From d34767ca648f8439d1b71a0a102b2df1cf1d94aa Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 05 2019 20:19:29 +0000 Subject: import nss-3.44.0-8.el8 --- diff --git a/SOURCES/nss-3.44-missing-softokn-kdf.patch b/SOURCES/nss-3.44-missing-softokn-kdf.patch new file mode 100644 index 0000000..b285e9e --- /dev/null +++ b/SOURCES/nss-3.44-missing-softokn-kdf.patch @@ -0,0 +1,560 @@ +diff -up ./gtests/pk11_gtest/manifest.mn.missing_kdf ./gtests/pk11_gtest/manifest.mn +--- ./gtests/pk11_gtest/manifest.mn.missing_kdf 2019-08-08 10:22:53.072100034 -0700 ++++ ./gtests/pk11_gtest/manifest.mn 2019-08-08 10:23:33.424061237 -0700 +@@ -14,6 +14,7 @@ CPPSRCS = \ + pk11_encrypt_derive_unittest.cc \ + pk11_export_unittest.cc \ + pk11_import_unittest.cc \ ++ pk11_kdf_unittest.cc \ + pk11_pbkdf2_unittest.cc \ + pk11_prf_unittest.cc \ + pk11_prng_unittest.cc \ +diff -up ./gtests/pk11_gtest/pk11_gtest.gyp.missing_kdf ./gtests/pk11_gtest/pk11_gtest.gyp +--- ./gtests/pk11_gtest/pk11_gtest.gyp.missing_kdf 2019-08-08 10:23:13.298080588 -0700 ++++ ./gtests/pk11_gtest/pk11_gtest.gyp 2019-08-08 10:23:49.728045561 -0700 +@@ -19,6 +19,7 @@ + 'pk11_ecdsa_unittest.cc', + 'pk11_encrypt_derive_unittest.cc', + 'pk11_import_unittest.cc', ++ 'pk11_kdf_unittest.cc', + 'pk11_pbkdf2_unittest.cc', + 'pk11_prf_unittest.cc', + 'pk11_prng_unittest.cc', +diff -up ./gtests/pk11_gtest/pk11_kdf_unittest.cc.missing_kdf ./gtests/pk11_gtest/pk11_kdf_unittest.cc +--- ./gtests/pk11_gtest/pk11_kdf_unittest.cc.missing_kdf 2019-08-07 14:23:28.657960569 -0700 ++++ ./gtests/pk11_gtest/pk11_kdf_unittest.cc 2019-08-08 10:22:38.015114511 -0700 +@@ -0,0 +1,509 @@ ++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ ++/* vim: set ts=2 et sw=2 tw=80: */ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this file, ++ * You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#include ++#include "nss.h" ++#include "pk11pub.h" ++ ++#include "cpputil.h" ++ ++#include "gtest/gtest.h" ++ ++namespace nss_test { ++ ++const size_t kGxySize = 256; ++const size_t kSeedSize = 8; ++const size_t kKeySize = 64; ++const size_t kLongKeySize = 1056; ++const size_t kAesXcbcLen = 16; ++const size_t kSha1Len = 20; ++const size_t kSha224Len = 28; ++const size_t kSha256Len = 32; ++const size_t kSha384Len = 48; ++const size_t kSha512Len = 64; ++ ++// This is not the right size for anything ++const size_t kIncorrectSize = 17; ++ ++const uint8_t kGxyData[] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, ++ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, ++ 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, ++ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, ++ 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, ++ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, ++ 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, ++ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, ++ 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, ++ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x21, 0x22, 0x23, ++ 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, ++ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, ++ 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, ++ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, ++ 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, ++ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, ++ 