Coverage Report

Created: 2024-11-21 07:03

/src/nss-nspr/nss/lib/freebl/fipsfreebl.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * PKCS #11 FIPS Power-Up Self Test.
3
 *
4
 * This Source Code Form is subject to the terms of the Mozilla Public
5
 * License, v. 2.0. If a copy of the MPL was not distributed with this
6
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
/* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */
8
9
#ifndef NSS_FIPS_DISABLED
10
#ifdef FREEBL_NO_DEPEND
11
#include "stubs.h"
12
#endif
13
14
#include "blapi.h"
15
#include "seccomon.h" /* Required for RSA. */
16
#include "secerr.h"
17
#include "prtypes.h"
18
#include "secitem.h"
19
#include "pkcs11t.h"
20
#include "cmac.h"
21
22
#include "ec.h" /* Required for EC */
23
24
/*
25
 * different platforms have different ways of calling and initial entry point
26
 * when the dll/.so is loaded. Most platforms support either a posix pragma
27
 * or the GCC attribute. Some platforms suppor a pre-defined name, and some
28
 * platforms have a link line way of invoking this function.
29
 */
30
31
/* The pragma */
32
#if defined(USE_INIT_PRAGMA)
33
#pragma init(bl_startup_tests)
34
#endif
35
36
/* GCC Attribute */
37
#if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT)
38
#define INIT_FUNCTION __attribute__((constructor))
39
#else
40
#define INIT_FUNCTION
41
#endif
42
43
static void INIT_FUNCTION bl_startup_tests(void);
44
45
/* Windows pre-defined entry */
46
#if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT)
47
#include <windows.h>
48
49
BOOL WINAPI
50
DllMain(
51
    HINSTANCE hinstDLL, // handle to DLL module
52
    DWORD fdwReason,    // reason for calling function
53
    LPVOID lpReserved)  // reserved
54
{
55
    // Perform actions based on the reason for calling.
56
    switch (fdwReason) {
57
        case DLL_PROCESS_ATTACH:
58
            // Initialize once for each new process.
59
            // Return FALSE to fail DLL load.
60
            bl_startup_tests();
61
            break;
62
63
        case DLL_THREAD_ATTACH:
64
            // Do thread-specific initialization.
65
            break;
66
67
        case DLL_THREAD_DETACH:
68
            // Do thread-specific cleanup.
69
            break;
70
71
        case DLL_PROCESS_DETACH:
72
            // Perform any necessary cleanup.
73
            break;
74
    }
75
    return TRUE; // Successful DLL_PROCESS_ATTACH.
76
}
77
#endif
78
79
/* insert other platform dependent init entry points here, or modify
80
 * the linker line */
81
82
/* FIPS preprocessor directives for RC2-ECB and RC2-CBC.        */
83
#define FIPS_RC2_KEY_LENGTH 5     /*  40-bits */
84
#define FIPS_RC2_ENCRYPT_LENGTH 8 /*  64-bits */
85
#define FIPS_RC2_DECRYPT_LENGTH 8 /*  64-bits */
86
87
/* FIPS preprocessor directives for RC4.                        */
88
#define FIPS_RC4_KEY_LENGTH 5     /*  40-bits */
89
#define FIPS_RC4_ENCRYPT_LENGTH 8 /*  64-bits */
90
#define FIPS_RC4_DECRYPT_LENGTH 8 /*  64-bits */
91
92
/* FIPS preprocessor directives for DES-ECB and DES-CBC.        */
93
#define FIPS_DES_ENCRYPT_LENGTH 8 /*  64-bits */
94
#define FIPS_DES_DECRYPT_LENGTH 8 /*  64-bits */
95
96
/* FIPS preprocessor directives for DES3-CBC and DES3-ECB.      */
97
0
#define FIPS_DES3_ENCRYPT_LENGTH 8 /*  64-bits */
98
0
#define FIPS_DES3_DECRYPT_LENGTH 8 /*  64-bits */
99
100
/* FIPS preprocessor directives for AES-ECB and AES-CBC.        */
101
0
#define FIPS_AES_BLOCK_SIZE 16     /* 128-bits */
102
0
#define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */
103
0
#define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */
104
0
#define FIPS_AES_CMAC_LENGTH 16    /* 128-bits */
105
0
#define FIPS_AES_128_KEY_SIZE 16   /* 128-bits */
106
0
#define FIPS_AES_192_KEY_SIZE 24   /* 192-bits */
107
0
#define FIPS_AES_256_KEY_SIZE 32   /* 256-bits */
108
109
/* FIPS preprocessor directives for message digests             */
110
10
#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
111
112
/* FIPS preprocessor directives for RSA.                         */
113
0
#define FIPS_RSA_TYPE siBuffer
114
0
#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3    /*   24-bits */
115
0
#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1    /*    8-bits */
116
#define FIPS_RSA_MESSAGE_LENGTH 256          /* 2048-bits */
117
0
#define FIPS_RSA_COEFFICIENT_LENGTH 128      /* 1024-bits */
118
0
#define FIPS_RSA_PRIME0_LENGTH 128           /* 1024-bits */
119
0
#define FIPS_RSA_PRIME1_LENGTH 128           /* 1024-bits */
120
0
#define FIPS_RSA_EXPONENT0_LENGTH 128        /* 1024-bits */
121
0
#define FIPS_RSA_EXPONENT1_LENGTH 128        /* 1024-bits */
122
0
#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */
123
0
#define FIPS_RSA_ENCRYPT_LENGTH 256          /* 2048-bits */
124
0
#define FIPS_RSA_DECRYPT_LENGTH 256          /* 2048-bits */
125
#define FIPS_RSA_SIGNATURE_LENGTH 256        /* 2048-bits */
126
0
#define FIPS_RSA_MODULUS_LENGTH 256          /* 2048-bits */
127
128
/* FIPS preprocessor directives for RNG.                        */
129
#define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */
130
131
static SECStatus
132
freebl_fips_DES3_PowerUpSelfTest(void)
133
0
{
134
    /* DES3 Known Key (56-bits). */
135
0
    static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
136
137
    /* DES3-CBC Known Initialization Vector (64-bits). */
138
0
    static const PRUint8 des3_cbc_known_initialization_vector[] = { "Security" };
139
140
    /* DES3 Known Plaintext (64-bits). */
141
0
    static const PRUint8 des3_ecb_known_plaintext[] = { "Netscape" };
142
0
    static const PRUint8 des3_cbc_known_plaintext[] = { "Netscape" };
143
144
    /* DES3 Known Ciphertext (64-bits). */
145
0
    static const PRUint8 des3_ecb_known_ciphertext[] = {
146
0
        0x55, 0x8e, 0xad, 0x3c, 0xee, 0x49, 0x69, 0xbe
147
0
    };
148
0
    static const PRUint8 des3_cbc_known_ciphertext[] = {
149
0
        0x43, 0xdc, 0x6a, 0xc1, 0xaf, 0xa6, 0x32, 0xf5
150
0
    };
151
152
    /* DES3 variables. */
153
0
    PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
154
0
    PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
155
0
    DESContext *des3_context;
156
0
    unsigned int des3_bytes_encrypted;
157
0
    unsigned int des3_bytes_decrypted;
158
0
    SECStatus des3_status;
159
160
    /*******************************************************/
161
    /* DES3-ECB Single-Round Known Answer Encryption Test. */
162
    /*******************************************************/
163
164
0
    des3_context = DES_CreateContext(des3_known_key, NULL,
165
0
                                     NSS_DES_EDE3, PR_TRUE);
166
167
0
    if (des3_context == NULL) {
168
0
        PORT_SetError(SEC_ERROR_NO_MEMORY);
169
0
        return (SECFailure);
170
0
    }
171
172
0
    des3_status = DES_Encrypt(des3_context, des3_computed_ciphertext,
173
0
                              &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
174
0
                              des3_ecb_known_plaintext,
175
0
                              FIPS_DES3_DECRYPT_LENGTH);
176
177
0
    DES_DestroyContext(des3_context, PR_TRUE);
178
179
0
    if ((des3_status != SECSuccess) ||
180
0
        (des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH) ||
181
0
        (PORT_Memcmp(des3_computed_ciphertext, des3_ecb_known_ciphertext,
182
0
                     FIPS_DES3_ENCRYPT_LENGTH) != 0)) {
183
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
184
0
        return (SECFailure);
185
0
    }
186
187
    /*******************************************************/
188
    /* DES3-ECB Single-Round Known Answer Decryption Test. */
189
    /*******************************************************/
190
191
0
    des3_context = DES_CreateContext(des3_known_key, NULL,
192
0
                                     NSS_DES_EDE3, PR_FALSE);
193
194
0
    if (des3_context == NULL) {
195
0
        PORT_SetError(SEC_ERROR_NO_MEMORY);
196
0
        return (SECFailure);
197
0
    }
198
199
0
    des3_status = DES_Decrypt(des3_context, des3_computed_plaintext,
200
0
                              &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
201
0
                              des3_ecb_known_ciphertext,
202
0
                              FIPS_DES3_ENCRYPT_LENGTH);
203
204
0
    DES_DestroyContext(des3_context, PR_TRUE);
205
206
0
    if ((des3_status != SECSuccess) ||
207
0
        (des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH) ||
208
0
        (PORT_Memcmp(des3_computed_plaintext, des3_ecb_known_plaintext,
209
0
                     FIPS_DES3_DECRYPT_LENGTH) != 0)) {
210
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
211
0
        return (SECFailure);
212
0
    }
213
214
    /*******************************************************/
215
    /* DES3-CBC Single-Round Known Answer Encryption Test. */
216
    /*******************************************************/
217
218
0
    des3_context = DES_CreateContext(des3_known_key,
219
0
                                     des3_cbc_known_initialization_vector,
220
0
                                     NSS_DES_EDE3_CBC, PR_TRUE);
221
222
0
    if (des3_context == NULL) {
223
0
        PORT_SetError(SEC_ERROR_NO_MEMORY);
224
0
        return (SECFailure);
225
0
    }
226
227
0
    des3_status = DES_Encrypt(des3_context, des3_computed_ciphertext,
228
0
                              &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
229
0
                              des3_cbc_known_plaintext,
230
0
                              FIPS_DES3_DECRYPT_LENGTH);
231
232
0
    DES_DestroyContext(des3_context, PR_TRUE);
233
234
0
    if ((des3_status != SECSuccess) ||
235
0
        (des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH) ||
236
0
        (PORT_Memcmp(des3_computed_ciphertext, des3_cbc_known_ciphertext,
237
0
                     FIPS_DES3_ENCRYPT_LENGTH) != 0)) {
238
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
239
0
        return (SECFailure);
240
0
    }
241
242
    /*******************************************************/
243
    /* DES3-CBC Single-Round Known Answer Decryption Test. */
244
    /*******************************************************/
245
246
0
    des3_context = DES_CreateContext(des3_known_key,
247
0
                                     des3_cbc_known_initialization_vector,
248
0
                                     NSS_DES_EDE3_CBC, PR_FALSE);
249
250
0
    if (des3_context == NULL) {
251
0
        PORT_SetError(SEC_ERROR_NO_MEMORY);
252
0
        return (SECFailure);
253
0
    }
254
255
0
    des3_status = DES_Decrypt(des3_context, des3_computed_plaintext,
256
0
                              &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
257
0
                              des3_cbc_known_ciphertext,
258
0
                              FIPS_DES3_ENCRYPT_LENGTH);
259
260
0
    DES_DestroyContext(des3_context, PR_TRUE);
261
262
0
    if ((des3_status != SECSuccess) ||
263
0
        (des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH) ||
264
0
        (PORT_Memcmp(des3_computed_plaintext, des3_cbc_known_plaintext,
265
0
                     FIPS_DES3_DECRYPT_LENGTH) != 0)) {
266
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
267
0
        return (SECFailure);
268
0
    }
269
270
0
    return (SECSuccess);
271
0
}
272
273
/* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/
274
static SECStatus
275
freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
276
0
{
277
    /* AES Known Key (up to 256-bits). */
278
0
    static const PRUint8 aes_known_key[] = { "AES-128 RIJNDAELLEADNJIR 821-SEA" };
279
280
    /* AES-CBC Known Initialization Vector (128-bits). */
281
0
    static const PRUint8 aes_cbc_known_initialization_vector[] = { "SecurityytiruceS" };
282
283
    /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
284
0
    static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" };
285
286
0
    static const PRUint8 aes_gcm_known_aad[] = { "MozillaallizoM" };
287
288
    /* AES Known Ciphertext (128-bit key). */
289
0
    static const PRUint8 aes_ecb128_known_ciphertext[] = {
290
0
        0x3c, 0xa5, 0x96, 0xf3, 0x34, 0x6a, 0x96, 0xc1,
291
0
        0x03, 0x88, 0x16, 0x7b, 0x20, 0xbf, 0x35, 0x47
292
0
    };
293
294
0
    static const PRUint8 aes_cbc128_known_ciphertext[] = {
295
0
        0xcf, 0x15, 0x1d, 0x4f, 0x96, 0xe4, 0x4f, 0x63,
296
0
        0x15, 0x54, 0x14, 0x1d, 0x4e, 0xd8, 0xd5, 0xea
297
0
    };
298
299
0
    static const PRUint8 aes_gcm128_known_ciphertext[] = {
300
0
        0x63, 0xf4, 0x95, 0x28, 0xe6, 0x78, 0xee, 0x6e,
301
0
        0x4f, 0xe0, 0xfc, 0x8d, 0xd7, 0xa2, 0xb1, 0xff,
302
0
        0x0c, 0x97, 0x1b, 0x0a, 0xdd, 0x97, 0x75, 0xed,
303
0
        0x8b, 0xde, 0xbf, 0x16, 0x5e, 0x57, 0x6b, 0x4f
304
0
    };
305
306
0
    static const PRUint8 aes_cmac128_known_ciphertext[] = {
307
0
        0x54, 0x11, 0xe2, 0x57, 0xbd, 0x2a, 0xdf, 0x9d,
308
0
        0x1a, 0x89, 0x72, 0x80, 0x84, 0x4c, 0x7e, 0x93
309
0
    };
310
311
    /* AES Known Ciphertext (192-bit key). */
312
0
    static const PRUint8 aes_ecb192_known_ciphertext[] = {
313
0
        0xa0, 0x18, 0x62, 0xed, 0x88, 0x19, 0xcb, 0x62,
314
0
        0x88, 0x1d, 0x4d, 0xfe, 0x84, 0x02, 0x89, 0x0e
315
0
    };
316
317
0
    static const PRUint8 aes_cbc192_known_ciphertext[] = {
318
0
        0x83, 0xf7, 0xa4, 0x76, 0xd1, 0x6f, 0x07, 0xbe,
319
0
        0x07, 0xbc, 0x43, 0x2f, 0x6d, 0xad, 0x29, 0xe1
