Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(49)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mozilla/security/nss/lib/softoken/fipstest.c

Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « mozilla/security/nss/lib/softoken/fipsaudt.c ('k') | mozilla/security/nss/lib/softoken/fipstokn.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * PKCS #11 FIPS Power-Up Self Test.
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */
8
9 #include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */
10 /* DES-CBC, DES3-ECB, DES3-CBC, RSA */
11 /* and DSA. */
12 #include "seccomon.h" /* Required for RSA and DSA. */
13 #include "lowkeyi.h" /* Required for RSA and DSA. */
14 #include "pkcs11.h" /* Required for PKCS #11. */
15 #include "secerr.h"
16
17 #ifdef NSS_ENABLE_ECC
18 #include "ec.h" /* Required for ECDSA */
19 #endif
20
21
22 /* FIPS preprocessor directives for RC2-ECB and RC2-CBC. */
23 #define FIPS_RC2_KEY_LENGTH 5 /* 40-bits */
24 #define FIPS_RC2_ENCRYPT_LENGTH 8 /* 64-bits */
25 #define FIPS_RC2_DECRYPT_LENGTH 8 /* 64-bits */
26
27
28 /* FIPS preprocessor directives for RC4. */
29 #define FIPS_RC4_KEY_LENGTH 5 /* 40-bits */
30 #define FIPS_RC4_ENCRYPT_LENGTH 8 /* 64-bits */
31 #define FIPS_RC4_DECRYPT_LENGTH 8 /* 64-bits */
32
33
34 /* FIPS preprocessor directives for DES-ECB and DES-CBC. */
35 #define FIPS_DES_ENCRYPT_LENGTH 8 /* 64-bits */
36 #define FIPS_DES_DECRYPT_LENGTH 8 /* 64-bits */
37
38
39 /* FIPS preprocessor directives for DES3-CBC and DES3-ECB. */
40 #define FIPS_DES3_ENCRYPT_LENGTH 8 /* 64-bits */
41 #define FIPS_DES3_DECRYPT_LENGTH 8 /* 64-bits */
42
43
44 /* FIPS preprocessor directives for AES-ECB and AES-CBC. */
45 #define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */
46 #define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */
47 #define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */
48 #define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */
49 #define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */
50 #define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */
51
52
53 /* FIPS preprocessor directives for message digests */
54 #define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
55
56
57 /* FIPS preprocessor directives for RSA. */
58 #define FIPS_RSA_TYPE siBuffer
59 #define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */
60 #define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */
61 #define FIPS_RSA_MESSAGE_LENGTH 256 /* 2048-bits */
62 #define FIPS_RSA_COEFFICIENT_LENGTH 128 /* 1024-bits */
63 #define FIPS_RSA_PRIME0_LENGTH 128 /* 1024-bits */
64 #define FIPS_RSA_PRIME1_LENGTH 128 /* 1024-bits */
65 #define FIPS_RSA_EXPONENT0_LENGTH 128 /* 1024-bits */
66 #define FIPS_RSA_EXPONENT1_LENGTH 128 /* 1024-bits */
67 #define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */
68 #define FIPS_RSA_ENCRYPT_LENGTH 256 /* 2048-bits */
69 #define FIPS_RSA_DECRYPT_LENGTH 256 /* 2048-bits */
70 #define FIPS_RSA_SIGNATURE_LENGTH 256 /* 2048-bits */
71 #define FIPS_RSA_MODULUS_LENGTH 256 /* 2048-bits */
72
73
74 /* FIPS preprocessor directives for DSA. */
75 #define FIPS_DSA_TYPE siBuffer
76 #define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */
77 #define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */
78 #define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */
79 #define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */
80 #define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */
81
82 /* FIPS preprocessor directives for RNG. */
83 #define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */
84
85 static CK_RV
86 sftk_fips_RC2_PowerUpSelfTest( void )
87 {
88 /* RC2 Known Key (40-bits). */
89 static const PRUint8 rc2_known_key[] = { "RSARC" };
90
91 /* RC2-CBC Known Initialization Vector (64-bits). */
92 static const PRUint8 rc2_cbc_known_initialization_vector[] = {"Security"};
93
94 /* RC2 Known Plaintext (64-bits). */
95 static const PRUint8 rc2_ecb_known_plaintext[] = {"Netscape"};
96 static const PRUint8 rc2_cbc_known_plaintext[] = {"Netscape"};
97
98 /* RC2 Known Ciphertext (64-bits). */
99 static const PRUint8 rc2_ecb_known_ciphertext[] = {
100 0x1a,0x71,0x33,0x54,0x8d,0x5c,0xd2,0x30};
101 static const PRUint8 rc2_cbc_known_ciphertext[] = {
102 0xff,0x41,0xdb,0x94,0x8a,0x4c,0x33,0xb3};
103
104 /* RC2 variables. */
105 PRUint8 rc2_computed_ciphertext[FIPS_RC2_ENCRYPT_LENGTH];
106 PRUint8 rc2_computed_plaintext[FIPS_RC2_DECRYPT_LENGTH];
107 RC2Context * rc2_context;
108 unsigned int rc2_bytes_encrypted;
109 unsigned int rc2_bytes_decrypted;
110 SECStatus rc2_status;
111
112
113 /******************************************************/
114 /* RC2-ECB Single-Round Known Answer Encryption Test: */
115 /******************************************************/
116
117 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
118 NULL, NSS_RC2,
119 FIPS_RC2_KEY_LENGTH );
120
121 if( rc2_context == NULL )
122 return( CKR_HOST_MEMORY );
123
124 rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
125 &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
126 rc2_ecb_known_plaintext,
127 FIPS_RC2_DECRYPT_LENGTH );
128
129 RC2_DestroyContext( rc2_context, PR_TRUE );
130
131 if( ( rc2_status != SECSuccess ) ||
132 ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
133 ( PORT_Memcmp( rc2_computed_ciphertext, rc2_ecb_known_ciphertext,
134 FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
135 return( CKR_DEVICE_ERROR );
136
137
138 /******************************************************/
139 /* RC2-ECB Single-Round Known Answer Decryption Test: */
140 /******************************************************/
141
142 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
143 NULL, NSS_RC2,
144 FIPS_RC2_KEY_LENGTH );
145
146 if( rc2_context == NULL )
147 return( CKR_HOST_MEMORY );
148
149 rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
150 &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
151 rc2_ecb_known_ciphertext,
152 FIPS_RC2_ENCRYPT_LENGTH );
153
154 RC2_DestroyContext( rc2_context, PR_TRUE );
155
156 if( ( rc2_status != SECSuccess ) ||
157 ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
158 ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
159 FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
160 return( CKR_DEVICE_ERROR );
161
162
163 /******************************************************/
164 /* RC2-CBC Single-Round Known Answer Encryption Test: */
165 /******************************************************/
166
167 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
168 rc2_cbc_known_initialization_vector,
169 NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
170
171 if( rc2_context == NULL )
172 return( CKR_HOST_MEMORY );
173
174 rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
175 &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
176 rc2_cbc_known_plaintext,
177 FIPS_RC2_DECRYPT_LENGTH );
178
179 RC2_DestroyContext( rc2_context, PR_TRUE );
180
181 if( ( rc2_status != SECSuccess ) ||
182 ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
183 ( PORT_Memcmp( rc2_computed_ciphertext, rc2_cbc_known_ciphertext,
184 FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
185 return( CKR_DEVICE_ERROR );
186
187
188 /******************************************************/
189 /* RC2-CBC Single-Round Known Answer Decryption Test: */
190 /******************************************************/
191
192 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
193 rc2_cbc_known_initialization_vector,
194 NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
195
196 if( rc2_context == NULL )
197 return( CKR_HOST_MEMORY );
198
199 rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
200 &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
201 rc2_cbc_known_ciphertext,
202 FIPS_RC2_ENCRYPT_LENGTH );
203
204 RC2_DestroyContext( rc2_context, PR_TRUE );
205
206 if( ( rc2_status != SECSuccess ) ||
207 ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
208 ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
209 FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
210 return( CKR_DEVICE_ERROR );
211
212 return( CKR_OK );
213 }
214
215
216 static CK_RV
217 sftk_fips_RC4_PowerUpSelfTest( void )
218 {
219 /* RC4 Known Key (40-bits). */
220 static const PRUint8 rc4_known_key[] = { "RSARC" };
221
222 /* RC4 Known Plaintext (64-bits). */
223 static const PRUint8 rc4_known_plaintext[] = { "Netscape" };
224
225 /* RC4 Known Ciphertext (64-bits). */
226 static const PRUint8 rc4_known_ciphertext[] = {
227 0x29,0x33,0xc7,0x9a,0x9d,0x6c,0x09,0xdd};
228
229 /* RC4 variables. */
230 PRUint8 rc4_computed_ciphertext[FIPS_RC4_ENCRYPT_LENGTH];
231 PRUint8 rc4_computed_plaintext[FIPS_RC4_DECRYPT_LENGTH];
232 RC4Context * rc4_context;
233 unsigned int rc4_bytes_encrypted;
234 unsigned int rc4_bytes_decrypted;
235 SECStatus rc4_status;
236
237
238 /**************************************************/
239 /* RC4 Single-Round Known Answer Encryption Test: */
240 /**************************************************/
241
242 rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
243
244 if( rc4_context == NULL )
245 return( CKR_HOST_MEMORY );
246
247 rc4_status = RC4_Encrypt( rc4_context, rc4_computed_ciphertext,
248 &rc4_bytes_encrypted, FIPS_RC4_ENCRYPT_LENGTH,
249 rc4_known_plaintext, FIPS_RC4_DECRYPT_LENGTH );
250
251 RC4_DestroyContext( rc4_context, PR_TRUE );
252
253 if( ( rc4_status != SECSuccess ) ||
254 ( rc4_bytes_encrypted != FIPS_RC4_ENCRYPT_LENGTH ) ||
255 ( PORT_Memcmp( rc4_computed_ciphertext, rc4_known_ciphertext,
256 FIPS_RC4_ENCRYPT_LENGTH ) != 0 ) )
257 return( CKR_DEVICE_ERROR );
258
259
260 /**************************************************/
261 /* RC4 Single-Round Known Answer Decryption Test: */
262 /**************************************************/
263
264 rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
265
266 if( rc4_context == NULL )
267 return( CKR_HOST_MEMORY );
268
269 rc4_status = RC4_Decrypt( rc4_context, rc4_computed_plaintext,
270 &rc4_bytes_decrypted, FIPS_RC4_DECRYPT_LENGTH,
271 rc4_known_ciphertext, FIPS_RC4_ENCRYPT_LENGTH );
272
273 RC4_DestroyContext( rc4_context, PR_TRUE );
274
275 if( ( rc4_status != SECSuccess ) ||
276 ( rc4_bytes_decrypted != FIPS_RC4_DECRYPT_LENGTH ) ||
277 ( PORT_Memcmp( rc4_computed_plaintext, rc4_known_plaintext,
278 FIPS_RC4_DECRYPT_LENGTH ) != 0 ) )
279 return( CKR_DEVICE_ERROR );
280
281 return( CKR_OK );
282 }
283
284
285 static CK_RV
286 sftk_fips_DES_PowerUpSelfTest( void )
287 {
288 /* DES Known Key (56-bits). */
289 static const PRUint8 des_known_key[] = { "ANSI DES" };
290
291 /* DES-CBC Known Initialization Vector (64-bits). */
292 static const PRUint8 des_cbc_known_initialization_vector[] = { "Security" };
293
294 /* DES Known Plaintext (64-bits). */
295 static const PRUint8 des_ecb_known_plaintext[] = { "Netscape" };
