diff -up ./nss/cmd/lowhashtest/lowhashtest.c.lowhash-test ./nss/cmd/lowhashtest/lowhashtest.c --- ./nss/cmd/lowhashtest/lowhashtest.c.lowhash-test 2014-06-24 13:45:27.000000000 -0700 +++ ./nss/cmd/lowhashtest/lowhashtest.c 2014-09-22 11:10:55.537028950 -0700 @@ -1,23 +1,29 @@ #include #include #include - -#include "nspr.h" +#include /* nss headers */ -#include "prtypes.h" -#include "plgetopt.h" -#include "hasht.h" +#include "prtypes.h" +#include "hasht.h" #include "nsslowhash.h" -#include "secport.h" -#include "hasht.h" -#include "basicutil.h" static char *progName = NULL; +static void +dump(FILE *io, const unsigned char *buf, int len) +{ + int i; + for (i=0; i < len; i++) { + if (i!=0) fprintf(io,", "); + fprintf(io, "0x%02x",buf[i]); + } + fprintf(io, "\n"); +} + static int test_long_message(NSSLOWInitContext *initCtx, HASH_HashType algoType, unsigned int hashLen, - const PRUint8 expected[], PRUint8 results[]) + const unsigned char expected[], unsigned char results[]) { unsigned int len, i, rv = 0; NSSLOWHASHContext *ctx; @@ -27,11 +33,11 @@ static int test_long_message(NSSLOWInitC * buffer and call update 1,000 times. */ unsigned char buf[1000]; - (void) PORT_Memset(buf, 'a', sizeof(buf)); + (void) memset(buf, 'a', sizeof(buf)); ctx = NSSLOWHASH_NewContext(initCtx, algoType); if (ctx == NULL) { - SECU_PrintError(progName, "Couldn't get hash context\n"); + fprintf(stderr,"%s: Couldn't get hash context\n", progName); return 1; } @@ -41,12 +47,14 @@ static int test_long_message(NSSLOWInitC } NSSLOWHASH_End(ctx, results, &len, hashLen); - PR_ASSERT(len == hashLen); - PR_ASSERT(PORT_Memcmp(expected, results, hashLen) == 0); - if (PORT_Memcmp(expected, results, len) != 0) { - SECU_PrintError(progName, "Hash mismatch\n"); - SECU_PrintBuf(stdout, "Expected: ", expected, hashLen); - SECU_PrintBuf(stdout, "Actual: ", results, len); + assert(len == hashLen); + assert(memcmp(expected, results, hashLen) == 0); + if (memcmp(expected, results, len) != 0) { + fprintf(stderr,"%s: Hash mismatch\n", progName); + fprintf(stderr," Expected: (len=%d) ", hashLen); + dump(stderr,expected, hashLen); + fprintf(stderr," Actual: (len=%d) ", len); + dump(stderr, results, len); rv = 1; } @@ -57,33 +65,33 @@ static int test_long_message(NSSLOWInitC } static int test_long_message_sha1(NSSLOWInitContext *initCtx) { - PRUint8 results[SHA1_LENGTH]; + unsigned char results[SHA1_LENGTH]; /* Test vector from FIPS 180-2: appendix B.3. */ /* 34aa973c d4c4daa4 f61eeb2b dbad2731 6534016f. */ - static const PRUint8 expected[SHA256_LENGTH] = + static const unsigned char expected[SHA256_LENGTH] = { 0x34,0xaa,0x97,0x3c, 0xd4,0xc4,0xda,0xa4, 0xf6,0x1e,0xeb,0x2b, 0xdb,0xad,0x27,0x31, 0x65,0x34,0x01,0x6f }; unsigned char buf[1000]; - (void) PORT_Memset(buf, 'a', sizeof(buf)); + (void) memset(buf, 'a', sizeof(buf)); return test_long_message(initCtx, HASH_AlgSHA1, SHA1_LENGTH, &expected[0], results); } static int test_long_message_sha256(NSSLOWInitContext *initCtx) { - PRUint8 results[SHA256_LENGTH]; + unsigned char results[SHA256_LENGTH]; /* cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0. */ - static const PRUint8 expected[SHA256_LENGTH] = + static const unsigned char expected[SHA256_LENGTH] = { 0xcd,0xc7,0x6e,0x5c, 0x99,0x14,0xfb,0x92, 0x81,0xa1,0xc7,0xe2, 0x84,0xd7,0x3e,0x67, 0xf1,0x80,0x9a,0x48, 0xa4,0x97,0x20,0x0e, 0x04,0x6d,0x39,0xcc, 0xc7,0x11,0x2c,0xd0 }; unsigned char buf[1000]; - (void) PORT_Memset(buf, 'a', sizeof(buf)); + (void) memset(buf, 'a', sizeof(buf)); return