File nss-CAVS-fixes.patch of Package mozilla-nss.754
# HG changeset patch
# Parent 2706b90296a4137a738f19ea81f378fc2dcce465
extend CAVS test to provide what it takes for certification
diff --git a/cmd/fipstest/dsa.sh b/cmd/fipstest/dsa.sh
--- a/cmd/fipstest/dsa.sh
+++ b/cmd/fipstest/dsa.sh
@@ -17,17 +17,17 @@ response=`echo $request | sed -e "s/req/
echo $request $response
fipstest dsa keypair $request > $response
request=PQGGen.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest dsa pqggen $request > $response
-request=PQGVer.req
+request=PQGVer1863.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest dsa pqgver $request > $response
request=SigGen.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest dsa siggen $request > $response
diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c
--- a/cmd/fipstest/fipstest.c
+++ b/cmd/fipstest/fipstest.c
@@ -1,28 +1,31 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
+#include <dlfcn.h>
#include "secitem.h"
#include "blapi.h"
#include "nssutil.h"
#include "secerr.h"
#include "secder.h"
#include "secdig.h"
#include "secoid.h"
#include "ec.h"
#include "hasht.h"
#include "lowkeyi.h"
#include "softoken.h"
+#include "../../lib/freebl/fips.h"
+
#if 0
#include "../../lib/freebl/mpi/mpi.h"
#endif
#ifndef NSS_DISABLE_ECC
extern SECStatus
EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams);
extern SECStatus
@@ -34,16 +37,26 @@ EC_CopyParams(PLArenaPool *arena, ECPara
#define DECRYPT 0
#define BYTE unsigned char
#define DEFAULT_RSA_PUBLIC_EXPONENT 0x10001
#define RSA_MAX_TEST_MODULUS_BITS 4096
#define RSA_MAX_TEST_MODULUS_BYTES RSA_MAX_TEST_MODULUS_BITS/8
#define RSA_MAX_TEST_EXPONENT_BYTES 8
#define PQG_TEST_SEED_BYTES 20
+/* Function pointers for dynamically loaded functions */
+void *(*FREEBL_GetGlobalVar_p) (int which, void *data);
+SECStatus (*FREEBL_Test_PQG_ParamGenV3_p) (unsigned int L, unsigned int N, unsigned int seedBytes,
+ PQGParams **pParams, PQGVerify **pVfy,
+ int shanum, int *pgen_counter, int *qgen_counter,
+ SECItem *firstseed, SECItem *pseed, SECItem *qseed);
+SECStatus (*FREEBL_Test_PQG_GenerateG_p) (unsigned int L, unsigned int N, unsigned int seedBytes,
+ PQGParams **pParams, PQGVerify **pVfy,
+ int shanum, const SECItem *P, const SECItem *Q);
+
SECStatus
hex_to_byteval(const char *c2, unsigned char *byteval)
{
int i;
unsigned char offset;
*byteval = 0;
for (i=0; i<2; i++) {
if (c2[i] >= '0' && c2[i] <= '9') {
@@ -93,16 +106,34 @@ to_hex_str_cap(char *str, const unsigned
{
unsigned int i;
for (i=0; i<len; i++) {
byteval_to_hex(buf[i], &str[2*i], 'A');
}
str[2*len] = '\0';
}
+void
+to_hex_str_pad (char *str, const unsigned char *buf, unsigned int len, unsigned int padlen)
+{
+ unsigned int i, j;
+
+ for (j = 0; len < padlen; padlen--)
+ {
+ str [j++] = '0';
+ str [j++] = '0';
+ }
+
+ for (i=0; i<len; i++, j += 2) {
+ byteval_to_hex(buf[i], &str[j], 'a');
+ }
+
+ str[j] = '\0';
+}
+
/*
* Convert a string of hex digits (str) to an array (buf) of len bytes.
* Return PR_TRUE if the hex string can fit in the byte array. Return
* PR_FALSE if the hex string is empty or is too long.
*/
PRBool
from_hex_str(unsigned char *buf, unsigned int len, const char *str)
{
@@ -147,16 +178,181 @@ from_hex_str(unsigned char *buf, unsigne
} else {
hex_to_byteval(&str[j], &buf[i]);
j += 2;
}
}
return PR_TRUE;
}
+/*
+ * Convert a string of hex digits (str) to an array (buf) of maxlen bytes.
+ * Return length of resulting output in buf, or 0 on error.
+ */
+int
+from_hex_str_varlen (unsigned char *buf, unsigned int maxlen, const char *str)
+{
+ unsigned int nxdigit; /* number of hex digits in str */
+ unsigned int i; /* index into buf */
+ unsigned int j; /* index into str */
+
+ /* count the hex digits */
+ nxdigit = 0;
+ for (nxdigit = 0; isxdigit (str [nxdigit]); nxdigit++) {
+ /* empty body */
+ }
+ if (nxdigit == 0) {
+ return 0;
+ }
+
+ for (i = 0, j = 0; j < nxdigit; i++) {
+ if ((nxdigit - j) % 2 == 1) {
+ char tmp [2];
+ tmp [0] = '0';
+ tmp [1] = str [j];
+ hex_to_byteval (tmp, &buf [i]);
+ j++;
+ } else {
+ hex_to_byteval (&str [j], &buf [i]);
+ j += 2;
+ }
+ }
+ return i;
+}
+
+/*
+ * HASH_ functions are available to full NSS apps and internally inside
+ * freebl, but not exported to users of freebl. Create short stubs to
+ * replace the functionality for fipstest.
+ */
+SECStatus
+fips_hashBuf(HASH_HashType type, unsigned char *hashBuf,
+ unsigned char *msg, int len)
+{
+ SECStatus rv = SECFailure;
+
+ switch (type) {
+ case HASH_AlgSHA1:
+ rv = SHA1_HashBuf(hashBuf, msg, len);
+ break;
+ case HASH_AlgSHA224:
+ rv = SHA224_HashBuf(hashBuf, msg, len);
+ break;
+ case HASH_AlgSHA256:
+ rv = SHA256_HashBuf(hashBuf, msg, len);
+ break;
+ case HASH_AlgSHA384:
+ rv = SHA384_HashBuf(hashBuf, msg, len);
+ break;
+ case HASH_AlgSHA512:
+ rv = SHA512_HashBuf(hashBuf, msg, len);
+ break;
+ default:
+ break;
+ }
+ return rv;
+}
+
+int
+fips_hashLen(HASH_HashType type)
+{
+ int len = 0;
+
+ switch (type) {
+ case HASH_AlgSHA1:
+ len = SHA1_LENGTH;
+ break;
+ case HASH_AlgSHA224:
+ len = SHA224_LENGTH;
+ break;
+ case HASH_AlgSHA256:
+ len = SHA256_LENGTH;
+ break;
+ case HASH_AlgSHA384:
+ len = SHA384_LENGTH;
+ break;
+ case HASH_AlgSHA512:
+ len = SHA512_LENGTH;
+ break;
+ default:
+ break;
+ }
+ return len;
+}
+
+SECOidTag
+fips_hashOid(HASH_HashType type)
+{
+ SECOidTag oid = SEC_OID_UNKNOWN;
+
+ switch (type) {
+ case HASH_AlgSHA1:
+ oid = SEC_OID_SHA1;
+ break;
+ case HASH_AlgSHA224:
+ oid = SEC_OID_SHA224;
+ break;
+ case HASH_AlgSHA256:
+ oid = SEC_OID_SHA256;
+ break;
+ case HASH_AlgSHA384:
+ oid = SEC_OID_SHA384;
+ break;
+ case HASH_AlgSHA512:
+ oid = SEC_OID_SHA512;
+ break;
+ default:
+ break;
+ }
+ return oid;
+}
+
+HASH_HashType
+sha_get_hashType(int hashbits)
+{
+ HASH_HashType hashType = HASH_AlgNULL;
+
+ switch (hashbits) {
+ case 1:
+ case (SHA1_LENGTH*PR_BITS_PER_BYTE):
+ hashType = HASH_AlgSHA1;
+ break;
+ case (SHA224_LENGTH*PR_BITS_PER_BYTE):
+ hashType = HASH_AlgSHA224;
+ break;
+ case (SHA256_LENGTH*PR_BITS_PER_BYTE):
+ hashType = HASH_AlgSHA256;
+ break;
+ case (SHA384_LENGTH*PR_BITS_PER_BYTE):
+ hashType = HASH_AlgSHA384;
+ break;
+ case (SHA512_LENGTH*PR_BITS_PER_BYTE):
+ hashType = HASH_AlgSHA512;
+ break;
+ default:
+ break;
+ }
+ return hashType;
+}
+
+/*
+ * Calculate the SHA Message Digest
+ *
+ * MD = Message digest
+ * MDLen = length of Message Digest and SHA_Type
+ * msg = message to digest
+ * msgLen = length of message to digest
+ */
+SECStatus sha_calcMD(unsigned char *MD, unsigned int MDLen, unsigned char *msg, unsigned int msgLen)
+{
+ HASH_HashType hashType = sha_get_hashType(MDLen*PR_BITS_PER_BYTE);
+
+ return fips_hashBuf(hashType, MD, msg, msgLen);
+}
+
SECStatus
tdea_encrypt_buf(
int mode,
const unsigned char *key,
const unsigned char *iv,
unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
const unsigned char *input, unsigned int inputlen)
{
@@ -2001,22 +2197,22 @@ ecdsa_keypair_test(char *reqfn)
int i;
unsigned int len;
ecdsareq = fopen(reqfn, "r");
ecdsaresp = stdout;
strcpy(curve, "nist");
while (fgets(buf, sizeof buf, ecdsareq) != NULL) {
/* a comment or blank line */
- if (buf[0] == '#' || buf[0] == '\n') {
+ if (buf[0] == '#' || buf[0] == '\n' || buf [0] == '\r') {
fputs(buf, ecdsaresp);
continue;
}
/* [X-ddd] */
- if (buf[0] == '[') {
+ if (buf[0] == '[' && buf [1] != '\0' && buf [2] == '-') {
const char *src;
char *dst;
SECItem *encodedparams;
src = &buf[1];
dst = &curve[4];
*dst++ = tolower(*src);
src += 2; /* skip the hyphen */
@@ -2030,16 +2226,21 @@ ecdsa_keypair_test(char *reqfn)
}
if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) {
goto loser;
}
SECITEM_FreeItem(encodedparams, PR_TRUE);
fputs(buf, ecdsaresp);
continue;
}
+ /* [...] */
+ if (buf [0] == '[') {
+ fputs(buf, ecdsaresp);
+ continue;
+ }
/* N = x */
if (buf[0] == 'N') {
if (sscanf(buf, "N = %d", &N) != 1) {
goto loser;
}
for (i = 0; i < N; i++) {
ECPrivateKey *ecpriv;
@@ -2216,20 +2417,23 @@ ecdsa_siggen_test(char *reqfn)
* needs to be large enough to hold the longest
* line "Msg = <256 hex digits>\n".
