/src/nss-nspr/nss/lib/softoken/fipstest.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * PKCS #11 FIPS Power-Up Self Test. |
3 | | * |
4 | | * This Source Code Form is subject to the terms of the Mozilla Public |
5 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | | |
8 | | #ifndef NSS_FIPS_DISABLED |
9 | | #include "seccomon.h" |
10 | | #include "blapi.h" |
11 | | #include "softoken.h" |
12 | | #include "lowkeyi.h" |
13 | | #include "secoid.h" |
14 | | #include "secerr.h" |
15 | | #include "pkcs11i.h" |
16 | | #include "lowpbe.h" |
17 | | |
18 | | /* |
19 | | * different platforms have different ways of calling and initial entry point |
20 | | * when the dll/.so is loaded. Most platforms support either a posix pragma |
21 | | * or the GCC attribute. Some platforms suppor a pre-defined name, and some |
22 | | * platforms have a link line way of invoking this function. |
23 | | */ |
24 | | |
25 | | /* The pragma */ |
26 | | #if defined(USE_INIT_PRAGMA) |
27 | | #pragma init(sftk_startup_tests) |
28 | | #endif |
29 | | |
30 | | /* GCC Attribute */ |
31 | | #if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT) |
32 | | #define INIT_FUNCTION __attribute__((constructor)) |
33 | | #else |
34 | | #define INIT_FUNCTION |
35 | | #endif |
36 | | |
37 | | static void INIT_FUNCTION sftk_startup_tests(void); |
38 | | |
39 | | /* Windows pre-defined entry */ |
40 | | #if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT) |
41 | | #include <windows.h> |
42 | | |
43 | | BOOL WINAPI |
44 | | DllMain( |
45 | | HINSTANCE hinstDLL, // handle to DLL module |
46 | | DWORD fdwReason, // reason for calling function |
47 | | LPVOID lpReserved) // reserved |
48 | | { |
49 | | // Perform actions based on the reason for calling. |
50 | | switch (fdwReason) { |
51 | | case DLL_PROCESS_ATTACH: |
52 | | // Initialize once for each new process. |
53 | | // Return FALSE to fail DLL load. |
54 | | sftk_startup_tests(); |
55 | | break; |
56 | | |
57 | | case DLL_THREAD_ATTACH: |
58 | | // Do thread-specific initialization. |
59 | | break; |
60 | | |
61 | | case DLL_THREAD_DETACH: |
62 | | // Do thread-specific cleanup. |
63 | | break; |
64 | | |
65 | | case DLL_PROCESS_DETACH: |
66 | | // Perform any necessary cleanup. |
67 | | break; |
68 | | } |
69 | | return TRUE; // Successful DLL_PROCESS_ATTACH. |
70 | | } |
71 | | #endif |
72 | | |
73 | | /* FIPS preprocessor directives for RSA. */ |
74 | 22 | #define FIPS_RSA_TYPE siBuffer |
75 | 4 | #define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */ |
76 | 2 | #define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */ |
77 | 6 | #define FIPS_RSA_MESSAGE_LENGTH 256 /* 2048-bits */ |
78 | 2 | #define FIPS_RSA_COEFFICIENT_LENGTH 128 /* 1024-bits */ |
79 | 2 | #define FIPS_RSA_PRIME0_LENGTH 128 /* 1024-bits */ |
80 | 2 | #define FIPS_RSA_PRIME1_LENGTH 128 /* 1024-bits */ |
81 | 2 | #define FIPS_RSA_EXPONENT0_LENGTH 128 /* 1024-bits */ |
82 | 2 | #define FIPS_RSA_EXPONENT1_LENGTH 128 /* 1024-bits */ |
83 | 2 | #define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */ |
84 | | #define FIPS_RSA_ENCRYPT_LENGTH 256 /* 2048-bits */ |
85 | | #define FIPS_RSA_DECRYPT_LENGTH 256 /* 2048-bits */ |
86 | 18 | #define FIPS_RSA_SIGNATURE_LENGTH 256 /* 2048-bits */ |
87 | 4 | #define FIPS_RSA_MODULUS_LENGTH 256 /* 2048-bits */ |
88 | | |
89 | | /* |
90 | | * Test the softoken RSA_HashSign and RSH_HashCheckSign. |
91 | | */ |
92 | | static SECStatus |
93 | | sftk_fips_RSA_PowerUpSigSelfTest(HASH_HashType shaAlg, |
94 | | NSSLOWKEYPublicKey *rsa_public_key, |
95 | | NSSLOWKEYPrivateKey *rsa_private_key, |
96 | | const unsigned char *rsa_known_msg, |
97 | | const unsigned int rsa_kmsg_length, |
98 | | const unsigned char *rsa_known_signature) |
99 | 6 | { |
100 | 6 | SECOidTag shaOid; /* SHA OID */ |
101 | 6 | unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ |
102 | 6 | unsigned int shaLength = 0; /* length of SHA */ |
103 | 6 | unsigned int rsa_bytes_signed; |
104 | 6 | unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH]; |
105 | 6 | SECStatus rv; |
106 | | |
107 | 6 | if (shaAlg == HASH_AlgSHA1) { |
108 | 0 | if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { |
109 | 0 | goto loser; |
110 | 0 | } |
111 | 0 | shaLength = SHA1_LENGTH; |
112 | 0 | shaOid = SEC_OID_SHA1; |
113 | 6 | } else if (shaAlg == HASH_AlgSHA256) { |
114 | 2 | if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { |
115 | 0 | goto loser; |
116 | 0 | } |
117 | 2 | shaLength = SHA256_LENGTH; |
118 | 2 | shaOid = SEC_OID_SHA256; |
119 | 4 | } else if (shaAlg == HASH_AlgSHA384) { |
120 | 2 | if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { |
121 | 0 | goto loser; |
122 | 0 | } |
123 | 2 | shaLength = SHA384_LENGTH; |