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, ++ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, ++ 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, ++ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, ++ 0xfc, 0xfd, 0xfe, 0xff}; ++ ++const uint8_t kKeyData[] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, ++ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, ++ 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, ++ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, ++ 0x3c, 0x3d, 0x3e, 0x3f}; ++ ++const uint8_t kSeed[] = { ++ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, ++ 0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, ++ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xd0, 0xd1, 0xd2, 0xd3}; ++ ++const uint8_t kExpectedOutputIkeSha256[] = { ++ 0xd3, 0x9d, 0xb2, 0x77, 0x4b, 0x7f, 0xea, 0x81, 0xfc, 0xe5, 0x22, 0xb7, ++ 0xdf, 0xa5, 0x65, 0x15, 0xc9, 0x8f, 0x89, 0x45, 0xda, 0xd9, 0x5d, 0x12, ++ 0xbb, 0x52, 0xb6, 0x3b, 0xf4, 0x4d, 0xaf, 0x16}; ++ ++const uint8_t kExpectedOutputIke1Sha256[] = { ++ 0x25, 0x45, 0x68, 0xd2, 0x98, 0x96, 0xa3, 0xda, 0x89, 0x76, 0x06, 0x01, ++ 0xd0, 0xce, 0xf8, 0x05, 0x26, 0x3f, 0xaf, 0x95, 0x92, 0x48, 0x02, 0x0e, ++ 0x39, 0x75, 0x94, 0x00, 0x22, 0xd8, 0x5a, 0x50}; ++ ++const uint8_t kExpectedOutputIkePlusSha256[] = { ++ 0x03, 0x1e, 0xe7, 0x13, 0x6e, 0x58, 0x11, 0xc4, 0x81, 0x56, 0x42, 0x3c, ++ 0x3c, 0xaa, 0xdb, 0xad, 0x8a, 0x84, 0xdc, 0xa3, 0x0f, 0xe7, 0x67, 0x55, ++ 0x9c, 0x9f, 0xb8, 0x57, 0xa9, 0x5b, 0x41, 0x53, 0x86, 0xe0, 0xb3, 0x21, ++ 0x08, 0x1b, 0x38, 0x24, 0xce, 0xef, 0x7c, 0x89, 0x0d, 0xa7, 0xae, 0x14, ++ 0x58, 0xbd, 0x79, 0x9c, 0x32, 0x25, 0x7f, 0x3e, 0xbd, 0xe1, 0xfb, 0x3a, ++ 0x38, 0x51, 0x05, 0xaa, 0xc8, 0x37, 0x3e, 0x4e, 0x9b, 0x70, 0xb8, 0xe2, ++ 0x21, 0xe7, 0x12, 0xb3, 0xf7, 0x64, 0x21, 0x9d, 0x52, 0x38, 0x41, 0xfb, ++ 0x54, 0xaf, 0x59, 0xc3, 0xab, 0xf3, 0x7f, 0x64, 0xee, 0x17, 0xf5, 0xa8, ++ 0x2b, 0xdf, 0x2d, 0xd3, 0x29, 0x0e, 0x4f, 0x31, 0x54, 0x25, 0x4e, 0x65, ++ 0x52, 0xdf, 0x66, 0xfd, 0x49, 0x85, 0x1f, 0x87, 0x71, 0xa1, 0x5c, 0xfa, ++ 0x99, 0xf5, 0x21, 0x9a, 0xbc, 0x55, 0x5b, 0x1c, 0x19, 0xd9, 0x4b, 0x42, ++ 0xc5, 0xa0, 0xed, 0x1a, 0x1e, 0xf0, 0x04, 0x52, 0xb3, 0xd0, 0x0f, 0x48, ++ 0x45, 0x00, 0xdc, 0x94, 0xae, 0xd8, 0x70, 0x2e, 0xdd, 0x12, 0xe1, 0x66, ++ 0x72, 0xc2, 0x39, 0xd2, 0xc6, 0xfa, 0xdd, 0x8c, 0x11, 0x9c, 0x9d, 0x60, ++ 0xd1, 0x08, 0x79, 0x62, 0xbb, 0x97, 0x45, 0x38, 0x2d, 0x83, 0x9c, 0x2e, ++ 0x8f, 0x88, 0xa3, 0xad, 0x5b, 0x8e, 0x4e, 0x0e, 0xdb, 0xee, 0xaf, 0x1d, ++ 0xf6, 0xe7, 0x7e, 0x28, 0xc5, 0xcf, 0x0c, 0xd9, 0xee, 0xde, 0xc8, 0x87, ++ 0x00, 0xfe, 0x02, 0xd8, 0x30, 0xa6, 0x68, 0xec, 0x51, 0x22, 0xac, 0x4c, ++ 0x38, 0x0f, 0xbb, 0x5c, 0xcb, 0xd5, 0x93, 0xda, 0xea, 0xd0, 0x1b, 0x41, ++ 0x85, 0x8d, 0x12, 0x56, 0xbb, 0x90, 0x62, 0xc9, 0x91, 0x62, 0xf8, 0x29, ++ 0x9a, 0x4f, 0xd8, 0x5e, 0x7d, 0x1f, 0x69, 0xe8, 0x23, 0x53, 0x26, 0x98, ++ 0x98, 0x88, 0xfa, 0x14, 0xdc, 0xa3, 0x0f, 0xc7, 0x58, 0xb2, 0x6d, 0xa5, ++ 0x34, 0x53, 0xb5, 0xc3, 0xcc, 0xbb, 0xd7, 0xd4, 0x80, 0xf3, 0x8c, 0x79, ++ 0xd2, 0xac, 0x12, 0xa5, 0xf9, 0x99, 0xe7, 0x1b, 0x46, 0x16, 0x02, 0x6a, ++ 0xa3, 0xc5, 0x20, 0xb5, 0x5a, 0x55, 0xbd, 0xac, 0x70, 0xf1, 0x5b, 0xe4, ++ 0x45, 0x12, 0x7e, 0xcf, 0x12, 0xbf, 0x53, 0x7e, 0x3d, 0xbe, 0x53, 0x77, ++ 0xc4, 0x2c, 0x17, 0x5f, 0xe5, 0xb9, 0x73, 0x01, 0x5d, 0x9b, 0x34, 0x3c, ++ 0x45, 0xf0, 0xa4, 0x91, 0xaf, 0x34, 0xa2, 0xd6, 0x0a, 0x14, 