Mercurial > trustbridge > nss-cmake-static

comparison nss/lib/softoken/fipstest.c @ 0:1e5118fa0cb1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
This is NSS with a Cmake Buildsyste To compile a static NSS library for Windows we've used the Chromium-NSS fork and added a Cmake buildsystem to compile it statically for Windows. See README.chromium for chromium changes and README.trustbridge for our modifications.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 28 Jul 2014 10:47:06 +0200
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:1e5118fa0cb1
1 /*
2 * PKCS #11 FIPS Power-Up Self Test.
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
8 #include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */
9 /* DES-CBC, DES3-ECB, DES3-CBC, RSA */
10 /* and DSA. */
11 #include "seccomon.h" /* Required for RSA and DSA. */
12 #include "lowkeyi.h" /* Required for RSA and DSA. */
13 #include "pkcs11.h" /* Required for PKCS #11. */
14 #include "secerr.h"
15
16 #ifndef NSS_DISABLE_ECC
17 #include "ec.h" /* Required for ECDSA */
18 #endif
19
20
21 /* FIPS preprocessor directives for RC2-ECB and RC2-CBC. */
22 #define FIPS_RC2_KEY_LENGTH 5 /* 40-bits */
23 #define FIPS_RC2_ENCRYPT_LENGTH 8 /* 64-bits */
24 #define FIPS_RC2_DECRYPT_LENGTH 8 /* 64-bits */
25
26
27 /* FIPS preprocessor directives for RC4. */
28 #define FIPS_RC4_KEY_LENGTH 5 /* 40-bits */
29 #define FIPS_RC4_ENCRYPT_LENGTH 8 /* 64-bits */
30 #define FIPS_RC4_DECRYPT_LENGTH 8 /* 64-bits */
31
32
33 /* FIPS preprocessor directives for DES-ECB and DES-CBC. */
34 #define FIPS_DES_ENCRYPT_LENGTH 8 /* 64-bits */
35 #define FIPS_DES_DECRYPT_LENGTH 8 /* 64-bits */
36
37
38 /* FIPS preprocessor directives for DES3-CBC and DES3-ECB. */
39 #define FIPS_DES3_ENCRYPT_LENGTH 8 /* 64-bits */
40 #define FIPS_DES3_DECRYPT_LENGTH 8 /* 64-bits */
41
42
43 /* FIPS preprocessor directives for AES-ECB and AES-CBC. */
44 #define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */
45 #define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */
46 #define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */
47 #define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */
48 #define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */
49 #define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */
50
51
52 /* FIPS preprocessor directives for message digests */
53 #define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
54
55
56 /* FIPS preprocessor directives for RSA. */
57 #define FIPS_RSA_TYPE siBuffer
58 #define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */
59 #define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */
60 #define FIPS_RSA_MESSAGE_LENGTH 256 /* 2048-bits */
61 #define FIPS_RSA_COEFFICIENT_LENGTH 128 /* 1024-bits */
62 #define FIPS_RSA_PRIME0_LENGTH 128 /* 1024-bits */
63 #define FIPS_RSA_PRIME1_LENGTH 128 /* 1024-bits */
64 #define FIPS_RSA_EXPONENT0_LENGTH 128 /* 1024-bits */
65 #define FIPS_RSA_EXPONENT1_LENGTH 128 /* 1024-bits */
66 #define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */
67 #define FIPS_RSA_ENCRYPT_LENGTH 256 /* 2048-bits */
68 #define FIPS_RSA_DECRYPT_LENGTH 256 /* 2048-bits */
69 #define FIPS_RSA_SIGNATURE_LENGTH 256 /* 2048-bits */
70 #define FIPS_RSA_MODULUS_LENGTH 256 /* 2048-bits */
71
72
73 /* FIPS preprocessor directives for DSA. */
74 #define FIPS_DSA_TYPE siBuffer
75 #define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */
76 #define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */
77 #define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */
78 #define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */
79 #define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */
80
81 /* FIPS preprocessor directives for RNG. */
82 #define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */
83
84 static CK_RV
85 sftk_fips_RC2_PowerUpSelfTest( void )
86 {
87 /* RC2 Known Key (40-bits). */
88 static const PRUint8 rc2_known_key[] = { "RSARC" };
89
90 /* RC2-CBC Known Initialization Vector (64-bits). */
91 static const PRUint8 rc2_cbc_known_initialization_vector[] = {"Security"};
92
93 /* RC2 Known Plaintext (64-bits). */
94 static const PRUint8 rc2_ecb_known_plaintext[] = {"Netscape"};
95 static const PRUint8 rc2_cbc_known_plaintext[] = {"Netscape"};
96
97 /* RC2 Known Ciphertext (64-bits). */
98 static const PRUint8 rc2_ecb_known_ciphertext[] = {
99 0x1a,0x71,0x33,0x54,0x8d,0x5c,0xd2,0x30};
100 static const PRUint8 rc2_cbc_known_ciphertext[] = {
101 0xff,0x41,0xdb,0x94,0x8a,0x4c,0x33,0xb3};
102
103 /* RC2 variables. */
104 PRUint8 rc2_computed_ciphertext[FIPS_RC2_ENCRYPT_LENGTH];
105 PRUint8 rc2_computed_plaintext[FIPS_RC2_DECRYPT_LENGTH];
106 RC2Context * rc2_context;
107 unsigned int rc2_bytes_encrypted;
108 unsigned int rc2_bytes_decrypted;
109 SECStatus rc2_status;
110
111
112 /******************************************************/
113 /* RC2-ECB Single-Round Known Answer Encryption Test: */
114 /******************************************************/
115
116 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
117 NULL, NSS_RC2,
118 FIPS_RC2_KEY_LENGTH );
119
120 if( rc2_context == NULL )
121 return( CKR_HOST_MEMORY );
122
123 rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
124 &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
125 rc2_ecb_known_plaintext,
126 FIPS_RC2_DECRYPT_LENGTH );
127
128 RC2_DestroyContext( rc2_context, PR_TRUE );
129
130 if( ( rc2_status != SECSuccess ) ||
131 ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
132 ( PORT_Memcmp( rc2_computed_ciphertext, rc2_ecb_known_ciphertext,
133 FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
134 return( CKR_DEVICE_ERROR );
135
136
137 /******************************************************/
138 /* RC2-ECB Single-Round Known Answer Decryption Test: */
139 /******************************************************/
140
141 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
142 NULL, NSS_RC2,
143 FIPS_RC2_KEY_LENGTH );
144
145 if( rc2_context == NULL )
146 return( CKR_HOST_MEMORY );
147
148 rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
149 &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
150 rc2_ecb_known_ciphertext,
151 FIPS_RC2_ENCRYPT_LENGTH );
152
153 RC2_DestroyContext( rc2_context, PR_TRUE );
154
155 if( ( rc2_status != SECSuccess ) ||
156 ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
157 ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
158 FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
159 return( CKR_DEVICE_ERROR );
160
161
162 /******************************************************/
163 /* RC2-CBC Single-Round Known Answer Encryption Test: */
164 /******************************************************/
165
166 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
167 rc2_cbc_known_initialization_vector,
168 NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
169
170 if( rc2_context == NULL )
171 return( CKR_HOST_MEMORY );
172
173 rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
174 &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
175 rc2_cbc_known_plaintext,
176 FIPS_RC2_DECRYPT_LENGTH );
177
178 RC2_DestroyContext( rc2_context, PR_TRUE );
179
180 if( ( rc2_status != SECSuccess ) ||
181 ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
182 ( PORT_Memcmp( rc2_computed_ciphertext, rc2_cbc_known_ciphertext,
183 FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
184 return( CKR_DEVICE_ERROR );
185
186
187 /******************************************************/
188 /* RC2-CBC Single-Round Known Answer Decryption Test: */
189 /******************************************************/
190
191 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
192 rc2_cbc_known_initialization_vector,
193 NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
194
195 if( rc2_context == NULL )
196 return( CKR_HOST_MEMORY );
197
198 rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
199 &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
200 rc2_cbc_known_ciphertext,
201 FIPS_RC2_ENCRYPT_LENGTH );
202
203 RC2_DestroyContext( rc2_context, PR_TRUE );
204
205 if( ( rc2_status != SECSuccess ) ||
206 ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
207 ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
208 FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
209 return( CKR_DEVICE_ERROR );
210
211 return( CKR_OK );
212 }
213
214
215 static CK_RV
216 sftk_fips_RC4_PowerUpSelfTest( void )
217 {
218 /* RC4 Known Key (40-bits). */
219 static const PRUint8 rc4_known_key[] = { "RSARC" };
220
221 /* RC4 Known Plaintext (64-bits). */
222 static const PRUint8 rc4_known_plaintext[] = { "Netscape" };
223
224 /* RC4 Known Ciphertext (64-bits). */
225 static const PRUint8 rc4_known_ciphertext[] = {
226 0x29,0x33,0xc7,0x9a,0x9d,0x6c,0x09,0xdd};
227
228 /* RC4 variables. */
229 PRUint8 rc4_computed_ciphertext[FIPS_RC4_ENCRYPT_LENGTH];
230 PRUint8 rc4_computed_plaintext[FIPS_RC4_DECRYPT_LENGTH];
231 RC4Context * rc4_context;
232 unsigned int rc4_bytes_encrypted;
233 unsigned int rc4_bytes_decrypted;
234 SECStatus rc4_status;
235
236
237 /**************************************************/
238 /* RC4 Single-Round Known Answer Encryption Test: */
239 /**************************************************/
240
241 rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
242
243 if( rc4_context == NULL )
244 return( CKR_HOST_MEMORY );
245
246 rc4_status = RC4_Encrypt( rc4_context, rc4_computed_ciphertext,
247 &rc4_bytes_encrypted, FIPS_RC4_ENCRYPT_LENGTH,
248 rc4_known_plaintext, FIPS_RC4_DECRYPT_LENGTH );
249
250 RC4_DestroyContext( rc4_context, PR_TRUE );
251
252 if( ( rc4_status != SECSuccess ) ||
253 ( rc4_bytes_encrypted != FIPS_RC4_ENCRYPT_LENGTH ) ||
254 ( PORT_Memcmp( rc4_computed_ciphertext, rc4_known_ciphertext,
255 FIPS_RC4_ENCRYPT_LENGTH ) != 0 ) )
256 return( CKR_DEVICE_ERROR );
257
258
259 /**************************************************/
260 /* RC4 Single-Round Known Answer Decryption Test: */
261 /**************************************************/
262
263 rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
264
265 if( rc4_context == NULL )
266 return( CKR_HOST_MEMORY );
267
268 rc4_status = RC4_Decrypt( rc4_context, rc4_computed_plaintext,
269 &rc4_bytes_decrypted, FIPS_RC4_DECRYPT_LENGTH,
270 rc4_known_ciphertext, FIPS_RC4_ENCRYPT_LENGTH );
271
272 RC4_DestroyContext( rc4_context, PR_TRUE );
273
274 if( ( rc4_status != SECSuccess ) ||
275 ( rc4_bytes_decrypted != FIPS_RC4_DECRYPT_LENGTH ) ||
276 ( PORT_Memcmp( rc4_computed_plaintext, rc4_known_plaintext,
277 FIPS_RC4_DECRYPT_LENGTH ) != 0 ) )
278 return( CKR_DEVICE_ERROR );
279
280 return( CKR_OK );
281 }
282
283
284 static CK_RV
285 sftk_fips_DES_PowerUpSelfTest( void )
286 {
287 /* DES Known Key (56-bits). */
288 static const PRUint8 des_known_key[] = { "ANSI DES" };
289
290 /* DES-CBC Known Initialization Vector (64-bits). */