*/
FILE *ecdsareq; /* input stream from the REQUEST file */
FILE *ecdsaresp; /* output stream to the RESPONSE file */
char curve[16]; /* "nistxddd" */
ECParams *ecparams = NULL;
int i, j;
+ char c;
+ int curvenum;
+ int shanum;
unsigned int len;
unsigned char msg[512]; /* message to be signed (<= 128 bytes) */
unsigned int msglen;
- unsigned char sha1[20]; /* SHA-1 hash (160 bits) */
+ unsigned char md[SHA512_LENGTH];
unsigned char sig[2*MAX_ECKEY_LEN];
SECItem signature, digest;
ecdsareq = fopen(reqfn, "r");
ecdsaresp = stdout;
strcpy(curve, "nist");
while (fgets(buf, sizeof buf, ecdsareq) != NULL) {
/* a comment or blank line */
@@ -2238,16 +2442,19 @@ ecdsa_siggen_test(char *reqfn)
continue;
}
/* [X-ddd] */
if (buf[0] == '[') {
const char *src;
char *dst;
SECItem *encodedparams;
+ if (sscanf (buf, "[%c-%d,SHA-%d]", &c, &curvenum, &shanum) != 3)
+ goto loser;
+
src = &buf[1];
dst = &curve[4];
*dst++ = tolower(*src);
src += 2; /* skip the hyphen */
*dst++ = *src++;
*dst++ = *src++;
*dst++ = *src++;
*dst = '\0';
@@ -2273,17 +2480,17 @@ ecdsa_siggen_test(char *reqfn)
i = 3;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
for (j=0; isxdigit(buf[i]); i+=2,j++) {
hex_to_byteval(&buf[i], &msg[j]);
}
msglen = j;
- if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) {
+ if (fips_hashBuf(sha_get_hashType(shanum), md, msg, msglen) != SECSuccess) {
goto loser;
}
fputs(buf, ecdsaresp);
if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) {
goto loser;
}
if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue)
@@ -2303,18 +2510,18 @@ ecdsa_siggen_test(char *reqfn)
fputs(buf, ecdsaresp);
fputc('\n', ecdsaresp);
fputs("Qy = ", ecdsaresp);
to_hex_str(buf, &ecpriv->publicValue.data[1+len], len);
fputs(buf, ecdsaresp);
fputc('\n', ecdsaresp);
digest.type = siBuffer;
- digest.data = sha1;
- digest.len = sizeof sha1;
+ digest.data = md;
+ digest.len = fips_hashLen (sha_get_hashType (shanum));
signature.type = siBuffer;
signature.data = sig;
signature.len = sizeof sig;
if (ECDSA_SignDigest(ecpriv, &signature, &digest) != SECSuccess) {
goto loser;
}
len = signature.len;
if (len%2 != 0) {
@@ -2355,21 +2562,24 @@ ecdsa_sigver_test(char *reqfn)
* needs to be large enough to hold the longest
* line "Msg = <256 hex digits>\n".
*/
FILE *ecdsareq; /* input stream from the REQUEST file */
FILE *ecdsaresp; /* output stream to the RESPONSE file */
char curve[16]; /* "nistxddd" */
ECPublicKey ecpub;
unsigned int i, j;
+ char c;
+ int curvenum;
+ int shanum;
unsigned int flen; /* length in bytes of the field size */
unsigned int olen; /* length in bytes of the base point order */
unsigned char msg[512]; /* message that was signed (<= 128 bytes) */
unsigned int msglen;
- unsigned char sha1[20]; /* SHA-1 hash (160 bits) */
+ unsigned char md[SHA512_LENGTH];
unsigned char sig[2*MAX_ECKEY_LEN];
SECItem signature, digest;
PRBool keyvalid = PR_TRUE;
PRBool sigvalid = PR_TRUE;
ecdsareq = fopen(reqfn, "r");
ecdsaresp = stdout;
ecpub.ecParams.arena = NULL;
@@ -2382,16 +2592,19 @@ ecdsa_sigver_test(char *reqfn)
}
/* [X-ddd] */
if (buf[0] == '[') {
const char *src;
char *dst;
SECItem *encodedparams;
ECParams *ecparams;
+ if (sscanf (buf, "[%c-%d,SHA-%d]", &c, &curvenum, &shanum) != 3)
+ goto loser;
+
src = &buf[1];
dst = &curve[4];
*dst++ = tolower(*src);
src += 2; /* skip the hyphen */
*dst++ = *src++;
*dst++ = *src++;
*dst++ = *src++;
*dst = '\0';
@@ -2437,24 +2650,24 @@ ecdsa_sigver_test(char *reqfn)
i = 3;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
for (j=0; isxdigit(buf[i]); i+=2,j++) {
hex_to_byteval(&buf[i], &msg[j]);
}
msglen = j;
- if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) {
+ if (fips_hashBuf(sha_get_hashType(shanum), md, msg, msglen) != SECSuccess) {
goto loser;
}
fputs(buf, ecdsaresp);
digest.type = siBuffer;
- digest.data = sha1;
- digest.len = sizeof sha1;
+ digest.data = md;
+ digest.len = fips_hashLen (sha_get_hashType (shanum));
continue;
}
/* Qx = ... */
if (strncmp(buf, "Qx", 2) == 0) {
fputs(buf, ecdsaresp);
i = 2;
while (isspace(buf[i]) || buf[i] == '=') {
@@ -2603,19 +2816,19 @@ drbg(char *reqfn)
unsigned char *nonce = NULL;
int nonceLen = 0;
unsigned char *personalizationString = NULL;
int personalizationStringLen = 0;
unsigned char *additionalInput = NULL;
int additionalInputLen = 0;
unsigned char *entropyInput = NULL;
int entropyInputLen = 0;
- unsigned char predictedreturn_bytes[SHA256_LENGTH];
- unsigned char return_bytes[SHA256_LENGTH];
- int return_bytes_len = SHA256_LENGTH;
+ unsigned char *predictedreturn_bytes = NULL;
+ unsigned char *return_bytes = NULL;
+ int return_bytes_len = 0;
enum { NONE, INSTANTIATE, GENERATE, RESEED, RESULT } command =
NONE;
PRBool genResult = PR_FALSE;
SECStatus rv;
rngreq = fopen(reqfn, "r");
rngresp = stdout;
while (fgets(buf, sizeof buf, rngreq) != NULL) {
@@ -2804,16 +3017,41 @@ drbg(char *reqfn)
additionalInputLen = additionalInputLen/8;
if (additionalInputLen > 0) {
additionalInput = PORT_Alloc(additionalInputLen);
}
fputs(buf, rngresp);
continue;
}
+ if (strncmp(buf, "[ReturnedBitsLen", 16) == 0) {
+ if (return_bytes) {
+ PORT_ZFree(return_bytes, return_bytes_len);
+ return_bytes = NULL;
+ }
+
+ if (predictedreturn_bytes) {
+ PORT_ZFree(predictedreturn_bytes, return_bytes_len);
+ predictedreturn_bytes = NULL;
+ }
+
+ return_bytes_len = 0;
+
+ if (sscanf(buf, "[ReturnedBitsLen = %d]", &return_bytes_len) != 1) {
+ goto loser;
+ }
+ return_bytes_len = return_bytes_len/8;
+ if (return_bytes_len > 0) {
+ return_bytes = PORT_Alloc(return_bytes_len);
+ predictedreturn_bytes = PORT_Alloc(return_bytes_len);
+ }
+ fputs(buf, rngresp);
+ continue;
+ }
+
if (strncmp(buf, "COUNT", 5) == 0) {
/* zeroize the variables for the test with this data set */
if (entropyInput) {
memset(entropyInput, 0, entropyInputLen);
}
if (nonce) {
memset(nonce, 0, nonceLen);
}
@@ -2954,17 +3192,17 @@ drbg(char *reqfn)
to_hex_str(buf, predictedreturn_bytes,
return_bytes_len);
fputs(buf, stderr);
fputs("\n actual = ", stderr);
fputs(buf2, stderr);
fputc('\n', stderr);
}
}
- memset(predictedreturn_bytes, 0 , sizeof predictedreturn_bytes);
+ memset(predictedreturn_bytes, 0, return_bytes_len);
continue;
}
}
loser:
fclose(rngreq);
}
@@ -3213,146 +3451,16 @@ rng_mct(char *reqfn)
continue;
}
}
loser:
fclose(rngreq);
}
/*
- * HASH_ functions are available to full NSS apps and internally inside
- * freebl, but not exported to users of freebl. Create short stubs to
- * replace the functionality for fipstest.
