File nss-CC-ECDH_selftest.patch of Package mozilla-nss.972

# HG changeset patch
# Parent  43cbacade3d638f08a97882d76420867bd3f2194
ECDH selftest for FIPS mode

bsc#921783

diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c
--- a/lib/softoken/fipstest.c
+++ b/lib/softoken/fipstest.c
@@ -1758,17 +1758,171 @@ init_loser:
     if (ecdsaStatus != SECSuccess) {
         return CKR_DEVICE_ERROR ;
     }
 
     return( CKR_OK );
 }
 
 static CK_RV
-sftk_fips_ECDSA_PowerUpSelfTest() {
+sftk_fips_ECDH_Test(const PRUint8 *encodedParams, 
+                    unsigned int encodedParamsLen)
+{
+
+    static const PRUint8 ecdh_privKey1_data[] = {
+                            0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
+                            0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
+                            0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
+                            0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f};
+
+    static const PRUint8 ecdh_pubKey1_data[] = {
+			    0x04, 0x07, 0xb1, 0xcb, 0x57, 0x20, 0xa7, 0x10,
+			    0xd6, 0x9d, 0x37, 0x4b, 0x1c, 0xdc, 0x35, 0x90,
+			    0xff, 0x1a, 0x2d, 0x98, 0x95, 0x1b, 0x2f, 0xeb,
+			    0x7f, 0xbb, 0x81, 0xca, 0xc0, 0x69, 0x75, 0xea,
+			    0xc5, 0xb8, 0x03, 0xe6, 0x89, 0xe5, 0x06, 0x55,
+			    0x22, 0x21, 0x0e, 0xcd, 0x1a, 0xf8, 0xc0, 0xd4,
+			    0xa7, 0x8f, 0x47, 0x81, 0x1e, 0x4a, 0x81, 0xb5,
+			    0x41, 0x3d, 0xa1, 0xf0, 0x4b, 0x65, 0xb4, 0x26,
+			    0xe9};
+    
+    static const PRUint8 ecdh_privKey2_data[] = {
+			    0xba, 0x27, 0x1b, 0x9e, 0x67, 0xaa, 0x52, 0xf8,
+			    0xdf, 0x79, 0xc6, 0xd9, 0x36, 0x4d, 0x4b, 0xc3,
+			    0x29, 0x2b, 0x42, 0xc9, 0xea, 0x43, 0xca, 0x5b,
+			    0x62, 0xb0, 0x13, 0x6d, 0x16, 0x16, 0x29, 0x52};
+
+    static const PRUint8 ecdh_pubKey2_data[] = {
+			    0x04, 0x24, 0xc3, 0x93, 0x43, 0x6b, 0xc2, 0xbd,
+			    0xb9, 0xb0, 0xab, 0xae, 0x6e, 0x10, 0xa3, 0x3c,
+			    0xdd, 0x5b, 0x5a, 0xab, 0x0b, 0x98, 0x1c, 0xe7,
+			    0x51, 0xf9, 0x93, 0xfa, 0xcc, 0xed, 0xc4, 0x21,
+			    0x19, 0xc9, 0x54, 0x68, 0xf2, 0x0a, 0xe7, 0xb2,
+			    0x69, 0xb1, 0xf9, 0xe8, 0x09, 0x57, 0x49, 0x09,
+			    0x65, 0x7d, 0x5a, 0x0c, 0xa5, 0x2d, 0xe1, 0x0a,
+			    0x39, 0xb3, 0x1c, 0x0c, 0x74, 0xcf, 0x31, 0x68,
+			    0x96};
+    
+    static const PRUint8 sharedSecret_data[] = {
+			    0x26, 0xd0, 0x25, 0xf6, 0xa8, 0x10, 0x31, 0x7c,
+			    0x97, 0x88, 0x3e, 0x96, 0x52, 0x72, 0xea, 0xe2,
+			    0xa0, 0xb2, 0xa3, 0x66, 0x80, 0x89, 0xae, 0x20,
+			    0x92, 0x49, 0x4d, 0xa8, 0x26, 0x17, 0xc3, 0x2c};
+
+    SECItem encodedparams;
+    ECParams *ecparams = NULL;
+    ECPrivateKey *ecdh_privKey1 = NULL;
+    ECPrivateKey *ecdh_privKey2 = NULL;
+    SECItem sharedSecret1, sharedSecret2;
+    SECStatus ecdhStatus = SECFailure;
+
+    ecdhStatus = SECOID_Init();
+    if (ecdhStatus != SECSuccess) {
+	goto init_loser;
+    }
+
+    PORT_Memset(&sharedSecret1, 0, sizeof(sharedSecret1));
+    PORT_Memset(&sharedSecret2, 0, sizeof(sharedSecret2));
+    
+    /* construct the ECDSA private/public key pair */
+    encodedparams.type = siBuffer;
+    encodedparams.data = (unsigned char *) encodedParams;
+    encodedparams.len = encodedParamsLen;
+
+    ecdhStatus = EC_DecodeParams(&encodedparams, &ecparams);
+    if (ecdhStatus != SECSuccess) {
+	goto loser;
+    }
+
+    /* Generate two key pairs from known private data and compare
+     * resulting public key with expected values. */
+    ecdhStatus = EC_NewKeyFromSeed(ecparams, &ecdh_privKey1,
+	    ecdh_privKey1_data, sizeof(ecdh_privKey1_data));
+
+    if (ecdhStatus != SECSuccess)
+	goto loser;
+
+    ecdhStatus = EC_NewKeyFromSeed(ecparams, &ecdh_privKey2,
+	    ecdh_privKey2_data, sizeof(ecdh_privKey2_data));
+
+    if (ecdhStatus != SECSuccess)
+	goto loser;
+
+    if ((sizeof(ecdh_privKey1_data) != ecdh_privKey1->privateValue.len) ||
+	(sizeof(ecdh_privKey2_data) != ecdh_privKey2->privateValue.len) ||
+	(sizeof(ecdh_pubKey1_data) != ecdh_privKey1->publicValue.len) ||
+	(sizeof(ecdh_pubKey2_data) != ecdh_privKey2->publicValue.len) ||
+	PORT_Memcmp(ecdh_privKey1_data, ecdh_privKey1->privateValue.data,
+	    ecdh_privKey1->privateValue.len) ||
+	PORT_Memcmp(ecdh_privKey2_data, ecdh_privKey2->privateValue.data,
+	    ecdh_privKey2->privateValue.len) ||
+	PORT_Memcmp(ecdh_pubKey1_data, ecdh_privKey1->publicValue.data,
+	    ecdh_privKey1->publicValue.len) ||
+	PORT_Memcmp(ecdh_pubKey2_data, ecdh_privKey2->publicValue.data,
+	    ecdh_privKey2->publicValue.len)) {
+	ecdhStatus = SECFailure;
+	goto loser;
+    }
+
+    /* Generate shared secret for both combinations and compare with expected
+     * value. */
+
+    ecdhStatus = ECDH_Derive(
+	    &(ecdh_privKey2->publicValue),
+	    ecparams,
+	    &(ecdh_privKey1->privateValue),
+	    PR_FALSE,
+	    &sharedSecret1);
+    if (ecdhStatus != SECSuccess)
+	goto loser;
+
+    ecdhStatus = ECDH_Derive(
+	    &(ecdh_privKey1->publicValue),
+	    ecparams,
+	    &(ecdh_privKey2->privateValue),
+	    PR_FALSE,
+	    &sharedSecret2);
+    if (ecdhStatus != SECSuccess)
+	goto loser;
+
+    if ((sizeof(sharedSecret_data) != sharedSecret1.len) ||
+	(sizeof(sharedSecret_data) != sharedSecret2.len) ||
+	PORT_Memcmp(sharedSecret1.data, sharedSecret_data,
+	    sizeof(sharedSecret_data)) ||
+	PORT_Memcmp(sharedSecret2.data, sharedSecret_data,
+	    sizeof(sharedSecret_data))) {
+	ecdhStatus = SECFailure;
+	goto loser;
+    }
+
+loser:
+    if (ecparams->arena)
+	PORT_FreeArena(ecparams->arena, PR_FALSE);
+    if (ecdh_privKey1)
+	PORT_FreeArena(ecdh_privKey1->ecParams.arena, PR_TRUE);
+    if (ecdh_privKey2)
+	PORT_FreeArena(ecdh_privKey2->ecParams.arena, PR_TRUE);
+    if (sharedSecret1.data)
+	PORT_ZFree(sharedSecret1.data, sharedSecret1.len);
+    if (sharedSecret2.data)
+	PORT_ZFree(sharedSecret2.data, sharedSecret2.len);
+
+    ecdhStatus = SECOID_Shutdown();
+
+init_loser:
+
+    if( ecdhStatus != SECSuccess )
+	return( CKR_DEVICE_ERROR );
+
+    return( CKR_OK );
+
+}
+
+static CK_RV
+sftk_fips_EC_PowerUpSelfTest() {
 
