5f, 0xd1, 0x1a, 0xfa, 0x89, 0x37, 0xce, 0xa5, 0x7b, 0x9b, 0xe7, ++ 0xac, 0x73, 0xb4, 0x5c, 0x00, 0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22, 0xe3, ++ 0x18, 0x75, 0x3b, 0x60, 0x27, 0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80, ++ 0x90, 0xfe, 0xe2, 0xa7, 0xad, 0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, ++ 0x49, 0x97, 0xc7, 0xa4, 0x2d, 0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, ++ 0x00, 0x1f, 0xe5, 0x21, 0xc1, 0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, ++ 0xae, 0x4f, 0x5e, 0x4c, 0x7e, 0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, ++ 0x71, 0xf2, 0x0e, 0x57, 0x7e, 0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, ++ 0x6d, 0x1d, 0xe5, 0xae, 0x62, 0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, ++ 0x1a, 0x5d, 0xa5, 0xda, 0xbc, 0x95, 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, ++ 0x37, 0x39, 0xe2, 0x62, 0x79, 0x25, 0xfe, 0xa3, 0xcc, 0x50, 0x9f, 0x21, ++ 0xdf, 0xf0, 0x4e, 0x6e, 0xea, 0x45, 0x49, 0xc5, 0x40, 0xd6, 0x80, 0x9f, ++ 0xf9, 0x30, 0x7e, 0xed, 0xe9, 0x1f, 0xff, 0x58, 0x73, 0x3d, 0x83, 0x85, ++ 0xa2, 0x37, 0xd6, 0xd3, 0x70, 0x5a, 0x33, 0xe3, 0x91, 0x90, 0x09, 0x92, ++ 0x07, 0x0d, 0xf7, 0xad, 0xf1, 0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c, 0xe3, ++ 0x66, 0x7d, 0xe8, 0x3f, 0x17, 0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d, ++ 0xce, 0x09, 0xcb, 0x4a, 0xd0, 0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, ++ 0x98, 0xee, 0x27, 0xcf, 0x55, 0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, ++ 0x82, 0xec, 0x8b, 0x17, 0x4b, 0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, ++ 0x61, 0x37, 0x21, 0xae, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, ++ 0x01, 0x00, 0x2d, 0x2f, 0xf5, 0x67, 0xb3, 0xfe, 0x74, 0xe0, 0x61, 0x91, ++ 0xb7, 0xfd, 0xed, 0x6d, 0xe1, 0x12, 0x29, 0x0c, 0x67, 0x06, 0x92, 0x43, ++ 0x0d, 0x59, 0x69, 0x18, 0x40, 0x47, 0xda, 0x23, 0x4c, 0x96, 0x93, 0xde, ++ 0xed, 0x16, 0x73, 0xed, 0x42, 0x95, 0x39, 0xc9, 0x69, 0xd3, 0x72, 0xc0, ++ 0x4d, 0x6b, 0x47, 0xe0, 0xf5, 0xb8, 0xce, 0xe0, 0x84, 0x3e, 0x5c, 0x22, ++ 0x83, 0x5d, 0xbd, 0x3b, 0x05, 0xa0, 0x99, 0x79, 0x84, 0xae, 0x60, 0x58, ++ 0xb1, 0x1b, 0xc4, 0x90, 0x7c, 0xbf, 0x67, 0xed, 0x84, 0xfa, 0x9a, 0xe2, ++ 0x52, 0xdf, 0xb0, 0xd0, 0xcd, 0x49, 0xe6, 0x18, 0xe3, 0x5d, 0xfd, 0xfe, ++ 0x59, 0xbc, 0xa3, 0xdd, 0xd6, 0x6c, 0x33, 0xce, 0xbb, 0xc7, 0x7a, 0xd4, ++ 0x41, 0xaa, 0x69, 0x5e, 0x13, 0xe3, 0x24, 0xb5, 0x18, 0xf0, 0x1c, 0x60, ++ 0xf5, 0xa8, 0x5c, 0x99, 0x4a, 0xd1, 0x79, 0xf2, 0xa6, 0xb5, 0xfb, 0xe9, ++ 0x34, 0x02, 0xb1, 0x17, 0x67, 0xbe, 0x01, 0xbf, 0x07, 0x34, 0x44, 0xd6, ++ 0xba, 0x1d, 0xd2, 0xbc, 0xa5, 0xbd, 0x07, 0x4d, 0x4a, 0x5f, 0xae, 0x35, ++ 0x31, 0xad, 0x13, 0x03, 0xd8, 0x4b, 0x30, 0xd8, 0x97, 0x31, 0x8c, 0xbb, ++ 0xba, 0x04, 0xe0, 0x3c, 0x2e, 0x66, 0xde, 0x6d, 0x91, 0xf8, 0x2f, 0x96, ++ 0xea, 0x1d, 0x4b, 0xb5, 0x4a, 0x5a, 0xae, 0x10, 0x2d, 0x59, 0x46, 0x57, ++ 0xf5, 0xc9, 0x78, 0x95, 0x53, 0x51, 0x2b, 0x29, 0x6d, 0xea, 0x29, 0xd8, ++ 0x02, 0x31, 0x96, 0x35, 0x7e, 0x3e, 0x3a, 0x6e, 0x95, 0x8f, 0x39, 0xe3, ++ 0xc2, 0x34, 0x40, 0x38, 0xea, 0x60, 0x4b, 0x31, 0xed, 0xc6, 0xf0, 0xf7, ++ 0xff, 0x6e, 0x71, 0x81, 0xa5, 0x7c, 0x92, 0x82, 0x6a, 0x26, 0x8f, 0x86, ++ 0x76, 0x8e, 0x96, 0xf8, 0x78, 0x56, 0x2f, 0xc7, 0x1d, 0x85, 0xd6, 0x9e, ++ 0x44, 0x86, 0x12, 0xf7, 0x04, 0x8f, 0x02, 0x81, 0x80, 0xcf, 0xd5, 0x02, ++ 0x83, 0xfe, 0xee, 0xb9, 0x7f, 0x6f, 0x08, 0xd7, 0x3c, 0xbc, 0x7b, 0x38, ++ 0x36, 0xf8, 0x2b, 0xbc, 0xd4, 0x99, 0x47, 0x9f, 0x5e, 0x6f, 0x76, 0xfd, ++ 0xfc, 0xb8, 0xb3, 0x8c, 0x4f, 0x71, 0xdc, 0x9e, 0x88, 0xbd, 0x6a, 0x6f, ++ 0x76, 0x37, 0x1a, 0xfd, 0x65, 0xd2, 0xaf, 0x18, 0x62, 0xb3, 0x2a, 0xfb, ++ 0x34, 0xa9, 0x5f, 0x71, 0xb8, 0xb1, 0x32, 0x04, 0x3f, 0xfe, 0xbe, 0x3a, ++ 0x95, 0x2b, 0xaf, 0x75, 0x92, 0x44, 0x81, 0x48, 0xc0, 0x3f, 0x9c, 0x69, ++ 0xb1, 0xd6, 0x8e, 0x4c, 0xe5, 0xcf, 0x32, 0xc8, 0x6b, 0xaf, 0x46, 0xfe, ++ 0xd3, 0x01, 0xca, 0x1a, 0xb4, 0x03, 0x06, 0x9b, 0x32, 0xf4, 0x56, 0xb9, ++ 0x1f, 0x71, 0x89, 0x8a, 0xb0, 0x81, 0xcd, 0x8c, 