1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/softoken/fipstest.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,2100 @@
1.4 +/*
1.5 + * PKCS #11 FIPS Power-Up Self Test.
1.6 + *
1.7 + * This Source Code Form is subject to the terms of the Mozilla Public
1.8 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.9 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.10 +
1.11 +#include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */
1.12 + /* DES-CBC, DES3-ECB, DES3-CBC, RSA */
1.13 + /* and DSA. */
1.14 +#include "seccomon.h" /* Required for RSA and DSA. */
1.15 +#include "lowkeyi.h" /* Required for RSA and DSA. */
1.16 +#include "pkcs11.h" /* Required for PKCS #11. */
1.17 +#include "secerr.h"
1.18 +
1.19 +#ifndef NSS_DISABLE_ECC
1.20 +#include "ec.h" /* Required for ECDSA */
1.21 +#endif
1.22 +
1.23 +
1.24 +/* FIPS preprocessor directives for RC2-ECB and RC2-CBC. */
1.25 +#define FIPS_RC2_KEY_LENGTH 5 /* 40-bits */
1.26 +#define FIPS_RC2_ENCRYPT_LENGTH 8 /* 64-bits */
1.27 +#define FIPS_RC2_DECRYPT_LENGTH 8 /* 64-bits */
1.28 +
1.29 +
1.30 +/* FIPS preprocessor directives for RC4. */
1.31 +#define FIPS_RC4_KEY_LENGTH 5 /* 40-bits */
1.32 +#define FIPS_RC4_ENCRYPT_LENGTH 8 /* 64-bits */
1.33 +#define FIPS_RC4_DECRYPT_LENGTH 8 /* 64-bits */
1.34 +
1.35 +
1.36 +/* FIPS preprocessor directives for DES-ECB and DES-CBC. */
1.37 +#define FIPS_DES_ENCRYPT_LENGTH 8 /* 64-bits */
1.38 +#define FIPS_DES_DECRYPT_LENGTH 8 /* 64-bits */
1.39 +
1.40 +
1.41 +/* FIPS preprocessor directives for DES3-CBC and DES3-ECB. */
1.42 +#define FIPS_DES3_ENCRYPT_LENGTH 8 /* 64-bits */
1.43 +#define FIPS_DES3_DECRYPT_LENGTH 8 /* 64-bits */
1.44 +
1.45 +
1.46 +/* FIPS preprocessor directives for AES-ECB and AES-CBC. */
1.47 +#define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */
1.48 +#define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */
1.49 +#define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */
1.50 +#define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */
1.51 +#define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */
1.52 +#define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */
1.53 +
1.54 +
1.55 +/* FIPS preprocessor directives for message digests */
1.56 +#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
1.57 +
1.58 +
1.59 +/* FIPS preprocessor directives for RSA. */
1.60 +#define FIPS_RSA_TYPE siBuffer
1.61 +#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */
1.62 +#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */
1.63 +#define FIPS_RSA_MESSAGE_LENGTH 256 /* 2048-bits */
1.64 +#define FIPS_RSA_COEFFICIENT_LENGTH 128 /* 1024-bits */
1.65 +#define FIPS_RSA_PRIME0_LENGTH 128 /* 1024-bits */
1.66 +#define FIPS_RSA_PRIME1_LENGTH 128 /* 1024-bits */
1.67 +#define FIPS_RSA_EXPONENT0_LENGTH 128 /* 1024-bits */
1.68 +#define FIPS_RSA_EXPONENT1_LENGTH 128 /* 1024-bits */
1.69 +#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */
1.70 +#define FIPS_RSA_ENCRYPT_LENGTH 256 /* 2048-bits */
1.71 +#define FIPS_RSA_DECRYPT_LENGTH 256 /* 2048-bits */
1.72 +#define FIPS_RSA_SIGNATURE_LENGTH 256 /* 2048-bits */
1.73 +#define FIPS_RSA_MODULUS_LENGTH 256 /* 2048-bits */
1.74 +
1.75 +
1.76 +/* FIPS preprocessor directives for DSA. */
1.77 +#define FIPS_DSA_TYPE siBuffer
1.78 +#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */
1.79 +#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */
1.80 +#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */
1.81 +#define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */
1.82 +#define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */
1.83 +
1.84 +/* FIPS preprocessor directives for RNG. */
1.85 +#define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */
1.86 +
1.87 +static CK_RV
1.88 +sftk_fips_RC2_PowerUpSelfTest( void )
1.89 +{
1.90 + /* RC2 Known Key (40-bits). */
1.91 + static const PRUint8 rc2_known_key[] = { "RSARC" };
1.92 +
1.93 + /* RC2-CBC Known Initialization Vector (64-bits). */
1.94 + static const PRUint8 rc2_cbc_known_initialization_vector[] = {"Security"};
1.95 +
1.96 + /* RC2 Known Plaintext (64-bits). */
1.97 + static const PRUint8 rc2_ecb_known_plaintext[] = {"Netscape"};
1.98 + static const PRUint8 rc2_cbc_known_plaintext[] = {"Netscape"};
1.99 +
1.100 + /* RC2 Known Ciphertext (64-bits). */
1.101 + static const PRUint8 rc2_ecb_known_ciphertext[] = {
1.102 + 0x1a,0x71,0x33,0x54,0x8d,0x5c,0xd2,0x30};
1.103 + static const PRUint8 rc2_cbc_known_ciphertext[] = {
1.104 + 0xff,0x41,0xdb,0x94,0x8a,0x4c,0x33,0xb3};
1.105 +
1.106 + /* RC2 variables. */
1.107 + PRUint8 rc2_computed_ciphertext[FIPS_RC2_ENCRYPT_LENGTH];
1.108 + PRUint8 rc2_computed_plaintext[FIPS_RC2_DECRYPT_LENGTH];
1.109 + RC2Context * rc2_context;
1.110 + unsigned int rc2_bytes_encrypted;
1.111 + unsigned int rc2_bytes_decrypted;
1.112 + SECStatus rc2_status;
1.113 +
1.114 +
1.115 + /******************************************************/
1.116 + /* RC2-ECB Single-Round Known Answer Encryption Test: */
1.117 + /******************************************************/
1.118 +
1.119 + rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
1.120 + NULL, NSS_RC2,
1.121 + FIPS_RC2_KEY_LENGTH );
1.122 +
1.123 + if( rc2_context == NULL )
1.124 + return( CKR_HOST_MEMORY );
1.125 +
1.126 + rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
1.127 + &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
1.128 + rc2_ecb_known_plaintext,
1.129 + FIPS_RC2_DECRYPT_LENGTH );
1.130 +
1.131 + RC2_DestroyContext( rc2_context, PR_TRUE );
1.132 +
1.133 + if( ( rc2_status != SECSuccess ) ||
1.134 + ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
1.135 + ( PORT_Memcmp( rc2_computed_ciphertext, rc2_ecb_known_ciphertext,
1.136 + FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
1.137 + return( CKR_DEVICE_ERROR );
1.138 +
1.139 +
1.140 + /******************************************************/
1.141 + /* RC2-ECB Single-Round Known Answer Decryption Test: */
1.142 + /******************************************************/
1.143 +
1.144 + rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
1.145 + NULL, NSS_RC2,
1.146 + FIPS_RC2_KEY_LENGTH );
1.147 +
1.148 + if( rc2_context == NULL )
1.149 + return( CKR_HOST_MEMORY );
1.150 +
1.151 + rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
1.152 + &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
1.153 + rc2_ecb_known_ciphertext,
1.154 + FIPS_RC2_ENCRYPT_LENGTH );
1.155 +
1.156 + RC2_DestroyContext( rc2_context, PR_TRUE );
1.157 +
1.158 + if( ( rc2_status != SECSuccess ) ||
1.159 + ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
1.160 + ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
1.161 + FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
1.162 + return( CKR_DEVICE_ERROR );
1.163 +
1.164 +
1.165 + /******************************************************/
1.166 + /* RC2-CBC Single-Round Known Answer Encryption Test: */
1.167 + /******************************************************/
1.168 +
1.169 + rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
1.170 + rc2_cbc_known_initialization_vector,
1.171 + NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
1.172 +
1.173 + if( rc2_context == NULL )
1.174 + return( CKR_HOST_MEMORY );
1.175 +
1.176 + rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
1.177 + &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
1.178 + rc2_cbc_known_plaintext,
1.179 + FIPS_RC2_DECRYPT_LENGTH );
1.180 +
1.181 + RC2_DestroyContext( rc2_context, PR_TRUE );
1.182 +
1.183 + if( ( rc2_status != SECSuccess ) ||
1.184 + ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
1.185 + ( PORT_Memcmp( rc2_computed_ciphertext, rc2_cbc_known_ciphertext,
1.186 + FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
1.187 + return( CKR_DEVICE_ERROR );
1.188 +
1.189 +
1.190 + /******************************************************/
1.191 + /* RC2-CBC Single-Round Known Answer Decryption Test: */
1.192 + /******************************************************/
1.193 +
1.194 + rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
1.195 + rc2_cbc_known_initialization_vector,
1.196 + NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
1.197 +
1.198 + if( rc2_context == NULL )
1.199 + return( CKR_HOST_MEMORY );
1.200 +
1.201 + rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
1.202 + &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
1.203 + rc2_cbc_known_ciphertext,
1.204 + FIPS_RC2_ENCRYPT_LENGTH );
1.205 +
1.206 + RC2_DestroyContext( rc2_context, PR_TRUE );
1.207 +
1.208 + if( ( rc2_status != SECSuccess ) ||
1.209 + ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
1.210 + ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
1.211 + FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
1.212 + return( CKR_DEVICE_ERROR );
1.213 +
1.214 + return( CKR_OK );
1.215 +}
1.216 +
1.217 +
1.218 +static CK_RV
1.219 +sftk_fips_RC4_PowerUpSelfTest( void )
1.220 +{
1.221 + /* RC4 Known Key (40-bits). */
1.222 + static const PRUint8 rc4_known_key[] = { "RSARC" };
1.223 +
1.224 + /* RC4 Known Plaintext (64-bits). */
1.225 + static const PRUint8 rc4_known_plaintext[] = { "Netscape" };
1.226 +
1.227 + /* RC4 Known Ciphertext (64-bits). */
1.228 + static const PRUint8 rc4_known_ciphertext[] = {
1.229 + 0x29,0x33,0xc7,0x9a,0x9d,0x6c,0x09,0xdd};
1.230 +
1.231 + /* RC4 variables. */
1.232 + PRUint8 rc4_computed_ciphertext[FIPS_RC4_ENCRYPT_LENGTH];
1.233 + PRUint8 rc4_computed_plaintext[FIPS_RC4_DECRYPT_LENGTH];
1.234 + RC4Context * rc4_context;
1.235 + unsigned int rc4_bytes_encrypted;
1.236 + unsigned int rc4_bytes_decrypted;
1.237 + SECStatus rc4_status;
1.238 +
1.239 +
1.240 + /**************************************************/
1.241 + /* RC4 Single-Round Known Answer Encryption Test: */
1.242 + /**************************************************/
1.243 +
1.244 + rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
1.245 +
1.246 + if( rc4_context == NULL )
1.247 + return( CKR_HOST_MEMORY );
1.248 +
1.249 + rc4_status = RC4_Encrypt( rc4_context, rc4_computed_ciphertext,
1.250 + &rc4_bytes_encrypted, FIPS_RC4_ENCRYPT_LENGTH,
1.251 + rc4_known_plaintext, FIPS_RC4_DECRYPT_LENGTH );
1.252 +
1.253 + RC4_DestroyContext( rc4_context, PR_TRUE );
1.254 +
1.255 + if( ( rc4_status != SECSuccess ) ||
1.256 + ( rc4_bytes_encrypted != FIPS_RC4_ENCRYPT_LENGTH ) ||
1.257 + ( PORT_Memcmp( rc4_computed_ciphertext, rc4_known_ciphertext,
1.258 + FIPS_RC4_ENCRYPT_LENGTH ) != 0 ) )
1.259 + return( CKR_DEVICE_ERROR );
1.260 +
1.261 +
1.262 + /**************************************************/
1.263 + /* RC4 Single-Round Known Answer Decryption Test: */
1.264 + /**************************************************/
1.265 +
1.266 + rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
1.267 +
1.268 + if( rc4_context == NULL )
1.269 + return( CKR_HOST_MEMORY );
1.270 +
1.271 + rc4_status = RC4_Decrypt( rc4_context, rc4_computed_plaintext,
1.272 + &rc4_bytes_decrypted, FIPS_RC4_DECRYPT_LENGTH,
1.273 + rc4_known_ciphertext, FIPS_RC4_ENCRYPT_LENGTH );
1.274 +
1.275 + RC4_DestroyContext( rc4_context, PR_TRUE );
1.276 +
1.277 + if( ( rc4_status != SECSuccess ) ||
1.278 + ( rc4_bytes_decrypted != FIPS_RC4_DECRYPT_LENGTH ) ||
1.279 + ( PORT_Memcmp( rc4_computed_plaintext, rc4_known_plaintext,
1.280 + FIPS_RC4_DECRYPT_LENGTH ) != 0 ) )
1.281 + return( CKR_DEVICE_ERROR );
1.282 +
1.283 + return( CKR_OK );
1.284 +}
1.285 +
1.286 +
1.287 +static CK_RV
1.288 +sftk_fips_DES_PowerUpSelfTest( void )
1.289 +{
1.290 + /* DES Known Key (56-bits). */
1.291 + static const PRUint8 des_known_key[] = { "ANSI DES" };
1.292 +
1.293 + /* DES-CBC Known Initialization Vector (64-bits). */
1.294 + static const PRUint8 des_cbc_known_initialization_vector[] = { "Security" };
1.295 +
1.296 + /* DES Known Plaintext (64-bits). */
1.297 + static const PRUint8 des_ecb_known_plaintext[] = { "Netscape" };
1.298 + static const PRUint8 des_cbc_known_plaintext[] = { "Netscape" };