test_long_message(initCtx, HASH_AlgSHA256, SHA256_LENGTH, &expected[0], results); } static int test_long_message_sha384(NSSLOWInitContext *initCtx) { - PRUint8 results[SHA384_LENGTH]; + unsigned char results[SHA384_LENGTH]; /* Test vector from FIPS 180-2: appendix B.3. */ /* 9d0e1809716474cb @@ -93,7 +101,7 @@ static int test_long_message_sha384(NSSL 07b8b3dc38ecc4eb ae97ddd87f3d8985. */ - static const PRUint8 expected[SHA384_LENGTH] = + static const unsigned char expected[SHA384_LENGTH] = { 0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb, 0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c, 0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52, @@ -101,22 +109,22 @@ static int test_long_message_sha384(NSSL 0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb, 0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 }; unsigned char buf[1000]; - (void) PORT_Memset(buf, 'a', sizeof(buf)); + (void) memset(buf, 'a', sizeof(buf)); return test_long_message(initCtx, HASH_AlgSHA384, SHA384_LENGTH, &expected[0], results); } static int test_long_message_sha512(NSSLOWInitContext *initCtx) { - PRUint8 results[SHA512_LENGTH]; + unsigned char results[SHA512_LENGTH]; /* Test vector from FIPS 180-2: appendix B.3. */ - static const PRUint8 expected[SHA512_LENGTH] = + static const unsigned char expected[SHA512_LENGTH] = { 0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63, 0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb, 0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b, 0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b}; unsigned char buf[1000]; - (void) PORT_Memset(buf, 'a', sizeof(buf)); + (void) memset(buf, 'a', sizeof(buf)); return test_long_message(initCtx, HASH_AlgSHA512, SHA512_LENGTH, &expected[0], results); @@ -126,7 +134,7 @@ static int test_long_message_sha512(NSSL static int testMessageDigest(NSSLOWInitContext *initCtx, HASH_HashType algoType, unsigned int hashLen, const unsigned char *message, - const PRUint8 expected[], PRUint8 results[]) + const unsigned char expected[], unsigned char results[]) { NSSLOWHASHContext *ctx; unsigned int len; @@ -134,20 +142,22 @@ static int testMessageDigest(NSSLOWInitC ctx = NSSLOWHASH_NewContext(initCtx, algoType); if (ctx == NULL) { - SECU_PrintError(progName, "Couldn't get hash context\n"); + fprintf(stderr, "%s: Couldn't get hash context\n", progName); return 1; } NSSLOWHASH_Begin(ctx); - NSSLOWHASH_Update(ctx, message, PORT_Strlen((const char *)message)); + NSSLOWHASH_Update(ctx, message, strlen((const char *)message)); NSSLOWHASH_End(ctx, results, &len, hashLen); - PR_ASSERT(len == hashLen); - PR_ASSERT(PORT_Memcmp(expected, results, len) == 0); + assert(len == hashLen); + assert(memcmp(expected, results, len) == 0); - if (PORT_Memcmp(expected, results, len) != 0) { - SECU_PrintError(progName, "Hash mismatch\n"); - SECU_PrintBuf(stdout, "Expected: ", expected, hashLen); - SECU_PrintBuf(stdout, "Actual: ", results, len); + if (memcmp(expected, results, len) != 0) { + fprintf(stderr,"%s: Hash mismatch\n", progName); + fprintf(stderr," Expected: (len=%d) ", hashLen); + dump(stderr,expected, hashLen); + fprintf(stderr," Actual: (len=%d) ", len); + dump(stderr, results, len); rv = 1; } @@ -164,7 +174,7 @@ static int testMD5(NSSLOWInitContext *in static const struct { const unsigned char *input; - const PRUint8 result[MD5_LENGTH]; + const unsigned char result[MD5_LENGTH]; } md5tests[] = { { (unsigned char *) "", {0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e} }, @@ -182,7 +192,7 @@ static int testMD5(NSSLOWInitContext *in "12345678901234567890", {0x57,0xed,0xf4,0xa2,0x2b,0xe3,0xc9,0x55,0xac,0x49,0xda,0x2e,0x21,0x07,0xb6,0x7a} } }; - PRUint8 results[MD5_LENGTH]; + unsigned char results[MD5_LENGTH]; int rv = 0, cnt, numTests; numTests = sizeof(md5tests)/sizeof(md5tests[0]); @@ -203,7 +213,7 @@ static int testSHA1(NSSLOWInitContext *i { static const struct { const unsigned char *input; - const PRUint8 result[SHA1_LENGTH]; + const unsigned char result[SHA1_LENGTH]; } sha1tests[] = { /* one block messsage */ { (const unsigned char *) @@ -222,7 +232,7 @@ static int testSHA1(NSSLOWInitContext *i } }; - PRUint8 results[SHA1_LENGTH]; + unsigned char results[SHA1_LENGTH]; int rv = 0, cnt, numTests; numTests = sizeof(sha1tests)/sizeof(sha1tests[0]); @@ -240,7 +250,7 @@ static int testSHA224(NSSLOWInitContext { static const struct { const unsigned char *input; - const PRUint8 result[SHA224_LENGTH]; + const unsigned char result[SHA224_LENGTH]; } sha224tests[] = { /* one block messsage */ { (const unsigned char *) "abc", @@ -254,7 +264,7 @@ static int testSHA224(NSSLOWInitContext } }; - PRUint8 results[SHA224_LENGTH]; + unsigned char results[SHA224_LENGTH]; int rv = 0, cnt, numTests; numTests = sizeof(sha224tests)/sizeof(sha224tests[0]); @@ -271,7 +281,7 @@ static int testSHA256(NSSLOWInitContext { static const struct { const unsigned char *input; - const PRUint8 result[SHA256_LENGTH]; + const unsigned char result[SHA256_LENGTH]; } sha256tests[] = { /* Test vectors from FIPS 180-2: appendix B.1. */ { (unsigned char *) "abc", @@ -285,7 +295,7 @@ static int testSHA256(NSSLOWInitContext } }; - PRUint8 results[SHA256_LENGTH]; + unsigned char results[SHA256_LENGTH]; int rv = 0, cnt, numTests; numTests = sizeof(sha256tests)/sizeof(sha256tests[0]); @@ -303,7 +313,7 @@ static int testSHA384(NSSLOWInitContext { static const struct { const unsigned char *input; - const PRUint8 result[SHA384_LENGTH]; + const unsigned char result[SHA384_LENGTH]; } sha384tests[] = { /* Test vector from FIPS 180-2: appendix D, single-block message. */ { (unsigned char *) "abc", @@ -334,7 +344,7 @@ static int testSHA384(NSSLOWInitContext 0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39} } }; - PRUint8 results[SHA384_LENGTH]; + unsigned char results[SHA384_LENGTH]; int rv = 0, cnt, numTests; numTests = sizeof(sha384tests)/sizeof(sha384tests[0]); @@ -353,7 +363,7 @@ int testSHA512(NSSLOWInitContext *initCt { static const struct { const unsigned char *input; - const PRUint8 result[SHA512_LENGTH]; + const unsigned char result[SHA512_LENGTH]; } sha512tests[] = { /* Test vectors from FIPS 180-2: appendix C.1. */ { (unsigned char *) "abc", @@ -372,7 +382,7 @@ int testSHA512(NSSLOWInitContext *initCt } }; - PRUint8 results[SHA512_LENGTH]; + unsigned char results[SHA512_LENGTH]; int rv = 0, cnt, numTests; numTests = sizeof(sha512tests)/sizeof(sha512tests[0]); @@ -406,7 +416,7 @@ int main(int argc, char **argv) initCtx = NSSLOW_Init(); if (initCtx == NULL) { - SECU_PrintError(progName, "Couldn't initialize for hashing\n"); + fprintf(stderr, "%s: Couldn't initialize for hashing\n", progName); return 1; } @@ -430,7 +440,7 @@ int main(int argc, char **argv) } else if (strcmp(argv[1], "SHA512") == 0) { rv += testSHA512(initCtx); } else { - SECU_PrintError(progName, "Unsupported hash type %s\n", argv[0]); + fprintf(stderr,"%s: Unsupported hash type %s\n", progName, argv[0]); Usage(progName); } diff -up ./nss/lib/freebl/nsslowhash.c.lowhash-test ./nss/lib/freebl/nsslowhash.c --- ./nss/lib/freebl/nsslowhash.c.lowhash-test 2014-09-22 11:10:55.518028631 -0700 +++ ./nss/lib/freebl/nsslowhash.c 2014-09-22 11:10:55.545029084 -0700 @@ -28,6 +28,13 @@ static int nsslow_GetFIPSEnabled(void) { FILE *f; char d; size_t size; + char *env = getenv("NSS_FIPS"); + + /* if the enviroment variable is set, force fips anyway. This lets us + * test FIPS mode even if the system isn't in FIPS mode */ + if (env && *env == '1') { + return 1; + } f = fopen("/proc/sys/crypto/fips_enabled", "r"); if (!f) diff -up ./nss/tests/lowhash/lowhash.sh.lowhash-test ./nss/tests/lowhash/lowhash.sh --- ./nss/tests/lowhash/lowhash.sh.lowhash-test 2014-06-24 13:45:27.000000000 -0700 +++ ./nss/tests/lowhash/lowhash.sh 2014-09-22 11:10:55.546029101 -0700 @@ -95,3 +95,100 @@ lowhash_init lowhash_test lowhash_cleanup echo "lowhash.sh done" +#! /bin/bash +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +######################################################################## +# mozilla/security/nss/tests/lowhash/lowhash.sh +# +# Script to test basic functionallity of the NSSLoHash API +# +# included from +# -------------- +# all.sh +# +# needs to work on all Linux platforms +# +# tests implemented: +# lowash (verify encryption cert - bugzilla bug 119059) +# +# special strings +# --------------- +# +######################################################################## + +errors=0 + +############################## lowhash_init ############################## +# local shell function to initialize this script +######################################################################## +lowhash_init() +{ + SCRIPTNAME=lowhash.sh # sourced - $0 would point to all.sh + + if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for + CLEANUP="${SCRIPTNAME}" # cleaning this script will do it + fi + + if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then + cd ../common + . ./init.sh + fi + LOWHASHDIR=../lowhash + mkdir -p ${LOWHASHDIR} + if [ -f /proc/sys/crypto/fips_enabled ]; then + FVAL=`cat /proc/sys/crypto/fips_enabled` + html_head "Lowhash Tests - /proc/sys/crypto/fips_enabled is ${FVAL}" + else + html_head "Lowhash Tests" + fi + cd ${LOWHASHDIR} +} + +############################## lowhash_test ############################## +# local shell function to test basic the NSS Low Hash API both in +# FIPS 140 compliant mode and not +######################################################################## +lowhash_test() +{ + if [ ! -f ${BINDIR}/lowhashtest -a \ + ! -f ${BINDIR}/lowhashtest${PROG_SUFFIX} ]; then + echo "freebl lowhash not supported in this plaform." + else + TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512" + OLD_MODE=`echo ${NSS_FIPS}` + for fips_mode in 0 1; do + echo "lowhashtest with fips mode=${fips_mode}" + export NSS_FIPS=${fips_mode} + for TEST in ${TESTS} + do + echo "lowhashtest ${TEST}" + ${BINDIR}/lowhashtest ${TEST} 2>&1 + RESULT=$? + html_msg ${RESULT} 0 "lowhashtest with fips mode=${fips_mode} for ${TEST}" + done + done + export NSS_FIPS=${OLD_MODE} + fi +} + +############################## lowhash_cleanup ############################ +# local shell function to finish this script (no exit since it might be +# sourced) +######################################################################## +lowhash_cleanup() +{ + html "
" + cd ${QADIR} + . common/cleanup.sh +} + +################## main ################################################# + +lowhash_init +lowhash_test +lowhash_cleanup +echo "lowhash.sh done"