0x42, 0x52, 0xef, 0x52, ++ 0x71, 0x91, 0x5c, 0x97, 0x94, 0xb8, 0xf2, 0x95, 0x85, 0x1d, 0xa7, 0x51, ++ 0x0f, 0x99, 0xcb, 0x73, 0xeb, 0x02, 0x81, 0x80, 0xcc, 0x4e, 0x90, 0xd2, ++ 0xa1, 0xb3, 0xa0, 0x65, 0xd3, 0xb2, 0xd1, 0xf5, 0xa8, 0xfc, 0xe3, 0x1b, ++ 0x54, 0x44, 0x75, 0x66, 0x4e, 0xab, 0x56, 0x1d, 0x29, 0x71, 0xb9, 0x9f, ++ 0xb7, 0xbe, 0xf8, 0x44, 0xe8, 0xec, 0x1f, 0x36, 0x0b, 0x8c, 0x2a, 0xc8, ++ 0x35, 0x96, 0x92, 0x97, 0x1e, 0xa6, 0xa3, 0x8f, 0x72, 0x3f, 0xcc, 0x21, ++ 0x1f, 0x5d, 0xbc, 0xb1, 0x77, 0xa0, 0xfd, 0xac, 0x51, 0x64, 0xa1, 0xd4, ++ 0xff, 0x7f, 0xbb, 0x4e, 0x82, 0x99, 0x86, 0x35, 0x3c, 0xb9, 0x83, 0x65, ++ 0x9a, 0x14, 0x8c, 0xdd, 0x42, 0x0c, 0x7d, 0x31, 0xba, 0x38, 0x22, 0xea, ++ 0x90, 0xa3, 0x2b, 0xe4, 0x6c, 0x03, 0x0e, 0x8c, 0x17, 0xe1, 0xfa, 0x0a, ++ 0xd3, 0x78, 0x59, 0xe0, 0x6b, 0x0a, 0xa6, 0xfa, 0x3b, 0x21, 0x6d, 0x9c, ++ 0xbe, 0x6c, 0x0e, 0x22, 0x33, 0x97, 0x69, 0xc0, 0xa6, 0x15, 0x91, 0x3e, ++ 0x5d, 0xa7, 0x19, 0xcf, 0x02, 0x81, 0x80, 0x1c, 0x2d, 0x1f, 0xc3, 0x2f, ++ 0x6b, 0xc4, 0x00, 0x4f, 0xd8, 0x5d, 0xfd, 0xe0, 0xfb, 0xbf, 0x9a, 0x4c, ++ 0x38, 0xf9, 0xc7, 0xc4, 0xe4, 0x1d, 0xea, 0x1a, 0xa8, 0x82, 0x34, 0xa2, ++ 0x01, 0xcd, 0x92, 0xf3, 0xb7, 0xda, 0x52, 0x65, 0x83, 0xa9, 0x8a, 0xd8, ++ 0x5b, 0xb3, 0x60, 0xfb, 0x98, 0x3b, 0x71, 0x1e, 0x23, 0x44, 0x9d, 0x56, ++ 0x1d, 0x17, 0x78, 0xd7, 0xa5, 0x15, 0x48, 0x6b, 0xcb, 0xf4, 0x7b, 0x46, ++ 0xc9, 0xe9, 0xe1, 0xa3, 0xa1, 0xf7, 0x70, 0x00, 0xef, 0xbe, 0xb0, 0x9a, ++ 0x8a, 0xfe, 0x47, 0xe5, 0xb8, 0x57, 0xcd, 0xa9, 0x9c, 0xb1, 0x6d, 0x7f, ++ 0xff, 0x9b, 0x71, 0x2e, 0x3b, 0xd6, 0x0c, 0xa9, 0x6d, 0x9c, 0x79, 0x73, ++ 0xd6, 0x16, 0xd4, 0x69, 0x34, 0xa9, 0xc0, 0x50, 0x28, 0x1c, 0x00, 0x43, ++ 0x99, 0xce, 0xff, 0x1d, 0xb7, 0xdd, 0xa7, 0x87, 0x66, 0xa8, 0xa9, 0xb9, ++ 0xcb, 0x08, 0x73, 0x02, 0x81, 0x80, 0xcb, 0x3b, 0x3c, 0x04, 0xca, 0xa5, ++ 0x8c, 0x60, 0xbe, 0x7d, 0x9b, 0x2d, 0xeb, 0xb3, 0xe3, 0x96, 0x43, 0xf4, ++ 0xf5, 0x73, 0x97, 0xbe, 0x08, 0x23, 0x6a, 0x1e, 0x9e, 0xaf, 0xaa, 0x70, ++ 0x65, 0x36, 0xe7, 0x1c, 0x3a, 0xcf, 0xe0, 0x1c, 0xc6, 0x51, 0xf2, 0x3c, ++ 0x9e, 0x05, 0x85, 0x8f, 0xee, 0x13, 0xbb, 0x6a, 0x8a, 0xfc, 0x47, 0xdf, ++ 0x4e, 0xdc, 0x9a, 0x4b, 0xa3, 0x0b, 0xce, 0xcb, 0x73, 0xd0, 0x15, 0x78, ++ 0x52, 0x32, 0x7e, 0xe7, 0x89, 0x01, 0x5c, 0x2e, 0x8d, 0xee, 0x7b, 0x9f, ++ 0x05, 0xa0, 0xf3, 0x1a, 0xc9, 0x4e, 0xb6, 0x17, 0x31, 0x64, 0x74, 0x0c, ++ 0x5c, 0x95, 0x14, 0x7c, 0xd5, 0xf3, 0xb5, 0xae, 0x2c, 0xb4, 0xa8, 0x37, ++ 0x87, 0xf0, 0x1d, 0x8a, 0xb3, 0x1f, 0x27, 0xc2, 0xd0, 0xee, 0xa2, 0xdd, ++ 0x8a, 0x11, 0xab, 0x90, 0x6a, 0xba, 0x20, 0x7c, 0x43, 0xc6, 0xee, 0x12, ++ 0x53, 0x31, 0x02, 0x81, 0x80, 0x12, 0xf6, 0xb2, 0xcf, 0x13, 0x74, 0xa7, ++ 0x36, 0xfa, 0xd0, 0x56, 0x16, 0x05, 0x0f, 0x96, 0xab, 0x4b, 0x61, 0xd1, ++ 0x17, 0x7c, 0x7f, 0x9d, 0x52, 0x5a, 0x29, 0xf3, 0xd1, 0x80, 0xe7, 0x76, ++ 0x67, 0xe9, 0x9d, 0x99, 0xab, 0xf0, 0x52, 0x5d, 0x07, 0x58, 0x66, 0x0f, ++ 0x37, 0x52, 0x65, 0x5b, 0x0f, 0x25, 0xb8, 0xdf, 0x84, 0x31, 0xd9, 0xa8, ++ 0xff, 0x77, 0xc1, 0x6c, 0x12, 0xa0, 0xa5, 0x12, 0x2a, 0x9f, 0x0b, 0xf7, ++ 0xcf, 0xd5, 0xa2, 0x66, 0xa3, 0x5c, 0x15, 0x9f, 0x99, 0x12, 0x08, 0xb9, ++ 0x03, 0x16, 0xff, 0x44, 0x4f, 0x3e, 0x0b, 0x6b, 0xd0, 0xe9, 0x3b, 0x8a, ++ 0x7a, 0x24, 0x48, 0xe9, 0x57, 0xe3, 0xdd, 0xa6, 0xcf, 0xcf, 0x22, 0x66, ++ 0xb1, 0x06, 0x01, 0x3a, 0xc4, 0x68, 0x08, 0xd3, 0xb3, 0x88, 0x7b, 0x3b, ++ 0x00, 0x34, 0x4b, 0xaa, 0xc9, 0x53, 0x0b, 0x4c, 0xe7, 0x08, 0xfc, 0x32, ++ 0xb6}; ++const uint8_t kTestVector10Spki[] = { ++ 0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, ++ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00, ++ 0x30, 0x82, 0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a, ++ 0xc4, 0xcb, 0x02, 0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70, ++ 0xef, 0x99, 0x1c, 0x56, 0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa, ++ 0x89, 0x37, 0xce, 0xa5, 0x7b, 0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00, ++ 0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22, 0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27, ++ 