1.299 +
1.300 + /* DES Known Ciphertext (64-bits). */
1.301 + static const PRUint8 des_ecb_known_ciphertext[] = {
1.302 + 0x26,0x14,0xe9,0xc3,0x28,0x80,0x50,0xb0};
1.303 + static const PRUint8 des_cbc_known_ciphertext[] = {
1.304 + 0x5e,0x95,0x94,0x5d,0x76,0xa2,0xd3,0x7d};
1.305 +
1.306 + /* DES variables. */
1.307 + PRUint8 des_computed_ciphertext[FIPS_DES_ENCRYPT_LENGTH];
1.308 + PRUint8 des_computed_plaintext[FIPS_DES_DECRYPT_LENGTH];
1.309 + DESContext * des_context;
1.310 + unsigned int des_bytes_encrypted;
1.311 + unsigned int des_bytes_decrypted;
1.312 + SECStatus des_status;
1.313 +
1.314 +
1.315 + /******************************************************/
1.316 + /* DES-ECB Single-Round Known Answer Encryption Test: */
1.317 + /******************************************************/
1.318 +
1.319 + des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_TRUE );
1.320 +
1.321 + if( des_context == NULL )
1.322 + return( CKR_HOST_MEMORY );
1.323 +
1.324 + des_status = DES_Encrypt( des_context, des_computed_ciphertext,
1.325 + &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
1.326 + des_ecb_known_plaintext,
1.327 + FIPS_DES_DECRYPT_LENGTH );
1.328 +
1.329 + DES_DestroyContext( des_context, PR_TRUE );
1.330 +
1.331 + if( ( des_status != SECSuccess ) ||
1.332 + ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
1.333 + ( PORT_Memcmp( des_computed_ciphertext, des_ecb_known_ciphertext,
1.334 + FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
1.335 + return( CKR_DEVICE_ERROR );
1.336 +
1.337 +
1.338 + /******************************************************/
1.339 + /* DES-ECB Single-Round Known Answer Decryption Test: */
1.340 + /******************************************************/
1.341 +
1.342 + des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_FALSE );
1.343 +
1.344 + if( des_context == NULL )
1.345 + return( CKR_HOST_MEMORY );
1.346 +
1.347 + des_status = DES_Decrypt( des_context, des_computed_plaintext,
1.348 + &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
1.349 + des_ecb_known_ciphertext,
1.350 + FIPS_DES_ENCRYPT_LENGTH );
1.351 +
1.352 + DES_DestroyContext( des_context, PR_TRUE );
1.353 +
1.354 + if( ( des_status != SECSuccess ) ||
1.355 + ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
1.356 + ( PORT_Memcmp( des_computed_plaintext, des_ecb_known_plaintext,
1.357 + FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
1.358 + return( CKR_DEVICE_ERROR );
1.359 +
1.360 +
1.361 + /******************************************************/
1.362 + /* DES-CBC Single-Round Known Answer Encryption Test. */
1.363 + /******************************************************/
1.364 +
1.365 + des_context = DES_CreateContext( des_known_key,
1.366 + des_cbc_known_initialization_vector,
1.367 + NSS_DES_CBC, PR_TRUE );
1.368 +
1.369 + if( des_context == NULL )
1.370 + return( CKR_HOST_MEMORY );
1.371 +
1.372 + des_status = DES_Encrypt( des_context, des_computed_ciphertext,
1.373 + &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
1.374 + des_cbc_known_plaintext,
1.375 + FIPS_DES_DECRYPT_LENGTH );
1.376 +
1.377 + DES_DestroyContext( des_context, PR_TRUE );
1.378 +
1.379 + if( ( des_status != SECSuccess ) ||
1.380 + ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
1.381 + ( PORT_Memcmp( des_computed_ciphertext, des_cbc_known_ciphertext,
1.382 + FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
1.383 + return( CKR_DEVICE_ERROR );
1.384 +
1.385 +
1.386 + /******************************************************/
1.387 + /* DES-CBC Single-Round Known Answer Decryption Test. */
1.388 + /******************************************************/
1.389 +
1.390 + des_context = DES_CreateContext( des_known_key,
1.391 + des_cbc_known_initialization_vector,
1.392 + NSS_DES_CBC, PR_FALSE );
1.393 +
1.394 + if( des_context == NULL )
1.395 + return( CKR_HOST_MEMORY );
1.396 +
1.397 + des_status = DES_Decrypt( des_context, des_computed_plaintext,
1.398 + &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
1.399 + des_cbc_known_ciphertext,
1.400 + FIPS_DES_ENCRYPT_LENGTH );
1.401 +
1.402 + DES_DestroyContext( des_context, PR_TRUE );
1.403 +
1.404 + if( ( des_status != SECSuccess ) ||
1.405 + ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
1.406 + ( PORT_Memcmp( des_computed_plaintext, des_cbc_known_plaintext,
1.407 + FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
1.408 + return( CKR_DEVICE_ERROR );
1.409 +
1.410 + return( CKR_OK );
1.411 +}
1.412 +
1.413 +
1.414 +static CK_RV
1.415 +sftk_fips_DES3_PowerUpSelfTest( void )
1.416 +{
1.417 + /* DES3 Known Key (56-bits). */
1.418 + static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
1.419 +
1.420 + /* DES3-CBC Known Initialization Vector (64-bits). */
1.421 + static const PRUint8 des3_cbc_known_initialization_vector[] = { "Security" };
1.422 +
1.423 + /* DES3 Known Plaintext (64-bits). */
1.424 + static const PRUint8 des3_ecb_known_plaintext[] = { "Netscape" };
1.425 + static const PRUint8 des3_cbc_known_plaintext[] = { "Netscape" };
1.426 +
1.427 + /* DES3 Known Ciphertext (64-bits). */
1.428 + static const PRUint8 des3_ecb_known_ciphertext[] = {
1.429 + 0x55,0x8e,0xad,0x3c,0xee,0x49,0x69,0xbe};
1.430 + static const PRUint8 des3_cbc_known_ciphertext[] = {
1.431 + 0x43,0xdc,0x6a,0xc1,0xaf,0xa6,0x32,0xf5};
1.432 +
1.433 + /* DES3 variables. */
1.434 + PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
1.435 + PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
1.436 + DESContext * des3_context;
1.437 + unsigned int des3_bytes_encrypted;
1.438 + unsigned int des3_bytes_decrypted;
1.439 + SECStatus des3_status;
1.440 +
1.441 +
1.442 + /*******************************************************/
1.443 + /* DES3-ECB Single-Round Known Answer Encryption Test. */
1.444 + /*******************************************************/
1.445 +
1.446 + des3_context = DES_CreateContext( des3_known_key, NULL,
1.447 + NSS_DES_EDE3, PR_TRUE );
1.448 +
1.449 + if( des3_context == NULL )
1.450 + return( CKR_HOST_MEMORY );
1.451 +
1.452 + des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
1.453 + &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
1.454 + des3_ecb_known_plaintext,
1.455 + FIPS_DES3_DECRYPT_LENGTH );
1.456 +
1.457 + DES_DestroyContext( des3_context, PR_TRUE );
1.458 +
1.459 + if( ( des3_status != SECSuccess ) ||
1.460 + ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
1.461 + ( PORT_Memcmp( des3_computed_ciphertext, des3_ecb_known_ciphertext,
1.462 + FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
1.463 + return( CKR_DEVICE_ERROR );
1.464 +
1.465 +
1.466 + /*******************************************************/
1.467 + /* DES3-ECB Single-Round Known Answer Decryption Test. */
1.468 + /*******************************************************/
1.469 +
1.470 + des3_context = DES_CreateContext( des3_known_key, NULL,
1.471 + NSS_DES_EDE3, PR_FALSE );
1.472 +
1.473 + if( des3_context == NULL )
1.474 + return( CKR_HOST_MEMORY );
1.475 +
1.476 + des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
1.477 + &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
1.478 + des3_ecb_known_ciphertext,
1.479 + FIPS_DES3_ENCRYPT_LENGTH );
1.480 +
1.481 + DES_DestroyContext( des3_context, PR_TRUE );
1.482 +
1.483 + if( ( des3_status != SECSuccess ) ||
1.484 + ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
1.485 + ( PORT_Memcmp( des3_computed_plaintext, des3_ecb_known_plaintext,
1.486 + FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
1.487 + return( CKR_DEVICE_ERROR );
1.488 +
1.489 +
1.490 + /*******************************************************/
1.491 + /* DES3-CBC Single-Round Known Answer Encryption Test. */
1.492 + /*******************************************************/
1.493 +
1.494 + des3_context = DES_CreateContext( des3_known_key,
1.495 + des3_cbc_known_initialization_vector,
1.496 + NSS_DES_EDE3_CBC, PR_TRUE );
1.497 +
1.498 + if( des3_context == NULL )
1.499 + return( CKR_HOST_MEMORY );
1.500 +
1.501 + des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
1.502 + &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
1.503 + des3_cbc_known_plaintext,
1.504 + FIPS_DES3_DECRYPT_LENGTH );
1.505 +
1.506 + DES_DestroyContext( des3_context, PR_TRUE );
1.507 +
1.508 + if( ( des3_status != SECSuccess ) ||
1.509 + ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
1.510 + ( PORT_Memcmp( des3_computed_ciphertext, des3_cbc_known_ciphertext,
1.511 + FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
1.512 + return( CKR_DEVICE_ERROR );
1.513 +
1.514 +
1.515 + /*******************************************************/
1.516 + /* DES3-CBC Single-Round Known Answer Decryption Test. */
1.517 + /*******************************************************/
1.518 +
1.519 + des3_context = DES_CreateContext( des3_known_key,
1.520 + des3_cbc_known_initialization_vector,
1.521 + NSS_DES_EDE3_CBC, PR_FALSE );
1.522 +
1.523 + if( des3_context == NULL )
1.524 + return( CKR_HOST_MEMORY );
1.525 +
1.526 + des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
1.527 + &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
1.528 + des3_cbc_known_ciphertext,
1.529 + FIPS_DES3_ENCRYPT_LENGTH );
1.530 +
1.531 + DES_DestroyContext( des3_context, PR_TRUE );
1.532 +
1.533 + if( ( des3_status != SECSuccess ) ||
1.534 + ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
1.535 + ( PORT_Memcmp( des3_computed_plaintext, des3_cbc_known_plaintext,
1.536 + FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
1.537 + return( CKR_DEVICE_ERROR );
1.538 +
1.539 + return( CKR_OK );
1.540 +}
1.541 +
1.542 +
1.543 +/* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/
1.544 +static CK_RV
1.545 +sftk_fips_AES_PowerUpSelfTest( int aes_key_size )
1.546 +{
1.547 + /* AES Known Key (up to 256-bits). */
1.548 + static const PRUint8 aes_known_key[] =
1.549 + { "AES-128 RIJNDAELLEADNJIR 821-SEA" };
1.550 +
1.551 + /* AES-CBC Known Initialization Vector (128-bits). */
1.552 + static const PRUint8 aes_cbc_known_initialization_vector[] =
1.553 + { "SecurityytiruceS" };
1.554 +
1.555 + /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
1.556 + static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" };
1.557 +
1.558 + /* AES Known Ciphertext (128-bit key). */
1.559 + static const PRUint8 aes_ecb128_known_ciphertext[] = {
1.560 + 0x3c,0xa5,0x96,0xf3,0x34,0x6a,0x96,0xc1,
1.561 + 0x03,0x88,0x16,0x7b,0x20,0xbf,0x35,0x47 };
1.562 +
1.563 + static const PRUint8 aes_cbc128_known_ciphertext[] = {
1.564 + 0xcf,0x15,0x1d,0x4f,0x96,0xe4,0x4f,0x63,
1.565 + 0x15,0x54,0x14,0x1d,0x4e,0xd8,0xd5,0xea };
1.566 +
1.567 + /* AES Known Ciphertext (192-bit key). */
1.568 + static const PRUint8 aes_ecb192_known_ciphertext[] = {
1.569 + 0xa0,0x18,0x62,0xed,0x88,0x19,0xcb,0x62,
1.570 + 0x88,0x1d,0x4d,0xfe,0x84,0x02,0x89,0x0e };
1.571 +
1.572 + static const PRUint8 aes_cbc192_known_ciphertext[] = {
1.573 + 0x83,0xf7,0xa4,0x76,0xd1,0x6f,0x07,0xbe,
1.574 + 0x07,0xbc,0x43,0x2f,0x6d,0xad,0x29,0xe1 };
1.575 +
1.576 + /* AES Known Ciphertext (256-bit key). */
1.577 + static const PRUint8 aes_ecb256_known_ciphertext[] = {
1.578 + 0xdb,0xa6,0x52,0x01,0x8a,0x70,0xae,0x66,
1.579 + 0x3a,0x99,0xd8,0x95,0x7f,0xfb,0x01,0x67 };
1.580 +
1.581 + static const PRUint8 aes_cbc256_known_ciphertext[] = {
1.582 + 0x37,0xea,0x07,0x06,0x31,0x1c,0x59,0x27,
1.583 + 0xc5,0xc5,0x68,0x71,0x6e,0x34,0x40,0x16 };
1.584 +
1.585 + const PRUint8 *aes_ecb_known_ciphertext =
1.586 + ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext :
1.587 + ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext :
1.588 + aes_ecb256_known_ciphertext;
1.589 +
1.590 + const PRUint8 *aes_cbc_known_ciphertext =
1.591 + ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext :
1.592 + ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext :
1.593 + aes_cbc256_known_ciphertext;
1.594 +
1.595 + /* AES variables. */
1.596 + PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH];
