Coverage Report

Created: 2024-11-21 07:03

/src/nss-nspr/nss/lib/softoken/fipstest.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * PKCS #11 FIPS Power-Up Self Test.
3
 *
4
 * This Source Code Form is subject to the terms of the Mozilla Public
5
 * License, v. 2.0. If a copy of the MPL was not distributed with this
6
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
8
#ifndef NSS_FIPS_DISABLED
9
#include "seccomon.h"
10
#include "blapi.h"
11
#include "softoken.h"
12
#include "lowkeyi.h"
13
#include "secoid.h"
14
#include "secerr.h"
15
#include "pkcs11i.h"
16
#include "lowpbe.h"
17
18
/*
19
 * different platforms have different ways of calling and initial entry point
20
 * when the dll/.so is loaded. Most platforms support either a posix pragma
21
 * or the GCC attribute. Some platforms suppor a pre-defined name, and some
22
 * platforms have a link line way of invoking this function.
23
 */
24
25
/* The pragma */
26
#if defined(USE_INIT_PRAGMA)
27
#pragma init(sftk_startup_tests)
28
#endif
29
30
/* GCC Attribute */
31
#if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT)
32
#define INIT_FUNCTION __attribute__((constructor))
33
#else
34
#define INIT_FUNCTION
35
#endif
36
37
static void INIT_FUNCTION sftk_startup_tests(void);
38
39
/* Windows pre-defined entry */
40
#if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT)
41
#include <windows.h>
42
43
BOOL WINAPI
44
DllMain(
45
    HINSTANCE hinstDLL, // handle to DLL module
46
    DWORD fdwReason,    // reason for calling function
47
    LPVOID lpReserved)  // reserved
48
{
49
    // Perform actions based on the reason for calling.
50
    switch (fdwReason) {
51
        case DLL_PROCESS_ATTACH:
52
            // Initialize once for each new process.
53
            // Return FALSE to fail DLL load.
54
            sftk_startup_tests();
55
            break;
56
57
        case DLL_THREAD_ATTACH:
58
            // Do thread-specific initialization.
59
            break;
60
61
        case DLL_THREAD_DETACH:
62
            // Do thread-specific cleanup.
63
            break;
64
65
        case DLL_PROCESS_DETACH:
66
            // Perform any necessary cleanup.
67
            break;
68
    }
69
    return TRUE; // Successful DLL_PROCESS_ATTACH.
70
}
71
#endif
72
73
/* FIPS preprocessor directives for RSA.                         */
74
22
#define FIPS_RSA_TYPE siBuffer
75
4
#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3    /*   24-bits */
76
2
#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1    /*    8-bits */
77
6
#define FIPS_RSA_MESSAGE_LENGTH 256          /* 2048-bits */
78
2
#define FIPS_RSA_COEFFICIENT_LENGTH 128      /* 1024-bits */
79
2
#define FIPS_RSA_PRIME0_LENGTH 128           /* 1024-bits */
80
2
#define FIPS_RSA_PRIME1_LENGTH 128           /* 1024-bits */
81
2
#define FIPS_RSA_EXPONENT0_LENGTH 128        /* 1024-bits */
82
2
#define FIPS_RSA_EXPONENT1_LENGTH 128        /* 1024-bits */
83
2
#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */
84
#define FIPS_RSA_ENCRYPT_LENGTH 256          /* 2048-bits */
85
#define FIPS_RSA_DECRYPT_LENGTH 256          /* 2048-bits */
86
18
#define FIPS_RSA_SIGNATURE_LENGTH 256        /* 2048-bits */
87
4
#define FIPS_RSA_MODULUS_LENGTH 256          /* 2048-bits */
88
89
/*
90
 * Test the softoken RSA_HashSign and RSH_HashCheckSign.