296 static const PRUint8 des_cbc_known_plaintext[] = { "Netscape" };
297
298 /* DES Known Ciphertext (64-bits). */
299 static const PRUint8 des_ecb_known_ciphertext[] = {
300 0x26,0x14,0xe9,0xc3,0x28,0x80,0x50,0xb0};
301 static const PRUint8 des_cbc_known_ciphertext[] = {
302 0x5e,0x95,0x94,0x5d,0x76,0xa2,0xd3,0x7d};
303
304 /* DES variables. */
305 PRUint8 des_computed_ciphertext[FIPS_DES_ENCRYPT_LENGTH];
306 PRUint8 des_computed_plaintext[FIPS_DES_DECRYPT_LENGTH];
307 DESContext * des_context;
308 unsigned int des_bytes_encrypted;
309 unsigned int des_bytes_decrypted;
310 SECStatus des_status;
311
312
313 /******************************************************/
314 /* DES-ECB Single-Round Known Answer Encryption Test: */
315 /******************************************************/
316
317 des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_TRUE );
318
319 if( des_context == NULL )
320 return( CKR_HOST_MEMORY );
321
322 des_status = DES_Encrypt( des_context, des_computed_ciphertext,
323 &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
324 des_ecb_known_plaintext,
325 FIPS_DES_DECRYPT_LENGTH );
326
327 DES_DestroyContext( des_context, PR_TRUE );
328
329 if( ( des_status != SECSuccess ) ||
330 ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
331 ( PORT_Memcmp( des_computed_ciphertext, des_ecb_known_ciphertext,
332 FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
333 return( CKR_DEVICE_ERROR );
334
335
336 /******************************************************/
337 /* DES-ECB Single-Round Known Answer Decryption Test: */
338 /******************************************************/
339
340 des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_FALSE );
341
342 if( des_context == NULL )
343 return( CKR_HOST_MEMORY );
344
345 des_status = DES_Decrypt( des_context, des_computed_plaintext,
346 &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
347 des_ecb_known_ciphertext,
348 FIPS_DES_ENCRYPT_LENGTH );
349
350 DES_DestroyContext( des_context, PR_TRUE );
351
352 if( ( des_status != SECSuccess ) ||
353 ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
354 ( PORT_Memcmp( des_computed_plaintext, des_ecb_known_plaintext,
355 FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
356 return( CKR_DEVICE_ERROR );
357
358
359 /******************************************************/
360 /* DES-CBC Single-Round Known Answer Encryption Test. */
361 /******************************************************/
362
363 des_context = DES_CreateContext( des_known_key,
364 des_cbc_known_initialization_vector,
365 NSS_DES_CBC, PR_TRUE );
366
367 if( des_context == NULL )
368 return( CKR_HOST_MEMORY );
369
370 des_status = DES_Encrypt( des_context, des_computed_ciphertext,
371 &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
372 des_cbc_known_plaintext,
373 FIPS_DES_DECRYPT_LENGTH );
374
375 DES_DestroyContext( des_context, PR_TRUE );
376
377 if( ( des_status != SECSuccess ) ||
378 ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
379 ( PORT_Memcmp( des_computed_ciphertext, des_cbc_known_ciphertext,
380 FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
381 return( CKR_DEVICE_ERROR );
382
383
384 /******************************************************/
385 /* DES-CBC Single-Round Known Answer Decryption Test. */
386 /******************************************************/
387
388 des_context = DES_CreateContext( des_known_key,
389 des_cbc_known_initialization_vector,
390 NSS_DES_CBC, PR_FALSE );
391
392 if( des_context == NULL )
393 return( CKR_HOST_MEMORY );
394
395 des_status = DES_Decrypt( des_context, des_computed_plaintext,
396 &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
397 des_cbc_known_ciphertext,
398 FIPS_DES_ENCRYPT_LENGTH );
399
400 DES_DestroyContext( des_context, PR_TRUE );
401
402 if( ( des_status != SECSuccess ) ||
403 ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
404 ( PORT_Memcmp( des_computed_plaintext, des_cbc_known_plaintext,
405 FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
406 return( CKR_DEVICE_ERROR );
407
408 return( CKR_OK );
409 }
410
411
412 static CK_RV
413 sftk_fips_DES3_PowerUpSelfTest( void )
414 {
415 /* DES3 Known Key (56-bits). */
416 static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
417
418 /* DES3-CBC Known Initialization Vector (64-bits). */
419 static const PRUint8 des3_cbc_known_initialization_vector[] = { "Security" } ;
420
421 /* DES3 Known Plaintext (64-bits). */
422 static const PRUint8 des3_ecb_known_plaintext[] = { "Netscape" };
423 static const PRUint8 des3_cbc_known_plaintext[] = { "Netscape" };
424
425 /* DES3 Known Ciphertext (64-bits). */
426 static const PRUint8 des3_ecb_known_ciphertext[] = {
427 0x55,0x8e,0xad,0x3c,0xee,0x49,0x69,0xbe};
428 static const PRUint8 des3_cbc_known_ciphertext[] = {
429 0x43,0xdc,0x6a,0xc1,0xaf,0xa6,0x32,0xf5};
430
431 /* DES3 variables. */
432 PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
433 PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
434 DESContext * des3_context;
435 unsigned int des3_bytes_encrypted;
436 unsigned int des3_bytes_decrypted;
437 SECStatus des3_status;
438
439
440 /*******************************************************/
441 /* DES3-ECB Single-Round Known Answer Encryption Test. */
442 /*******************************************************/
443
444 des3_context = DES_CreateContext( des3_known_key, NULL,
445 NSS_DES_EDE3, PR_TRUE );
446
447 if( des3_context == NULL )
448 return( CKR_HOST_MEMORY );
449
450 des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
451 &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
452 des3_ecb_known_plaintext,
453 FIPS_DES3_DECRYPT_LENGTH );
454
455 DES_DestroyContext( des3_context, PR_TRUE );
456
457 if( ( des3_status != SECSuccess ) ||
458 ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
459 ( PORT_Memcmp( des3_computed_ciphertext, des3_ecb_known_ciphertext,
460 FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
461 return( CKR_DEVICE_ERROR );
462
463
464 /*******************************************************/
465 /* DES3-ECB Single-Round Known Answer Decryption Test. */
466 /*******************************************************/
467
468 des3_context = DES_CreateContext( des3_known_key, NULL,
469 NSS_DES_EDE3, PR_FALSE );
470
471 if( des3_context == NULL )
472 return( CKR_HOST_MEMORY );
473
474 des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
475 &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
476 des3_ecb_known_ciphertext,
477 FIPS_DES3_ENCRYPT_LENGTH );
478
479 DES_DestroyContext( des3_context, PR_TRUE );
480
481 if( ( des3_status != SECSuccess ) ||
482 ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
483 ( PORT_Memcmp( des3_computed_plaintext, des3_ecb_known_plaintext,
484 FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
485 return( CKR_DEVICE_ERROR );
486
487
488 /*******************************************************/
489 /* DES3-CBC Single-Round Known Answer Encryption Test. */
490 /*******************************************************/
491
492 des3_context = DES_CreateContext( des3_known_key,
493 des3_cbc_known_initialization_vector,
494 NSS_DES_EDE3_CBC, PR_TRUE );
495
496 if( des3_context == NULL )
497 return( CKR_HOST_MEMORY );
498
499 des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
500 &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
501 des3_cbc_known_plaintext,
502 FIPS_DES3_DECRYPT_LENGTH );
503
504 DES_DestroyContext( des3_context, PR_TRUE );
505
506 if( ( des3_status != SECSuccess ) ||
507 ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
508 ( PORT_Memcmp( des3_computed_ciphertext, des3_cbc_known_ciphertext,
509 FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
510 return( CKR_DEVICE_ERROR );
511
512
513 /*******************************************************/
514 /* DES3-CBC Single-Round Known Answer Decryption Test. */
515 /*******************************************************/
516
517 des3_context = DES_CreateContext( des3_known_key,
518 des3_cbc_known_initialization_vector,
519 NSS_DES_EDE3_CBC, PR_FALSE );
520
521 if( des3_context == NULL )
522 return( CKR_HOST_MEMORY );
523
524 des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
525 &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
526 des3_cbc_known_ciphertext,
527 FIPS_DES3_ENCRYPT_LENGTH );
528
529 DES_DestroyContext( des3_context, PR_TRUE );
530
531 if( ( des3_status != SECSuccess ) ||
532 ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
533 ( PORT_Memcmp( des3_computed_plaintext, des3_cbc_known_plaintext,
534 FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
535 return( CKR_DEVICE_ERROR );
536
537 return( CKR_OK );
538 }
539
540
541 /* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/
542 static CK_RV
543 sftk_fips_AES_PowerUpSelfTest( int aes_key_size )
544 {
545 /* AES Known Key (up to 256-bits). */
546 static const PRUint8 aes_known_key[] =
547 { "AES-128 RIJNDAELLEADNJIR 821-SEA" };
548
549 /* AES-CBC Known Initialization Vector (128-bits). */
550 static const PRUint8 aes_cbc_known_initialization_vector[] =
551 { "SecurityytiruceS" };
552
553 /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
554 static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" };
555
556 /* AES Known Ciphertext (128-bit key). */
557 static const PRUint8 aes_ecb128_known_ciphertext[] = {
558 0x3c,0xa5,0x96,0xf3,0x34,0x6a,0x96,0xc1,
559 0x03,0x88,0x16,0x7b,0x20,0xbf,0x35,0x47 };
560
561 static const PRUint8 aes_cbc128_known_ciphertext[] = {
562 0xcf,0x15,0x1d,0x4f,0x96,0xe4,0x4f,0x63,
563 0x15,0x54,0x14,0x1d,0x4e,0xd8,0xd5,0xea };
564
565 /* AES Known Ciphertext (192-bit key). */
566 static const PRUint8 aes_ecb192_known_ciphertext[] = {
567 0xa0,0x18,0x62,0xed,0x88,0x19,0xcb,0x62,
568 0x88,0x1d,0x4d,0xfe,0x84,0x02,0x89,0x0e };
569
570 static const PRUint8 aes_cbc192_known_ciphertext[] = {
571 0x83,0xf7,0xa4,0x76,0xd1,0x6f,0x07,0xbe,
572 0x07,0xbc,0x43,0x2f,0x6d,0xad,0x29,0xe1 };
573
574 /* AES Known Ciphertext (256-bit key). */
575 static const PRUint8 aes_ecb256_known_ciphertext[] = {
576 0xdb,0xa6,0x52,0x01,0x8a,0x70,0xae,0x66,
577 0x3a,0x99,0xd8,0x95,0x7f,0xfb,0x01,0x67 };
578
579 static const PRUint8 aes_cbc256_known_ciphertext[] = {
580 0x37,0xea,0x07,0x06,0x31,0x1c,0x59,0x27,
581 0xc5,0xc5,0x68,0x71,0x6e,0x34,0x40,0x16 };
582
583 const PRUint8 *aes_ecb_known_ciphertext =
584 ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext :
585 ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext :
586 aes_ecb256_known_ciphertext;
587
588 const PRUint8 *aes_cbc_known_ciphertext =
589 ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext :
590 ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext :
591 aes_cbc256_known_ciphertext;
592
593 /* AES variables. */
594 PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH];
595 PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH];