0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80, 0x90, 0xfe, 0xe2, 0xa7, 0xad, ++ 0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49, 0x97, 0xc7, 0xa4, 0x2d, ++ 0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f, 0xe5, 0x21, 0xc1, ++ 0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e, 0x4c, 0x7e, ++ 0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57, 0x7e, ++ 0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62, ++ 0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc, ++ 0x95, 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79, ++ 0x25, 0xfe, 0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea, ++ 0x45, 0x49, 0xc5, 0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9, ++ 0x1f, 0xff, 0x58, 0x73, 0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70, ++ 0x5a, 0x33, 0xe3, 0x91, 0x90, 0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1, ++ 0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c, 0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17, ++ 0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d, 0xce, 0x09, 0xcb, 0x4a, 0xd0, ++ 0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98, 0xee, 0x27, 0xcf, 0x55, ++ 0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec, 0x8b, 0x17, 0x4b, ++ 0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21, 0xae, 0x05, ++ 0x02, 0x03, 0x01, 0x00, 0x01}; ++// RSA-PSS test vectors, pss-vect.txt, Example 10.1 ++const uint8_t kTestVector10Data[] = { ++ 0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9, ++ 0x68, 0x03, 0x27, 0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f, ++ 0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a, 0x3a, 0xd6, 0x09}; ++const uint8_t kTestVector10Sig[] = { ++ 0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b, ++ 0x19, 0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f, ++ 0xce, 0x54, 0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd, ++ 0xfd, 0xac, 0xe1, 0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14, ++ 0x8e, 0xba, 0xd7, 0xa0, 0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5, ++ 0x72, 0x7d, 0x05, 0xf2, 0x1e, 0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20, ++ 0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a, 0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6, ++ 0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59, 0x61, 0xc8, 0xbf, 0xad, 0x74, ++ 0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39, 0x3e, 0x72, 0x23, 0x73, ++ 0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55, 0x5b, 0x0e, 0xc0, ++ 0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76, 0x14, 0xce, ++ 0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95, 0x16, ++ 0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d, ++ 0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8, ++ 0xfe, 0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77, ++ 0x55, 0x92, 0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00, ++ 0x0b, 0xe2, 0x5b, 0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86, ++ 0x18, 0x4d, 0xd1, 0xc8, 0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f, ++ 0x60, 0x66, 0x3d, 0xe7, 0xf5, 0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f, ++ 0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4, 0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1, ++ 0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2, 0x38, 0x52, 0x30, 0xd0, 0x70, ++ 0xd0, 0x7e, 0x16, 0x66}; ++ ++} // namespace nss_test +diff --git a/lib/freebl/rsapkcs.c b/lib/freebl/rsapkcs.c +--- a/lib/freebl/rsapkcs.c ++++ b/lib/freebl/rsapkcs.c +@@ -85,6 +85,25 @@ rsa_modulusLen(SECItem *modulus) + return modLen; + } + ++static unsigned int ++rsa_modulusBits(SECItem *modulus) ++{ ++ unsigned char byteZero = modulus->data[0]; ++ unsigned int numBits = (modulus->len - 1) * 8; ++ ++ if (byteZero == 0) { ++ numBits -= 8; ++ byteZero = modulus->data[1]; ++ } ++ ++ while (byteZero > 0) { ++ numBits++; ++ byteZero >>= 1; ++ } ++ ++ return numBits; ++} ++ + /* + * Format