91
 */
92
static SECStatus
93
sftk_fips_RSA_PowerUpSigSelfTest(HASH_HashType shaAlg,
94
                                 NSSLOWKEYPublicKey *rsa_public_key,
95
                                 NSSLOWKEYPrivateKey *rsa_private_key,
96
                                 const unsigned char *rsa_known_msg,
97
                                 const unsigned int rsa_kmsg_length,
98
                                 const unsigned char *rsa_known_signature)
99
6
{
100
6
    SECOidTag shaOid;                   /* SHA OID */
101
6
    unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
102
6
    unsigned int shaLength = 0;         /* length of SHA */
103
6
    unsigned int rsa_bytes_signed;
104
6
    unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
105
6
    SECStatus rv;
106
107
6
    if (shaAlg == HASH_AlgSHA1) {
108
0
        if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
109
0
            goto loser;
110
0
        }
111
0
        shaLength = SHA1_LENGTH;
112
0
        shaOid = SEC_OID_SHA1;
113
6
    } else if (shaAlg == HASH_AlgSHA256) {
114
2
        if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
115
0
            goto loser;
116
0
        }
117
2
        shaLength = SHA256_LENGTH;
118
2
        shaOid = SEC_OID_SHA256;
119
4
    } else if (shaAlg == HASH_AlgSHA384) {
120
2
        if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
121
0
            goto loser;
122
0
        }
123
2
        shaLength = SHA384_LENGTH;
124
2
        shaOid = SEC_OID_SHA384;
125
2
    } else if (shaAlg == HASH_AlgSHA512) {
126
2
        if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
127
0
            goto loser;
128
0
        }
129
2
        shaLength = SHA512_LENGTH;
130
2
        shaOid = SEC_OID_SHA512;
131
2
    } else {
132
0
        goto loser;
133
0
    }
134
135
    /*************************************************/
136
    /* RSA Single-Round Known Answer Signature Test. */
137
    /*************************************************/
138
139
    /* Perform RSA signature with the RSA private key. */
140
6
    rv = RSA_HashSign(shaOid,
141
6
                      rsa_private_key,
142
6
                      rsa_computed_signature,
143
6
                      &rsa_bytes_signed,
144
6
                      FIPS_RSA_SIGNATURE_LENGTH,
145
6
                      sha,
146
6
                      shaLength);
147
148
6
    if ((rv != SECSuccess) ||
149
6
        (rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH) ||
150
6
        (PORT_Memcmp(rsa_computed_signature, rsa_known_signature,
151
6
                     FIPS_RSA_SIGNATURE_LENGTH) != 0)) {
152
0
        goto loser;
153
0
    }
154
155
    /****************************************************/
156
    /* RSA Single-Round Known Answer Verification Test. */
157
    /****************************************************/
158
159
    /* Perform RSA verification with the RSA public key. */
160
6
    rv = RSA_HashCheckSign(shaOid,
161
6
                           rsa_public_key,
162
6
                           rsa_computed_signature,
163
6
                           rsa_bytes_signed,
164
6
                           sha,
165
6
                           shaLength);
166
167
6
    if (rv != SECSuccess) {
168
0
        goto loser;
169
0
    }
170
6
    return (SECSuccess);
171
172
0
loser:
173
174
0
    return (SECFailure);
175
6
}
176
177
static SECStatus
178
sftk_fips_RSA_PowerUpSelfTest(void)
179
2
{
180
    /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */
181
2
    static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
182
2
        0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
183
2
        0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
184
2
        0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
185
2
        0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
186
2
        0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
187
2
        0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
188
2
        0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
189
2
        0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
190
2
        0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
191
2
        0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
192
2
        0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
193
2
        0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
194
2
        0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
195
2
        0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
196
2
        0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
197
2
        0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
198
2
        0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
199
2
        0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
200
2
        0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
201
2
        0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
202
2
        0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
203
2
        0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
204
2
        0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
205
2
        0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
206
2