596 AESContext * aes_context;
597 unsigned int aes_bytes_encrypted;
598 unsigned int aes_bytes_decrypted;
599 SECStatus aes_status;
600
601 /*check if aes_key_size is 128, 192, or 256 bits */
602 if ((aes_key_size != FIPS_AES_128_KEY_SIZE) &&
603 (aes_key_size != FIPS_AES_192_KEY_SIZE) &&
604 (aes_key_size != FIPS_AES_256_KEY_SIZE))
605 return( CKR_DEVICE_ERROR );
606
607 /******************************************************/
608 /* AES-ECB Single-Round Known Answer Encryption Test: */
609 /******************************************************/
610
611 aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_TRUE,
612 aes_key_size, FIPS_AES_BLOCK_SIZE );
613
614 if( aes_context == NULL )
615 return( CKR_HOST_MEMORY );
616
617 aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
618 &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
619 aes_known_plaintext,
620 FIPS_AES_DECRYPT_LENGTH );
621
622 AES_DestroyContext( aes_context, PR_TRUE );
623
624 if( ( aes_status != SECSuccess ) ||
625 ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
626 ( PORT_Memcmp( aes_computed_ciphertext, aes_ecb_known_ciphertext,
627 FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
628 return( CKR_DEVICE_ERROR );
629
630
631 /******************************************************/
632 /* AES-ECB Single-Round Known Answer Decryption Test: */
633 /******************************************************/
634
635 aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_FALSE,
636 aes_key_size, FIPS_AES_BLOCK_SIZE );
637
638 if( aes_context == NULL )
639 return( CKR_HOST_MEMORY );
640
641 aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
642 &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
643 aes_ecb_known_ciphertext,
644 FIPS_AES_ENCRYPT_LENGTH );
645
646 AES_DestroyContext( aes_context, PR_TRUE );
647
648 if( ( aes_status != SECSuccess ) ||
649 ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
650 ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
651 FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
652 return( CKR_DEVICE_ERROR );
653
654
655 /******************************************************/
656 /* AES-CBC Single-Round Known Answer Encryption Test. */
657 /******************************************************/
658
659 aes_context = AES_CreateContext( aes_known_key,
660 aes_cbc_known_initialization_vector,
661 NSS_AES_CBC, PR_TRUE, aes_key_size,
662 FIPS_AES_BLOCK_SIZE );
663
664 if( aes_context == NULL )
665 return( CKR_HOST_MEMORY );
666
667 aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
668 &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
669 aes_known_plaintext,
670 FIPS_AES_DECRYPT_LENGTH );
671
672 AES_DestroyContext( aes_context, PR_TRUE );
673
674 if( ( aes_status != SECSuccess ) ||
675 ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
676 ( PORT_Memcmp( aes_computed_ciphertext, aes_cbc_known_ciphertext,
677 FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
678 return( CKR_DEVICE_ERROR );
679
680
681 /******************************************************/
682 /* AES-CBC Single-Round Known Answer Decryption Test. */
683 /******************************************************/
684
685 aes_context = AES_CreateContext( aes_known_key,
686 aes_cbc_known_initialization_vector,
687 NSS_AES_CBC, PR_FALSE, aes_key_size,
688 FIPS_AES_BLOCK_SIZE );
689
690 if( aes_context == NULL )
691 return( CKR_HOST_MEMORY );
692
693 aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
694 &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
695 aes_cbc_known_ciphertext,
696 FIPS_AES_ENCRYPT_LENGTH );
697
698 AES_DestroyContext( aes_context, PR_TRUE );
699
700 if( ( aes_status != SECSuccess ) ||
701 ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
702 ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
703 FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
704 return( CKR_DEVICE_ERROR );
705
706 return( CKR_OK );
707 }
708
709 /* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */
710 static const PRUint8 known_hash_message[] = {
711 "The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
712
713
714 static CK_RV
715 sftk_fips_MD2_PowerUpSelfTest( void )
716 {
717 /* MD2 Known Digest Message (128-bits). */
718 static const PRUint8 md2_known_digest[] = {
719 0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17,
720 0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b};
721
722 /* MD2 variables. */
723 MD2Context * md2_context;
724 unsigned int md2_bytes_hashed;
725 PRUint8 md2_computed_digest[MD2_LENGTH];
726
727
728 /***********************************************/
729 /* MD2 Single-Round Known Answer Hashing Test. */
730 /***********************************************/
731
732 md2_context = MD2_NewContext();
733
734 if( md2_context == NULL )
735 return( CKR_HOST_MEMORY );
736
737 MD2_Begin( md2_context );
738
739 MD2_Update( md2_context, known_hash_message,
740 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
741
742 MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH );
743
744 MD2_DestroyContext( md2_context , PR_TRUE );
745
746 if( ( md2_bytes_hashed != MD2_LENGTH ) ||
747 ( PORT_Memcmp( md2_computed_digest, md2_known_digest,
748 MD2_LENGTH ) != 0 ) )
749 return( CKR_DEVICE_ERROR );
750
751 return( CKR_OK );
752 }
753
754
755 static CK_RV
756 sftk_fips_MD5_PowerUpSelfTest( void )
757 {
758 /* MD5 Known Digest Message (128-bits). */
759 static const PRUint8 md5_known_digest[] = {
760 0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28,
761 0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d};
762
763 /* MD5 variables. */
764 PRUint8 md5_computed_digest[MD5_LENGTH];
765 SECStatus md5_status;
766
767
768 /***********************************************/
769 /* MD5 Single-Round Known Answer Hashing Test. */
770 /***********************************************/
771
772 md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message,
773 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
774
775 if( ( md5_status != SECSuccess ) ||
776 ( PORT_Memcmp( md5_computed_digest, md5_known_digest,
777 MD5_LENGTH ) != 0 ) )
778 return( CKR_DEVICE_ERROR );
779
780 return( CKR_OK );
781 }
782
783 /****************************************************/
784 /* Single Round HMAC SHA-X test */
785 /****************************************************/
786 static SECStatus
787 sftk_fips_HMAC(unsigned char *hmac_computed,
788 const PRUint8 *secret_key,
789 unsigned int secret_key_length,
790 const PRUint8 *message,
791 unsigned int message_length,
792 HASH_HashType hashAlg )
793 {
794 SECStatus hmac_status = SECFailure;
795 HMACContext *cx = NULL;
796 SECHashObject *hashObj = NULL;
797 unsigned int bytes_hashed = 0;
798
799 hashObj = (SECHashObject *) HASH_GetRawHashObject(hashAlg);
800
801 if (!hashObj)
802 return( SECFailure );
803
804 cx = HMAC_Create(hashObj, secret_key,
805 secret_key_length,
806 PR_TRUE); /* PR_TRUE for in FIPS mode */
807
808 if (cx == NULL)
809 return( SECFailure );
810
811 HMAC_Begin(cx);
812 HMAC_Update(cx, message, message_length);
813 hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
814 hashObj->length);
815
816 HMAC_Destroy(cx, PR_TRUE);
817
818 return( hmac_status );
819 }
820
821 static CK_RV
822 sftk_fips_HMAC_PowerUpSelfTest( void )
823 {
824 static const PRUint8 HMAC_known_secret_key[] = {
825 "Firefox and ThunderBird are awesome!"};
826
827 static const PRUint8 HMAC_known_secret_key_length
828 = sizeof HMAC_known_secret_key;
829
830 /* known SHA1 hmac (20 bytes) */
831 static const PRUint8 known_SHA1_hmac[] = {
832 0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05,
833 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
834 0x5d, 0x0e, 0x1e, 0x11};
835
836 /* known SHA224 hmac (28 bytes) */
837 static const PRUint8 known_SHA224_hmac[] = {
838 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
839 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
840 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
841 0x9a, 0xb8, 0x98, 0x4e};
842
843 /* known SHA256 hmac (32 bytes) */
844 static const PRUint8 known_SHA256_hmac[] = {
845 0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44,
846 0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0,
847 0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9,
848 0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48};
849
850 /* known SHA384 hmac (48 bytes) */
851 static const PRUint8 known_SHA384_hmac[] = {
852 0xcd, 0x56, 0x14, 0xec, 0x05, 0x53, 0x06, 0x2b,
853 0x7e, 0x9c, 0x8a, 0x18, 0x5e, 0xea, 0xf3, 0x91,
854 0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b,
855 0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d,
856 0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa,
857 0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87};
858
859 /* known SHA512 hmac (64 bytes) */
860 static const PRUint8 known_SHA512_hmac[] = {
861 0xf6, 0x0e, 0x97, 0x12, 0x00, 0x67, 0x6e, 0xb9,
862 0x0c, 0xb2, 0x63, 0xf0, 0x60, 0xac, 0x75, 0x62,
863 0x70, 0x95, 0x2a, 0x52, 0x22, 0xee, 0xdd, 0xd2,
864 0x71, 0xb1, 0xe8, 0x26, 0x33, 0xd3, 0x13, 0x27,
865 0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb,
866 0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1,
867 0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4,
868 0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37};
869
870 SECStatus hmac_status;
871 PRUint8 hmac_computed[HASH_LENGTH_MAX];
872
873 /***************************************************/
874 /* HMAC SHA-1 Single-Round Known Answer HMAC Test. */
875 /***************************************************/
876
877 hmac_status = sftk_fips_HMAC(hmac_computed,
878 HMAC_known_secret_key,
879 HMAC_known_secret_key_length,
880 known_hash_message,
881 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
882 HASH_AlgSHA1);
883
884 if( ( hmac_status != SECSuccess ) ||
885 ( PORT_Memcmp( hmac_computed, known_SHA1_hmac,
886 SHA1_LENGTH ) != 0 ) )
887 return( CKR_DEVICE_ERROR );
888
889 /***************************************************/
890 /* HMAC SHA-224 Single-Round Known Answer Test. */
891 /***************************************************/
892
893 hmac_status = sftk_fips_HMAC(hmac_computed,
894 HMAC_known_secret_key,
895 HMAC_known_secret_key_length,
896 known_hash_message,
897 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
898 HASH_AlgSHA224);
899
900 if( ( hmac_status != SECSuccess ) ||
901 ( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
902 SHA224_LENGTH ) != 0 ) )
903 return( CKR_DEVICE_ERROR );
904
905 /***************************************************/
906 /* HMAC SHA-256 Single-Round Known Answer Test. */
907 /***************************************************/
908
909 hmac_status = sftk_fips_HMAC(hmac_computed,
910 HMAC_known_secret_key,
911 HMAC_known_secret_key_length,
912 known_hash_message,
913 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