1.597 + PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH];
1.598 + AESContext * aes_context;
1.599 + unsigned int aes_bytes_encrypted;
1.600 + unsigned int aes_bytes_decrypted;
1.601 + SECStatus aes_status;
1.602 +
1.603 + /*check if aes_key_size is 128, 192, or 256 bits */
1.604 + if ((aes_key_size != FIPS_AES_128_KEY_SIZE) &&
1.605 + (aes_key_size != FIPS_AES_192_KEY_SIZE) &&
1.606 + (aes_key_size != FIPS_AES_256_KEY_SIZE))
1.607 + return( CKR_DEVICE_ERROR );
1.608 +
1.609 + /******************************************************/
1.610 + /* AES-ECB Single-Round Known Answer Encryption Test: */
1.611 + /******************************************************/
1.612 +
1.613 + aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_TRUE,
1.614 + aes_key_size, FIPS_AES_BLOCK_SIZE );
1.615 +
1.616 + if( aes_context == NULL )
1.617 + return( CKR_HOST_MEMORY );
1.618 +
1.619 + aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
1.620 + &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
1.621 + aes_known_plaintext,
1.622 + FIPS_AES_DECRYPT_LENGTH );
1.623 +
1.624 + AES_DestroyContext( aes_context, PR_TRUE );
1.625 +
1.626 + if( ( aes_status != SECSuccess ) ||
1.627 + ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
1.628 + ( PORT_Memcmp( aes_computed_ciphertext, aes_ecb_known_ciphertext,
1.629 + FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
1.630 + return( CKR_DEVICE_ERROR );
1.631 +
1.632 +
1.633 + /******************************************************/
1.634 + /* AES-ECB Single-Round Known Answer Decryption Test: */
1.635 + /******************************************************/
1.636 +
1.637 + aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_FALSE,
1.638 + aes_key_size, FIPS_AES_BLOCK_SIZE );
1.639 +
1.640 + if( aes_context == NULL )
1.641 + return( CKR_HOST_MEMORY );
1.642 +
1.643 + aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
1.644 + &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
1.645 + aes_ecb_known_ciphertext,
1.646 + FIPS_AES_ENCRYPT_LENGTH );
1.647 +
1.648 + AES_DestroyContext( aes_context, PR_TRUE );
1.649 +
1.650 + if( ( aes_status != SECSuccess ) ||
1.651 + ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
1.652 + ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
1.653 + FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
1.654 + return( CKR_DEVICE_ERROR );
1.655 +
1.656 +
1.657 + /******************************************************/
1.658 + /* AES-CBC Single-Round Known Answer Encryption Test. */
1.659 + /******************************************************/
1.660 +
1.661 + aes_context = AES_CreateContext( aes_known_key,
1.662 + aes_cbc_known_initialization_vector,
1.663 + NSS_AES_CBC, PR_TRUE, aes_key_size,
1.664 + FIPS_AES_BLOCK_SIZE );
1.665 +
1.666 + if( aes_context == NULL )
1.667 + return( CKR_HOST_MEMORY );
1.668 +
1.669 + aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
1.670 + &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
1.671 + aes_known_plaintext,
1.672 + FIPS_AES_DECRYPT_LENGTH );
1.673 +
1.674 + AES_DestroyContext( aes_context, PR_TRUE );
1.675 +
1.676 + if( ( aes_status != SECSuccess ) ||
1.677 + ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
1.678 + ( PORT_Memcmp( aes_computed_ciphertext, aes_cbc_known_ciphertext,
1.679 + FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
1.680 + return( CKR_DEVICE_ERROR );
1.681 +
1.682 +
1.683 + /******************************************************/
1.684 + /* AES-CBC Single-Round Known Answer Decryption Test. */
1.685 + /******************************************************/
1.686 +
1.687 + aes_context = AES_CreateContext( aes_known_key,
1.688 + aes_cbc_known_initialization_vector,
1.689 + NSS_AES_CBC, PR_FALSE, aes_key_size,
1.690 + FIPS_AES_BLOCK_SIZE );
1.691 +
1.692 + if( aes_context == NULL )
1.693 + return( CKR_HOST_MEMORY );
1.694 +
1.695 + aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
1.696 + &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
1.697 + aes_cbc_known_ciphertext,
1.698 + FIPS_AES_ENCRYPT_LENGTH );
1.699 +
1.700 + AES_DestroyContext( aes_context, PR_TRUE );
1.701 +
1.702 + if( ( aes_status != SECSuccess ) ||
1.703 + ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
1.704 + ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
1.705 + FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
1.706 + return( CKR_DEVICE_ERROR );
1.707 +
1.708 + return( CKR_OK );
1.709 +}
1.710 +
1.711 +/* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */
1.712 +static const PRUint8 known_hash_message[] = {
1.713 + "The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
1.714 +
1.715 +
1.716 +static CK_RV
1.717 +sftk_fips_MD2_PowerUpSelfTest( void )
1.718 +{
1.719 + /* MD2 Known Digest Message (128-bits). */
1.720 + static const PRUint8 md2_known_digest[] = {
1.721 + 0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17,
1.722 + 0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b};
1.723 +
1.724 + /* MD2 variables. */
1.725 + MD2Context * md2_context;
1.726 + unsigned int md2_bytes_hashed;
1.727 + PRUint8 md2_computed_digest[MD2_LENGTH];
1.728 +
1.729 +
1.730 + /***********************************************/
1.731 + /* MD2 Single-Round Known Answer Hashing Test. */
1.732 + /***********************************************/
1.733 +
1.734 + md2_context = MD2_NewContext();
1.735 +
1.736 + if( md2_context == NULL )
1.737 + return( CKR_HOST_MEMORY );
1.738 +
1.739 + MD2_Begin( md2_context );
1.740 +
1.741 + MD2_Update( md2_context, known_hash_message,
1.742 + FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1.743 +
1.744 + MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH );
1.745 +
1.746 + MD2_DestroyContext( md2_context , PR_TRUE );
1.747 +
1.748 + if( ( md2_bytes_hashed != MD2_LENGTH ) ||
1.749 + ( PORT_Memcmp( md2_computed_digest, md2_known_digest,
1.750 + MD2_LENGTH ) != 0 ) )
1.751 + return( CKR_DEVICE_ERROR );
1.752 +
1.753 + return( CKR_OK );
1.754 +}
1.755 +
1.756 +
1.757 +static CK_RV
1.758 +sftk_fips_MD5_PowerUpSelfTest( void )
1.759 +{
1.760 + /* MD5 Known Digest Message (128-bits). */
1.761 + static const PRUint8 md5_known_digest[] = {
1.762 + 0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28,
1.763 + 0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d};
1.764 +
1.765 + /* MD5 variables. */
1.766 + PRUint8 md5_computed_digest[MD5_LENGTH];
1.767 + SECStatus md5_status;
1.768 +
1.769 +
1.770 + /***********************************************/
1.771 + /* MD5 Single-Round Known Answer Hashing Test. */
1.772 + /***********************************************/
1.773 +
1.774 + md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message,
1.775 + FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1.776 +
1.777 + if( ( md5_status != SECSuccess ) ||
1.778 + ( PORT_Memcmp( md5_computed_digest, md5_known_digest,
1.779 + MD5_LENGTH ) != 0 ) )
1.780 + return( CKR_DEVICE_ERROR );
1.781 +
1.782 + return( CKR_OK );
1.783 +}
1.784 +
1.785 +/****************************************************/
1.786 +/* Single Round HMAC SHA-X test */
1.787 +/****************************************************/
1.788 +static SECStatus
1.789 +sftk_fips_HMAC(unsigned char *hmac_computed,
1.790 + const PRUint8 *secret_key,
1.791 + unsigned int secret_key_length,
1.792 + const PRUint8 *message,
1.793 + unsigned int message_length,
1.794 + HASH_HashType hashAlg )
1.795 +{
1.796 + SECStatus hmac_status = SECFailure;
1.797 + HMACContext *cx = NULL;
1.798 + SECHashObject *hashObj = NULL;
1.799 + unsigned int bytes_hashed = 0;
1.800 +
1.801 + hashObj = (SECHashObject *) HASH_GetRawHashObject(hashAlg);
1.802 +
1.803 + if (!hashObj)
1.804 + return( SECFailure );
1.805 +
1.806 + cx = HMAC_Create(hashObj, secret_key,
1.807 + secret_key_length,
1.808 + PR_TRUE); /* PR_TRUE for in FIPS mode */
1.809 +
1.810 + if (cx == NULL)
1.811 + return( SECFailure );
1.812 +
1.813 + HMAC_Begin(cx);
1.814 + HMAC_Update(cx, message, message_length);
1.815 + hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
1.816 + hashObj->length);
1.817 +
1.818 + HMAC_Destroy(cx, PR_TRUE);
1.819 +
1.820 + return( hmac_status );
1.821 +}
1.822 +
1.823 +static CK_RV
1.824 +sftk_fips_HMAC_PowerUpSelfTest( void )
1.825 +{
1.826 + static const PRUint8 HMAC_known_secret_key[] = {
1.827 + "Firefox and ThunderBird are awesome!"};
1.828 +
1.829 + static const PRUint8 HMAC_known_secret_key_length
1.830 + = sizeof HMAC_known_secret_key;
1.831 +
1.832 + /* known SHA1 hmac (20 bytes) */
1.833 + static const PRUint8 known_SHA1_hmac[] = {
1.834 + 0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05,
1.835 + 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
1.836 + 0x5d, 0x0e, 0x1e, 0x11};
1.837 +
1.838 + /* known SHA224 hmac (28 bytes) */
1.839 + static const PRUint8 known_SHA224_hmac[] = {
1.840 + 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
1.841 + 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
1.842 + 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
1.843 + 0x9a, 0xb8, 0x98, 0x4e};
1.844 +
1.845 + /* known SHA256 hmac (32 bytes) */
1.846 + static const PRUint8 known_SHA256_hmac[] = {
1.847 + 0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44,
1.848 + 0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0,
1.849 + 0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9,
1.850 + 0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48};
1.851 +
1.852 + /* known SHA384 hmac (48 bytes) */
1.853 + static const PRUint8 known_SHA384_hmac[] = {
1.854 + 0xcd, 0x56, 0x14, 0xec, 0x05, 0x53, 0x06, 0x2b,
1.855 + 0x7e, 0x9c, 0x8a, 0x18, 0x5e, 0xea, 0xf3, 0x91,
1.856 + 0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b,
1.857 + 0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d,
1.858 + 0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa,
1.859 + 0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87};
1.860 +
1.861 + /* known SHA512 hmac (64 bytes) */
1.862 + static const PRUint8 known_SHA512_hmac[] = {
1.863 + 0xf6, 0x0e, 0x97, 0x12, 0x00, 0x67, 0x6e, 0xb9,
1.864 + 0x0c, 0xb2, 0x63, 0xf0, 0x60, 0xac, 0x75, 0x62,
1.865 + 0x70, 0x95, 0x2a, 0x52, 0x22, 0xee, 0xdd, 0xd2,
1.866 + 0x71, 0xb1, 0xe8, 0x26, 0x33, 0xd3, 0x13, 0x27,
1.867 + 0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb,
1.868 + 0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1,
1.869 + 0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4,
1.870 + 0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37};
1.871 +
1.872 + SECStatus hmac_status;
1.873 + PRUint8 hmac_computed[HASH_LENGTH_MAX];
1.874 +
1.875 + /***************************************************/
1.876 + /* HMAC SHA-1 Single-Round Known Answer HMAC Test. */
1.877 + /***************************************************/
1.878 +
1.879 + hmac_status = sftk_fips_HMAC(hmac_computed,
1.880 + HMAC_known_secret_key,
1.881 + HMAC_known_secret_key_length,
1.882 + known_hash_message,
1.883 + FIPS_KNOWN_HASH_MESSAGE_LENGTH,
1.884 + HASH_AlgSHA1);
1.885 +
1.886 + if( ( hmac_status != SECSuccess ) ||
1.887 + ( PORT_Memcmp( hmac_computed, known_SHA1_hmac,
1.888 + SHA1_LENGTH ) != 0 ) )
1.889 + return( CKR_DEVICE_ERROR );
1.890 +
1.891 + /***************************************************/
1.892 + /* HMAC SHA-224 Single-Round Known Answer Test. */
1.893 + /***************************************************/
1.894 +
1.895 + hmac_status = sftk_fips_HMAC(hmac_computed,
1.896 + HMAC_known_secret_key,
1.897 + HMAC_known_secret_key_length,
1.898 + known_hash_message,
1.899 + FIPS_KNOWN_HASH_MESSAGE_LENGTH,
1.900 + HASH_AlgSHA224);
1.901 +
1.902 + if( ( hmac_status != SECSuccess ) ||
1.903 + ( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
1.904 + SHA224_LENGTH ) != 0 ) )
1.905 + return( CKR_DEVICE_ERROR );
1.906 +
1.907 + /***************************************************/
1.908 + /* HMAC SHA-256 Single-Round Known Answer Test. */
1.909 + /***************************************************/