        0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
207
2
        0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
208
2
        0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
209
2
        0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
210
2
        0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
211
2
        0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
212
2
        0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
213
2
        0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b
214
2
    };
215
216
    /* RSA Known Public Key Values (24-bits). */
217
2
    static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] = { 0x01, 0x00, 0x01 };
218
    /* RSA Known Private Key Values (version                 is    8-bits), */
219
    /*                              (private exponent        is 2048-bits), */
220
    /*                              (private prime0          is 1024-bits), */
221
    /*                              (private prime1          is 1024-bits), */
222
    /*                              (private prime exponent0 is 1024-bits), */
223
    /*                              (private prime exponent1 is 1024-bits), */
224
    /*                          and (private coefficient     is 1024-bits). */
225
2
    static const PRUint8 rsa_version[] = { 0x00 };
226
227
2
    static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] = {
228
2
        0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
229
2
        0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
230
2
        0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
231
2
        0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
232
2
        0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
233
2
        0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
234
2
        0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
235
2
        0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
236
2
        0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
237
2
        0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
238
2
        0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
239
2
        0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
240
2
        0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
241
2
        0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
242
2
        0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
243
2
        0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
244
2
        0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
245
2
        0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
246
2
        0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
247
2
        0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
248
2
        0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
249
2
        0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
250
2
        0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
251
2
        0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
252
2
        0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
253
2
        0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
254
2
        0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
255
2
        0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
256
2
        0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
257
2
        0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
258
2
        0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
259
2
        0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81
260
2
    };
261
262
2
    static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
263
2
        0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
264
2
        0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
265
2
        0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
266
2
        0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
267
2
        0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
268
2
        0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
269
2
        0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
270
2
        0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
271
2
        0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
272
2
        0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
273
2
        0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
274
2
        0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
275
2
        0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
276
2
        0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
277
2
        0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
278
2
        0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05
279
2
    };
280
2
    static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
281
2
        0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
282
2
        0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
283
2
        0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
284
2
        0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
285
2
        0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
286
2
        0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
