security/nss/lib/softoken/fipstest.c@6474c204b198
security/nss/lib/softoken/fipstest.c
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 /*
2 * PKCS #11 FIPS Power-Up Self Test.
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8 #include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */
9 /* DES-CBC, DES3-ECB, DES3-CBC, RSA */
10 /* and DSA. */
11 #include "seccomon.h" /* Required for RSA and DSA. */
12 #include "lowkeyi.h" /* Required for RSA and DSA. */
13 #include "pkcs11.h" /* Required for PKCS #11. */
14 #include "secerr.h"
16 #ifndef NSS_DISABLE_ECC
17 #include "ec.h" /* Required for ECDSA */
18 #endif
21 /* FIPS preprocessor directives for RC2-ECB and RC2-CBC. */
22 #define FIPS_RC2_KEY_LENGTH 5 /* 40-bits */
23 #define FIPS_RC2_ENCRYPT_LENGTH 8 /* 64-bits */
24 #define FIPS_RC2_DECRYPT_LENGTH 8 /* 64-bits */
27 /* FIPS preprocessor directives for RC4. */
28 #define FIPS_RC4_KEY_LENGTH 5 /* 40-bits */
29 #define FIPS_RC4_ENCRYPT_LENGTH 8 /* 64-bits */
30 #define FIPS_RC4_DECRYPT_LENGTH 8 /* 64-bits */
33 /* FIPS preprocessor directives for DES-ECB and DES-CBC. */
34 #define FIPS_DES_ENCRYPT_LENGTH 8 /* 64-bits */
35 #define FIPS_DES_DECRYPT_LENGTH 8 /* 64-bits */
38 /* FIPS preprocessor directives for DES3-CBC and DES3-ECB. */
39 #define FIPS_DES3_ENCRYPT_LENGTH 8 /* 64-bits */
40 #define FIPS_DES3_DECRYPT_LENGTH 8 /* 64-bits */
43 /* FIPS preprocessor directives for AES-ECB and AES-CBC. */
44 #define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */
45 #define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */
46 #define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */
47 #define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */
48 #define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */
49 #define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */
52 /* FIPS preprocessor directives for message digests */
53 #define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
56 /* FIPS preprocessor directives for RSA. */
57 #define FIPS_RSA_TYPE siBuffer
58 #define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */
59 #define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */
60 #define FIPS_RSA_MESSAGE_LENGTH 256 /* 2048-bits */
61 #define FIPS_RSA_COEFFICIENT_LENGTH 128 /* 1024-bits */
62 #define FIPS_RSA_PRIME0_LENGTH 128 /* 1024-bits */
63 #define FIPS_RSA_PRIME1_LENGTH 128 /* 1024-bits */
64 #define FIPS_RSA_EXPONENT0_LENGTH 128 /* 1024-bits */
65 #define FIPS_RSA_EXPONENT1_LENGTH 128 /* 1024-bits */
66 #define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */
67 #define FIPS_RSA_ENCRYPT_LENGTH 256 /* 2048-bits */
68 #define FIPS_RSA_DECRYPT_LENGTH 256 /* 2048-bits */
69 #define FIPS_RSA_SIGNATURE_LENGTH 256 /* 2048-bits */
70 #define FIPS_RSA_MODULUS_LENGTH 256 /* 2048-bits */
73 /* FIPS preprocessor directives for DSA. */
74 #define FIPS_DSA_TYPE siBuffer
75 #define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */
76 #define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */
77 #define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */
78 #define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */
79 #define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */
81 /* FIPS preprocessor directives for RNG. */
82 #define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */
84 static CK_RV
85 sftk_fips_RC2_PowerUpSelfTest( void )
86 {
87 /* RC2 Known Key (40-bits). */
88 static const PRUint8 rc2_known_key[] = { "RSARC" };
90 /* RC2-CBC Known Initialization Vector (64-bits). */
91 static const PRUint8 rc2_cbc_known_initialization_vector[] = {"Security"};
93 /* RC2 Known Plaintext (64-bits). */
94 static const PRUint8 rc2_ecb_known_plaintext[] = {"Netscape"};
95 static const PRUint8 rc2_cbc_known_plaintext[] = {"Netscape"};
97 /* RC2 Known Ciphertext (64-bits). */
98 static const PRUint8 rc2_ecb_known_ciphertext[] = {
99 0x1a,0x71,0x33,0x54,0x8d,0x5c,0xd2,0x30};
100 static const PRUint8 rc2_cbc_known_ciphertext[] = {
101 0xff,0x41,0xdb,0x94,0x8a,0x4c,0x33,0xb3};
103 /* RC2 variables. */
104 PRUint8 rc2_computed_ciphertext[FIPS_RC2_ENCRYPT_LENGTH];
105 PRUint8 rc2_computed_plaintext[FIPS_RC2_DECRYPT_LENGTH];
106 RC2Context * rc2_context;
107 unsigned int rc2_bytes_encrypted;
108 unsigned int rc2_bytes_decrypted;
109 SECStatus rc2_status;
112 /******************************************************/
113 /* RC2-ECB Single-Round Known Answer Encryption Test: */
114 /******************************************************/
116 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
117 NULL, NSS_RC2,
118 FIPS_RC2_KEY_LENGTH );
120 if( rc2_context == NULL )
121 return( CKR_HOST_MEMORY );
123 rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
124 &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
125 rc2_ecb_known_plaintext,
126 FIPS_RC2_DECRYPT_LENGTH );
128 RC2_DestroyContext( rc2_context, PR_TRUE );
130 if( ( rc2_status != SECSuccess ) ||
131 ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
132 ( PORT_Memcmp( rc2_computed_ciphertext, rc2_ecb_known_ciphertext,
133 FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
134 return( CKR_DEVICE_ERROR );
137 /******************************************************/
138 /* RC2-ECB Single-Round Known Answer Decryption Test: */
139 /******************************************************/
141 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
142 NULL, NSS_RC2,
143 FIPS_RC2_KEY_LENGTH );
145 if( rc2_context == NULL )
146 return( CKR_HOST_MEMORY );
148 rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
149 &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
150 rc2_ecb_known_ciphertext,
151 FIPS_RC2_ENCRYPT_LENGTH );
153 RC2_DestroyContext( rc2_context, PR_TRUE );
155 if( ( rc2_status != SECSuccess ) ||
156 ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
157 ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
158 FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
159 return( CKR_DEVICE_ERROR );
162 /******************************************************/
163 /* RC2-CBC Single-Round Known Answer Encryption Test: */
164 /******************************************************/
166 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
167 rc2_cbc_known_initialization_vector,
168 NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
170 if( rc2_context == NULL )
171 return( CKR_HOST_MEMORY );
173 rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
174 &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
175 rc2_cbc_known_plaintext,
176 FIPS_RC2_DECRYPT_LENGTH );
178 RC2_DestroyContext( rc2_context, PR_TRUE );
180 if( ( rc2_status != SECSuccess ) ||
181 ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
182 ( PORT_Memcmp( rc2_computed_ciphertext, rc2_cbc_known_ciphertext,
183 FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
184 return( CKR_DEVICE_ERROR );
187 /******************************************************/
188 /* RC2-CBC Single-Round Known Answer Decryption Test: */
189 /******************************************************/
191 rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
192 rc2_cbc_known_initialization_vector,
193 NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
195 if( rc2_context == NULL )
196 return( CKR_HOST_MEMORY );
198 rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
199 &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
200 rc2_cbc_known_ciphertext,