0x98, 0x2c, ++ 0x91, 0xd5, 0x8f, 0x12, 0xde, 0x7c, 0x61, 0xd8, 0x42, 0x07, 0x42, 0x1a, ++ 0x01, 0x2b, 0xf6, 0x54, 0xd1, 0xde, 0x6d, 0x9c, 0x8b, 0x51, 0x81, 0x3e, ++ 0x01, 0xd1, 0xfb, 0x5a, 0xcd, 0xf0, 0xeb, 0xcc, 0x03, 0xe2, 0xc1, 0x31, ++ 0x92, 0x11, 0x88, 0x1f, 0xec, 0x81, 0x07, 0x78, 0x89, 0x89, 0x29, 0x19, ++ 0x3f, 0x75, 0x01, 0x0e, 0x73, 0xbc, 0x1e, 0x76, 0x23, 0x80, 0x36, 0xaa, ++ 0x2a, 0xd0, 0x77, 0x57, 0x6a, 0xea, 0xe2, 0xdb, 0xed, 0x17, 0x79, 0x3d, ++ 0x8b, 0x8a, 0xbe, 0x32, 0x90, 0x2e, 0x1c, 0x00, 0xc2, 0x27, 0xb5, 0x64, ++ 0x7c, 0xc3, 0xca, 0xb8, 0xaf, 0xcb, 0x17, 0x29, 0xec, 0x00, 0x5b, 0x83, ++ 0x9f, 0xfe, 0x8b, 0xb6, 0x6f, 0x01, 0x23, 0x6b, 0xb3, 0xaa, 0x34, 0x3f, ++ 0x5c, 0x66, 0x7c, 0xec, 0x15, 0x5a, 0xa9, 0x3c, 0xe2, 0xef, 0xcb, 0xe5, ++ 0x79, 0xfa, 0xf2, 0x7c, 0x4e, 0x0f, 0x70, 0x41, 0xa4, 0x09, 0x07, 0x30, ++ 0xbd, 0x28, 0x3f, 0x30, 0xd3, 0xc2, 0xbd, 0x06, 0x5e, 0x21, 0xbd, 0x20, ++ 0xae, 0xa4, 0xa9, 0x7d, 0x91, 0xe8, 0x9d, 0x0a, 0x81, 0x02, 0xf7, 0xd6, ++ 0x7c, 0x1f, 0xb6, 0xa5, 0x40, 0xb6, 0x25, 0xac, 0xce, 0x77, 0x20, 0xfa, ++ 0x71, 0x79, 0x21, 0x94, 0xcd, 0x63, 0xcf, 0x62, 0xd4, 0xda, 0xc6, 0xe8, ++ 0x3c, 0xdb, 0x86, 0x1e, 0x8d, 0x2d, 0x12, 0xf6, 0xea, 0xb0, 0xed, 0xf8, ++ 0xfa, 0xc6, 0x37, 0xee, 0xca, 0x11, 0x1a, 0xac, 0x95, 0xf6, 0xe3, 0x02, ++ 0x97, 0xba, 0xb2, 0xb2, 0x02, 0x82, 0xbe, 0x32, 0xa3, 0xe8, 0xf4, 0xae, ++ 0x4e, 0xaf, 0x47, 0xb9, 0xe7, 0x91, 0x18, 0x90, 0xd8, 0xcb, 0x59, 0xed, ++ 0xc2, 0x47, 0x6d, 0xe1, 0x9d, 0x74, 0xe6, 0xc7, 0xc0, 0xdc, 0x82, 0x5b, ++ 0x6a, 0x7d, 0x1c, 0x58, 0xc8, 0x3d, 0x7d, 0xed, 0xdd, 0x60, 0x91, 0x9e, ++ 0x68, 0x6e, 0x56, 0x33, 0x8b, 0xca, 0x35, 0xf8, 0x96, 0x67, 0x22, 0x3a, ++ 0xb9, 0x02, 0xe9, 0x7c, 0xb1, 0xca, 0x25, 0xc2, 0xc8, 0xc7, 0xd8, 0x71, ++ 0xfa, 0xfa, 0x76, 0xeb, 0x1d, 0x52, 0x75, 0xc6, 0x56, 0xf3, 0x1a, 0xd3, ++ 0xda, 0xe4, 0x49, 0x7b, 0xd0, 0x77, 0x72, 0x06, 0xe7, 0xb9, 0xd9, 0x06, ++ 0x87, 0x43, 0x6a, 0x52, 0xee, 0x3a, 0x71, 0x6e, 0x51, 0x8d, 0x55, 0x7a, ++ 0xb1, 0x62, 0x75, 0xac, 0xa9, 0x89, 0x77, 0x93, 0x40, 0xef, 0x66, 0x44, ++ 0x08, 0x49, 0xbb, 0xdb, 0x85, 0x0b, 0xd3, 0xfa, 0x37, 0x27, 0x41, 0xd1, ++ 0x57, 0xc3, 0x95, 0xaa, 0x85, 0x5a, 0x43, 0x74, 0x39, 0x72, 0x08, 0xdf, ++ 0x58, 0xe1, 0xf7, 0x95, 0x6c, 0xc1, 0xb1, 0x9b, 0x21, 0x53, 0xc1, 0xf9, ++ 0xcc, 0x74, 0xf9, 0x62, 0xa4, 0xa0, 0x34, 0x22, 0xaa, 0x84, 0x78, 0x49, ++ 0x50, 0xa9, 0x8e, 0x7b, 0xfa, 0xaa, 0xc2, 0xe8, 0xae, 0x34, 0x3d, 0xa7, ++ 0xe1, 0x5a, 0x14, 0xa6, 0xd7, 0x6c, 0x67, 0xc7, 0x5e, 0xda, 0x79, 0x36, ++ 0x57, 0x85, 0x5e, 0x09, 0xa2, 0x1f, 0x96, 0x5a, 0x71, 0xc2, 0xfe, 0x57, ++ 0x5c, 0x4c, 0xe8, 0xbf, 0x9b, 0x5c, 0xd7, 0x06, 0x09, 0xb5, 0x63, 0x93, ++ 0x7e, 0xee, 0x65, 0xef, 0x88, 0xe1, 0x60, 0x3e, 0x50, 0x84, 0x39, 0xb9, ++ 0xae, 0xab, 0xad, 0xee, 0x31, 0x04, 0x7f, 0xed, 0x78, 0x35, 0xc0, 0x14, ++ 0xa6, 0xc3, 0xeb, 0x3c, 0xd7, 0xc3, 0xb3, 0x6b, 0x58, 0x63, 0x7e, 0xa8, ++ 0xc9, 0xb9, 0x23, 0xd3, 0xe5, 0xe7, 0xcc, 0x84, 0x63, 0xc8, 0xbd, 0x31, ++ 0x9f, 0x02, 0x4e, 0x74, 0x98, 0xba, 0x8a, 0x0c, 0x80, 0xab, 0x10, 0xc4, ++ 0xb2, 0x61, 0xad, 0x3d, 0x93, 0x9d, 0xdc, 0x76, 0xe5, 0x0e, 0x2e, 0x4b, ++ 0x81, 0x3b, 0x1f, 0xd3, 0x54, 0xc0, 0x2a, 0xde, 0x0e, 0x1d, 0x59, 0x31, ++ 0x5c, 0x28, 0xf8, 0x75, 0xfc, 0x71, 0x2e, 0xc1, 0x85, 0x90, 0x23, 0xfd, ++ 0x2e, 0x8b, 0xb9, 0x52, 0x1a, 0xdf, 0x61, 0x54, 0x9b, 0x43, 0xa6, 0x8d, ++ 0x5f, 0xd0, 0x52, 0x0b, 0x66, 0xbc, 0xf5, 0x1a, 0xce, 0x58, 0xef, 