287
2
        0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
288
2
        0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
289
2
        0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
290
2
        0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
291
2
        0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
292
2
        0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
293
2
        0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
294
2
        0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
295
2
        0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
296
2
        0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf
297
2
    };
298
2
    static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
299
2
        0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
300
2
        0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
301
2
        0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
302
2
        0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
303
2
        0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
304
2
        0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
305
2
        0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
306
2
        0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
307
2
        0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
308
2
        0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
309
2
        0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
310
2
        0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
311
2
        0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
312
2
        0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
313
2
        0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
314
2
        0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d
315
2
    };
316
2
    static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
317
2
        0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
318
2
        0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
319
2
        0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
320
2
        0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
321
2
        0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
322
2
        0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
323
2
        0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
324
2
        0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
325
2
        0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
326
2
        0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
327
2
        0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
328
2
        0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
329
2
        0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
330
2
        0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
331
2
        0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
332
2
        0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59
333
2
    };
334
2
    static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
335
2
        0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
336
2
        0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
337
2
        0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
338
2
        0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
339
2
        0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
340
2
        0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
341
2
        0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
342
2
        0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
343
2
        0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
344
2
        0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
345
2
        0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
346
2
        0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
347
2
        0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
348
2
        0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
349
2
        0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
350
2
        0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02
351
2
    };
352
353
    /* RSA Known Plaintext Message (1024-bits). */
354
2
    static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
355
2
        "Known plaintext message utilized"
356
2
        "for RSA Encryption &  Decryption"
357
2
        "blocks SHA256, SHA384  and      "
358
2
        "SHA512 RSA Signature KAT tests. "
359
2
        "Known plaintext message utilized"
360
2
        "for RSA Encryption &  Decryption"
361
2
        "blocks SHA256, SHA384  and      "
362
2
        "SHA512 RSA Signature KAT  tests."
363
2
    };
364
365
    /* RSA Known Signed Hash (2048-bits). */
366
2
    static const PRUint8 rsa_known_sha256_signature[] = {
367
2
        0x8c, 0x2d, 0x2e, 0xfb, 0x37, 0xb5, 0x6f, 0x38,
368
2
        0x9f, 0x06, 0x5a, 0xf3, 0x8c, 0xa0, 0xd0, 0x7a,
369
2
        0xde, 0xcf, 0xf9, 0x14, 0x95, 0x59, 0xd3, 0x5f,
370
2
        0x51, 0x5d, 0x5d, 0xad, 0xd8, 0x71, 0x33, 0x50,
371
2
        0x1d, 0x03, 0x3b, 0x3a, 0x32, 0x00, 0xb4, 0xde,
372