914 HASH_AlgSHA256);
915
916 if( ( hmac_status != SECSuccess ) ||
917 ( PORT_Memcmp( hmac_computed, known_SHA256_hmac,
918 SHA256_LENGTH ) != 0 ) )
919 return( CKR_DEVICE_ERROR );
920
921 /***************************************************/
922 /* HMAC SHA-384 Single-Round Known Answer Test. */
923 /***************************************************/
924
925 hmac_status = sftk_fips_HMAC(hmac_computed,
926 HMAC_known_secret_key,
927 HMAC_known_secret_key_length,
928 known_hash_message,
929 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
930 HASH_AlgSHA384);
931
932 if( ( hmac_status != SECSuccess ) ||
933 ( PORT_Memcmp( hmac_computed, known_SHA384_hmac,
934 SHA384_LENGTH ) != 0 ) )
935 return( CKR_DEVICE_ERROR );
936
937 /***************************************************/
938 /* HMAC SHA-512 Single-Round Known Answer Test. */
939 /***************************************************/
940
941 hmac_status = sftk_fips_HMAC(hmac_computed,
942 HMAC_known_secret_key,
943 HMAC_known_secret_key_length,
944 known_hash_message,
945 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
946 HASH_AlgSHA512);
947
948 if( ( hmac_status != SECSuccess ) ||
949 ( PORT_Memcmp( hmac_computed, known_SHA512_hmac,
950 SHA512_LENGTH ) != 0 ) )
951 return( CKR_DEVICE_ERROR );
952
953 return( CKR_OK );
954 }
955
956 static CK_RV
957 sftk_fips_SHA_PowerUpSelfTest( void )
958 {
959 /* SHA-1 Known Digest Message (160-bits). */
960 static const PRUint8 sha1_known_digest[] = {
961 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
962 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
963 0xe0,0x68,0x47,0x7a};
964
965 /* SHA-224 Known Digest Message (224-bits). */
966 static const PRUint8 sha224_known_digest[] = {
967 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
968 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
969 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
970 0x8e,0x08,0xe5,0xcb};
971
972 /* SHA-256 Known Digest Message (256-bits). */
973 static const PRUint8 sha256_known_digest[] = {
974 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
975 0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d,
976 0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9,
977 0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79};
978
979 /* SHA-384 Known Digest Message (384-bits). */
980 static const PRUint8 sha384_known_digest[] = {
981 0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3,
982 0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe,
983 0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8,
984 0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b,
985 0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3,
986 0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72};
987
988 /* SHA-512 Known Digest Message (512-bits). */
989 static const PRUint8 sha512_known_digest[] = {
990 0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf,
991 0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb,
992 0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99,
993 0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28,
994 0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12,
995 0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f,
996 0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a,
997 0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07};
998
999 /* SHA-X variables. */
1000 PRUint8 sha_computed_digest[HASH_LENGTH_MAX];
1001 SECStatus sha_status;
1002
1003 /*************************************************/
1004 /* SHA-1 Single-Round Known Answer Hashing Test. */
1005 /*************************************************/
1006
1007 sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message,
1008 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1009
1010 if( ( sha_status != SECSuccess ) ||
1011 ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
1012 SHA1_LENGTH ) != 0 ) )
1013 return( CKR_DEVICE_ERROR );
1014
1015 /***************************************************/
1016 /* SHA-224 Single-Round Known Answer Hashing Test. */
1017 /***************************************************/
1018
1019 sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
1020 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1021
1022 if( ( sha_status != SECSuccess ) ||
1023 ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
1024 SHA224_LENGTH ) != 0 ) )
1025 return( CKR_DEVICE_ERROR );
1026
1027 /***************************************************/
1028 /* SHA-256 Single-Round Known Answer Hashing Test. */
1029 /***************************************************/
1030
1031 sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message,
1032 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1033
1034 if( ( sha_status != SECSuccess ) ||
1035 ( PORT_Memcmp( sha_computed_digest, sha256_known_digest,
1036 SHA256_LENGTH ) != 0 ) )
1037 return( CKR_DEVICE_ERROR );
1038
1039 /***************************************************/
1040 /* SHA-384 Single-Round Known Answer Hashing Test. */
1041 /***************************************************/
1042
1043 sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message,
1044 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1045
1046 if( ( sha_status != SECSuccess ) ||
1047 ( PORT_Memcmp( sha_computed_digest, sha384_known_digest,
1048 SHA384_LENGTH ) != 0 ) )
1049 return( CKR_DEVICE_ERROR );
1050
1051 /***************************************************/
1052 /* SHA-512 Single-Round Known Answer Hashing Test. */
1053 /***************************************************/
1054
1055 sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message,
1056 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1057
1058 if( ( sha_status != SECSuccess ) ||
1059 ( PORT_Memcmp( sha_computed_digest, sha512_known_digest,
1060 SHA512_LENGTH ) != 0 ) )
1061 return( CKR_DEVICE_ERROR );
1062
1063 return( CKR_OK );
1064 }
1065
1066 /*
1067 * Single round RSA Signature Known Answer Test
1068 */
1069 static SECStatus
1070 sftk_fips_RSA_PowerUpSigSelfTest (HASH_HashType shaAlg,
1071 NSSLOWKEYPublicKey *rsa_public_key,
1072 NSSLOWKEYPrivateKey *rsa_private_key,
1073 const unsigned char *rsa_known_msg,
1074 const unsigned int rsa_kmsg_length,
1075 const unsigned char *rsa_known_signature)
1076 {
1077 SECOidTag shaOid; /* SHA OID */
1078 unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
1079 unsigned int shaLength = 0; /* length of SHA */
1080 unsigned int rsa_bytes_signed;
1081 unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
1082 SECStatus rv;
1083
1084 if (shaAlg == HASH_AlgSHA1) {
1085 if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1086 != SECSuccess) {
1087 goto loser;
1088 }
1089 shaLength = SHA1_LENGTH;
1090 shaOid = SEC_OID_SHA1;
1091 } else if (shaAlg == HASH_AlgSHA256) {
1092 if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1093 != SECSuccess) {
1094 goto loser;
1095 }
1096 shaLength = SHA256_LENGTH;
1097 shaOid = SEC_OID_SHA256;
1098 } else if (shaAlg == HASH_AlgSHA384) {
1099 if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1100 != SECSuccess) {
1101 goto loser;
1102 }
1103 shaLength = SHA384_LENGTH;
1104 shaOid = SEC_OID_SHA384;
1105 } else if (shaAlg == HASH_AlgSHA512) {
1106 if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1107 != SECSuccess) {
1108 goto loser;
1109 }
1110 shaLength = SHA512_LENGTH;
1111 shaOid = SEC_OID_SHA512;
1112 } else {
1113 goto loser;
1114 }
1115
1116 /*************************************************/
1117 /* RSA Single-Round Known Answer Signature Test. */
1118 /*************************************************/
1119
1120 /* Perform RSA signature with the RSA private key. */
1121 rv = RSA_HashSign( shaOid,
1122 rsa_private_key,
1123 rsa_computed_signature,
1124 &rsa_bytes_signed,
1125 FIPS_RSA_SIGNATURE_LENGTH,
1126 sha,
1127 shaLength);
1128
1129 if( ( rv != SECSuccess ) ||
1130 ( rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH ) ||
1131 ( PORT_Memcmp( rsa_computed_signature, rsa_known_signature,
1132 FIPS_RSA_SIGNATURE_LENGTH ) != 0 ) ) {
1133 goto loser;
1134 }
1135
1136 /****************************************************/
1137 /* RSA Single-Round Known Answer Verification Test. */
1138 /****************************************************/
1139
1140 /* Perform RSA verification with the RSA public key. */
1141 rv = RSA_HashCheckSign( shaOid,
1142 rsa_public_key,
1143 rsa_computed_signature,
1144 rsa_bytes_signed,
1145 sha,
1146 shaLength);
1147
1148 if( rv != SECSuccess ) {
1149 goto loser;
1150 }
1151 return( SECSuccess );
1152
1153 loser:
1154
1155 return( SECFailure );
1156
1157 }
1158
1159 static CK_RV
1160 sftk_fips_RSA_PowerUpSelfTest( void )
1161 {
1162 /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */
1163 static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
1164 0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
1165 0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
1166 0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
1167 0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
1168 0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
1169 0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
1170 0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
1171 0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
1172 0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
1173 0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
1174 0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
1175 0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
1176 0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
1177 0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
1178 0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
1179 0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
1180 0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
1181 0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
1182 0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
1183 0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
1184 0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
1185 0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
1186 0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
1187 0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
1188 0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
1189 0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
1190 0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
1191 0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
1192 0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
1193 0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
1194 0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
1195 0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b};
1196
1197 /* RSA Known Public Key Values (24-bits). */
1198 static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH]