124 | 2 | shaOid = SEC_OID_SHA384; |
125 | 2 | } else if (shaAlg == HASH_AlgSHA512) { |
126 | 2 | if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { |
127 | 0 | goto loser; |
128 | 0 | } |
129 | 2 | shaLength = SHA512_LENGTH; |
130 | 2 | shaOid = SEC_OID_SHA512; |
131 | 2 | } else { |
132 | 0 | goto loser; |
133 | 0 | } |
134 | | |
135 | | /*************************************************/ |
136 | | /* RSA Single-Round Known Answer Signature Test. */ |
137 | | /*************************************************/ |
138 | | |
139 | | /* Perform RSA signature with the RSA private key. */ |
140 | 6 | rv = RSA_HashSign(shaOid, |
141 | 6 | rsa_private_key, |
142 | 6 | rsa_computed_signature, |
143 | 6 | &rsa_bytes_signed, |
144 | 6 | FIPS_RSA_SIGNATURE_LENGTH, |
145 | 6 | sha, |
146 | 6 | shaLength); |
147 | | |
148 | 6 | if ((rv != SECSuccess) || |
149 | 6 | (rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH) || |
150 | 6 | (PORT_Memcmp(rsa_computed_signature, rsa_known_signature, |
151 | 6 | FIPS_RSA_SIGNATURE_LENGTH) != 0)) { |
152 | 0 | goto loser; |
153 | 0 | } |
154 | | |
155 | | /****************************************************/ |
156 | | /* RSA Single-Round Known Answer Verification Test. */ |
157 | | /****************************************************/ |
158 | | |
159 | | /* Perform RSA verification with the RSA public key. */ |
160 | 6 | rv = RSA_HashCheckSign(shaOid, |
161 | 6 | rsa_public_key, |
162 | 6 | rsa_computed_signature, |
163 | 6 | rsa_bytes_signed, |
164 | 6 | sha, |
165 | 6 | shaLength); |
166 | | |
167 | 6 | if (rv != SECSuccess) { |
168 | 0 | goto loser; |
169 | 0 | } |
170 | 6 | return (SECSuccess); |
171 | | |
172 | 0 | loser: |
173 | |
|
174 | 0 | return (SECFailure); |
175 | 6 | } |
176 | | |
177 | | static SECStatus |
178 | | sftk_fips_RSA_PowerUpSelfTest(void) |
179 | 2 | { |
180 | | /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */ |
181 | 2 | static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = { |
182 | 2 | 0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5, |
183 | 2 | 0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2, |
184 | 2 | 0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e, |
185 | 2 | 0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88, |
186 | 2 | 0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed, |
187 | 2 | 0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f, |
188 | 2 | 0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9, |
189 | 2 | 0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e, |
190 | 2 | 0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7, |
191 | 2 | 0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7, |
192 | 2 | 0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8, |
193 | 2 | 0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2, |
194 | 2 | 0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57, |
195 | 2 | 0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6, |
196 | 2 | 0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d, |
197 | 2 | 0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20, |
198 | 2 | 0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9, |
199 | 2 | 0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d, |
200 | 2 | 0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7, |
201 | 2 | 0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e, |
202 | 2 | 0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15, |
203 | 2 | 0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12, |
204 | 2 | 0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4, |
205 | 2 | 0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e, |
206 | 2 | 0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77, |
207 | 2 | 0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53, |
208 | 2 | 0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0, |
209 | 2 | 0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46, |
210 | 2 | 0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39, |
211 | 2 | 0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4, |
212 | 2 | 0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43, |
213 | 2 | 0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b |
214 | 2 | }; |
215 | | |
216 | | /* RSA Known Public Key Values (24-bits). */ |
217 | 2 | static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] = { 0x01, 0x00, 0x01 }; |
218 | | /* RSA Known Private Key Values (version is 8-bits), */ |
219 | | /* (private exponent is 2048-bits), */ |
220 | | /* (private prime0 is 1024-bits), */ |
221 | | /* (private prime1 is 1024-bits), */ |
222 | | /* (private prime exponent0 is 1024-bits), */ |
223 | | /* (private prime exponent1 is 1024-bits), */ |