320
0
    };
321
322
0
    static const PRUint8 aes_gcm192_known_ciphertext[] = {
323
0
        0xc1, 0x0b, 0x92, 0x1d, 0x68, 0x21, 0xf4, 0x25,
324
0
        0x41, 0x61, 0x20, 0x2d, 0x59, 0x7f, 0x53, 0xde,
325
0
        0x93, 0x39, 0xab, 0x09, 0x76, 0x41, 0x57, 0x2b,
326
0
        0x90, 0x2e, 0x44, 0xbb, 0x52, 0x03, 0xe9, 0x07
327
0
    };
328
329
0
    static const PRUint8 aes_cmac192_known_ciphertext[] = {
330
0
        0x0e, 0x07, 0x99, 0x1e, 0xf6, 0xee, 0xfa, 0x2c,
331
0
        0x1b, 0xfc, 0xce, 0x94, 0x92, 0x2d, 0xf1, 0xab
332
0
    };
333
334
    /* AES Known Ciphertext (256-bit key). */
335
0
    static const PRUint8 aes_ecb256_known_ciphertext[] = {
336
0
        0xdb, 0xa6, 0x52, 0x01, 0x8a, 0x70, 0xae, 0x66,
337
0
        0x3a, 0x99, 0xd8, 0x95, 0x7f, 0xfb, 0x01, 0x67
338
0
    };
339
340
0
    static const PRUint8 aes_cbc256_known_ciphertext[] = {
341
0
        0x37, 0xea, 0x07, 0x06, 0x31, 0x1c, 0x59, 0x27,
342
0
        0xc5, 0xc5, 0x68, 0x71, 0x6e, 0x34, 0x40, 0x16
343
0
    };
344
345
0
    static const PRUint8 aes_gcm256_known_ciphertext[] = {
346
0
        0x5d, 0x9e, 0xd2, 0xa2, 0x74, 0x9c, 0xd9, 0x1c,
347
0
        0xd1, 0xc9, 0xee, 0x5d, 0xb6, 0xf2, 0xc9, 0xb6,
348
0
        0x79, 0x27, 0x53, 0x02, 0xa3, 0xdc, 0x22, 0xce,
349
0
        0xf4, 0xb0, 0xc1, 0x8c, 0x86, 0x51, 0xf5, 0xa1
350
0
    };
351
352
0
    static const PRUint8 aes_cmac256_known_ciphertext[] = {
353
0
        0xc1, 0x26, 0x69, 0x32, 0x51, 0x13, 0x65, 0xac,
354
0
        0x71, 0x23, 0xe4, 0xe7, 0xb9, 0x0c, 0x88, 0x9f
355
356
0
    };
357
358
0
    const PRUint8 *aes_ecb_known_ciphertext =
359
0
        (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext
360
0
                                                                                                                        : aes_ecb256_known_ciphertext;
361
362
0
    const PRUint8 *aes_cbc_known_ciphertext =
363
0
        (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext
364
0
                                                                                                                        : aes_cbc256_known_ciphertext;
365
366
0
    const PRUint8 *aes_gcm_known_ciphertext =
367
0
        (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_gcm128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_gcm192_known_ciphertext
368
0
                                                                                                                        : aes_gcm256_known_ciphertext;
369
370
0
    const PRUint8 *aes_cmac_known_ciphertext =
371
0
        (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cmac128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cmac192_known_ciphertext
372
0
                                                                                                                         : aes_cmac256_known_ciphertext;
373
374
    /* AES variables. */
375
0
    PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH * 2];
376
0
    PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH * 2];
377
0
    AESContext *aes_context;
378
0
    CMACContext *cmac_context;
379
0
    unsigned int aes_bytes_encrypted;
380
0
    unsigned int aes_bytes_decrypted;
381
0
    CK_NSS_GCM_PARAMS gcmParams;
382
0
    SECStatus aes_status;
383
384
    /*check if aes_key_size is 128, 192, or 256 bits */
385
0
    if ((aes_key_size != FIPS_AES_128_KEY_SIZE) &&
386
0
        (aes_key_size != FIPS_AES_192_KEY_SIZE) &&
387
0
        (aes_key_size != FIPS_AES_256_KEY_SIZE)) {
388
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
389
0
        return (SECFailure);
390
0
    }
391
392
    /******************************************************/
393
    /* AES-ECB Single-Round Known Answer Encryption Test: */
394
    /******************************************************/
395
396
0
    aes_context = AES_CreateContext(aes_known_key, NULL, NSS_AES, PR_TRUE,
397
0
                                    aes_key_size, FIPS_AES_BLOCK_SIZE);
398
399
0
    if (aes_context == NULL) {
400
0
        PORT_SetError(SEC_ERROR_NO_MEMORY);
401
0
        return (SECFailure);
402
0
    }
403
404
0
    aes_status = AES_Encrypt(aes_context, aes_computed_ciphertext,
405
0
                             &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
406
0
                             aes_known_plaintext,
407
0
                             FIPS_AES_DECRYPT_LENGTH);
408
409
0
    AES_DestroyContext(aes_context, PR_TRUE);
410
411
0
    if ((aes_status != SECSuccess) ||
412
0
        (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH) ||
413
0
        (PORT_Memcmp(aes_computed_ciphertext, aes_ecb_known_ciphertext,
414
0
                     FIPS_AES_ENCRYPT_LENGTH) != 0)) {
415
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
416
0
        return (SECFailure);
417
0
    }
418
419
    /******************************************************/
420
    /* AES-ECB Single-Round Known Answer Decryption Test: */
421
    /******************************************************/
422
423
0
    aes_context = AES_CreateContext(aes_known_key, NULL, NSS_AES, PR_FALSE,
424
0
                                    aes_key_size, FIPS_AES_BLOCK_SIZE);
425
426
0
    if (aes_context == NULL) {
427
0
        PORT_SetError(SEC_ERROR_NO_MEMORY);
428
0
        return (SECFailure);
429
0
    }
430
431
0
    aes_status = AES_Decrypt(aes_context, aes_computed_plaintext,
432
0
                             &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
433
0
                             aes_ecb_known_ciphertext,
434
0
                             FIPS_AES_ENCRYPT_LENGTH);
435
436
0
    AES_DestroyContext(aes_context, PR_TRUE);
437
438
0
    if ((aes_status != SECSuccess) ||
439
0
        (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) ||
440
0
        (PORT_Memcmp(aes_computed_plaintext, aes_known_plaintext,
441
0
                     FIPS_AES_DECRYPT_LENGTH) != 0)) {
442
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
443
0
        return (SECFailure);
444
0
    }
445
446
    /******************************************************/
447
    /* AES-CBC Single-Round Known Answer Encryption Test. */
448
    /******************************************************/
449
450
0
    aes_context = AES_CreateContext(aes_known_key,
451
0
                                    aes_cbc_known_initialization_vector,
452
0
                                    NSS_AES_CBC, PR_TRUE, aes_key_size,
453
0
                                    FIPS_AES_BLOCK_SIZE);
454
455
0
    if (aes_context == NULL) {
456
0
        PORT_SetError(SEC_ERROR_NO_MEMORY);
457
0
        return (SECFailure);
458
0
    }
459
460
0
    aes_status = AES_Encrypt(aes_context, aes_computed_ciphertext,
461
0
                             &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
462
0
                             aes_known_plaintext,
463
0
                             FIPS_AES_DECRYPT_LENGTH);
464
465
0
    AES_DestroyContext(aes_context, PR_TRUE);
466
467
0
    if ((aes_status != SECSuccess) ||
468
0
        (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH) ||
469
0
        (PORT_Memcmp(aes_computed_ciphertext, aes_cbc_known_ciphertext,
470
0
                     FIPS_AES_ENCRYPT_LENGTH) != 0)) {
471
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
472
0
        return (SECFailure);
473
0
    }
474
475
    /******************************************************/
476
    /* AES-CBC Single-Round Known Answer Decryption Test. */
477
    /******************************************************/
478
479
0
    aes_context = AES_CreateContext(aes_known_key,
480
0
                                    aes_cbc_known_initialization_vector,
481
0
                                    NSS_AES_CBC, PR_FALSE, aes_key_size,
482
0
                                    FIPS_AES_BLOCK_SIZE);
483
484
0
    if (aes_context == NULL) {
485
0
        PORT_SetError(SEC_ERROR_NO_MEMORY);
486
0
        return (SECFailure);
487
0
    }
488
489
0
    aes_status = AES_Decrypt(aes_context, aes_computed_plaintext,
490
0
                             &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
491
0
                             aes_cbc_known_ciphertext,
492
0
                             FIPS_AES_ENCRYPT_LENGTH);
493
494
0
    AES_DestroyContext(aes_context, PR_TRUE);
495
496
0
    if ((aes_status != SECSuccess) ||
497
0
        (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) ||
498
0
        (PORT_Memcmp(aes_computed_plaintext, aes_known_plaintext,
499
0
                     FIPS_AES_DECRYPT_LENGTH) != 0)) {
500
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
501
0
        return (SECFailure);
502
0
    }
503
504
    /******************************************************/
505
    /* AES-GCM Single-Round Known Answer Encryption Test. */
506
    /******************************************************/
507
508
0
    gcmParams.pIv = (PRUint8 *)aes_cbc_known_initialization_vector;
509
0
    gcmParams.ulIvLen = FIPS_AES_BLOCK_SIZE;
510
0
    gcmParams.pAAD = (PRUint8 *)aes_gcm_known_aad;
511
0
    gcmParams.ulAADLen = sizeof(aes_gcm_known_aad);
512
0
    gcmParams.ulTagBits = FIPS_AES_BLOCK_SIZE * 8;
513
0
    aes_context = AES_CreateContext(aes_known_key,
514
0
                                    (PRUint8 *)&gcmParams,
515
0
                                    NSS_AES_GCM, PR_TRUE, aes_key_size,
516
0
                                    FIPS_AES_BLOCK_SIZE);
517
518
0
    if (aes_context == NULL) {
519
0
        PORT_SetError(SEC_ERROR_NO_MEMORY);
520
0
        return (SECFailure);
521
0
    }
522
523
0
    aes_status = AES_Encrypt(aes_context, aes_computed_ciphertext,
524
0
                             &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH * 2,
525
0
                             aes_known_plaintext,
526
0
                             FIPS_AES_DECRYPT_LENGTH);
527
528
0
    AES_DestroyContext(aes_context, PR_TRUE);
529
530
0
    if ((aes_status != SECSuccess) ||
531
0
        (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH * 2) ||
532
0
        (PORT_Memcmp(aes_computed_ciphertext, aes_gcm_known_ciphertext,
533
0
                     FIPS_AES_ENCRYPT_LENGTH * 2) != 0)) {
534
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
535
0
        return (SECFailure);
536
0
    }
537
538
    /******************************************************/
539
    /* AES-GCM Single-Round Known Answer Decryption Test. */
540
    /******************************************************/
541
542
0
    aes_context = AES_CreateContext(aes_known_key,
543
0
                                    (PRUint8 *)&gcmParams,
544
0
                                    NSS_AES_GCM, PR_FALSE, aes_key_size,
545
0
                                    FIPS_AES_BLOCK_SIZE);
546
547
0
    if (aes_context == NULL) {
548
0
        PORT_SetError(SEC_ERROR_NO_MEMORY);
549
0
        return (SECFailure);
550
0
    }
551
552
0
    aes_status = AES_Decrypt(aes_context, aes_computed_plaintext,
553
0
                             &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH * 2,
554
0
                             aes_gcm_known_ciphertext,
555
0
                             FIPS_AES_ENCRYPT_LENGTH * 2);
556
557
0
    AES_DestroyContext(aes_context, PR_TRUE);
558
559
0
    if ((aes_status != SECSuccess) ||
560
0
        (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) ||
561
0
        (PORT_Memcmp(aes_computed_plaintext, aes_known_plaintext,
562
0
                     FIPS_AES_DECRYPT_LENGTH) != 0)) {
563
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
564
0
        return (SECFailure);
565
0
    }
566
567
    /******************************************************/
568
    /* AES-CMAC Known Answer Encryption Test.             */
569
    /******************************************************/
570
0
    cmac_context = CMAC_Create(CMAC_AES, aes_known_key, aes_key_size);
571
572
0
    if (cmac_context == NULL) {
573
0
        PORT_SetError(SEC_ERROR_NO_MEMORY);
574
0
        return (SECFailure);
575
0
    }
576
577
0
    aes_status = CMAC_Begin(cmac_context);
578
0
    if (aes_status != SECSuccess) {
579
0
        CMAC_Destroy(cmac_context, PR_TRUE);
580
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
581
0
        return (SECFailure);
582
0
    }
583
584
0
    aes_status = CMAC_Update(cmac_context, aes_known_plaintext,
585
0
                             FIPS_AES_DECRYPT_LENGTH);
586
0
    if (aes_status != SECSuccess) {
587
0
        CMAC_Destroy(cmac_context, PR_TRUE);
588
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
589
0
        return (SECFailure);
590
0
    }
591
592
0
    aes_status = CMAC_Finish(cmac_context, aes_computed_ciphertext,
593
0
                             &aes_bytes_encrypted, FIPS_AES_CMAC_LENGTH);
594
595
0
    CMAC_Destroy(cmac_context, PR_TRUE);
596
597
0
    if ((aes_status != SECSuccess) ||
598
0
        (aes_bytes_encrypted != FIPS_AES_CMAC_LENGTH) ||
599
0
        (PORT_Memcmp(aes_computed_ciphertext, aes_cmac_known_ciphertext,
600
0
                     FIPS_AES_CMAC_LENGTH) != 0)) {
601
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
602
0
        return (SECFailure);
603
0
    }
604
605
0
    return (SECSuccess);
606
0
}
607
608
/* Known Hash Message (512-bits).  Used for all hashes (incl. SHA-N [N>1]). */
609
static const PRUint8 known_hash_message[] = {
610
    "The test message for the MD2, MD5, and SHA-1 hashing algorithms."