291 static const PRUint8 des_cbc_known_initialization_vector[] = { "Security" };
292
293 /* DES Known Plaintext (64-bits). */
294 static const PRUint8 des_ecb_known_plaintext[] = { "Netscape" };
295 static const PRUint8 des_cbc_known_plaintext[] = { "Netscape" };
296
297 /* DES Known Ciphertext (64-bits). */
298 static const PRUint8 des_ecb_known_ciphertext[] = {
299 0x26,0x14,0xe9,0xc3,0x28,0x80,0x50,0xb0};
300 static const PRUint8 des_cbc_known_ciphertext[] = {
301 0x5e,0x95,0x94,0x5d,0x76,0xa2,0xd3,0x7d};
302
303 /* DES variables. */
304 PRUint8 des_computed_ciphertext[FIPS_DES_ENCRYPT_LENGTH];
305 PRUint8 des_computed_plaintext[FIPS_DES_DECRYPT_LENGTH];
306 DESContext * des_context;
307 unsigned int des_bytes_encrypted;
308 unsigned int des_bytes_decrypted;
309 SECStatus des_status;
310
311
312 /******************************************************/
313 /* DES-ECB Single-Round Known Answer Encryption Test: */
314 /******************************************************/
315
316 des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_TRUE );
317
318 if( des_context == NULL )
319 return( CKR_HOST_MEMORY );
320
321 des_status = DES_Encrypt( des_context, des_computed_ciphertext,
322 &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
323 des_ecb_known_plaintext,
324 FIPS_DES_DECRYPT_LENGTH );
325
326 DES_DestroyContext( des_context, PR_TRUE );
327
328 if( ( des_status != SECSuccess ) ||
329 ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
330 ( PORT_Memcmp( des_computed_ciphertext, des_ecb_known_ciphertext,
331 FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
332 return( CKR_DEVICE_ERROR );
333
334
335 /******************************************************/
336 /* DES-ECB Single-Round Known Answer Decryption Test: */
337 /******************************************************/
338
339 des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_FALSE );
340
341 if( des_context == NULL )
342 return( CKR_HOST_MEMORY );
343
344 des_status = DES_Decrypt( des_context, des_computed_plaintext,
345 &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
346 des_ecb_known_ciphertext,
347 FIPS_DES_ENCRYPT_LENGTH );
348
349 DES_DestroyContext( des_context, PR_TRUE );
350
351 if( ( des_status != SECSuccess ) ||
352 ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
353 ( PORT_Memcmp( des_computed_plaintext, des_ecb_known_plaintext,
354 FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
355 return( CKR_DEVICE_ERROR );
356
357
358 /******************************************************/
359 /* DES-CBC Single-Round Known Answer Encryption Test. */
360 /******************************************************/
361
362 des_context = DES_CreateContext( des_known_key,
363 des_cbc_known_initialization_vector,
364 NSS_DES_CBC, PR_TRUE );
365
366 if( des_context == NULL )
367 return( CKR_HOST_MEMORY );
368
369 des_status = DES_Encrypt( des_context, des_computed_ciphertext,
370 &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
371 des_cbc_known_plaintext,
372 FIPS_DES_DECRYPT_LENGTH );
373
374 DES_DestroyContext( des_context, PR_TRUE );
375
376 if( ( des_status != SECSuccess ) ||
377 ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
378 ( PORT_Memcmp( des_computed_ciphertext, des_cbc_known_ciphertext,
379 FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
380 return( CKR_DEVICE_ERROR );
381
382
383 /******************************************************/
384 /* DES-CBC Single-Round Known Answer Decryption Test. */
385 /******************************************************/
386
387 des_context = DES_CreateContext( des_known_key,
388 des_cbc_known_initialization_vector,
389 NSS_DES_CBC, PR_FALSE );
390
391 if( des_context == NULL )
392 return( CKR_HOST_MEMORY );
393
394 des_status = DES_Decrypt( des_context, des_computed_plaintext,
395 &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
396 des_cbc_known_ciphertext,
397 FIPS_DES_ENCRYPT_LENGTH );
398
399 DES_DestroyContext( des_context, PR_TRUE );
400
401 if( ( des_status != SECSuccess ) ||
402 ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
403 ( PORT_Memcmp( des_computed_plaintext, des_cbc_known_plaintext,
404 FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
405 return( CKR_DEVICE_ERROR );
406
407 return( CKR_OK );
408 }
409
410
411 static CK_RV
412 sftk_fips_DES3_PowerUpSelfTest( void )
413 {
414 /* DES3 Known Key (56-bits). */
415 static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
416
417 /* DES3-CBC Known Initialization Vector (64-bits). */
418 static const PRUint8 des3_cbc_known_initialization_vector[] = { "Security" };
419
420 /* DES3 Known Plaintext (64-bits). */
421 static const PRUint8 des3_ecb_known_plaintext[] = { "Netscape" };
422 static const PRUint8 des3_cbc_known_plaintext[] = { "Netscape" };
423
424 /* DES3 Known Ciphertext (64-bits). */
425 static const PRUint8 des3_ecb_known_ciphertext[] = {
426 0x55,0x8e,0xad,0x3c,0xee,0x49,0x69,0xbe};
427 static const PRUint8 des3_cbc_known_ciphertext[] = {
428 0x43,0xdc,0x6a,0xc1,0xaf,0xa6,0x32,0xf5};
429
430 /* DES3 variables. */
431 PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
432 PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
433 DESContext * des3_context;
434 unsigned int des3_bytes_encrypted;
435 unsigned int des3_bytes_decrypted;
436 SECStatus des3_status;
437
438
439 /*******************************************************/
440 /* DES3-ECB Single-Round Known Answer Encryption Test. */
441 /*******************************************************/
442
443 des3_context = DES_CreateContext( des3_known_key, NULL,
444 NSS_DES_EDE3, PR_TRUE );
445
446 if( des3_context == NULL )
447 return( CKR_HOST_MEMORY );
448
449 des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
450 &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
451 des3_ecb_known_plaintext,
452 FIPS_DES3_DECRYPT_LENGTH );
453
454 DES_DestroyContext( des3_context, PR_TRUE );
455
456 if( ( des3_status != SECSuccess ) ||
457 ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
458 ( PORT_Memcmp( des3_computed_ciphertext, des3_ecb_known_ciphertext,
459 FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
460 return( CKR_DEVICE_ERROR );
461
462
463 /*******************************************************/
464 /* DES3-ECB Single-Round Known Answer Decryption Test. */
465 /*******************************************************/
466
467 des3_context = DES_CreateContext( des3_known_key, NULL,
468 NSS_DES_EDE3, PR_FALSE );
469
470 if( des3_context == NULL )
471 return( CKR_HOST_MEMORY );
472
473 des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
474 &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
475 des3_ecb_known_ciphertext,
476 FIPS_DES3_ENCRYPT_LENGTH );
477
478 DES_DestroyContext( des3_context, PR_TRUE );
479
480 if( ( des3_status != SECSuccess ) ||
481 ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
482 ( PORT_Memcmp( des3_computed_plaintext, des3_ecb_known_plaintext,
483 FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
484 return( CKR_DEVICE_ERROR );
485
486
487 /*******************************************************/
488 /* DES3-CBC Single-Round Known Answer Encryption Test. */
489 /*******************************************************/
490
491 des3_context = DES_CreateContext( des3_known_key,
492 des3_cbc_known_initialization_vector,
493 NSS_DES_EDE3_CBC, PR_TRUE );
494
495 if( des3_context == NULL )
496 return( CKR_HOST_MEMORY );
497
498 des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
499 &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
500 des3_cbc_known_plaintext,
501 FIPS_DES3_DECRYPT_LENGTH );
502
503 DES_DestroyContext( des3_context, PR_TRUE );
504
505 if( ( des3_status != SECSuccess ) ||
506 ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
507 ( PORT_Memcmp( des3_computed_ciphertext, des3_cbc_known_ciphertext,
508 FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
509 return( CKR_DEVICE_ERROR );
510
511
512 /*******************************************************/
513 /* DES3-CBC Single-Round Known Answer Decryption Test. */
514 /*******************************************************/
515
516 des3_context = DES_CreateContext( des3_known_key,
517 des3_cbc_known_initialization_vector,
518 NSS_DES_EDE3_CBC, PR_FALSE );
519
520 if( des3_context == NULL )
521 return( CKR_HOST_MEMORY );
522
523 des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
524 &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
525 des3_cbc_known_ciphertext,
526 FIPS_DES3_ENCRYPT_LENGTH );
527
528 DES_DestroyContext( des3_context, PR_TRUE );
529
530 if( ( des3_status != SECSuccess ) ||
531 ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
532 ( PORT_Memcmp( des3_computed_plaintext, des3_cbc_known_plaintext,
533 FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
534 return( CKR_DEVICE_ERROR );
535
536 return( CKR_OK );
537 }
538
539
540 /* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/
541 static CK_RV
542 sftk_fips_AES_PowerUpSelfTest( int aes_key_size )
543 {
544 /* AES Known Key (up to 256-bits). */
545 static const PRUint8 aes_known_key[] =
546 { "AES-128 RIJNDAELLEADNJIR 821-SEA" };
547
548 /* AES-CBC Known Initialization Vector (128-bits). */
549 static const PRUint8 aes_cbc_known_initialization_vector[] =
550 { "SecurityytiruceS" };
551
552 /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
553 static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" };
554
555 /* AES Known Ciphertext (128-bit key). */
556 static const PRUint8 aes_ecb128_known_ciphertext[] = {
557 0x3c,0xa5,0x96,0xf3,0x34,0x6a,0x96,0xc1,
558 0x03,0x88,0x16,0x7b,0x20,0xbf,0x35,0x47 };
559
560 static const PRUint8 aes_cbc128_known_ciphertext[] = {
561 0xcf,0x15,0x1d,0x4f,0x96,0xe4,0x4f,0x63,
562 0x15,0x54,0x14,0x1d,0x4e,0xd8,0xd5,0xea };
563
564 /* AES Known Ciphertext (192-bit key). */
565 static const PRUint8 aes_ecb192_known_ciphertext[] = {
566 0xa0,0x18,0x62,0xed,0x88,0x19,0xcb,0x62,
567 0x88,0x1d,0x4d,0xfe,0x84,0x02,0x89,0x0e };
568
569 static const PRUint8 aes_cbc192_known_ciphertext[] = {
570 0x83,0xf7,0xa4,0x76,0xd1,0x6f,0x07,0xbe,
571 0x07,0xbc,0x43,0x2f,0x6d,0xad,0x29,0xe1 };
572
573 /* AES Known Ciphertext (256-bit key). */
574 static const PRUint8 aes_ecb256_known_ciphertext[] = {
575 0xdb,0xa6,0x52,0x01,0x8a,0x70,0xae,0x66,
576 0x3a,0x99,0xd8,0x95,0x7f,0xfb,0x01,0x67 };
577
578 static const PRUint8 aes_cbc256_known_ciphertext[] = {
579 0x37,0xea,0x07,0x06,0x31,0x1c,0x59,0x27,
580 0xc5,0xc5,0x68,0x71,0x6e,0x34,0x40,0x16 };
581
582 const PRUint8 *aes_ecb_known_ciphertext =
583 ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext :
584 ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext :
585 aes_ecb256_known_ciphertext;
586
587 const PRUint8 *aes_cbc_known_ciphertext =
588 ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext :
589 ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext :
590 aes_cbc256_known_ciphertext;
591