- */
-SECStatus
-fips_hashBuf(HASH_HashType type, unsigned char *hashBuf,
- unsigned char *msg, int len)
-{
- SECStatus rv = SECFailure;
-
- switch (type) {
- case HASH_AlgSHA1:
- rv = SHA1_HashBuf(hashBuf, msg, len);
- break;
- case HASH_AlgSHA224:
- rv = SHA224_HashBuf(hashBuf, msg, len);
- break;
- case HASH_AlgSHA256:
- rv = SHA256_HashBuf(hashBuf, msg, len);
- break;
- case HASH_AlgSHA384:
- rv = SHA384_HashBuf(hashBuf, msg, len);
- break;
- case HASH_AlgSHA512:
- rv = SHA512_HashBuf(hashBuf, msg, len);
- break;
- default:
- break;
- }
- return rv;
-}
-
-int
-fips_hashLen(HASH_HashType type)
-{
- int len = 0;
-
- switch (type) {
- case HASH_AlgSHA1:
- len = SHA1_LENGTH;
- break;
- case HASH_AlgSHA224:
- len = SHA224_LENGTH;
- break;
- case HASH_AlgSHA256:
- len = SHA256_LENGTH;
- break;
- case HASH_AlgSHA384:
- len = SHA384_LENGTH;
- break;
- case HASH_AlgSHA512:
- len = SHA512_LENGTH;
- break;
- default:
- break;
- }
- return len;
-}
-
-SECOidTag
-fips_hashOid(HASH_HashType type)
-{
- SECOidTag oid = SEC_OID_UNKNOWN;
-
- switch (type) {
- case HASH_AlgSHA1:
- oid = SEC_OID_SHA1;
- break;
- case HASH_AlgSHA224:
- oid = SEC_OID_SHA224;
- break;
- case HASH_AlgSHA256:
- oid = SEC_OID_SHA256;
- break;
- case HASH_AlgSHA384:
- oid = SEC_OID_SHA384;
- break;
- case HASH_AlgSHA512:
- oid = SEC_OID_SHA512;
- break;
- default:
- break;
- }
- return oid;
-}
-
-HASH_HashType
-sha_get_hashType(int hashbits)
-{
- HASH_HashType hashType = HASH_AlgNULL;
-
- switch (hashbits) {
- case 1:
- case (SHA1_LENGTH*PR_BITS_PER_BYTE):
- hashType = HASH_AlgSHA1;
- break;
- case (SHA224_LENGTH*PR_BITS_PER_BYTE):
- hashType = HASH_AlgSHA224;
- break;
- case (SHA256_LENGTH*PR_BITS_PER_BYTE):
- hashType = HASH_AlgSHA256;
- break;
- case (SHA384_LENGTH*PR_BITS_PER_BYTE):
- hashType = HASH_AlgSHA384;
- break;
- case (SHA512_LENGTH*PR_BITS_PER_BYTE):
- hashType = HASH_AlgSHA512;
- break;
- default:
- break;
- }
- return hashType;
-}
-
-/*
- * Calculate the SHA Message Digest
- *
- * MD = Message digest
- * MDLen = length of Message Digest and SHA_Type
- * msg = message to digest
- * msgLen = length of message to digest
- */
-SECStatus sha_calcMD(unsigned char *MD, unsigned int MDLen, unsigned char *msg, unsigned int msgLen)
-{
- HASH_HashType hashType = sha_get_hashType(MDLen*PR_BITS_PER_BYTE);
-
- return fips_hashBuf(hashType, MD, msg, msgLen);
-}
-
-/*
* Perform the SHA Monte Carlo Test
*
* MDLen = length of Message Digest and SHA_Type
* seed = input seed value
* resp = is the output response file.
*/
SECStatus sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp)
{
@@ -3414,17 +3522,17 @@ SECStatus sha_mct_test(unsigned int MDLe
* The output RESPONSE file is written to stdout.
*/
void sha_test(char *reqfn)
{
unsigned int i, j;
unsigned int MDlen; /* the length of the Message Digest in Bytes */
unsigned int msgLen; /* the length of the input Message in Bytes */
unsigned char *msg = NULL; /* holds the message to digest.*/
- size_t bufSize = 25608; /*MAX buffer size */
+ size_t bufSize = 102400; /*MAX buffer size */
char *buf = NULL; /* holds one line from the input REQUEST file.*/
unsigned char seed[HASH_LENGTH_MAX]; /* max size of seed 64 bytes */
unsigned char MD[HASH_LENGTH_MAX]; /* message digest */
FILE *req = NULL; /* input stream from the REQUEST file */
FILE *resp; /* output stream to the RESPONSE file */
buf = PORT_ZAlloc(bufSize);
@@ -3721,17 +3829,17 @@ void hmac_test(char *reqfn)
hex_to_byteval(&buf[i], &msg[j]);
}
fputs(buf, resp);
/* calculate the HMAC and output */
if (hmac_calc(HMAC, HMACLen, key, keyLen,
msg, msgLen, hash_alg) != SECSuccess) {
goto loser;
}
- fputs("MAC = ", resp);
+ fputs("Mac = ", resp);
to_hex_str(buf, HMAC, TLen);
fputs(buf, resp);
fputc('\n', resp);
continue;
}
}
loser:
if (req) {
@@ -3868,16 +3976,17 @@ loser:
/*
* pqg generation type
*/
typedef enum {
FIPS186_1,/* Generate/Verify P,Q & G according to FIPS 186-1 */
A_1_1_2, /* Generate Probable P & Q */
A_1_1_3, /* Verify Probable P & Q */
+ A_1_2_1, /* Generate Provable P & Q */
A_1_2_2, /* Verify Provable P & Q */
A_2_1, /* Generate Unverifiable G */
A_2_2, /* Assure Unverifiable G */
A_2_3, /* Generate Verifiable G */
A_2_4 /* Verify Verifiable G */
} dsa_pqg_type;
/*
@@ -3906,17 +4015,17 @@ dsa_pqgver_test(char *reqfn)
dsareq = fopen(reqfn, "r");
dsaresp = stdout;
memset(&pqg, 0, sizeof(pqg));
memset(&vfy, 0, sizeof(vfy));
while (fgets(buf, sizeof buf, dsareq) != NULL) {
/* a comment or blank line */
- if (buf[0] == '#' || buf[0] == '\n') {
+ if (buf[0] == '#' || buf[0] == '\n' || buf[0] == '\r') {
fputs(buf, dsaresp);
continue;
}
/* [A.xxxxx ] */
if (buf[0] == '[' && buf[1] == 'A') {
if (strncmp(&buf[1],"A.1.1.3",7) == 0) {
@@ -4119,17 +4228,16 @@ dsa_pqgver_test(char *reqfn)
if (rv != SECSuccess) {
goto loser;
}
if (result == SECSuccess) {
fprintf(dsaresp, "Result = P\n");
} else {
fprintf(dsaresp, "Result = F\n");
}
- fprintf(dsaresp, "\n");
}
continue;
}
if (strncmp(buf,"pgen_counter", 12) == 0) {
if (sscanf(buf, "pgen_counter = %u", &vfy.counter) != 1) {
goto loser;
}
fputs(buf, dsaresp);
@@ -4144,17 +4252,16 @@ dsa_pqgver_test(char *reqfn)
if (rv != SECSuccess) {
goto loser;
}
if (result == SECSuccess) {
fprintf(dsaresp, "Result = P\n");
} else {
fprintf(dsaresp, "Result = F\n");
}
- fprintf(dsaresp, "\n");
}
continue;
}
/* H = ... */
if (buf[0] == 'H') {
SECStatus rv, result = SECFailure;
i = 1;
@@ -4182,17 +4289,16 @@ dsa_pqgver_test(char *reqfn)
if (rv != SECSuccess) {
goto loser;
}
if (result == SECSuccess) {
fprintf(dsaresp, "Result = P\n");
} else {
fprintf(dsaresp, "Result = F\n");
}
- fprintf(dsaresp, "\n");
continue;
}
}
loser:
fclose(dsareq);
if (pqg.prime.data) { /* P */
SECITEM_ZfreeItem(&pqg.prime, PR_FALSE);
}
@@ -4226,61 +4332,63 @@ dsa_pqggen_test(char *reqfn)
* 800 to hold seed = (384 public key (x2 for HEX)
*/
FILE *dsareq; /* input stream from the REQUEST file */
FILE *dsaresp; /* output stream to the RESPONSE file */
int count; /* number of times to generate parameters */
int N;
int L;
int i;
+ int shanum = 0;
unsigned int j;
PQGParams *pqg = NULL;
PQGVerify *vfy = NULL;
+ SECItem P, Q;
unsigned int keySizeIndex;
dsa_pqg_type type = FIPS186_1;
dsareq = fopen(reqfn, "r");
dsaresp = stdout;
while (fgets(buf, sizeof buf, dsareq) != NULL) {
/* a comment or blank line */
- if (buf[0] == '#' || buf[0] == '\n') {
+ if (buf[0] == '#' || buf[0] == '\n' || buf [0] == '\r') {
fputs(buf, dsaresp);
continue;
}
/* [A.xxxxx ] */
if (buf[0] == '[' && buf[1] == 'A') {
if (strncmp(&buf[1],"A.1.1.2",7) == 0) {
type = A_1_1_2;
} else if (strncmp(&buf[1],"A.2.1",5) == 0) {
- fprintf(stderr, "NSS only Generates G with P&Q\n");
- exit(1);
+ type = A_2_1;
} else if (strncmp(&buf[1],"A.2.3",5) == 0) {
fprintf(stderr, "NSS only Generates G with P&Q\n");
exit(1);
} else if (strncmp(&buf[1],"A.1.2.1",7) == 0) {
- fprintf(stderr, "NSS does not support Shawe-Taylor Primes\n");
- exit(1);
+ type = A_1_2_1;
} else {
fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]);
exit(1);
}
fputs(buf, dsaresp);
continue;
}
/* [Mod = ... ] */
if (buf[0] == '[') {
+ shanum = 0;
if (type == FIPS186_1) {
N=160;
if (sscanf(buf, "[mod = %d]", &L) != 1) {
goto loser;
}
- } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) {
+ } else if (sscanf (buf, "[mod = L=%d, N=%d, SHA-%d", &L, &N, &shanum) != 3 &&
+ sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) {