    /* ECDSA Known curve nistp256 == SEC_OID_SECG_EC_SECP256R1 params */
     static const PRUint8 ecdsa_known_P256_EncodedParams[] = {
                             0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,
                             0x01,0x07};
 
     static const PRUint8 ecdsa_known_P256_signature[] = {
                             0x07,0xb1,0xcb,0x57,0x20,0xa7,0x10,0xd6, 
@@ -1814,16 +1968,23 @@ sftk_fips_ECDSA_PowerUpSelfTest() {
                                sizeof ecdsa_known_K283_EncodedParams,
                                ecdsa_known_K283_signature,
                                sizeof ecdsa_known_K283_signature );
     if (crv != CKR_OK) {
         return( CKR_DEVICE_ERROR );
     }
 #endif
 
+    /* ECDSA GF(p) prime field curve test */
+    crv = sftk_fips_ECDH_Test(ecdsa_known_P256_EncodedParams,
+                              sizeof ecdsa_known_P256_EncodedParams);
+    if (crv != CKR_OK) {
+        return( CKR_DEVICE_ERROR );
+    }
+
     return( CKR_OK );
 }
 
 #endif /* NSS_DISABLE_ECC */
 
 static CK_RV
 sftk_fips_DSA_PowerUpSelfTest( void )
 {
@@ -2268,17 +2429,17 @@ FIPS_cryptoSelftestSoftoken( void )
     /* RNG Power-Up SelfTest(s). */
     rv = sftk_fips_RNG_PowerUpSelfTest();
 
     if( rv != CKR_OK )
         return rv;
     
 #ifndef NSS_DISABLE_ECC
     /* ECDSA Power-Up SelfTest(s). */
-    rv = sftk_fips_ECDSA_PowerUpSelfTest();
+    rv = sftk_fips_EC_PowerUpSelfTest();
 
     if( rv != CKR_OK )
         return rv;
 #endif
 
     /* DH Power-Up SelfTest(s). */
     rv = sftk_fips_DH_PowerUpSelfTest();