1.910 +
1.911 + hmac_status = sftk_fips_HMAC(hmac_computed,
1.912 + HMAC_known_secret_key,
1.913 + HMAC_known_secret_key_length,
1.914 + known_hash_message,
1.915 + FIPS_KNOWN_HASH_MESSAGE_LENGTH,
1.916 + HASH_AlgSHA256);
1.917 +
1.918 + if( ( hmac_status != SECSuccess ) ||
1.919 + ( PORT_Memcmp( hmac_computed, known_SHA256_hmac,
1.920 + SHA256_LENGTH ) != 0 ) )
1.921 + return( CKR_DEVICE_ERROR );
1.922 +
1.923 + /***************************************************/
1.924 + /* HMAC SHA-384 Single-Round Known Answer Test. */
1.925 + /***************************************************/
1.926 +
1.927 + hmac_status = sftk_fips_HMAC(hmac_computed,
1.928 + HMAC_known_secret_key,
1.929 + HMAC_known_secret_key_length,
1.930 + known_hash_message,
1.931 + FIPS_KNOWN_HASH_MESSAGE_LENGTH,
1.932 + HASH_AlgSHA384);
1.933 +
1.934 + if( ( hmac_status != SECSuccess ) ||
1.935 + ( PORT_Memcmp( hmac_computed, known_SHA384_hmac,
1.936 + SHA384_LENGTH ) != 0 ) )
1.937 + return( CKR_DEVICE_ERROR );
1.938 +
1.939 + /***************************************************/
1.940 + /* HMAC SHA-512 Single-Round Known Answer Test. */
1.941 + /***************************************************/
1.942 +
1.943 + hmac_status = sftk_fips_HMAC(hmac_computed,
1.944 + HMAC_known_secret_key,
1.945 + HMAC_known_secret_key_length,
1.946 + known_hash_message,
1.947 + FIPS_KNOWN_HASH_MESSAGE_LENGTH,
1.948 + HASH_AlgSHA512);
1.949 +
1.950 + if( ( hmac_status != SECSuccess ) ||
1.951 + ( PORT_Memcmp( hmac_computed, known_SHA512_hmac,
1.952 + SHA512_LENGTH ) != 0 ) )
1.953 + return( CKR_DEVICE_ERROR );
1.954 +
1.955 + return( CKR_OK );
1.956 +}
1.957 +
1.958 +static CK_RV
1.959 +sftk_fips_SHA_PowerUpSelfTest( void )
1.960 +{
1.961 + /* SHA-1 Known Digest Message (160-bits). */
1.962 + static const PRUint8 sha1_known_digest[] = {
1.963 + 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
1.964 + 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
1.965 + 0xe0,0x68,0x47,0x7a};
1.966 +
1.967 + /* SHA-224 Known Digest Message (224-bits). */
1.968 + static const PRUint8 sha224_known_digest[] = {
1.969 + 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
1.970 + 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
1.971 + 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
1.972 + 0x8e,0x08,0xe5,0xcb};
1.973 +
1.974 + /* SHA-256 Known Digest Message (256-bits). */
1.975 + static const PRUint8 sha256_known_digest[] = {
1.976 + 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
1.977 + 0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d,
1.978 + 0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9,
1.979 + 0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79};
1.980 +
1.981 + /* SHA-384 Known Digest Message (384-bits). */
1.982 + static const PRUint8 sha384_known_digest[] = {
1.983 + 0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3,
1.984 + 0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe,
1.985 + 0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8,
1.986 + 0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b,
1.987 + 0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3,
1.988 + 0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72};
1.989 +
1.990 + /* SHA-512 Known Digest Message (512-bits). */
1.991 + static const PRUint8 sha512_known_digest[] = {
1.992 + 0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf,
1.993 + 0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb,
1.994 + 0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99,
1.995 + 0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28,
1.996 + 0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12,
1.997 + 0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f,
1.998 + 0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a,
1.999 + 0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07};
1.1000 +
1.1001 + /* SHA-X variables. */
1.1002 + PRUint8 sha_computed_digest[HASH_LENGTH_MAX];
1.1003 + SECStatus sha_status;
1.1004 +
1.1005 + /*************************************************/
1.1006 + /* SHA-1 Single-Round Known Answer Hashing Test. */
1.1007 + /*************************************************/
1.1008 +
1.1009 + sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message,
1.1010 + FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1.1011 +
1.1012 + if( ( sha_status != SECSuccess ) ||
1.1013 + ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
1.1014 + SHA1_LENGTH ) != 0 ) )
1.1015 + return( CKR_DEVICE_ERROR );
1.1016 +
1.1017 + /***************************************************/
1.1018 + /* SHA-224 Single-Round Known Answer Hashing Test. */
1.1019 + /***************************************************/
1.1020 +
1.1021 + sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
1.1022 + FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1.1023 +
1.1024 + if( ( sha_status != SECSuccess ) ||
1.1025 + ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
1.1026 + SHA224_LENGTH ) != 0 ) )
1.1027 + return( CKR_DEVICE_ERROR );
1.1028 +
1.1029 + /***************************************************/
1.1030 + /* SHA-256 Single-Round Known Answer Hashing Test. */
1.1031 + /***************************************************/
1.1032 +
1.1033 + sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message,
1.1034 + FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1.1035 +
1.1036 + if( ( sha_status != SECSuccess ) ||
1.1037 + ( PORT_Memcmp( sha_computed_digest, sha256_known_digest,
1.1038 + SHA256_LENGTH ) != 0 ) )
1.1039 + return( CKR_DEVICE_ERROR );
1.1040 +
1.1041 + /***************************************************/
1.1042 + /* SHA-384 Single-Round Known Answer Hashing Test. */
1.1043 + /***************************************************/
1.1044 +
1.1045 + sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message,
1.1046 + FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1.1047 +
1.1048 + if( ( sha_status != SECSuccess ) ||
1.1049 + ( PORT_Memcmp( sha_computed_digest, sha384_known_digest,
1.1050 + SHA384_LENGTH ) != 0 ) )
1.1051 + return( CKR_DEVICE_ERROR );
1.1052 +
1.1053 + /***************************************************/
1.1054 + /* SHA-512 Single-Round Known Answer Hashing Test. */
1.1055 + /***************************************************/
1.1056 +
1.1057 + sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message,
1.1058 + FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1.1059 +
1.1060 + if( ( sha_status != SECSuccess ) ||
1.1061 + ( PORT_Memcmp( sha_computed_digest, sha512_known_digest,
1.1062 + SHA512_LENGTH ) != 0 ) )
1.1063 + return( CKR_DEVICE_ERROR );
1.1064 +
1.1065 + return( CKR_OK );
1.1066 +}
1.1067 +
1.1068 +/*
1.1069 +* Single round RSA Signature Known Answer Test
1.1070 +*/
1.1071 +static SECStatus
1.1072 +sftk_fips_RSA_PowerUpSigSelfTest (HASH_HashType shaAlg,
1.1073 + NSSLOWKEYPublicKey *rsa_public_key,
1.1074 + NSSLOWKEYPrivateKey *rsa_private_key,
1.1075 + const unsigned char *rsa_known_msg,
1.1076 + const unsigned int rsa_kmsg_length,
1.1077 + const unsigned char *rsa_known_signature)
1.1078 +{
1.1079 + SECOidTag shaOid; /* SHA OID */
1.1080 + unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
1.1081 + unsigned int shaLength = 0; /* length of SHA */
1.1082 + unsigned int rsa_bytes_signed;
1.1083 + unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
1.1084 + SECStatus rv;
1.1085 +
1.1086 + if (shaAlg == HASH_AlgSHA1) {
1.1087 + if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1.1088 + != SECSuccess) {
1.1089 + goto loser;
1.1090 + }
1.1091 + shaLength = SHA1_LENGTH;
1.1092 + shaOid = SEC_OID_SHA1;
1.1093 + } else if (shaAlg == HASH_AlgSHA256) {
1.1094 + if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1.1095 + != SECSuccess) {
1.1096 + goto loser;
1.1097 + }
1.1098 + shaLength = SHA256_LENGTH;
1.1099 + shaOid = SEC_OID_SHA256;
1.1100 + } else if (shaAlg == HASH_AlgSHA384) {
1.1101 + if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1.1102 + != SECSuccess) {
1.1103 + goto loser;
1.1104 + }
1.1105 + shaLength = SHA384_LENGTH;
1.1106 + shaOid = SEC_OID_SHA384;
1.1107 + } else if (shaAlg == HASH_AlgSHA512) {
1.1108 + if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1.1109 + != SECSuccess) {
1.1110 + goto loser;
1.1111 + }
1.1112 + shaLength = SHA512_LENGTH;
1.1113 + shaOid = SEC_OID_SHA512;
1.1114 + } else {
1.1115 + goto loser;
1.1116 + }
1.1117 +
1.1118 + /*************************************************/
1.1119 + /* RSA Single-Round Known Answer Signature Test. */
1.1120 + /*************************************************/
1.1121 +
1.1122 + /* Perform RSA signature with the RSA private key. */
1.1123 + rv = RSA_HashSign( shaOid,
1.1124 + rsa_private_key,
1.1125 + rsa_computed_signature,
1.1126 + &rsa_bytes_signed,
1.1127 + FIPS_RSA_SIGNATURE_LENGTH,
1.1128 + sha,
1.1129 + shaLength);
1.1130 +
1.1131 + if( ( rv != SECSuccess ) ||
1.1132 + ( rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH ) ||
1.1133 + ( PORT_Memcmp( rsa_computed_signature, rsa_known_signature,
1.1134 + FIPS_RSA_SIGNATURE_LENGTH ) != 0 ) ) {
1.1135 + goto loser;
1.1136 + }
1.1137 +
1.1138 + /****************************************************/
1.1139 + /* RSA Single-Round Known Answer Verification Test. */
1.1140 + /****************************************************/
1.1141 +
1.1142 + /* Perform RSA verification with the RSA public key. */
1.1143 + rv = RSA_HashCheckSign( shaOid,
1.1144 + rsa_public_key,
1.1145 + rsa_computed_signature,
1.1146 + rsa_bytes_signed,
1.1147 + sha,
1.1148 + shaLength);
1.1149 +
1.1150 + if( rv != SECSuccess ) {
1.1151 + goto loser;
1.1152 + }
1.1153 + return( SECSuccess );
1.1154 +
1.1155 +loser:
1.1156 +
1.1157 + return( SECFailure );
1.1158 +
1.1159 +}
1.1160 +
1.1161 +static CK_RV
1.1162 +sftk_fips_RSA_PowerUpSelfTest( void )
1.1163 +{
1.1164 + /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */
1.1165 + static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
1.1166 + 0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
1.1167 + 0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
1.1168 + 0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
1.1169 + 0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
1.1170 + 0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
1.1171 + 0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
1.1172 + 0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
1.1173 + 0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
1.1174 + 0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
1.1175 + 0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
1.1176 + 0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
1.1177 + 0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
1.1178 + 0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
1.1179 + 0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
1.1180 + 0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
1.1181 + 0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
1.1182 + 0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
1.1183 + 0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
1.1184 + 0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
1.1185 + 0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
1.1186 + 0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
1.1187 + 0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
1.1188 + 0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
1.1189 + 0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
1.1190 + 0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
1.1191 + 0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
1.1192 + 0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
1.1193 + 0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
1.1194 + 0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
1.1195 + 0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