592 /* AES variables. */
593 PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH];
594 PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH];
595 AESContext * aes_context;
596 unsigned int aes_bytes_encrypted;
597 unsigned int aes_bytes_decrypted;
598 SECStatus aes_status;
599
600 /*check if aes_key_size is 128, 192, or 256 bits */
601 if ((aes_key_size != FIPS_AES_128_KEY_SIZE) &&
602 (aes_key_size != FIPS_AES_192_KEY_SIZE) &&
603 (aes_key_size != FIPS_AES_256_KEY_SIZE))
604 return( CKR_DEVICE_ERROR );
605
606 /******************************************************/
607 /* AES-ECB Single-Round Known Answer Encryption Test: */
608 /******************************************************/
609
610 aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_TRUE,
611 aes_key_size, FIPS_AES_BLOCK_SIZE );
612
613 if( aes_context == NULL )
614 return( CKR_HOST_MEMORY );
615
616 aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
617 &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
618 aes_known_plaintext,
619 FIPS_AES_DECRYPT_LENGTH );
620
621 AES_DestroyContext( aes_context, PR_TRUE );
622
623 if( ( aes_status != SECSuccess ) ||
624 ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
625 ( PORT_Memcmp( aes_computed_ciphertext, aes_ecb_known_ciphertext,
626 FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
627 return( CKR_DEVICE_ERROR );
628
629
630 /******************************************************/
631 /* AES-ECB Single-Round Known Answer Decryption Test: */
632 /******************************************************/
633
634 aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_FALSE,
635 aes_key_size, FIPS_AES_BLOCK_SIZE );
636
637 if( aes_context == NULL )
638 return( CKR_HOST_MEMORY );
639
640 aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
641 &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
642 aes_ecb_known_ciphertext,
643 FIPS_AES_ENCRYPT_LENGTH );
644
645 AES_DestroyContext( aes_context, PR_TRUE );
646
647 if( ( aes_status != SECSuccess ) ||
648 ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
649 ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
650 FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
651 return( CKR_DEVICE_ERROR );
652
653
654 /******************************************************/
655 /* AES-CBC Single-Round Known Answer Encryption Test. */
656 /******************************************************/
657
658 aes_context = AES_CreateContext( aes_known_key,
659 aes_cbc_known_initialization_vector,
660 NSS_AES_CBC, PR_TRUE, aes_key_size,
661 FIPS_AES_BLOCK_SIZE );
662
663 if( aes_context == NULL )
664 return( CKR_HOST_MEMORY );
665
666 aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
667 &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
668 aes_known_plaintext,
669 FIPS_AES_DECRYPT_LENGTH );
670
671 AES_DestroyContext( aes_context, PR_TRUE );
672
673 if( ( aes_status != SECSuccess ) ||
674 ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
675 ( PORT_Memcmp( aes_computed_ciphertext, aes_cbc_known_ciphertext,
676 FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
677 return( CKR_DEVICE_ERROR );
678
679
680 /******************************************************/
681 /* AES-CBC Single-Round Known Answer Decryption Test. */
682 /******************************************************/
683
684 aes_context = AES_CreateContext( aes_known_key,
685 aes_cbc_known_initialization_vector,
686 NSS_AES_CBC, PR_FALSE, aes_key_size,
687 FIPS_AES_BLOCK_SIZE );
688
689 if( aes_context == NULL )
690 return( CKR_HOST_MEMORY );
691
692 aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
693 &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
694 aes_cbc_known_ciphertext,
695 FIPS_AES_ENCRYPT_LENGTH );
696
697 AES_DestroyContext( aes_context, PR_TRUE );
698
699 if( ( aes_status != SECSuccess ) ||
700 ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
701 ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
702 FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
703 return( CKR_DEVICE_ERROR );
704
705 return( CKR_OK );
706 }
707
708 /* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */
709 static const PRUint8 known_hash_message[] = {
710 "The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
711
712
713 static CK_RV
714 sftk_fips_MD2_PowerUpSelfTest( void )
715 {
716 /* MD2 Known Digest Message (128-bits). */
717 static const PRUint8 md2_known_digest[] = {
718 0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17,
719 0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b};
720
721 /* MD2 variables. */
722 MD2Context * md2_context;
723 unsigned int md2_bytes_hashed;
724 PRUint8 md2_computed_digest[MD2_LENGTH];
725
726
727 /***********************************************/
728 /* MD2 Single-Round Known Answer Hashing Test. */
729 /***********************************************/
730
731 md2_context = MD2_NewContext();
732
733 if( md2_context == NULL )
734 return( CKR_HOST_MEMORY );
735
736 MD2_Begin( md2_context );
737
738 MD2_Update( md2_context, known_hash_message,
739 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
740
741 MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH );
742
743 MD2_DestroyContext( md2_context , PR_TRUE );
744
745 if( ( md2_bytes_hashed != MD2_LENGTH ) ||
746 ( PORT_Memcmp( md2_computed_digest, md2_known_digest,
747 MD2_LENGTH ) != 0 ) )
748 return( CKR_DEVICE_ERROR );
749
750 return( CKR_OK );
751 }
752
753
754 static CK_RV
755 sftk_fips_MD5_PowerUpSelfTest( void )
756 {
757 /* MD5 Known Digest Message (128-bits). */
758 static const PRUint8 md5_known_digest[] = {
759 0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28,
760 0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d};
761
762 /* MD5 variables. */
763 PRUint8 md5_computed_digest[MD5_LENGTH];
764 SECStatus md5_status;
765
766
767 /***********************************************/
768 /* MD5 Single-Round Known Answer Hashing Test. */
769 /***********************************************/
770
771 md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message,
772 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
773
774 if( ( md5_status != SECSuccess ) ||
775 ( PORT_Memcmp( md5_computed_digest, md5_known_digest,
776 MD5_LENGTH ) != 0 ) )
777 return( CKR_DEVICE_ERROR );
778
779 return( CKR_OK );
780 }
781
782 /****************************************************/
783 /* Single Round HMAC SHA-X test */
784 /****************************************************/
785 static SECStatus
786 sftk_fips_HMAC(unsigned char *hmac_computed,
787 const PRUint8 *secret_key,
788 unsigned int secret_key_length,
789 const PRUint8 *message,
790 unsigned int message_length,
791 HASH_HashType hashAlg )
792 {
793 SECStatus hmac_status = SECFailure;
794 HMACContext *cx = NULL;
795 SECHashObject *hashObj = NULL;
796 unsigned int bytes_hashed = 0;
797
798 hashObj = (SECHashObject *) HASH_GetRawHashObject(hashAlg);
799
800 if (!hashObj)
801 return( SECFailure );
802
803 cx = HMAC_Create(hashObj, secret_key,
804 secret_key_length,
805 PR_TRUE); /* PR_TRUE for in FIPS mode */
806
807 if (cx == NULL)
808 return( SECFailure );
809
810 HMAC_Begin(cx);
811 HMAC_Update(cx, message, message_length);
812 hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
813 hashObj->length);
814
815 HMAC_Destroy(cx, PR_TRUE);
816
817 return( hmac_status );
818 }
819
820 static CK_RV
821 sftk_fips_HMAC_PowerUpSelfTest( void )
822 {
823 static const PRUint8 HMAC_known_secret_key[] = {
824 "Firefox and ThunderBird are awesome!"};
825
826 static const PRUint8 HMAC_known_secret_key_length
827 = sizeof HMAC_known_secret_key;
828
829 /* known SHA1 hmac (20 bytes) */
830 static const PRUint8 known_SHA1_hmac[] = {
831 0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05,
832 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
833 0x5d, 0x0e, 0x1e, 0x11};
834
835 /* known SHA224 hmac (28 bytes) */
836 static const PRUint8 known_SHA224_hmac[] = {
837 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
838 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
839 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
840 0x9a, 0xb8, 0x98, 0x4e};
841
842 /* known SHA256 hmac (32 bytes) */
843 static const PRUint8 known_SHA256_hmac[] = {
844 0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44,
845 0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0,
846 0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9,
847 0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48};
848
849 /* known SHA384 hmac (48 bytes) */
850 static const PRUint8 known_SHA384_hmac[] = {
851 0xcd, 0x56, 0x14, 0xec, 0x05, 0x53, 0x06, 0x2b,
852 0x7e, 0x9c, 0x8a, 0x18, 0x5e, 0xea, 0xf3, 0x91,
853 0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b,
854 0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d,
855 0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa,
856 0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87};
857
858 /* known SHA512 hmac (64 bytes) */
859 static const PRUint8 known_SHA512_hmac[] = {
860 0xf6, 0x0e, 0x97, 0x12, 0x00, 0x67, 0x6e, 0xb9,
861 0x0c, 0xb2, 0x63, 0xf0, 0x60, 0xac, 0x75, 0x62,
862 0x70, 0x95, 0x2a, 0x52, 0x22, 0xee, 0xdd, 0xd2,
863 0x71, 0xb1, 0xe8, 0x26, 0x33, 0xd3, 0x13, 0x27,
864 0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb,
865 0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1,
866 0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4,
867 0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37};
868
869 SECStatus hmac_status;
870 PRUint8 hmac_computed[HASH_LENGTH_MAX];
871
872 /***************************************************/
873 /* HMAC SHA-1 Single-Round Known Answer HMAC Test. */
874 /***************************************************/
875
876 hmac_status = sftk_fips_HMAC(hmac_computed,
877 HMAC_known_secret_key,
878 HMAC_known_secret_key_length,
879 known_hash_message,
880 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
881 HASH_AlgSHA1);
882
883 if( ( hmac_status != SECSuccess ) ||
884 ( PORT_Memcmp( hmac_computed, known_SHA1_hmac,
885 SHA1_LENGTH ) != 0 ) )
886 return( CKR_DEVICE_ERROR );
887
888 /***************************************************/
889 /* HMAC SHA-224 Single-Round Known Answer Test. */
890 /***************************************************/
891
892 hmac_status = sftk_fips_HMAC(hmac_computed,
893 HMAC_known_secret_key,
894 HMAC_known_secret_key_length,
895 known_hash_message,
896 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
897 HASH_AlgSHA224);
898
899 if( ( hmac_status != SECSuccess ) ||
900 ( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
901 SHA224_LENGTH ) != 0 ) )
902 return( CKR_DEVICE_ERROR );
903
904 /***************************************************/
905 /* HMAC SHA-256 Single-Round Known Answer Test. */
906 /***************************************************/
907
908 hmac_status = sftk_fips_HMAC(hmac_computed,
909 HMAC_known_secret_key,