goto loser;
}
fputs(buf, dsaresp);
fputc('\n', dsaresp);
if (type == FIPS186_1) {
/************************************************************
@@ -4292,71 +4400,151 @@ dsa_pqggen_test(char *reqfn)
fprintf(dsaresp,
"DSA key size must be a multiple of 64 between 512 "
"and 1024, inclusive");
goto loser;
}
}
continue;
}
- /* N = ... */
- if (buf[0] == 'N') {
- if (sscanf(buf, "N = %d", &count) != 1) {
+ /* Num = ... */
+ if (strncmp(buf, "Num", 3) == 0) {
+ if (sscanf(buf, "Num = %d", &count) != 1) {
goto loser;
}
for (i = 0; i < count; i++) {
+ int pgen_counter, qgen_counter;
+ SECItem firstseed = { 0 }, qseed = { 0 }, pseed = { 0 };
SECStatus rv;
if (type == FIPS186_1) {
rv = PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES,
&pqg, &vfy);
+ } else if (type == A_1_2_1) {
+ rv = FREEBL_Test_PQG_ParamGenV3_p(L, N, 0, &pqg, &vfy,
+ shanum, &pgen_counter, &qgen_counter,
+ &firstseed, &pseed, &qseed);
+ } else if (type == A_1_1_2) {
+ rv = PQG_ParamGenV2(L, N, 0, &pqg, &vfy);
} else {
- rv = PQG_ParamGenV2(L, N, N, &pqg, &vfy);
+ /* A_2_1 -- Generate G when P and Q have been read */
+ continue;
}
+
if (rv != SECSuccess) {
fprintf(dsaresp,
"ERROR: Unable to generate PQG parameters");
goto loser;
}
to_hex_str(buf, pqg->prime.data, pqg->prime.len);
fprintf(dsaresp, "P = %s\n", buf);
to_hex_str(buf, pqg->subPrime.data, pqg->subPrime.len);
fprintf(dsaresp, "Q = %s\n", buf);
- to_hex_str(buf, pqg->base.data, pqg->base.len);
- fprintf(dsaresp, "G = %s\n", buf);
if (type == FIPS186_1) {
+ to_hex_str(buf, pqg->base.data, pqg->base.len);
+ fprintf(dsaresp, "G = %s\n", buf);
to_hex_str(buf, vfy->seed.data, vfy->seed.len);
fprintf(dsaresp, "Seed = %s\n", buf);
fprintf(dsaresp, "c = %d\n", vfy->counter);
to_hex_str(buf, vfy->h.data, vfy->h.len);
fputs("H = ", dsaresp);
for (j=vfy->h.len; j< pqg->prime.len; j++) {
fprintf(dsaresp, "00");
}
fprintf(dsaresp, "%s\n", buf);
+ } else if (type == A_1_2_1) {
+ to_hex_str(buf, firstseed.data, firstseed.len);
+ fprintf(dsaresp, "firstseed = %s\n", buf);
+ to_hex_str(buf, pseed.data, pseed.len);
+ fprintf(dsaresp, "pseed = %s\n", buf);
+ to_hex_str(buf, qseed.data, qseed.len);
+ fprintf(dsaresp, "qseed = %s\n", buf);
+ fprintf(dsaresp, "pgen_counter = %d\n", pgen_counter);
+ fprintf(dsaresp, "qgen_counter = %d\n", qgen_counter);
} else {
+ to_hex_str(buf, pqg->base.data, pqg->base.len);
+ fprintf(dsaresp, "G = %s\n", buf);
fprintf(dsaresp, "counter = %d\n", vfy->counter);
fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]);
to_hex_str(buf, vfy->seed.data, vfy->seed.len);
fprintf(dsaresp, "domain_parameter_seed = %s\n", buf);
}
+
fputc('\n', dsaresp);
+
if(pqg!=NULL) {
PQG_DestroyParams(pqg);
pqg = NULL;
}
if(vfy!=NULL) {
PQG_DestroyVerify(vfy);
vfy = NULL;
}
+
+ if (firstseed.data) {
+ SECITEM_FreeItem(&firstseed, PR_FALSE);
+ firstseed.data = NULL;
+ }
+ if (pseed.data) {
+ SECITEM_FreeItem(&pseed, PR_FALSE);
+ pseed.data = NULL;
+ }
+ if (qseed.data) {
+ SECITEM_FreeItem(&qseed, PR_FALSE);
+ qseed.data = NULL;
+ }
}
continue;
}
+ /* P = ... */
+ if (buf[0] == 'P') {
+ unsigned char databuf [1024];
+ int len;
+
+ fputs(buf, dsaresp);
+
+ for (i = 1; isspace (buf [i]) || buf [i] == '='; i++)
+ ;
+
+ len = from_hex_str_varlen (databuf, 1024, &buf [i]);
+
+ P.type = siBuffer;
+ P.data = NULL;
+ P.len = 0;
+ SECITEM_AllocItem (NULL, &P, len);
+ memcpy (P.data, databuf, len);
+ }
+
+ /* Q = ... */
+ if (buf[0] == 'Q') {
+ unsigned char databuf [1024];
+ char hexbuf [1024];
+ int len;
+
+ fputs(buf, dsaresp);
+
+ for (i = 1; isspace (buf [i]) || buf [i] == '='; i++)
+ ;
+
+ len = from_hex_str_varlen (databuf, 1024, &buf [i]);
+
+ Q.type = siBuffer;
+ Q.data = NULL;
+ Q.len = 0;
+ SECITEM_AllocItem (NULL, &Q, len);
+ memcpy (Q.data, databuf, len);
+
+ /* Generate G from P and Q according to FIPS 186-3 A2.1 */
+ FREEBL_Test_PQG_GenerateG_p (L, N, 0, &pqg, &vfy, shanum, &P, &Q);
+
+ to_hex_str((char *) hexbuf, pqg->base.data, pqg->base.len);
+ fprintf(dsaresp, "G = %s\n", hexbuf);
+ }
}
loser:
fclose(dsareq);
if(pqg!=NULL) {
PQG_DestroyParams(pqg);
}
if(vfy!=NULL) {
PQG_DestroyVerify(vfy);
@@ -4395,17 +4583,17 @@ dsa_siggen_test(char *reqfn)
HASH_HashType hashType = HASH_AlgNULL;
int hashNum = 0;
dsareq = fopen(reqfn, "r");
dsaresp = stdout;
while (fgets(buf, sizeof buf, dsareq) != NULL) {
/* a comment or blank line */
- if (buf[0] == '#' || buf[0] == '\n') {
+ if (buf[0] == '#' || buf[0] == '\n' || buf[0] == '\r') {
fputs(buf, dsaresp);
continue;
}
/* [Mod = x] */
if (buf[0] == '[') {
if(pqg!=NULL) {
PQG_DestroyParams(pqg);
@@ -4424,17 +4612,16 @@ dsa_siggen_test(char *reqfn)
&hashNum) != 3) {
use_dsa1 = PR_TRUE;
hashNum = 1;
if (sscanf(buf, "[mod = %d]", &modulus) != 1) {
goto loser;
}
}
fputs(buf, dsaresp);
- fputc('\n', dsaresp);
/****************************************************************
* PQG_ParamGenSeedLen doesn't take a key size, it takes an index
* that points to a valid key size.
*/
if (use_dsa1) {
keySizeIndex = PQG_PBITS_TO_INDEX(modulus);
if(keySizeIndex == -1 || modulus<512 || modulus>1024) {
@@ -4452,16 +4639,17 @@ dsa_siggen_test(char *reqfn)
}
} else {
if (PQG_ParamGenV2(L, N, N, &pqg, &vfy) != SECSuccess) {
fprintf(dsaresp,
"ERROR: Unable to generate PQG parameters");
goto loser;
}
}
+
to_hex_str(buf, pqg->prime.data, pqg->prime.len);
fprintf(dsaresp, "P = %s\n", buf);
to_hex_str(buf, pqg->subPrime.data, pqg->subPrime.len);
fprintf(dsaresp, "Q = %s\n", buf);
to_hex_str(buf, pqg->base.data, pqg->base.len);
fprintf(dsaresp, "G = %s\n", buf);
/* create DSA Key */
@@ -4526,17 +4714,16 @@ dsa_siggen_test(char *reqfn)
fputs(buf, dsaresp);
to_hex_str(buf, dsakey->publicValue.data,
dsakey->publicValue.len);
fprintf(dsaresp, "Y = %s\n", buf);
to_hex_str(buf, &signature.data[0], len);
fprintf(dsaresp, "R = %s\n", buf);
to_hex_str(buf, &signature.data[len], len);
fprintf(dsaresp, "S = %s\n", buf);
- fputc('\n', dsaresp);
continue;
}
}
loser:
fclose(dsareq);
if(pqg != NULL) {
PQG_DestroyParams(pqg);
@@ -4580,17 +4767,17 @@ dsa_sigver_test(char *reqfn)
int hashNum = 0;
dsareq = fopen(reqfn, "r");
dsaresp = stdout;
memset(&pubkey, 0, sizeof(pubkey));
while (fgets(buf, sizeof buf, dsareq) != NULL) {
/* a comment or blank line */
- if (buf[0] == '#' || buf[0] == '\n') {
+ if (buf[0] == '#' || buf[0] == '\n' || buf[0] == '\r') {
fputs(buf, dsaresp);
continue;
}
/* [Mod = x] */
if (buf[0] == '[') {
if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, & N,
@@ -4762,17 +4949,16 @@ dsa_sigver_test(char *reqfn)
signature.data = sig;
signature.len = pubkey.params.subPrime.len*2;
if (DSA_VerifyDigest(&pubkey, &signature, &digest) == SECSuccess) {
fprintf(dsaresp, "Result = P\n");
} else {
fprintf(dsaresp, "Result = F\n");
}
- fprintf(dsaresp, "\n");
continue;
}
}
loser:
fclose(dsareq);
if (pubkey.params.prime.data) { /* P */
SECITEM_ZfreeItem(&pubkey.params.prime, PR_FALSE);
}
@@ -4783,16 +4969,140 @@ loser:
SECITEM_ZfreeItem(&pubkey.params.base, PR_FALSE);
}
if (pubkey.publicValue.data) { /* Y */
SECITEM_ZfreeItem(&pubkey.publicValue, PR_FALSE);
}
}
/*
+ * Perform the RSA Provable-prime key generation test
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+rsa_keygen_probable_test(char *reqfn)
+{
+ char buf[2*RSA_MAX_TEST_MODULUS_BYTES+1];
+ /* buf holds one line from the input REQUEST file
+ * or to the output RESPONSE file.