201 FIPS_RC2_ENCRYPT_LENGTH );
203 RC2_DestroyContext( rc2_context, PR_TRUE );
205 if( ( rc2_status != SECSuccess ) ||
206 ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
207 ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
208 FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
209 return( CKR_DEVICE_ERROR );
211 return( CKR_OK );
212 }
215 static CK_RV
216 sftk_fips_RC4_PowerUpSelfTest( void )
217 {
218 /* RC4 Known Key (40-bits). */
219 static const PRUint8 rc4_known_key[] = { "RSARC" };
221 /* RC4 Known Plaintext (64-bits). */
222 static const PRUint8 rc4_known_plaintext[] = { "Netscape" };
224 /* RC4 Known Ciphertext (64-bits). */
225 static const PRUint8 rc4_known_ciphertext[] = {
226 0x29,0x33,0xc7,0x9a,0x9d,0x6c,0x09,0xdd};
228 /* RC4 variables. */
229 PRUint8 rc4_computed_ciphertext[FIPS_RC4_ENCRYPT_LENGTH];
230 PRUint8 rc4_computed_plaintext[FIPS_RC4_DECRYPT_LENGTH];
231 RC4Context * rc4_context;
232 unsigned int rc4_bytes_encrypted;
233 unsigned int rc4_bytes_decrypted;
234 SECStatus rc4_status;
237 /**************************************************/
238 /* RC4 Single-Round Known Answer Encryption Test: */
239 /**************************************************/
241 rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
243 if( rc4_context == NULL )
244 return( CKR_HOST_MEMORY );
246 rc4_status = RC4_Encrypt( rc4_context, rc4_computed_ciphertext,
247 &rc4_bytes_encrypted, FIPS_RC4_ENCRYPT_LENGTH,
248 rc4_known_plaintext, FIPS_RC4_DECRYPT_LENGTH );
250 RC4_DestroyContext( rc4_context, PR_TRUE );
252 if( ( rc4_status != SECSuccess ) ||
253 ( rc4_bytes_encrypted != FIPS_RC4_ENCRYPT_LENGTH ) ||
254 ( PORT_Memcmp( rc4_computed_ciphertext, rc4_known_ciphertext,
255 FIPS_RC4_ENCRYPT_LENGTH ) != 0 ) )
256 return( CKR_DEVICE_ERROR );
259 /**************************************************/
260 /* RC4 Single-Round Known Answer Decryption Test: */
261 /**************************************************/
263 rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
265 if( rc4_context == NULL )
266 return( CKR_HOST_MEMORY );
268 rc4_status = RC4_Decrypt( rc4_context, rc4_computed_plaintext,
269 &rc4_bytes_decrypted, FIPS_RC4_DECRYPT_LENGTH,
270 rc4_known_ciphertext, FIPS_RC4_ENCRYPT_LENGTH );
272 RC4_DestroyContext( rc4_context, PR_TRUE );
274 if( ( rc4_status != SECSuccess ) ||
275 ( rc4_bytes_decrypted != FIPS_RC4_DECRYPT_LENGTH ) ||
276 ( PORT_Memcmp( rc4_computed_plaintext, rc4_known_plaintext,
277 FIPS_RC4_DECRYPT_LENGTH ) != 0 ) )
278 return( CKR_DEVICE_ERROR );
280 return( CKR_OK );
281 }
284 static CK_RV
285 sftk_fips_DES_PowerUpSelfTest( void )
286 {
287 /* DES Known Key (56-bits). */
288 static const PRUint8 des_known_key[] = { "ANSI DES" };
290 /* DES-CBC Known Initialization Vector (64-bits). */
291 static const PRUint8 des_cbc_known_initialization_vector[] = { "Security" };
293 /* DES Known Plaintext (64-bits). */
294 static const PRUint8 des_ecb_known_plaintext[] = { "Netscape" };
295 static const PRUint8 des_cbc_known_plaintext[] = { "Netscape" };
297 /* DES Known Ciphertext (64-bits). */
298 static const PRUint8 des_ecb_known_ciphertext[] = {
299 0x26,0x14,0xe9,0xc3,0x28,0x80,0x50,0xb0};
300 static const PRUint8 des_cbc_known_ciphertext[] = {
301 0x5e,0x95,0x94,0x5d,0x76,0xa2,0xd3,0x7d};
303 /* DES variables. */
304 PRUint8 des_computed_ciphertext[FIPS_DES_ENCRYPT_LENGTH];
305 PRUint8 des_computed_plaintext[FIPS_DES_DECRYPT_LENGTH];
306 DESContext * des_context;
307 unsigned int des_bytes_encrypted;
308 unsigned int des_bytes_decrypted;
309 SECStatus des_status;
312 /******************************************************/
313 /* DES-ECB Single-Round Known Answer Encryption Test: */
314 /******************************************************/
316 des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_TRUE );
318 if( des_context == NULL )
319 return( CKR_HOST_MEMORY );
321 des_status = DES_Encrypt( des_context, des_computed_ciphertext,
322 &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
323 des_ecb_known_plaintext,
324 FIPS_DES_DECRYPT_LENGTH );
326 DES_DestroyContext( des_context, PR_TRUE );
328 if( ( des_status != SECSuccess ) ||
329 ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
330 ( PORT_Memcmp( des_computed_ciphertext, des_ecb_known_ciphertext,
331 FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
332 return( CKR_DEVICE_ERROR );
335 /******************************************************/
336 /* DES-ECB Single-Round Known Answer Decryption Test: */
337 /******************************************************/
339 des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_FALSE );
341 if( des_context == NULL )
342 return( CKR_HOST_MEMORY );
344 des_status = DES_Decrypt( des_context, des_computed_plaintext,
345 &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
346 des_ecb_known_ciphertext,
347 FIPS_DES_ENCRYPT_LENGTH );
349 DES_DestroyContext( des_context, PR_TRUE );
351 if( ( des_status != SECSuccess ) ||
352 ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
353 ( PORT_Memcmp( des_computed_plaintext, des_ecb_known_plaintext,
354 FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
355 return( CKR_DEVICE_ERROR );
358 /******************************************************/
359 /* DES-CBC Single-Round Known Answer Encryption Test. */
360 /******************************************************/
362 des_context = DES_CreateContext( des_known_key,
363 des_cbc_known_initialization_vector,
364 NSS_DES_CBC, PR_TRUE );
366 if( des_context == NULL )
367 return( CKR_HOST_MEMORY );
369 des_status = DES_Encrypt( des_context, des_computed_ciphertext,
370 &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
371 des_cbc_known_plaintext,
372 FIPS_DES_DECRYPT_LENGTH );
374 DES_DestroyContext( des_context, PR_TRUE );
376 if( ( des_status != SECSuccess ) ||
377 ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
378 ( PORT_Memcmp( des_computed_ciphertext, des_cbc_known_ciphertext,
379 FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
380 return( CKR_DEVICE_ERROR );
383 /******************************************************/
384 /* DES-CBC Single-Round Known Answer Decryption Test. */
385 /******************************************************/
387 des_context = DES_CreateContext( des_known_key,
388 des_cbc_known_initialization_vector,
389 NSS_DES_CBC, PR_FALSE );
391 if( des_context == NULL )
392 return( CKR_HOST_MEMORY );
394 des_status = DES_Decrypt( des_context, des_computed_plaintext,
395 &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
396 des_cbc_known_ciphertext,
397 FIPS_DES_ENCRYPT_LENGTH );
399 DES_DestroyContext( des_context, PR_TRUE );
401 if( ( des_status != SECSuccess ) ||
402 ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
403 ( PORT_Memcmp( des_computed_plaintext, des_cbc_known_plaintext,
404 FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
405 return( CKR_DEVICE_ERROR );
407 return( CKR_OK );
408 }
411 static CK_RV
412 sftk_fips_DES3_PowerUpSelfTest( void )
413 {
414 /* DES3 Known Key (56-bits). */
415 static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
417 /* DES3-CBC Known Initialization Vector (64-bits). */
418 static const PRUint8 des3_cbc_known_initialization_vector[] = { "Security" };
420 /* DES3 Known Plaintext (64-bits). */
421 static const PRUint8 des3_ecb_known_plaintext[] = { "Netscape" };
422 static const PRUint8 des3_cbc_known_plaintext[] = { "Netscape" };