one block of data for public/private key encryption using + * the rules defined in PKCS #1. +@@ -962,12 +981,11 @@ failure: + * We use mHash instead of M as input. + * emBits from the RFC is just modBits - 1, see section 8.1.1. + * We only support MGF1 as the MGF. +- * +- * NOTE: this code assumes modBits is a multiple of 8. + */ + static SECStatus + emsa_pss_encode(unsigned char *em, + unsigned int emLen, ++ unsigned int emBits, + const unsigned char *mHash, + HASH_HashType hashAlg, + HASH_HashType maskHashAlg, +@@ -1032,7 +1050,7 @@ emsa_pss_encode(unsigned char *em, + PORT_Free(dbMask); + + /* Step 11 */ +- em[0] &= 0x7f; ++ em[0] &= 0xff >> (8 * emLen - emBits); + + /* Step 12 */ + em[emLen - 1] = 0xbc; +@@ -1046,13 +1064,12 @@ emsa_pss_encode(unsigned char *em, + * We use mHash instead of M as input. + * emBits from the RFC is just modBits - 1, see section 8.1.2. + * We only support MGF1 as the MGF. +- * +- * NOTE: this code assumes modBits is a multiple of 8. + */ + static SECStatus + emsa_pss_verify(const unsigned char *mHash, + const unsigned char *em, + unsigned int emLen, ++ unsigned int emBits, + HASH_HashType hashAlg, + HASH_HashType maskHashAlg, + unsigned int saltLen) +@@ -1063,15 +1080,22 @@ emsa_pss_verify(const unsigned char *mHa + unsigned char *H_; /* H' from the RFC */ + unsigned int i; + unsigned int dbMaskLen; ++ unsigned int zeroBits; + SECStatus rv; + + hash = HASH_GetRawHashObject(hashAlg); + dbMaskLen = emLen - hash->length - 1; + +- /* Step 3 + 4 + 6 */ ++ /* Step 3 + 4 */ + if ((emLen < (hash->length + saltLen + 2)) || +- (em[emLen - 1] != 0xbc) || +- ((em[0] & 0x80) != 0)) { ++ (em[emLen - 1] != 0xbc)) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ return SECFailure; ++ } ++ ++ /* Step 6 */ ++ zeroBits = 8 * emLen - emBits; ++ if (em[0] >> (8 - zeroBits)) { + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + return SECFailure; + } +@@ -1091,7 +1115,7 @@ emsa_pss_verify(const unsigned char *mHa + } + + /* Step 9 */ +- db[0] &= 0x7f; ++ db[0] &= 0xff >> zeroBits; + + /* Step 10 */ + for (i = 0; i < (dbMaskLen - saltLen - 1); i++) { +@@ -1156,7 +1180,9 @@ RSA_SignPSS(RSAPrivateKey *key, + { + SECStatus rv = SECSuccess; + unsigned int modulusLen = rsa_modulusLen(&key->modulus); +- unsigned char *pssEncoded = NULL; ++ unsigned int modulusBits = rsa_modulusBits(&key->modulus); ++ unsigned int emLen = modulusLen; ++ unsigned char *pssEncoded, *em; + + if (maxOutputLen < modulusLen) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); +@@ -1168,12 +1194,19 @@ RSA_SignPSS(RSAPrivateKey *key, + return SECFailure; + } + +- pssEncoded = (unsigned char *)PORT_Alloc(modulusLen); ++ pssEncoded = em = (unsigned char *)PORT_Alloc(modulusLen); + if (pssEncoded == NULL) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; + } +- rv = emsa_pss_encode(pssEncoded, modulusLen, input, hashAlg, ++ ++ /* len(em) == ceil((modulusBits - 1) / 8). */ ++ if (modulusBits % 8 == 1) { ++ em[0] = 0; ++ emLen--; ++ em++; ++ } ++ rv = emsa_pss_encode(em, emLen, modulusBits - 1, input, hashAlg, + maskHashAlg, salt, saltLength); + if (rv != SECSuccess) + goto done; +@@ -1198,7 +1231,9 @@ RSA_CheckSignPSS(RSAPublicKey *key, + { + SECStatus rv; + unsigned int modulusLen = rsa_modulusLen(&key->modulus); +- unsigned char *buffer; ++ unsigned int modulusBits = rsa_modulusBits(&key->modulus); ++ unsigned int emLen = modulusLen; ++ unsigned char *buffer, *em; + + if (sigLen != modulusLen) { + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); +@@ -1210,7 +1245,7 @@ RSA_CheckSignPSS(RSAPublicKey *key, + return SECFailure; + } + +- buffer = (unsigned char *)PORT_Alloc(modulusLen); ++ buffer = em = (unsigned char *)PORT_Alloc(modulusLen); + if (!buffer) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; +@@ -1223,10 +1258,15 @@ RSA_CheckSignPSS(RSAPublicKey *key, + return SECFailure; + } + +- rv = emsa_pss_verify(hash, buffer, modulusLen, hashAlg, ++ /* len(em) == ceil((modulusBits - 1) / 8). */ ++ if (modulusBits % 8 == 1) { ++ emLen--; ++ em++; ++ } ++ rv = emsa_pss_verify(hash, em, emLen, modulusBits - 1, hashAlg, + maskHashAlg, saltLength); ++ + PORT_Free(buffer); +- + return rv; + } + diff --git a/SOURCES/nss-softokn-tls-abi-fix.patch b/SOURCES/nss-softokn-tls-abi-fix.patch new file mode 100644 index 0000000..18ac79b --- /dev/null +++ b/SOURCES/nss-softokn-tls-abi-fix.patch @@ -0,0 +1,26 @@ +diff -up ./nss/lib/softoken/pkcs11c.c.tls_abi_fix ./nss/lib/softoken/pkcs11c.c +--- ./nss/lib/softoken/pkcs11c.c.tls_abi_fix 2017-03-23 14:44:59.059880273 -0700 ++++ ./nss/lib/softoken/pkcs11c.c 2017-03-23 14:45:24.738316707 -0700 +@@ -2672,6 +2672,7 @@ NSC_SignInit(CK_SESSION_HANDLE hSession, + case CKM_TLS_PRF_GENERAL: + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); + break; ++ case CKM_TLS_KDF: + case CKM_TLS_MAC: { + CK_TLS_MAC_PARAMS *tls12_mac_params; + HASH_HashType tlsPrfHash; +diff -up ./nss/lib/softoken/pkcs11.c.tls_abi_fix ./nss/lib/softoken/pkcs11.c +--- ./nss/lib/softoken/pkcs11.c.tls_abi_fix 2017-03-23 14:42:21.055194120 -0700 ++++ ./nss/lib/softoken/pkcs11.c 2017-03-23 14:44:44.321629780 -0700 +@@ -373,6 +373,11 @@ static const struct mechanismList mechan + { CKM_SHA512_HMAC_GENERAL, { 1, 128, CKF_SN_VR }, PR_TRUE }, + { CKM_TLS_PRF_GENERAL, { 0, 512, CKF_SN_VR }, PR_FALSE }, + { CKM_TLS_MAC, { 0, 512, CKF_SN_VR }, PR_FALSE }, ++ { CKM_TLS_KDF, { 0, 512, CKF_SN_VR }, PR_FALSE }, /* in RHEL 7.3 we had the wrong ++ * number for TLS_MAC. keep the old ++ * number to allow old versions of ++ * nss on * RHEL 7 to work with ++ * this softoken */ + { CKM_NSS_TLS_PRF_GENERAL_SHA256, + { 0, 512, CKF_SN_VR }, + PR_FALSE }, diff --git a/SOURCES/nss-split-softokn.sh b/SOURCES/nss-split-softokn.sh index 9a43dad..e8c5ab9 100755 --- a/SOURCES/nss-split-softokn.sh +++ b/SOURCES/nss-split-softokn.sh @@ -49,6 +49,9 @@ rm -rf ${WORK}/${softokn_dir}/nss/cmd rm -rf ${WORK}/${softokn_dir}/nss/tests rm -rf ${WORK}/${softokn_dir}/nss/lib rm -rf ${WORK}/${softokn_dir}/nss/pkg +rm -rf ${WORK}/${softokn_dir}/nss/automation +rm -rf ${WORK}/${softokn_dir}/nss/external_tests +rm -rf ${WORK}/${softokn_dir}/nss/doc # start with an empty lib directory and copy only what we need mkdir ${WORK}/${softokn_dir}/nss/lib # copy the top files from nss/lib/ @@ -66,8 +69,13 @@ topFilesN=`find ${nss_source_dir}/nss/ -maxdepth 1 -mindepth 1 -type f` for f in $topFilesN; do cp -p $f ${WORK}/${softokn_dir}/nss/ done +# copy private headers that nss-softoken needs +for f in verref.h; do + cp -p ${nss_source_dir}/nss/lib/util/$f ${WORK}/${softokn_dir}/nss/lib/util +done -# we do need bltest, lib, lowhashtest, and shlibsign from nss/cmd +# we do need bltest, ecperf, fbectest, lib, lowhashtest, and shlibsign +# from nss/cmd mkdir ${WORK}/${softokn_dir}/nss/cmd # copy some files at the top and the slhlib subdirectory topFilesC=`find ${nss_source_dir}/nss/cmd/ -maxdepth 1 -mindepth 1 -type f` @@ -76,6 +84,8 @@ for f in $topFilesC; do done cp -a ${nss_source_dir}/nss/cmd/bltest ${WORK}/${softokn_dir}/nss/cmd/bltest +cp -a ${nss_source_dir}/nss/cmd/ecperf ${WORK}/${softokn_dir}/nss/cmd/ecperf +cp -a ${nss_source_dir}/nss/cmd/fbectest ${WORK}/${softokn_dir}/nss/cmd/fbectest cp -a ${nss_source_dir}/nss/cmd/fipstest ${WORK}/${softokn_dir}/nss/cmd/fipstest cp -a ${nss_source_dir}/nss/cmd/lib ${WORK}/${softokn_dir}/nss/cmd/lib cp -a ${nss_source_dir}/nss/cmd/lowhashtest ${WORK}/${softokn_dir}/nss/cmd/lowhashtest @@ -87,7 +97,7 @@ topFilesT=`find ${nss_source_dir}/nss/tests/ -maxdepth 1 -mindepth 1 -type f` for f in $topFilesT; do cp -p $f ${WORK}/${softokn_dir}/nss/tests/ done -keepers="cipher common lowhash" +keepers="cipher common ec lowhash" for t in $keepers; do cp -a ${nss_source_dir}/nss/tests/$t ${WORK}/${softokn_dir}/nss/tests/$t done @@ -101,3 +111,5 @@ popd rm -fr ${nss_source_dir} rm -rf ${WORK} + + diff --git a/SOURCES/skip-check-fork-in_GetFunctionList.patch b/SOURCES/skip-check-fork-in_GetFunctionList.patch deleted file mode 100644 index 5c980af..0000000 --- a/SOURCES/skip-check-fork-in_GetFunctionList.