0xb3, ++ 0x1d, 0x8d, 0x4b, 0x1b, 0xf3, 0x8e, 0xe6, 0x68, 0xc3, 0xd5, 0x95, 0x42, ++ 0xf5, 0xb0, 0x73, 0x2c, 0x31, 0x71, 0x20, 0xf5, 0xdc, 0xbf, 0x56, 0x72, ++ 0x53, 0xf9, 0xfe, 0xfa, 0x19, 0xdc, 0x46, 0xd1, 0x2b, 0xe3, 0xdb, 0x50, ++ 0xec, 0x14, 0xee, 0x70, 0xcc, 0xe6, 0x11, 0x75, 0xb4, 0x63, 0xfc, 0xd1, ++ 0x8f, 0x54, 0xfa, 0xcc, 0x99, 0xcc, 0xb8, 0x61, 0xa7, 0x33, 0x18, 0xa2, ++ 0x17, 0xee, 0xb1, 0x82, 0x3d, 0x6a, 0x8d, 0x63, 0xe0, 0x15, 0x1b, 0x5c, ++ 0x20, 0x53, 0x33, 0xa7, 0x85, 0x17, 0x81, 0xba, 0x18, 0x2a, 0x73, 0x00, ++ 0x1e, 0x3e, 0x2c, 0xb5, 0x5f, 0x4e, 0x82, 0xa8, 0x09, 0xa0, 0x22, 0xdc, ++ 0xc4, 0x76, 0x7c, 0x66, 0xf4, 0x78, 0xa1, 0x0a, 0xf7, 0x39, 0x06, 0x0a, ++ 0xd7, 0x43, 0x72, 0x12, 0x3b, 0x8e, 0x7e, 0x62, 0x4f, 0x5a, 0x03, 0xe5, ++ 0x22, 0x97, 0xdc, 0xbb, 0xaa, 0xa2, 0xc0, 0x03, 0x8e, 0x60, 0xd1, 0x61, ++ 0xc7, 0xef, 0x0f, 0x54, 0x43, 0x4e, 0x38, 0xda, 0xb6, 0xe2, 0x5b, 0x0e, ++ 0x45, 0xae, 0x39, 0x86, 0x85, 0x25, 0x30, 0xb1, 0x9d, 0xda, 0xdb, 0x70, ++ 0xa7, 0xe5, 0x77, 0xb8, 0x47, 0xaa, 0xe7, 0x3e, 0xe8, 0x5a, 0x96, 0xc6, ++ 0x0a, 0x0b, 0x07, 0x8d, 0x6d, 0xeb, 0x80, 0x0c, 0xd9, 0x80, 0x2d, 0x4d}; ++ ++const uint8_t kExpectedOutputIkeAppBSha256[] = { ++ 0xe7, 0x11, 0x54, 0x6e, 0x3f, 0xaa, 0xd4, 0xc7, 0xc4, 0xaa, 0x75, 0x6b, ++ 0xc2, 0x6c, 0xad, 0x6a, 0xbe, 0xa8, 0x24, 0x19, 0x84, 0xa0, 0xf6, 0xb0, ++ 0x83, 0x9c, 0x70, 0xca, 0x61, 0xc4, 0xef, 0x88, 0xd7, 0xd5, 0xb7, 0x2e, ++ 0x45, 0x32, 0xe1, 0x1d, 0x12, 0x38, 0xfb, 0xcb, 0x08, 0x54, 0xc7, 0xdb, ++ 0xc4, 0x80, 0x2d, 0xd4, 0xf3, 0xbf, 0x51, 0x80, 0xf3, 0xa6, 0xdf, 0x77, ++ 0x51, 0x61, 0xd8, 0xdb, 0x98, 0x2c, 0xc2, 0xe6, 0x72, 0x36, 0x90, 0xf9, ++ 0xd2, 0x2a, 0x6d, 0x6c, 0xeb, 0x10, 0x3f, 0xa0, 0xa3, 0xff, 0xe4, 0x8b, ++ 0x5a, 0x4a, 0x1b, 0xec, 0xb0, 0x48, 0xb0, 0xed, 0x16, 0x8a, 0x89, 0x31, ++ 0x96, 0x5e, 0xa9, 0x11, 0x1f, 0x28, 0x68, 0x07, 0xf1, 0xa3, 0x2b, 0x01, ++ 0x4f, 0x0b, 0x73, 0x78, 0x3b, 0xca, 0x4f, 0x8f, 0x34, 0xc0, 0x21, 0x14, ++ 0xe3, 0xdf, 0xa1, 0xf7, 0x05, 0x63, 0xcb, 0x74, 0x7a, 0x90, 0x59, 0x19, ++ 0xc9, 0xa9, 0x47, 0xcf, 0xe7, 0xbe, 0x04, 0xa7, 0x0c, 0x32, 0xdd, 0x34, ++ 0x07, 0x8f, 0x4f, 0xb5, 0x75, 0xfb, 0xb9, 0x06, 0xd2, 0x55, 0x08, 0xce, ++ 0x0a, 0x47, 0xc2, 0x64, 0x5f, 0xd5, 0xab, 0x55, 0x2a, 0x1a, 0x7e, 0xbd, ++ 0xd5, 0x6d, 0x43, 0x89, 0x3c, 0x53, 0xde, 0x01, 0xfe, 0x19, 0x19, 0xc3, ++ 0xaf, 0xa0, 0x64, 0x2d, 0x7e, 0xe1, 0x7e, 0x31, 0x61, 0xf9, 0xe6, 0x4f, ++ 0x56, 0xc3, 0xc9, 0x7e, 0x92, 0xd7, 0x88, 0x58, 0x1a, 0x7f, 0x3c, 0x3e, ++ 0xae, 0x3f, 0x86, 0xec, 0xb2, 0xaa, 0x8b, 0xaf, 0x22, 0x49, 0xa5, 0x3d, ++ 0xc2, 0xb1, 0x94, 0x0f, 0x5b, 0x08, 0x49, 0xac, 0x23, 0xa4, 0x79, 0x33, ++ 0xde, 0xfb, 0x8b, 0xd3, 0xe6, 0x6c, 0x83, 0xce, 0x01, 0xc7, 0xb4, 0x23, ++ 0x5c, 0x6d, 0x81, 0xda, 0x70, 0x71, 0x43, 0x9c, 0x94, 0x6a, 0x9e, 0x03, ++ 0x6d, 0xc3, 0x71, 0x69, 0x53, 0x83, 0x89, 0x08, 0x1b, 0x2b, 0x4b, 0xa8, ++ 0x4a, 0x2a, 0xdf, 0x26, 0xaf, 0xc3, 0x8e, 0x59, 0x15, 0xa7, 0x24, 0x8f, ++ 0x3c, 0xad, 0x08, 0xf2, 0x12, 0xe1, 0x42, 0x41, 0x0c, 0xcb, 0x3e, 0xf4, ++ 0x71, 0xab, 0xb1, 0x16, 0x2c, 0xb7, 0xe1, 0x3f, 0x94, 0x03, 0x01, 0x78, ++ 0xd7, 0x84, 0x1d, 0x63, 0x03, 0xfe, 0x4b, 0x3f, 0x40, 0xce, 0x30, 0x75, ++ 0x10, 0xd1, 0xa4, 0xd3, 0x3c, 0x68, 0x9b, 0xc0, 0x6b, 0xdc, 0xe1, 0xda, ++ 0x06, 0x41, 0x71, 0x20, 0x88, 0x82, 0x60, 0x2e, 0x48, 0x93, 0x78, 0x30, ++ 0xb4, 0xb9, 0xe3, 0x88, 0x79, 0xf7, 0x0d, 0x0b, 0xa4, 0xae, 0x2e, 0x7b, ++ 0x00, 0x82, 0x49, 