424 /* DES3 Known Ciphertext (64-bits). */
425 static const PRUint8 des3_ecb_known_ciphertext[] = {
426 0x55,0x8e,0xad,0x3c,0xee,0x49,0x69,0xbe};
427 static const PRUint8 des3_cbc_known_ciphertext[] = {
428 0x43,0xdc,0x6a,0xc1,0xaf,0xa6,0x32,0xf5};
430 /* DES3 variables. */
431 PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
432 PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
433 DESContext * des3_context;
434 unsigned int des3_bytes_encrypted;
435 unsigned int des3_bytes_decrypted;
436 SECStatus des3_status;
439 /*******************************************************/
440 /* DES3-ECB Single-Round Known Answer Encryption Test. */
441 /*******************************************************/
443 des3_context = DES_CreateContext( des3_known_key, NULL,
444 NSS_DES_EDE3, PR_TRUE );
446 if( des3_context == NULL )
447 return( CKR_HOST_MEMORY );
449 des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
450 &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
451 des3_ecb_known_plaintext,
452 FIPS_DES3_DECRYPT_LENGTH );
454 DES_DestroyContext( des3_context, PR_TRUE );
456 if( ( des3_status != SECSuccess ) ||
457 ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
458 ( PORT_Memcmp( des3_computed_ciphertext, des3_ecb_known_ciphertext,
459 FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
460 return( CKR_DEVICE_ERROR );
463 /*******************************************************/
464 /* DES3-ECB Single-Round Known Answer Decryption Test. */
465 /*******************************************************/
467 des3_context = DES_CreateContext( des3_known_key, NULL,
468 NSS_DES_EDE3, PR_FALSE );
470 if( des3_context == NULL )
471 return( CKR_HOST_MEMORY );
473 des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
474 &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
475 des3_ecb_known_ciphertext,
476 FIPS_DES3_ENCRYPT_LENGTH );
478 DES_DestroyContext( des3_context, PR_TRUE );
480 if( ( des3_status != SECSuccess ) ||
481 ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
482 ( PORT_Memcmp( des3_computed_plaintext, des3_ecb_known_plaintext,
483 FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
484 return( CKR_DEVICE_ERROR );
487 /*******************************************************/
488 /* DES3-CBC Single-Round Known Answer Encryption Test. */
489 /*******************************************************/
491 des3_context = DES_CreateContext( des3_known_key,
492 des3_cbc_known_initialization_vector,
493 NSS_DES_EDE3_CBC, PR_TRUE );
495 if( des3_context == NULL )
496 return( CKR_HOST_MEMORY );
498 des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
499 &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
500 des3_cbc_known_plaintext,
501 FIPS_DES3_DECRYPT_LENGTH );
503 DES_DestroyContext( des3_context, PR_TRUE );
505 if( ( des3_status != SECSuccess ) ||
506 ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
507 ( PORT_Memcmp( des3_computed_ciphertext, des3_cbc_known_ciphertext,
508 FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
509 return( CKR_DEVICE_ERROR );
512 /*******************************************************/
513 /* DES3-CBC Single-Round Known Answer Decryption Test. */
514 /*******************************************************/
516 des3_context = DES_CreateContext( des3_known_key,
517 des3_cbc_known_initialization_vector,
518 NSS_DES_EDE3_CBC, PR_FALSE );
520 if( des3_context == NULL )
521 return( CKR_HOST_MEMORY );
523 des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
524 &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
525 des3_cbc_known_ciphertext,
526 FIPS_DES3_ENCRYPT_LENGTH );
528 DES_DestroyContext( des3_context, PR_TRUE );
530 if( ( des3_status != SECSuccess ) ||
531 ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
532 ( PORT_Memcmp( des3_computed_plaintext, des3_cbc_known_plaintext,
533 FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
534 return( CKR_DEVICE_ERROR );
536 return( CKR_OK );
537 }
540 /* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/
541 static CK_RV
542 sftk_fips_AES_PowerUpSelfTest( int aes_key_size )
543 {
544 /* AES Known Key (up to 256-bits). */
545 static const PRUint8 aes_known_key[] =
546 { "AES-128 RIJNDAELLEADNJIR 821-SEA" };
548 /* AES-CBC Known Initialization Vector (128-bits). */
549 static const PRUint8 aes_cbc_known_initialization_vector[] =
550 { "SecurityytiruceS" };
552 /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
553 static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" };
555 /* AES Known Ciphertext (128-bit key). */
556 static const PRUint8 aes_ecb128_known_ciphertext[] = {
557 0x3c,0xa5,0x96,0xf3,0x34,0x6a,0x96,0xc1,
558 0x03,0x88,0x16,0x7b,0x20,0xbf,0x35,0x47 };
560 static const PRUint8 aes_cbc128_known_ciphertext[] = {
561 0xcf,0x15,0x1d,0x4f,0x96,0xe4,0x4f,0x63,
562 0x15,0x54,0x14,0x1d,0x4e,0xd8,0xd5,0xea };
564 /* AES Known Ciphertext (192-bit key). */
565 static const PRUint8 aes_ecb192_known_ciphertext[] = {
566 0xa0,0x18,0x62,0xed,0x88,0x19,0xcb,0x62,
567 0x88,0x1d,0x4d,0xfe,0x84,0x02,0x89,0x0e };
569 static const PRUint8 aes_cbc192_known_ciphertext[] = {
570 0x83,0xf7,0xa4,0x76,0xd1,0x6f,0x07,0xbe,
571 0x07,0xbc,0x43,0x2f,0x6d,0xad,0x29,0xe1 };
573 /* AES Known Ciphertext (256-bit key). */
574 static const PRUint8 aes_ecb256_known_ciphertext[] = {
575 0xdb,0xa6,0x52,0x01,0x8a,0x70,0xae,0x66,
576 0x3a,0x99,0xd8,0x95,0x7f,0xfb,0x01,0x67 };
578 static const PRUint8 aes_cbc256_known_ciphertext[] = {
579 0x37,0xea,0x07,0x06,0x31,0x1c,0x59,0x27,
580 0xc5,0xc5,0x68,0x71,0x6e,0x34,0x40,0x16 };
582 const PRUint8 *aes_ecb_known_ciphertext =
583 ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext :
584 ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext :
585 aes_ecb256_known_ciphertext;
587 const PRUint8 *aes_cbc_known_ciphertext =
588 ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext :
589 ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext :
590 aes_cbc256_known_ciphertext;
592 /* AES variables. */
593 PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH];
594 PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH];
595 AESContext * aes_context;
596 unsigned int aes_bytes_encrypted;
597 unsigned int aes_bytes_decrypted;
598 SECStatus aes_status;
600 /*check if aes_key_size is 128, 192, or 256 bits */
601 if ((aes_key_size != FIPS_AES_128_KEY_SIZE) &&
602 (aes_key_size != FIPS_AES_192_KEY_SIZE) &&
603 (aes_key_size != FIPS_AES_256_KEY_SIZE))
604 return( CKR_DEVICE_ERROR );
606 /******************************************************/
607 /* AES-ECB Single-Round Known Answer Encryption Test: */
608 /******************************************************/
610 aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_TRUE,
611 aes_key_size, FIPS_AES_BLOCK_SIZE );
613 if( aes_context == NULL )
614 return( CKR_HOST_MEMORY );
616 aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
617 &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
618 aes_known_plaintext,
619 FIPS_AES_DECRYPT_LENGTH );
621 AES_DestroyContext( aes_context, PR_TRUE );
623 if( ( aes_status != SECSuccess ) ||
624 ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
625 ( PORT_Memcmp( aes_computed_ciphertext, aes_ecb_known_ciphertext,
626 FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
627 return( CKR_DEVICE_ERROR );
630 /******************************************************/