+ * 2x for HEX output + 1 for \n
+ */
+ FILE *rsareq; /* input stream from the REQUEST file */
+ FILE *rsaresp; /* output stream to the RESPONSE file */
+ int i;
+ int modulus; /* the Modulus size */
+ int publicExponent = DEFAULT_RSA_PUBLIC_EXPONENT;
+ SECItem pe = {0, 0, 0 };
+ unsigned char pubEx[4];
+ int peCount = 0;
+ RSAPrivateKey *rsaBlapiPrivKey = NULL; /* holds RSA private and
+ * public keys */
+
+ rsareq = fopen(reqfn, "r");
+ rsaresp = stdout;
+
+ /* calculate the exponent */
+ for (i=0; i < 4; i++) {
+ if (peCount || (publicExponent &
+ ((unsigned long)0xff000000L >> (i*8)))) {
+ pubEx[peCount] =
+ (unsigned char)((publicExponent >> (3-i)*8) & 0xff);
+ peCount++;
+ }
+ }
+ pe.len = peCount;
+ pe.data = &pubEx[0];
+ pe.type = siBuffer;
+
+ while (fgets(buf, sizeof buf, rsareq) != NULL) {
+ /* a comment or blank line */
+ if (buf[0] == '#' || buf[0] == '\n' || buf [0] == '\r') {
+ fputs(buf, rsaresp);
+ continue;
+ }
+
+ /* [PrimeMethod = ...] */
+ if (strncmp (buf, "[PrimeMethod", 4) == 0) {
+ /* PrimeMethod is always ProvRP */
+ fputs(buf, rsaresp);
+ }
+
+ /* [Table = ...] */
+ if (strncmp (buf, "[Table", 4) == 0) {
+ /* M-R Test table */
+ fputs(buf, rsaresp);
+ }
+
+ /* [mod = ...] */
+ if (strncmp (buf, "[mod", 4) == 0) {
+ if (sscanf(buf, "[mod = %d]", &modulus) != 1) {
+ goto loser;
+ }
+ if (modulus > RSA_MAX_TEST_MODULUS_BITS) {
+ fprintf(rsaresp,"ERROR: modulus greater than test maximum\n");
+ goto loser;
+ }
+
+ fputs(buf, rsaresp);
+ }
+
+ if (strncmp (buf, "N", 1) == 0) {
+ int count;
+ int i;
+
+ if (sscanf(buf, "N = %d", &count) != 1) {
+ goto loser;
+ }
+
+ for (i = 0; i < count; i++) {
+ if (rsaBlapiPrivKey != NULL) {
+ PORT_FreeArena(rsaBlapiPrivKey->arena, PR_TRUE);
+ rsaBlapiPrivKey = NULL;
+ }
+
+ rsaBlapiPrivKey = RSA_NewKey(modulus, &pe);
+ if (rsaBlapiPrivKey == NULL) {
+ fprintf(rsaresp, "Error unable to create RSA key\n");
+ goto loser;
+ }
+
+ to_hex_str(buf, rsaBlapiPrivKey->publicExponent.data,
+ rsaBlapiPrivKey->publicExponent.len);
+ fprintf(rsaresp, "e = %s\n", buf);
+ to_hex_str(buf, rsaBlapiPrivKey->prime1.data,
+ rsaBlapiPrivKey->prime1.len);
+ fprintf(rsaresp, "p = %s\n", buf);
+ to_hex_str(buf, rsaBlapiPrivKey->prime2.data,
+ rsaBlapiPrivKey->prime2.len);
+ fprintf(rsaresp, "q = %s\n", buf);
+
+ to_hex_str(buf, rsaBlapiPrivKey->modulus.data,
+ rsaBlapiPrivKey->modulus.len);
+ fprintf(rsaresp, "n = %s\n", buf);
+ to_hex_str_pad(buf, rsaBlapiPrivKey->privateExponent.data,
+ rsaBlapiPrivKey->privateExponent.len,
+ modulus / 8);
+ fprintf(rsaresp, "d = %s\n\n", buf);
+ }
+ }
+ }
+loser:
+ fclose(rsareq);
+
+ if (rsaBlapiPrivKey != NULL) {
+ /* frees private and public key */
+ PORT_FreeArena(rsaBlapiPrivKey->arena, PR_TRUE);
+ rsaBlapiPrivKey = NULL;
+ }
+}
+
+/*
* Perform the RSA Signature Generation Test.
*
* reqfn is the pathname of the REQUEST file.
*
* The output RESPONSE file is written to stdout.
*/
void
rsa_siggen_test(char *reqfn)
@@ -4832,17 +5142,17 @@ rsa_siggen_test(char *reqfn)
}
}
pe.len = peCount;
pe.data = &pubEx[0];
pe.type = siBuffer;
while (fgets(buf, sizeof buf, rsareq) != NULL) {
/* a comment or blank line */
- if (buf[0] == '#' || buf[0] == '\n') {
+ if (buf[0] == '#' || buf[0] == '\n' || buf [0] == '\r') {
fputs(buf, rsaresp);
continue;
}
/* [mod = ...] */
if (buf[0] == '[') {
if (sscanf(buf, "[mod = %d]", &modulus) != 1) {
@@ -5030,17 +5340,17 @@ rsa_sigver_test(char *reqfn)
RSAPublicKey rsaBlapiPublicKey; /* hold RSA public key */
rsareq = fopen(reqfn, "r");
rsaresp = stdout;
memset(&rsaBlapiPublicKey, 0, sizeof(RSAPublicKey));
while (fgets(buf, sizeof buf, rsareq) != NULL) {
/* a comment or blank line */
- if (buf[0] == '#' || buf[0] == '\n') {
+ if (buf[0] == '#' || buf[0] == '\n' || buf [0] == '\r') {
fputs(buf, rsaresp);
continue;
}
/* [Mod = ...] */
if (buf[0] == '[') {
unsigned int flen; /* length in bytes of the field size */
@@ -5101,16 +5411,17 @@ rsa_sigver_test(char *reqfn)
} else if (strncmp(&buf[i], "SHA384", 6) == 0) {
shaAlg = HASH_AlgSHA384;
} else if (strncmp(&buf[i], "SHA512", 6) == 0) {
shaAlg = HASH_AlgSHA512;
} else {
fprintf(rsaresp, "ERROR: Unable to find SHAAlg type");
goto loser;
}
+ shaOid = fips_hashOid(shaAlg);
fputs(buf, rsaresp);
continue;
}
/* e = ... public Key */
if (buf[0] == 'e') {
unsigned char data[RSA_MAX_TEST_EXPONENT_BYTES];
unsigned char t;
@@ -5228,22 +5539,57 @@ loser:
if (rsaBlapiPublicKey.modulus.data) { /* n */
SECITEM_ZfreeItem(&rsaBlapiPublicKey.modulus, PR_FALSE);
}
if (rsaBlapiPublicKey.publicExponent.data) { /* e */
SECITEM_ZfreeItem(&rsaBlapiPublicKey.publicExponent, PR_FALSE);
}
}
+static void
+init_functions (void)
+{
+ void *freebl_so;
+
+ freebl_so = dlopen ("libfreebl3.so", RTLD_LAZY);
+ if (freebl_so == NULL)
+ {
+ fprintf (stderr, "Failed to load libfreebl3.so.");
+ exit (1);
+ }
+
+ FREEBL_GetGlobalVar_p = dlsym (freebl_so, "FREEBL_GetGlobalVar");
+ FREEBL_Test_PQG_ParamGenV3_p = dlsym (freebl_so, "FREEBL_Test_PQG_ParamGenV3");
+ FREEBL_Test_PQG_GenerateG_p = dlsym (freebl_so, "FREEBL_Test_PQG_GenerateG");
+
+ if (FREEBL_GetGlobalVar_p == NULL)
+ {
+ fprintf (stderr, "Failed to bind FREEBL_GetGlobalVar.");
+ exit (1);
+ }
+ if (FREEBL_Test_PQG_ParamGenV3_p == NULL)
+ {
+ fprintf (stderr, "Failed to bind FREEBL_TEST_PQG_ParamGenV3.");
+ exit (1);
+ }
+ if (FREEBL_Test_PQG_GenerateG_p == NULL)
+ {
+ fprintf (stderr, "Failed to bind FREEBL_TEST_PQG_GenerateG.");
+ exit (1);
+ }
+}
+
int main(int argc, char **argv)
{
if (argc < 2) exit (-1);
+ init_functions ();
RNG_RNGInit();
SECOID_Init();
+ BL_Init();
/*************/
/* TDEA */
/*************/
if (strcmp(argv[1], "tdea") == 0) {
/* argv[2]=kat|mmt|mct argv[3]=ecb|cbc argv[4]=<test name>.req */
if (strcmp(argv[2], "kat") == 0) {
/* Known Answer Test (KAT) */
@@ -5294,16 +5640,19 @@ int main(int argc, char **argv)
/* argv[2]=siggen|sigver */
/* argv[3]=<test name>.req */
if (strcmp(argv[2], "siggen") == 0) {
/* Signature Generation Test */
rsa_siggen_test(argv[3]);
} else if (strcmp(argv[2], "sigver") == 0) {
/* Signature Verification Test */
rsa_sigver_test(argv[3]);
+ } else if (strcmp(argv[2], "keygen") == 0) {
+ /* Key Generation Test with probable primes */
+ rsa_keygen_probable_test(argv[3]);
}
/*************/
/* HMAC */
/*************/
} else if (strcmp(argv[1], "hmac") == 0) {
hmac_test(argv[2]);