2
        0x7f, 0xe4, 0xb1, 0xe5, 0x6b, 0x83, 0xf4, 0x80,
373
2
        0x10, 0x3b, 0xb8, 0x8a, 0xdb, 0xe8, 0x0a, 0x42,
374
2
        0x9e, 0x8d, 0xd7, 0xbe, 0xed, 0xde, 0x5a, 0x3d,
375
2
        0xc6, 0xdb, 0xfe, 0x49, 0x6a, 0xe9, 0x1e, 0x75,
376
2
        0x66, 0xf1, 0x3f, 0x9e, 0x3f, 0xff, 0x05, 0x65,
377
2
        0xde, 0xca, 0x62, 0x62, 0xf3, 0xec, 0x53, 0x09,
378
2
        0xa0, 0x37, 0xd5, 0x66, 0x62, 0x72, 0x14, 0xb6,
379
2
        0x51, 0x32, 0x67, 0x50, 0xc1, 0xe1, 0x2f, 0x9e,
380
2
        0x98, 0x4e, 0x53, 0x96, 0x55, 0x4b, 0xc4, 0x92,
381
2
        0xc3, 0xb4, 0x80, 0xf0, 0x35, 0xc9, 0x00, 0x4b,
382
2
        0x5c, 0x85, 0x92, 0xb1, 0xe8, 0x6e, 0xa5, 0x51,
383
2
        0x38, 0x9f, 0xc9, 0x11, 0xb6, 0x14, 0xdf, 0x34,
384
2
        0x64, 0x40, 0x82, 0x82, 0xde, 0x16, 0x69, 0x93,
385
2
        0x89, 0x4e, 0x5c, 0x32, 0xf2, 0x0a, 0x4e, 0x9e,
386
2
        0xbd, 0x63, 0x99, 0x4f, 0xf3, 0x15, 0x90, 0xc2,
387
2
        0xfe, 0x6f, 0xb7, 0xf4, 0xad, 0xd4, 0x8e, 0x0b,
388
2
        0xd2, 0xf5, 0x22, 0xd2, 0x71, 0x65, 0x13, 0xf7,
389
2
        0x82, 0x7b, 0x75, 0xb6, 0xc1, 0xb4, 0x45, 0xbd,
390
2
        0x8f, 0x95, 0xcf, 0x5b, 0x95, 0x32, 0xef, 0x18,
391
2
        0x5f, 0xd3, 0xdf, 0x7e, 0x22, 0xdd, 0x25, 0xeb,
392
2
        0xe1, 0xbf, 0x3b, 0x9a, 0x55, 0x75, 0x4f, 0x3c,
393
2
        0x38, 0x67, 0x57, 0x04, 0x04, 0x57, 0x27, 0xf6,
394
2
        0x34, 0x0e, 0x57, 0x8a, 0x7c, 0xff, 0x7d, 0xca,
395
2
        0x8c, 0x06, 0xf8, 0x9d, 0xdb, 0xe4, 0xd8, 0x19,
396
2
        0xdd, 0x4d, 0xfd, 0x8f, 0xa0, 0x06, 0x53, 0xe8,
397
2
        0x33, 0x00, 0x70, 0x3f, 0x6b, 0xc3, 0xbd, 0x9a,
398
2
        0x78, 0xb5, 0xa9, 0xef, 0x6d, 0xda, 0x67, 0x92
399
2
    };
400
401
    /* RSA Known Signed Hash (2048-bits). */
402
2
    static const PRUint8 rsa_known_sha384_signature[] = {
403
2
        0x20, 0x2d, 0x21, 0x3a, 0xaa, 0x1e, 0x05, 0x15,
404
2
        0x5c, 0xca, 0x84, 0x86, 0xc0, 0x15, 0x81, 0xdf,
405
2
        0xd4, 0x06, 0x9f, 0xe0, 0xc1, 0xed, 0xef, 0x0f,
406
2
        0xfe, 0xb3, 0xc3, 0xbb, 0x28, 0xa5, 0x56, 0xbf,
407
2
        0xe3, 0x11, 0x5c, 0xc2, 0xc0, 0x0b, 0xfa, 0xfa,
408
2
        0x3d, 0xd3, 0x06, 0x20, 0xe2, 0xc9, 0xe4, 0x66,
409
2
        0x28, 0xb7, 0xc0, 0x3b, 0x3c, 0x96, 0xc6, 0x49,
410
2
        0x3b, 0xcf, 0x86, 0x49, 0x31, 0xaf, 0x5b, 0xa3,
411
2
        0xec, 0x63, 0x10, 0xdf, 0xda, 0x2f, 0x68, 0xac,
412
2
        0x7b, 0x3a, 0x49, 0xfa, 0xe6, 0x0d, 0xfe, 0x37,
413
2
        0x17, 0x56, 0x8e, 0x5c, 0x48, 0x97, 0x43, 0xf7,
414
2
        0xa0, 0xbc, 0xe3, 0x4b, 0x42, 0xde, 0x58, 0x1d,
415
2
        0xd9, 0x5d, 0xb3, 0x08, 0x35, 0xbd, 0xa4, 0xe1,
416
2
        0x80, 0xc3, 0x64, 0xab, 0x21, 0x97, 0xad, 0xfb,
417
2
        0x71, 0xee, 0xa3, 0x3d, 0x9c, 0xaa, 0xfa, 0x16,
418
2
        0x60, 0x46, 0x32, 0xda, 0x44, 0x2e, 0x10, 0x92,
419
2
        0x20, 0xd8, 0x98, 0x80, 0x84, 0x75, 0x5b, 0x70,
420
2
        0x91, 0x00, 0x33, 0x19, 0x69, 0xc9, 0x2a, 0xec,
421
2
        0x3d, 0xe5, 0x5f, 0x0f, 0x9a, 0xa7, 0x97, 0x1f,
422
2
        0x79, 0xc3, 0x1d, 0x65, 0x74, 0x62, 0xc5, 0xa1,
423
2
        0x23, 0x65, 0x4b, 0x84, 0xa1, 0x03, 0x98, 0xf3,
424
2
        0xf1, 0x02, 0x24, 0xca, 0xe5, 0xd4, 0xc8, 0xa2,
425
2
        0x30, 0xad, 0x72, 0x7d, 0x29, 0x60, 0x1a, 0x8e,
426
2
        0x6f, 0x23, 0xa4, 0xda, 0x68, 0xa4, 0x45, 0x9c,
427
2
        0x39, 0x70, 0x44, 0x18, 0x4b, 0x73, 0xfe, 0xf8,
428
2
        0x33, 0x53, 0x1d, 0x7e, 0x93, 0x93, 0xac, 0xc7,
429
2
        0x1e, 0x6e, 0x6b, 0xfd, 0x9e, 0xba, 0xa6, 0x71,
430
2
        0x70, 0x47, 0x6a, 0xd6, 0x82, 0x32, 0xa2, 0x6e,
431
2
        0x20, 0x72, 0xb0, 0xba, 0xec, 0x91, 0xbb, 0x6b,
432
2
        0xcc, 0x84, 0x0a, 0x33, 0x2b, 0x8a, 0x8d, 0xeb,
433
2
        0x71, 0xcd, 0xca, 0x67, 0x1b, 0xad, 0x10, 0xd4,
434
2
        0xce, 0x4f, 0xc0, 0x29, 0xec, 0xfa, 0xed, 0xfa
435
2
    };
436
437
    /* RSA Known Signed Hash (2048-bits). */
438
2
    static const PRUint8 rsa_known_sha512_signature[] = {
439
2
        0x35, 0x0e, 0x74, 0x9d, 0xeb, 0xc7, 0x67, 0x31,
440
2
        0x9f, 0xff, 0x0b, 0xbb, 0x5e, 0x66, 0xb4, 0x2f,
441
2
        0xbf, 0x72, 0x60, 0x4f, 0xe9, 0xbd, 0xec, 0xc8,
442
2
        0x17, 0x79, 0x5f, 0x39, 0x83, 0xb4, 0x54, 0x2e,
443
2
        0x01, 0xb9, 0xd3, 0x20, 0x47, 0xcb, 0xd4, 0x42,
444
2
        0xf2, 0x6e, 0x36, 0xc1, 0x97, 0xad, 0xef, 0x8e,
445
2
        0xe6, 0x51, 0xee, 0x5e, 0x9e, 0x88, 0xb4, 0x9d,
446
2
        0xda, 0x3e, 0x77, 0x4b, 0xe8, 0xae, 0x48, 0x53,
447
2
        0x2c, 0xc4, 0xd3, 0x25, 0x6b, 0x23, 0xb7, 0x54,
448
2
        0x3c, 0x95, 0x8f, 0xfb, 0x6f, 0x6d, 0xc5, 0x56,
449
2
        0x39, 0x69, 0x28, 0x0e, 0x74, 0x9b, 0x31, 0xe8,
450
2
        0x76, 0x77, 0x2b, 0xc1, 0x44, 0x89, 0x81, 0x93,
451
2
        0xfc, 0xf6, 0xec, 0x5f, 0x8f, 0x89, 0xfc, 0x1d,
452
2
        0xa4, 0x53, 0x58, 0x8c, 0xe9, 0xc0, 0xc0, 0x26,
453
2
        0xe6, 0xdf, 0x6d, 0x27, 0xb1, 0x8e, 0x3e, 0xb6,
454
2
        0x47, 0xe1, 0x02, 0x96, 0xc2, 0x5f, 0x7f, 0x3d,
455
2
        0xc5, 0x6c, 0x2f, 0xea, 0xaa, 0x5e, 0x39, 0xfc,
456
2
        0x77, 0xca, 0x00, 0x02, 0x5c, 0x64, 0x7c, 0xce,
457
2
        0x7d, 0x63, 0x82, 0x05, 0xed, 0xf7, 0x5b, 0x55,
458
2
        0x58, 0xc0, 0xeb, 0x76, 0xd7, 0x95, 0x55, 0x37,
459
2
        0x85, 0x7d, 0x17, 0xad, 0xd2, 0x11, 0xfd, 0x97,
460
2
        0x48, 0xb5, 0xc2, 0x5e, 0xc7, 0x62, 0xc0, 0xe0,