224 | | /* and (private coefficient is 1024-bits). */ |
225 | 2 | static const PRUint8 rsa_version[] = { 0x00 }; |
226 | | |
227 | 2 | static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] = { |
228 | 2 | 0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c, |
229 | 2 | 0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67, |
230 | 2 | 0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5, |
231 | 2 | 0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff, |
232 | 2 | 0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35, |
233 | 2 | 0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83, |
234 | 2 | 0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0, |
235 | 2 | 0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00, |
236 | 2 | 0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e, |
237 | 2 | 0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7, |
238 | 2 | 0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67, |
239 | 2 | 0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84, |
240 | 2 | 0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4, |
241 | 2 | 0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54, |
242 | 2 | 0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9, |
243 | 2 | 0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c, |
244 | 2 | 0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06, |
245 | 2 | 0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a, |
246 | 2 | 0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7, |
247 | 2 | 0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8, |
248 | 2 | 0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95, |
249 | 2 | 0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02, |
250 | 2 | 0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb, |
251 | 2 | 0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c, |
252 | 2 | 0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38, |
253 | 2 | 0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44, |
254 | 2 | 0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23, |
255 | 2 | 0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e, |
256 | 2 | 0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d, |
257 | 2 | 0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21, |
258 | 2 | 0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48, |
259 | 2 | 0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81 |
260 | 2 | }; |
261 | | |
262 | 2 | static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = { |
263 | 2 | 0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40, |
264 | 2 | 0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96, |
265 | 2 | 0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f, |
266 | 2 | 0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96, |
267 | 2 | 0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d, |
268 | 2 | 0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc, |
269 | 2 | 0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58, |
270 | 2 | 0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38, |
271 | 2 | 0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85, |
272 | 2 | 0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6, |
273 | 2 | 0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4, |
274 | 2 | 0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f, |
275 | 2 | 0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19, |
276 | 2 | 0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4, |
277 | 2 | 0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95, |
278 | 2 | 0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05 |
279 | 2 | }; |
280 | 2 | static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = { |
281 | 2 | 0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06, |
282 | 2 | 0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c, |
283 | 2 | 0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8, |
284 | 2 | 0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34, |
285 | 2 | 0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36, |
286 | 2 | 0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88, |
287 | 2 | 0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9, |
288 | 2 | 0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd, |
289 | 2 | 0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b, |
290 | 2 | 0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35, |
291 | 2 | 0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a, |
292 | 2 | 0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70, |
293 | 2 | 0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05, |
294 | 2 | 0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed, |