611
};
612
613
/****************************************************/
614
/* Single Round HMAC SHA-X test                     */
615
/****************************************************/
616
static SECStatus
617
freebl_fips_HMAC(unsigned char *hmac_computed,
618
                 const PRUint8 *secret_key,
619
                 unsigned int secret_key_length,
620
                 const PRUint8 *message,
621
                 unsigned int message_length,
622
                 HASH_HashType hashAlg)
623
0
{
624
0
    SECStatus hmac_status = SECFailure;
625
0
    HMACContext *cx = NULL;
626
0
    SECHashObject *hashObj = NULL;
627
0
    unsigned int bytes_hashed = 0;
628
629
0
    hashObj = (SECHashObject *)HASH_GetRawHashObject(hashAlg);
630
631
0
    if (!hashObj)
632
0
        return (SECFailure);
633
634
0
    cx = HMAC_Create(hashObj, secret_key,
635
0
                     secret_key_length,
636
0
                     PR_TRUE); /* PR_TRUE for in FIPS mode */
637
638
0
    if (cx == NULL)
639
0
        return (SECFailure);
640
641
0
    HMAC_Begin(cx);
642
0
    HMAC_Update(cx, message, message_length);
643
0
    hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
644
0
                              hashObj->length);
645
646
0
    HMAC_Destroy(cx, PR_TRUE);
647
648
0
    return (hmac_status);
649
0
}
650
651
static SECStatus
652
freebl_fips_HMAC_PowerUpSelfTest(void)
653
0
{
654
0
    static const PRUint8 HMAC_known_secret_key[] = {
655
0
        "Firefox and ThunderBird are awesome!"
656
0
    };
657
658
0
    static const PRUint8 HMAC_known_secret_key_length = sizeof HMAC_known_secret_key;
659
660
    /* known SHA1 hmac (20 bytes) */
661
0
    static const PRUint8 known_SHA1_hmac[] = {
662
0
        0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05,
663
0
        0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
664
0
        0x5d, 0x0e, 0x1e, 0x11
665
0
    };
666
667
    /* known SHA224 hmac (28 bytes) */
668
0
    static const PRUint8 known_SHA224_hmac[] = {
669
0
        0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
670
0
        0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
671
0
        0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
672
0
        0x9a, 0xb8, 0x98, 0x4e
673
0
    };
674
675
    /* known SHA256 hmac (32 bytes) */
676
0
    static const PRUint8 known_SHA256_hmac[] = {
677
0
        0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44,
678
0
        0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0,
679
0
        0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9,
680
0
        0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48
681
0
    };
682
683
    /* known SHA384 hmac (48 bytes) */
684
0
    static const PRUint8 known_SHA384_hmac[] = {
685
0
        0xcd, 0x56, 0x14, 0xec, 0x05, 0x53, 0x06, 0x2b,
686
0
        0x7e, 0x9c, 0x8a, 0x18, 0x5e, 0xea, 0xf3, 0x91,
687
0
        0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b,
688
0
        0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d,
689
0
        0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa,
690
0
        0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87
691
0
    };
692
693
    /* known SHA512 hmac (64 bytes) */
694
0
    static const PRUint8 known_SHA512_hmac[] = {
695
0
        0xf6, 0x0e, 0x97, 0x12, 0x00, 0x67, 0x6e, 0xb9,
696
0
        0x0c, 0xb2, 0x63, 0xf0, 0x60, 0xac, 0x75, 0x62,
697
0
        0x70, 0x95, 0x2a, 0x52, 0x22, 0xee, 0xdd, 0xd2,
698
0
        0x71, 0xb1, 0xe8, 0x26, 0x33, 0xd3, 0x13, 0x27,
699
0
        0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb,
700
0
        0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1,
701
0
        0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4,
702
0
        0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37
703
0
    };
704
705
0
    SECStatus hmac_status;
706
0
    PRUint8 hmac_computed[HASH_LENGTH_MAX];
707
708
    /***************************************************/
709
    /* HMAC SHA-1 Single-Round Known Answer HMAC Test. */
710
    /***************************************************/
711
712
0
    hmac_status = freebl_fips_HMAC(hmac_computed,
713
0
                                   HMAC_known_secret_key,
714
0
                                   HMAC_known_secret_key_length,
715
0
                                   known_hash_message,
716
0
                                   FIPS_KNOWN_HASH_MESSAGE_LENGTH,
717
0
                                   HASH_AlgSHA1);
718
719
0
    if ((hmac_status != SECSuccess) ||
720
0
        (PORT_Memcmp(hmac_computed, known_SHA1_hmac,
721
0
                     SHA1_LENGTH) != 0)) {
722
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
723
0
        return (SECFailure);
724
0
    }
725
726
    /***************************************************/
727
    /* HMAC SHA-224 Single-Round Known Answer Test.    */
728
    /***************************************************/
729
730
0
    hmac_status = freebl_fips_HMAC(hmac_computed,
731
0
                                   HMAC_known_secret_key,
732
0
                                   HMAC_known_secret_key_length,
733
0
                                   known_hash_message,
734
0
                                   FIPS_KNOWN_HASH_MESSAGE_LENGTH,
735
0
                                   HASH_AlgSHA224);
736
737
0
    if ((hmac_status != SECSuccess) ||
738
0
        (PORT_Memcmp(hmac_computed, known_SHA224_hmac,
739
0
                     SHA224_LENGTH) != 0)) {
740
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
741
0
        return (SECFailure);
742
0
    }
743
744
    /***************************************************/
745
    /* HMAC SHA-256 Single-Round Known Answer Test.    */
746
    /***************************************************/
747
748
0
    hmac_status = freebl_fips_HMAC(hmac_computed,
749
0
                                   HMAC_known_secret_key,
750
0
                                   HMAC_known_secret_key_length,
751
0
                                   known_hash_message,
752
0
                                   FIPS_KNOWN_HASH_MESSAGE_LENGTH,
753
0
                                   HASH_AlgSHA256);
754
755
0
    if ((hmac_status != SECSuccess) ||
756
0
        (PORT_Memcmp(hmac_computed, known_SHA256_hmac,
757
0
                     SHA256_LENGTH) != 0)) {
758
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
759
0
        return (SECFailure);
760
0
    }
761
762
    /***************************************************/
763
    /* HMAC SHA-384 Single-Round Known Answer Test.    */
764
    /***************************************************/
765
766
0
    hmac_status = freebl_fips_HMAC(hmac_computed,
767
0
                                   HMAC_known_secret_key,
768
0
                                   HMAC_known_secret_key_length,
769
0
                                   known_hash_message,
770
0
                                   FIPS_KNOWN_HASH_MESSAGE_LENGTH,
771
0
                                   HASH_AlgSHA384);
772
773
0
    if ((hmac_status != SECSuccess) ||
774
0
        (PORT_Memcmp(hmac_computed, known_SHA384_hmac,
775
0
                     SHA384_LENGTH) != 0)) {
776
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
777
0
        return (SECFailure);
778
0
    }
779
780
    /***************************************************/
781
    /* HMAC SHA-512 Single-Round Known Answer Test.    */
782
    /***************************************************/
783
784
0
    hmac_status = freebl_fips_HMAC(hmac_computed,
785
0
                                   HMAC_known_secret_key,
786
0
                                   HMAC_known_secret_key_length,
787
0
                                   known_hash_message,
788
0
                                   FIPS_KNOWN_HASH_MESSAGE_LENGTH,
789
0
                                   HASH_AlgSHA512);
790
791
0
    if ((hmac_status != SECSuccess) ||
792
0
        (PORT_Memcmp(hmac_computed, known_SHA512_hmac,
793
0
                     SHA512_LENGTH) != 0)) {
794
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
795
0
        return (SECFailure);
796
0
    }
797
798
0
    return (SECSuccess);
799
0
}
800
801
SECStatus
802
freebl_fips_TLS_PowerUpSelfTest(void)
803
0
{
804
0
    static const PRUint8 TLS_known_secret_key[] = {
805
0
        "Firefox and ThunderBird are awesome!"