461
2
        0x68, 0xa8, 0x61, 0x14, 0x41, 0xca, 0x25, 0x3a,
462
2
        0xec, 0x48, 0x54, 0x22, 0x83, 0x2b, 0x69, 0x54,
463
2
        0xfd, 0xc8, 0x99, 0x9a, 0xee, 0x37, 0x03, 0xa3,
464
2
        0x8f, 0x0f, 0x32, 0xb0, 0xaa, 0x74, 0x39, 0x04,
465
2
        0x7c, 0xd9, 0xc2, 0x8f, 0xbe, 0xf2, 0xc4, 0xbe,
466
2
        0xdd, 0x7a, 0x7a, 0x7f, 0x72, 0xd3, 0x80, 0x59,
467
2
        0x18, 0xa0, 0xa1, 0x2d, 0x6f, 0xa3, 0xa9, 0x48,
468
2
        0xed, 0x20, 0xa6, 0xea, 0xaa, 0x10, 0x83, 0x98,
469
2
        0x0c, 0x13, 0x69, 0x6e, 0xcd, 0x31, 0x6b, 0xd0,
470
2
        0x66, 0xa6, 0x5e, 0x30, 0x0c, 0x82, 0xd5, 0x81
471
2
    };
472
473
2
    static const RSAPublicKey bl_public_key = {
474
2
        NULL,
475
2
        { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
476
2
          FIPS_RSA_MODULUS_LENGTH },
477
2
        { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
478
2
          FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
479
2
    };
480
2
    static const RSAPrivateKey bl_private_key = {
481
2
        NULL,
482
2
        { FIPS_RSA_TYPE, (unsigned char *)rsa_version,
483
2
          FIPS_RSA_PRIVATE_VERSION_LENGTH },
484
2
        { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
485
2
          FIPS_RSA_MODULUS_LENGTH },
486
2
        { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
487
2
          FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
488
2
        { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
489
2
          FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
490
2
        { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
491
2
          FIPS_RSA_PRIME0_LENGTH },
492
2
        { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
493
2
          FIPS_RSA_PRIME1_LENGTH },
494
2
        { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
495
2
          FIPS_RSA_EXPONENT0_LENGTH },
496
2
        { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
497
2
          FIPS_RSA_EXPONENT1_LENGTH },
498
2
        { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
499
2
          FIPS_RSA_COEFFICIENT_LENGTH }
500
2
    };
501
502
/* RSA variables. */
503
#ifdef CREATE_TEMP_ARENAS
504
    PLArenaPool *rsa_public_arena;
505
    PLArenaPool *rsa_private_arena;
506
#endif
507
2
    NSSLOWKEYPublicKey *rsa_public_key;
508
2
    NSSLOWKEYPrivateKey *rsa_private_key;
509
2
    SECStatus rsa_status;
510
511
2
    NSSLOWKEYPublicKey low_public_key = { NULL, NSSLOWKEYRSAKey };
512
2
    NSSLOWKEYPrivateKey low_private_key = { NULL, NSSLOWKEYRSAKey };
513
514
    /****************************************/
515
    /* Compose RSA Public/Private Key Pair. */
516
    /****************************************/
517
518
2
    low_public_key.u.rsa = bl_public_key;
519
2
    low_private_key.u.rsa = bl_private_key;
520
521
2
    rsa_public_key = &low_public_key;
522
2
    rsa_private_key = &low_private_key;
523
524
#ifdef CREATE_TEMP_ARENAS
525
    /* Create some space for the RSA public key. */
526
    rsa_public_arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE);
527
528
    if (rsa_public_arena == NULL) {
529
        PORT_SetError(SEC_ERROR_NO_MEMORY);
530
        return (SECFailure);
531
    }
532
533
    /* Create some space for the RSA private key. */
534
    rsa_private_arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE);
535
536
    if (rsa_private_arena == NULL) {
537
        PORT_FreeArena(rsa_public_arena, PR_TRUE);
538
        PORT_SetError(SEC_ERROR_NO_MEMORY);
539
        return (SECFailure);
540
    }
541
542
    rsa_public_key->arena = rsa_public_arena;
543
    rsa_private_key->arena = rsa_private_arena;
544
#endif
545
546
    /**************************************************/
547
    /* RSA Hash tests                                 */
548
    /**************************************************/
549
550
2
    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA256,
551
2
                                                  rsa_public_key, rsa_private_key,
552
2
                                                  rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
553
2
                                                  rsa_known_sha256_signature);
554
2
    if (rsa_status != SECSuccess)
555
0
        goto rsa_loser;
556
557
2
    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA384,
558
2
                                                  rsa_public_key, rsa_private_key,
559
2
                                                  rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
560
2
                                                  rsa_known_sha384_signature);
561
2
    if (rsa_status != SECSuccess)
562
0
        goto rsa_loser;
563
564
2
    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA512,
565
2
                                                  rsa_public_key, rsa_private_key,
566
2
                                                  rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
567
2
                                                  rsa_known_sha512_signature);
568
2
    if (rsa_status != SECSuccess)
569
0
        goto rsa_loser;
570
571
    /* Dispose of all RSA key material. */
572
2
    nsslowkey_DestroyPublicKey(rsa_public_key);
573
2