295 | 2 | 0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9, |
296 | 2 | 0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf |
297 | 2 | }; |
298 | 2 | static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = { |
299 | 2 | 0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1, |
300 | 2 | 0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a, |
301 | 2 | 0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9, |
302 | 2 | 0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37, |
303 | 2 | 0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d, |
304 | 2 | 0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c, |
305 | 2 | 0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59, |
306 | 2 | 0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01, |
307 | 2 | 0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda, |
308 | 2 | 0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63, |
309 | 2 | 0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde, |
310 | 2 | 0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62, |
311 | 2 | 0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5, |
312 | 2 | 0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2, |
313 | 2 | 0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8, |
314 | 2 | 0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d |
315 | 2 | }; |
316 | 2 | static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = { |
317 | 2 | 0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b, |
318 | 2 | 0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea, |
319 | 2 | 0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44, |
320 | 2 | 0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02, |
321 | 2 | 0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c, |
322 | 2 | 0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a, |
323 | 2 | 0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4, |
324 | 2 | 0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb, |
325 | 2 | 0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea, |
326 | 2 | 0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07, |
327 | 2 | 0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97, |
328 | 2 | 0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55, |
329 | 2 | 0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4, |
330 | 2 | 0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7, |
331 | 2 | 0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40, |
332 | 2 | 0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59 |
333 | 2 | }; |
334 | 2 | static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = { |
335 | 2 | 0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96, |
336 | 2 | 0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3, |
337 | 2 | 0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91, |
338 | 2 | 0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83, |
339 | 2 | 0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b, |
340 | 2 | 0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b, |
341 | 2 | 0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0, |
342 | 2 | 0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a, |
343 | 2 | 0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5, |
344 | 2 | 0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd, |
345 | 2 | 0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37, |
346 | 2 | 0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22, |
347 | 2 | 0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21, |
348 | 2 | 0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1, |
349 | 2 | 0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2, |
350 | 2 | 0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02 |
351 | 2 | }; |
352 | | |
353 | | /* RSA Known Plaintext Message (1024-bits). */ |
354 | 2 | static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = { |
355 | 2 | "Known plaintext message utilized" |
356 | 2 | "for RSA Encryption & Decryption" |
357 | 2 | "blocks SHA256, SHA384 and " |
358 | 2 | "SHA512 RSA Signature KAT tests. " |
359 | 2 | "Known plaintext message utilized" |
360 | 2 | "for RSA Encryption & Decryption" |
361 | 2 | "blocks SHA256, SHA384 and " |
362 | 2 | "SHA512 RSA Signature KAT tests." |
363 | 2 | }; |
364 | | |
365 | | /* RSA Known Signed Hash (2048-bits). */ |
366 | 2 | static const PRUint8 rsa_known_sha256_signature[] = { |
367 | 2 | 0x8c, 0x2d, 0x2e, 0xfb, 0x37, 0xb5, 0x6f, 0x38, |
368 | 2 | 0x9f, 0x06, 0x5a, 0xf3, 0x8c, 0xa0, 0xd0, 0x7a, |
369 | 2 | 0xde, 0xcf, 0xf9, 0x14, 0x95, 0x59, 0xd3, 0x5f, |
370 | 2 | 0x51, 0x5d, 0x5d, 0xad, 0xd8, 0x71, 0x33, 0x50, |
371 | 2 | 0x1d, 0x03, 0x3b, 0x3a, 0x32, 0x00, 0xb4, 0xde, |
372 | 2 | 0x7f, 0xe4, 0xb1, 0xe5, 0x6b, 0x83, 0xf4, 0x80, |