631 /* AES-ECB Single-Round Known Answer Decryption Test: */
632 /******************************************************/
634 aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_FALSE,
635 aes_key_size, FIPS_AES_BLOCK_SIZE );
637 if( aes_context == NULL )
638 return( CKR_HOST_MEMORY );
640 aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
641 &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
642 aes_ecb_known_ciphertext,
643 FIPS_AES_ENCRYPT_LENGTH );
645 AES_DestroyContext( aes_context, PR_TRUE );
647 if( ( aes_status != SECSuccess ) ||
648 ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
649 ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
650 FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
651 return( CKR_DEVICE_ERROR );
654 /******************************************************/
655 /* AES-CBC Single-Round Known Answer Encryption Test. */
656 /******************************************************/
658 aes_context = AES_CreateContext( aes_known_key,
659 aes_cbc_known_initialization_vector,
660 NSS_AES_CBC, PR_TRUE, aes_key_size,
661 FIPS_AES_BLOCK_SIZE );
663 if( aes_context == NULL )
664 return( CKR_HOST_MEMORY );
666 aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
667 &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
668 aes_known_plaintext,
669 FIPS_AES_DECRYPT_LENGTH );
671 AES_DestroyContext( aes_context, PR_TRUE );
673 if( ( aes_status != SECSuccess ) ||
674 ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
675 ( PORT_Memcmp( aes_computed_ciphertext, aes_cbc_known_ciphertext,
676 FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
677 return( CKR_DEVICE_ERROR );
680 /******************************************************/
681 /* AES-CBC Single-Round Known Answer Decryption Test. */
682 /******************************************************/
684 aes_context = AES_CreateContext( aes_known_key,
685 aes_cbc_known_initialization_vector,
686 NSS_AES_CBC, PR_FALSE, aes_key_size,
687 FIPS_AES_BLOCK_SIZE );
689 if( aes_context == NULL )
690 return( CKR_HOST_MEMORY );
692 aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
693 &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
694 aes_cbc_known_ciphertext,
695 FIPS_AES_ENCRYPT_LENGTH );
697 AES_DestroyContext( aes_context, PR_TRUE );
699 if( ( aes_status != SECSuccess ) ||
700 ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
701 ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
702 FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
703 return( CKR_DEVICE_ERROR );
705 return( CKR_OK );
706 }
708 /* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */
709 static const PRUint8 known_hash_message[] = {
710 "The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
713 static CK_RV
714 sftk_fips_MD2_PowerUpSelfTest( void )
715 {
716 /* MD2 Known Digest Message (128-bits). */
717 static const PRUint8 md2_known_digest[] = {
718 0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17,
719 0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b};
721 /* MD2 variables. */
722 MD2Context * md2_context;
723 unsigned int md2_bytes_hashed;
724 PRUint8 md2_computed_digest[MD2_LENGTH];
727 /***********************************************/
728 /* MD2 Single-Round Known Answer Hashing Test. */
729 /***********************************************/
731 md2_context = MD2_NewContext();
733 if( md2_context == NULL )
734 return( CKR_HOST_MEMORY );
736 MD2_Begin( md2_context );
738 MD2_Update( md2_context, known_hash_message,
739 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
741 MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH );
743 MD2_DestroyContext( md2_context , PR_TRUE );
745 if( ( md2_bytes_hashed != MD2_LENGTH ) ||
746 ( PORT_Memcmp( md2_computed_digest, md2_known_digest,
747 MD2_LENGTH ) != 0 ) )
748 return( CKR_DEVICE_ERROR );
750 return( CKR_OK );
751 }
754 static CK_RV
755 sftk_fips_MD5_PowerUpSelfTest( void )
756 {
757 /* MD5 Known Digest Message (128-bits). */
758 static const PRUint8 md5_known_digest[] = {
759 0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28,
760 0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d};
762 /* MD5 variables. */
763 PRUint8 md5_computed_digest[MD5_LENGTH];
764 SECStatus md5_status;
767 /***********************************************/
768 /* MD5 Single-Round Known Answer Hashing Test. */
769 /***********************************************/
771 md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message,
772 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
774 if( ( md5_status != SECSuccess ) ||
775 ( PORT_Memcmp( md5_computed_digest, md5_known_digest,
776 MD5_LENGTH ) != 0 ) )
777 return( CKR_DEVICE_ERROR );
779 return( CKR_OK );
780 }
782 /****************************************************/
783 /* Single Round HMAC SHA-X test */
784 /****************************************************/
785 static SECStatus
786 sftk_fips_HMAC(unsigned char *hmac_computed,
787 const PRUint8 *secret_key,
788 unsigned int secret_key_length,
789 const PRUint8 *message,
790 unsigned int message_length,
791 HASH_HashType hashAlg )
792 {
793 SECStatus hmac_status = SECFailure;
794 HMACContext *cx = NULL;
795 SECHashObject *hashObj = NULL;
796 unsigned int bytes_hashed = 0;
798 hashObj = (SECHashObject *) HASH_GetRawHashObject(hashAlg);
800 if (!hashObj)
801 return( SECFailure );
803 cx = HMAC_Create(hashObj, secret_key,
804 secret_key_length,
805 PR_TRUE); /* PR_TRUE for in FIPS mode */
807 if (cx == NULL)
808 return( SECFailure );
810 HMAC_Begin(cx);
811 HMAC_Update(cx, message, message_length);
812 hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
813 hashObj->length);
815 HMAC_Destroy(cx, PR_TRUE);
817 return( hmac_status );
818 }
820 static CK_RV
821 sftk_fips_HMAC_PowerUpSelfTest( void )
822 {
823 static const PRUint8 HMAC_known_secret_key[] = {
824 "Firefox and ThunderBird are awesome!"};
826 static const PRUint8 HMAC_known_secret_key_length
827 = sizeof HMAC_known_secret_key;
829 /* known SHA1 hmac (20 bytes) */
830 static const PRUint8 known_SHA1_hmac[] = {
831 0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05,
832 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
833 0x5d, 0x0e, 0x1e, 0x11};
835 /* known SHA224 hmac (28 bytes) */
836 static const PRUint8 known_SHA224_hmac[] = {
837 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
838 0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
839 0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
840 0x9a, 0xb8, 0x98, 0x4e};
842 /* known SHA256 hmac (32 bytes) */
843 static const PRUint8 known_SHA256_hmac[] = {
844 0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44,
845 0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0,
846 0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9,
847 0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48};
849 /* known SHA384 hmac (48 bytes) */
850 static const PRUint8 known_SHA384_hmac[] = {
851 0xcd, 0x56, 0x14, 0xec, 0x05, 0x53, 0x06, 0x2b,
852 0x7e, 0x9c, 0x8a, 0x18, 0x5e, 0xea, 0xf3, 0x91,
853 0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b,
854 0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d,
855 0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa,
856 0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87};
858 /* known SHA512 hmac (64 bytes) */
859 static const PRUint8 known_SHA512_hmac[] = {
860 0xf6, 0x0e, 0x97, 0x12, 0x00, 0x67, 0x6e, 0xb9,