0xbf, 0xe8, 0x07, 0xb4, 0x51, 0xd9, 0xa0, 0xf7, 0x8f, ++ 0xe6, 0x24, 0x17, 0xd0, 0xa5, 0x58, 0xcc, 0x37, 0xf2, 0x86, 0x6e, 0xc2, ++ 0xf0, 0xf0, 0x87, 0x64, 0xfa, 0x6e, 0x94, 0x99, 0x1a, 0xbc, 0xd9, 0xea, ++ 0x48, 0x07, 0x38, 0x2e, 0x79, 0x61, 0x82, 0x69, 0x09, 0x6f, 0xbc, 0x8e, ++ 0x44, 0x38, 0x0e, 0xc9, 0x6f, 0xcd, 0xb7, 0x39, 0x92, 0x02, 0x27, 0x23, ++ 0x35, 0xcf, 0x4f, 0xf7, 0x52, 0x7b, 0x33, 0x93, 0xbd, 0x6c, 0x7c, 0xef, ++ 0x39, 0x4b, 0x1a, 0x9f, 0xdf, 0x8f, 0x5c, 0x5b, 0x7b, 0xdb, 0x6b, 0xfd, ++ 0x72, 0xe0, 0xb0, 0xc5, 0x97, 0x5b, 0x08, 0x6b, 0x17, 0x2f, 0x38, 0xd7, ++ 0xbe, 0xf8, 0xd7, 0x20, 0xf5, 0x33, 0x68, 0x69, 0x16, 0xe5, 0x08, 0x05, ++ 0x6c, 0x1b, 0xfa, 0xa8, 0x63, 0x55, 0xb4, 0x03, 0xb9, 0x89, 0xd7, 0x61, ++ 0xf3, 0x9a, 0xf6, 0x45, 0xb4, 0xb2, 0x16, 0x5d, 0xf3, 0x09, 0x7b, 0x09, ++ 0x09, 0x75, 0x0a, 0xbd, 0xdf, 0x7d, 0xe6, 0x1e, 0x07, 0xec, 0x7c, 0x14, ++ 0xac, 0x4b, 0x68, 0xa8, 0x44, 0x5f, 0x77, 0x36, 0xb8, 0x1d, 0x7c, 0x73, ++ 0x82, 0x80, 0xc2, 0x52, 0x55, 0x2c, 0x5d, 0xba, 0x53, 0x79, 0x45, 0xad, ++ 0x51, 0x98, 0xbb, 0x8a, 0xea, 0x4f, 0x19, 0x22, 0x22, 0x69, 0xd3, 0x3a, ++ 0x72, 0xd8, 0xe3, 0x37, 0xf4, 0x3b, 0xf3, 0xf1, 0x52, 0x48, 0x4d, 0xbf, ++ 0xa5, 0x7a, 0xef, 0x44, 0x53, 0x7b, 0x6e, 0x6c, 0xb7, 0x1a, 0xa8, 0x75, ++ 0xaf, 0xdb, 0x15, 0x05, 0x53, 0xc8, 0xb9, 0x9c, 0xea, 0x1a, 0xf7, 0x9d, ++ 0x9b, 0xb6, 0xa6, 0x5e, 0x0f, 0xf7, 0x49, 0x7e, 0xc9, 0x12, 0x38, 0x3d, ++ 0x78, 0xaf, 0x80, 0x3d, 0x76, 0x6d, 0x96, 0x4f, 0x06, 0xff, 0xdf, 0xc5, ++ 0x9c, 0x47, 0xbe, 0x3e, 0x3d, 0xc2, 0x2a, 0x41, 0x15, 0x7e, 0xbd, 0xab, ++ 0x12, 0x02, 0xfe, 0xa5, 0x4f, 0xb4, 0x1a, 0xf5, 0x6a, 0xed, 0xff, 0x50, ++ 0x5a, 0x56, 0x7b, 0x2f, 0xff, 0xff, 0x29, 0xb5, 0x77, 0xf4, 0x38, 0xb3, ++ 0x40, 0xd9, 0x17, 0x89, 0x43, 0x3f, 0x86, 0x29, 0x50, 0xce, 0x72, 0xde, ++ 0x55, 0x63, 0x06, 0x14, 0x50, 0xae, 0xc1, 0x49, 0x10, 0x55, 0x21, 0xeb, ++ 0x68, 0xe7, 0xfc, 0xc7, 0xf5, 0x92, 0xc5, 0xf2, 0xe2, 0xc9, 0xdb, 0x42, ++ 0x59, 0x44, 0x0e, 0xda, 0x23, 0x50, 0x62, 0xef, 0x6e, 0xae, 0x1c, 0x0e, ++ 0x93, 0x74, 0xa6, 0xdb, 0x4c, 0xc7, 0x4b, 0xa6, 0xe2, 0x3a, 0xe3, 0x03, ++ 0x22, 0xd1, 0xe4, 0x21, 0x13, 0x98, 0x6a, 0xeb, 0x43, 0xbf, 0xe6, 0x8a, ++ 0xfb, 0x28, 0x15, 0x47, 0x7e, 0xaa, 0x12, 0x60, 0x08, 0x23, 0xc6, 0x59, ++ 0xeb, 0xc1, 0x71, 0x18, 0x03, 0x16, 0x7f, 0x75, 0x5f, 0x65, 0x8a, 0x7f, ++ 0x1d, 0xae, 0x98, 0x94, 0xa4, 0xb1, 0xf5, 0xcc, 0x0a, 0x6f, 0x62, 0x79, ++ 0x27, 0x38, 0x32, 0x73, 0x90, 0xc8, 0x3f, 0x70, 0xf7, 0x44, 0xcf, 0xfd, ++ 0xc8, 0xfa, 0xcb, 0x3e, 0x73, 0x5f, 0x1d, 0xde, 0xb5, 0x73, 0x4d, 0x00, ++ 0x2a, 0xce, 0x77, 0x92, 0x17, 0x0f, 0xcf, 0xbf, 0x87, 0x78, 0xdc, 0xbc, ++ 0x83, 0xb3, 0x86, 0xd5, 0x32, 0xf5, 0x17, 0x73, 0xba, 0x90, 0xae, 0xc4, ++ 0x40, 0x25, 0x26, 0xde, 0x8c, 0x5e, 0xbb, 0x83, 0x0e, 0x27, 0xd5, 0x0a, ++ 0x4d, 0x89, 0xf0, 0xf3, 0x0f, 0xb5, 0x7d, 0xe3, 0x04, 0x6b, 0x5a, 0x59, ++ 0xf4, 0x0a, 0x23, 0xc9, 0xe9, 0xe5, 0x1c, 0x20, 0x43, 0xac, 0xe2, 0x61, ++ 0x10, 0x8d, 0x20, 0x83, 0xe7, 0x60, 0x28, 0x32, 0xd0, 0x15, 0x67, 0xf1, ++ 0xaf, 0xd4, 0xcb, 0x2a, 0xec, 0xc5, 0xe2, 0xe7, 0xa2, 0x57, 0x18, 0x3d, ++ 0x5e, 0xdd, 0x14, 0x88, 0x39, 0x59, 0x10, 0x9c, 0xa9, 0xf9, 0xd9, 0xb9, ++ 0xdd, 0x09, 0xb0, 0x2f, 0x5a, 0x30, 0x0f, 0xbf, 0x34, 0x8a, 0xf1, 0x62, ++ 0x40, 0x15, 0x4e, 0xe9, 0x69, 0x2f, 0x94, 0x87, 0x07, 0xf0, 0x01, 0xa2, ++ 0x8f, 0x11, 0xb9, 0x31, 0x4c, 0x2b, 0x7d, 0x7f, 0x6c, 0x04, 0xd6, 0x91, ++ 0x4d, 0x71, 0x6b, 0x8c, 