1199 = { 0x01, 0x00, 0x01 };
1200 /* RSA Known Private Key Values (version is 8-bits), */
1201 /* (private exponent is 2048-bits), */
1202 /* (private prime0 is 1024-bits), */
1203 /* (private prime1 is 1024-bits), */
1204 /* (private prime exponent0 is 1024-bits), */
1205 /* (private prime exponent1 is 1024-bits), */
1206 /* and (private coefficient is 1024-bits). */
1207 static const PRUint8 rsa_version[] = { 0x00 };
1208
1209 static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH]
1210 = {0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
1211 0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
1212 0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
1213 0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
1214 0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
1215 0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
1216 0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
1217 0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
1218 0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
1219 0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
1220 0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
1221 0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
1222 0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
1223 0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
1224 0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
1225 0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
1226 0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
1227 0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
1228 0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
1229 0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
1230 0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
1231 0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
1232 0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
1233 0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
1234 0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
1235 0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
1236 0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
1237 0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
1238 0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
1239 0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
1240 0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
1241 0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81 };
1242
1243 static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
1244 0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
1245 0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
1246 0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
1247 0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
1248 0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
1249 0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
1250 0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
1251 0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
1252 0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
1253 0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
1254 0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
1255 0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
1256 0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
1257 0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
1258 0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
1259 0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05};
1260 static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
1261 0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
1262 0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
1263 0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
1264 0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
1265 0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
1266 0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
1267 0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
1268 0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
1269 0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
1270 0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
1271 0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
1272 0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
1273 0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
1274 0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
1275 0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
1276 0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf};
1277 static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
1278 0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
1279 0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
1280 0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
1281 0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
1282 0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
1283 0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
1284 0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
1285 0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
1286 0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
1287 0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
1288 0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
1289 0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
1290 0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
1291 0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
1292 0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
1293 0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d};
1294 static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
1295 0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
1296 0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
1297 0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
1298 0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
1299 0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
1300 0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
1301 0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
1302 0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
1303 0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
1304 0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
1305 0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
1306 0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
1307 0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
1308 0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
1309 0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
1310 0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59};
1311 static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
1312 0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
1313 0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
1314 0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
1315 0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
1316 0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
1317 0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
1318 0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
1319 0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
1320 0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
1321 0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
1322 0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
1323 0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
1324 0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
1325 0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
1326 0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
1327 0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02};
1328
1329 /* RSA Known Plaintext Message (1024-bits). */
1330 static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
1331 "Known plaintext message utilized"
1332 "for RSA Encryption & Decryption"
1333 "blocks SHA256, SHA384 and "
1334 "SHA512 RSA Signature KAT tests. "
1335 "Known plaintext message utilized"
1336 "for RSA Encryption & Decryption"
1337 "blocks SHA256, SHA384 and "
1338 "SHA512 RSA Signature KAT tests."};
1339
1340 /* RSA Known Ciphertext (2048-bits). */
1341 static const PRUint8 rsa_known_ciphertext[] = {
1342 0x04, 0x12, 0x46, 0xe3, 0x6a, 0xee, 0xde, 0xdd,
1343 0x49, 0xa1, 0xd9, 0x83, 0xf7, 0x35, 0xf9, 0x70,
1344 0x88, 0x03, 0x2d, 0x01, 0x8b, 0xd1, 0xbf, 0xdb,
1345 0xe5, 0x1c, 0x85, 0xbe, 0xb5, 0x0b, 0x48, 0x45,
1346 0x7a, 0xf0, 0xa0, 0xe3, 0xa2, 0xbb, 0x4b, 0xf6,
1347 0x27, 0xd0, 0x1b, 0x12, 0xe3, 0x77, 0x52, 0x34,
1348 0x9e, 0x8e, 0x03, 0xd2, 0xf8, 0x79, 0x6e, 0x39,
1349 0x79, 0x53, 0x3c, 0x44, 0x14, 0x94, 0xbb, 0x8d,
1350 0xaa, 0x14, 0x44, 0xa0, 0x7b, 0xa5, 0x8c, 0x93,
1351 0x5f, 0x99, 0xa4, 0xa3, 0x6e, 0x7a, 0x38, 0x40,
1352 0x78, 0xfa, 0x36, 0x91, 0x5e, 0x9a, 0x9c, 0xba,
1353 0x1e, 0xd4, 0xf9, 0xda, 0x4b, 0x0f, 0xa8, 0xa3,
1354 0x1c, 0xf3, 0x3a, 0xd1, 0xa5, 0xb4, 0x51, 0x16,
1355 0xed, 0x4b, 0xcf, 0xec, 0x93, 0x7b, 0x90, 0x21,
1356 0xbc, 0x3a, 0xf4, 0x0b, 0xd1, 0x3a, 0x2b, 0xba,
1357 0xa6, 0x7d, 0x5b, 0x53, 0xd8, 0x64, 0xf9, 0x29,
1358 0x7b, 0x7f, 0x77, 0x3e, 0x51, 0x4c, 0x9a, 0x94,
1359 0xd2, 0x4b, 0x4a, 0x8d, 0x61, 0x74, 0x97, 0xae,
1360 0x53, 0x6a, 0xf4, 0x90, 0xc2, 0x2c, 0x49, 0xe2,
1361 0xfa, 0xeb, 0x91, 0xc5, 0xe5, 0x83, 0x13, 0xc9,
1362 0x44, 0x4b, 0x95, 0x2c, 0x57, 0x70, 0x15, 0x5c,
1363 0x64, 0x8d, 0x1a, 0xfd, 0x2a, 0xc7, 0xb2, 0x9c,
1364 0x5c, 0x99, 0xd3, 0x4a, 0xfd, 0xdd, 0xf6, 0x82,
1365 0x87, 0x8c, 0x5a, 0xc4, 0xa8, 0x0d, 0x2a, 0xef,
1366 0xc3, 0xa2, 0x7e, 0x8e, 0x67, 0x9f, 0x6f, 0x63,
1367 0xdb, 0xbb, 0x1d, 0x31, 0xc4, 0xbb, 0xbc, 0x13,
1368 0x3f, 0x54, 0xc6, 0xf6, 0xc5, 0x28, 0x32, 0xab,
1369 0x96, 0x42, 0x10, 0x36, 0x40, 0x92, 0xbb, 0x57,
1370 0x55, 0x38, 0xf5, 0x43, 0x7e, 0x43, 0xc4, 0x65,
1371 0x47, 0x64, 0xaa, 0x0f, 0x4c, 0xe9, 0x49, 0x16,
1372 0xec, 0x6a, 0x50, 0xfd, 0x14, 0x49, 0xca, 0xdb,
1373 0x44, 0x54, 0xca, 0xbe, 0xa3, 0x0e, 0x5f, 0xef};
1374
1375 /* RSA Known Signed Hash (2048-bits). */
1376 static const PRUint8 rsa_known_sha256_signature[] = {
1377 0x8c, 0x2d, 0x2e, 0xfb, 0x37, 0xb5, 0x6f, 0x38,
1378 0x9f, 0x06, 0x5a, 0xf3, 0x8c, 0xa0, 0xd0, 0x7a,
1379 0xde, 0xcf, 0xf9, 0x14, 0x95, 0x59, 0xd3, 0x5f,
1380 0x51, 0x5d, 0x5d, 0xad, 0xd8, 0x71, 0x33, 0x50,
1381 0x1d, 0x03, 0x3b, 0x3a, 0x32, 0x00, 0xb4, 0xde,
1382 0x7f, 0xe4, 0xb1, 0xe5, 0x6b, 0x83, 0xf4, 0x80,
1383 0x10, 0x3b, 0xb8, 0x8a, 0xdb, 0xe8, 0x0a, 0x42,
1384 0x9e, 0x8d, 0xd7, 0xbe, 0xed, 0xde, 0x5a, 0x3d,
1385 0xc6, 0xdb, 0xfe, 0x49, 0x6a, 0xe9, 0x1e, 0x75,
1386 0x66, 0xf1, 0x3f, 0x9e, 0x3f, 0xff, 0x05, 0x65,
1387 0xde, 0xca, 0x62, 0x62, 0xf3, 0xec, 0x53, 0x09,
1388 0xa0, 0x37, 0xd5, 0x66, 0x62, 0x72, 0x14, 0xb6,
1389 0x51, 0x32, 0x67, 0x50, 0xc1, 0xe1, 0x2f, 0x9e,
1390 0x98, 0x4e, 0x53, 0x96, 0x55, 0x4b, 0xc4, 0x92,
1391 0xc3, 0xb4, 0x80, 0xf0, 0x35, 0xc9, 0x00, 0x4b,
1392 0x5c, 0x85, 0x92, 0xb1, 0xe8, 0x6e, 0xa5, 0x51,
1393 0x38, 0x9f, 0xc9, 0x11, 0xb6, 0x14, 0xdf, 0x34,
1394 0x64, 0x40, 0x82, 0x82, 0xde, 0x16, 0x69, 0x93,