373 | 2 | 0x10, 0x3b, 0xb8, 0x8a, 0xdb, 0xe8, 0x0a, 0x42, |
374 | 2 | 0x9e, 0x8d, 0xd7, 0xbe, 0xed, 0xde, 0x5a, 0x3d, |
375 | 2 | 0xc6, 0xdb, 0xfe, 0x49, 0x6a, 0xe9, 0x1e, 0x75, |
376 | 2 | 0x66, 0xf1, 0x3f, 0x9e, 0x3f, 0xff, 0x05, 0x65, |
377 | 2 | 0xde, 0xca, 0x62, 0x62, 0xf3, 0xec, 0x53, 0x09, |
378 | 2 | 0xa0, 0x37, 0xd5, 0x66, 0x62, 0x72, 0x14, 0xb6, |
379 | 2 | 0x51, 0x32, 0x67, 0x50, 0xc1, 0xe1, 0x2f, 0x9e, |
380 | 2 | 0x98, 0x4e, 0x53, 0x96, 0x55, 0x4b, 0xc4, 0x92, |
381 | 2 | 0xc3, 0xb4, 0x80, 0xf0, 0x35, 0xc9, 0x00, 0x4b, |
382 | 2 | 0x5c, 0x85, 0x92, 0xb1, 0xe8, 0x6e, 0xa5, 0x51, |
383 | 2 | 0x38, 0x9f, 0xc9, 0x11, 0xb6, 0x14, 0xdf, 0x34, |
384 | 2 | 0x64, 0x40, 0x82, 0x82, 0xde, 0x16, 0x69, 0x93, |
385 | 2 | 0x89, 0x4e, 0x5c, 0x32, 0xf2, 0x0a, 0x4e, 0x9e, |
386 | 2 | 0xbd, 0x63, 0x99, 0x4f, 0xf3, 0x15, 0x90, 0xc2, |
387 | 2 | 0xfe, 0x6f, 0xb7, 0xf4, 0xad, 0xd4, 0x8e, 0x0b, |
388 | 2 | 0xd2, 0xf5, 0x22, 0xd2, 0x71, 0x65, 0x13, 0xf7, |
389 | 2 | 0x82, 0x7b, 0x75, 0xb6, 0xc1, 0xb4, 0x45, 0xbd, |
390 | 2 | 0x8f, 0x95, 0xcf, 0x5b, 0x95, 0x32, 0xef, 0x18, |
391 | 2 | 0x5f, 0xd3, 0xdf, 0x7e, 0x22, 0xdd, 0x25, 0xeb, |
392 | 2 | 0xe1, 0xbf, 0x3b, 0x9a, 0x55, 0x75, 0x4f, 0x3c, |
393 | 2 | 0x38, 0x67, 0x57, 0x04, 0x04, 0x57, 0x27, 0xf6, |
394 | 2 | 0x34, 0x0e, 0x57, 0x8a, 0x7c, 0xff, 0x7d, 0xca, |
395 | 2 | 0x8c, 0x06, 0xf8, 0x9d, 0xdb, 0xe4, 0xd8, 0x19, |
396 | 2 | 0xdd, 0x4d, 0xfd, 0x8f, 0xa0, 0x06, 0x53, 0xe8, |
397 | 2 | 0x33, 0x00, 0x70, 0x3f, 0x6b, 0xc3, 0xbd, 0x9a, |
398 | 2 | 0x78, 0xb5, 0xa9, 0xef, 0x6d, 0xda, 0x67, 0x92 |
399 | 2 | }; |
400 | | |
401 | | /* RSA Known Signed Hash (2048-bits). */ |
402 | 2 | static const PRUint8 rsa_known_sha384_signature[] = { |
403 | 2 | 0x20, 0x2d, 0x21, 0x3a, 0xaa, 0x1e, 0x05, 0x15, |
404 | 2 | 0x5c, 0xca, 0x84, 0x86, 0xc0, 0x15, 0x81, 0xdf, |
405 | 2 | 0xd4, 0x06, 0x9f, 0xe0, 0xc1, 0xed, 0xef, 0x0f, |
406 | 2 | 0xfe, 0xb3, 0xc3, 0xbb, 0x28, 0xa5, 0x56, 0xbf, |
407 | 2 | 0xe3, 0x11, 0x5c, 0xc2, 0xc0, 0x0b, 0xfa, 0xfa, |
408 | 2 | 0x3d, 0xd3, 0x06, 0x20, 0xe2, 0xc9, 0xe4, 0x66, |
409 | 2 | 0x28, 0xb7, 0xc0, 0x3b, 0x3c, 0x96, 0xc6, 0x49, |
410 | 2 | 0x3b, 0xcf, 0x86, 0x49, 0x31, 0xaf, 0x5b, 0xa3, |
411 | 2 | 0xec, 0x63, 0x10, 0xdf, 0xda, 0x2f, 0x68, 0xac, |
412 | 2 | 0x7b, 0x3a, 0x49, 0xfa, 0xe6, 0x0d, 0xfe, 0x37, |
413 | 2 | 0x17, 0x56, 0x8e, 0x5c, 0x48, 0x97, 0x43, 0xf7, |
414 | 2 | 0xa0, 0xbc, 0xe3, 0x4b, 0x42, 0xde, 0x58, 0x1d, |
415 | 2 | 0xd9, 0x5d, 0xb3, 0x08, 0x35, 0xbd, 0xa4, 0xe1, |
416 | 2 | 0x80, 0xc3, 0x64, 0xab, 0x21, 0x97, 0xad, 0xfb, |
417 | 2 | 0x71, 0xee, 0xa3, 0x3d, 0x9c, 0xaa, 0xfa, 0x16, |
418 | 2 | 0x60, 0x46, 0x32, 0xda, 0x44, 0x2e, 0x10, 0x92, |
419 | 2 | 0x20, 0xd8, 0x98, 0x80, 0x84, 0x75, 0x5b, 0x70, |
420 | 2 | 0x91, 0x00, 0x33, 0x19, 0x69, 0xc9, 0x2a, 0xec, |
421 | 2 | 0x3d, 0xe5, 0x5f, 0x0f, 0x9a, 0xa7, 0x97, 0x1f, |
422 | 2 | 0x79, 0xc3, 0x1d, 0x65, 0x74, 0x62, 0xc5, 0xa1, |
423 | 2 | 0x23, 0x65, 0x4b, 0x84, 0xa1, 0x03, 0x98, 0xf3, |
424 | 2 | 0xf1, 0x02, 0x24, 0xca, 0xe5, 0xd4, 0xc8, 0xa2, |
425 | 2 | 0x30, 0xad, 0x72, 0x7d, 0x29, 0x60, 0x1a, 0x8e, |
426 | 2 | 0x6f, 0x23, 0xa4, 0xda, 0x68, 0xa4, 0x45, 0x9c, |
427 | 2 | 0x39, 0x70, 0x44, 0x18, 0x4b, 0x73, 0xfe, 0xf8, |
428 | 2 | 0x33, 0x53, 0x1d, 0x7e, 0x93, 0x93, 0xac, 0xc7, |
429 | 2 | 0x1e, 0x6e, 0x6b, 0xfd, 0x9e, 0xba, 0xa6, 0x71, |
430 | 2 | 0x70, 0x47, 0x6a, 0xd6, 0x82, 0x32, 0xa2, 0x6e, |
431 | 2 | 0x20, 0x72, 0xb0, 0xba, 0xec, 0x91, 0xbb, 0x6b, |
432 | 2 | 0xcc, 0x84, 0x0a, 0x33, 0x2b, 0x8a, 0x8d, 0xeb, |
433 | 2 | 0x71, 0xcd, 0xca, 0x67, 0x1b, 0xad, 0x10, 0xd4, |
434 | 2 | 0xce, 0x4f, 0xc0, 0x29, 0xec, 0xfa, 0xed, 0xfa |
435 | 2 | }; |
436 | | |
437 | | /* RSA Known Signed Hash (2048-bits). */ |
438 | 2 | static const PRUint8 rsa_known_sha512_signature[] = { |
439 | 2 | 0x35, 0x0e, 0x74, 0x9d, 0xeb, 0xc7, 0x67, 0x31, |
440 | 2 | 0x9f, 0xff, 0x0b, 0xbb, 0x5e, 0x66, 0xb4, 0x2f, |
441 | 2 | 0xbf, 0x72, 0x60, 0x4f, 0xe9, 0xbd, 0xec, 0xc8, |
442 | 2 | 0x17, 0x79, 0x5f, 0x39, 0x83, 0xb4, 0x54, 0x2e, |
443 | 2 | 0x01, 0xb9, 0xd3, 0x20, 0x47, 0xcb, 0xd4, 0x42, |
444 | 2 | 0xf2, 0x6e, 0x36, 0xc1, 0x97, 0xad, 0xef, 0x8e, |
445 | 2 | 0xe6, 0x51, 0xee, 0x5e, 0x9e, 0x88, 0xb4, 0x9d, |
446 | 2 | 0xda, 0x3e, 0x77, 0x4b, 0xe8, 0xae, 0x48, 0x53, |
447 | 2 | 0x2c, 0xc4, 0xd3, 0x25, 0x6b, 0x23, 0xb7, 0x54, |
448 | 2 | 0x3c, 0x95, 0x8f, 0xfb, 0x6f, 0x6d, 0xc5, 0x56, |
449 | 2 | 0x39, 0x69, 0x28, 0x0e, 0x74, 0x9b, 0x31, 0xe8, |
450 | 2 | 0x76, 0x77, 0x2b, 0xc1, 0x44, 0x89, 0x81, 0x93, |
451 | 2 | 0xfc, 0xf6, 0xec, 0x5f, 0x8f, 0x89, 0xfc, 0x1d, |
452 | 2 | 0xa4, 0x53, 0x58, 0x8c, 0xe9, 0xc0, 0xc0, 0x26, |
453 | 2 | 0xe6, 0xdf, 0x6d, 0x27, 0xb1, 0x8e, 0x3e, 0xb6, |
454 | 2 | 0x47, 0xe1, 0x02, 0x96, 0xc2, 0x5f, 0x7f, 0x3d, |