806
0
    };
807
808
0
    static const PRUint8 TLS_known_secret_key_length = sizeof TLS_known_secret_key;
809
810
    /* known tls prf with sha1/md5 */
811
0
    static const PRUint8 known_TLS_PRF[] = {
812
0
        0x87, 0x4c, 0xc0, 0xc5, 0x15, 0x14, 0x2b, 0xdc,
813
0
        0x73, 0x48, 0x9e, 0x88, 0x9d, 0xf5, 0x83, 0x2f,
814
0
        0x2d, 0x66, 0x1e, 0x78, 0x6c, 0x54, 0x78, 0x29,
815
0
        0xb9, 0xa4, 0x4c, 0x90, 0x5e, 0xa2, 0xe6, 0x5c,
816
0
        0xf1, 0x4f, 0xb5, 0x95, 0xa5, 0x54, 0xc0, 0x9f,
817
0
        0x84, 0x47, 0xb4, 0x4c, 0xda, 0xae, 0x19, 0x29,
818
0
        0x2b, 0x91, 0x2a, 0x81, 0x9d, 0x3a, 0x30, 0x40,
819
0
        0xc5, 0xdf, 0xbb, 0xfa, 0xd8, 0x4c, 0xbc, 0x18
820
0
    };
821
822
    /* known SHA256 tls mac */
823
0
    static const PRUint8 known_TLS_SHA256[] = {
824
0
        0x66, 0xd6, 0x94, 0xd4, 0x0d, 0x32, 0x61, 0x38,
825
0
        0x26, 0xf6, 0x8b, 0xfe, 0x9e, 0xac, 0xa2, 0xf5,
826
0
        0x40, 0x52, 0x74, 0x3f, 0xbe, 0xb8, 0xca, 0x94,
827
0
        0xc3, 0x64, 0xd6, 0x02, 0xf5, 0x88, 0x98, 0x35,
828
0
        0x73, 0x9f, 0xce, 0xaa, 0x68, 0xe3, 0x7c, 0x93,
829
0
        0x30, 0x21, 0x45, 0xec, 0xe9, 0x8f, 0x1c, 0x7e,
830
0
        0xd1, 0x54, 0xf5, 0xbe, 0xff, 0xc8, 0xd7, 0x72,
831
0
        0x7f, 0x9c, 0x0c, 0x7f, 0xa9, 0xd3, 0x4a, 0xd2
832
0
    };
833
834
#ifdef NSS_FULL_POST
835
    /* known SHA224 tls mac */
836
    static const PRUint8 known_TLS_SHA224[] = {
837
        0xd8, 0x68, 0x15, 0xff, 0xa1, 0xa2, 0x5e, 0x16,
838
        0xce, 0xb1, 0xfd, 0xbd, 0xda, 0x39, 0xbc, 0xa7,
839
        0x27, 0x32, 0x78, 0x94, 0x66, 0xf0, 0x84, 0xcf,
840
        0x46, 0xc0, 0x22, 0x76, 0xdc, 0x6b, 0x2e, 0xed,
841
        0x1d, 0x2d, 0xd2, 0x93, 0xfd, 0xae, 0xca, 0xf9,
842
        0xe0, 0x4c, 0x17, 0x23, 0x22, 0x5a, 0x73, 0x93,
843
        0x20, 0x0a, 0xbd, 0xa0, 0x72, 0xf8, 0x8b, 0x74,
844
        0xfb, 0xf1, 0xab, 0xb7, 0xe0, 0xec, 0x34, 0xc9
845
    };
846
847
    /* known SHA384 tls mac */
848
    static const PRUint8 known_TLS_SHA384[] = {
849
        0xb2, 0xac, 0x06, 0x10, 0xad, 0x50, 0xd5, 0xdc,
850
        0xdb, 0x01, 0xea, 0xa6, 0x2d, 0x8a, 0x34, 0xb6,
851
        0xeb, 0x84, 0xbc, 0x37, 0xc9, 0x9f, 0xa1, 0x9c,
852
        0xd5, 0xbd, 0x4e, 0x66, 0x16, 0x24, 0xe5, 0x3d,
853
        0xce, 0x74, 0xe0, 0x30, 0x41, 0x5c, 0xdb, 0xb7,
854
        0x52, 0x1d, 0x2d, 0x4d, 0x9b, 0xbe, 0x6b, 0x86,
855
        0xda, 0x8a, 0xca, 0x73, 0x39, 0xb4, 0xc7, 0x8f,
856
        0x03, 0xb1, 0xf9, 0x7e, 0x65, 0xae, 0x17, 0x10
857
    };
858
859
    /* known SHA512 tls mac */
860
    static const PRUint8 known_TLS_SHA512[] = {
861
        0x73, 0x21, 0x4f, 0x40, 0x81, 0x1e, 0x90, 0xa1,
862
        0x16, 0x40, 0x1e, 0x33, 0x69, 0xc5, 0x00, 0xc7,
863
        0xc4, 0x81, 0xa3, 0x4f, 0xa7, 0xcc, 0x4a, 0xeb,
864
        0x1a, 0x66, 0x00, 0x82, 0x52, 0xe2, 0x2f, 0x69,
865
        0x14, 0x59, 0x05, 0x7c, 0xb0, 0x32, 0xce, 0xcc,
866
        0xb7, 0xc9, 0xab, 0x0f, 0x73, 0x00, 0xe5, 0x52,
867
        0x9d, 0x6b, 0x0e, 0x66, 0x4b, 0xb3, 0x0b, 0x0d,
868
        0x34, 0x53, 0x97, 0x13, 0x84, 0x18, 0x31, 0x7a
869
    };
870
#endif
871
872
0
    SECStatus status;
873
0
    PRUint8 tls_computed[HASH_LENGTH_MAX];
874
0
    SECItem secret;
875
0
    SECItem seed;
876
0
    SECItem result;
877
0
    const char *tls_label = "fips test label";
878
879
0
    secret.data = (unsigned char *)TLS_known_secret_key;
880
0
    secret.len = TLS_known_secret_key_length;
881
0
    seed.data = (unsigned char *)known_hash_message;
882
0
    seed.len = FIPS_KNOWN_HASH_MESSAGE_LENGTH;
883
0
    result.data = tls_computed;
884
0
    result.len = sizeof(tls_computed);
885
886
    /***************************************************/
887
    /* TLS 1.0 PRF Known Answer Test                   */
888
    /***************************************************/
889
890
0
    status = TLS_PRF(&secret, tls_label, &seed, &result, PR_TRUE);
891
892
0
    if ((status != SECSuccess) ||
893
0
        (result.len != HASH_LENGTH_MAX) ||
894
0
        (PORT_Memcmp(tls_computed, known_TLS_PRF,
895
0
                     HASH_LENGTH_MAX) != 0)) {
896
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
897
0
        return (SECFailure);
898
0
    }
899
900
    /***************************************************/
901
    /* TLS 1.2 SHA-256 Known Answer Test.              */
902
    /***************************************************/
903
904
0
    status = TLS_P_hash(HASH_AlgSHA256, &secret, tls_label,
905
0
                        &seed, &result, PR_TRUE);
906
907
0
    if ((status != SECSuccess) ||
908
0
        (result.len != HASH_LENGTH_MAX) ||
909
0
        (PORT_Memcmp(tls_computed, known_TLS_SHA256,
910
0
                     HASH_LENGTH_MAX) != 0)) {
911
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
912
0
        return (SECFailure);
913
0
    }
914
915
#ifdef NSS_FULL_POST
916
    /***************************************************/
917
    /* TLS 1.2 SHA-224 Known Answer Test.              */
918
    /***************************************************/
919
920
    status = TLS_P_hash(HASH_AlgSHA224, &secret, tls_label,
921
                        &seed, &result, PR_TRUE);
922
923
    if ((status != SECSuccess) ||
924
        (result.len != HASH_LENGTH_MAX) ||
925
        (PORT_Memcmp(tls_computed, known_TLS_SHA224,
926
                     HASH_LENGTH_MAX) != 0)) {
927
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
928
        return (SECFailure);
929
    }
930
931
    /***************************************************/
932
    /* TLS 1.2 SHA-384 Known Answer Test.              */
933
    /***************************************************/
934
935
    status = TLS_P_hash(HASH_AlgSHA384, &secret, tls_label,
936
                        &seed, &result, PR_TRUE);
937
938
    if ((status != SECSuccess) ||
939
        (result.len != HASH_LENGTH_MAX) ||
940
        (PORT_Memcmp(tls_computed, known_TLS_SHA384,
941
                     HASH_LENGTH_MAX) != 0)) {
942
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
943
        return (SECFailure);
944
    }
945
946
    /***************************************************/
947
    /* TLS 1.2 SHA-512 Known Answer Test.              */
948
    /***************************************************/
949
950
    status = TLS_P_hash(HASH_AlgSHA512, &secret, tls_label,
951
                        &seed, &result, PR_TRUE);
952
953
    if ((status != SECSuccess) ||
954
        (result.len != HASH_LENGTH_MAX) ||
955
        (PORT_Memcmp(tls_computed, known_TLS_SHA512,
956
                     HASH_LENGTH_MAX) != 0)) {
957
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
958
        return (SECFailure);
959
    }
960
#endif
961
962
0
    return (SECSuccess);
963
0
}
964
965
static SECStatus
966
freebl_fips_SHA_PowerUpSelfTest(void)
967
2
{
968
    /* SHA-1 Known Digest Message (160-bits). */
969
2
    static const PRUint8 sha1_known_digest[] = {
970
2
        0x0a, 0x6d, 0x07, 0xba, 0x1e, 0xbd, 0x8a, 0x1b,
971
2
        0x72, 0xf6, 0xc7, 0x22, 0xf1, 0x27, 0x9f, 0xf0,
972
2
        0xe0, 0x68, 0x47, 0x7a
973
2
    };
974
975
    /* SHA-224 Known Digest Message (224-bits). */
976
2
    static const PRUint8 sha224_known_digest[] = {
977
2
        0x89, 0x5e, 0x7f, 0xfd, 0x0e, 0xd8, 0x35, 0x6f,
978
2
        0x64, 0x6d, 0xf2, 0xde, 0x5e, 0xed, 0xa6, 0x7f,
979
2
        0x29, 0xd1, 0x12, 0x73, 0x42, 0x84, 0x95, 0x4f,
980
2
        0x8e, 0x08, 0xe5, 0xcb
981
2
    };
982
983
    /* SHA-256 Known Digest Message (256-bits). */
984
2
    static const PRUint8 sha256_known_digest[] = {
985
2
        0x38, 0xa9, 0xc1, 0xf0, 0x35, 0xf6, 0x5d, 0x61,
986
2
        0x11, 0xd4, 0x0b, 0xdc, 0xce, 0x35, 0x14, 0x8d,
987
2
        0xf2, 0xdd, 0xaf, 0xaf, 0xcf, 0xb7, 0x87, 0xe9,
988
2
        0x96, 0xa5, 0xd2, 0x83, 0x62, 0x46, 0x56, 0x79
989
2
    };
990
991
    /* SHA-384 Known Digest Message (384-bits). */
992
2
    static const PRUint8 sha384_known_digest[] = {
993
2
        0x11, 0xfe, 0x1c, 0x00, 0x89, 0x48, 0xde, 0xb3,
994
2
        0x99, 0xee, 0x1c, 0x18, 0xb4, 0x10, 0xfb, 0xfe,
995
2
        0xe3, 0xa8, 0x2c, 0xf3, 0x04, 0xb0, 0x2f, 0xc8,
996
2
        0xa3, 0xc4, 0x5e, 0xea, 0x7e, 0x60, 0x48, 0x7b,
997
2
        0xce, 0x2c, 0x62, 0xf7, 0xbc, 0xa7, 0xe8, 0xa3,
998
2
        0xcf, 0x24, 0xce, 0x9c, 0xe2, 0x8b, 0x09, 0x72
999
2
    };
1000
1001
    /* SHA-512 Known Digest Message (512-bits). */
1002
2
    static const PRUint8 sha512_known_digest[] = {
1003
2
        0xc8, 0xb3, 0x27, 0xf9, 0x0b, 0x24, 0xc8, 0xbf,
1004
2
        0x4c, 0xba, 0x33, 0x54, 0xf2, 0x31, 0xbf, 0xdb,
1005
2
        0xab, 0xfd, 0xb3, 0x15, 0xd7, 0xfa, 0x48, 0x99,
1006
2
        0x07, 0x60, 0x0f, 0x57, 0x41, 0x1a, 0xdd, 0x28,
1007
2
        0x12, 0x55, 0x25, 0xac, 0xba, 0x3a, 0x99, 0x12,
1008
2
        0x2c, 0x7a, 0x8f, 0x75, 0x3a, 0xe1, 0x06, 0x6f,
1009
2
        0x30, 0x31, 0xc9, 0x33, 0xc6, 0x1b, 0x90, 0x1a,
1010
2
        0x6c, 0x98, 0x9a, 0x87, 0xd0, 0xb2, 0xf8, 0x07
1011
2
    };
1012
1013
    /* SHA-X variables. */
1014
2
    PRUint8 sha_computed_digest[HASH_LENGTH_MAX];
1015
2
    SECStatus sha_status;
1016
1017
    /*************************************************/
1018
    /* SHA-1 Single-Round Known Answer Hashing Test. */
1019
    /*************************************************/
1020
1021
2
    sha_status = SHA1_HashBuf(sha_computed_digest, known_hash_message,
1022
2
                              FIPS_KNOWN_HASH_MESSAGE_LENGTH);
1023
1024
2
    if ((sha_status != SECSuccess) ||
1025
2
        (PORT_Memcmp(sha_computed_digest, sha1_known_digest,
1026
2
                     SHA1_LENGTH) != 0)) {
1027
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1028
0
        return (SECFailure);
1029
0
    }
1030
1031
    /***************************************************/
1032
    /* SHA-224 Single-Round Known Answer Hashing Test. */
1033
    /***************************************************/
1034
1035
2
    sha_status = SHA224_HashBuf(sha_computed_digest, known_hash_message,
1036
2
                                FIPS_KNOWN_HASH_MESSAGE_LENGTH);
1037
1038
2
    if ((sha_status != SECSuccess) ||
1039
2
        (PORT_Memcmp(sha_computed_digest, sha224_known_digest,
1040
2
                     SHA224_LENGTH) != 0)) {
1041
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1042
0
        return (SECFailure);
1043
0
    }
1044
1045
    /***************************************************/
1046
    /* SHA-256 Single-Round Known Answer Hashing Test. */
1047
    /***************************************************/
1048
1049
2
    sha_status = SHA256_HashBuf(sha_computed_digest, known_hash_message,
1050
2
                                FIPS_KNOWN_HASH_MESSAGE_LENGTH);
1051
1052
2
    if ((sha_status != SECSuccess) ||
1053
2
        (PORT_Memcmp(sha_computed_digest, sha256_known_digest,
1054
2
                     SHA256_LENGTH) != 0)) {
1055
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1056
0
        return (SECFailure);
1057
0
    }
1058
1059
    /***************************************************/
1060
    /* SHA-384 Single-Round Known Answer Hashing Test. */
1061
    /***************************************************/
1062
1063
2
    sha_status = SHA384_HashBuf(sha_computed_digest, known_hash_message,
1064
2
                                FIPS_KNOWN_HASH_MESSAGE_LENGTH);
1065
1066
2
    if ((sha_status != SECSuccess) ||
1067
2
        (PORT_Memcmp(sha_computed_digest, sha384_known_digest,
1068
2
                     SHA384_LENGTH) != 0)) {
1069
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1070
0
        return (SECFailure);
1071
0
    }
1072
1073
    /***************************************************/
1074
    /* SHA-512 Single-Round Known Answer Hashing Test. */
1075
    /***************************************************/
1076
1077
2
    sha_status = SHA512_HashBuf(sha_computed_digest, known_hash_message,
1078
2
                                FIPS_KNOWN_HASH_MESSAGE_LENGTH);
1079
1080
2
    if ((sha_status != SECSuccess) ||
1081
2
        (PORT_Memcmp(sha_computed_digest, sha512_known_digest,
1082
2
                     SHA512_LENGTH) != 0)) {
1083
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1084
0
        return (SECFailure);
1085
0
    }
1086
1087
2
    return (SECSuccess);
1088
2
}
1089
1090
static SECStatus
1091
freebl_fips_RSA_PowerUpSelfTest(void)
1092
0
{
1093
    /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */
1094
0
    static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
1095
0
        0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
1096
0
        0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
1097
0
        0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
1098
0
        0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
1099
0
        0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
1100
0
        0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
1101
0
        0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
1102
0
        0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
1103
0
        0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
1104
0
        0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
1105
0
        0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
1106
0
        0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
1107
0
        0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
1108
0
        0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
1109
0
        0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
1110
0
        0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
1111
0
        0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
1112
0
        0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
1113
0
        0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
1114
0
        0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
1115
0
        0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
1116
0
        0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
1117
0
        0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
1118
0
        0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
1119
0
        0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
1120
0
        0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
1121
0
        0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
1122
0
        0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
1123
0
        0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
1124
0
        0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
1125
0
        0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
1126
0
        0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b
1127
0
    };
1128
1129
    /* RSA Known Public Key Values (24-bits). */
1130
0
    static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] = { 0x01, 0x00, 0x01 };
1131
    /* RSA Known Private Key Values (version                 is    8-bits), */
1132
    /*                              (private exponent        is 2048-bits), */
1133
    /*                              (private prime0          is 1024-bits), */
1134
    /*                              (private prime1          is 1024-bits), */
1135
    /*                              (private prime exponent0 is 1024-bits), */
1136
    /*                              (private prime exponent1 is 1024-bits), */