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up ./mozilla/security/nss/lib/softoken/pkcs11.c.nocheckfork ./mozilla/security/nss/lib/softoken/pkcs11.c ---- ./mozilla/security/nss/lib/softoken/pkcs11.c.nocheckfork 2014-03-11 15:07:08.279347367 -0700 -+++ ./mozilla/security/nss/lib/softoken/pkcs11.c 2014-03-11 15:08:42.773414078 -0700 -@@ -2130,8 +2130,6 @@ sftk_IsWeakKey(unsigned char *key,CK_KEY - /* return the function list */ - CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) - { -- CHECK_FORK(); -- - *pFunctionList = (CK_FUNCTION_LIST_PTR) &sftk_funcList; - return CKR_OK; - } -@@ -2139,8 +2137,6 @@ CK_RV NSC_GetFunctionList(CK_FUNCTION_LI - /* return the function list */ - CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) - { -- CHECK_FORK(); -- - return NSC_GetFunctionList(pFunctionList); - } - diff --git a/SOURCES/softoken-minimal-test-dependencies.patch b/SOURCES/softoken-minimal-test-dependencies.patch deleted file mode 100644 index 7de4a5c..0000000 --- a/SOURCES/softoken-minimal-test-dependencies.patch +++ /dev/null @@ -1,155 +0,0 @@ -diff -up nss/cmd/manifest.mn.crypto nss/cmd/manifest.mn ---- nss/cmd/manifest.mn.crypto 2013-05-28 14:43:24.000000000 -0700 -+++ nss/cmd/manifest.mn 2013-05-29 20:04:30.060145083 -0700 -@@ -9,54 +9,10 @@ DEPTH = .. - REQUIRES = nss nspr libdbm - - DIRS = lib \ -- addbuiltin \ -- atob \ - $(BLTEST_SRCDIR) \ -- btoa \ -- certcgi \ -- certutil \ -- checkcert \ -- chktest \ -- crlutil \ -- crmftest \ -- dbtest \ -- derdump \ -- digest \ -- httpserv \ - $(FIPSTEST_SRCDIR) \ - $(LOWHASHTEST_SRCDIR) \ -- listsuites \ -- makepqg \ -- multinit \ -- ocspclnt \ -- ocspresp \ -- oidcalc \ -- p7content \ -- p7env \ -- p7sign \ -- p7verify \ -- pk12util \ -- pk11gcmtest \ -- pk11mode \ -- pk1sign \ -- pkix-errcodes \ -- pp \ -- pwdecrypt \ -- rsaperf \ -- sdrtest \ -- selfserv \ -- signtool \ -- signver \ - $(SHLIBSIGN_SRCDIR) \ -- smimetools \ -- ssltap \ -- strsclnt \ -- symkeyutil \ -- tests \ -- tstclnt \ -- vfychain \ -- vfyserv \ -- modutil \ - $(NULL) - - TEMPORARILY_DONT_BUILD = \ -diff -up nss/cmd/platlibs.mk.crypto nss/cmd/platlibs.mk ---- nss/cmd/platlibs.mk.crypto 2013-05-28 14:43:24.000000000 -0700 -+++ nss/cmd/platlibs.mk 2013-05-29 20:04:30.061145091 -0700 -@@ -51,42 +51,13 @@ EXTRA_SHARED_LIBS += \ - $(NULL) - endif - --PKIXLIB = \ -- $(DIST)/lib/$(LIB_PREFIX)pkixtop.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkixutil.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkixsystem.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkixcrlsel.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkixmodule.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkixstore.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkixparams.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkixchecker.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkixpki.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkixtop.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkixresults.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkixcertsel.$(LIB_SUFFIX) -- - # can't do this in manifest.mn because OS_ARCH isn't defined there. - ifeq ($(OS_ARCH), WINNT) - - EXTRA_LIBS += \ -- $(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \ - $(SOFTOKENLIB) \ - $(CRYPTOLIB) \ -- $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \ -- $(PKIXLIB) \ -- $(DBMLIB) \ - $(DIST)/lib/$(LIB_PREFIX)$(SQLITE_LIB_NAME).