455 | 2 | 0xc5, 0x6c, 0x2f, 0xea, 0xaa, 0x5e, 0x39, 0xfc, |
456 | 2 | 0x77, 0xca, 0x00, 0x02, 0x5c, 0x64, 0x7c, 0xce, |
457 | 2 | 0x7d, 0x63, 0x82, 0x05, 0xed, 0xf7, 0x5b, 0x55, |
458 | 2 | 0x58, 0xc0, 0xeb, 0x76, 0xd7, 0x95, 0x55, 0x37, |
459 | 2 | 0x85, 0x7d, 0x17, 0xad, 0xd2, 0x11, 0xfd, 0x97, |
460 | 2 | 0x48, 0xb5, 0xc2, 0x5e, 0xc7, 0x62, 0xc0, 0xe0, |
461 | 2 | 0x68, 0xa8, 0x61, 0x14, 0x41, 0xca, 0x25, 0x3a, |
462 | 2 | 0xec, 0x48, 0x54, 0x22, 0x83, 0x2b, 0x69, 0x54, |
463 | 2 | 0xfd, 0xc8, 0x99, 0x9a, 0xee, 0x37, 0x03, 0xa3, |
464 | 2 | 0x8f, 0x0f, 0x32, 0xb0, 0xaa, 0x74, 0x39, 0x04, |
465 | 2 | 0x7c, 0xd9, 0xc2, 0x8f, 0xbe, 0xf2, 0xc4, 0xbe, |
466 | 2 | 0xdd, 0x7a, 0x7a, 0x7f, 0x72, 0xd3, 0x80, 0x59, |
467 | 2 | 0x18, 0xa0, 0xa1, 0x2d, 0x6f, 0xa3, 0xa9, 0x48, |
468 | 2 | 0xed, 0x20, 0xa6, 0xea, 0xaa, 0x10, 0x83, 0x98, |
469 | 2 | 0x0c, 0x13, 0x69, 0x6e, 0xcd, 0x31, 0x6b, 0xd0, |
470 | 2 | 0x66, 0xa6, 0x5e, 0x30, 0x0c, 0x82, 0xd5, 0x81 |
471 | 2 | }; |
472 | | |
473 | 2 | static const RSAPublicKey bl_public_key = { |
474 | 2 | NULL, |
475 | 2 | { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus, |
476 | 2 | FIPS_RSA_MODULUS_LENGTH }, |
477 | 2 | { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent, |
478 | 2 | FIPS_RSA_PUBLIC_EXPONENT_LENGTH } |
479 | 2 | }; |
480 | 2 | static const RSAPrivateKey bl_private_key = { |
481 | 2 | NULL, |
482 | 2 | { FIPS_RSA_TYPE, (unsigned char *)rsa_version, |
483 | 2 | FIPS_RSA_PRIVATE_VERSION_LENGTH }, |
484 | 2 | { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus, |
485 | 2 | FIPS_RSA_MODULUS_LENGTH }, |
486 | 2 | { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent, |
487 | 2 | FIPS_RSA_PUBLIC_EXPONENT_LENGTH }, |
488 | 2 | { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent, |
489 | 2 | FIPS_RSA_PRIVATE_EXPONENT_LENGTH }, |
490 | 2 | { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0, |
491 | 2 | FIPS_RSA_PRIME0_LENGTH }, |
492 | 2 | { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1, |
493 | 2 | FIPS_RSA_PRIME1_LENGTH }, |
494 | 2 | { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0, |
495 | 2 | FIPS_RSA_EXPONENT0_LENGTH }, |
496 | 2 | { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1, |
497 | 2 | FIPS_RSA_EXPONENT1_LENGTH }, |
498 | 2 | { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient, |
499 | 2 | FIPS_RSA_COEFFICIENT_LENGTH } |
500 | 2 | }; |
501 | | |
502 | | /* RSA variables. */ |
503 | | #ifdef CREATE_TEMP_ARENAS |
504 | | PLArenaPool *rsa_public_arena; |
505 | | PLArenaPool *rsa_private_arena; |
506 | | #endif |
507 | 2 | NSSLOWKEYPublicKey *rsa_public_key; |
508 | 2 | NSSLOWKEYPrivateKey *rsa_private_key; |
509 | 2 | SECStatus rsa_status; |
510 | | |
511 | 2 | NSSLOWKEYPublicKey low_public_key = { NULL, NSSLOWKEYRSAKey }; |
512 | 2 | NSSLOWKEYPrivateKey low_private_key = { NULL, NSSLOWKEYRSAKey }; |
513 | | |
514 | | /****************************************/ |
515 | | /* Compose RSA Public/Private Key Pair. */ |
516 | | /****************************************/ |
517 | | |
518 | 2 | low_public_key.u.rsa = bl_public_key; |
519 | 2 | low_private_key.u.rsa = bl_private_key; |
520 | | |
521 | 2 | rsa_public_key = &low_public_key; |
522 | 2 | rsa_private_key = &low_private_key; |
523 | | |
524 | | #ifdef CREATE_TEMP_ARENAS |
525 | | /* Create some space for the RSA public key. */ |
526 | | rsa_public_arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE); |
527 | | |
528 | | if (rsa_public_arena == NULL) { |
529 | | PORT_SetError(SEC_ERROR_NO_MEMORY); |
530 | | return (SECFailure); |
531 | | } |
532 | | |
533 | | /* Create some space for the RSA private key. */ |
534 | | rsa_private_arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE); |
535 | | |
536 | | if (rsa_private_arena == NULL) { |
537 | | PORT_FreeArena(rsa_public_arena, PR_TRUE); |
538 | | PORT_SetError(SEC_ERROR_NO_MEMORY); |
539 | | return (SECFailure); |
540 | | } |
541 | | |
542 | | rsa_public_key->arena = rsa_public_arena; |
543 | | rsa_private_key->arena = rsa_private_arena; |
544 | | #endif |
545 | | |
546 | | /**************************************************/ |
547 | | /* RSA Hash tests */ |
548 | | /**************************************************/ |
549 | | |
550 | 2 | rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA256, |
551 | 2 | rsa_public_key, rsa_private_key, |
552 | 2 | rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, |
553 | 2 | rsa_known_sha256_signature); |
554 | 2 | if (rsa_status != SECSuccess) |
555 | 0 | goto rsa_loser; |
556 | | |
557 | 2 | rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA384, |
558 | 2 | rsa_public_key, rsa_private_key, |
559 | 2 | rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, |