1395 0x89, 0x4e, 0x5c, 0x32, 0xf2, 0x0a, 0x4e, 0x9e,
1396 0xbd, 0x63, 0x99, 0x4f, 0xf3, 0x15, 0x90, 0xc2,
1397 0xfe, 0x6f, 0xb7, 0xf4, 0xad, 0xd4, 0x8e, 0x0b,
1398 0xd2, 0xf5, 0x22, 0xd2, 0x71, 0x65, 0x13, 0xf7,
1399 0x82, 0x7b, 0x75, 0xb6, 0xc1, 0xb4, 0x45, 0xbd,
1400 0x8f, 0x95, 0xcf, 0x5b, 0x95, 0x32, 0xef, 0x18,
1401 0x5f, 0xd3, 0xdf, 0x7e, 0x22, 0xdd, 0x25, 0xeb,
1402 0xe1, 0xbf, 0x3b, 0x9a, 0x55, 0x75, 0x4f, 0x3c,
1403 0x38, 0x67, 0x57, 0x04, 0x04, 0x57, 0x27, 0xf6,
1404 0x34, 0x0e, 0x57, 0x8a, 0x7c, 0xff, 0x7d, 0xca,
1405 0x8c, 0x06, 0xf8, 0x9d, 0xdb, 0xe4, 0xd8, 0x19,
1406 0xdd, 0x4d, 0xfd, 0x8f, 0xa0, 0x06, 0x53, 0xe8,
1407 0x33, 0x00, 0x70, 0x3f, 0x6b, 0xc3, 0xbd, 0x9a,
1408 0x78, 0xb5, 0xa9, 0xef, 0x6d, 0xda, 0x67, 0x92};
1409
1410 /* RSA Known Signed Hash (2048-bits). */
1411 static const PRUint8 rsa_known_sha384_signature[] = {
1412 0x20, 0x2d, 0x21, 0x3a, 0xaa, 0x1e, 0x05, 0x15,
1413 0x5c, 0xca, 0x84, 0x86, 0xc0, 0x15, 0x81, 0xdf,
1414 0xd4, 0x06, 0x9f, 0xe0, 0xc1, 0xed, 0xef, 0x0f,
1415 0xfe, 0xb3, 0xc3, 0xbb, 0x28, 0xa5, 0x56, 0xbf,
1416 0xe3, 0x11, 0x5c, 0xc2, 0xc0, 0x0b, 0xfa, 0xfa,
1417 0x3d, 0xd3, 0x06, 0x20, 0xe2, 0xc9, 0xe4, 0x66,
1418 0x28, 0xb7, 0xc0, 0x3b, 0x3c, 0x96, 0xc6, 0x49,
1419 0x3b, 0xcf, 0x86, 0x49, 0x31, 0xaf, 0x5b, 0xa3,
1420 0xec, 0x63, 0x10, 0xdf, 0xda, 0x2f, 0x68, 0xac,
1421 0x7b, 0x3a, 0x49, 0xfa, 0xe6, 0x0d, 0xfe, 0x37,
1422 0x17, 0x56, 0x8e, 0x5c, 0x48, 0x97, 0x43, 0xf7,
1423 0xa0, 0xbc, 0xe3, 0x4b, 0x42, 0xde, 0x58, 0x1d,
1424 0xd9, 0x5d, 0xb3, 0x08, 0x35, 0xbd, 0xa4, 0xe1,
1425 0x80, 0xc3, 0x64, 0xab, 0x21, 0x97, 0xad, 0xfb,
1426 0x71, 0xee, 0xa3, 0x3d, 0x9c, 0xaa, 0xfa, 0x16,
1427 0x60, 0x46, 0x32, 0xda, 0x44, 0x2e, 0x10, 0x92,
1428 0x20, 0xd8, 0x98, 0x80, 0x84, 0x75, 0x5b, 0x70,
1429 0x91, 0x00, 0x33, 0x19, 0x69, 0xc9, 0x2a, 0xec,
1430 0x3d, 0xe5, 0x5f, 0x0f, 0x9a, 0xa7, 0x97, 0x1f,
1431 0x79, 0xc3, 0x1d, 0x65, 0x74, 0x62, 0xc5, 0xa1,
1432 0x23, 0x65, 0x4b, 0x84, 0xa1, 0x03, 0x98, 0xf3,
1433 0xf1, 0x02, 0x24, 0xca, 0xe5, 0xd4, 0xc8, 0xa2,
1434 0x30, 0xad, 0x72, 0x7d, 0x29, 0x60, 0x1a, 0x8e,
1435 0x6f, 0x23, 0xa4, 0xda, 0x68, 0xa4, 0x45, 0x9c,
1436 0x39, 0x70, 0x44, 0x18, 0x4b, 0x73, 0xfe, 0xf8,
1437 0x33, 0x53, 0x1d, 0x7e, 0x93, 0x93, 0xac, 0xc7,
1438 0x1e, 0x6e, 0x6b, 0xfd, 0x9e, 0xba, 0xa6, 0x71,
1439 0x70, 0x47, 0x6a, 0xd6, 0x82, 0x32, 0xa2, 0x6e,
1440 0x20, 0x72, 0xb0, 0xba, 0xec, 0x91, 0xbb, 0x6b,
1441 0xcc, 0x84, 0x0a, 0x33, 0x2b, 0x8a, 0x8d, 0xeb,
1442 0x71, 0xcd, 0xca, 0x67, 0x1b, 0xad, 0x10, 0xd4,
1443 0xce, 0x4f, 0xc0, 0x29, 0xec, 0xfa, 0xed, 0xfa};
1444
1445 /* RSA Known Signed Hash (2048-bits). */
1446 static const PRUint8 rsa_known_sha512_signature[] = {
1447 0x35, 0x0e, 0x74, 0x9d, 0xeb, 0xc7, 0x67, 0x31,
1448 0x9f, 0xff, 0x0b, 0xbb, 0x5e, 0x66, 0xb4, 0x2f,
1449 0xbf, 0x72, 0x60, 0x4f, 0xe9, 0xbd, 0xec, 0xc8,
1450 0x17, 0x79, 0x5f, 0x39, 0x83, 0xb4, 0x54, 0x2e,
1451 0x01, 0xb9, 0xd3, 0x20, 0x47, 0xcb, 0xd4, 0x42,
1452 0xf2, 0x6e, 0x36, 0xc1, 0x97, 0xad, 0xef, 0x8e,
1453 0xe6, 0x51, 0xee, 0x5e, 0x9e, 0x88, 0xb4, 0x9d,
1454 0xda, 0x3e, 0x77, 0x4b, 0xe8, 0xae, 0x48, 0x53,
1455 0x2c, 0xc4, 0xd3, 0x25, 0x6b, 0x23, 0xb7, 0x54,
1456 0x3c, 0x95, 0x8f, 0xfb, 0x6f, 0x6d, 0xc5, 0x56,
1457 0x39, 0x69, 0x28, 0x0e, 0x74, 0x9b, 0x31, 0xe8,
1458 0x76, 0x77, 0x2b, 0xc1, 0x44, 0x89, 0x81, 0x93,
1459 0xfc, 0xf6, 0xec, 0x5f, 0x8f, 0x89, 0xfc, 0x1d,
1460 0xa4, 0x53, 0x58, 0x8c, 0xe9, 0xc0, 0xc0, 0x26,
1461 0xe6, 0xdf, 0x6d, 0x27, 0xb1, 0x8e, 0x3e, 0xb6,
1462 0x47, 0xe1, 0x02, 0x96, 0xc2, 0x5f, 0x7f, 0x3d,
1463 0xc5, 0x6c, 0x2f, 0xea, 0xaa, 0x5e, 0x39, 0xfc,
1464 0x77, 0xca, 0x00, 0x02, 0x5c, 0x64, 0x7c, 0xce,
1465 0x7d, 0x63, 0x82, 0x05, 0xed, 0xf7, 0x5b, 0x55,
1466 0x58, 0xc0, 0xeb, 0x76, 0xd7, 0x95, 0x55, 0x37,
1467 0x85, 0x7d, 0x17, 0xad, 0xd2, 0x11, 0xfd, 0x97,
1468 0x48, 0xb5, 0xc2, 0x5e, 0xc7, 0x62, 0xc0, 0xe0,
1469 0x68, 0xa8, 0x61, 0x14, 0x41, 0xca, 0x25, 0x3a,
1470 0xec, 0x48, 0x54, 0x22, 0x83, 0x2b, 0x69, 0x54,
1471 0xfd, 0xc8, 0x99, 0x9a, 0xee, 0x37, 0x03, 0xa3,
1472 0x8f, 0x0f, 0x32, 0xb0, 0xaa, 0x74, 0x39, 0x04,
1473 0x7c, 0xd9, 0xc2, 0x8f, 0xbe, 0xf2, 0xc4, 0xbe,
1474 0xdd, 0x7a, 0x7a, 0x7f, 0x72, 0xd3, 0x80, 0x59,
1475 0x18, 0xa0, 0xa1, 0x2d, 0x6f, 0xa3, 0xa9, 0x48,
1476 0xed, 0x20, 0xa6, 0xea, 0xaa, 0x10, 0x83, 0x98,
1477 0x0c, 0x13, 0x69, 0x6e, 0xcd, 0x31, 0x6b, 0xd0,
1478 0x66, 0xa6, 0x5e, 0x30, 0x0c, 0x82, 0xd5, 0x81};
1479
1480 static const RSAPublicKey bl_public_key = { NULL,
1481 { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1482 FIPS_RSA_MODULUS_LENGTH },
1483 { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1484 FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
1485 };
1486 static const RSAPrivateKey bl_private_key = { NULL,
1487 { FIPS_RSA_TYPE, (unsigned char *)rsa_version,
1488 FIPS_RSA_PRIVATE_VERSION_LENGTH },
1489 { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1490 FIPS_RSA_MODULUS_LENGTH },
1491 { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1492 FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
1493 { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
1494 FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
1495 { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
1496 FIPS_RSA_PRIME0_LENGTH },
1497 { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
1498 FIPS_RSA_PRIME1_LENGTH },
1499 { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
1500 FIPS_RSA_EXPONENT0_LENGTH },
1501 { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
1502 FIPS_RSA_EXPONENT1_LENGTH },
1503 { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
1504 FIPS_RSA_COEFFICIENT_LENGTH }
1505 };
1506
1507 /* RSA variables. */
1508 #ifdef CREATE_TEMP_ARENAS
1509 PLArenaPool * rsa_public_arena;
1510 PLArenaPool * rsa_private_arena;
1511 #endif
1512 NSSLOWKEYPublicKey * rsa_public_key;
1513 NSSLOWKEYPrivateKey * rsa_private_key;
1514 SECStatus rsa_status;
1515
1516 NSSLOWKEYPublicKey low_public_key = { NULL, NSSLOWKEYRSAKey, };
1517 NSSLOWKEYPrivateKey low_private_key = { NULL, NSSLOWKEYRSAKey, };
1518 PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
1519 PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
1520
1521 /****************************************/
1522 /* Compose RSA Public/Private Key Pair. */
1523 /****************************************/
1524
1525 low_public_key.u.rsa = bl_public_key;
1526 low_private_key.u.rsa = bl_private_key;
1527
1528 rsa_public_key = &low_public_key;
1529 rsa_private_key = &low_private_key;
1530
1531 #ifdef CREATE_TEMP_ARENAS
1532 /* Create some space for the RSA public key. */
1533 rsa_public_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
1534
1535 if( rsa_public_arena == NULL ) {
1536 PORT_SetError( SEC_ERROR_NO_MEMORY );
1537 return( CKR_HOST_MEMORY );
1538 }
1539
1540 /* Create some space for the RSA private key. */
1541 rsa_private_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
1542
1543 if( rsa_private_arena == NULL ) {
1544 PORT_FreeArena( rsa_public_arena, PR_TRUE );
1545 PORT_SetError( SEC_ERROR_NO_MEMORY );
1546 return( CKR_HOST_MEMORY );
1547 }
1548
1549 rsa_public_key->arena = rsa_public_arena;
1550 rsa_private_key->arena = rsa_private_arena;
1551 #endif
1552
1553 /**************************************************/
1554 /* RSA Single-Round Known Answer Encryption Test. */
1555 /**************************************************/
1556
1557 /* Perform RSA Public Key Encryption. */
1558 rsa_status = RSA_PublicKeyOp(&rsa_public_key->u.rsa,
1559 rsa_computed_ciphertext,
1560 rsa_known_plaintext_msg);
1561
1562 if( ( rsa_status != SECSuccess ) ||
1563 ( PORT_Memcmp( rsa_computed_ciphertext, rsa_known_ciphertext,
1564 FIPS_RSA_ENCRYPT_LENGTH ) != 0 ) )
1565 goto rsa_loser;
1566
1567 /**************************************************/
1568 /* RSA Single-Round Known Answer Decryption Test. */
1569 /**************************************************/
1570
1571 /* Perform RSA Private Key Decryption. */
1572 rsa_status = RSA_PrivateKeyOp(&rsa_private_key->u.rsa,
1573 rsa_computed_plaintext,
1574 rsa_known_ciphertext);
1575
1576 if( ( rsa_status != SECSuccess ) ||
1577 ( PORT_Memcmp( rsa_computed_plaintext, rsa_known_plaintext_msg,
1578 FIPS_RSA_DECRYPT_LENGTH ) != 0 ) )
1579 goto rsa_loser;
1580
1581 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA256,
1582 rsa_public_key, rsa_private_key,
1583 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1584 rsa_known_sha256_signature);
1585 if( rsa_status != SECSuccess )
1586 goto rsa_loser;
1587
1588 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA384,
1589 rsa_public_key, rsa_private_key,
1590 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1591 rsa_known_sha384_signature);
1592 if( rsa_status != SECSuccess )
1593 goto rsa_loser;
1594
1595 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA512,
1596 rsa_public_key, rsa_private_key,
1597 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1598 rsa_known_sha512_signature);
1599 if( rsa_status != SECSuccess )
1600 goto rsa_loser;
1601
1602 /* Dispose of all RSA key material. */
1603 nsslowkey_DestroyPublicKey( rsa_public_key );
1604 nsslowkey_DestroyPrivateKey( rsa_private_key );
1605
1606 return( CKR_OK );
1607
1608 rsa_loser:
1609
1610 nsslowkey_DestroyPublicKey( rsa_public_key );
1611 nsslowkey_DestroyPrivateKey( rsa_private_key );
1612
1613 return( CKR_DEVICE_ERROR );
1614 }
1615
1616 #ifdef NSS_ENABLE_ECC
1617
1618 static CK_RV
1619 sftk_fips_ECDSA_Test(const PRUint8 *encodedParams,
1620 unsigned int encodedParamsLen,
1621 const PRUint8 *knownSignature,
1622 unsigned int knownSignatureLen) {
1623
1624 /* ECDSA Known Seed info for curves nistp256 and nistk283 */
1625 static const PRUint8 ecdsa_Known_Seed[] = {
1626 0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
1627 0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
1628 0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
1629 0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f};
1630
1631 static const PRUint8 msg[] = {
1632 "Firefox and ThunderBird are awesome!"};
1633
1634 unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */
1635 unsigned char sig[2*MAX_ECKEY_LEN];
1636 SECItem signature, digest;
1637 SECItem encodedparams;
1638 ECParams *ecparams = NULL;
1639 ECPrivateKey *ecdsa_private_key = NULL;
1640 ECPublicKey ecdsa_public_key;
1641 SECStatus ecdsaStatus = SECSuccess;
1642
1643 /* construct the ECDSA private/public key pair */
1644 encodedparams.type = siBuffer;
1645 encodedparams.data = (unsigned char *) encodedParams;
1646 encodedparams.len = encodedParamsLen;
1647
1648 if (EC_DecodeParams(&encodedparams, &ecparams) != SECSuccess) {
1649 return( CKR_DEVICE_ERROR );
1650 }
1651
1652 /* Generates a new EC key pair. The private key is a supplied
1653 * random value (in seed) and the public key is the result of
1654 * performing a scalar point multiplication of that value with
1655 * the curve's base point.