910 HMAC_known_secret_key_length,
911 known_hash_message,
912 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
913 HASH_AlgSHA256);
914
915 if( ( hmac_status != SECSuccess ) ||
916 ( PORT_Memcmp( hmac_computed, known_SHA256_hmac,
917 SHA256_LENGTH ) != 0 ) )
918 return( CKR_DEVICE_ERROR );
919
920 /***************************************************/
921 /* HMAC SHA-384 Single-Round Known Answer Test. */
922 /***************************************************/
923
924 hmac_status = sftk_fips_HMAC(hmac_computed,
925 HMAC_known_secret_key,
926 HMAC_known_secret_key_length,
927 known_hash_message,
928 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
929 HASH_AlgSHA384);
930
931 if( ( hmac_status != SECSuccess ) ||
932 ( PORT_Memcmp( hmac_computed, known_SHA384_hmac,
933 SHA384_LENGTH ) != 0 ) )
934 return( CKR_DEVICE_ERROR );
935
936 /***************************************************/
937 /* HMAC SHA-512 Single-Round Known Answer Test. */
938 /***************************************************/
939
940 hmac_status = sftk_fips_HMAC(hmac_computed,
941 HMAC_known_secret_key,
942 HMAC_known_secret_key_length,
943 known_hash_message,
944 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
945 HASH_AlgSHA512);
946
947 if( ( hmac_status != SECSuccess ) ||
948 ( PORT_Memcmp( hmac_computed, known_SHA512_hmac,
949 SHA512_LENGTH ) != 0 ) )
950 return( CKR_DEVICE_ERROR );
951
952 return( CKR_OK );
953 }
954
955 static CK_RV
956 sftk_fips_SHA_PowerUpSelfTest( void )
957 {
958 /* SHA-1 Known Digest Message (160-bits). */
959 static const PRUint8 sha1_known_digest[] = {
960 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
961 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
962 0xe0,0x68,0x47,0x7a};
963
964 /* SHA-224 Known Digest Message (224-bits). */
965 static const PRUint8 sha224_known_digest[] = {
966 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
967 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
968 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
969 0x8e,0x08,0xe5,0xcb};
970
971 /* SHA-256 Known Digest Message (256-bits). */
972 static const PRUint8 sha256_known_digest[] = {
973 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
974 0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d,
975 0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9,
976 0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79};
977
978 /* SHA-384 Known Digest Message (384-bits). */
979 static const PRUint8 sha384_known_digest[] = {
980 0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3,
981 0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe,
982 0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8,
983 0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b,
984 0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3,
985 0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72};
986
987 /* SHA-512 Known Digest Message (512-bits). */
988 static const PRUint8 sha512_known_digest[] = {
989 0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf,
990 0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb,
991 0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99,
992 0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28,
993 0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12,
994 0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f,
995 0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a,
996 0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07};
997
998 /* SHA-X variables. */
999 PRUint8 sha_computed_digest[HASH_LENGTH_MAX];
1000 SECStatus sha_status;
1001
1002 /*************************************************/
1003 /* SHA-1 Single-Round Known Answer Hashing Test. */
1004 /*************************************************/
1005
1006 sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message,
1007 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1008
1009 if( ( sha_status != SECSuccess ) ||
1010 ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
1011 SHA1_LENGTH ) != 0 ) )
1012 return( CKR_DEVICE_ERROR );
1013
1014 /***************************************************/
1015 /* SHA-224 Single-Round Known Answer Hashing Test. */
1016 /***************************************************/
1017
1018 sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
1019 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1020
1021 if( ( sha_status != SECSuccess ) ||
1022 ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
1023 SHA224_LENGTH ) != 0 ) )
1024 return( CKR_DEVICE_ERROR );
1025
1026 /***************************************************/
1027 /* SHA-256 Single-Round Known Answer Hashing Test. */
1028 /***************************************************/
1029
1030 sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message,
1031 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1032
1033 if( ( sha_status != SECSuccess ) ||
1034 ( PORT_Memcmp( sha_computed_digest, sha256_known_digest,
1035 SHA256_LENGTH ) != 0 ) )
1036 return( CKR_DEVICE_ERROR );
1037
1038 /***************************************************/
1039 /* SHA-384 Single-Round Known Answer Hashing Test. */
1040 /***************************************************/
1041
1042 sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message,
1043 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1044
1045 if( ( sha_status != SECSuccess ) ||
1046 ( PORT_Memcmp( sha_computed_digest, sha384_known_digest,
1047 SHA384_LENGTH ) != 0 ) )
1048 return( CKR_DEVICE_ERROR );
1049
1050 /***************************************************/
1051 /* SHA-512 Single-Round Known Answer Hashing Test. */
1052 /***************************************************/
1053
1054 sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message,
1055 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1056
1057 if( ( sha_status != SECSuccess ) ||
1058 ( PORT_Memcmp( sha_computed_digest, sha512_known_digest,
1059 SHA512_LENGTH ) != 0 ) )
1060 return( CKR_DEVICE_ERROR );
1061
1062 return( CKR_OK );
1063 }
1064
1065 /*
1066 * Single round RSA Signature Known Answer Test
1067 */
1068 static SECStatus
1069 sftk_fips_RSA_PowerUpSigSelfTest (HASH_HashType shaAlg,
1070 NSSLOWKEYPublicKey *rsa_public_key,
1071 NSSLOWKEYPrivateKey *rsa_private_key,
1072 const unsigned char *rsa_known_msg,
1073 const unsigned int rsa_kmsg_length,
1074 const unsigned char *rsa_known_signature)
1075 {
1076 SECOidTag shaOid; /* SHA OID */
1077 unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
1078 unsigned int shaLength = 0; /* length of SHA */
1079 unsigned int rsa_bytes_signed;
1080 unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
1081 SECStatus rv;
1082
1083 if (shaAlg == HASH_AlgSHA1) {
1084 if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1085 != SECSuccess) {
1086 goto loser;
1087 }
1088 shaLength = SHA1_LENGTH;
1089 shaOid = SEC_OID_SHA1;
1090 } else if (shaAlg == HASH_AlgSHA256) {
1091 if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1092 != SECSuccess) {
1093 goto loser;
1094 }
1095 shaLength = SHA256_LENGTH;
1096 shaOid = SEC_OID_SHA256;
1097 } else if (shaAlg == HASH_AlgSHA384) {
1098 if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1099 != SECSuccess) {
1100 goto loser;
1101 }
1102 shaLength = SHA384_LENGTH;
1103 shaOid = SEC_OID_SHA384;
1104 } else if (shaAlg == HASH_AlgSHA512) {
1105 if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1106 != SECSuccess) {
1107 goto loser;
1108 }
1109 shaLength = SHA512_LENGTH;
1110 shaOid = SEC_OID_SHA512;
1111 } else {
1112 goto loser;
1113 }
1114
1115 /*************************************************/
1116 /* RSA Single-Round Known Answer Signature Test. */
1117 /*************************************************/
1118
1119 /* Perform RSA signature with the RSA private key. */
1120 rv = RSA_HashSign( shaOid,
1121 rsa_private_key,
1122 rsa_computed_signature,
1123 &rsa_bytes_signed,
1124 FIPS_RSA_SIGNATURE_LENGTH,
1125 sha,
1126 shaLength);
1127
1128 if( ( rv != SECSuccess ) ||
1129 ( rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH ) ||
1130 ( PORT_Memcmp( rsa_computed_signature, rsa_known_signature,
1131 FIPS_RSA_SIGNATURE_LENGTH ) != 0 ) ) {
1132 goto loser;
1133 }
1134
1135 /****************************************************/
1136 /* RSA Single-Round Known Answer Verification Test. */
1137 /****************************************************/
1138
1139 /* Perform RSA verification with the RSA public key. */
1140 rv = RSA_HashCheckSign( shaOid,
1141 rsa_public_key,
1142 rsa_computed_signature,
1143 rsa_bytes_signed,
1144 sha,
1145 shaLength);
1146
1147 if( rv != SECSuccess ) {
1148 goto loser;
1149 }
1150 return( SECSuccess );
1151
1152 loser:
1153
1154 return( SECFailure );
1155
1156 }
1157
1158 static CK_RV
1159 sftk_fips_RSA_PowerUpSelfTest( void )
1160 {
1161 /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */
1162 static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
1163 0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
1164 0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
1165 0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
1166 0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
1167 0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
1168 0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
1169 0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
1170 0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
1171 0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
1172 0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
1173 0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
1174 0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
1175 0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
1176 0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
1177 0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
1178 0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
1179 0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
1180 0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
1181 0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
1182 0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
1183 0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
1184 0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
1185 0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
1186 0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
1187 0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
1188 0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
1189 0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
1190 0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
1191 0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
1192 0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
1193 0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
1194 0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b};
1195
1196 /* RSA Known Public Key Values (24-bits). */