1.1196 + 0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
1.1197 + 0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b};
1.1198 +
1.1199 + /* RSA Known Public Key Values (24-bits). */
1.1200 + static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH]
1.1201 + = { 0x01, 0x00, 0x01 };
1.1202 + /* RSA Known Private Key Values (version is 8-bits), */
1.1203 + /* (private exponent is 2048-bits), */
1.1204 + /* (private prime0 is 1024-bits), */
1.1205 + /* (private prime1 is 1024-bits), */
1.1206 + /* (private prime exponent0 is 1024-bits), */
1.1207 + /* (private prime exponent1 is 1024-bits), */
1.1208 + /* and (private coefficient is 1024-bits). */
1.1209 + static const PRUint8 rsa_version[] = { 0x00 };
1.1210 +
1.1211 + static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH]
1.1212 + = {0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
1.1213 + 0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
1.1214 + 0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
1.1215 + 0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
1.1216 + 0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
1.1217 + 0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
1.1218 + 0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
1.1219 + 0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
1.1220 + 0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
1.1221 + 0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
1.1222 + 0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
1.1223 + 0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
1.1224 + 0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
1.1225 + 0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
1.1226 + 0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
1.1227 + 0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
1.1228 + 0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
1.1229 + 0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
1.1230 + 0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
1.1231 + 0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
1.1232 + 0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
1.1233 + 0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
1.1234 + 0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
1.1235 + 0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
1.1236 + 0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
1.1237 + 0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
1.1238 + 0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
1.1239 + 0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
1.1240 + 0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
1.1241 + 0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
1.1242 + 0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
1.1243 + 0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81 };
1.1244 +
1.1245 + static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
1.1246 + 0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
1.1247 + 0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
1.1248 + 0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
1.1249 + 0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
1.1250 + 0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
1.1251 + 0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
1.1252 + 0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
1.1253 + 0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
1.1254 + 0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
1.1255 + 0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
1.1256 + 0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
1.1257 + 0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
1.1258 + 0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
1.1259 + 0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
1.1260 + 0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
1.1261 + 0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05};
1.1262 + static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
1.1263 + 0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
1.1264 + 0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
1.1265 + 0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
1.1266 + 0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
1.1267 + 0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
1.1268 + 0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
1.1269 + 0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
1.1270 + 0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
1.1271 + 0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
1.1272 + 0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
1.1273 + 0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
1.1274 + 0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
1.1275 + 0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
1.1276 + 0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
1.1277 + 0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
1.1278 + 0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf};
1.1279 + static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
1.1280 + 0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
1.1281 + 0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
1.1282 + 0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
1.1283 + 0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
1.1284 + 0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
1.1285 + 0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
1.1286 + 0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
1.1287 + 0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
1.1288 + 0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
1.1289 + 0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
1.1290 + 0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
1.1291 + 0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
1.1292 + 0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
1.1293 + 0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
1.1294 + 0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
1.1295 + 0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d};
1.1296 + static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
1.1297 + 0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
1.1298 + 0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
1.1299 + 0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
1.1300 + 0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
1.1301 + 0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
1.1302 + 0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
1.1303 + 0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
1.1304 + 0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
1.1305 + 0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
1.1306 + 0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
1.1307 + 0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
1.1308 + 0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
1.1309 + 0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
1.1310 + 0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
1.1311 + 0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
1.1312 + 0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59};
1.1313 + static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
1.1314 + 0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
1.1315 + 0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
1.1316 + 0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
1.1317 + 0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
1.1318 + 0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
1.1319 + 0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
1.1320 + 0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
1.1321 + 0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
1.1322 + 0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
1.1323 + 0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
1.1324 + 0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
1.1325 + 0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
1.1326 + 0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
1.1327 + 0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
1.1328 + 0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
1.1329 + 0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02};
1.1330 +
1.1331 + /* RSA Known Plaintext Message (1024-bits). */
1.1332 + static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
1.1333 + "Known plaintext message utilized"
1.1334 + "for RSA Encryption & Decryption"
1.1335 + "blocks SHA256, SHA384 and "
1.1336 + "SHA512 RSA Signature KAT tests. "
1.1337 + "Known plaintext message utilized"
1.1338 + "for RSA Encryption & Decryption"
1.1339 + "blocks SHA256, SHA384 and "
1.1340 + "SHA512 RSA Signature KAT tests."};
1.1341 +
1.1342 + /* RSA Known Ciphertext (2048-bits). */
1.1343 + static const PRUint8 rsa_known_ciphertext[] = {
1.1344 + 0x04, 0x12, 0x46, 0xe3, 0x6a, 0xee, 0xde, 0xdd,
1.1345 + 0x49, 0xa1, 0xd9, 0x83, 0xf7, 0x35, 0xf9, 0x70,
1.1346 + 0x88, 0x03, 0x2d, 0x01, 0x8b, 0xd1, 0xbf, 0xdb,
1.1347 + 0xe5, 0x1c, 0x85, 0xbe, 0xb5, 0x0b, 0x48, 0x45,
1.1348 + 0x7a, 0xf0, 0xa0, 0xe3, 0xa2, 0xbb, 0x4b, 0xf6,
1.1349 + 0x27, 0xd0, 0x1b, 0x12, 0xe3, 0x77, 0x52, 0x34,
1.1350 + 0x9e, 0x8e, 0x03, 0xd2, 0xf8, 0x79, 0x6e, 0x39,
1.1351 + 0x79, 0x53, 0x3c, 0x44, 0x14, 0x94, 0xbb, 0x8d,
1.1352 + 0xaa, 0x14, 0x44, 0xa0, 0x7b, 0xa5, 0x8c, 0x93,
1.1353 + 0x5f, 0x99, 0xa4, 0xa3, 0x6e, 0x7a, 0x38, 0x40,
1.1354 + 0x78, 0xfa, 0x36, 0x91, 0x5e, 0x9a, 0x9c, 0xba,
1.1355 + 0x1e, 0xd4, 0xf9, 0xda, 0x4b, 0x0f, 0xa8, 0xa3,
1.1356 + 0x1c, 0xf3, 0x3a, 0xd1, 0xa5, 0xb4, 0x51, 0x16,
1.1357 + 0xed, 0x4b, 0xcf, 0xec, 0x93, 0x7b, 0x90, 0x21,
1.1358 + 0xbc, 0x3a, 0xf4, 0x0b, 0xd1, 0x3a, 0x2b, 0xba,
1.1359 + 0xa6, 0x7d, 0x5b, 0x53, 0xd8, 0x64, 0xf9, 0x29,
1.1360 + 0x7b, 0x7f, 0x77, 0x3e, 0x51, 0x4c, 0x9a, 0x94,
1.1361 + 0xd2, 0x4b, 0x4a, 0x8d, 0x61, 0x74, 0x97, 0xae,
1.1362 + 0x53, 0x6a, 0xf4, 0x90, 0xc2, 0x2c, 0x49, 0xe2,
1.1363 + 0xfa, 0xeb, 0x91, 0xc5, 0xe5, 0x83, 0x13, 0xc9,
1.1364 + 0x44, 0x4b, 0x95, 0x2c, 0x57, 0x70, 0x15, 0x5c,
1.1365 + 0x64, 0x8d, 0x1a, 0xfd, 0x2a, 0xc7, 0xb2, 0x9c,
1.1366 + 0x5c, 0x99, 0xd3, 0x4a, 0xfd, 0xdd, 0xf6, 0x82,
1.1367 + 0x87, 0x8c, 0x5a, 0xc4, 0xa8, 0x0d, 0x2a, 0xef,
1.1368 + 0xc3, 0xa2, 0x7e, 0x8e, 0x67, 0x9f, 0x6f, 0x63,
1.1369 + 0xdb, 0xbb, 0x1d, 0x31, 0xc4, 0xbb, 0xbc, 0x13,
1.1370 + 0x3f, 0x54, 0xc6, 0xf6, 0xc5, 0x28, 0x32, 0xab,
1.1371 + 0x96, 0x42, 0x10, 0x36, 0x40, 0x92, 0xbb, 0x57,
1.1372 + 0x55, 0x38, 0xf5, 0x43, 0x7e, 0x43, 0xc4, 0x65,
1.1373 + 0x47, 0x64, 0xaa, 0x0f, 0x4c, 0xe9, 0x49, 0x16,
1.1374 + 0xec, 0x6a, 0x50, 0xfd, 0x14, 0x49, 0xca, 0xdb,
1.1375 + 0x44, 0x54, 0xca, 0xbe, 0xa3, 0x0e, 0x5f, 0xef};
1.1376 +
1.1377 + /* RSA Known Signed Hash (2048-bits). */
1.1378 + static const PRUint8 rsa_known_sha256_signature[] = {
1.1379 + 0x8c, 0x2d, 0x2e, 0xfb, 0x37, 0xb5, 0x6f, 0x38,
1.1380 + 0x9f, 0x06, 0x5a, 0xf3, 0x8c, 0xa0, 0xd0, 0x7a,
1.1381 + 0xde, 0xcf, 0xf9, 0x14, 0x95, 0x59, 0xd3, 0x5f,
1.1382 + 0x51, 0x5d, 0x5d, 0xad, 0xd8, 0x71, 0x33, 0x50,
1.1383 + 0x1d, 0x03, 0x3b, 0x3a, 0x32, 0x00, 0xb4, 0xde,
1.1384 + 0x7f, 0xe4, 0xb1, 0xe5, 0x6b, 0x83, 0xf4, 0x80,
1.1385 + 0x10, 0x3b, 0xb8, 0x8a, 0xdb, 0xe8, 0x0a, 0x42,
1.1386 + 0x9e, 0x8d, 0xd7, 0xbe, 0xed, 0xde, 0x5a, 0x3d,
1.1387 + 0xc6, 0xdb, 0xfe, 0x49, 0x6a, 0xe9, 0x1e, 0x75,
1.1388 + 0x66, 0xf1, 0x3f, 0x9e, 0x3f, 0xff, 0x05, 0x65,
1.1389 + 0xde, 0xca, 0x62, 0x62, 0xf3, 0xec, 0x53, 0x09,
1.1390 + 0xa0, 0x37, 0xd5, 0x66, 0x62, 0x72, 0x14, 0xb6,
1.1391 + 0x51, 0x32, 0x67, 0x50, 0xc1, 0xe1, 0x2f, 0x9e,
1.1392 + 0x98, 0x4e, 0x53, 0x96, 0x55, 0x4b, 0xc4, 0x92,
1.1393 + 0xc3, 0xb4, 0x80, 0xf0, 0x35, 0xc9, 0x00, 0x4b,
1.1394 + 0x5c, 0x85, 0x92, 0xb1, 0xe8, 0x6e, 0xa5, 0x51,
1.1395 + 0x38, 0x9f, 0xc9, 0x11, 0xb6, 0x14, 0xdf, 0x34,
1.1396 + 0x64, 0x40, 0x82, 0x82, 0xde, 0x16, 0x69, 0x93,