861 0x0c, 0xb2, 0x63, 0xf0, 0x60, 0xac, 0x75, 0x62,
862 0x70, 0x95, 0x2a, 0x52, 0x22, 0xee, 0xdd, 0xd2,
863 0x71, 0xb1, 0xe8, 0x26, 0x33, 0xd3, 0x13, 0x27,
864 0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb,
865 0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1,
866 0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4,
867 0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37};
869 SECStatus hmac_status;
870 PRUint8 hmac_computed[HASH_LENGTH_MAX];
872 /***************************************************/
873 /* HMAC SHA-1 Single-Round Known Answer HMAC Test. */
874 /***************************************************/
876 hmac_status = sftk_fips_HMAC(hmac_computed,
877 HMAC_known_secret_key,
878 HMAC_known_secret_key_length,
879 known_hash_message,
880 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
881 HASH_AlgSHA1);
883 if( ( hmac_status != SECSuccess ) ||
884 ( PORT_Memcmp( hmac_computed, known_SHA1_hmac,
885 SHA1_LENGTH ) != 0 ) )
886 return( CKR_DEVICE_ERROR );
888 /***************************************************/
889 /* HMAC SHA-224 Single-Round Known Answer Test. */
890 /***************************************************/
892 hmac_status = sftk_fips_HMAC(hmac_computed,
893 HMAC_known_secret_key,
894 HMAC_known_secret_key_length,
895 known_hash_message,
896 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
897 HASH_AlgSHA224);
899 if( ( hmac_status != SECSuccess ) ||
900 ( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
901 SHA224_LENGTH ) != 0 ) )
902 return( CKR_DEVICE_ERROR );
904 /***************************************************/
905 /* HMAC SHA-256 Single-Round Known Answer Test. */
906 /***************************************************/
908 hmac_status = sftk_fips_HMAC(hmac_computed,
909 HMAC_known_secret_key,
910 HMAC_known_secret_key_length,
911 known_hash_message,
912 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
913 HASH_AlgSHA256);
915 if( ( hmac_status != SECSuccess ) ||
916 ( PORT_Memcmp( hmac_computed, known_SHA256_hmac,
917 SHA256_LENGTH ) != 0 ) )
918 return( CKR_DEVICE_ERROR );
920 /***************************************************/
921 /* HMAC SHA-384 Single-Round Known Answer Test. */
922 /***************************************************/
924 hmac_status = sftk_fips_HMAC(hmac_computed,
925 HMAC_known_secret_key,
926 HMAC_known_secret_key_length,
927 known_hash_message,
928 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
929 HASH_AlgSHA384);
931 if( ( hmac_status != SECSuccess ) ||
932 ( PORT_Memcmp( hmac_computed, known_SHA384_hmac,
933 SHA384_LENGTH ) != 0 ) )
934 return( CKR_DEVICE_ERROR );
936 /***************************************************/
937 /* HMAC SHA-512 Single-Round Known Answer Test. */
938 /***************************************************/
940 hmac_status = sftk_fips_HMAC(hmac_computed,
941 HMAC_known_secret_key,
942 HMAC_known_secret_key_length,
943 known_hash_message,
944 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
945 HASH_AlgSHA512);
947 if( ( hmac_status != SECSuccess ) ||
948 ( PORT_Memcmp( hmac_computed, known_SHA512_hmac,
949 SHA512_LENGTH ) != 0 ) )
950 return( CKR_DEVICE_ERROR );
952 return( CKR_OK );
953 }
955 static CK_RV
956 sftk_fips_SHA_PowerUpSelfTest( void )
957 {
958 /* SHA-1 Known Digest Message (160-bits). */
959 static const PRUint8 sha1_known_digest[] = {
960 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
961 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
962 0xe0,0x68,0x47,0x7a};
964 /* SHA-224 Known Digest Message (224-bits). */
965 static const PRUint8 sha224_known_digest[] = {
966 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
967 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
968 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
969 0x8e,0x08,0xe5,0xcb};
971 /* SHA-256 Known Digest Message (256-bits). */
972 static const PRUint8 sha256_known_digest[] = {
973 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
974 0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d,
975 0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9,
976 0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79};
978 /* SHA-384 Known Digest Message (384-bits). */
979 static const PRUint8 sha384_known_digest[] = {
980 0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3,
981 0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe,
982 0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8,
983 0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b,
984 0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3,
985 0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72};
987 /* SHA-512 Known Digest Message (512-bits). */
988 static const PRUint8 sha512_known_digest[] = {
989 0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf,
990 0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb,
991 0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99,
992 0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28,
993 0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12,
994 0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f,
995 0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a,
996 0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07};
998 /* SHA-X variables. */
999 PRUint8 sha_computed_digest[HASH_LENGTH_MAX];
1000 SECStatus sha_status;
1002 /*************************************************/
1003 /* SHA-1 Single-Round Known Answer Hashing Test. */
1004 /*************************************************/
1006 sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message,
1007 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1009 if( ( sha_status != SECSuccess ) ||
1010 ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
1011 SHA1_LENGTH ) != 0 ) )
1012 return( CKR_DEVICE_ERROR );
1014 /***************************************************/
1015 /* SHA-224 Single-Round Known Answer Hashing Test. */
1016 /***************************************************/
1018 sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
1019 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1021 if( ( sha_status != SECSuccess ) ||
1022 ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
1023 SHA224_LENGTH ) != 0 ) )
1024 return( CKR_DEVICE_ERROR );
1026 /***************************************************/
1027 /* SHA-256 Single-Round Known Answer Hashing Test. */
1028 /***************************************************/
1030 sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message,
1031 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1033 if( ( sha_status != SECSuccess ) ||
1034 ( PORT_Memcmp( sha_computed_digest, sha256_known_digest,
1035 SHA256_LENGTH ) != 0 ) )
1036 return( CKR_DEVICE_ERROR );
1038 /***************************************************/
1039 /* SHA-384 Single-Round Known Answer Hashing Test. */
1040 /***************************************************/
1042 sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message,
1043 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1045 if( ( sha_status != SECSuccess ) ||
1046 ( PORT_Memcmp( sha_computed_digest, sha384_known_digest,
1047 SHA384_LENGTH ) != 0 ) )
1048 return( CKR_DEVICE_ERROR );
1050 /***************************************************/
1051 /* SHA-512 Single-Round Known Answer Hashing Test. */
1052 /***************************************************/
1054 sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message,