1197 static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH]
1198 = { 0x01, 0x00, 0x01 };
1199 /* RSA Known Private Key Values (version is 8-bits), */
1200 /* (private exponent is 2048-bits), */
1201 /* (private prime0 is 1024-bits), */
1202 /* (private prime1 is 1024-bits), */
1203 /* (private prime exponent0 is 1024-bits), */
1204 /* (private prime exponent1 is 1024-bits), */
1205 /* and (private coefficient is 1024-bits). */
1206 static const PRUint8 rsa_version[] = { 0x00 };
1207
1208 static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH]
1209 = {0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
1210 0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
1211 0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
1212 0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
1213 0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
1214 0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
1215 0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
1216 0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
1217 0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
1218 0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
1219 0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
1220 0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
1221 0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
1222 0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
1223 0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
1224 0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
1225 0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
1226 0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
1227 0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
1228 0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
1229 0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
1230 0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
1231 0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
1232 0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
1233 0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
1234 0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
1235 0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
1236 0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
1237 0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
1238 0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
1239 0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
1240 0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81 };
1241
1242 static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
1243 0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
1244 0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
1245 0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
1246 0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
1247 0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
1248 0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
1249 0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
1250 0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
1251 0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
1252 0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
1253 0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
1254 0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
1255 0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
1256 0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
1257 0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
1258 0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05};
1259 static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
1260 0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
1261 0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
1262 0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
1263 0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
1264 0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
1265 0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
1266 0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
1267 0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
1268 0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
1269 0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
1270 0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
1271 0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
1272 0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
1273 0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
1274 0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
1275 0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf};
1276 static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
1277 0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
1278 0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
1279 0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
1280 0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
1281 0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
1282 0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
1283 0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
1284 0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
1285 0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
1286 0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
1287 0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
1288 0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
1289 0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
1290 0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
1291 0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
1292 0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d};
1293 static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
1294 0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
1295 0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
1296 0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
1297 0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
1298 0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
1299 0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
1300 0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
1301 0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
1302 0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
1303 0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
1304 0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
1305 0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
1306 0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
1307 0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
1308 0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
1309 0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59};
1310 static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
1311 0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
1312 0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
1313 0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
1314 0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
1315 0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
1316 0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
1317 0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
1318 0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
1319 0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
1320 0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
1321 0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
1322 0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
1323 0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
1324 0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
1325 0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
1326 0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02};
1327
1328 /* RSA Known Plaintext Message (1024-bits). */
1329 static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
1330 "Known plaintext message utilized"
1331 "for RSA Encryption & Decryption"
1332 "blocks SHA256, SHA384 and "
1333 "SHA512 RSA Signature KAT tests. "
1334 "Known plaintext message utilized"
1335 "for RSA Encryption & Decryption"
1336 "blocks SHA256, SHA384 and "
1337 "SHA512 RSA Signature KAT tests."};
1338
1339 /* RSA Known Ciphertext (2048-bits). */
1340 static const PRUint8 rsa_known_ciphertext[] = {
1341 0x04, 0x12, 0x46, 0xe3, 0x6a, 0xee, 0xde, 0xdd,
1342 0x49, 0xa1, 0xd9, 0x83, 0xf7, 0x35, 0xf9, 0x70,
1343 0x88, 0x03, 0x2d, 0x01, 0x8b, 0xd1, 0xbf, 0xdb,
1344 0xe5, 0x1c, 0x85, 0xbe, 0xb5, 0x0b, 0x48, 0x45,
1345 0x7a, 0xf0, 0xa0, 0xe3, 0xa2, 0xbb, 0x4b, 0xf6,
1346 0x27, 0xd0, 0x1b, 0x12, 0xe3, 0x77, 0x52, 0x34,
1347 0x9e, 0x8e, 0x03, 0xd2, 0xf8, 0x79, 0x6e, 0x39,
1348 0x79, 0x53, 0x3c, 0x44, 0x14, 0x94, 0xbb, 0x8d,
1349 0xaa, 0x14, 0x44, 0xa0, 0x7b, 0xa5, 0x8c, 0x93,
1350 0x5f, 0x99, 0xa4, 0xa3, 0x6e, 0x7a, 0x38, 0x40,
1351 0x78, 0xfa, 0x36, 0x91, 0x5e, 0x9a, 0x9c, 0xba,
1352 0x1e, 0xd4, 0xf9, 0xda, 0x4b, 0x0f, 0xa8, 0xa3,
1353 0x1c, 0xf3, 0x3a, 0xd1, 0xa5, 0xb4, 0x51, 0x16,
1354 0xed, 0x4b, 0xcf, 0xec, 0x93, 0x7b, 0x90, 0x21,
1355 0xbc, 0x3a, 0xf4, 0x0b, 0xd1, 0x3a, 0x2b, 0xba,
1356 0xa6, 0x7d, 0x5b, 0x53, 0xd8, 0x64, 0xf9, 0x29,
1357 0x7b, 0x7f, 0x77, 0x3e, 0x51, 0x4c, 0x9a, 0x94,
1358 0xd2, 0x4b, 0x4a, 0x8d, 0x61, 0x74, 0x97, 0xae,
1359 0x53, 0x6a, 0xf4, 0x90, 0xc2, 0x2c, 0x49, 0xe2,
1360 0xfa, 0xeb, 0x91, 0xc5, 0xe5, 0x83, 0x13, 0xc9,
1361 0x44, 0x4b, 0x95, 0x2c, 0x57, 0x70, 0x15, 0x5c,
1362 0x64, 0x8d, 0x1a, 0xfd, 0x2a, 0xc7, 0xb2, 0x9c,
1363 0x5c, 0x99, 0xd3, 0x4a, 0xfd, 0xdd, 0xf6, 0x82,
1364 0x87, 0x8c, 0x5a, 0xc4, 0xa8, 0x0d, 0x2a, 0xef,
1365 0xc3, 0xa2, 0x7e, 0x8e, 0x67, 0x9f, 0x6f, 0x63,
1366 0xdb, 0xbb, 0x1d, 0x31, 0xc4, 0xbb, 0xbc, 0x13,
1367 0x3f, 0x54, 0xc6, 0xf6, 0xc5, 0x28, 0x32, 0xab,
1368 0x96, 0x42, 0x10, 0x36, 0x40, 0x92, 0xbb, 0x57,
1369 0x55, 0x38, 0xf5, 0x43, 0x7e, 0x43, 0xc4, 0x65,
1370 0x47, 0x64, 0xaa, 0x0f, 0x4c, 0xe9, 0x49, 0x16,
1371 0xec, 0x6a, 0x50, 0xfd, 0x14, 0x49, 0xca, 0xdb,
1372 0x44, 0x54, 0xca, 0xbe, 0xa3, 0x0e, 0x5f, 0xef};
1373
1374 /* RSA Known Signed Hash (2048-bits). */
1375 static const PRUint8 rsa_known_sha256_signature[] = {
1376 0x8c, 0x2d, 0x2e, 0xfb, 0x37, 0xb5, 0x6f, 0x38,
1377 0x9f, 0x06, 0x5a, 0xf3, 0x8c, 0xa0, 0xd0, 0x7a,
1378 0xde, 0xcf, 0xf9, 0x14, 0x95, 0x59, 0xd3, 0x5f,
1379 0x51, 0x5d, 0x5d, 0xad, 0xd8, 0x71, 0x33, 0x50,
1380 0x1d, 0x03, 0x3b, 0x3a, 0x32, 0x00, 0xb4, 0xde,
1381 0x7f, 0xe4, 0xb1, 0xe5, 0x6b, 0x83, 0xf4, 0x80,
1382 0x10, 0x3b, 0xb8, 0x8a, 0xdb, 0xe8, 0x0a, 0x42,
1383 0x9e, 0x8d, 0xd7, 0xbe, 0xed, 0xde, 0x5a, 0x3d,
1384 0xc6, 0xdb, 0xfe, 0x49, 0x6a, 0xe9, 0x1e, 0x75,
1385 0x66, 0xf1, 0x3f, 0x9e, 0x3f, 0xff, 0x05, 0x65,
1386 0xde, 0xca, 0x62, 0x62, 0xf3, 0xec, 0x53, 0x09,
1387 0xa0, 0x37, 0xd5, 0x66, 0x62, 0x72, 0x14, 0xb6,
1388 0x51, 0x32, 0x67, 0x50, 0xc1, 0xe1, 0x2f, 0x9e,
1389 0x98, 0x4e, 0x53, 0x96, 0x55, 0x4b, 0xc4, 0x92,
1390 0xc3, 0xb4, 0x80, 0xf0, 0x35, 0xc9, 0x00, 0x4b,
1391 0x5c, 0x85, 0x92, 0xb1, 0xe8, 0x6e, 0xa5, 0x51,
1392 0x38, 0x9f, 0xc9, 0x11, 0xb6, 0x14, 0xdf, 0x34,