1656 */
1657 ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key,
1658 ecdsa_Known_Seed,
1659 sizeof(ecdsa_Known_Seed));
1660 /* free the ecparams they are no longer needed */
1661 PORT_FreeArena(ecparams->arena, PR_FALSE);
1662 ecparams = NULL;
1663 if (ecdsaStatus != SECSuccess) {
1664 return ( CKR_DEVICE_ERROR );
1665 }
1666
1667 /* construct public key from private key. */
1668 ecdsaStatus = EC_CopyParams(ecdsa_private_key->ecParams.arena,
1669 &ecdsa_public_key.ecParams,
1670 &ecdsa_private_key->ecParams);
1671 if (ecdsaStatus != SECSuccess) {
1672 goto loser;
1673 }
1674 ecdsa_public_key.publicValue = ecdsa_private_key->publicValue;
1675
1676 /* validate public key value */
1677 ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams,
1678 &ecdsa_public_key.publicValue);
1679 if (ecdsaStatus != SECSuccess) {
1680 goto loser;
1681 }
1682
1683 /* validate public key value */
1684 ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams,
1685 &ecdsa_private_key->publicValue);
1686 if (ecdsaStatus != SECSuccess) {
1687 goto loser;
1688 }
1689
1690 /***************************************************/
1691 /* ECDSA Single-Round Known Answer Signature Test. */
1692 /***************************************************/
1693
1694 ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg);
1695 if (ecdsaStatus != SECSuccess) {
1696 goto loser;
1697 }
1698 digest.type = siBuffer;
1699 digest.data = sha1;
1700 digest.len = SHA1_LENGTH;
1701
1702 memset(sig, 0, sizeof sig);
1703 signature.type = siBuffer;
1704 signature.data = sig;
1705 signature.len = sizeof sig;
1706
1707 ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature,
1708 &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed);
1709 if (ecdsaStatus != SECSuccess) {
1710 goto loser;
1711 }
1712
1713 if( ( signature.len != knownSignatureLen ) ||
1714 ( PORT_Memcmp( signature.data, knownSignature,
1715 knownSignatureLen ) != 0 ) ) {
1716 ecdsaStatus = SECFailure;
1717 goto loser;
1718 }
1719
1720 /******************************************************/
1721 /* ECDSA Single-Round Known Answer Verification Test. */
1722 /******************************************************/
1723
1724 /* Perform ECDSA verification process. */
1725 ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest);
1726
1727 loser:
1728 /* free the memory for the private key arena*/
1729 if (ecdsa_private_key != NULL) {
1730 PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE);
1731 }
1732
1733 if (ecdsaStatus != SECSuccess) {
1734 return CKR_DEVICE_ERROR ;
1735 }
1736 return( CKR_OK );
1737 }
1738
1739 static CK_RV
1740 sftk_fips_ECDSA_PowerUpSelfTest() {
1741
1742 /* ECDSA Known curve nistp256 == SEC_OID_SECG_EC_SECP256R1 params */
1743 static const PRUint8 ecdsa_known_P256_EncodedParams[] = {
1744 0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,
1745 0x01,0x07};
1746
1747 static const PRUint8 ecdsa_known_P256_signature[] = {
1748 0x07,0xb1,0xcb,0x57,0x20,0xa7,0x10,0xd6,
1749 0x9d,0x37,0x4b,0x1c,0xdc,0x35,0x90,0xff,
1750 0x1a,0x2d,0x98,0x95,0x1b,0x2f,0xeb,0x7f,
1751 0xbb,0x81,0xca,0xc0,0x69,0x75,0xea,0xc5,
1752 0x59,0x6a,0x62,0x49,0x3d,0x50,0xc9,0xe1,
1753 0x27,0x3b,0xff,0x9b,0x13,0x66,0x67,0xdd,
1754 0x7d,0xd1,0x0d,0x2d,0x7c,0x44,0x04,0x1b,
1755 0x16,0x21,0x12,0xc5,0xcb,0xbd,0x9e,0x75};
1756
1757 #ifdef NSS_ECC_MORE_THAN_SUITE_B
1758 /* ECDSA Known curve nistk283 == SEC_OID_SECG_EC_SECT283K1 params */
1759 static const PRUint8 ecdsa_known_K283_EncodedParams[] = {
1760 0x06,0x05,0x2b,0x81,0x04,0x00,0x10};
1761
1762 static const PRUint8 ecdsa_known_K283_signature[] = {
1763 0x00,0x45,0x88,0xc0,0x79,0x09,0x07,0xd1,
1764 0x4e,0x88,0xe6,0xd5,0x2f,0x22,0x04,0x74,
1765 0x35,0x24,0x65,0xe8,0x15,0xde,0x90,0x66,
1766 0x94,0x70,0xdd,0x3a,0x14,0x70,0x02,0xd1,
1767 0xef,0x86,0xbd,0x15,0x00,0xd9,0xdc,0xfc,
1768 0x87,0x2e,0x7c,0x99,0xe2,0xe3,0x79,0xb8,
1769 0xd9,0x10,0x49,0x78,0x4b,0x59,0x8b,0x05,
1770 0x77,0xec,0x6c,0xe8,0x35,0xe6,0x2e,0xa9,
1771 0xf9,0x77,0x1f,0x71,0x86,0xa5,0x4a,0xd0};
1772 #endif
1773
1774 CK_RV crv;
1775
1776 /* ECDSA GF(p) prime field curve test */
1777 crv = sftk_fips_ECDSA_Test(ecdsa_known_P256_EncodedParams,
1778 sizeof ecdsa_known_P256_EncodedParams,
1779 ecdsa_known_P256_signature,
1780 sizeof ecdsa_known_P256_signature );
1781 if (crv != CKR_OK) {
1782 return( CKR_DEVICE_ERROR );
1783 }
1784
1785 #ifdef NSS_ECC_MORE_THAN_SUITE_B
1786 /* ECDSA GF(2m) binary field curve test */
1787 crv = sftk_fips_ECDSA_Test(ecdsa_known_K283_EncodedParams,
1788 sizeof ecdsa_known_K283_EncodedParams,
1789 ecdsa_known_K283_signature,
1790 sizeof ecdsa_known_K283_signature );
1791 if (crv != CKR_OK) {
1792 return( CKR_DEVICE_ERROR );
1793 }
1794 #endif
1795
1796 return( CKR_OK );
1797 }
1798
1799 #endif /* NSS_ENABLE_ECC */
1800
1801 static CK_RV
1802 sftk_fips_DSA_PowerUpSelfTest( void )
1803 {
1804 /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */
1805 static const PRUint8 dsa_P[] = {
1806 0x80,0xb0,0xd1,0x9d,0x6e,0xa4,0xf3,0x28,
1807 0x9f,0x24,0xa9,0x8a,0x49,0xd0,0x0c,0x63,
1808 0xe8,0x59,0x04,0xf9,0x89,0x4a,0x5e,0xc0,
1809 0x6d,0xd2,0x67,0x6b,0x37,0x81,0x83,0x0c,
1810 0xfe,0x3a,0x8a,0xfd,0xa0,0x3b,0x08,0x91,
1811 0x1c,0xcb,0xb5,0x63,0xb0,0x1c,0x70,0xd0,
1812 0xae,0xe1,0x60,0x2e,0x12,0xeb,0x54,0xc7,
1813 0xcf,0xc6,0xcc,0xae,0x97,0x52,0x32,0x63,
1814 0xd3,0xeb,0x55,0xea,0x2f,0x4c,0xd5,0xd7,
1815 0x3f,0xda,0xec,0x49,0x27,0x0b,0x14,0x56,
1816 0xc5,0x09,0xbe,0x4d,0x09,0x15,0x75,0x2b,
1817 0xa3,0x42,0x0d,0x03,0x71,0xdf,0x0f,0xf4,
1818 0x0e,0xe9,0x0c,0x46,0x93,0x3d,0x3f,0xa6,
1819 0x6c,0xdb,0xca,0xe5,0xac,0x96,0xc8,0x64,
1820 0x5c,0xec,0x4b,0x35,0x65,0xfc,0xfb,0x5a,
1821 0x1b,0x04,0x1b,0xa1,0x0e,0xfd,0x88,0x15};
1822
1823 static const PRUint8 dsa_Q[] = {
1824 0xad,0x22,0x59,0xdf,0xe5,0xec,0x4c,0x6e,
1825 0xf9,0x43,0xf0,0x4b,0x2d,0x50,0x51,0xc6,
1826 0x91,0x99,0x8b,0xcf};
1827
1828 static const PRUint8 dsa_G[] = {
1829 0x78,0x6e,0xa9,0xd8,0xcd,0x4a,0x85,0xa4,
1830 0x45,0xb6,0x6e,0x5d,0x21,0x50,0x61,0xf6,
1831 0x5f,0xdf,0x5c,0x7a,0xde,0x0d,0x19,0xd3,
1832 0xc1,0x3b,0x14,0xcc,0x8e,0xed,0xdb,0x17,
1833 0xb6,0xca,0xba,0x86,0xa9,0xea,0x51,0x2d,
1834 0xc1,0xa9,0x16,0xda,0xf8,0x7b,0x59,0x8a,
1835 0xdf,0xcb,0xa4,0x67,0x00,0x44,0xea,0x24,
1836 0x73,0xe5,0xcb,0x4b,0xaf,0x2a,0x31,0x25,
1837 0x22,0x28,0x3f,0x16,0x10,0x82,0xf7,0xeb,
1838 0x94,0x0d,0xdd,0x09,0x22,0x14,0x08,0x79,
1839 0xba,0x11,0x0b,0xf1,0xff,0x2d,0x67,0xac,
1840 0xeb,0xb6,0x55,0x51,0x69,0x97,0xa7,0x25,
1841 0x6b,0x9c,0xa0,0x9b,0xd5,0x08,0x9b,0x27,
1842 0x42,0x1c,0x7a,0x69,0x57,0xe6,0x2e,0xed,
1843 0xa9,0x5b,0x25,0xe8,0x1f,0xd2,0xed,0x1f,
1844 0xdf,0xe7,0x80,0x17,0xba,0x0d,0x4d,0x38};
1845
1846 /* DSA Known Random Values (known random key block is 160-bits) */
1847 /* and (known random signature block is 160-bits). */
1848 static const PRUint8 dsa_known_random_key_block[] = {
1849 "Mozilla Rules World!"};
1850 static const PRUint8 dsa_known_random_signature_block[] = {
1851 "Random DSA Signature"};
1852
1853 /* DSA Known Digest (160-bits) */
1854 static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" };
1855
1856 /* DSA Known Signature (320-bits). */
1857 static const PRUint8 dsa_known_signature[] = {
1858 0x25,0x7c,0x3a,0x79,0x32,0x45,0xb7,0x32,
1859 0x70,0xca,0x62,0x63,0x2b,0xf6,0x29,0x2c,