1055 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1057 if( ( sha_status != SECSuccess ) ||
1058 ( PORT_Memcmp( sha_computed_digest, sha512_known_digest,
1059 SHA512_LENGTH ) != 0 ) )
1060 return( CKR_DEVICE_ERROR );
1062 return( CKR_OK );
1063 }
1065 /*
1066 * Single round RSA Signature Known Answer Test
1067 */
1068 static SECStatus
1069 sftk_fips_RSA_PowerUpSigSelfTest (HASH_HashType shaAlg,
1070 NSSLOWKEYPublicKey *rsa_public_key,
1071 NSSLOWKEYPrivateKey *rsa_private_key,
1072 const unsigned char *rsa_known_msg,
1073 const unsigned int rsa_kmsg_length,
1074 const unsigned char *rsa_known_signature)
1075 {
1076 SECOidTag shaOid; /* SHA OID */
1077 unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
1078 unsigned int shaLength = 0; /* length of SHA */
1079 unsigned int rsa_bytes_signed;
1080 unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
1081 SECStatus rv;
1083 if (shaAlg == HASH_AlgSHA1) {
1084 if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1085 != SECSuccess) {
1086 goto loser;
1087 }
1088 shaLength = SHA1_LENGTH;
1089 shaOid = SEC_OID_SHA1;
1090 } else if (shaAlg == HASH_AlgSHA256) {
1091 if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1092 != SECSuccess) {
1093 goto loser;
1094 }
1095 shaLength = SHA256_LENGTH;
1096 shaOid = SEC_OID_SHA256;
1097 } else if (shaAlg == HASH_AlgSHA384) {
1098 if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1099 != SECSuccess) {
1100 goto loser;
1101 }
1102 shaLength = SHA384_LENGTH;
1103 shaOid = SEC_OID_SHA384;
1104 } else if (shaAlg == HASH_AlgSHA512) {
1105 if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1106 != SECSuccess) {
1107 goto loser;
1108 }
1109 shaLength = SHA512_LENGTH;
1110 shaOid = SEC_OID_SHA512;
1111 } else {
1112 goto loser;
1113 }
1115 /*************************************************/
1116 /* RSA Single-Round Known Answer Signature Test. */
1117 /*************************************************/
1119 /* Perform RSA signature with the RSA private key. */
1120 rv = RSA_HashSign( shaOid,
1121 rsa_private_key,
1122 rsa_computed_signature,
1123 &rsa_bytes_signed,
1124 FIPS_RSA_SIGNATURE_LENGTH,
1125 sha,
1126 shaLength);
1128 if( ( rv != SECSuccess ) ||
1129 ( rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH ) ||
1130 ( PORT_Memcmp( rsa_computed_signature, rsa_known_signature,
1131 FIPS_RSA_SIGNATURE_LENGTH ) != 0 ) ) {
1132 goto loser;
1133 }
1135 /****************************************************/
1136 /* RSA Single-Round Known Answer Verification Test. */
1137 /****************************************************/
1139 /* Perform RSA verification with the RSA public key. */
1140 rv = RSA_HashCheckSign( shaOid,
1141 rsa_public_key,
1142 rsa_computed_signature,
1143 rsa_bytes_signed,
1144 sha,
1145 shaLength);
1147 if( rv != SECSuccess ) {
1148 goto loser;
1149 }
1150 return( SECSuccess );
1152 loser:
1154 return( SECFailure );
1156 }
1158 static CK_RV
1159 sftk_fips_RSA_PowerUpSelfTest( void )
1160 {
1161 /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */
1162 static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
1163 0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
1164 0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
1165 0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
1166 0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
1167 0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
1168 0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
1169 0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
1170 0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
1171 0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
1172 0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
1173 0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
1174 0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
1175 0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
1176 0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
1177 0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
1178 0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
1179 0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
1180 0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
1181 0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
1182 0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
1183 0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
1184 0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
1185 0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
1186 0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
1187 0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
1188 0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
1189 0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
1190 0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
1191 0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
1192 0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
1193 0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
1194 0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b};
1196 /* RSA Known Public Key Values (24-bits). */
1197 static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH]
1198 = { 0x01, 0x00, 0x01 };
1199 /* RSA Known Private Key Values (version is 8-bits), */
1200 /* (private exponent is 2048-bits), */
1201 /* (private prime0 is 1024-bits), */
1202 /* (private prime1 is 1024-bits), */
1203 /* (private prime exponent0 is 1024-bits), */
1204 /* (private prime exponent1 is 1024-bits), */
1205 /* and (private coefficient is 1024-bits). */
1206 static const PRUint8 rsa_version[] = { 0x00 };
1208 static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH]
1209 = {0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
1210 0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
1211 0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
1212 0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
1213 0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
1214 0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
1215 0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
1216 0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
1217 0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
1218 0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
1219 0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
1220 0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
1221 0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
1222 0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
1223 0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
1224 0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
1225 0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
1226 0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
1227 0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
1228 0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
1229 0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
1230 0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
1231 0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
1232 0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
1233 0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
1234 0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
1235 0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
1236 0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
1237 0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