0xa7, 0x47, 0xb1, 0x34, 0x34, 0x08, 0xda, 0x5b, ++ 0xcb, 0x82, 0xbb, 0x5b, 0x14, 0x27, 0x2a, 0x20, 0x25, 0xda, 0xbe, 0x1d, ++ 0x21, 0xa8, 0x68, 0x77, 0xf4, 0x17, 0xaf, 0x7f, 0x22, 0xda, 0xd4, 0xc6, ++ 0x38, 0x0c, 0xbe, 0xf1, 0xa5, 0x0b, 0x17, 0x83, 0x22, 0xb3, 0x5b, 0x12, ++ 0x1f, 0x0a, 0x18, 0x14, 0x46, 0xbf, 0x9b, 0xc0, 0x53, 0x7a, 0x83, 0x40, ++ 0xde, 0x1a, 0x9d, 0xf0, 0x3b, 0x66, 0x74, 0x01, 0xa1, 0xfc, 0x29, 0xde, ++ 0x08, 0x66, 0x85, 0x56, 0x2c, 0xc8, 0x30, 0xb7, 0x42, 0x1f, 0xa2, 0x32, ++ 0x28, 0xc4, 0xc5, 0xfe, 0xea, 0xb0, 0x4e, 0x81, 0x59, 0x74, 0x90, 0x93, ++ 0xb1, 0x1c, 0x5c, 0x4f, 0x54, 0x5e, 0xcc, 0xd7, 0x1d, 0x75, 0xd2, 0x3d, ++ 0x77, 0xff, 0x72, 0xa8, 0x74, 0x31, 0xec, 0x74, 0xe8, 0xcc, 0x69, 0xce, ++ 0xde, 0xe5, 0x05, 0x1e, 0xc2, 0x99, 0x90, 0x22, 0xe5, 0x10, 0xd4, 0xaf, ++ 0x52, 0xe3, 0x47, 0xf4, 0x38, 0xeb, 0xa3, 0xd2, 0x72, 0x64, 0xb2, 0xd3, ++ 0x0c, 0x0c, 0xaa, 0xae, 0x29, 0xb5, 0x38, 0xd4, 0x52, 0xfa, 0x96, 0x17, ++ 0x7a, 0x18, 0xe8, 0x89, 0xd2, 0xd5, 0xd9, 0xae, 0x5a, 0x0e, 0x25, 0x8d}; ++ ++class IkeKdfTest : public ::testing::Test { ++ public: ++ IkeKdfTest() ++ : params_({siBuffer, nullptr, 0}), ++ gxy_item_({siBuffer, toUcharPtr(kGxyData), kGxySize}), ++ skey_item_({siBuffer, toUcharPtr(kKeyData), kKeySize}), ++ key_mech_(0), ++ slot_(nullptr), ++ gxy_(nullptr), ++ skey_(nullptr), ++ okey_(nullptr) {} ++ ++ ~IkeKdfTest() { ++ if (slot_) { ++ PK11_FreeSlot(slot_); ++ } ++ if (gxy_) { ++ PK11_FreeSymKey(gxy_); ++ } ++ ClearTempVars(); ++ } ++ ++ void ClearTempVars() { ++ if (skey_) { ++ PK11_FreeSymKey(skey_); ++ skey_ = nullptr; ++ } ++ if (okey_) { ++ PK11_FreeSymKey(okey_); ++ okey_ = nullptr; ++ } ++ } ++ ++ void Init() { ++ params_.type = siBuffer; ++ ++ gxy_item_.type = siBuffer; ++ gxy_item_.data = ++ const_cast(static_cast(kGxyData)); ++ gxy_item_.len = sizeof(kGxyData); ++ skey_item_.type = siBuffer; ++ skey_item_.data = ++ const_cast(static_cast(kKeyData)); ++ ++ slot_ = PK11_GetInternalSlot(); ++ ASSERT_NE(nullptr, slot_); ++ gxy_ = PK11_ImportSymKey(slot_, CKM_NSS_IKE_PRF_DERIVE, PK11_OriginUnwrap, ++ CKA_DERIVE, &gxy_item_, NULL); ++ ASSERT_NE(nullptr, gxy_); ++ } ++ ++ void ComputeAndVerifyKey(CK_MECHANISM_TYPE derive_mech, ++ CK_MECHANISM_TYPE hash_mech, const uint8_t* expected) { ++ // Infer prf length from mechanism ++ int prf_len = 0; ++ std::string mac = "unknown"; ++ ++ switch (hash_mech) { ++ case CKM_AES_XCBC_MAC: ++ prf_len = kAesXcbcLen; ++ mac = "CKM_AES_XCBC_MAC"; ++ break; ++ case CKM_SHA_1_HMAC: ++ prf_len = kSha1Len; ++ mac = "CKM_SHA_1_HMAC"; ++ break; ++ case CKM_SHA224_HMAC: ++ prf_len = kSha224Len; ++ mac = "CKM_SHA224_HMAC"; ++ break; ++ case CKM_SHA256_HMAC: ++ prf_len = kSha256Len; ++ mac = "CKM_SHA256_HMAC"; ++ break; ++ case CKM_SHA384_HMAC: ++ prf_len = kSha384Len; ++ mac = "CKM_SHA384_HMAC"; ++ break; ++ case CKM_SHA512_HMAC: ++ prf_len = kSha512Len; ++ mac = "CKM_SHA512_HMAC"; ++ break; ++ default: ++ ASSERT_TRUE(false) << "Invalid PRF Mechanism"; ++ } ++ ++ Inner(derive_mech, hash_mech, mac, prf_len, expected); ++ } ++ ++ // Set output == nullptr to test when errors occur ++ void Inner(CK_MECHANISM_TYPE derive_mech, CK_MECHANISM_TYPE hash_mech, ++ std::string mac, size_t prf_len, const uint8_t* expected) { ++ PRBool use_skey = PR_FALSE; ++ size_t output_len = 0; ++ PK11SymKey *derive_key = nullptr; ++ std::stringstream s; ++ s << "Derive:"; ++ std::string