1393 0x64, 0x40, 0x82, 0x82, 0xde, 0x16, 0x69, 0x93,
1394 0x89, 0x4e, 0x5c, 0x32, 0xf2, 0x0a, 0x4e, 0x9e,
1395 0xbd, 0x63, 0x99, 0x4f, 0xf3, 0x15, 0x90, 0xc2,
1396 0xfe, 0x6f, 0xb7, 0xf4, 0xad, 0xd4, 0x8e, 0x0b,
1397 0xd2, 0xf5, 0x22, 0xd2, 0x71, 0x65, 0x13, 0xf7,
1398 0x82, 0x7b, 0x75, 0xb6, 0xc1, 0xb4, 0x45, 0xbd,
1399 0x8f, 0x95, 0xcf, 0x5b, 0x95, 0x32, 0xef, 0x18,
1400 0x5f, 0xd3, 0xdf, 0x7e, 0x22, 0xdd, 0x25, 0xeb,
1401 0xe1, 0xbf, 0x3b, 0x9a, 0x55, 0x75, 0x4f, 0x3c,
1402 0x38, 0x67, 0x57, 0x04, 0x04, 0x57, 0x27, 0xf6,
1403 0x34, 0x0e, 0x57, 0x8a, 0x7c, 0xff, 0x7d, 0xca,
1404 0x8c, 0x06, 0xf8, 0x9d, 0xdb, 0xe4, 0xd8, 0x19,
1405 0xdd, 0x4d, 0xfd, 0x8f, 0xa0, 0x06, 0x53, 0xe8,
1406 0x33, 0x00, 0x70, 0x3f, 0x6b, 0xc3, 0xbd, 0x9a,
1407 0x78, 0xb5, 0xa9, 0xef, 0x6d, 0xda, 0x67, 0x92};
1408
1409 /* RSA Known Signed Hash (2048-bits). */
1410 static const PRUint8 rsa_known_sha384_signature[] = {
1411 0x20, 0x2d, 0x21, 0x3a, 0xaa, 0x1e, 0x05, 0x15,
1412 0x5c, 0xca, 0x84, 0x86, 0xc0, 0x15, 0x81, 0xdf,
1413 0xd4, 0x06, 0x9f, 0xe0, 0xc1, 0xed, 0xef, 0x0f,
1414 0xfe, 0xb3, 0xc3, 0xbb, 0x28, 0xa5, 0x56, 0xbf,
1415 0xe3, 0x11, 0x5c, 0xc2, 0xc0, 0x0b, 0xfa, 0xfa,
1416 0x3d, 0xd3, 0x06, 0x20, 0xe2, 0xc9, 0xe4, 0x66,
1417 0x28, 0xb7, 0xc0, 0x3b, 0x3c, 0x96, 0xc6, 0x49,
1418 0x3b, 0xcf, 0x86, 0x49, 0x31, 0xaf, 0x5b, 0xa3,
1419 0xec, 0x63, 0x10, 0xdf, 0xda, 0x2f, 0x68, 0xac,
1420 0x7b, 0x3a, 0x49, 0xfa, 0xe6, 0x0d, 0xfe, 0x37,
1421 0x17, 0x56, 0x8e, 0x5c, 0x48, 0x97, 0x43, 0xf7,
1422 0xa0, 0xbc, 0xe3, 0x4b, 0x42, 0xde, 0x58, 0x1d,
1423 0xd9, 0x5d, 0xb3, 0x08, 0x35, 0xbd, 0xa4, 0xe1,
1424 0x80, 0xc3, 0x64, 0xab, 0x21, 0x97, 0xad, 0xfb,
1425 0x71, 0xee, 0xa3, 0x3d, 0x9c, 0xaa, 0xfa, 0x16,
1426 0x60, 0x46, 0x32, 0xda, 0x44, 0x2e, 0x10, 0x92,
1427 0x20, 0xd8, 0x98, 0x80, 0x84, 0x75, 0x5b, 0x70,
1428 0x91, 0x00, 0x33, 0x19, 0x69, 0xc9, 0x2a, 0xec,
1429 0x3d, 0xe5, 0x5f, 0x0f, 0x9a, 0xa7, 0x97, 0x1f,
1430 0x79, 0xc3, 0x1d, 0x65, 0x74, 0x62, 0xc5, 0xa1,
1431 0x23, 0x65, 0x4b, 0x84, 0xa1, 0x03, 0x98, 0xf3,
1432 0xf1, 0x02, 0x24, 0xca, 0xe5, 0xd4, 0xc8, 0xa2,
1433 0x30, 0xad, 0x72, 0x7d, 0x29, 0x60, 0x1a, 0x8e,
1434 0x6f, 0x23, 0xa4, 0xda, 0x68, 0xa4, 0x45, 0x9c,
1435 0x39, 0x70, 0x44, 0x18, 0x4b, 0x73, 0xfe, 0xf8,
1436 0x33, 0x53, 0x1d, 0x7e, 0x93, 0x93, 0xac, 0xc7,
1437 0x1e, 0x6e, 0x6b, 0xfd, 0x9e, 0xba, 0xa6, 0x71,
1438 0x70, 0x47, 0x6a, 0xd6, 0x82, 0x32, 0xa2, 0x6e,
1439 0x20, 0x72, 0xb0, 0xba, 0xec, 0x91, 0xbb, 0x6b,
1440 0xcc, 0x84, 0x0a, 0x33, 0x2b, 0x8a, 0x8d, 0xeb,
1441 0x71, 0xcd, 0xca, 0x67, 0x1b, 0xad, 0x10, 0xd4,
1442 0xce, 0x4f, 0xc0, 0x29, 0xec, 0xfa, 0xed, 0xfa};
1443
1444 /* RSA Known Signed Hash (2048-bits). */
1445 static const PRUint8 rsa_known_sha512_signature[] = {
1446 0x35, 0x0e, 0x74, 0x9d, 0xeb, 0xc7, 0x67, 0x31,
1447 0x9f, 0xff, 0x0b, 0xbb, 0x5e, 0x66, 0xb4, 0x2f,
1448 0xbf, 0x72, 0x60, 0x4f, 0xe9, 0xbd, 0xec, 0xc8,
1449 0x17, 0x79, 0x5f, 0x39, 0x83, 0xb4, 0x54, 0x2e,
1450 0x01, 0xb9, 0xd3, 0x20, 0x47, 0xcb, 0xd4, 0x42,
1451 0xf2, 0x6e, 0x36, 0xc1, 0x97, 0xad, 0xef, 0x8e,
1452 0xe6, 0x51, 0xee, 0x5e, 0x9e, 0x88, 0xb4, 0x9d,
1453 0xda, 0x3e, 0x77, 0x4b, 0xe8, 0xae, 0x48, 0x53,
1454 0x2c, 0xc4, 0xd3, 0x25, 0x6b, 0x23, 0xb7, 0x54,
1455 0x3c, 0x95, 0x8f, 0xfb, 0x6f, 0x6d, 0xc5, 0x56,
1456 0x39, 0x69, 0x28, 0x0e, 0x74, 0x9b, 0x31, 0xe8,
1457 0x76, 0x77, 0x2b, 0xc1, 0x44, 0x89, 0x81, 0x93,
1458 0xfc, 0xf6, 0xec, 0x5f, 0x8f, 0x89, 0xfc, 0x1d,
1459 0xa4, 0x53, 0x58, 0x8c, 0xe9, 0xc0, 0xc0, 0x26,
1460 0xe6, 0xdf, 0x6d, 0x27, 0xb1, 0x8e, 0x3e, 0xb6,
1461 0x47, 0xe1, 0x02, 0x96, 0xc2, 0x5f, 0x7f, 0x3d,
1462 0xc5, 0x6c, 0x2f, 0xea, 0xaa, 0x5e, 0x39, 0xfc,
1463 0x77, 0xca, 0x00, 0x02, 0x5c, 0x64, 0x7c, 0xce,
1464 0x7d, 0x63, 0x82, 0x05, 0xed, 0xf7, 0x5b, 0x55,
1465 0x58, 0xc0, 0xeb, 0x76, 0xd7, 0x95, 0x55, 0x37,
1466 0x85, 0x7d, 0x17, 0xad, 0xd2, 0x11, 0xfd, 0x97,
1467 0x48, 0xb5, 0xc2, 0x5e, 0xc7, 0x62, 0xc0, 0xe0,
1468 0x68, 0xa8, 0x61, 0x14, 0x41, 0xca, 0x25, 0x3a,
1469 0xec, 0x48, 0x54, 0x22, 0x83, 0x2b, 0x69, 0x54,
1470 0xfd, 0xc8, 0x99, 0x9a, 0xee, 0x37, 0x03, 0xa3,
1471 0x8f, 0x0f, 0x32, 0xb0, 0xaa, 0x74, 0x39, 0x04,
1472 0x7c, 0xd9, 0xc2, 0x8f, 0xbe, 0xf2, 0xc4, 0xbe,
1473 0xdd, 0x7a, 0x7a, 0x7f, 0x72, 0xd3, 0x80, 0x59,
1474 0x18, 0xa0, 0xa1, 0x2d, 0x6f, 0xa3, 0xa9, 0x48,
1475 0xed, 0x20, 0xa6, 0xea, 0xaa, 0x10, 0x83, 0x98,
1476 0x0c, 0x13, 0x69, 0x6e, 0xcd, 0x31, 0x6b, 0xd0,
1477 0x66, 0xa6, 0x5e, 0x30, 0x0c, 0x82, 0xd5, 0x81};
1478
1479 static const RSAPublicKey bl_public_key = { NULL,
1480 { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1481 FIPS_RSA_MODULUS_LENGTH },
1482 { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1483 FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
1484 };
1485 static const RSAPrivateKey bl_private_key = { NULL,
1486 { FIPS_RSA_TYPE, (unsigned char *)rsa_version,
1487 FIPS_RSA_PRIVATE_VERSION_LENGTH },
1488 { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1489 FIPS_RSA_MODULUS_LENGTH },
1490 { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1491 FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
1492 { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
1493 FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
1494 { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
1495 FIPS_RSA_PRIME0_LENGTH },
1496 { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
1497 FIPS_RSA_PRIME1_LENGTH },
1498 { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
1499 FIPS_RSA_EXPONENT0_LENGTH },
1500 { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
1501 FIPS_RSA_EXPONENT1_LENGTH },
1502 { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
1503 FIPS_RSA_COEFFICIENT_LENGTH }
1504 };
1505
1506 /* RSA variables. */
1507 #ifdef CREATE_TEMP_ARENAS
1508 PLArenaPool * rsa_public_arena;
1509 PLArenaPool * rsa_private_arena;
1510 #endif
1511 NSSLOWKEYPublicKey * rsa_public_key;
1512 NSSLOWKEYPrivateKey * rsa_private_key;
1513 SECStatus rsa_status;
1514
1515 NSSLOWKEYPublicKey low_public_key = { NULL, NSSLOWKEYRSAKey, };
1516 NSSLOWKEYPrivateKey low_private_key = { NULL, NSSLOWKEYRSAKey, };
1517 PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
1518 PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
1519
1520 /****************************************/
1521 /* Compose RSA Public/Private Key Pair. */
1522 /****************************************/
1523
1524 low_public_key.u.rsa = bl_public_key;
1525 low_private_key.u.rsa = bl_private_key;
1526
1527 rsa_public_key = &low_public_key;
1528 rsa_private_key = &low_private_key;
1529
1530 #ifdef CREATE_TEMP_ARENAS
1531 /* Create some space for the RSA public key. */
1532 rsa_public_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
1533
1534 if( rsa_public_arena == NULL ) {
1535 PORT_SetError( SEC_ERROR_NO_MEMORY );
1536 return( CKR_HOST_MEMORY );
1537 }
1538
1539 /* Create some space for the RSA private key. */
1540 rsa_private_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
1541
1542 if( rsa_private_arena == NULL ) {
1543 PORT_FreeArena( rsa_public_arena, PR_TRUE );
1544 PORT_SetError( SEC_ERROR_NO_MEMORY );
1545 return( CKR_HOST_MEMORY );
1546 }
1547
1548 rsa_public_key->arena = rsa_public_arena;
1549 rsa_private_key->arena = rsa_private_arena;
1550 #endif
1551
1552 /**************************************************/
1553 /* RSA Single-Round Known Answer Encryption Test. */
1554 /**************************************************/
1555
1556 /* Perform RSA Public Key Encryption. */
1557 rsa_status = RSA_PublicKeyOp(&rsa_public_key->u.rsa,
1558 rsa_computed_ciphertext,
1559 rsa_known_plaintext_msg);
1560
1561 if( ( rsa_status != SECSuccess ) ||
1562 ( PORT_Memcmp( rsa_computed_ciphertext, rsa_known_ciphertext,
1563 FIPS_RSA_ENCRYPT_LENGTH ) != 0 ) )
1564 goto rsa_loser;
1565
1566 /**************************************************/
1567 /* RSA Single-Round Known Answer Decryption Test. */
1568 /**************************************************/
1569
1570 /* Perform RSA Private Key Decryption. */
1571 rsa_status = RSA_PrivateKeyOp(&rsa_private_key->u.rsa,
1572 rsa_computed_plaintext,
1573 rsa_known_ciphertext);
1574
1575 if( ( rsa_status != SECSuccess ) ||
1576 ( PORT_Memcmp( rsa_computed_plaintext, rsa_known_plaintext_msg,
1577 FIPS_RSA_DECRYPT_LENGTH ) != 0 ) )
1578 goto rsa_loser;
1579
1580 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA256,
1581 rsa_public_key, rsa_private_key,
1582 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1583 rsa_known_sha256_signature);
1584 if( rsa_status != SECSuccess )
1585 goto rsa_loser;
1586
1587 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA384,
1588 rsa_public_key, rsa_private_key,
1589 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1590 rsa_known_sha384_signature);
1591 if( rsa_status != SECSuccess )
1592 goto rsa_loser;
1593
1594 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA512,
1595 rsa_public_key, rsa_private_key,
1596 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1597 rsa_known_sha512_signature);
1598 if( rsa_status != SECSuccess )
1599 goto rsa_loser;
1600
1601 /* Dispose of all RSA key material. */
1602 nsslowkey_DestroyPublicKey( rsa_public_key );
1603 nsslowkey_DestroyPrivateKey( rsa_private_key );
1604
1605 return( CKR_OK );
1606
1607 rsa_loser:
1608
1609 nsslowkey_DestroyPublicKey( rsa_public_key );
1610 nsslowkey_DestroyPrivateKey( rsa_private_key );
1611
1612 return( CKR_DEVICE_ERROR );
1613 }
1614
1615 #ifndef NSS_DISABLE_ECC
1616
1617 static CK_RV
1618 sftk_fips_ECDSA_Test(const PRUint8 *encodedParams,
1619 unsigned int encodedParamsLen,
1620 const PRUint8 *knownSignature,
1621 unsigned int knownSignatureLen) {
1622
1623 /* ECDSA Known Seed info for curves nistp256 and nistk283 */
1624 static const PRUint8 ecdsa_Known_Seed[] = {
1625 0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
1626 0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
1627 0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
1628 0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f};
1629
1630 static const PRUint8 msg[] = {
1631 "Firefox and ThunderBird are awesome!"};
1632
1633 unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */
1634 unsigned char sig[2*MAX_ECKEY_LEN];
1635 SECItem signature, digest;
1636 SECItem encodedparams;
1637 ECParams *ecparams = NULL;
1638 ECPrivateKey *ecdsa_private_key = NULL;
1639 ECPublicKey ecdsa_public_key;
1640 SECStatus ecdsaStatus = SECSuccess;
1641
1642 /* construct the ECDSA private/public key pair */
1643 encodedparams.type = siBuffer;
1644 encodedparams.data = (unsigned char *) encodedParams;
1645 encodedparams.len = encodedParamsLen;
1646
1647 if (EC_DecodeParams(&encodedparams, &ecparams) != SECSuccess) {
1648 return( CKR_DEVICE_ERROR );
1649 }
1650
1651 /* Generates a new EC key pair. The private key is a supplied
1652 * random value (in seed) and the public key is the result of
1653 * performing a scalar point multiplication of that value with
1654 * the curve's base point.