/*************/
/* DSA */
diff --git a/cmd/fipstest/rng.sh b/cmd/fipstest/rng.sh
old mode 100644
new mode 100755
--- a/cmd/fipstest/rng.sh
+++ b/cmd/fipstest/rng.sh
@@ -8,16 +8,16 @@
#
# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
# variables appropriately so that the fipstest command and the NSPR and NSS
# shared libraries/DLLs are on the search path. Then run this script in the
# directory where the REQUEST (.req) files reside. The script generates the
# RESPONSE (.rsp) files in the same directory.
drbg_requests="
-SHA256_DRBG.req
+Hash_DRBG.req
"
for request in $drbg_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest drbg $request > $response
done
diff --git a/cmd/fipstest/rsa.sh b/cmd/fipstest/rsa.sh
old mode 100644
new mode 100755
--- a/cmd/fipstest/rsa.sh
+++ b/cmd/fipstest/rsa.sh
@@ -8,17 +8,22 @@
#
# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
# variables appropriately so that the fipstest command and the NSPR and NSS
# shared libraries/DLLs are on the search path. Then run this script in the
# directory where the REQUEST (.req) files reside. The script generates the
# RESPONSE (.rsp) files in the same directory.
-request=SigGen15.req
+request=SigGen15_186-3.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest rsa siggen $request > $response
-request=SigVer15.req
+request=SigVer15_186-3.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest rsa sigver $request > $response
+
+request=KeyGen_RandomProbablyPrime3_3.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest rsa keygen $request > $response
diff --git a/cmd/fipstest/sha.sh b/cmd/fipstest/sha.sh
old mode 100644
new mode 100755
--- a/cmd/fipstest/sha.sh
+++ b/cmd/fipstest/sha.sh
@@ -9,30 +9,33 @@
# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
# variables appropriately so that the fipstest command and the NSPR and NSS
# shared libraries/DLLs are on the search path. Then run this script in the
# directory where the REQUEST (.req) files reside. The script generates the
# RESPONSE (.rsp) files in the same directory.
sha_ShortMsg_requests="
SHA1ShortMsg.req
+SHA224ShortMsg.req
SHA256ShortMsg.req
SHA384ShortMsg.req
SHA512ShortMsg.req
"
sha_LongMsg_requests="
SHA1LongMsg.req
+SHA224LongMsg.req
SHA256LongMsg.req
SHA384LongMsg.req
SHA512LongMsg.req
"
sha_Monte_requests="
SHA1Monte.req
+SHA224Monte.req
SHA256Monte.req
SHA384Monte.req
SHA512Monte.req
"
for request in $sha_ShortMsg_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest sha $request > $response
diff --git a/cmd/pk11gcmtest/pk11gcmtest.c b/cmd/pk11gcmtest/pk11gcmtest.c
--- a/cmd/pk11gcmtest/pk11gcmtest.c
+++ b/cmd/pk11gcmtest/pk11gcmtest.c
@@ -28,16 +28,42 @@ hex_to_byteval(const char *c2, unsigned
*byteval |= (offset + 10) << 4*(1-i);
} else {
return SECFailure;
}
}
return SECSuccess;
}
+SECStatus
+byteval_to_hex(unsigned char byteval, char *c2, char a)
+{
+ int i;
+ unsigned char offset;
+ for (i=0; i<2; i++) {
+ offset = (byteval >> 4*(1-i)) & 0x0f;
+ if (offset < 10) {
+ c2[i] = '0' + offset;
+ } else {
+ c2[i] = a + offset - 10;
+ }
+ }
+ return SECSuccess;
+}
+
+void
+to_hex_str(char *str, const unsigned char *buf, unsigned int len)
+{
+ unsigned int i;
+ for (i=0; i<len; i++) {
+ byteval_to_hex(buf[i], &str[2*i], 'a');
+ }
+ str[2*len] = '\0';
+}
+
static SECStatus
aes_encrypt_buf(
const unsigned char *key, unsigned int keysize,
const unsigned char *iv, unsigned int ivsize,
unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
const unsigned char *input, unsigned int inputlen,
const unsigned char *aad, unsigned int aadlen, unsigned int tagsize)
{
@@ -117,17 +143,19 @@ aes_decrypt_buf(
key_item.data = (unsigned char *) key; /* const cast */
key_item.len = keysize;
slot = PK11_GetInternalSlot();
symKey = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap,
CKA_DECRYPT, &key_item, NULL);
PK11_FreeSlot(slot);
slot = NULL;
if (!symKey) {
+#if 0
fprintf(stderr, "PK11_ImportSymKey failed\n");
+#endif
goto loser;
}
gcm_params.pIv = (unsigned char *) iv;
gcm_params.ulIvLen = ivsize;
gcm_params.pAAD = (unsigned char *) aad;
gcm_params.ulAADLen = aadlen;
gcm_params.ulTagBits = tagsize * 8;
@@ -149,26 +177,27 @@ loser:
PK11_FreeSymKey(symKey);
}
return rv;
}
/*
* Perform the AES Known Answer Test (KAT) in Galois Counter Mode (GCM).
*
- * respfn is the pathname of the RESPONSE file.
+ * reqfn is the pathname of the RESPONSE file.
*/
static void
-aes_gcm_kat(const char *respfn)
+aes_gcm_kat(const char *reqfn)
{
char buf[512]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "CIPHERTEXT = <320 hex digits>\n".
*/
- FILE *aesresp; /* input stream from the RESPONSE file */
+ FILE *aesreq; /* input stream from the REQUEST file */
+ FILE *aesresp; /* output stream to the RESPONSE file */
int i, j;
unsigned int test_group = 0;
unsigned int num_tests;
PRBool is_encrypt;
unsigned char key[32]; /* 128, 192, or 256 bits */
unsigned int keysize;
unsigned char iv[10*16]; /* 1 to 10 blocks */
unsigned int ivsize;
@@ -185,32 +214,34 @@ aes_gcm_kat(const char *respfn)
unsigned int expected_keylen = 0;
unsigned int expected_ivlen = 0;
unsigned int expected_ptlen = 0;
unsigned int expected_aadlen = 0;
unsigned int expected_taglen = 0;
SECStatus rv;
- if (strstr(respfn, "Encrypt") != NULL) {
+ if (strstr(reqfn, "Encrypt") != NULL) {
is_encrypt = PR_TRUE;
- } else if (strstr(respfn, "Decrypt") != NULL) {
+ } else if (strstr(reqfn, "Decrypt") != NULL) {
is_encrypt = PR_FALSE;
} else {
fprintf(stderr, "Input file name must contain Encrypt or Decrypt\n");
exit(1);
}
- aesresp = fopen(respfn, "r");
- if (aesresp == NULL) {
- fprintf(stderr, "Cannot open input file %s\n", respfn);
+ aesreq = fopen(reqfn, "r");
+ if (aesreq == NULL) {
+ fprintf(stderr, "Cannot open input file %s\n", reqfn);
exit(1);
}
- while (fgets(buf, sizeof buf, aesresp) != NULL) {
+ aesresp = stdout;
+ while (fgets(buf, sizeof buf, aesreq) != NULL) {
/* a comment or blank line */
- if (buf[0] == '#' || buf[0] == '\n') {
+ if (buf[0] == '#' || buf[0] == '\n' || buf [0] == '\r') {
+ fputs(buf, aesresp);
continue;
}
/* [Keylen = ...], [IVlen = ...], etc. */
if (buf[0] == '[') {
if (strncmp(&buf[1], "Keylen = ", 9) == 0) {
expected_keylen = atoi(&buf[10]);
} else if (strncmp(&buf[1], "IVlen = ", 8) == 0) {
expected_ivlen = atoi(&buf[9]);
@@ -218,38 +249,43 @@ aes_gcm_kat(const char *respfn)
expected_ptlen = atoi(&buf[9]);
} else if (strncmp(&buf[1], "AADlen = ", 9) == 0) {
expected_aadlen = atoi(&buf[10]);
} else if (strncmp(&buf[1], "Taglen = ", 9) == 0) {
expected_taglen = atoi(&buf[10]);
test_group++;
if (test_group > 1) {
+#if 0
/* Report num_tests for the previous test group. */
printf("%u tests\n", num_tests);
+#endif
}
num_tests = 0;
+#if 0
printf("Keylen = %u, IVlen = %u, PTlen = %u, AADlen = %u, "
"Taglen = %u: ", expected_keylen, expected_ivlen,
expected_ptlen, expected_aadlen, expected_taglen);
+#endif
/* Convert lengths in bits to lengths in bytes. */
PORT_Assert(expected_keylen % 8 == 0);
expected_keylen /= 8;
PORT_Assert(expected_ivlen % 8 == 0);
expected_ivlen /= 8;
PORT_Assert(expected_ptlen % 8 == 0);
expected_ptlen /= 8;
PORT_Assert(expected_aadlen % 8 == 0);
expected_aadlen /= 8;
PORT_Assert(expected_taglen % 8 == 0);
expected_taglen /= 8;
} else {
fprintf(stderr, "Unexpected input line: %s\n", buf);
exit(1);
}
+ fputs(buf, aesresp);
continue;
}
/* "Count = x" begins a new data set */
if (strncmp(buf, "Count", 5) == 0) {
/* zeroize the variables for the test with this data set */
memset(key, 0, sizeof key);
keysize = 0;
memset(iv, 0, sizeof iv);