$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \ - $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \ -@@ -102,30 +73,9 @@ EXTRA_LIBS += \ - else - - EXTRA_LIBS += \ -- $(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \ - $(SOFTOKENLIB) \ -- $(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \ - $(CRYPTOLIB) \ -- $(DBMLIB) \ -- $(PKIXLIB) \ -- $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \ -- $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \ - $(NULL) - - ifeq ($(OS_ARCH), AIX) -@@ -158,9 +108,6 @@ ifeq ($(OS_ARCH), WINNT) - EXTRA_LIBS += \ - $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \ - $(DIST)/lib/$(IMPORT_LIB_PREFIX)nssutil3$(IMPORT_LIB_SUFFIX) \ -- $(DIST)/lib/$(IMPORT_LIB_PREFIX)smime3$(IMPORT_LIB_SUFFIX) \ -- $(DIST)/lib/$(IMPORT_LIB_PREFIX)ssl3$(IMPORT_LIB_SUFFIX) \ -- $(DIST)/lib/$(IMPORT_LIB_PREFIX)nss3$(IMPORT_LIB_SUFFIX) \ - $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4$(IMPORT_LIB_SUFFIX) \ - $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4$(IMPORT_LIB_SUFFIX) \ - $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4$(IMPORT_LIB_SUFFIX) \ -@@ -186,9 +133,6 @@ endif - # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. - EXTRA_SHARED_LIBS += \ - -L$(DIST)/lib \ -- -lssl3 \ -- -lsmime3 \ -- -lnss3 \ - -L$(NSSUTIL_LIB_DIR) \ - -lnssutil3 \ - -L$(NSPR_LIB_DIR) \ diff --git a/SPECS/nss-softokn.spec b/SPECS/nss-softokn.spec index c985b78..5e8487a 100644 --- a/SPECS/nss-softokn.spec +++ b/SPECS/nss-softokn.spec @@ -1,7 +1,7 @@ -%global nspr_version 4.10.8 +%global nspr_version 4.13.1 %global nss_name nss -%global nss_util_version 3.21.0 -%global nss_util_build -2.2 +%global nss_util_version 3.28.3 +%global nss_util_build -2 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global saved_files_dir %{_libdir}/nss/saved %global prelink_conf_dir %{_sysconfdir}/prelink.conf.d/ @@ -31,8 +31,8 @@ Summary: Network Security Services Softoken Module Name: nss-softokn -Version: 3.16.2.3 -Release: 14.4%{?dist} +Version: 3.28.3 +Release: 6%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -67,9 +67,6 @@ Source4: nss-softokn-prelink.conf Source5: nss-softokn-dracut-module-setup.sh Source6: nss-softokn-dracut.conf -Patch1: build-nss-softoken-only.patch -# Build only the softoken and freebl related tools -Patch8: softoken-minimal-test-dependencies.patch # Select the tests to run based on the type of build # This patch uses the gcc-iquote dir option documented at # http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options @@ -79,43 +76,23 @@ Patch8: softoken-minimal-test-dependencies.patch # NSSUTIL_INCLUDE_DIR, after all, contains both util and freebl headers. # Once has been bootstapped the patch may be removed, but it doesn't hurt to keep it. Patch10: iquote.patch -Patch11: nss-softokn-allow-level1.patch -Patch12: additional-covscan-fixes.patch -Patch13: nss-softokn-3.16-tls12-mechanisms.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089 -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455 -Patch14: nss-softokn-3.16-sha384-key-derive.patch - -# Patch related to CVE-2015-2730 -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1125025 -# from https://hg.mozilla.org/projects/nss/rev/2c05e861ce07 -Patch102: CheckForPeqQ-or-PnoteqQ-before-adding-P-and-Q.patch - - -# FIPS update -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1181814 -Patch80: nss-softokn-3.16-fips-post.patch -Patch81: nss-softokn-3.16-fips.patch -Patch82: nss-softokn-3.16-fips-rem-old-test.patch -Patch83: nss-softokn-3.16-lowhash-test.patch -Patch90: nss-softokn-3.16-addG.patch -Patch94: nss-softokn-3.16-rsa-fips-186.patch -Patch95: nss-softokn-3.16-ppc-no-init_support.patch -Patch97: nss-softokn-3.16-add_encrypt_derive.patch -Patch98: nss-softokn-3.16.allow_level1_init.patch -Patch99: nss-softokn-3.16-fips_user_slots.patch -Patch100: nss-softokn-3.16-block-sigchld.patch -Patch200: nss-softokn-3.16-fipstest.patch -Patch201: nss-softokn-3.16-fipstest-186-4.patch -Patch202: nss-softokn-fix-error-handling.patch -Patch203: nss-softokn-3.16-freebl_dyload.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1113632 -Patch204: limit-create-fipscheck.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089 -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=951455 -Patch205: nss-softokn-3.16-tls12-mechanisms-fipstest.