1860 0x22,0x2a,0x03,0xce,0x48,0x15,0x11,0x72,
1861 0x7b,0x7e,0xf5,0x7a,0xf3,0x10,0x3b,0xde,
1862 0x34,0xc1,0x9e,0xd7,0x27,0x9e,0x77,0x38};
1863
1864 /* DSA variables. */
1865 DSAPrivateKey * dsa_private_key;
1866 SECStatus dsa_status;
1867 SECItem dsa_signature_item;
1868 SECItem dsa_digest_item;
1869 DSAPublicKey dsa_public_key;
1870 PRUint8 dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
1871 static const PQGParams dsa_pqg = { NULL,
1872 { FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PR IME_LENGTH },
1873 { FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SU BPRIME_LENGTH },
1874 { FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BA SE_LENGTH }};
1875
1876 /*******************************************/
1877 /* Generate a DSA public/private key pair. */
1878 /*******************************************/
1879
1880 /* Generate a DSA public/private key pair. */
1881 dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block,
1882 &dsa_private_key);
1883
1884 if( dsa_status != SECSuccess )
1885 return( CKR_HOST_MEMORY );
1886
1887 /* construct public key from private key. */
1888 dsa_public_key.params = dsa_private_key->params;
1889 dsa_public_key.publicValue = dsa_private_key->publicValue;
1890
1891 /*************************************************/
1892 /* DSA Single-Round Known Answer Signature Test. */
1893 /*************************************************/
1894
1895 dsa_signature_item.data = dsa_computed_signature;
1896 dsa_signature_item.len = sizeof dsa_computed_signature;
1897
1898 dsa_digest_item.data = (unsigned char *)dsa_known_digest;
1899 dsa_digest_item.len = SHA1_LENGTH;
1900
1901 /* Perform DSA signature process. */
1902 dsa_status = DSA_SignDigestWithSeed( dsa_private_key,
1903 &dsa_signature_item,
1904 &dsa_digest_item,
1905 dsa_known_random_signature_block );
1906
1907 if( ( dsa_status != SECSuccess ) ||
1908 ( dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH ) ||
1909 ( PORT_Memcmp( dsa_computed_signature, dsa_known_signature,
1910 FIPS_DSA_SIGNATURE_LENGTH ) != 0 ) ) {
1911 dsa_status = SECFailure;
1912 } else {
1913
1914 /****************************************************/
1915 /* DSA Single-Round Known Answer Verification Test. */
1916 /****************************************************/
1917
1918 /* Perform DSA verification process. */
1919 dsa_status = DSA_VerifyDigest( &dsa_public_key,
1920 &dsa_signature_item,
1921 &dsa_digest_item);
1922 }
1923
1924 PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE);
1925 /* Don't free public key, it uses same arena as private key */
1926
1927 /* Verify DSA signature. */
1928 if( dsa_status != SECSuccess )
1929 return( CKR_DEVICE_ERROR );
1930
1931 return( CKR_OK );
1932
1933
1934 }
1935
1936 static CK_RV
1937 sftk_fips_RNG_PowerUpSelfTest( void )
1938 {
1939 static const PRUint8 Q[] = {
1940 0x85,0x89,0x9c,0x77,0xa3,0x79,0xff,0x1a,
1941 0x86,0x6f,0x2f,0x3e,0x2e,0xf9,0x8c,0x9c,
1942 0x9d,0xef,0xeb,0xed};
1943 static const PRUint8 GENX[] = {
1944 0x65,0x48,0xe3,0xca,0xac,0x64,0x2d,0xf7,
1945 0x7b,0xd3,0x4e,0x79,0xc9,0x7d,0xa6,0xa8,
1946 0xa2,0xc2,0x1f,0x8f,0xe9,0xb9,0xd3,0xa1,
1947 0x3f,0xf7,0x0c,0xcd,0xa6,0xca,0xbf,0xce,
1948 0x84,0x0e,0xb6,0xf1,0x0d,0xbe,0xa9,0xa3};
1949 static const PRUint8 rng_known_DSAX[] = {
1950 0x7a,0x86,0xf1,0x7f,0xbd,0x4e,0x6e,0xd9,
1951 0x0a,0x26,0x21,0xd0,0x19,0xcb,0x86,0x73,
1952 0x10,0x1f,0x60,0xd7};
1953
1954
1955
1956 SECStatus rng_status = SECSuccess;
1957 PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH];
1958
1959 /*******************************************/
1960 /* Run the SP 800-90 Health tests */
1961 /*******************************************/
1962 rng_status = PRNGTEST_RunHealthTests();
1963 if (rng_status != SECSuccess) {
1964 return (CKR_DEVICE_ERROR);
1965 }
1966
1967 /*******************************************/
1968 /* Generate DSAX fow given Q. */
1969 /*******************************************/
1970
1971 rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
1972
1973 /* Verify DSAX to perform the RNG integrity check */
1974 if( ( rng_status != SECSuccess ) ||
1975 ( PORT_Memcmp( DSAX, rng_known_DSAX,
1976 (FIPS_DSA_SUBPRIME_LENGTH) ) != 0 ) )
1977 return( CKR_DEVICE_ERROR );
1978
1979 return( CKR_OK );
1980 }
1981
1982 static CK_RV
1983 sftk_fipsSoftwareIntegrityTest(void)
1984 {
1985 CK_RV crv = CKR_OK;
1986
1987 /* make sure that our check file signatures are OK */
1988 if( !BLAPI_VerifySelf( NULL ) ||
1989 !BLAPI_SHVerify( SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_fips_HMAC ) ) {
1990 crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
1991 }
1992 return crv;
1993 }
1994
1995 CK_RV
1996 sftk_fipsPowerUpSelfTest( void )
1997 {
1998 CK_RV rv;
1999
2000 /* RC2 Power-Up SelfTest(s). */
2001 rv = sftk_fips_RC2_PowerUpSelfTest();
2002
2003 if( rv != CKR_OK )
2004 return rv;
2005
2006 /* RC4 Power-Up SelfTest(s). */
2007 rv = sftk_fips_RC4_PowerUpSelfTest();
2008
2009 if( rv != CKR_OK )
2010 return rv;
2011
2012 /* DES Power-Up SelfTest(s). */
2013 rv = sftk_fips_DES_PowerUpSelfTest();
2014
2015 if( rv != CKR_OK )
2016 return rv;
2017
2018 /* DES3 Power-Up SelfTest(s). */
2019 rv = sftk_fips_DES3_PowerUpSelfTest();
2020
2021 if( rv != CKR_OK )
2022 return rv;
2023
2024 /* AES Power-Up SelfTest(s) for 128-bit key. */
2025 rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);
2026
2027 if( rv != CKR_OK )
2028 return rv;
2029
2030 /* AES Power-Up SelfTest(s) for 192-bit key. */
2031 rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);
2032
2033 if( rv != CKR_OK )
2034 return rv;
2035
2036 /* AES Power-Up SelfTest(s) for 256-bit key. */
2037 rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);
2038
2039 if( rv != CKR_OK )
2040 return rv;
2041
2042 /* MD2 Power-Up SelfTest(s). */
2043 rv = sftk_fips_MD2_PowerUpSelfTest();
2044
2045 if( rv != CKR_OK )
2046 return rv;
2047
2048 /* MD5 Power-Up SelfTest(s). */
2049 rv = sftk_fips_MD5_PowerUpSelfTest();
2050
2051 if( rv != CKR_OK )
2052 return rv;
2053
2054 /* SHA-X Power-Up SelfTest(s). */
2055 rv = sftk_fips_SHA_PowerUpSelfTest();
2056
2057 if( rv != CKR_OK )
2058 return rv;
2059
2060 /* HMAC SHA-X Power-Up SelfTest(s). */
2061 rv = sftk_fips_HMAC_PowerUpSelfTest();
2062
2063 if( rv != CKR_OK )
2064 return rv;
2065
2066 /* RSA Power-Up SelfTest(s). */
2067 rv = sftk_fips_RSA_PowerUpSelfTest();
2068
2069 if( rv != CKR_OK )
2070 return rv;
2071
2072 /* DSA Power-Up SelfTest(s). */
2073 rv = sftk_fips_DSA_PowerUpSelfTest();
2074
2075 if( rv != CKR_OK )
2076 return rv;
2077
2078 /* RNG Power-Up SelfTest(s). */
2079 rv = sftk_fips_RNG_PowerUpSelfTest();
2080
2081 if( rv != CKR_OK )
2082 return rv;
2083
2084 #ifdef NSS_ENABLE_ECC
2085 /* ECDSA Power-Up SelfTest(s). */
2086 rv = sftk_fips_ECDSA_PowerUpSelfTest();
2087
2088 if( rv != CKR_OK )
2089 return rv;
2090 #endif
2091
2092 /* Software/Firmware Integrity Test. */
2093 rv = sftk_fipsSoftwareIntegrityTest();
2094
2095 if( rv != CKR_OK )
2096 return rv;
2097
2098 /* Passed Power-Up SelfTest(s). */
2099 return( CKR_OK );
2100 }
2101
OLDNEW
« no previous file with comments | « mozilla/security/nss/lib/softoken/fipsaudt.c ('k') | mozilla/security/nss/lib/softoken/fipstokn.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698