1.1397 + 0x89, 0x4e, 0x5c, 0x32, 0xf2, 0x0a, 0x4e, 0x9e,
1.1398 + 0xbd, 0x63, 0x99, 0x4f, 0xf3, 0x15, 0x90, 0xc2,
1.1399 + 0xfe, 0x6f, 0xb7, 0xf4, 0xad, 0xd4, 0x8e, 0x0b,
1.1400 + 0xd2, 0xf5, 0x22, 0xd2, 0x71, 0x65, 0x13, 0xf7,
1.1401 + 0x82, 0x7b, 0x75, 0xb6, 0xc1, 0xb4, 0x45, 0xbd,
1.1402 + 0x8f, 0x95, 0xcf, 0x5b, 0x95, 0x32, 0xef, 0x18,
1.1403 + 0x5f, 0xd3, 0xdf, 0x7e, 0x22, 0xdd, 0x25, 0xeb,
1.1404 + 0xe1, 0xbf, 0x3b, 0x9a, 0x55, 0x75, 0x4f, 0x3c,
1.1405 + 0x38, 0x67, 0x57, 0x04, 0x04, 0x57, 0x27, 0xf6,
1.1406 + 0x34, 0x0e, 0x57, 0x8a, 0x7c, 0xff, 0x7d, 0xca,
1.1407 + 0x8c, 0x06, 0xf8, 0x9d, 0xdb, 0xe4, 0xd8, 0x19,
1.1408 + 0xdd, 0x4d, 0xfd, 0x8f, 0xa0, 0x06, 0x53, 0xe8,
1.1409 + 0x33, 0x00, 0x70, 0x3f, 0x6b, 0xc3, 0xbd, 0x9a,
1.1410 + 0x78, 0xb5, 0xa9, 0xef, 0x6d, 0xda, 0x67, 0x92};
1.1411 +
1.1412 + /* RSA Known Signed Hash (2048-bits). */
1.1413 + static const PRUint8 rsa_known_sha384_signature[] = {
1.1414 + 0x20, 0x2d, 0x21, 0x3a, 0xaa, 0x1e, 0x05, 0x15,
1.1415 + 0x5c, 0xca, 0x84, 0x86, 0xc0, 0x15, 0x81, 0xdf,
1.1416 + 0xd4, 0x06, 0x9f, 0xe0, 0xc1, 0xed, 0xef, 0x0f,
1.1417 + 0xfe, 0xb3, 0xc3, 0xbb, 0x28, 0xa5, 0x56, 0xbf,
1.1418 + 0xe3, 0x11, 0x5c, 0xc2, 0xc0, 0x0b, 0xfa, 0xfa,
1.1419 + 0x3d, 0xd3, 0x06, 0x20, 0xe2, 0xc9, 0xe4, 0x66,
1.1420 + 0x28, 0xb7, 0xc0, 0x3b, 0x3c, 0x96, 0xc6, 0x49,
1.1421 + 0x3b, 0xcf, 0x86, 0x49, 0x31, 0xaf, 0x5b, 0xa3,
1.1422 + 0xec, 0x63, 0x10, 0xdf, 0xda, 0x2f, 0x68, 0xac,
1.1423 + 0x7b, 0x3a, 0x49, 0xfa, 0xe6, 0x0d, 0xfe, 0x37,
1.1424 + 0x17, 0x56, 0x8e, 0x5c, 0x48, 0x97, 0x43, 0xf7,
1.1425 + 0xa0, 0xbc, 0xe3, 0x4b, 0x42, 0xde, 0x58, 0x1d,
1.1426 + 0xd9, 0x5d, 0xb3, 0x08, 0x35, 0xbd, 0xa4, 0xe1,
1.1427 + 0x80, 0xc3, 0x64, 0xab, 0x21, 0x97, 0xad, 0xfb,
1.1428 + 0x71, 0xee, 0xa3, 0x3d, 0x9c, 0xaa, 0xfa, 0x16,
1.1429 + 0x60, 0x46, 0x32, 0xda, 0x44, 0x2e, 0x10, 0x92,
1.1430 + 0x20, 0xd8, 0x98, 0x80, 0x84, 0x75, 0x5b, 0x70,
1.1431 + 0x91, 0x00, 0x33, 0x19, 0x69, 0xc9, 0x2a, 0xec,
1.1432 + 0x3d, 0xe5, 0x5f, 0x0f, 0x9a, 0xa7, 0x97, 0x1f,
1.1433 + 0x79, 0xc3, 0x1d, 0x65, 0x74, 0x62, 0xc5, 0xa1,
1.1434 + 0x23, 0x65, 0x4b, 0x84, 0xa1, 0x03, 0x98, 0xf3,
1.1435 + 0xf1, 0x02, 0x24, 0xca, 0xe5, 0xd4, 0xc8, 0xa2,
1.1436 + 0x30, 0xad, 0x72, 0x7d, 0x29, 0x60, 0x1a, 0x8e,
1.1437 + 0x6f, 0x23, 0xa4, 0xda, 0x68, 0xa4, 0x45, 0x9c,
1.1438 + 0x39, 0x70, 0x44, 0x18, 0x4b, 0x73, 0xfe, 0xf8,
1.1439 + 0x33, 0x53, 0x1d, 0x7e, 0x93, 0x93, 0xac, 0xc7,
1.1440 + 0x1e, 0x6e, 0x6b, 0xfd, 0x9e, 0xba, 0xa6, 0x71,
1.1441 + 0x70, 0x47, 0x6a, 0xd6, 0x82, 0x32, 0xa2, 0x6e,
1.1442 + 0x20, 0x72, 0xb0, 0xba, 0xec, 0x91, 0xbb, 0x6b,
1.1443 + 0xcc, 0x84, 0x0a, 0x33, 0x2b, 0x8a, 0x8d, 0xeb,
1.1444 + 0x71, 0xcd, 0xca, 0x67, 0x1b, 0xad, 0x10, 0xd4,
1.1445 + 0xce, 0x4f, 0xc0, 0x29, 0xec, 0xfa, 0xed, 0xfa};
1.1446 +
1.1447 + /* RSA Known Signed Hash (2048-bits). */
1.1448 + static const PRUint8 rsa_known_sha512_signature[] = {
1.1449 + 0x35, 0x0e, 0x74, 0x9d, 0xeb, 0xc7, 0x67, 0x31,
1.1450 + 0x9f, 0xff, 0x0b, 0xbb, 0x5e, 0x66, 0xb4, 0x2f,
1.1451 + 0xbf, 0x72, 0x60, 0x4f, 0xe9, 0xbd, 0xec, 0xc8,
1.1452 + 0x17, 0x79, 0x5f, 0x39, 0x83, 0xb4, 0x54, 0x2e,
1.1453 + 0x01, 0xb9, 0xd3, 0x20, 0x47, 0xcb, 0xd4, 0x42,
1.1454 + 0xf2, 0x6e, 0x36, 0xc1, 0x97, 0xad, 0xef, 0x8e,
1.1455 + 0xe6, 0x51, 0xee, 0x5e, 0x9e, 0x88, 0xb4, 0x9d,
1.1456 + 0xda, 0x3e, 0x77, 0x4b, 0xe8, 0xae, 0x48, 0x53,
1.1457 + 0x2c, 0xc4, 0xd3, 0x25, 0x6b, 0x23, 0xb7, 0x54,
1.1458 + 0x3c, 0x95, 0x8f, 0xfb, 0x6f, 0x6d, 0xc5, 0x56,
1.1459 + 0x39, 0x69, 0x28, 0x0e, 0x74, 0x9b, 0x31, 0xe8,
1.1460 + 0x76, 0x77, 0x2b, 0xc1, 0x44, 0x89, 0x81, 0x93,
1.1461 + 0xfc, 0xf6, 0xec, 0x5f, 0x8f, 0x89, 0xfc, 0x1d,
1.1462 + 0xa4, 0x53, 0x58, 0x8c, 0xe9, 0xc0, 0xc0, 0x26,
1.1463 + 0xe6, 0xdf, 0x6d, 0x27, 0xb1, 0x8e, 0x3e, 0xb6,
1.1464 + 0x47, 0xe1, 0x02, 0x96, 0xc2, 0x5f, 0x7f, 0x3d,
1.1465 + 0xc5, 0x6c, 0x2f, 0xea, 0xaa, 0x5e, 0x39, 0xfc,
1.1466 + 0x77, 0xca, 0x00, 0x02, 0x5c, 0x64, 0x7c, 0xce,
1.1467 + 0x7d, 0x63, 0x82, 0x05, 0xed, 0xf7, 0x5b, 0x55,
1.1468 + 0x58, 0xc0, 0xeb, 0x76, 0xd7, 0x95, 0x55, 0x37,
1.1469 + 0x85, 0x7d, 0x17, 0xad, 0xd2, 0x11, 0xfd, 0x97,
1.1470 + 0x48, 0xb5, 0xc2, 0x5e, 0xc7, 0x62, 0xc0, 0xe0,
1.1471 + 0x68, 0xa8, 0x61, 0x14, 0x41, 0xca, 0x25, 0x3a,
1.1472 + 0xec, 0x48, 0x54, 0x22, 0x83, 0x2b, 0x69, 0x54,
1.1473 + 0xfd, 0xc8, 0x99, 0x9a, 0xee, 0x37, 0x03, 0xa3,
1.1474 + 0x8f, 0x0f, 0x32, 0xb0, 0xaa, 0x74, 0x39, 0x04,
1.1475 + 0x7c, 0xd9, 0xc2, 0x8f, 0xbe, 0xf2, 0xc4, 0xbe,
1.1476 + 0xdd, 0x7a, 0x7a, 0x7f, 0x72, 0xd3, 0x80, 0x59,
1.1477 + 0x18, 0xa0, 0xa1, 0x2d, 0x6f, 0xa3, 0xa9, 0x48,
1.1478 + 0xed, 0x20, 0xa6, 0xea, 0xaa, 0x10, 0x83, 0x98,
1.1479 + 0x0c, 0x13, 0x69, 0x6e, 0xcd, 0x31, 0x6b, 0xd0,
1.1480 + 0x66, 0xa6, 0x5e, 0x30, 0x0c, 0x82, 0xd5, 0x81};
1.1481 +
1.1482 + static const RSAPublicKey bl_public_key = { NULL,
1.1483 + { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1.1484 + FIPS_RSA_MODULUS_LENGTH },
1.1485 + { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1.1486 + FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
1.1487 + };
1.1488 + static const RSAPrivateKey bl_private_key = { NULL,
1.1489 + { FIPS_RSA_TYPE, (unsigned char *)rsa_version,
1.1490 + FIPS_RSA_PRIVATE_VERSION_LENGTH },
1.1491 + { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1.1492 + FIPS_RSA_MODULUS_LENGTH },
1.1493 + { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1.1494 + FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
1.1495 + { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
1.1496 + FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
1.1497 + { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
1.1498 + FIPS_RSA_PRIME0_LENGTH },
1.1499 + { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
1.1500 + FIPS_RSA_PRIME1_LENGTH },
1.1501 + { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
1.1502 + FIPS_RSA_EXPONENT0_LENGTH },
1.1503 + { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
1.1504 + FIPS_RSA_EXPONENT1_LENGTH },
1.1505 + { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
1.1506 + FIPS_RSA_COEFFICIENT_LENGTH }
1.1507 + };
1.1508 +
1.1509 + /* RSA variables. */
1.1510 +#ifdef CREATE_TEMP_ARENAS
1.1511 + PLArenaPool * rsa_public_arena;
1.1512 + PLArenaPool * rsa_private_arena;
1.1513 +#endif
1.1514 + NSSLOWKEYPublicKey * rsa_public_key;
1.1515 + NSSLOWKEYPrivateKey * rsa_private_key;
1.1516 + SECStatus rsa_status;
1.1517 +
1.1518 + NSSLOWKEYPublicKey low_public_key = { NULL, NSSLOWKEYRSAKey, };
1.1519 + NSSLOWKEYPrivateKey low_private_key = { NULL, NSSLOWKEYRSAKey, };
1.1520 + PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
1.1521 + PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
1.1522 +
1.1523 + /****************************************/
1.1524 + /* Compose RSA Public/Private Key Pair. */
1.1525 + /****************************************/
1.1526 +
1.1527 + low_public_key.u.rsa = bl_public_key;
1.1528 + low_private_key.u.rsa = bl_private_key;
1.1529 +
1.1530 + rsa_public_key = &low_public_key;
1.1531 + rsa_private_key = &low_private_key;
1.1532 +
1.1533 +#ifdef CREATE_TEMP_ARENAS
1.1534 + /* Create some space for the RSA public key. */
1.1535 + rsa_public_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
1.1536 +
1.1537 + if( rsa_public_arena == NULL ) {
1.1538 + PORT_SetError( SEC_ERROR_NO_MEMORY );
1.1539 + return( CKR_HOST_MEMORY );
1.1540 + }
1.1541 +
1.1542 + /* Create some space for the RSA private key. */
1.1543 + rsa_private_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
1.1544 +
1.1545 + if( rsa_private_arena == NULL ) {
1.1546 + PORT_FreeArena( rsa_public_arena, PR_TRUE );
1.1547 + PORT_SetError( SEC_ERROR_NO_MEMORY );
1.1548 + return( CKR_HOST_MEMORY );
1.1549 + }
1.1550 +
1.1551 + rsa_public_key->arena = rsa_public_arena;
1.1552 + rsa_private_key->arena = rsa_private_arena;
1.1553 +#endif
1.1554 +
1.1555 + /**************************************************/
1.1556 + /* RSA Single-Round Known Answer Encryption Test. */
1.1557 + /**************************************************/
1.1558 +
1.1559 + /* Perform RSA Public Key Encryption. */
1.1560 + rsa_status = RSA_PublicKeyOp(&rsa_public_key->u.rsa,
1.1561 + rsa_computed_ciphertext,
1.1562 + rsa_known_plaintext_msg);
1.1563 +
1.1564 + if( ( rsa_status != SECSuccess ) ||
1.1565 + ( PORT_Memcmp( rsa_computed_ciphertext, rsa_known_ciphertext,
1.1566 + FIPS_RSA_ENCRYPT_LENGTH ) != 0 ) )
1.1567 + goto rsa_loser;
1.1568 +
1.1569 + /**************************************************/
1.1570 + /* RSA Single-Round Known Answer Decryption Test. */
1.1571 + /**************************************************/
1.1572 +
1.1573 + /* Perform RSA Private Key Decryption. */
1.1574 + rsa_status = RSA_PrivateKeyOp(&rsa_private_key->u.rsa,
1.1575 + rsa_computed_plaintext,
1.1576 + rsa_known_ciphertext);
1.1577 +
1.1578 + if( ( rsa_status != SECSuccess ) ||
1.1579 + ( PORT_Memcmp( rsa_computed_plaintext, rsa_known_plaintext_msg,
1.1580 + FIPS_RSA_DECRYPT_LENGTH ) != 0 ) )
1.1581 + goto rsa_loser;
1.1582 +
1.1583 + rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA256,
1.1584 + rsa_public_key, rsa_private_key,
1.1585 + rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1.1586 + rsa_known_sha256_signature);
1.1587 + if( rsa_status != SECSuccess )
1.1588 + goto rsa_loser;
1.1589 +
1.1590 + rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA384,
1.1591 + rsa_public_key, rsa_private_key,
1.1592 + rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1.1593 + rsa_known_sha384_signature);
1.1594 + if( rsa_status != SECSuccess )
1.1595 + goto rsa_loser;
1.1596 +
1.1597 + rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA512,
1.1598 + rsa_public_key, rsa_private_key,
1.1599 + rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1.1600 + rsa_known_sha512_signature);
1.1601 + if( rsa_status != SECSuccess )
1.1602 + goto rsa_loser;
1.1603 +
1.1604 + /* Dispose of all RSA key material. */
1.1605 + nsslowkey_DestroyPublicKey( rsa_public_key );
1.1606 + nsslowkey_DestroyPrivateKey( rsa_private_key );
1.1607 +
1.1608 + return( CKR_OK );
1.1609 +
1.1610 +rsa_loser:
1.1611 +
1.1612 + nsslowkey_DestroyPublicKey( rsa_public_key );
1.1613 + nsslowkey_DestroyPrivateKey( rsa_private_key );
1.1614 +
1.1615 + return( CKR_DEVICE_ERROR );
1.1616 +}
1.1617 +
1.1618 +#ifndef NSS_DISABLE_ECC
1.1619 +
1.1620 +static CK_RV
1.1621 +sftk_fips_ECDSA_Test(const PRUint8 *encodedParams,
1.1622 + unsigned int encodedParamsLen,
1.1623 + const PRUint8 *knownSignature,
1.1624 + unsigned int knownSignatureLen) {
1.1625 +
1.1626 + /* ECDSA Known Seed info for curves nistp256 and nistk283 */
1.1627 + static const PRUint8 ecdsa_Known_Seed[] = {
1.1628 + 0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
1.1629 + 0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
1.1630 + 0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
1.1631 + 0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f};
1.1632 +
1.1633 + static const PRUint8 msg[] = {
1.1634 + "Firefox and ThunderBird are awesome!"};
1.1635 +
1.1636 + unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */
1.1637 + unsigned char sig[2*MAX_ECKEY_LEN];
1.1638 + SECItem signature, digest;
1.1639 + SECItem encodedparams;
1.1640 + ECParams *ecparams = NULL;
1.1641 + ECPrivateKey *ecdsa_private_key = NULL;
1.1642 + ECPublicKey ecdsa_public_key;
1.1643 + SECStatus ecdsaStatus = SECSuccess;
1.1644 +
1.1645 + /* construct the ECDSA private/public key pair */
1.1646 + encodedparams.type = siBuffer;
1.1647 + encodedparams.data = (unsigned char *) encodedParams;
1.1648 + encodedparams.len = encodedParamsLen;
1.1649 +
1.1650 + if (EC_DecodeParams(&encodedparams, &ecparams) != SECSuccess) {
1.1651 + return( CKR_DEVICE_ERROR );
1.1652 + }
1.1653 +
1.1654 + /* Generates a new EC key pair. The private key is a supplied
1.1655 + * random value (in seed) and the public key is the result of
1.1656 + * performing a scalar point multiplication of that value with
1.1657 + * the curve's base point.