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1053437 -Patch206: skip-check-fork-in_GetFunctionList.patch + +# Patch from Fedora, to fix issues in basicutil/secutil splitting +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1300109 +Patch12: nss-softokn-basicutil-dependency.patch + +Patch97: nss-softokn-3.16-add_encrypt_derive.patch + +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1334474 +Patch100: nss-softokn-pss-modulus-bits.patch +Patch101: nss-softokn-pkcs12-sha2.patch +Patch102: nss-softokn-tls-abi-fix.patch +Patch103: nss-softokn-pkcs12-rsa-pss.patch +Patch104: nss-softokn-ec-derive-pubkey-check.patch +# Not upstreamed: https://bugzilla.redhat.com/show_bug.cgi?id=1390154 +Patch105: nss-softokn-3.28-fix-fips-login.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1345089 +Patch106: nss-softokn-fix-drbg.patch %description Network Security Services Softoken Cryptographic Module @@ -165,39 +142,22 @@ Header and library files for doing development with Network Security Services. %prep %setup -q -%patch1 -p0 -b .softokenonly -%patch8 -p0 -b .crypto # activate if needed when doing a major update with new apis #%patch10 -p0 -b .iquote -%patch11 -p0 -b .allow_level1 - -#fips -%patch80 -p0 -b .fips-post -%patch81 -p0 -b .fips -%patch82 -p0 -b .rm-old-test -%patch83 -p0 -b .lowhash-test -%patch90 -p0 -b .addG -%patch94 -p1 -b .fips-186-4 -%patch95 -p0 -b .ppc_no_init_support + %patch97 -p0 -b .add_encrypt_derive -%patch98 -p0 -b .allow_level1_init -%patch99 -p0 -b .fips_user_slots -%patch100 -p0 -b .block_sigchld -%patch200 -p0 -b .fipstest -%patch201 -p0 -b .fipstest-186-4 -%patch202 -p0 -b .1154764 -%patch203 -p0 -b .freebl-dyload -%patch204 -p0 -b .limit_create_fips_check -%patch205 -p0 -b .1212106 -# https://bugzilla.redhat.com/show_bug.cgi?id=1053437 -%patch206 -p3 -b .skipcheckfork -%patch12 -p0 -b .1154764extras + pushd nss -%patch13 -p1 -b .1212106 +%patch12 -p1 -b .basicutil-dependency +%patch100 -p1 -b .pss-modulus-bits popd -%patch14 -p1 -b .sha384_key_derive +%patch101 -p1 -b .pkcs12-sha2 +%patch102 -p1 -b .tls-abi-fix +%patch103 -p1 -b .pkcs12-rsa-pss +%patch104 -p1 -b .ec-derive-pubkey-check +%patch105 -p1 -b .fix-fips-login pushd nss -%patch102 -p1 -b .extra_check +%patch106 -p1 -b .fix-drbg popd %build @@ -262,6 +222,8 @@ export IN_TREE_FREEBL_HEADERS_FIRST=1 # Use only the basicutil subset for sectools.a export NSS_BUILD_SOFTOKEN_ONLY=1 +export NSS_DISABLE_GTESTS=1 + # display processor information CPU_INFO=`cat /proc/cpuinfo` echo "############## CPU INFO ##################" @@ -271,6 +233,12 @@ echo "##########################################" # Compile softokn plus needed support %{__make} -C ./nss/coreconf %{__make} -C ./nss/lib/dbm + +# ldvector.c, pkcs11.c, and lginit.c include nss/lib/util/verref.h, +# which is private export, move it to where it can be found. +%{__mkdir_p} ./dist/private/nss +%{__mv} ./nss/lib/util/verref.h ./dist/private/nss/verref.h + %{__make} -C ./nss # Set up our package file @@ -489,6 +457,8 @@ done %{_includedir}/nss3/blapi.h %{_includedir}/nss3/blapit.h %{_includedir}/nss3/alghmac.h +%{_includedir}/nss3/lowkeyi.h +%{_includedir}/nss3/lowkeyti.h %files devel %defattr(-,root,root) @@ -511,6 +481,28 @@ done %{_includedir}/nss3/shsign.h %changelog +* Fri May 26 2017 Daiki Ueno - 3.28.3-6 +- restore nss-softokn-3.16-add_encrypt_derive.patch + +* Wed May 17 2017 Daiki Ueno - 3.28.3-5 +- fix login handling for FIPS slots, patch from rhbz#1390154 +- backport upstream fix for CVE-2017-5462 (DRBG leak) + +* Thu Mar 23 2017 Bob Relyea - 3.28.3-4 +- include new PKCS12 NSS specific mechanisms. +- alias CKM_TLS_KDF to CKM_TLS_MAC to preserve ABI +- add RSA PSS oid to decrypting PKCS #5 key blobs. +- move ec public key check from softokn to freebl so apps like Java can benefit. + +* Tue Mar 7 2017 Daiki Ueno - 3.28.3-3 +- Fix RSA-PSS corner case when the modulus is not of size multiple of 8 + +* Mon Mar 6 2017 Daiki Ueno - 3.28.3-2 +- Update to NSS 3.28.3 +- Remove upstreamed patches for the previous FIPS validation +- Package lowkeyi.h and lowkeyti.h in freebl-devel +- Pick up a patch in the Fedora package to fix build issue + * Tue Jun 28 2016 Kai Engert - 3.16.2.3-14.4 - escape all percent characters in all changelog comments