    nsslowkey_DestroyPrivateKey(rsa_private_key);
574
575
2
    return (SECSuccess);
576
577
0
rsa_loser:
578
579
0
    nsslowkey_DestroyPublicKey(rsa_public_key);
580
0
    nsslowkey_DestroyPrivateKey(rsa_private_key);
581
582
0
    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
583
0
    return (SECFailure);
584
2
}
585
586
static SECStatus
587
sftk_fips_HKDF_PowerUpSelfTest(void)
588
0
{
589
0
    SECStatus status;
590
0
    static const unsigned char base_key[] = {
591
0
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
592
0
        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
593
0
        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
594
0
        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
595
0
        0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
596
0
        0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
597
0
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
598
0
        0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f
599
0
    };
600
0
    static const unsigned char known_hkdf_sha256_key[] = {
601
0
        0xdd, 0xdb, 0xeb, 0xe5, 0x6d, 0xd2, 0x96, 0xa4,
602
0
        0x07, 0xc5, 0x7d, 0xda, 0x31, 0x56, 0x8d, 0xa5,
603
0
        0x41, 0x3e, 0x90, 0xd4, 0xe6, 0x98, 0xeb, 0xf8,
604
0
        0x5a, 0x49, 0x7f, 0x38, 0xef, 0x01, 0x8a, 0xe5,
605
0
        0xda, 0x36, 0xe5, 0xcf, 0x21, 0xe3, 0x9f, 0xc3,
606
0
        0x32, 0xb3, 0x1e, 0xf6, 0xc5, 0x10, 0x4c, 0x86,
607
0
        0x53, 0x5e, 0x6f, 0xe0, 0x63, 0x6e, 0x43, 0x33,
608
0
        0x61, 0x35, 0xf4, 0x17, 0x10, 0x77, 0x75, 0x2a
609
0
    };
610
/* current NIST IG's say we only need to test one instance
611
 * of kdfs, keep these others around in case the guidance
612
 * changes */
613
#ifdef NSS_FULL_POST
614
    static const unsigned char known_hkdf_sha384_key[] = {
615
        0x35, 0x64, 0xc4, 0xa1, 0xcc, 0xc1, 0xdc, 0xe4,
616
        0xe2, 0xca, 0x51, 0xae, 0xe8, 0x92, 0x88, 0x30,
617
        0x8b, 0xb0, 0x2b, 0xac, 0x00, 0x15, 0xac, 0x15,
618
        0x97, 0xc9, 0xf4, 0x6b, 0xf6, 0x3f, 0x97, 0xea,
619
        0x48, 0x55, 0x38, 0x25, 0x06, 0x5d, 0x91, 0x64,
620
        0xbd, 0x09, 0xf3, 0x44, 0xbc, 0x82, 0xbe, 0xdb,
621
        0x5c, 0xd7, 0xf2, 0x24, 0xa5, 0x55, 0x8d, 0xa9,
622
        0xa8, 0x85, 0xde, 0x8c, 0x33, 0xe0, 0x4d, 0xc3
623
    };
624
    static const unsigned char known_hkdf_sha512_key[] = {
625
        0x63, 0x4e, 0xbc, 0x42, 0xb3, 0x56, 0x74, 0x7d,
626
        0x1b, 0x55, 0xf0, 0x34, 0x54, 0xcb, 0x6d, 0x58,
627
        0x39, 0x96, 0x10, 0xda, 0x03, 0x20, 0x8f, 0x77,
628
        0x0d, 0xb4, 0xf7, 0xf6, 0x67, 0x0d, 0x5b, 0x6b,
629
        0xd0, 0x30, 0xc4, 0xdd, 0x67, 0x61, 0x5d, 0x9a,
630
        0xf5, 0x18, 0x6e, 0x1b, 0x60, 0x97, 0xc2, 0x4d,
631
        0x23, 0x43, 0x69, 0xe6, 0x3b, 0xa5, 0xdf, 0xe9,
632
        0x7c, 0xf1, 0x87, 0x48, 0x6f, 0xb9, 0xd3, 0x02
633
    };
634
#endif
635
0
    unsigned char outBytes[64] = { 0 };
636
637
0
    CK_HKDF_PARAMS hkdf_params;
638
639
0
    hkdf_params.bExpand = CK_TRUE;
640
0
    hkdf_params.bExtract = CK_TRUE;
641
0
    hkdf_params.ulSaltType = CKF_HKDF_SALT_DATA;
642
0
    hkdf_params.pSalt = (CK_BYTE_PTR)base_key;
643
0
    hkdf_params.ulSaltLen = sizeof(base_key);
644
0
    hkdf_params.pInfo = (CK_BYTE_PTR)base_key;
645
0
    hkdf_params.ulInfoLen = sizeof(base_key);
646
647
    /**************************************************/
648
    /* HKDF tests                                     */
649
    /**************************************************/
650
651
0
    hkdf_params.prfHashMechanism = CKM_SHA256_HMAC;
652
0
    status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL,
653
0
                       base_key, 32, NULL, outBytes, sizeof(outBytes),
654
0
                       PR_TRUE, PR_TRUE);
655
0
    if ((status != SECSuccess) ||
656
0
        PORT_Memcmp(outBytes, known_hkdf_sha256_key, sizeof(outBytes)) != 0) {
657
0
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
658
0
        return (SECFailure);
659
0
    }
660
661
#ifdef NSS_FULL_POST
662
    hkdf_params.prfHashMechanism = CKM_SHA384_HMAC;
663
    status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL,
664
                       base_key, 48, NULL, outBytes, sizeof(outBytes),
665
                       PR_TRUE, PR_TRUE);
666
    if ((status != SECSuccess) ||
667
        PORT_Memcmp(outBytes, known_hkdf_sha384_key, sizeof(outBytes)) != 0) {
668
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
669
        return (SECFailure);
670
    }
671
672
    hkdf_params.prfHashMechanism = CKM_SHA512_HMAC;
673
    status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL,
674
                       base_key, 64, NULL, outBytes, sizeof(outBytes),
675
                       PR_TRUE, PR_TRUE);
676
    if ((status != SECSuccess) ||
677
        PORT_Memcmp(outBytes, known_hkdf_sha512_key, sizeof(outBytes)) != 0) {
678
        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
679
        return (SECFailure);
680
    }
681
#endif
682
683
0
    return (SECSuccess);
684
0
}
685
686
static PRBool sftk_self_tests_ran = PR_FALSE;
687
static PRBool sftk_self_tests_success = PR_FALSE;
688
689
/*
690
 * This function is called at dll load time, the code tha makes this
691
 * happen is platform specific on defined above.