1.1658 + */
1.1659 + ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key,
1.1660 + ecdsa_Known_Seed,
1.1661 + sizeof(ecdsa_Known_Seed));
1.1662 + /* free the ecparams they are no longer needed */
1.1663 + PORT_FreeArena(ecparams->arena, PR_FALSE);
1.1664 + ecparams = NULL;
1.1665 + if (ecdsaStatus != SECSuccess) {
1.1666 + return ( CKR_DEVICE_ERROR );
1.1667 + }
1.1668 +
1.1669 + /* construct public key from private key. */
1.1670 + ecdsaStatus = EC_CopyParams(ecdsa_private_key->ecParams.arena,
1.1671 + &ecdsa_public_key.ecParams,
1.1672 + &ecdsa_private_key->ecParams);
1.1673 + if (ecdsaStatus != SECSuccess) {
1.1674 + goto loser;
1.1675 + }
1.1676 + ecdsa_public_key.publicValue = ecdsa_private_key->publicValue;
1.1677 +
1.1678 + /* validate public key value */
1.1679 + ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams,
1.1680 + &ecdsa_public_key.publicValue);
1.1681 + if (ecdsaStatus != SECSuccess) {
1.1682 + goto loser;
1.1683 + }
1.1684 +
1.1685 + /* validate public key value */
1.1686 + ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams,
1.1687 + &ecdsa_private_key->publicValue);
1.1688 + if (ecdsaStatus != SECSuccess) {
1.1689 + goto loser;
1.1690 + }
1.1691 +
1.1692 + /***************************************************/
1.1693 + /* ECDSA Single-Round Known Answer Signature Test. */
1.1694 + /***************************************************/
1.1695 +
1.1696 + ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg);
1.1697 + if (ecdsaStatus != SECSuccess) {
1.1698 + goto loser;
1.1699 + }
1.1700 + digest.type = siBuffer;
1.1701 + digest.data = sha1;
1.1702 + digest.len = SHA1_LENGTH;
1.1703 +
1.1704 + memset(sig, 0, sizeof sig);
1.1705 + signature.type = siBuffer;
1.1706 + signature.data = sig;
1.1707 + signature.len = sizeof sig;
1.1708 +
1.1709 + ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature,
1.1710 + &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed);
1.1711 + if (ecdsaStatus != SECSuccess) {
1.1712 + goto loser;
1.1713 + }
1.1714 +
1.1715 + if( ( signature.len != knownSignatureLen ) ||
1.1716 + ( PORT_Memcmp( signature.data, knownSignature,
1.1717 + knownSignatureLen ) != 0 ) ) {
1.1718 + ecdsaStatus = SECFailure;
1.1719 + goto loser;
1.1720 + }
1.1721 +
1.1722 + /******************************************************/
1.1723 + /* ECDSA Single-Round Known Answer Verification Test. */
1.1724 + /******************************************************/
1.1725 +
1.1726 + /* Perform ECDSA verification process. */
1.1727 + ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest);
1.1728 +
1.1729 +loser:
1.1730 + /* free the memory for the private key arena*/
1.1731 + if (ecdsa_private_key != NULL) {
1.1732 + PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE);
1.1733 + }
1.1734 +
1.1735 + if (ecdsaStatus != SECSuccess) {
1.1736 + return CKR_DEVICE_ERROR ;
1.1737 + }
1.1738 + return( CKR_OK );
1.1739 +}
1.1740 +
1.1741 +static CK_RV
1.1742 +sftk_fips_ECDSA_PowerUpSelfTest() {
1.1743 +
1.1744 + /* ECDSA Known curve nistp256 == SEC_OID_SECG_EC_SECP256R1 params */
1.1745 + static const PRUint8 ecdsa_known_P256_EncodedParams[] = {
1.1746 + 0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,
1.1747 + 0x01,0x07};
1.1748 +
1.1749 + static const PRUint8 ecdsa_known_P256_signature[] = {
1.1750 + 0x07,0xb1,0xcb,0x57,0x20,0xa7,0x10,0xd6,
1.1751 + 0x9d,0x37,0x4b,0x1c,0xdc,0x35,0x90,0xff,
1.1752 + 0x1a,0x2d,0x98,0x95,0x1b,0x2f,0xeb,0x7f,
1.1753 + 0xbb,0x81,0xca,0xc0,0x69,0x75,0xea,0xc5,
1.1754 + 0x59,0x6a,0x62,0x49,0x3d,0x50,0xc9,0xe1,
1.1755 + 0x27,0x3b,0xff,0x9b,0x13,0x66,0x67,0xdd,
1.1756 + 0x7d,0xd1,0x0d,0x2d,0x7c,0x44,0x04,0x1b,
1.1757 + 0x16,0x21,0x12,0xc5,0xcb,0xbd,0x9e,0x75};
1.1758 +
1.1759 +#ifdef NSS_ECC_MORE_THAN_SUITE_B
1.1760 + /* ECDSA Known curve nistk283 == SEC_OID_SECG_EC_SECT283K1 params */
1.1761 + static const PRUint8 ecdsa_known_K283_EncodedParams[] = {
1.1762 + 0x06,0x05,0x2b,0x81,0x04,0x00,0x10};
1.1763 +
1.1764 + static const PRUint8 ecdsa_known_K283_signature[] = {
1.1765 + 0x00,0x45,0x88,0xc0,0x79,0x09,0x07,0xd1,
1.1766 + 0x4e,0x88,0xe6,0xd5,0x2f,0x22,0x04,0x74,
1.1767 + 0x35,0x24,0x65,0xe8,0x15,0xde,0x90,0x66,
1.1768 + 0x94,0x70,0xdd,0x3a,0x14,0x70,0x02,0xd1,
1.1769 + 0xef,0x86,0xbd,0x15,0x00,0xd9,0xdc,0xfc,
1.1770 + 0x87,0x2e,0x7c,0x99,0xe2,0xe3,0x79,0xb8,
1.1771 + 0xd9,0x10,0x49,0x78,0x4b,0x59,0x8b,0x05,
1.1772 + 0x77,0xec,0x6c,0xe8,0x35,0xe6,0x2e,0xa9,
1.1773 + 0xf9,0x77,0x1f,0x71,0x86,0xa5,0x4a,0xd0};
1.1774 +#endif
1.1775 +
1.1776 + CK_RV crv;
1.1777 +
1.1778 + /* ECDSA GF(p) prime field curve test */
1.1779 + crv = sftk_fips_ECDSA_Test(ecdsa_known_P256_EncodedParams,
1.1780 + sizeof ecdsa_known_P256_EncodedParams,
1.1781 + ecdsa_known_P256_signature,
1.1782 + sizeof ecdsa_known_P256_signature );
1.1783 + if (crv != CKR_OK) {
1.1784 + return( CKR_DEVICE_ERROR );
1.1785 + }
1.1786 +
1.1787 +#ifdef NSS_ECC_MORE_THAN_SUITE_B
1.1788 + /* ECDSA GF(2m) binary field curve test */
1.1789 + crv = sftk_fips_ECDSA_Test(ecdsa_known_K283_EncodedParams,
1.1790 + sizeof ecdsa_known_K283_EncodedParams,
1.1791 + ecdsa_known_K283_signature,
1.1792 + sizeof ecdsa_known_K283_signature );
1.1793 + if (crv != CKR_OK) {
1.1794 + return( CKR_DEVICE_ERROR );
1.1795 + }
1.1796 +#endif
1.1797 +
1.1798 + return( CKR_OK );
1.1799 +}
1.1800 +
1.1801 +#endif /* NSS_DISABLE_ECC */
1.1802 +
1.1803 +static CK_RV
1.1804 +sftk_fips_DSA_PowerUpSelfTest( void )
1.1805 +{
1.1806 + /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */
1.1807 + static const PRUint8 dsa_P[] = {
1.1808 + 0x80,0xb0,0xd1,0x9d,0x6e,0xa4,0xf3,0x28,
1.1809 + 0x9f,0x24,0xa9,0x8a,0x49,0xd0,0x0c,0x63,
1.1810 + 0xe8,0x59,0x04,0xf9,0x89,0x4a,0x5e,0xc0,
1.1811 + 0x6d,0xd2,0x67,0x6b,0x37,0x81,0x83,0x0c,
1.1812 + 0xfe,0x3a,0x8a,0xfd,0xa0,0x3b,0x08,0x91,
1.1813 + 0x1c,0xcb,0xb5,0x63,0xb0,0x1c,0x70,0xd0,
1.1814 + 0xae,0xe1,0x60,0x2e,0x12,0xeb,0x54,0xc7,
1.1815 + 0xcf,0xc6,0xcc,0xae,0x97,0x52,0x32,0x63,
1.1816 + 0xd3,0xeb,0x55,0xea,0x2f,0x4c,0xd5,0xd7,
1.1817 + 0x3f,0xda,0xec,0x49,0x27,0x0b,0x14,0x56,
1.1818 + 0xc5,0x09,0xbe,0x4d,0x09,0x15,0x75,0x2b,
1.1819 + 0xa3,0x42,0x0d,0x03,0x71,0xdf,0x0f,0xf4,
1.1820 + 0x0e,0xe9,0x0c,0x46,0x93,0x3d,0x3f,0xa6,
1.1821 + 0x6c,0xdb,0xca,0xe5,0xac,0x96,0xc8,0x64,
1.1822 + 0x5c,0xec,0x4b,0x35,0x65,0xfc,0xfb,0x5a,
1.1823 + 0x1b,0x04,0x1b,0xa1,0x0e,0xfd,0x88,0x15};
1.1824 +
1.1825 + static const PRUint8 dsa_Q[] = {
1.1826 + 0xad,0x22,0x59,0xdf,0xe5,0xec,0x4c,0x6e,
1.1827 + 0xf9,0x43,0xf0,0x4b,0x2d,0x50,0x51,0xc6,
1.1828 + 0x91,0x99,0x8b,0xcf};
1.1829 +
1.1830 + static const PRUint8 dsa_G[] = {
1.1831 + 0x78,0x6e,0xa9,0xd8,0xcd,0x4a,0x85,0xa4,
1.1832 + 0x45,0xb6,0x6e,0x5d,0x21,0x50,0x61,0xf6,
1.1833 + 0x5f,0xdf,0x5c,0x7a,0xde,0x0d,0x19,0xd3,
1.1834 + 0xc1,0x3b,0x14,0xcc,0x8e,0xed,0xdb,0x17,
1.1835 + 0xb6,0xca,0xba,0x86,0xa9,0xea,0x51,0x2d,
1.1836 + 0xc1,0xa9,0x16,0xda,0xf8,0x7b,0x59,0x8a,
1.1837 + 0xdf,0xcb,0xa4,0x67,0x00,0x44,0xea,0x24,
1.1838 + 0x73,0xe5,0xcb,0x4b,0xaf,0x2a,0x31,0x25,
1.1839 + 0x22,0x28,0x3f,0x16,0x10,0x82,0xf7,0xeb,
1.1840 + 0x94,0x0d,0xdd,0x09,0x22,0x14,0x08,0x79,
1.1841 + 0xba,0x11,0x0b,0xf1,0xff,0x2d,0x67,0xac,
1.1842 + 0xeb,0xb6,0x55,0x51,0x69,0x97,0xa7,0x25,
1.1843 + 0x6b,0x9c,0xa0,0x9b,0xd5,0x08,0x9b,0x27,
1.1844 + 0x42,0x1c,0x7a,0x69,0x57,0xe6,0x2e,0xed,
1.1845 + 0xa9,0x5b,0x25,0xe8,0x1f,0xd2,0xed,0x1f,
1.1846 + 0xdf,0xe7,0x80,0x17,0xba,0x0d,0x4d,0x38};
1.1847 +
1.1848 + /* DSA Known Random Values (known random key block is 160-bits) */
1.1849 + /* and (known random signature block is 160-bits). */
1.1850 + static const PRUint8 dsa_known_random_key_block[] = {
1.1851 + "Mozilla Rules World!"};
1.1852 + static const PRUint8 dsa_known_random_signature_block[] = {
1.1853 + "Random DSA Signature"};
1.1854 +
1.1855 + /* DSA Known Digest (160-bits) */
1.1856 + static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" };
1.1857 +
1.1858 + /* DSA Known Signature (320-bits). */
1.1859 + static const PRUint8 dsa_known_signature[] = {
1.1860 + 0x25,0x7c,0x3a,0x79,0x32,0x45,0xb7,0x32,
1.1861 + 0x70,0xca,0x62,0x63,0x2b,0xf6,0x29,0x2c,