1238 0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
1239 0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
1240 0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81 };
1242 static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
1243 0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
1244 0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
1245 0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
1246 0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
1247 0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
1248 0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
1249 0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
1250 0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
1251 0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
1252 0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
1253 0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
1254 0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
1255 0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
1256 0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
1257 0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
1258 0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05};
1259 static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
1260 0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
1261 0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
1262 0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
1263 0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
1264 0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
1265 0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
1266 0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
1267 0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
1268 0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
1269 0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
1270 0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
1271 0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
1272 0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
1273 0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
1274 0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
1275 0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf};
1276 static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
1277 0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
1278 0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
1279 0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
1280 0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
1281 0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
1282 0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
1283 0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
1284 0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
1285 0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
1286 0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
1287 0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
1288 0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
1289 0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
1290 0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
1291 0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
1292 0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d};
1293 static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
1294 0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
1295 0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
1296 0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
1297 0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
1298 0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
1299 0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
1300 0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
1301 0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
1302 0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
1303 0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
1304 0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
1305 0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
1306 0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
1307 0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
1308 0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
1309 0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59};
1310 static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
1311 0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
1312 0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
1313 0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
1314 0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
1315 0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
1316 0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
1317 0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
1318 0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
1319 0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
1320 0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
1321 0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
1322 0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
1323 0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
1324 0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
1325 0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
1326 0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02};
1328 /* RSA Known Plaintext Message (1024-bits). */
1329 static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
1330 "Known plaintext message utilized"
1331 "for RSA Encryption & Decryption"
1332 "blocks SHA256, SHA384 and "
1333 "SHA512 RSA Signature KAT tests. "
1334 "Known plaintext message utilized"
1335 "for RSA Encryption & Decryption"
1336 "blocks SHA256, SHA384 and "
1337 "SHA512 RSA Signature KAT tests."};
1339 /* RSA Known Ciphertext (2048-bits). */
1340 static const PRUint8 rsa_known_ciphertext[] = {
1341 0x04, 0x12, 0x46, 0xe3, 0x6a, 0xee, 0xde, 0xdd,
1342 0x49, 0xa1, 0xd9, 0x83, 0xf7, 0x35, 0xf9, 0x70,
1343 0x88, 0x03, 0x2d, 0x01, 0x8b, 0xd1, 0xbf, 0xdb,
1344 0xe5, 0x1c, 0x85, 0xbe, 0xb5, 0x0b, 0x48, 0x45,
1345 0x7a, 0xf0, 0xa0, 0xe3, 0xa2, 0xbb, 0x4b, 0xf6,
1346 0x27, 0xd0, 0x1b, 0x12, 0xe3, 0x77, 0x52, 0x34,
1347 0x9e, 0x8e, 0x03, 0xd2, 0xf8, 0x79, 0x6e, 0x39,
1348 0x79, 0x53, 0x3c, 0x44, 0x14, 0x94, 0xbb, 0x8d,
1349 0xaa, 0x14, 0x44, 0xa0, 0x7b, 0xa5, 0x8c, 0x93,
1350 0x5f, 0x99, 0xa4, 0xa3, 0x6e, 0x7a, 0x38, 0x40,
1351 0x78, 0xfa, 0x36, 0x91, 0x5e, 0x9a, 0x9c, 0xba,
1352 0x1e, 0xd4, 0xf9, 0xda, 0x4b, 0x0f, 0xa8, 0xa3,
1353 0x1c, 0xf3, 0x3a, 0xd1, 0xa5, 0xb4, 0x51, 0x16,
1354 0xed, 0x4b, 0xcf, 0xec, 0x93, 0x7b, 0x90, 0x21,
1355 0xbc, 0x3a, 0xf4, 0x0b, 0xd1, 0x3a, 0x2b, 0xba,
1356 0xa6, 0x7d, 0x5b, 0x53, 0xd8, 0x64, 0xf9, 0x29,
1357 0x7b, 0x7f, 0x77, 0x3e, 0x51, 0x4c, 0x9a, 0x94,
1358 0xd2, 0x4b, 0x4a, 0x8d, 0x61, 0x74, 0x97, 0xae,
1359 0x53, 0x6a, 0xf4, 0x90, 0xc2, 0x2c, 0x49, 0xe2,
1360 0xfa, 0xeb, 0x91, 0xc5, 0xe5, 0x83, 0x13, 0xc9,
1361 0x44, 0x4b, 0x95, 0x2c, 0x57, 0x70, 0x15, 0x5c,
1362 0x64, 0x8d, 0x1a, 0xfd, 0x2a, 0xc7, 0xb2, 0x9c,
1363 0x5c, 0x99, 0xd3, 0x4a, 0xfd, 0xdd, 0xf6, 0x82,
1364 0x87, 0x8c, 0x5a, 0xc4, 0xa8, 0x0d, 0x2a, 0xef,
1365 0xc3, 0xa2, 0x7e, 0x8e, 0x67, 0x9f, 0x6f, 0x63,
1366 0xdb, 0xbb, 0x1d, 0x31, 0xc4, 0xbb, 0xbc, 0x13,
1367 0x3f, 0x54, 0xc6, 0xf6, 0xc5, 0x28, 0x32, 0xab,
1368 0x96, 0x42, 0x10, 0x36, 0x40, 0x92, 0xbb, 0x57,
1369 0x55, 0x38, 0xf5, 0x43, 0x7e, 0x43, 0xc4, 0x65,