560 | 2 | rsa_known_sha384_signature); |
561 | 2 | if (rsa_status != SECSuccess) |
562 | 0 | goto rsa_loser; |
563 | | |
564 | 2 | rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA512, |
565 | 2 | rsa_public_key, rsa_private_key, |
566 | 2 | rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, |
567 | 2 | rsa_known_sha512_signature); |
568 | 2 | if (rsa_status != SECSuccess) |
569 | 0 | goto rsa_loser; |
570 | | |
571 | | /* Dispose of all RSA key material. */ |
572 | 2 | nsslowkey_DestroyPublicKey(rsa_public_key); |
573 | 2 | nsslowkey_DestroyPrivateKey(rsa_private_key); |
574 | | |
575 | 2 | return (SECSuccess); |
576 | | |
577 | 0 | rsa_loser: |
578 | |
|
579 | 0 | nsslowkey_DestroyPublicKey(rsa_public_key); |
580 | 0 | nsslowkey_DestroyPrivateKey(rsa_private_key); |
581 | |
|
582 | 0 | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
583 | 0 | return (SECFailure); |
584 | 2 | } |
585 | | |
586 | | static SECStatus |
587 | | sftk_fips_HKDF_PowerUpSelfTest(void) |
588 | 0 | { |
589 | 0 | SECStatus status; |
590 | 0 | static const unsigned char base_key[] = { |
591 | 0 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
592 | 0 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, |
593 | 0 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, |
594 | 0 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, |
595 | 0 | 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, |
596 | 0 | 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, |
597 | 0 | 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, |
598 | 0 | 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f |
599 | 0 | }; |
600 | 0 | static const unsigned char known_hkdf_sha256_key[] = { |
601 | 0 | 0xdd, 0xdb, 0xeb, 0xe5, 0x6d, 0xd2, 0x96, 0xa4, |
602 | 0 | 0x07, 0xc5, 0x7d, 0xda, 0x31, 0x56, 0x8d, 0xa5, |
603 | 0 | 0x41, 0x3e, 0x90, 0xd4, 0xe6, 0x98, 0xeb, 0xf8, |
604 | 0 | 0x5a, 0x49, 0x7f, 0x38, 0xef, 0x01, 0x8a, 0xe5, |
605 | 0 | 0xda, 0x36, 0xe5, 0xcf, 0x21, 0xe3, 0x9f, 0xc3, |
606 | 0 | 0x32, 0xb3, 0x1e, 0xf6, 0xc5, 0x10, 0x4c, 0x86, |
607 | 0 | 0x53, 0x5e, 0x6f, 0xe0, 0x63, 0x6e, 0x43, 0x33, |
608 | 0 | 0x61, 0x35, 0xf4, 0x17, 0x10, 0x77, 0x75, 0x2a |
609 | 0 | }; |
610 | | /* current NIST IG's say we only need to test one instance |
611 | | * of kdfs, keep these others around in case the guidance |
612 | | * changes */ |
613 | | #ifdef NSS_FULL_POST |
614 | | static const unsigned char known_hkdf_sha384_key[] = { |
615 | | 0x35, 0x64, 0xc4, 0xa1, 0xcc, 0xc1, 0xdc, 0xe4, |
616 | | 0xe2, 0xca, 0x51, 0xae, 0xe8, 0x92, 0x88, 0x30, |
617 | | 0x8b, 0xb0, 0x2b, 0xac, 0x00, 0x15, 0xac, 0x15, |
618 | | 0x97, 0xc9, 0xf4, 0x6b, 0xf6, 0x3f, 0x97, 0xea, |
619 | | 0x48, 0x55, 0x38, 0x25, 0x06, 0x5d, 0x91, 0x64, |
620 | | 0xbd, 0x09, 0xf3, 0x44, 0xbc, 0x82, 0xbe, 0xdb, |
621 | | 0x5c, 0xd7, 0xf2, 0x24, 0xa5, 0x55, 0x8d, 0xa9, |
622 | | 0xa8, 0x85, 0xde, 0x8c, 0x33, 0xe0, 0x4d, 0xc3 |
623 | | }; |
624 | | static const unsigned char known_hkdf_sha512_key[] = { |
625 | | 0x63, 0x4e, 0xbc, 0x42, 0xb3, 0x56, 0x74, 0x7d, |
626 | | 0x1b, 0x55, 0xf0, 0x34, 0x54, 0xcb, 0x6d, 0x58, |
627 | | 0x39, 0x96, 0x10, 0xda, 0x03, 0x20, 0x8f, 0x77, |
628 | | 0x0d, 0xb4, 0xf7, 0xf6, 0x67, 0x0d, 0x5b, 0x6b, |
629 | | 0xd0, 0x30, 0xc4, 0xdd, 0x67, 0x61, 0x5d, 0x9a, |
630 | | 0xf5, 0x18, 0x6e, 0x1b, 0x60, 0x97, 0xc2, 0x4d, |
631 | | 0x23, 0x43, 0x69, 0xe6, 0x3b, 0xa5, 0xdf, 0xe9, |
632 | | 0x7c, 0xf1, 0x87, 0x48, 0x6f, 0xb9, 0xd3, 0x02 |
633 | | }; |
634 | | #endif |
635 | 0 | unsigned char outBytes[64] = { 0 }; |
636 | |
|
637 | 0 | CK_HKDF_PARAMS hkdf_params; |
638 | |
|
639 | 0 | hkdf_params.bExpand = CK_TRUE; |
640 | 0 | hkdf_params.bExtract = CK_TRUE; |
641 | 0 | hkdf_params.ulSaltType = CKF_HKDF_SALT_DATA; |
642 | 0 | hkdf_params.pSalt = (CK_BYTE_PTR)base_key; |
643 | 0 | hkdf_params.ulSaltLen = sizeof(base_key); |
644 | 0 | hkdf_params.pInfo = (CK_BYTE_PTR)base_key; |
645 | 0 | hkdf_params.ulInfoLen = sizeof(base_key); |
646 | | |
647 | | /**************************************************/ |
648 | | /* HKDF tests */ |
649 | | /**************************************************/ |
650 | |
|
651 | 0 | hkdf_params.prfHashMechanism = CKM_SHA256_HMAC; |
652 | 0 | status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL, |
653 | 0 | base_key, 32, NULL, outBytes, sizeof(outBytes), |
654 | 0 | PR_TRUE, PR_TRUE); |
655 | 0 | if ((status != SECSuccess) || |
656 | 0 | PORT_Memcmp(outBytes, known_hkdf_sha256_key, sizeof(outBytes)) != 0) { |
657 | 0 | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
658 | 0 | return (SECFailure); |
659 | 0 | } |
660 | | |
661 | | #ifdef NSS_FULL_POST |
662 | | hkdf_params.prfHashMechanism = CKM_SHA384_HMAC; |