1137
    /*                          and (private coefficient     is 1024-bits). */
1138
0
    static const PRUint8 rsa_version[] = { 0x00 };
1139
1140
0
    static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] = {
1141
0
        0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
1142
0
        0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
1143
0
        0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
1144
0
        0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
1145
0
        0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
1146
0
        0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
1147
0
        0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
1148
0
        0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
1149
0
        0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
1150
0
        0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
1151
0
        0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
1152
0
        0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
1153
0
        0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
1154
0
        0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
1155
0
        0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
1156
0
        0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
1157
0
        0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
1158
0
        0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
1159
0
        0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
1160
0
        0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
1161
0
        0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
1162
0
        0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
1163
0
        0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
1164
0
        0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
1165
0
        0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
1166
0
        0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
1167
0
        0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
1168
0
        0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
1169
0
        0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
1170
0
        0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
1171
0
        0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
1172
0
        0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81
1173
0
    };
1174
1175
0
    static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
1176
0
        0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
1177
0
        0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
1178
0
        0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
1179
0
        0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
1180
0
        0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
1181
0
        0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
1182
0
        0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
1183
0
        0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
1184
0
        0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
1185
0
        0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
1186
0
        0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
1187
0
        0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
1188
0
        0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
1189
0
        0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
1190
0
        0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
1191
0
        0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05
1192
0
    };
1193
0
    static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
1194
0
        0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
1195
0
        0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
1196
0
        0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
1197
0
        0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
1198
0
        0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
1199
0
        0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
1200
0
        0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
1201
0
        0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
1202
0
        0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
1203
0
        0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
1204
0
        0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
1205
0
        0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
1206
0
        0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
1207
0
        0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
1208
0
        0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
1209
0
        0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf
1210
0
    };
1211
0
    static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
1212
0
        0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
1213
0
        0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
1214
0
        0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
1215
0
        0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
1216
0
        0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
1217
0
        0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
1218
0
        0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
1219
0
        0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
1220
0
        0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
1221
0
        0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
1222
0
        0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
1223
0
        0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
1224
0
        0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
1225
0
        0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
1226
0
        0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
1227
0
        0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d
1228
0
    };
1229
0
    static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
1230
0
        0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
1231
0
        0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
1232
0
        0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
1233
0
        0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
1234
0
        0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
1235
0
        0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
1236
0
        0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
1237
0
        0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
1238
0
        0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
1239
0
        0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
1240
0
        0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
1241
0
        0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
1242
0
        0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
1243
0
        0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
1244
0
        0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
1245
0
        0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59
1246
0
    };
1247
0
    static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
1248
0
        0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
1249
0
        0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
1250
0
        0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
1251
0
        0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
1252
0
        0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
1253
0
        0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
1254
0
        0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
1255
0
        0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
1256
0
        0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
1257
0
        0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
1258
0
        0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
1259
0
        0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
1260
0
        0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
1261
0
        0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
1262
0
        0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
1263
0
        0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02
1264
0
    };
1265
1266
    /* RSA Known Plaintext Message (1024-bits). */
1267
0
    static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
1268
0
        "Known plaintext message utilized"
1269
0
        "for RSA Encryption &  Decryption"
1270
0
        "blocks SHA256, SHA384  and      "
1271
0
        "SHA512 RSA Signature KAT tests. "
1272
0
        "Known plaintext message utilized"
1273
0
        "for RSA Encryption &  Decryption"
1274
0
        "blocks SHA256, SHA384  and      "
1275
0
        "SHA512 RSA Signature KAT  tests."
1276
0
    };
1277
1278
    /* RSA Known Ciphertext (2048-bits). */
1279
0
    static const PRUint8 rsa_known_ciphertext[] = {
1280
0
        0x04, 0x12, 0x46, 0xe3, 0x6a, 0xee, 0xde, 0xdd,
1281
0
        0x49, 0xa1, 0xd9, 0x83, 0xf7, 0x35, 0xf9, 0x70,
1282
0
        0x88, 0x03, 0x2d, 0x01, 0x8b, 0xd1, 0xbf, 0xdb,
1283
0
        0xe5, 0x1c, 0x85, 0xbe, 0xb5, 0x0b, 0x48, 0x45,
1284
0
        0x7a, 0xf0, 0xa0, 0xe3, 0xa2, 0xbb, 0x4b, 0xf6,
1285
0
        0x27, 0xd0, 0x1b, 0x12, 0xe3, 0x77, 0x52, 0x34,
1286
0
        0x9e, 0x8e, 0x03, 0xd2, 0xf8, 0x79, 0x6e, 0x39,
1287
0
        0x79, 0x53, 0x3c, 0x44, 0x14, 0x94, 0xbb, 0x8d,
1288
0
        0xaa, 0x14, 0x44, 0xa0, 0x7b, 0xa5, 0x8c, 0x93,
1289
0
        0x5f, 0x99, 0xa4, 0xa3, 0x6e, 0x7a, 0x38, 0x40,
1290
0
        0x78, 0xfa, 0x36, 0x91, 0x5e, 0x9a, 0x9c, 0xba,
1291
0
        0x1e, 0xd4, 0xf9, 0xda, 0x4b, 0x0f, 0xa8, 0xa3,
1292
0
        0x1c, 0xf3, 0x3a, 0xd1, 0xa5, 0xb4, 0x51, 0x16,
1293
0
        0xed, 0x4b, 0xcf, 0xec, 0x93, 0x7b, 0x90, 0x21,
1294
0
        0xbc, 0x3a, 0xf4, 0x0b, 0xd1, 0x3a, 0x2b, 0xba,
1295
0
        0xa6, 0x7d, 0x5b, 0x53, 0xd8, 0x64, 0xf9, 0x29,
1296
0
        0x7b, 0x7f, 0x77, 0x3e, 0x51, 0x4c, 0x9a, 0x94,
1297
0
        0xd2, 0x4b, 0x4a, 0x8d, 0x61, 0x74, 0x97, 0xae,
1298
0
        0x53, 0x6a, 0xf4, 0x90, 0xc2, 0x2c, 0x49, 0xe2,
1299
0
        0xfa, 0xeb, 0x91, 0xc5, 0xe5, 0x83, 0x13, 0xc9,
1300
0
        0x44, 0x4b, 0x95, 0x2c, 0x57, 0x70, 0x15, 0x5c,
1301
0
        0x64, 0x8d, 0x1a, 0xfd, 0x2a, 0xc7, 0xb2, 0x9c,
1302
0
        0x5c, 0x99, 0xd3, 0x4a, 0xfd, 0xdd, 0xf6, 0x82,
1303
0
        0x87, 0x8c, 0x5a, 0xc4, 0xa8, 0x0d, 0x2a, 0xef,
1304
0
        0xc3, 0xa2, 0x7e, 0x8e, 0x67, 0x9f, 0x6f, 0x63,
1305
0
        0xdb, 0xbb, 0x1d, 0x31, 0xc4, 0xbb, 0xbc, 0x13,
1306
0
        0x3f, 0x54, 0xc6, 0xf6, 0xc5, 0x28, 0x32, 0xab,
1307
0
        0x96, 0x42, 0x10, 0x36, 0x40, 0x92, 0xbb, 0x57,
1308
0
        0x55, 0x38, 0xf5, 0x43, 0x7e, 0x43, 0xc4, 0x65,
1309
0
        0x47, 0x64, 0xaa, 0x0f, 0x4c, 0xe9, 0x49, 0x16,
1310
0
        0xec, 0x6a, 0x50, 0xfd, 0x14, 0x49, 0xca, 0xdb,
1311
0
        0x44, 0x54, 0xca, 0xbe, 0xa3, 0x0e, 0x5f, 0xef
1312
0
    };
1313
1314
0
    static const RSAPublicKey bl_public_key = {
1315
0
        NULL,
1316
0
        { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1317
0
          FIPS_RSA_MODULUS_LENGTH },
1318
0
        { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1319
0
          FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
1320
0
    };
1321
0
    static const RSAPrivateKey bl_private_key = {
1322
0
        NULL,
1323
0
        { FIPS_RSA_TYPE, (unsigned char *)rsa_version,
1324
0
          FIPS_RSA_PRIVATE_VERSION_LENGTH },
1325
0
        { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1326
0
          FIPS_RSA_MODULUS_LENGTH },
1327
0
        { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1328
0
          FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
1329
0
        { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
1330
0
          FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
1331
0
        { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
1332
0
          FIPS_RSA_PRIME0_LENGTH },
1333
0
        { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
1334
0
          FIPS_RSA_PRIME1_LENGTH },
1335
0
        { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
1336
0
          FIPS_RSA_EXPONENT0_LENGTH },
1337
0
        { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
1338
0
          FIPS_RSA_EXPONENT1_LENGTH },
1339
0
        { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
1340
0
          FIPS_RSA_COEFFICIENT_LENGTH }
1341
0
    };
1342
1343
    /* RSA variables. */
1344
0
    SECStatus rsa_status;
1345
0
    RSAPublicKey rsa_public_key;
1346
0
    RSAPrivateKey rsa_private_key;
1347
1348
0
    PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
1349
0
    PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
1350
1351
0
    rsa_public_key = bl_public_key;
1352
0
    rsa_private_key = bl_private_key;
1353
1354
    /**************************************************/
1355
    /* RSA Single-Round Known Answer Encryption Test. */
1356
    /**************************************************/
1357
1358
    /* Perform RSA Public Key Encryption. */
1359
0
    rsa_status = RSA_PublicKeyOp(&rsa_public_key,
1360
0
                                 rsa_computed_ciphertext,
1361
0
                                 rsa_known_plaintext_msg);
1362
1363
0
    if ((rsa_status != SECSuccess) ||
1364
0
        (PORT_Memcmp(rsa_computed_ciphertext, rsa_known_ciphertext,
1365
0
                     FIPS_RSA_ENCRYPT_LENGTH) != 0))
1366
0
        goto rsa_loser;
1367
1368
    /**************************************************/
1369
    /* RSA Single-Round Known Answer Decryption Test. */
1370
    /**************************************************/
1371
1372
    /* Perform RSA Private Key Decryption. */
1373
0
    rsa_status = RSA_PrivateKeyOp(&rsa_private_key,
1374
0
                                  rsa_computed_plaintext,
1375
0
                                  rsa_known_ciphertext);
1376
1377
0
    if ((rsa_status != SECSuccess) ||
1378
0
        (PORT_Memcmp(rsa_computed_plaintext, rsa_known_plaintext_msg,
1379
0
                     FIPS_RSA_DECRYPT_LENGTH) != 0))
1380
0
        goto rsa_loser;
1381
1382
0
    return (SECSuccess);
1383
1384
0
rsa_loser:
1385
1386
0
    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1387
0
    return (SECFailure);
1388
0
}
1389
1390
static SECStatus
1391
freebl_fips_ECDSA_Test(ECParams *ecparams,
1392
                       const PRUint8 *knownSignature,
1393
                       unsigned int knownSignatureLen)
1394
0
{
1395
1396
    /* ECDSA Known Seed info for curves nistp256 and nistk283  */
1397
0
    static const PRUint8 ecdsa_Known_Seed[] = {
1398
0
        0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
1399
0
        0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
1400
0
        0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
1401
0
        0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f
1402
0
    };
1403
1404
0
    static const PRUint8 msg[] = {
1405
0
        "Firefox and ThunderBird are awesome!"