1.1862 + 0x22,0x2a,0x03,0xce,0x48,0x15,0x11,0x72,
1.1863 + 0x7b,0x7e,0xf5,0x7a,0xf3,0x10,0x3b,0xde,
1.1864 + 0x34,0xc1,0x9e,0xd7,0x27,0x9e,0x77,0x38};
1.1865 +
1.1866 + /* DSA variables. */
1.1867 + DSAPrivateKey * dsa_private_key;
1.1868 + SECStatus dsa_status;
1.1869 + SECItem dsa_signature_item;
1.1870 + SECItem dsa_digest_item;
1.1871 + DSAPublicKey dsa_public_key;
1.1872 + PRUint8 dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
1.1873 + static const PQGParams dsa_pqg = { NULL,
1.1874 + { FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PRIME_LENGTH },
1.1875 + { FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SUBPRIME_LENGTH },
1.1876 + { FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BASE_LENGTH }};
1.1877 +
1.1878 + /*******************************************/
1.1879 + /* Generate a DSA public/private key pair. */
1.1880 + /*******************************************/
1.1881 +
1.1882 + /* Generate a DSA public/private key pair. */
1.1883 + dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block,
1.1884 + &dsa_private_key);
1.1885 +
1.1886 + if( dsa_status != SECSuccess )
1.1887 + return( CKR_HOST_MEMORY );
1.1888 +
1.1889 + /* construct public key from private key. */
1.1890 + dsa_public_key.params = dsa_private_key->params;
1.1891 + dsa_public_key.publicValue = dsa_private_key->publicValue;
1.1892 +
1.1893 + /*************************************************/
1.1894 + /* DSA Single-Round Known Answer Signature Test. */
1.1895 + /*************************************************/
1.1896 +
1.1897 + dsa_signature_item.data = dsa_computed_signature;
1.1898 + dsa_signature_item.len = sizeof dsa_computed_signature;
1.1899 +
1.1900 + dsa_digest_item.data = (unsigned char *)dsa_known_digest;
1.1901 + dsa_digest_item.len = SHA1_LENGTH;
1.1902 +
1.1903 + /* Perform DSA signature process. */
1.1904 + dsa_status = DSA_SignDigestWithSeed( dsa_private_key,
1.1905 + &dsa_signature_item,
1.1906 + &dsa_digest_item,
1.1907 + dsa_known_random_signature_block );
1.1908 +
1.1909 + if( ( dsa_status != SECSuccess ) ||
1.1910 + ( dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH ) ||
1.1911 + ( PORT_Memcmp( dsa_computed_signature, dsa_known_signature,
1.1912 + FIPS_DSA_SIGNATURE_LENGTH ) != 0 ) ) {
1.1913 + dsa_status = SECFailure;
1.1914 + } else {
1.1915 +
1.1916 + /****************************************************/
1.1917 + /* DSA Single-Round Known Answer Verification Test. */
1.1918 + /****************************************************/
1.1919 +
1.1920 + /* Perform DSA verification process. */
1.1921 + dsa_status = DSA_VerifyDigest( &dsa_public_key,
1.1922 + &dsa_signature_item,
1.1923 + &dsa_digest_item);
1.1924 + }
1.1925 +
1.1926 + PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE);
1.1927 + /* Don't free public key, it uses same arena as private key */
1.1928 +
1.1929 + /* Verify DSA signature. */
1.1930 + if( dsa_status != SECSuccess )
1.1931 + return( CKR_DEVICE_ERROR );
1.1932 +
1.1933 + return( CKR_OK );
1.1934 +
1.1935 +
1.1936 +}
1.1937 +
1.1938 +static CK_RV
1.1939 +sftk_fips_RNG_PowerUpSelfTest( void )
1.1940 +{
1.1941 + static const PRUint8 Q[] = {
1.1942 + 0x85,0x89,0x9c,0x77,0xa3,0x79,0xff,0x1a,
1.1943 + 0x86,0x6f,0x2f,0x3e,0x2e,0xf9,0x8c,0x9c,
1.1944 + 0x9d,0xef,0xeb,0xed};
1.1945 + static const PRUint8 GENX[] = {
1.1946 + 0x65,0x48,0xe3,0xca,0xac,0x64,0x2d,0xf7,
1.1947 + 0x7b,0xd3,0x4e,0x79,0xc9,0x7d,0xa6,0xa8,
1.1948 + 0xa2,0xc2,0x1f,0x8f,0xe9,0xb9,0xd3,0xa1,
1.1949 + 0x3f,0xf7,0x0c,0xcd,0xa6,0xca,0xbf,0xce,
1.1950 + 0x84,0x0e,0xb6,0xf1,0x0d,0xbe,0xa9,0xa3};
1.1951 + static const PRUint8 rng_known_DSAX[] = {
1.1952 + 0x7a,0x86,0xf1,0x7f,0xbd,0x4e,0x6e,0xd9,
1.1953 + 0x0a,0x26,0x21,0xd0,0x19,0xcb,0x86,0x73,
1.1954 + 0x10,0x1f,0x60,0xd7};
1.1955 +
1.1956 +
1.1957 +
1.1958 + SECStatus rng_status = SECSuccess;
1.1959 + PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH];
1.1960 +
1.1961 + /*******************************************/
1.1962 + /* Run the SP 800-90 Health tests */
1.1963 + /*******************************************/
1.1964 + rng_status = PRNGTEST_RunHealthTests();
1.1965 + if (rng_status != SECSuccess) {
1.1966 + return (CKR_DEVICE_ERROR);
1.1967 + }
1.1968 +
1.1969 + /*******************************************/
1.1970 + /* Generate DSAX fow given Q. */
1.1971 + /*******************************************/
1.1972 +
1.1973 + rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
1.1974 +
1.1975 + /* Verify DSAX to perform the RNG integrity check */
1.1976 + if( ( rng_status != SECSuccess ) ||
1.1977 + ( PORT_Memcmp( DSAX, rng_known_DSAX,
1.1978 + (FIPS_DSA_SUBPRIME_LENGTH) ) != 0 ) )
1.1979 + return( CKR_DEVICE_ERROR );
1.1980 +
1.1981 + return( CKR_OK );
1.1982 +}
1.1983 +
1.1984 +static CK_RV
1.1985 +sftk_fipsSoftwareIntegrityTest(void)
1.1986 +{
1.1987 + CK_RV crv = CKR_OK;
1.1988 +
1.1989 + /* make sure that our check file signatures are OK */
1.1990 + if( !BLAPI_VerifySelf( NULL ) ||
1.1991 + !BLAPI_SHVerify( SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_fips_HMAC ) ) {
1.1992 + crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
1.1993 + }
1.1994 + return crv;
1.1995 +}
1.1996 +
1.1997 +CK_RV
1.1998 +sftk_fipsPowerUpSelfTest( void )
1.1999 +{
1.2000 + CK_RV rv;
1.2001 +
1.2002 + /* RC2 Power-Up SelfTest(s). */
1.2003 + rv = sftk_fips_RC2_PowerUpSelfTest();
1.2004 +
1.2005 + if( rv != CKR_OK )
1.2006 + return rv;
1.2007 +
1.2008 + /* RC4 Power-Up SelfTest(s). */
1.2009 + rv = sftk_fips_RC4_PowerUpSelfTest();
1.2010 +
1.2011 + if( rv != CKR_OK )
1.2012 + return rv;
1.2013 +
1.2014 + /* DES Power-Up SelfTest(s). */
1.2015 + rv = sftk_fips_DES_PowerUpSelfTest();
1.2016 +
1.2017 + if( rv != CKR_OK )
1.2018 + return rv;
1.2019 +
1.2020 + /* DES3 Power-Up SelfTest(s). */
1.2021 + rv = sftk_fips_DES3_PowerUpSelfTest();
1.2022 +
1.2023 + if( rv != CKR_OK )
1.2024 + return rv;
1.2025 +
1.2026 + /* AES Power-Up SelfTest(s) for 128-bit key. */
1.2027 + rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);
1.2028 +
1.2029 + if( rv != CKR_OK )
1.2030 + return rv;
1.2031 +
1.2032 + /* AES Power-Up SelfTest(s) for 192-bit key. */
1.2033 + rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);
1.2034 +
1.2035 + if( rv != CKR_OK )
1.2036 + return rv;
1.2037 +
1.2038 + /* AES Power-Up SelfTest(s) for 256-bit key. */
1.2039 + rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);
1.2040 +
1.2041 + if( rv != CKR_OK )
1.2042 + return rv;
1.2043 +
1.2044 + /* MD2 Power-Up SelfTest(s). */
1.2045 + rv = sftk_fips_MD2_PowerUpSelfTest();
1.2046 +
1.2047 + if( rv != CKR_OK )
1.2048 + return rv;
1.2049 +
1.2050 + /* MD5 Power-Up SelfTest(s). */
1.2051 + rv = sftk_fips_MD5_PowerUpSelfTest();
1.2052 +
1.2053 + if( rv != CKR_OK )
1.2054 + return rv;
1.2055 +
1.2056 + /* SHA-X Power-Up SelfTest(s). */
1.2057 + rv = sftk_fips_SHA_PowerUpSelfTest();
1.2058 +
1.2059 + if( rv != CKR_OK )
1.2060 + return rv;
1.2061 +
1.2062 + /* HMAC SHA-X Power-Up SelfTest(s). */
1.2063 + rv = sftk_fips_HMAC_PowerUpSelfTest();
1.2064 +
1.2065 + if( rv != CKR_OK )
1.2066 + return rv;
1.2067 +
1.2068 + /* RSA Power-Up SelfTest(s). */
1.2069 + rv = sftk_fips_RSA_PowerUpSelfTest();
1.2070 +
1.2071 + if( rv != CKR_OK )
1.2072 + return rv;
1.2073 +
1.2074 + /* DSA Power-Up SelfTest(s). */
1.2075 + rv = sftk_fips_DSA_PowerUpSelfTest();
1.2076 +
1.2077 + if( rv != CKR_OK )
1.2078 + return rv;
1.2079 +
1.2080 + /* RNG Power-Up SelfTest(s). */
1.2081 + rv = sftk_fips_RNG_PowerUpSelfTest();
1.2082 +
1.2083 + if( rv != CKR_OK )
1.2084 + return rv;
1.2085 +
1.2086 +#ifndef NSS_DISABLE_ECC
1.2087 + /* ECDSA Power-Up SelfTest(s). */
1.2088 + rv = sftk_fips_ECDSA_PowerUpSelfTest();
1.2089 +
1.2090 + if( rv != CKR_OK )
1.2091 + return rv;
1.2092 +#endif
1.2093 +
1.2094 + /* Software/Firmware Integrity Test. */
1.2095 + rv = sftk_fipsSoftwareIntegrityTest();
1.2096 +
1.2097 + if( rv != CKR_OK )
1.2098 + return rv;
1.2099 +
1.2100 + /* Passed Power-Up SelfTest(s). */
1.2101 + return( CKR_OK );
1.2102 +}
1.2103 +