663 | | status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL, |
664 | | base_key, 48, NULL, outBytes, sizeof(outBytes), |
665 | | PR_TRUE, PR_TRUE); |
666 | | if ((status != SECSuccess) || |
667 | | PORT_Memcmp(outBytes, known_hkdf_sha384_key, sizeof(outBytes)) != 0) { |
668 | | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
669 | | return (SECFailure); |
670 | | } |
671 | | |
672 | | hkdf_params.prfHashMechanism = CKM_SHA512_HMAC; |
673 | | status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL, |
674 | | base_key, 64, NULL, outBytes, sizeof(outBytes), |
675 | | PR_TRUE, PR_TRUE); |
676 | | if ((status != SECSuccess) || |
677 | | PORT_Memcmp(outBytes, known_hkdf_sha512_key, sizeof(outBytes)) != 0) { |
678 | | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
679 | | return (SECFailure); |
680 | | } |
681 | | #endif |
682 | | |
683 | 0 | return (SECSuccess); |
684 | 0 | } |
685 | | |
686 | | static PRBool sftk_self_tests_ran = PR_FALSE; |
687 | | static PRBool sftk_self_tests_success = PR_FALSE; |
688 | | |
689 | | /* |
690 | | * This function is called at dll load time, the code tha makes this |
691 | | * happen is platform specific on defined above. |
692 | | */ |
693 | | void |
694 | | sftk_startup_tests_with_rerun(PRBool rerun) |
695 | 2 | { |
696 | 2 | SECStatus rv; |
697 | 2 | const char *libraryName = rerun ? BLAPI_FIPS_RERUN_FLAG_STRING SOFTOKEN_LIB_NAME : SOFTOKEN_LIB_NAME; |
698 | | |
699 | 2 | PORT_Assert(!sftk_self_tests_ran); |
700 | 2 | PORT_Assert(!sftk_self_tests_success); |
701 | 2 | sftk_self_tests_ran = PR_TRUE; |
702 | 2 | sftk_self_tests_success = PR_FALSE; /* just in case */ |
703 | | |
704 | | /* need to initiallize the oid library before the RSA tests */ |
705 | 2 | rv = SECOID_Init(); |
706 | 2 | if (rv != SECSuccess) { |
707 | 0 | return; |
708 | 0 | } |
709 | | /* make sure freebl is initialized, or our RSA check |
710 | | * may fail. This is normally done at freebl load time, but it's |
711 | | * possible we may have shut freebl down without unloading it. */ |
712 | 2 | rv = BL_Init(); |
713 | 2 | if (rv != SECSuccess) { |
714 | 0 | return; |
715 | 0 | } |
716 | | |
717 | 2 | rv = RNG_RNGInit(); |
718 | 2 | if (rv != SECSuccess) { |
719 | 0 | return; |
720 | 0 | } |
721 | | /* check the RSA combined functions in softoken */ |
722 | 2 | rv = sftk_fips_RSA_PowerUpSelfTest(); |
723 | 2 | if (rv != SECSuccess) { |
724 | 0 | return; |
725 | 0 | } |
726 | 2 | if (!BLAPI_SHVerify(libraryName, |
727 | 2 | (PRFuncPtr)&sftk_fips_RSA_PowerUpSelfTest)) { |
728 | | /* something is wrong with the library, fail without enabling |
729 | | * the token */ |
730 | 2 | return; |
731 | 2 | } |
732 | 0 | rv = sftk_fips_IKE_PowerUpSelfTests(); |
733 | 0 | if (rv != SECSuccess) { |
734 | 0 | return; |
735 | 0 | } |
736 | | |
737 | 0 | rv = sftk_fips_SP800_108_PowerUpSelfTests(); |
738 | 0 | if (rv != SECSuccess) { |
739 | 0 | return; |
740 | 0 | } |
741 | | |
742 | 0 | rv = sftk_fips_HKDF_PowerUpSelfTest(); |
743 | 0 | if (rv != SECSuccess) { |
744 | 0 | return; |
745 | 0 | } |
746 | | |
747 | 0 | rv = sftk_fips_pbkdf_PowerUpSelfTests(); |
748 | 0 | if (rv != SECSuccess) { |
749 | 0 | return; |
750 | 0 | } |
751 | | |
752 | 0 | sftk_self_tests_success = PR_TRUE; |
753 | 0 | } |
754 | | |
755 | | static void |
756 | | sftk_startup_tests(void) |
757 | 2 | { |
758 | 2 | sftk_startup_tests_with_rerun(PR_FALSE); |
759 | 2 | } |
760 | | |
761 | | /* |
762 | | * this is called from nsc_Common_Initizialize entry points that gates access |
763 | | * to * all other pkcs11 functions. This prevents softoken operation if our |
764 | | * power on selftest failed. |
765 | | */ |
766 | | CK_RV |
767 | | sftk_FIPSEntryOK(PRBool rerun) |
768 | 0 | { |
769 | | #ifdef NSS_NO_INIT_SUPPORT |
770 | | /* this should only be set on platforms that can't handle one of the INIT |
771 | | * schemes. This code allows those platforms to continue to function, |
772 | | * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT |
773 | | * is not set, and init support has not been properly enabled, softken |
774 | | * will always fail because of the test below |
775 | | */ |
776 | | if (!sftk_self_tests_ran) { |
777 | | sftk_startup_tests(); |
778 | | } |
779 | | #endif |
780 | 0 | if (rerun) { |
781 | 0 | sftk_self_tests_ran = PR_FALSE; |
782 | 0 | sftk_self_tests_success = PR_FALSE; |
783 | 0 | sftk_startup_tests_with_rerun(PR_TRUE); |
784 | 0 | } |
785 | 0 | if (!sftk_self_tests_success) { |
786 | 0 | return CKR_DEVICE_ERROR; |
787 | 0 | } |
788 | 0 | return CKR_OK; |
789 | 0 | } |
790 | | #else |
791 | | #include "pkcs11t.h" |
792 | | CK_RV |
793 | | sftk_FIPSEntryOK() |
794 | | { |
795 | | return CKR_DEVICE_ERROR; |
796 | | } |
797 | | #endif /* NSS_FIPS_DISABLED */ |