1406
0
    };
1407
1408
0
    unsigned char sha256[SHA256_LENGTH]; /* SHA-256 hash (256 bits) */
1409
0
    unsigned char sig[2 * MAX_ECKEY_LEN];
1410
0
    SECItem signature, digest;
1411
0
    ECPrivateKey *ecdsa_private_key = NULL;
1412
0
    ECPublicKey ecdsa_public_key;
1413
0
    SECStatus ecdsaStatus = SECSuccess;
1414
1415
    /* Generates a new EC key pair. The private key is a supplied
1416
     * random value (in seed) and the public key is the result of
1417
     * performing a scalar point multiplication of that value with
1418
     * the curve's base point.
1419
     */
1420
0
    ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key,
1421
0
                                    ecdsa_Known_Seed,
1422
0
                                    sizeof(ecdsa_Known_Seed));
1423
0
    if (ecdsaStatus != SECSuccess) {
1424
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1425
0
        return (SECFailure);
1426
0
    }
1427
1428
    /* construct public key from private key. */
1429
0
    ecdsa_public_key.ecParams = ecdsa_private_key->ecParams;
1430
0
    ecdsa_public_key.publicValue = ecdsa_private_key->publicValue;
1431
1432
    /* validate public key value */
1433
0
    ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams,
1434
0
                                       &ecdsa_public_key.publicValue);
1435
0
    if (ecdsaStatus != SECSuccess) {
1436
0
        goto loser;
1437
0
    }
1438
1439
    /* validate public key value */
1440
0
    ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams,
1441
0
                                       &ecdsa_private_key->publicValue);
1442
0
    if (ecdsaStatus != SECSuccess) {
1443
0
        goto loser;
1444
0
    }
1445
1446
    /***************************************************/
1447
    /* ECDSA Single-Round Known Answer Signature Test. */
1448
    /***************************************************/
1449
1450
0
    ecdsaStatus = SHA256_HashBuf(sha256, msg, sizeof msg);
1451
0
    if (ecdsaStatus != SECSuccess) {
1452
0
        goto loser;
1453
0
    }
1454
0
    digest.type = siBuffer;
1455
0
    digest.data = sha256;
1456
0
    digest.len = SHA256_LENGTH;
1457
1458
0
    memset(sig, 0, sizeof sig);
1459
0
    signature.type = siBuffer;
1460
0
    signature.data = sig;
1461
0
    signature.len = sizeof sig;
1462
1463
0
    ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature,
1464
0
                                           &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed);
1465
0
    if (ecdsaStatus != SECSuccess) {
1466
0
        goto loser;
1467
0
    }
1468
1469
0
    if ((signature.len != knownSignatureLen) ||
1470
0
        (PORT_Memcmp(signature.data, knownSignature,
1471
0
                     knownSignatureLen) != 0)) {
1472
0
        ecdsaStatus = SECFailure;
1473
0
        goto loser;
1474
0
    }
1475
1476
    /******************************************************/
1477
    /* ECDSA Single-Round Known Answer Verification Test. */
1478
    /******************************************************/
1479
1480
    /* Perform ECDSA verification process. */
1481
0
    ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest);
1482
1483
0
loser:
1484
    /* free the memory for the private key arena*/
1485
0
    PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE);
1486
1487
0
    if (ecdsaStatus != SECSuccess) {
1488
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1489
0
        return (SECFailure);
1490
0
    }
1491
0
    return (SECSuccess);
1492
0
}
1493
1494
static SECStatus
1495
freebl_fips_ECDH_Test(ECParams *ecparams)
1496
0
{
1497
1498
    /* ECDH Known result (reused old CAVS vector)  */
1499
0
    static const PRUint8 ecdh_known_pub_key_1[] = {
1500
0
        EC_POINT_FORM_UNCOMPRESSED,
1501
        /* pubX */
1502
0
        0x16, 0x81, 0x32, 0x86, 0xc8, 0xe4, 0x3a, 0x1f,
1503
0
        0x5d, 0xe3, 0x06, 0x22, 0x8b, 0x99, 0x14, 0x25,
1504
0
        0xf7, 0x9c, 0x5b, 0x1e, 0x96, 0x84, 0x85, 0x3b,
1505
0
        0x17, 0xfe, 0xf3, 0x1c, 0x0e, 0xed, 0xc4, 0xce,
1506
        /* pubY */
1507
0
        0x7a, 0x44, 0xfe, 0xbd, 0x91, 0x71, 0x7d, 0x73,
1508
0
        0xd9, 0x45, 0xea, 0xae, 0x66, 0x78, 0xfa, 0x6e,
1509
0
        0x46, 0xcd, 0xfa, 0x95, 0x15, 0x47, 0x62, 0x5d,
1510
0
        0xbb, 0x1b, 0x9f, 0xe6, 0x39, 0xfc, 0xfd, 0x47
1511
0
    };
1512
0
    static const PRUint8 ecdh_known_priv_key_2[] = {
1513
0
        0xb4, 0x2a, 0xe3, 0x69, 0x19, 0xec, 0xf0, 0x42,
1514
0
        0x6d, 0x45, 0x8c, 0x94, 0x4a, 0x26, 0xa7, 0x5c,
1515
0
        0xea, 0x9d, 0xd9, 0x0f, 0x59, 0xe0, 0x1a, 0x9d,
1516
0
        0x7c, 0xb7, 0x1c, 0x04, 0x53, 0xb8, 0x98, 0x5a
1517
0
    };
1518
0
    static const PRUint8 ecdh_known_hash_result[] = {
1519
0
        0x16, 0xf3, 0x85, 0xa2, 0x41, 0xf3, 0x7f, 0xc4,
1520
0
        0x0b, 0x56, 0x47, 0xee, 0xa7, 0x74, 0xb9, 0xdb,
1521
0
        0xe1, 0xfa, 0x22, 0xe9, 0x04, 0xf1, 0xb6, 0x12,
1522
0
        0x4b, 0x44, 0x8a, 0xbb, 0xbc, 0x08, 0x2b, 0xa7
1523
0
    };
1524
1525
0
    SECItem ecdh_priv_2, ecdh_pub_1;
1526
0
    SECItem ZZ = { 0, 0, 0 };
1527
0
    SECStatus ecdhStatus = SECSuccess;
1528
0
    PRUint8 computed_hash_result[HASH_LENGTH_MAX];
1529
1530
0
    ecdh_priv_2.data = (PRUint8 *)ecdh_known_priv_key_2;
1531
0
    ecdh_priv_2.len = sizeof(ecdh_known_priv_key_2);
1532
0
    ecdh_pub_1.data = (PRUint8 *)ecdh_known_pub_key_1;
1533
0
    ecdh_pub_1.len = sizeof(ecdh_known_pub_key_1);
1534
1535
    /* Generates a new EC key pair. The private key is a supplied
1536
     * random value (in seed) and the public key is the result of
1537
     * performing a scalar point multiplication of that value with
1538
     * the curve's base point.