@@ -258,16 +294,17 @@ aes_gcm_kat(const char *respfn)
plaintextlen = 0;
memset(aad, 0, sizeof aad);
aadlen = 0;
memset(ciphertext, 0, sizeof ciphertext);
ciphertextlen = 0;
memset(output, 0, sizeof output);
outputlen = 0;
num_tests++;
+ fputs(buf, aesresp);
continue;
}
/* Key = ... */
if (strncmp(buf, "Key", 3) == 0) {
i = 3;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
@@ -275,16 +312,17 @@ aes_gcm_kat(const char *respfn)
hex_to_byteval(&buf[i], &key[j]);
}
keysize = j;
if (keysize != expected_keylen) {
fprintf(stderr, "Unexpected key length: %u vs. %u\n",
keysize, expected_keylen);
exit(1);
}
+ fputs(buf, aesresp);
continue;
}
/* IV = ... */
if (strncmp(buf, "IV", 2) == 0) {
i = 2;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
@@ -292,16 +330,17 @@ aes_gcm_kat(const char *respfn)
hex_to_byteval(&buf[i], &iv[j]);
}
ivsize = j;
if (ivsize != expected_ivlen) {
fprintf(stderr, "Unexpected IV length: %u vs. %u\n",
ivsize, expected_ivlen);
exit(1);
}
+ fputs(buf, aesresp);
continue;
}
/* PT = ... */
if (strncmp(buf, "PT", 2) == 0) {
i = 2;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
@@ -310,33 +349,17 @@ aes_gcm_kat(const char *respfn)
}
plaintextlen = j;
if (plaintextlen != expected_ptlen) {
fprintf(stderr, "Unexpected PT length: %u vs. %u\n",
plaintextlen, expected_ptlen);
exit(1);
}
- if (!is_encrypt) {
- rv = aes_decrypt_buf(key, keysize, iv, ivsize,
- output, &outputlen, sizeof output,
- ciphertext, ciphertextlen, aad, aadlen, tag, tagsize);
- if (rv != SECSuccess) {
- fprintf(stderr, "aes_decrypt_buf failed\n");
- goto loser;
- }
- if (outputlen != plaintextlen) {
- fprintf(stderr, "aes_decrypt_buf: wrong output size\n");
- goto loser;
- }
- if (memcmp(output, plaintext, plaintextlen) != 0) {
- fprintf(stderr, "aes_decrypt_buf: wrong plaintext\n");
- goto loser;
- }
- }
+ fputs(buf, aesresp);
continue;
}
/* FAIL */
if (strncmp(buf, "FAIL", 4) == 0) {
plaintextlen = 0;
PORT_Assert(!is_encrypt);
rv = aes_decrypt_buf(key, keysize, iv, ivsize,
@@ -363,16 +386,56 @@ aes_gcm_kat(const char *respfn)
hex_to_byteval(&buf[i], &aad[j]);
}
aadlen = j;
if (aadlen != expected_aadlen) {
fprintf(stderr, "Unexpected AAD length: %u vs. %u\n",
aadlen, expected_aadlen);
exit(1);
}
+
+ fputs(buf, aesresp);
+
+ if (is_encrypt) {
+ rv = aes_encrypt_buf(key, keysize, iv, ivsize,
+ output, &outputlen, sizeof output,
+ plaintext, plaintextlen, aad, aadlen, expected_taglen);
+ if (rv != SECSuccess) {
+ fprintf(stderr, "aes_encrypt_buf failed\n");
+ goto loser;
+ }
+ if (outputlen != plaintextlen + expected_taglen) {
+ fprintf(stderr, "aes_encrypt_buf: wrong output size\n");
+ goto loser;
+ }
+#if 0
+ /* XXX Don't try to compare the ciphertext, as there is none
+ * to compare with. Just output the resulting CT. */
+ if (memcmp(output, ciphertext, plaintextlen) != 0) {
+ fprintf(stderr, "aes_encrypt_buf: wrong ciphertext\n");
+ goto loser;
+ }
+
+ if (memcmp(output + plaintextlen, tag, tagsize) != 0) {
+ fprintf(stderr, "aes_encrypt_buf: wrong tag\n");
+ goto loser;
+ }
+#endif
+
+ fputs ("CT = ", aesresp);
+ to_hex_str (buf, output, plaintextlen);
+ fputs (buf, aesresp);
+ fputc ('\n', aesresp);
+
+ fputs ("Tag = ", aesresp);
+ to_hex_str (buf, output + plaintextlen, expected_taglen);
+ fputs (buf, aesresp);
+ fputc ('\n', aesresp);
+ }
+
continue;
}
/* CT = ... */
if (strncmp(buf, "CT", 2) == 0) {
i = 2;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
@@ -380,16 +443,18 @@ aes_gcm_kat(const char *respfn)
hex_to_byteval(&buf[i], &ciphertext[j]);
}
ciphertextlen = j;
if (ciphertextlen != expected_ptlen) {
fprintf(stderr, "Unexpected CT length: %u vs. %u\n",
ciphertextlen, expected_ptlen);
exit(1);
}
+
+ fputs(buf, aesresp);
continue;
}
/* Tag = ... */
if (strncmp(buf, "Tag", 3) == 0) {
i = 3;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
}
@@ -398,46 +463,54 @@ aes_gcm_kat(const char *respfn)
}
tagsize = j;
if (tagsize != expected_taglen) {
fprintf(stderr, "Unexpected tag length: %u vs. %u\n",
tagsize, expected_taglen);
exit(1);
}
- if (is_encrypt) {
- rv = aes_encrypt_buf(key, keysize, iv, ivsize,
+ fputs(buf, aesresp);
+
+ if (!is_encrypt) {
+ rv = aes_decrypt_buf(key, keysize, iv, ivsize,
output, &outputlen, sizeof output,
- plaintext, plaintextlen, aad, aadlen, tagsize);
- if (rv != SECSuccess) {
- fprintf(stderr, "aes_encrypt_buf failed\n");
+ ciphertext, ciphertextlen, aad, aadlen, tag, tagsize);
+ if (rv != SECSuccess || outputlen < expected_ptlen) {
+ fputs ("FAIL\n", aesresp);
+ } else {
+ fputs ("PT = ", aesresp);
+ to_hex_str (buf, output, expected_ptlen);
+ fputs (buf, aesresp);
+ fputc ('\n', aesresp);
+ }
+
+#if 0
+ /* XXX Nothing to compare against */
+
+ if (memcmp(output, plaintext, plaintextlen) != 0) {
+ fprintf(stderr, "aes_decrypt_buf: wrong plaintext\n");
goto loser;
}
- if (outputlen != plaintextlen + tagsize) {
- fprintf(stderr, "aes_encrypt_buf: wrong output size\n");
- goto loser;
- }
- if (memcmp(output, ciphertext, plaintextlen) != 0) {
- fprintf(stderr, "aes_encrypt_buf: wrong ciphertext\n");
- goto loser;
- }
- if (memcmp(output + plaintextlen, tag, tagsize) != 0) {
- fprintf(stderr, "aes_encrypt_buf: wrong tag\n");
- goto loser;
- }
+#endif
}
+
continue;
}
}
+
+#if 0
/* Report num_tests for the last test group. */
printf("%u tests\n", num_tests);
printf("%u test groups\n", test_group);
printf("PASS\n");
+#endif
+
loser:
- fclose(aesresp);
+ fclose(aesreq);
}
int main(int argc, char **argv)
{
if (argc < 2) exit(1);
NSS_NoDB_Init(NULL);
diff --git a/lib/freebl/fips.h b/lib/freebl/fips.h
--- a/lib/freebl/fips.h
+++ b/lib/freebl/fips.h
@@ -3,27 +3,35 @@
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef FIPS_H
#define FIPS_H
+#include "blapit.h"
#include "hasht.h"
-#include "secerr.h"
#define IN_FIPS_RETURN(rv) \
do { \
if (FIPS_mode()) { \
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); \
return rv; \
} \
} while (0)
int FIPS_mode(void);
char* FIPS_rngDev(void);
PRBool FIPS_hashAlgApproved(HASH_HashType hashAlg);
void* FREEBL_GetGlobalVar(int which, void *data);
+SECStatus FREEBL_Test_PQG_ParamGenV3 (unsigned int L, unsigned int N, unsigned int seedBytes,
+ PQGParams **pParams, PQGVerify **pVfy,
+ int shanum, int *pgen_counter, int *qgen_counter,
+ SECItem *firstseed, SECItem *pseed, SECItem *qseed);
+SECStatus FREEBL_Test_PQG_GenerateG (unsigned int L, unsigned int N, unsigned int seedBytes,
+ PQGParams **pParams, PQGVerify **pVfy,
+ int shanum, const SECItem *P, const SECItem *Q);
+
#endif
diff --git a/lib/freebl/freebl.def b/lib/freebl/freebl.def
--- a/lib/freebl/freebl.def
+++ b/lib/freebl/freebl.def
@@ -17,11 +17,13 @@
;+# directives are hidden behind ";", ";+", and ";-"
;+
;+NSSprivate_3.11 { # NSS 3.11 release
;+ global:
LIBRARY freebl3 ;-
EXPORTS ;-
FREEBL_GetVector;
FREEBL_GetGlobalVar;
+FREEBL_Test_PQG_GenerateG;
+FREEBL_Test_PQG_ParamGenV3;
;+ local:
;+ *;
;+};
diff --git a/lib/freebl/freebl_hash.def b/lib/freebl/freebl_hash.def
--- a/lib/freebl/freebl_hash.def
+++ b/lib/freebl/freebl_hash.def
@@ -17,16 +17,18 @@
;+# directives are hidden behind ";", ";+", and ";-"
;+
;+NSSprivate_3.11 { # NSS 3.11 release
;+ global:
LIBRARY freebl3 ;-
EXPORTS ;-
FREEBL_GetVector;
FREEBL_GetGlobalVar;
+FREEBL_Test_PQG_GenerateG;
+FREEBL_Test_PQG_ParamGenV3;
;+ local:
;+ *;
;+};
;+NSSRAWHASH_3.12.3 { # NSS 3.12.3 release
;+ global:
NSSLOW_Init;
NSSLOW_Shutdown;
NSSLOWHASH_Length;
diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c
--- a/lib/freebl/pqg.c
+++ b/lib/freebl/pqg.c
@@ -1223,17 +1223,21 @@ cleanup:
/* This code uses labels and gotos, so that it can follow the numbered
** steps in the algorithms from FIPS 186-3 appendix A.1.1.2 very closely,
** and so that the correctness of this code can be easily verified.
** So, please forgive the ugly c code.
**/
static SECStatus
pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type,
- unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy)
+ unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy,
+ const SECItem *P_in, const SECItem *Q_in,
+ int minHashLen, int *pgen_counter_out,
+ int *qgen_counter_out, SECItem *firstseed_out,
+ SECItem *pseed_out, SECItem *qseed_out)
{
unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int b; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/
unsigned int counter; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int outlen; /* Per FIPS 186-3, appendix A.1.1.2. */
unsigned int maxCount;
@@ -1247,17 +1251,16 @@ pqg_ParamGen(unsigned int L, unsigned in
SECItem firstseed = { 0, 0, 0 };
SECItem qseed = { 0, 0, 0 };
SECItem pseed = { 0, 0, 0 };
mp_int P, Q, G, H, l, p0;
mp_err err = MP_OKAY;
SECStatus rv = SECFailure;
int iterations = 0;
-
/* Step 1. L and N already checked by caller*/
/* Step 2. if (seedlen < N) return INVALID; */
if (seedBytes < N/PR_BITS_PER_BYTE || !pParams || !pVfy) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
/* Initialize an arena for the params. */
arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
@@ -1298,20 +1301,27 @@ pqg_ParamGen(unsigned int L, unsigned in
MP_DIGITS(&p0) = 0;
CHECK_MPI_OK( mp_init(&P) );
CHECK_MPI_OK( mp_init(&Q) );
CHECK_MPI_OK( mp_init(&G) );
CHECK_MPI_OK( mp_init(&H) );
CHECK_MPI_OK( mp_init(&l) );
CHECK_MPI_OK( mp_init(&p0) );
+ if (P_in && Q_in && P_in->data && Q_in->data &&
+ P_in->len > 0 && Q_in->len > 0) {
+ SECITEM_TO_MPINT(*P_in, &P);
+ SECITEM_TO_MPINT(*Q_in, &Q);
+ goto generate_G;
+ }
+
/* Select Hash and Compute lengths. */
/* getFirstHash gives us the smallest acceptable hash for this key
* strength */
- hashtype = getFirstHash(L,N);
+ hashtype = getFirstHash(L, minHashLen > N ? minHashLen : N);
outlen = HASH_ResultLen(hashtype)*PR_BITS_PER_BYTE;
/* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */
n = (L - 1) / outlen;
/* Step 4: b = L -1 - (n*outlen); (same as n = (L-1) mod outlen) */
b = (L - 1) % outlen;
seedlen = seedBytes * PR_BITS_PER_BYTE; /* bits in seed */
step_5:
@@ -1375,16 +1385,21 @@ step_5:
if (seed->data == NULL) {
goto cleanup;
}
PORT_Memcpy(seed->data, firstseed.data, firstseed.len);
PORT_Memcpy(seed->data+firstseed.len, pseed.data, pseed.len);
PORT_Memcpy(seed->data+firstseed.len+pseed.len, qseed.data, qseed.len);
counter = 0 ; /* (qgen_counter << 16) | pgen_counter; */
+ if (pgen_counter_out)
+ *pgen_counter_out = pgen_counter;
+ if (qgen_counter_out)
+ *qgen_counter_out = qgen_counter;
+
/* we've generated both P and Q now, skip to generating G */
goto generate_G;
}
/* ******************************************************************
** Step 8. (Step 4 in 186-1)
** "Use a robust primality testing algorithm to test whether q is prime."
**
** Appendix 2.1 states that a Rabin test with at least 50 iterations
@@ -1494,16 +1509,24 @@ generate_G:
}
/* All generation is done. Now, save the PQG params. */
MPINT_TO_SECITEM(&P, ¶ms->prime, params->arena);
MPINT_TO_SECITEM(&Q, ¶ms->subPrime, params->arena);
MPINT_TO_SECITEM(&G, ¶ms->base, params->arena);
verify->counter = counter;
*pParams = params;
*pVfy = verify;
+
+ if (firstseed_out)
+ SECITEM_CopyItem (NULL, firstseed_out, &firstseed);
+ if (qseed_out)
+ SECITEM_CopyItem (NULL, qseed_out, &qseed);
+ if (pseed_out)
+ SECITEM_CopyItem (NULL, pseed_out, &pseed);
+
cleanup:
if (pseed.data) {
PORT_Free(pseed.data);
}
if (qseed.data) {
PORT_Free(qseed.data);
}
mp_clear(&P);
@@ -1533,53 +1556,102 @@ PQG_ParamGen(unsigned int j, PQGParams *
unsigned int seedBytes;
if (j > 8 || !pParams || !pVfy) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
L = 512 + (j * 64); /* bits in P */
seedBytes = L/8;
- return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes,
- pParams, pVfy);
+ return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes, pParams, pVfy,
+ NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL);
}
SECStatus
PQG_ParamGenSeedLen(unsigned int j, unsigned int seedBytes,
PQGParams **pParams, PQGVerify **pVfy)
{
unsigned int L; /* Length of P in bits. Per FIPS 186. */
if (j > 8 || !pParams || !pVfy) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
L = 512 + (j * 64); /* bits in P */
- return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes,
- pParams, pVfy);
+ return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes, pParams, pVfy,
+ NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL);
}
SECStatus
PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
- PQGParams **pParams, PQGVerify **pVfy)
+ PQGParams **pParams, PQGVerify **pVfy)
{
if (N == 0) {
N = pqg_get_default_N(L);
}
if (seedBytes == 0) {
/* seedBytes == L/8 for probable primes, N/8 for Shawe-Taylor Primes */
seedBytes = N/8;
}
if (pqg_validate_dsa2(L,N) != SECSuccess) {
/* error code already set */
return SECFailure;
}
- return pqg_ParamGen(L, N, FIPS186_3_ST_TYPE, seedBytes, pParams, pVfy);
+ return pqg_ParamGen(L, N, FIPS186_3_ST_TYPE, seedBytes, pParams, pVfy,
+ NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL);
}
+SECStatus
+FREEBL_Test_PQG_ParamGenV3(unsigned int L, unsigned int N, unsigned int seedBytes,
+ PQGParams **pParams, PQGVerify **pVfy,
+ int shanum, int *pgen_counter, int *qgen_counter,
+ SECItem *firstseed, SECItem *pseed, SECItem *qseed)
+{
+ if (N == 0) {
+ N = pqg_get_default_N(L);
+ }
+ if (seedBytes == 0) {
+ /* seedBytes == L/8 for probable primes, N/8 for Shawe-Taylor Primes */
+ seedBytes = N/8;
+ }
+ if (pqg_validate_dsa2(L,N) != SECSuccess) {
+ /* error code already set */
+ return SECFailure;
+ }
+
+ return pqg_ParamGen(L, N, FIPS186_3_ST_TYPE, seedBytes, pParams, pVfy,
+ NULL, NULL, shanum, pgen_counter, qgen_counter, firstseed, pseed, qseed);
+}
+
+/* Only to be used by FIPS tests */
+SECStatus
+FREEBL_Test_PQG_GenerateG (unsigned int L, unsigned int N, unsigned int seedBytes,
+ PQGParams **pParams, PQGVerify **pVfy,
+ int shanum, const SECItem *P, const SECItem *Q)
+{
+ int rv;
+
+ /* Generate G from P and Q according to FIPS 186-3 A2.1 */
+
+ if (N == 0) {
+ N = pqg_get_default_N(L);
+ }
+
+ if (seedBytes == 0) {
+ /* seedBytes == L/8 for probable primes, N/8 for Shawe-Taylor Primes */
+ seedBytes = N/8;
+ }
+ if (pqg_validate_dsa2(L,N) != SECSuccess) {
+ /* error code already set */
+ return SECFailure;
+ }
+
+ return pqg_ParamGen (L, N, FIPS186_1_TYPE, seedBytes, pParams, pVfy,
+ P, Q, shanum, NULL, NULL, NULL, NULL, NULL);
+}
/*
* verify can use vfy structures returned from either FIPS186-1 or
* FIPS186-2, and can handle differences in selected Hash functions to
* generate the parameters.
*/
SECStatus
PQG_VerifyParams(const PQGParams *params,