msg; ++ ++ ClearTempVars(); ++ ++ // Import the params ++ CK_NSS_IKE_PRF_DERIVE_PARAMS ike_prf; ++ CK_NSS_IKE1_PRF_DERIVE_PARAMS ike1_prf; ++ CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS ikep_prf; ++ CK_MECHANISM_TYPE ike1_app_b; ++ ++ switch (derive_mech) { ++ case CKM_NSS_IKE_PRF_DERIVE: ++ ike_prf.prfMechanism = hash_mech; ++ ike_prf.bDataAsKey = PR_TRUE; ++ ike_prf.bRekey = PR_FALSE; ++ ike_prf.pNi = toUcharPtr(kSeed); ++ ike_prf.ulNiLen = kSeedSize; ++ ike_prf.pNr = toUcharPtr(kSeed); ++ ike_prf.ulNrLen = kSeedSize; ++ ike_prf.hNewKey = CK_INVALID_HANDLE; ++ output_len = 0; ++ use_skey = PR_FALSE; ++ params_.data = reinterpret_cast(&ike_prf); ++ params_.len = sizeof(ike_prf); ++ s << "CKM_NSS_IKE_PRF_DERIVE"; ++ break; ++ case CKM_NSS_IKE_PRF_PLUS_DERIVE: ++ ikep_prf.prfMechanism = hash_mech; ++ ikep_prf.bHasSeedKey = PR_FALSE; ++ ikep_prf.pSeedData= toUcharPtr(kSeed); ++ ikep_prf.ulSeedDataLen = kSeedSize*4; ++ output_len = kLongKeySize; ++ use_skey = PR_TRUE; ++ params_.data = reinterpret_cast(&ikep_prf); ++ params_.len = sizeof(ikep_prf); ++ s << "CKM_NSS_IKE_PRF_PLUS_DERIVE"; ++ break; ++ case CKM_NSS_IKE1_PRF_DERIVE: ++ ike1_prf.prfMechanism = hash_mech; ++ ike1_prf.bHasPrevKey = PR_FALSE; ++ ike1_prf.hKeygxy = PK11_GetSymKeyHandle(gxy_); ++ ike1_prf.hPrevKey = CK_INVALID_HANDLE; ++ ike1_prf.pCKYi = toUcharPtr(kSeed); ++ ike1_prf.ulCKYiLen = kSeedSize; ++ ike1_prf.pCKYr = toUcharPtr(kSeed); ++ ike1_prf.ulCKYrLen = kSeedSize; ++ ike1_prf.keyNumber = 0; ++ output_len = prf_len; ++ use_skey = PR_TRUE; ++ params_.data = reinterpret_cast(&ike1_prf); ++ params_.len = sizeof(ike1_prf); ++ s << "CKM_NSS_IKE1_PRF_DERIVE"; ++ break; ++ case CKM_NSS_IKE1_APP_B_PRF_DERIVE: ++ ike1_app_b = hash_mech; ++ output_len = kLongKeySize; ++ use_skey = PR_TRUE; ++ params_.data = reinterpret_cast(&ike1_app_b); ++ params_.len = sizeof(ike1_app_b); ++ s << "CKM_NSS_IKE1_APP_B_DERIVE"; ++ break; ++ default: ++ ASSERT_TRUE(false) << "Invalid IKE DERIVE mechanism"; ++ } ++ ++ s << " Mac/Prf:" << mac; ++ msg = s.str(); ++ ++ ++ // Import the PMS ++ derive_key = gxy_; ++ if (use_skey) { ++ skey_item_.len = prf_len; ++ skey_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap, ++ CKA_DERIVE, &skey_item_, NULL); ++ ASSERT_NE(nullptr, skey_) << msg; ++ derive_key = skey_; ++ } ++ ++ // Compute the result key ++ okey_ = PK11_DeriveWithFlags(derive_key, derive_mech, ¶ms_, key_mech_, ++ CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY); ++ ++ // Verify the result has the expected value (null or otherwise) ++ int error = PORT_GetError(); ++ s << " Error=" << error; ++ msg = s.str(); ++ if (!expected) { ++ EXPECT_EQ(nullptr, okey_) << msg; ++ } else { ++ ASSERT_NE(nullptr, okey_) << msg; ++ ++ SECStatus rv = PK11_ExtractKeyValue(okey_); ++ ASSERT_EQ(SECSuccess, rv) << "PK11_ExtractKeyValue"; ++ ++ SECItem* oData = PK11_GetKeyData(okey_); ++ ASSERT_NE(nullptr, oData) << "PK11_GetKeyData"; ++ ++ if (output_len == 0) { ++ output_len = prf_len; ++ } ++ s << "\n" << "output_len=" << output_len << " oData->len=" << oData->len << ".