1539
     */
1540
0
    ecdhStatus = ECDH_Derive(&ecdh_pub_1, ecparams, &ecdh_priv_2, PR_FALSE, &ZZ);
1541
0
    if (ecdhStatus != SECSuccess) {
1542
0
        goto loser;
1543
0
    }
1544
0
    ecdhStatus = SHA256_HashBuf(computed_hash_result, ZZ.data, ZZ.len);
1545
0
    if (ecdhStatus != SECSuccess) {
1546
0
        goto loser;
1547
0
    }
1548
1549
0
    if (PORT_Memcmp(computed_hash_result, ecdh_known_hash_result,
1550
0
                    sizeof(ecdh_known_hash_result)) != 0) {
1551
0
        ecdhStatus = SECFailure;
1552
0
        goto loser;
1553
0
    }
1554
1555
0
loser:
1556
0
    if (ZZ.data) {
1557
0
        SECITEM_FreeItem(&ZZ, PR_FALSE);
1558
0
    }
1559
1560
0
    if (ecdhStatus != SECSuccess) {
1561
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1562
0
        return (SECFailure);
1563
0
    }
1564
0
    return (SECSuccess);
1565
0
}
1566
1567
static SECStatus
1568
freebl_fips_EC_PowerUpSelfTest()
1569
0
{
1570
1571
    /* EC Known curve nistp256 == ECCCurve_X9_62_PRIME_256V1 params */
1572
0
    static const unsigned char p256_prime[] = {
1573
0
        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1574
0
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1575
0
        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
1576
0
    };
1577
0
    static const unsigned char p256_a[] = {
1578
0
        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
1579
0
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1580
0
        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC
1581
0
    };
1582
0
    static const unsigned char p256_b[] = {
1583
0
        0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, 0x76,
1584
0
        0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, 0x3B, 0xCE,
1585
0
        0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B
1586
0
    };
1587
0
    static const unsigned char p256_base[] = {
1588
0
        0x04,
1589
0
        0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, 0x63,
1590
0
        0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, 0xF4, 0xA1,
1591
0
        0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
1592
0
        0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B, 0x8E, 0xE7, 0xEB, 0x4A, 0x7C,
1593
0
        0x0F, 0x9E, 0x16, 0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE, 0xCB, 0xB6,
1594
0
        0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5
1595
0
    };
1596
0
    static const unsigned char p256_order[] = {
1597
0
        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
1598
0
        0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9,
1599
0
        0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
1600
0
    };
1601
0
    static const unsigned char p256_encoding[] = {
1602
0
        0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
1603
0
    };
1604
0
    static const ECParams ec_known_P256_Params = {
1605
0
        NULL,
1606
0
        ec_params_named,                                                     /* arena, type */
1607
                                                                             /* fieldID */
1608
0
        { 256, ec_field_plain,                                               /* size and type */
1609
0
          { { siBuffer, (unsigned char *)p256_prime, sizeof(p256_prime) } }, /* u.prime */
1610
0
          0,
1611
0
          0,
1612
0
          0 },
1613
        /* curve */
1614
0
        { /* a = curvea b = curveb */
1615
          /* curve.a */
1616
0
          { siBuffer, (unsigned char *)p256_a, sizeof(p256_a) },
1617
          /* curve.b */
1618
0
          { siBuffer, (unsigned char *)p256_b, sizeof(p256_b) },
1619
          /* curve.seed */
1620
0
          { siBuffer, NULL, 0 } },
1621
        /* base  = 04xy*/
1622
0
        { siBuffer, (unsigned char *)p256_base, sizeof(p256_base) },
1623
        /* order */
1624
0
        { siBuffer, (unsigned char *)p256_order, sizeof(p256_order) },
1625
0
        1, /* cofactor */
1626
        /* DEREncoding */
1627
0
        { siBuffer, (unsigned char *)p256_encoding, sizeof(p256_encoding) },
1628
0
        ECCurve_X9_62_PRIME_256V1,
1629
        /* curveOID */
1630
0
        { siBuffer, (unsigned char *)(p256_encoding) + 2, sizeof(p256_encoding) - 2 },
1631
0
    };
1632
1633
0
    static const PRUint8 ecdsa_known_P256_signature[] = {
1634
0
        0x07, 0xb1, 0xcb, 0x57, 0x20, 0xa7, 0x10, 0xd6,
1635
0
        0x9d, 0x37, 0x4b, 0x1c, 0xdc, 0x35, 0x90, 0xff,
1636
0
        0x1a, 0x2d, 0x98, 0x95, 0x1b, 0x2f, 0xeb, 0x7f,
1637
0
        0xbb, 0x81, 0xca, 0xc0, 0x69, 0x75, 0xea, 0xc5,
1638
0
        0xa7, 0xd2, 0x20, 0xdd, 0x45, 0xf9, 0x2b, 0xdd,
1639
0
        0xda, 0x98, 0x99, 0x5b, 0x1c, 0x02, 0x3a, 0x27,
1640
0
        0x8b, 0x7d, 0xb6, 0xed, 0x0e, 0xe0, 0xa7, 0xac,
1641
0
        0xaa, 0x36, 0x2c, 0xfa, 0x1a, 0xdf, 0x0d, 0xe1
1642
0
    };
1643
1644
0
    ECParams ecparams;
1645
1646
0
    SECStatus rv;
1647
1648
    /* ECDSA GF(p) prime field curve test */
1649
0
    ecparams = ec_known_P256_Params;
1650
0
    rv = freebl_fips_ECDSA_Test(&ecparams,
1651
0
                                ecdsa_known_P256_signature,
1652
0
                                sizeof ecdsa_known_P256_signature);
1653
0
    if (rv != SECSuccess) {
1654
0
        return (SECFailure);
1655
0
    }
1656
    /* ECDH GF(p) prime field curve test */
1657
0
    rv = freebl_fips_ECDH_Test(&ecparams);
1658
0
    if (rv != SECSuccess) {
1659
0
        return (SECFailure);
1660
0
    }
1661
1662
0
    return (SECSuccess);
1663
0
}
1664
1665
static SECStatus
1666
freebl_fips_DH_PowerUpSelfTest(void)
1667
0
{
1668
    /* DH Known P (2048-bits) */
1669
0
    static const PRUint8 dh_known_P[] = {
1670
0
        0xc2, 0x79, 0xbb, 0x76, 0x32, 0x0d, 0x43, 0xfd,
1671
0
        0x1b, 0x8c, 0xa2, 0x3c, 0x00, 0xdd, 0x6d, 0xef,
1672
0
        0xf8, 0x1a, 0xd9, 0xc1, 0xa2, 0xf5, 0x73, 0x2b,
1673
0
        0xdb, 0x1a, 0x3e, 0x84, 0x90, 0xeb, 0xe7, 0x8e,
1674
0
        0x5f, 0x5c, 0x6b, 0xb6, 0x61, 0x89, 0xd1, 0x03,
1675
0
        0xb0, 0x5f, 0x91, 0xe4, 0xd2, 0x82, 0x90, 0xfc,
1676
0
        0x3c, 0x49, 0x69, 0x59, 0xc1, 0x51, 0x6a, 0x85,
1677
0
        0x71, 0xe7, 0x5d, 0x72, 0x5a, 0x45, 0xad, 0x01,
1678
0
        0x6f, 0x82, 0xae, 0xec, 0x91, 0x08, 0x2e, 0x7c,
1679
0
        0x64, 0x93, 0x46, 0x1c, 0x68, 0xef, 0xc2, 0x03,
1680
0
        0x28, 0x1d, 0x75, 0x3a, 0xeb, 0x9c, 0x46, 0xf0,
1681
0
        0xc9, 0xdb, 0x99, 0x95, 0x13, 0x66, 0x4d, 0xd5,
1682
0
        0x1a, 0x78, 0x92, 0x51, 0x89, 0x72, 0x28, 0x7f,
1683
0
        0x20, 0x70, 0x41, 0x49, 0xa2, 0x86, 0xe9, 0xf9,
1684
0
        0x78, 0x5f, 0x8d, 0x2e, 0x5d, 0xfa, 0xdb, 0x57,
1685
0
        0xd4, 0x71, 0xdf, 0x66, 0xe3, 0x9e, 0x88, 0x70,
1686
0
        0xa4, 0x21, 0x44, 0x6a, 0xc7, 0xae, 0x30, 0x2c,
1687
0
        0x9c, 0x1f, 0x91, 0x57, 0xc8, 0x24, 0x34, 0x2d,
1688
0
        0x7a, 0x4a, 0x43, 0xc2, 0x5f, 0xab, 0x64, 0x2e,
1689
0
        0xaa, 0x28, 0x32, 0x95, 0x42, 0x7b, 0xa0, 0xcc,
1690
0
        0xdf, 0xfd, 0x22, 0xc8, 0x56, 0x84, 0xc1, 0x62,
1691
0
        0x15, 0xb2, 0x77, 0x86, 0x81, 0xfc, 0xa5, 0x12,
1692
0
        0x3c, 0xca, 0x28, 0x17, 0x8f, 0x03, 0x16, 0x6e,
1693
0
        0xb8, 0x24, 0xfa, 0x1b, 0x15, 0x02, 0xfd, 0x8b,
1694
0
        0xb6, 0x0a, 0x1a, 0xf7, 0x47, 0x41, 0xc5, 0x2b,
1695
0
        0x37, 0x3e, 0xa1, 0xbf, 0x68, 0xda, 0x1c, 0x55,
1696
0
        0x44, 0xc3, 0xee, 0xa1, 0x63, 0x07, 0x11, 0x3b,
1697
0
        0x5f, 0x00, 0x84, 0xb4, 0xc4, 0xe4, 0xa7, 0x97,
1698
0
        0x29, 0xf8, 0xce, 0xab, 0xfc, 0x27, 0x3e, 0x34,
1699
0
        0xe4, 0xc7, 0x81, 0x52, 0x32, 0x0e, 0x27, 0x3c,
1700
0
        0xa6, 0x70, 0x3f, 0x4a, 0x54, 0xda, 0xdd, 0x60,
1701
0
        0x26, 0xb3, 0x6e, 0x45, 0x26, 0x19, 0x41, 0x6f
1702
0
    };
1703
1704
0
    static const PRUint8 dh_known_Y_1[] = {
1705
0
        0xb4, 0xc7, 0x85, 0xba, 0xa6, 0x98, 0xb3, 0x77,
1706
0
        0x41, 0x2b, 0xd9, 0x9a, 0x72, 0x90, 0xa4, 0xac,
1707
0
        0xc4, 0xf7, 0xc2, 0x23, 0x9a, 0x68, 0xe2, 0x7d,
1708
0
        0x3a, 0x54, 0x45, 0x91, 0xc1, 0xd7, 0x8a, 0x17,
1709
0
        0x54, 0xd3, 0x37, 0xaa, 0x0c, 0xcd, 0x0b, 0xe2,
1710
0
        0xf2, 0x34, 0x0f, 0x17, 0xa8, 0x07, 0x88, 0xaf,
1711
0
        0xed, 0xc1, 0x02, 0xd4, 0xdb, 0xdc, 0x0f, 0x22,
1712
0
        0x51, 0x23, 0x40, 0xb9, 0x65, 0x6d, 0x39, 0xf4,
1713
0
        0xe1, 0x8b, 0x57, 0x7d, 0xb6, 0xd3, 0xf2, 0x6b,
1714
0
        0x02, 0xa9, 0x36, 0xf0, 0x0d, 0xe3, 0xdb, 0x9a,
1715
0
        0xbf, 0x20, 0x00, 0x4d, 0xec, 0x6f, 0x68, 0x95,
1716
0
        0xee, 0x59, 0x4e, 0x3c, 0xb6, 0xda, 0x7b, 0x19,
1717
0
        0x08, 0x9a, 0xef, 0x61, 0x43, 0xf5, 0xfb, 0x25,
1718
0
        0x70, 0x19, 0xc1, 0x5f, 0x0e, 0x0f, 0x6a, 0x63,
1719
0
        0x44, 0xe9, 0xcf, 0x33, 0xce, 0x13, 0x4f, 0x34,
1720
0
        0x3c, 0x94, 0x40, 0x8d, 0xf2, 0x65, 0x42, 0xef,
1721
0
        0x70, 0x54, 0xdd, 0x5f, 0xc1, 0xd7, 0x0b, 0xa6,
1722
0
        0x06, 0xd5, 0xa6, 0x47, 0xae, 0x2c, 0x1f, 0x5a,
1723
0
        0xa6, 0xb3, 0xc1, 0x38, 0x3a, 0x3b, 0x60, 0x94,
1724
0
        0xa2, 0x95, 0xab, 0xb2, 0x86, 0x82, 0xc5, 0x3b,
1725
0
        0xb8, 0x6f, 0x3e, 0x55, 0x86, 0x84, 0xe0, 0x00,
1726
0
        0xe5, 0xef, 0xca, 0x5c, 0xec, 0x7e, 0x38, 0x0f,
1727
0
        0x82, 0xa2, 0xb1, 0xee, 0x48, 0x1b, 0x32, 0xbb,
1728
0
        0x5a, 0x33, 0xa5, 0x01, 0xba, 0xca, 0xa6, 0x64,
1729
0
        0x61, 0xb6, 0xe5, 0x5c, 0x0e, 0x5f, 0x2c, 0x66,
1730
0
        0x0d, 0x01, 0x6a, 0x20, 0x04, 0x70, 0x68, 0x82,
1731
0
        0x93, 0x29, 0x15, 0x3b, 0x7a, 0x06, 0xb2, 0x92,
1732
0
        0x61, 0xcd, 0x7e, 0xa4, 0xc1, 0x15, 0x64, 0x3b,
1733
0
        0x3c, 0x51, 0x10, 0x4c, 0x87, 0xa6, 0xaf, 0x07,
1734
0
        0xce, 0x46, 0x82, 0x75, 0xf3, 0x90, 0xf3, 0x21,
1735
0
        0x55, 0x74, 0xc2, 0xe4, 0x96, 0x7d, 0xc3, 0xe6,
1736
0
        0x33, 0xa5, 0xc6, 0x51, 0xef, 0xec, 0x90, 0x08
1737
0
    };
1738
1739
0
    static const PRUint8 dh_known_x_2[] = {
1740
0
        0x9e, 0x9b, 0xc3, 0x25, 0x53, 0xf9, 0xfc, 0x92,
1741
0
        0xb6, 0xae, 0x54, 0x8e, 0x23, 0x4c, 0x94, 0xba,
1742
0
        0x41, 0xe6, 0x29, 0x33, 0xb9, 0xdb, 0xff, 0x6d,
1743
0
        0xa8, 0xb8, 0x48, 0x49, 0x66, 0x11, 0xa6, 0x13
1744
0
    };
1745
1746
0
    static const PRUint8 dh_known_hash_result[] = {
1747
0
        0x93, 0xa2, 0x89, 0x1c, 0x8a, 0xc3, 0x70, 0xbf,
1748
0
        0xa7, 0xdf, 0xb6, 0xd7, 0x82, 0xfb, 0x87, 0x81,
1749
0
        0x09, 0x47, 0xf3, 0x9f, 0x5a, 0xbf, 0x4f, 0x3f,
1750
0
        0x8e, 0x5e, 0x06, 0xca, 0x30, 0xa7, 0xaf, 0x10
1751
0
    };
1752
1753
    /* DH variables. */
1754
0
    SECStatus dhStatus;
1755
0
    SECItem dh_prime;
1756
0
    SECItem dh_pub_key_1;
1757
0
    SECItem dh_priv_key_2;