692
 */
693
void
694
sftk_startup_tests_with_rerun(PRBool rerun)
695
2
{
696
2
    SECStatus rv;
697
2
    const char *libraryName = rerun ? BLAPI_FIPS_RERUN_FLAG_STRING SOFTOKEN_LIB_NAME : SOFTOKEN_LIB_NAME;
698
699
2
    PORT_Assert(!sftk_self_tests_ran);
700
2
    PORT_Assert(!sftk_self_tests_success);
701
2
    sftk_self_tests_ran = PR_TRUE;
702
2
    sftk_self_tests_success = PR_FALSE; /* just in case */
703
704
    /* need to initiallize the oid library before the RSA tests */
705
2
    rv = SECOID_Init();
706
2
    if (rv != SECSuccess) {
707
0
        return;
708
0
    }
709
    /* make sure freebl is initialized, or our RSA check
710
     * may fail. This is normally done at freebl load time, but it's
711
     * possible we may have shut freebl down without unloading it. */
712
2
    rv = BL_Init();
713
2
    if (rv != SECSuccess) {
714
0
        return;
715
0
    }
716
717
2
    rv = RNG_RNGInit();
718
2
    if (rv != SECSuccess) {
719
0
        return;
720
0
    }
721
    /* check the RSA combined functions in softoken */
722
2
    rv = sftk_fips_RSA_PowerUpSelfTest();
723
2
    if (rv != SECSuccess) {
724
0
        return;
725
0
    }
726
2
    if (!BLAPI_SHVerify(libraryName,
727
2
                        (PRFuncPtr)&sftk_fips_RSA_PowerUpSelfTest)) {
728
        /* something is wrong with the library, fail without enabling
729
         * the token */
730
2
        return;
731
2
    }
732
0
    rv = sftk_fips_IKE_PowerUpSelfTests();
733
0
    if (rv != SECSuccess) {
734
0
        return;
735
0
    }
736
737
0
    rv = sftk_fips_SP800_108_PowerUpSelfTests();
738
0
    if (rv != SECSuccess) {
739
0
        return;
740
0
    }
741
742
0
    rv = sftk_fips_HKDF_PowerUpSelfTest();
743
0
    if (rv != SECSuccess) {
744
0
        return;
745
0
    }
746
747
0
    rv = sftk_fips_pbkdf_PowerUpSelfTests();
748
0
    if (rv != SECSuccess) {
749
0
        return;
750
0
    }
751
752
0
    sftk_self_tests_success = PR_TRUE;
753
0
}
754
755
static void
756
sftk_startup_tests(void)
757
2
{
758
2
    sftk_startup_tests_with_rerun(PR_FALSE);
759
2
}
760
761
/*
762
 * this is called from nsc_Common_Initizialize entry points that gates access
763
 * to * all other pkcs11 functions. This prevents softoken operation if our
764
 * power on selftest failed.
765
 */
766
CK_RV
767
sftk_FIPSEntryOK(PRBool rerun)
768
0
{
769
#ifdef NSS_NO_INIT_SUPPORT
770
    /* this should only be set on platforms that can't handle one of the INIT
771
     * schemes.  This code allows those platforms to continue to function,
772
     * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT
773
     * is not set, and init support has not been properly enabled, softken
774
     * will always fail because of the test below
775
     */
776
    if (!sftk_self_tests_ran) {
777
        sftk_startup_tests();
778
    }
779
#endif
780
0
    if (rerun) {
781
0
        sftk_self_tests_ran = PR_FALSE;
782
0
        sftk_self_tests_success = PR_FALSE;
783
0
        sftk_startup_tests_with_rerun(PR_TRUE);
784
0
    }
785
0
    if (!sftk_self_tests_success) {
786
0
        return CKR_DEVICE_ERROR;
787
0
    }
788
0
    return CKR_OK;
789
0
}
790
#else
791
#include "pkcs11t.h"
792
CK_RV
793
sftk_FIPSEntryOK()
794
{
795
    return CKR_DEVICE_ERROR;
796
}
797
#endif /* NSS_FIPS_DISABLED */