\n"; ++ for (unsigned int i=0; i < oData->len; i++) { ++ if (i % 12 == 0) s << "\n "; ++ s << " 0x" << std::setfill('0') ++ << std::setw(2) << std::hex << (int) oData->data[i] << ","; ++ } ++ s << "};\n"; ++ msg = s.str(); ++ ASSERT_EQ(output_len, oData->len) << msg ; ++ ++ EXPECT_EQ(0, memcmp(oData->data, expected, output_len)) << msg; ++ } ++ } ++ ++ protected: ++ SECItem params_; ++ SECItem gxy_item_; ++ SECItem skey_item_; ++ CK_MECHANISM_TYPE key_mech_; ++ PK11SlotInfo* slot_; ++ PK11SymKey* gxy_; ++ PK11SymKey* skey_; ++ PK11SymKey* okey_; ++}; ++ ++// ++// The full range is tested with the FIPS vectors in the cavs tests. ++// just make sure the NSS Derive iterfaces are working for everything. ++// ++TEST_F(IkeKdfTest, IkePrfSha256) { ++ Init(); ++ ComputeAndVerifyKey(CKM_NSS_IKE_PRF_DERIVE, CKM_SHA256_HMAC, ++ kExpectedOutputIkeSha256); ++} ++ ++TEST_F(IkeKdfTest, Ike1PrfSha256) { ++ Init(); ++ ComputeAndVerifyKey(CKM_NSS_IKE1_PRF_DERIVE, CKM_SHA256_HMAC, ++ kExpectedOutputIke1Sha256); ++} ++ ++TEST_F(IkeKdfTest, IkePlusPrfSha256) { ++ Init(); ++ ComputeAndVerifyKey(CKM_NSS_IKE_PRF_PLUS_DERIVE, CKM_SHA256_HMAC, ++ kExpectedOutputIkePlusSha256); ++} ++ ++TEST_F(IkeKdfTest, Ike1AppBPrfSha256) { ++ Init(); ++ ComputeAndVerifyKey(CKM_NSS_IKE1_APP_B_PRF_DERIVE, CKM_SHA256_HMAC, ++ kExpectedOutputIkeAppBSha256); ++} ++ ++} // namespace nss_test +diff -up ./lib/softoken/pkcs11.c.missing_kdf ./lib/softoken/pkcs11.c +--- ./lib/softoken/pkcs11.c.missing_kdf 2019-08-07 14:18:55.039435109 -0700 ++++ ./lib/softoken/pkcs11.c 2019-08-08 10:28:12.449792962 -0700 +@@ -516,7 +516,8 @@ static const struct mechanismList mechan + /* --------------------IPSEC ----------------------- */ + { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE }, + { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE }, +- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE } ++ { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_DERIVE }, PR_TRUE }, ++ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_DERIVE }, PR_TRUE } + }; + static const CK_ULONG mechanismCount = sizeof(mechanisms) / sizeof(mechanisms[0]); + +diff -up ./lib/softoken/sftkike.c.missing_kdf ./lib/softoken/sftkike.c +--- ./lib/softoken/sftkike.c.missing_kdf 2019-08-08 10:24:27.872008887 -0700 ++++ ./lib/softoken/sftkike.c 2019-08-08 10:27:34.416829530 -0700 +@@ -744,7 +744,7 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HAND + * key is inKey + */ + thisKey = outKeyData; +- for (genKeySize = 0; genKeySize <= keySize; genKeySize += macSize) { ++ for (genKeySize = 0; genKeySize < keySize; genKeySize += macSize) { + crv = prf_init(&context, inKey->attrib.pValue, inKey->attrib.ulValueLen); + if (crv != CKR_OK) { + goto fail; diff --git a/SPECS/nss.spec b/SPECS/nss.spec index 194c7ac..a9127cb 100644 --- a/SPECS/nss.spec +++ b/SPECS/nss.spec @@ -46,7 +46,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM", Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 7%{?dist} +Release: 8%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Requires: nspr >= %{nspr_version} @@ -146,6 +146,7 @@ Patch210: nss-mpi-loop.patch Patch211: nss-leading-zero.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1515342 Patch212: nss-input-check.patch +Patch213: nss-3.44-missing-softokn-kdf.patch %description @@ -919,6 +920,11 @@ update-crypto-policies --no-reload &> /dev/null || : %changelog +* Thu Aug 8 2019 Bob Relyea - 3.44.0-8 +- CKM_NSS_IKE1_APP_B_PRF_DERIVE was missing from the mechanism list, preventing + PK11_Derive*() from using it. Add gtests for the PK11_Derive interface for + all the CKM_NSS_IKE*_DERIVE mechanism. + * Wed Jul 3 2019 Daiki Ueno - 3.44.0-7 - Backport fixes from 3.44.1