1655 */
1656 ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key,
1657 ecdsa_Known_Seed,
1658 sizeof(ecdsa_Known_Seed));
1659 /* free the ecparams they are no longer needed */
1660 PORT_FreeArena(ecparams->arena, PR_FALSE);
1661 ecparams = NULL;
1662 if (ecdsaStatus != SECSuccess) {
1663 return ( CKR_DEVICE_ERROR );
1664 }
1665
1666 /* construct public key from private key. */
1667 ecdsaStatus = EC_CopyParams(ecdsa_private_key->ecParams.arena,
1668 &ecdsa_public_key.ecParams,
1669 &ecdsa_private_key->ecParams);
1670 if (ecdsaStatus != SECSuccess) {
1671 goto loser;
1672 }
1673 ecdsa_public_key.publicValue = ecdsa_private_key->publicValue;
1674
1675 /* validate public key value */
1676 ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams,
1677 &ecdsa_public_key.publicValue);
1678 if (ecdsaStatus != SECSuccess) {
1679 goto loser;
1680 }
1681
1682 /* validate public key value */
1683 ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams,
1684 &ecdsa_private_key->publicValue);
1685 if (ecdsaStatus != SECSuccess) {
1686 goto loser;
1687 }
1688
1689 /***************************************************/
1690 /* ECDSA Single-Round Known Answer Signature Test. */
1691 /***************************************************/
1692
1693 ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg);
1694 if (ecdsaStatus != SECSuccess) {
1695 goto loser;
1696 }
1697 digest.type = siBuffer;
1698 digest.data = sha1;
1699 digest.len = SHA1_LENGTH;
1700
1701 memset(sig, 0, sizeof sig);
1702 signature.type = siBuffer;
1703 signature.data = sig;
1704 signature.len = sizeof sig;
1705
1706 ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature,
1707 &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed);
1708 if (ecdsaStatus != SECSuccess) {
1709 goto loser;
1710 }
1711
1712 if( ( signature.len != knownSignatureLen ) ||
1713 ( PORT_Memcmp( signature.data, knownSignature,
1714 knownSignatureLen ) != 0 ) ) {
1715 ecdsaStatus = SECFailure;
1716 goto loser;
1717 }
1718
1719 /******************************************************/
1720 /* ECDSA Single-Round Known Answer Verification Test. */
1721 /******************************************************/
1722
1723 /* Perform ECDSA verification process. */
1724 ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest);
1725
1726 loser:
1727 /* free the memory for the private key arena*/
1728 if (ecdsa_private_key != NULL) {
1729 PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE);
1730 }
1731
1732 if (ecdsaStatus != SECSuccess) {
1733 return CKR_DEVICE_ERROR ;
1734 }
1735 return( CKR_OK );
1736 }
1737
1738 static CK_RV
1739 sftk_fips_ECDSA_PowerUpSelfTest() {
1740
1741 /* ECDSA Known curve nistp256 == SEC_OID_SECG_EC_SECP256R1 params */
1742 static const PRUint8 ecdsa_known_P256_EncodedParams[] = {
1743 0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,
1744 0x01,0x07};
1745
1746 static const PRUint8 ecdsa_known_P256_signature[] = {
1747 0x07,0xb1,0xcb,0x57,0x20,0xa7,0x10,0xd6,
1748 0x9d,0x37,0x4b,0x1c,0xdc,0x35,0x90,0xff,
1749 0x1a,0x2d,0x98,0x95,0x1b,0x2f,0xeb,0x7f,
1750 0xbb,0x81,0xca,0xc0,0x69,0x75,0xea,0xc5,
1751 0x59,0x6a,0x62,0x49,0x3d,0x50,0xc9,0xe1,
1752 0x27,0x3b,0xff,0x9b,0x13,0x66,0x67,0xdd,
1753 0x7d,0xd1,0x0d,0x2d,0x7c,0x44,0x04,0x1b,
1754 0x16,0x21,0x12,0xc5,0xcb,0xbd,0x9e,0x75};
1755
1756 #ifdef NSS_ECC_MORE_THAN_SUITE_B
1757 /* ECDSA Known curve nistk283 == SEC_OID_SECG_EC_SECT283K1 params */
1758 static const PRUint8 ecdsa_known_K283_EncodedParams[] = {
1759 0x06,0x05,0x2b,0x81,0x04,0x00,0x10};
1760
1761 static const PRUint8 ecdsa_known_K283_signature[] = {
1762 0x00,0x45,0x88,0xc0,0x79,0x09,0x07,0xd1,
1763 0x4e,0x88,0xe6,0xd5,0x2f,0x22,0x04,0x74,
1764 0x35,0x24,0x65,0xe8,0x15,0xde,0x90,0x66,
1765 0x94,0x70,0xdd,0x3a,0x14,0x70,0x02,0xd1,
1766 0xef,0x86,0xbd,0x15,0x00,0xd9,0xdc,0xfc,
1767 0x87,0x2e,0x7c,0x99,0xe2,0xe3,0x79,0xb8,
1768 0xd9,0x10,0x49,0x78,0x4b,0x59,0x8b,0x05,
1769 0x77,0xec,0x6c,0xe8,0x35,0xe6,0x2e,0xa9,
1770 0xf9,0x77,0x1f,0x71,0x86,0xa5,0x4a,0xd0};
1771 #endif
1772
1773 CK_RV crv;
1774
1775 /* ECDSA GF(p) prime field curve test */
1776 crv = sftk_fips_ECDSA_Test(ecdsa_known_P256_EncodedParams,
1777 sizeof ecdsa_known_P256_EncodedParams,
1778 ecdsa_known_P256_signature,
1779 sizeof ecdsa_known_P256_signature );
1780 if (crv != CKR_OK) {
1781 return( CKR_DEVICE_ERROR );
1782 }
1783
1784 #ifdef NSS_ECC_MORE_THAN_SUITE_B
1785 /* ECDSA GF(2m) binary field curve test */
1786 crv = sftk_fips_ECDSA_Test(ecdsa_known_K283_EncodedParams,
1787 sizeof ecdsa_known_K283_EncodedParams,
1788 ecdsa_known_K283_signature,
1789 sizeof ecdsa_known_K283_signature );
1790 if (crv != CKR_OK) {
1791 return( CKR_DEVICE_ERROR );
1792 }
1793 #endif
1794
1795 return( CKR_OK );
1796 }
1797
1798 #endif /* NSS_DISABLE_ECC */
1799
1800 static CK_RV
1801 sftk_fips_DSA_PowerUpSelfTest( void )
1802 {
1803 /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */
1804 static const PRUint8 dsa_P[] = {
1805 0x80,0xb0,0xd1,0x9d,0x6e,0xa4,0xf3,0x28,
1806 0x9f,0x24,0xa9,0x8a,0x49,0xd0,0x0c,0x63,
1807 0xe8,0x59,0x04,0xf9,0x89,0x4a,0x5e,0xc0,
1808 0x6d,0xd2,0x67,0x6b,0x37,0x81,0x83,0x0c,
1809 0xfe,0x3a,0x8a,0xfd,0xa0,0x3b,0x08,0x91,
1810 0x1c,0xcb,0xb5,0x63,0xb0,0x1c,0x70,0xd0,
1811 0xae,0xe1,0x60,0x2e,0x12,0xeb,0x54,0xc7,
1812 0xcf,0xc6,0xcc,0xae,0x97,0x52,0x32,0x63,
1813 0xd3,0xeb,0x55,0xea,0x2f,0x4c,0xd5,0xd7,
1814 0x3f,0xda,0xec,0x49,0x27,0x0b,0x14,0x56,
1815 0xc5,0x09,0xbe,0x4d,0x09,0x15,0x75,0x2b,
1816 0xa3,0x42,0x0d,0x03,0x71,0xdf,0x0f,0xf4,
1817 0x0e,0xe9,0x0c,0x46,0x93,0x3d,0x3f,0xa6,
1818 0x6c,0xdb,0xca,0xe5,0xac,0x96,0xc8,0x64,
1819 0x5c,0xec,0x4b,0x35,0x65,0xfc,0xfb,0x5a,
1820 0x1b,0x04,0x1b,0xa1,0x0e,0xfd,0x88,0x15};
1821
1822 static const PRUint8 dsa_Q[] = {
1823 0xad,0x22,0x59,0xdf,0xe5,0xec,0x4c,0x6e,
1824 0xf9,0x43,0xf0,0x4b,0x2d,0x50,0x51,0xc6,
1825 0x91,0x99,0x8b,0xcf};
1826
1827 static const PRUint8 dsa_G[] = {
1828 0x78,0x6e,0xa9,0xd8,0xcd,0x4a,0x85,0xa4,
1829 0x45,0xb6,0x6e,0x5d,0x21,0x50,0x61,0xf6,
1830 0x5f,0xdf,0x5c,0x7a,0xde,0x0d,0x19,0xd3,
1831 0xc1,0x3b,0x14,0xcc,0x8e,0xed,0xdb,0x17,
1832 0xb6,0xca,0xba,0x86,0xa9,0xea,0x51,0x2d,
1833 0xc1,0xa9,0x16,0xda,0xf8,0x7b,0x59,0x8a,
1834 0xdf,0xcb,0xa4,0x67,0x00,0x44,0xea,0x24,
1835 0x73,0xe5,0xcb,0x4b,0xaf,0x2a,0x31,0x25,
1836 0x22,0x28,0x3f,0x16,0x10,0x82,0xf7,0xeb,
1837 0x94,0x0d,0xdd,0x09,0x22,0x14,0x08,0x79,
1838 0xba,0x11,0x0b,0xf1,0xff,0x2d,0x67,0xac,
1839 0xeb,0xb6,0x55,0x51,0x69,0x97,0xa7,0x25,
1840 0x6b,0x9c,0xa0,0x9b,0xd5,0x08,0x9b,0x27,
1841 0x42,0x1c,0x7a,0x69,0x57,0xe6,0x2e,0xed,
1842 0xa9,0x5b,0x25,0xe8,0x1f,0xd2,0xed,0x1f,
1843 0xdf,0xe7,0x80,0x17,0xba,0x0d,0x4d,0x38};
1844
1845 /* DSA Known Random Values (known random key block is 160-bits) */
1846 /* and (known random signature block is 160-bits). */
1847 static const PRUint8 dsa_known_random_key_block[] = {
1848 "Mozilla Rules World!"};
1849 static const PRUint8 dsa_known_random_signature_block[] = {
1850 "Random DSA Signature"};
1851
1852 /* DSA Known Digest (160-bits) */
1853 static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" };
1854
1855 /* DSA Known Signature (320-bits). */
1856 static const PRUint8 dsa_known_signature[] = {