1758
0
    SECItem ZZ = { 0, 0, 0 };
1759
0
    PRUint8 computed_hash_result[HASH_LENGTH_MAX];
1760
1761
0
    dh_prime.data = (PRUint8 *)dh_known_P;
1762
0
    dh_prime.len = sizeof(dh_known_P);
1763
0
    dh_pub_key_1.data = (PRUint8 *)dh_known_Y_1;
1764
0
    dh_pub_key_1.len = sizeof(dh_known_Y_1);
1765
0
    dh_priv_key_2.data = (PRUint8 *)dh_known_x_2;
1766
0
    dh_priv_key_2.len = sizeof(dh_known_x_2);
1767
1768
    /* execute the derive */
1769
0
    dhStatus = DH_Derive(&dh_pub_key_1, &dh_prime, &dh_priv_key_2, &ZZ, dh_prime.len);
1770
0
    if (dhStatus != SECSuccess) {
1771
0
        goto loser;
1772
0
    }
1773
1774
0
    dhStatus = SHA256_HashBuf(computed_hash_result, ZZ.data, ZZ.len);
1775
0
    if (dhStatus != SECSuccess) {
1776
0
        goto loser;
1777
0
    }
1778
1779
0
    if (PORT_Memcmp(computed_hash_result, dh_known_hash_result,
1780
0
                    sizeof(dh_known_hash_result)) != 0) {
1781
0
        dhStatus = SECFailure;
1782
0
        goto loser;
1783
0
    }
1784
1785
0
loser:
1786
0
    if (ZZ.data) {
1787
0
        SECITEM_FreeItem(&ZZ, PR_FALSE);
1788
0
    }
1789
1790
0
    if (dhStatus != SECSuccess) {
1791
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1792
0
        return (SECFailure);
1793
0
    }
1794
0
    return (SECSuccess);
1795
0
}
1796
1797
static SECStatus
1798
freebl_fips_RNG_PowerUpSelfTest(void)
1799
2
{
1800
2
    SECStatus rng_status = SECSuccess;
1801
1802
    /*******************************************/
1803
    /*   Run the SP 800-90 Health tests        */
1804
    /*******************************************/
1805
2
    rng_status = PRNGTEST_RunHealthTests();
1806
2
    if (rng_status != SECSuccess) {
1807
2
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1808
2
        return SECFailure;
1809
2
    }
1810
1811
0
    return (SECSuccess);
1812
2
}
1813
1814
static SECStatus
1815
freebl_fipsSoftwareIntegrityTest(const char *libname)
1816
0
{
1817
0
    SECStatus rv = SECSuccess;
1818
1819
    /* make sure that our check file signatures are OK */
1820
0
    if (!BLAPI_VerifySelf(libname)) {
1821
0
        rv = SECFailure;
1822
0
    }
1823
0
    return rv;
1824
0
}
1825
1826
4
#define DO_FREEBL 1
1827
6
#define DO_REST 2
1828
1829
static SECStatus
1830
freebl_fipsPowerUpSelfTest(unsigned int tests)
1831
2
{
1832
2
    SECStatus rv;
1833
1834
    /*
1835
     * stand alone freebl. Test hash, and rng
1836
     */
1837
2
    if (tests & DO_FREEBL) {
1838
1839
        /* SHA-X Power-Up SelfTest(s). */
1840
2
        rv = freebl_fips_SHA_PowerUpSelfTest();
1841
1842
2
        if (rv != SECSuccess)
1843
0
            return rv;
1844
2
    }
1845
1846
    /*
1847
     * test the rest of the algorithms not accessed through freebl
1848
     * standalone */
1849
2
    if (tests & DO_REST) {
1850
1851
        /* RNG Power-Up SelfTest(s). */
1852
2
        rv = freebl_fips_RNG_PowerUpSelfTest();
1853
1854
2
        if (rv != SECSuccess)
1855
2
            return rv;
1856
1857
        /* DES3 Power-Up SelfTest(s). */
1858
0
        rv = freebl_fips_DES3_PowerUpSelfTest();
1859
1860
0
        if (rv != SECSuccess)
1861
0
            return rv;
1862
1863
        /* AES Power-Up SelfTest(s) for 128-bit key. */
1864
0
        rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);
1865
1866
0
        if (rv != SECSuccess)
1867
0
            return rv;
1868
1869
        /* AES Power-Up SelfTest(s) for 192-bit key. */
1870
0
        rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);
1871
1872
0
        if (rv != SECSuccess)
1873
0
            return rv;
1874
1875
        /* AES Power-Up SelfTest(s) for 256-bit key. */
1876
0
        rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);
1877
1878
0
        if (rv != SECSuccess)
1879
0
            return rv;
1880
1881
        /* HMAC SHA-X Power-Up SelfTest(s). */
1882
0
        rv = freebl_fips_HMAC_PowerUpSelfTest();
1883
1884
0
        if (rv != SECSuccess)
1885
0
            return rv;
1886
1887
        /* TLS PRF Power-Up SelfTest(s). */
1888
0
        rv = freebl_fips_TLS_PowerUpSelfTest();
1889
1890
0
        if (rv != SECSuccess)
1891
0
            return rv;
1892
1893
        /* NOTE: RSA can only be tested in full freebl. It requires access to
1894
         * the locking primitives */
1895
        /* RSA Power-Up SelfTest(s). */
1896
0
        rv = freebl_fips_RSA_PowerUpSelfTest();
1897
1898
0
        if (rv != SECSuccess)
1899
0
            return rv;
1900
1901
        /* DH Power-Up SelfTest(s). */
1902
0
        rv = freebl_fips_DH_PowerUpSelfTest();
1903
1904
0
        if (rv != SECSuccess)
1905
0
            return rv;
1906
1907
        /* EC Power-Up SelfTest(s). */
1908
0
        rv = freebl_fips_EC_PowerUpSelfTest();
1909
1910
0
        if (rv != SECSuccess)
1911
0
            return rv;
1912
0
    }
1913
    /* Passed Power-Up SelfTest(s). */
1914
0
    return (SECSuccess);
1915
2
}
1916
1917
/*
1918
 * state variables. NOTE: freebl has two uses: a standalone use which
1919
 * provided limitted access to the hash functions throught the NSSLOWHASH_
1920
 * interface and an joint use from softoken, using the function pointer
1921
 * table. The standalone use can operation without nspr or nss-util, while
1922
 * the joint use requires both to be loaded. Certain functions (like RSA)
1923
 * needs locking from NSPR, for instance.
1924
 *
1925
 * At load time, we need to handle the two uses separately. If nspr and
1926
 * nss-util  are loaded, then we can run all the selftests, but if nspr and
1927
 * nss-util are not loaded, then we can't run all the selftests, and we need
1928
 * to prevent the softoken function pointer table from operating until the
1929
 * libraries are loaded and we try to use them.
1930
 */
1931
static PRBool self_tests_freebl_ran = PR_FALSE;
1932
static PRBool self_tests_ran = PR_FALSE;
1933
static PRBool self_tests_freebl_success = PR_FALSE;
1934
static PRBool self_tests_success = PR_FALSE;
1935
1936
/*
1937
 * accessors for freebl
1938
 */
1939
PRBool
1940
BL_POSTRan(PRBool freebl_only)
1941
0
{
1942
0
    SECStatus rv;
1943
    /* if the freebl self tests didn't run, there is something wrong with
1944
     * our on load tests */
1945
0
    if (!self_tests_freebl_ran) {
1946
0
        return PR_FALSE;
1947
0
    }
1948
    /* if all the self tests have run, we are good */
1949
0
    if (self_tests_ran) {
1950
0
        return PR_TRUE;
1951
0
    }
1952
    /* if we only care about the freebl tests, we are good */
1953
0
    if (freebl_only) {
1954
0
        return PR_TRUE;
1955
0
    }
1956
    /* run the rest of the self tests */
1957
    /* We could get there if freebl was loaded without the rest of the support
1958
     * libraries, but now we want to use more than just a standalone freebl.
1959
     * This requires the other libraries to be loaded.
1960
     * If they are now loaded, Try to run the rest of the selftests,
1961
     * otherwise fail (disabling access to these algorithms)  */
1962
0
    self_tests_ran = PR_TRUE;
1963
0
    BL_Init();     /* required by RSA */
1964
0
    RNG_RNGInit(); /* required by RSA */
1965
0
    rv = freebl_fipsPowerUpSelfTest(DO_REST);
1966
0
    if (rv == SECSuccess) {
1967
0
        self_tests_success = PR_TRUE;
1968
0
    }
1969
0
    return PR_TRUE;
1970
0
}
1971
1972
#include "blname.c"
1973
1974
/*
1975
 * This function is called at dll load time, the code tha makes this
1976
 * happen is platform specific on defined above.
1977
 */
1978
static void
1979
bl_startup_tests(void)
1980
2
{
1981
2
    const char *libraryName;
1982
2
    PRBool freebl_only = PR_FALSE;
1983
2
    SECStatus rv;
1984
1985
2
    PORT_Assert(self_tests_freebl_ran == PR_FALSE);
1986
2
    PORT_Assert(self_tests_success == PR_FALSE);
1987
2
    self_tests_freebl_ran = PR_TRUE;      /* we are running the tests */
1988
2
    self_tests_success = PR_FALSE;        /* force it just in case */
1989
2
    self_tests_freebl_success = PR_FALSE; /* force it just in case */
1990
1991
#ifdef FREEBL_NO_DEPEND
1992
    rv = FREEBL_InitStubs();
1993
    if (rv != SECSuccess) {
1994
        freebl_only = PR_TRUE;
1995
    }
1996
#endif
1997
1998
2
    self_tests_freebl_ran = PR_TRUE; /* we are running the tests */
1999
2000
2
    if (!freebl_only) {
2001
2
        self_tests_ran = PR_TRUE; /* we're running all the tests */
2002
2
        BL_Init();                /* needs to be called before RSA can be used */
2003
2
        RNG_RNGInit();
2004
2
    }
2005
2006
    /* always run the post tests */
2007
2
    rv = freebl_fipsPowerUpSelfTest(freebl_only ? DO_FREEBL : DO_FREEBL | DO_REST);
2008
2
    if (rv != SECSuccess) {
2009
2
        return;
2010
2
    }
2011
2012
0
    libraryName = getLibName();
2013
0
    rv = freebl_fipsSoftwareIntegrityTest(libraryName);
2014
0
    if (rv != SECSuccess) {
2015
0
        return;
2016
0
    }
2017
2018
    /* posts are happy, allow the fips module to function now */
2019
0
    self_tests_freebl_success = PR_TRUE; /* we always test the freebl stuff */
2020
0
    if (!freebl_only) {
2021
0
        self_tests_success = PR_TRUE;
2022
0
    }
2023
0
}
2024
2025
/*
2026
 * this is called from the freebl init entry points that controll access to
2027
 * all other freebl functions. This prevents freebl from operating if our
2028
 * power on selftest failed.
2029
 */
2030
SECStatus
2031
BL_FIPSEntryOK(PRBool freebl_only, PRBool rerun)
2032
2
{
2033
#ifdef NSS_NO_INIT_SUPPORT
2034
    /* this should only be set on platforms that can't handle one of the INIT
2035
     * schemes.  This code allows those platforms to continue to function,
2036
     * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT
2037
     * is not set, and init support has not been properly enabled, freebl
2038
     * will always fail because of the test below
2039
     */
2040
    if (!self_tests_freebl_ran) {
2041
        bl_startup_tests();
2042
    }
2043
#endif
2044
2
    if (rerun) {
2045
        /* reset the flags */
2046
0
        self_tests_freebl_ran = PR_FALSE;
2047
0
        self_tests_success = PR_FALSE;
2048
0
        self_tests_success = PR_FALSE;
2049
0
        self_tests_freebl_success = PR_FALSE;
2050
0
        bl_startup_tests();
2051
0
    }
2052
    /* if the general self tests succeeded, we're done */
2053
2
    if (self_tests_success) {
2054
0
        return SECSuccess;
2055
0
    }
2056
    /* standalone freebl can initialize */
2057
2
    if (freebl_only && self_tests_freebl_success) {
2058
0
        return SECSuccess;
2059
0
    }
2060
2
    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
2061
2
    return SECFailure;
2062
2
}
2063
#endif