1857 0x25,0x7c,0x3a,0x79,0x32,0x45,0xb7,0x32,
1858 0x70,0xca,0x62,0x63,0x2b,0xf6,0x29,0x2c,
1859 0x22,0x2a,0x03,0xce,0x48,0x15,0x11,0x72,
1860 0x7b,0x7e,0xf5,0x7a,0xf3,0x10,0x3b,0xde,
1861 0x34,0xc1,0x9e,0xd7,0x27,0x9e,0x77,0x38};
1862
1863 /* DSA variables. */
1864 DSAPrivateKey * dsa_private_key;
1865 SECStatus dsa_status;
1866 SECItem dsa_signature_item;
1867 SECItem dsa_digest_item;
1868 DSAPublicKey dsa_public_key;
1869 PRUint8 dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
1870 static const PQGParams dsa_pqg = { NULL,
1871 { FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PRIME_LENGTH },
1872 { FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SUBPRIME_LENGTH },
1873 { FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BASE_LENGTH }};
1874
1875 /*******************************************/
1876 /* Generate a DSA public/private key pair. */
1877 /*******************************************/
1878
1879 /* Generate a DSA public/private key pair. */
1880 dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block,
1881 &dsa_private_key);
1882
1883 if( dsa_status != SECSuccess )
1884 return( CKR_HOST_MEMORY );
1885
1886 /* construct public key from private key. */
1887 dsa_public_key.params = dsa_private_key->params;
1888 dsa_public_key.publicValue = dsa_private_key->publicValue;
1889
1890 /*************************************************/
1891 /* DSA Single-Round Known Answer Signature Test. */
1892 /*************************************************/
1893
1894 dsa_signature_item.data = dsa_computed_signature;
1895 dsa_signature_item.len = sizeof dsa_computed_signature;
1896
1897 dsa_digest_item.data = (unsigned char *)dsa_known_digest;
1898 dsa_digest_item.len = SHA1_LENGTH;
1899
1900 /* Perform DSA signature process. */
1901 dsa_status = DSA_SignDigestWithSeed( dsa_private_key,
1902 &dsa_signature_item,
1903 &dsa_digest_item,
1904 dsa_known_random_signature_block );
1905
1906 if( ( dsa_status != SECSuccess ) ||
1907 ( dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH ) ||
1908 ( PORT_Memcmp( dsa_computed_signature, dsa_known_signature,
1909 FIPS_DSA_SIGNATURE_LENGTH ) != 0 ) ) {
1910 dsa_status = SECFailure;
1911 } else {
1912
1913 /****************************************************/
1914 /* DSA Single-Round Known Answer Verification Test. */
1915 /****************************************************/
1916
1917 /* Perform DSA verification process. */
1918 dsa_status = DSA_VerifyDigest( &dsa_public_key,
1919 &dsa_signature_item,
1920 &dsa_digest_item);
1921 }
1922
1923 PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE);
1924 /* Don't free public key, it uses same arena as private key */
1925
1926 /* Verify DSA signature. */
1927 if( dsa_status != SECSuccess )
1928 return( CKR_DEVICE_ERROR );
1929
1930 return( CKR_OK );
1931
1932
1933 }
1934
1935 static CK_RV
1936 sftk_fips_RNG_PowerUpSelfTest( void )
1937 {
1938 static const PRUint8 Q[] = {
1939 0x85,0x89,0x9c,0x77,0xa3,0x79,0xff,0x1a,
1940 0x86,0x6f,0x2f,0x3e,0x2e,0xf9,0x8c,0x9c,
1941 0x9d,0xef,0xeb,0xed};
1942 static const PRUint8 GENX[] = {
1943 0x65,0x48,0xe3,0xca,0xac,0x64,0x2d,0xf7,
1944 0x7b,0xd3,0x4e,0x79,0xc9,0x7d,0xa6,0xa8,
1945 0xa2,0xc2,0x1f,0x8f,0xe9,0xb9,0xd3,0xa1,
1946 0x3f,0xf7,0x0c,0xcd,0xa6,0xca,0xbf,0xce,
1947 0x84,0x0e,0xb6,0xf1,0x0d,0xbe,0xa9,0xa3};
1948 static const PRUint8 rng_known_DSAX[] = {
1949 0x7a,0x86,0xf1,0x7f,0xbd,0x4e,0x6e,0xd9,
1950 0x0a,0x26,0x21,0xd0,0x19,0xcb,0x86,0x73,
1951 0x10,0x1f,0x60,0xd7};
1952
1953
1954
1955 SECStatus rng_status = SECSuccess;
1956 PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH];
1957
1958 /*******************************************/
1959 /* Run the SP 800-90 Health tests */
1960 /*******************************************/
1961 rng_status = PRNGTEST_RunHealthTests();
1962 if (rng_status != SECSuccess) {
1963 return (CKR_DEVICE_ERROR);
1964 }
1965
1966 /*******************************************/
1967 /* Generate DSAX fow given Q. */
1968 /*******************************************/
1969
1970 rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
1971
1972 /* Verify DSAX to perform the RNG integrity check */
1973 if( ( rng_status != SECSuccess ) ||
1974 ( PORT_Memcmp( DSAX, rng_known_DSAX,
1975 (FIPS_DSA_SUBPRIME_LENGTH) ) != 0 ) )
1976 return( CKR_DEVICE_ERROR );
1977
1978 return( CKR_OK );
1979 }
1980
1981 static CK_RV
1982 sftk_fipsSoftwareIntegrityTest(void)
1983 {
1984 CK_RV crv = CKR_OK;
1985
1986 /* make sure that our check file signatures are OK */
1987 if( !BLAPI_VerifySelf( NULL ) ||
1988 !BLAPI_SHVerify( SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_fips_HMAC ) ) {
1989 crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
1990 }
1991 return crv;
1992 }
1993
1994 CK_RV
1995 sftk_fipsPowerUpSelfTest( void )
1996 {
1997 CK_RV rv;
1998
1999 /* RC2 Power-Up SelfTest(s). */
2000 rv = sftk_fips_RC2_PowerUpSelfTest();
2001
2002 if( rv != CKR_OK )
2003 return rv;
2004
2005 /* RC4 Power-Up SelfTest(s). */
2006 rv = sftk_fips_RC4_PowerUpSelfTest();
2007
2008 if( rv != CKR_OK )
2009 return rv;
2010
2011 /* DES Power-Up SelfTest(s). */
2012 rv = sftk_fips_DES_PowerUpSelfTest();
2013
2014 if( rv != CKR_OK )
2015 return rv;
2016
2017 /* DES3 Power-Up SelfTest(s). */
2018 rv = sftk_fips_DES3_PowerUpSelfTest();
2019
2020 if( rv != CKR_OK )
2021 return rv;
2022
2023 /* AES Power-Up SelfTest(s) for 128-bit key. */
2024 rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);
2025
2026 if( rv != CKR_OK )
2027 return rv;
2028
2029 /* AES Power-Up SelfTest(s) for 192-bit key. */
2030 rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);
2031
2032 if( rv != CKR_OK )
2033 return rv;
2034
2035 /* AES Power-Up SelfTest(s) for 256-bit key. */
2036 rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);
2037
2038 if( rv != CKR_OK )
2039 return rv;
2040
2041 /* MD2 Power-Up SelfTest(s). */
2042 rv = sftk_fips_MD2_PowerUpSelfTest();
2043
2044 if( rv != CKR_OK )
2045 return rv;
2046
2047 /* MD5 Power-Up SelfTest(s). */
2048 rv = sftk_fips_MD5_PowerUpSelfTest();
2049
2050 if( rv != CKR_OK )
2051 return rv;
2052
2053 /* SHA-X Power-Up SelfTest(s). */
2054 rv = sftk_fips_SHA_PowerUpSelfTest();
2055
2056 if( rv != CKR_OK )
2057 return rv;
2058
2059 /* HMAC SHA-X Power-Up SelfTest(s). */
2060 rv = sftk_fips_HMAC_PowerUpSelfTest();
2061
2062 if( rv != CKR_OK )
2063 return rv;
2064
2065 /* RSA Power-Up SelfTest(s). */
2066 rv = sftk_fips_RSA_PowerUpSelfTest();
2067
2068 if( rv != CKR_OK )
2069 return rv;
2070
2071 /* DSA Power-Up SelfTest(s). */
2072 rv = sftk_fips_DSA_PowerUpSelfTest();
2073
2074 if( rv != CKR_OK )
2075 return rv;
2076
2077 /* RNG Power-Up SelfTest(s). */
2078 rv = sftk_fips_RNG_PowerUpSelfTest();
2079
2080 if( rv != CKR_OK )
2081 return rv;
2082
2083 #ifndef NSS_DISABLE_ECC
2084 /* ECDSA Power-Up SelfTest(s). */
2085 rv = sftk_fips_ECDSA_PowerUpSelfTest();
2086
2087 if( rv != CKR_OK )
2088 return rv;
2089 #endif
2090
2091 /* Software/Firmware Integrity Test. */
2092 rv = sftk_fipsSoftwareIntegrityTest();
2093
2094 if( rv != CKR_OK )
2095 return rv;
2096
2097 /* Passed Power-Up SelfTest(s). */
2098 return( CKR_OK );
2099 }
2100
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)