1370 0x47, 0x64, 0xaa, 0x0f, 0x4c, 0xe9, 0x49, 0x16,
1371 0xec, 0x6a, 0x50, 0xfd, 0x14, 0x49, 0xca, 0xdb,
1372 0x44, 0x54, 0xca, 0xbe, 0xa3, 0x0e, 0x5f, 0xef};
1374 /* RSA Known Signed Hash (2048-bits). */
1375 static const PRUint8 rsa_known_sha256_signature[] = {
1376 0x8c, 0x2d, 0x2e, 0xfb, 0x37, 0xb5, 0x6f, 0x38,
1377 0x9f, 0x06, 0x5a, 0xf3, 0x8c, 0xa0, 0xd0, 0x7a,
1378 0xde, 0xcf, 0xf9, 0x14, 0x95, 0x59, 0xd3, 0x5f,
1379 0x51, 0x5d, 0x5d, 0xad, 0xd8, 0x71, 0x33, 0x50,
1380 0x1d, 0x03, 0x3b, 0x3a, 0x32, 0x00, 0xb4, 0xde,
1381 0x7f, 0xe4, 0xb1, 0xe5, 0x6b, 0x83, 0xf4, 0x80,
1382 0x10, 0x3b, 0xb8, 0x8a, 0xdb, 0xe8, 0x0a, 0x42,
1383 0x9e, 0x8d, 0xd7, 0xbe, 0xed, 0xde, 0x5a, 0x3d,
1384 0xc6, 0xdb, 0xfe, 0x49, 0x6a, 0xe9, 0x1e, 0x75,
1385 0x66, 0xf1, 0x3f, 0x9e, 0x3f, 0xff, 0x05, 0x65,
1386 0xde, 0xca, 0x62, 0x62, 0xf3, 0xec, 0x53, 0x09,
1387 0xa0, 0x37, 0xd5, 0x66, 0x62, 0x72, 0x14, 0xb6,
1388 0x51, 0x32, 0x67, 0x50, 0xc1, 0xe1, 0x2f, 0x9e,
1389 0x98, 0x4e, 0x53, 0x96, 0x55, 0x4b, 0xc4, 0x92,
1390 0xc3, 0xb4, 0x80, 0xf0, 0x35, 0xc9, 0x00, 0x4b,
1391 0x5c, 0x85, 0x92, 0xb1, 0xe8, 0x6e, 0xa5, 0x51,
1392 0x38, 0x9f, 0xc9, 0x11, 0xb6, 0x14, 0xdf, 0x34,
1393 0x64, 0x40, 0x82, 0x82, 0xde, 0x16, 0x69, 0x93,
1394 0x89, 0x4e, 0x5c, 0x32, 0xf2, 0x0a, 0x4e, 0x9e,
1395 0xbd, 0x63, 0x99, 0x4f, 0xf3, 0x15, 0x90, 0xc2,
1396 0xfe, 0x6f, 0xb7, 0xf4, 0xad, 0xd4, 0x8e, 0x0b,
1397 0xd2, 0xf5, 0x22, 0xd2, 0x71, 0x65, 0x13, 0xf7,
1398 0x82, 0x7b, 0x75, 0xb6, 0xc1, 0xb4, 0x45, 0xbd,
1399 0x8f, 0x95, 0xcf, 0x5b, 0x95, 0x32, 0xef, 0x18,
1400 0x5f, 0xd3, 0xdf, 0x7e, 0x22, 0xdd, 0x25, 0xeb,
1401 0xe1, 0xbf, 0x3b, 0x9a, 0x55, 0x75, 0x4f, 0x3c,
1402 0x38, 0x67, 0x57, 0x04, 0x04, 0x57, 0x27, 0xf6,
1403 0x34, 0x0e, 0x57, 0x8a, 0x7c, 0xff, 0x7d, 0xca,
1404 0x8c, 0x06, 0xf8, 0x9d, 0xdb, 0xe4, 0xd8, 0x19,
1405 0xdd, 0x4d, 0xfd, 0x8f, 0xa0, 0x06, 0x53, 0xe8,
1406 0x33, 0x00, 0x70, 0x3f, 0x6b, 0xc3, 0xbd, 0x9a,
1407 0x78, 0xb5, 0xa9, 0xef, 0x6d, 0xda, 0x67, 0x92};
1409 /* RSA Known Signed Hash (2048-bits). */
1410 static const PRUint8 rsa_known_sha384_signature[] = {
1411 0x20, 0x2d, 0x21, 0x3a, 0xaa, 0x1e, 0x05, 0x15,
1412 0x5c, 0xca, 0x84, 0x86, 0xc0, 0x15, 0x81, 0xdf,
1413 0xd4, 0x06, 0x9f, 0xe0, 0xc1, 0xed, 0xef, 0x0f,
1414 0xfe, 0xb3, 0xc3, 0xbb, 0x28, 0xa5, 0x56, 0xbf,
1415 0xe3, 0x11, 0x5c, 0xc2, 0xc0, 0x0b, 0xfa, 0xfa,
1416 0x3d, 0xd3, 0x06, 0x20, 0xe2, 0xc9, 0xe4, 0x66,
1417 0x28, 0xb7, 0xc0, 0x3b, 0x3c, 0x96, 0xc6, 0x49,
1418 0x3b, 0xcf, 0x86, 0x49, 0x31, 0xaf, 0x5b, 0xa3,
1419 0xec, 0x63, 0x10, 0xdf, 0xda, 0x2f, 0x68, 0xac,
1420 0x7b, 0x3a, 0x49, 0xfa, 0xe6, 0x0d, 0xfe, 0x37,
1421 0x17, 0x56, 0x8e, 0x5c, 0x48, 0x97, 0x43, 0xf7,
1422 0xa0, 0xbc, 0xe3, 0x4b, 0x42, 0xde, 0x58, 0x1d,
1423 0xd9, 0x5d, 0xb3, 0x08, 0x35, 0xbd, 0xa4, 0xe1,
1424 0x80, 0xc3, 0x64, 0xab, 0x21, 0x97, 0xad, 0xfb,
1425 0x71, 0xee, 0xa3, 0x3d, 0x9c, 0xaa, 0xfa, 0x16,
1426 0x60, 0x46, 0x32, 0xda, 0x44, 0x2e, 0x10, 0x92,
1427 0x20, 0xd8, 0x98, 0x80, 0x84, 0x75, 0x5b, 0x70,
1428 0x91, 0x00, 0x33, 0x19, 0x69, 0xc9, 0x2a, 0xec,
1429 0x3d, 0xe5, 0x5f, 0x0f, 0x9a, 0xa7, 0x97, 0x1f,
1430 0x79, 0xc3, 0x1d, 0x65, 0x74, 0x62, 0xc5, 0xa1,
1431 0x23, 0x65, 0x4b, 0x84, 0xa1, 0x03, 0x98, 0xf3,
1432 0xf1, 0x02, 0x24, 0xca, 0xe5, 0xd4, 0xc8, 0xa2,
1433 0x30, 0xad, 0x72, 0x7d, 0x29, 0x60, 0x1a, 0x8e,
1434 0x6f, 0x23, 0xa4, 0xda, 0x68, 0xa4, 0x45, 0x9c,
1435 0x39, 0x70, 0x44, 0x18, 0x4b, 0x73, 0xfe, 0xf8,
1436 0x33, 0x53, 0x1d, 0x7e, 0x93, 0x93, 0xac, 0xc7,
1437 0x1e, 0x6e, 0x6b, 0xfd, 0x9e, 0xba, 0xa6, 0x71,
1438 0x70, 0x47, 0x6a, 0xd6, 0x82, 0x32, 0xa2, 0x6e,
1439 0x20, 0x72, 0xb0, 0xba, 0xec, 0x91, 0xbb, 0x6b,
1440 0xcc, 0x84, 0x0a, 0x33, 0x2b, 0x8a, 0x8d, 0xeb,
1441 0x71, 0xcd, 0xca, 0x67, 0x1b, 0xad, 0x10, 0xd4,
1442 0xce, 0x4f, 0xc0, 0x29, 0xec, 0xfa, 0xed, 0xfa};
1444 /* RSA Known Signed Hash (2048-bits). */
1445 static const PRUint8 rsa_known_sha512_signature[] = {
1446 0x35, 0x0e, 0x74, 0x9d, 0xeb, 0xc7, 0x67, 0x31,
1447 0x9f, 0xff, 0x0b, 0xbb, 0x5e, 0x66, 0xb4, 0x2f,
1448 0xbf, 0x72, 0x60, 0x4f, 0xe9, 0xbd, 0xec, 0xc8,
1449 0x17, 0x79, 0x5f, 0x39, 0x83, 0xb4, 0x54, 0x2e,
1450 0x01, 0xb9, 0xd3, 0x20, 0x47, 0xcb, 0xd4, 0x42,
1451 0xf2, 0x6e, 0x36, 0xc1, 0x97, 0xad, 0xef, 0x8e,
1452 0xe6, 0x51, 0xee, 0x5e, 0x9e, 0x88, 0xb4, 0x9d,
1453 0xda, 0x3e, 0x77, 0x4b, 0xe8, 0xae, 0x48, 0x53,
1454 0x2c, 0xc4, 0xd3, 0x25, 0x6b, 0x23, 0xb7, 0x54,
1455 0x3c, 0x95, 0x8f, 0xfb, 0x6f, 0x6d, 0xc5, 0x56,
1456 0x39, 0x69, 0x28, 0x0e, 0x74, 0x9b, 0x31, 0xe8,
1457 0x76, 0x77, 0x2b, 0xc1, 0x44, 0x89, 0x81, 0x93,
1458 0xfc, 0xf6, 0xec, 0x5f, 0x8f, 0x89, 0xfc, 0x1d,
1459 0xa4, 0x53, 0x58, 0x8c, 0xe9, 0xc0, 0xc0, 0x26,
1460 0xe6, 0xdf, 0x6d, 0x27, 0xb1, 0x8e, 0x3e, 0xb6,
1461 0x47, 0xe1, 0x02, 0x96, 0xc2, 0x5f, 0x7f, 0x3d,
1462 0xc5, 0x6c, 0x2f, 0xea, 0xaa, 0x5e, 0x39, 0xfc,
1463 0x77, 0xca, 0x00, 0x02, 0x5c, 0x64, 0x7c, 0xce,
1464 0x7d, 0x63, 0x82, 0x05, 0xed, 0xf7, 0x5b, 0x55,
1465 0x58, 0xc0, 0xeb, 0x76, 0xd7, 0x95, 0x55, 0x37,
1466 0x85, 0x7d, 0x17, 0xad, 0xd2, 0x11, 0xfd, 0x97,
1467 0x48, 0xb5, 0xc2, 0x5e, 0xc7, 0x62, 0xc0, 0xe0,
1468 0x68, 0xa8, 0x61, 0x14, 0x41, 0xca, 0x25, 0x3a,
1469 0xec, 0x48, 0x54, 0x22, 0x83, 0x2b, 0x69, 0x54,
1470 0xfd, 0xc8, 0x99, 0x9a, 0xee, 0x37, 0x03, 0xa3,
1471 0x8f, 0x0f, 0x32, 0xb0, 0xaa, 0x74, 0x39, 0x04,
1472 0x7c, 0xd9, 0xc2, 0x8f, 0xbe, 0xf2, 0xc4, 0xbe,
1473 0xdd, 0x7a, 0x7a, 0x7f, 0x72, 0xd3, 0x80, 0x59,
1474 0x18, 0xa0, 0xa1, 0x2d, 0x6f, 0xa3, 0xa9, 0x48,
1475 0xed, 0x20, 0xa6, 0xea, 0xaa, 0x10, 0x83, 0x98,
1476 0x0c, 0x13, 0x69, 0x6e, 0xcd, 0x31, 0x6b, 0xd0,
1477 0x66, 0xa6, 0x5e, 0x30, 0x0c, 0x82, 0xd5, 0x81};
1479 static const RSAPublicKey bl_public_key = { NULL,
1480 { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1481 FIPS_RSA_MODULUS_LENGTH },
1482 { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1483 FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
1484 };
1485 static const RSAPrivateKey bl_private_key = { NULL,
1486 { FIPS_RSA_TYPE, (unsigned char *)rsa_version,
1487 FIPS_RSA_PRIVATE_VERSION_LENGTH },
1488 { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1489 FIPS_RSA_MODULUS_LENGTH },
1490 { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1491 FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
1492 { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
1493 FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
1494 { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
1495 FIPS_RSA_PRIME0_LENGTH },
1496 { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
1497 FIPS_RSA_PRIME1_LENGTH },
1498 { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
1499 FIPS_RSA_EXPONENT0_LENGTH },
1500 { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
1501 FIPS_RSA_EXPONENT1_LENGTH },
1502 { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
1503 FIPS_RSA_COEFFICIENT_LENGTH }
1504 };
1506 /* RSA variables. */
1507 #ifdef CREATE_TEMP_ARENAS
1508 PLArenaPool * rsa_public_arena;
1509 PLArenaPool * rsa_private_arena;
1510 #endif
1511 NSSLOWKEYPublicKey * rsa_public_key;
1512 NSSLOWKEYPrivateKey * rsa_private_key;
1513 SECStatus rsa_status;
1515 NSSLOWKEYPublicKey low_public_key = { NULL, NSSLOWKEYRSAKey, };
1516 NSSLOWKEYPrivateKey low_private_key = { NULL, NSSLOWKEYRSAKey, };
1517 PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
1518 PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
1520 /****************************************/
1521 /* Compose RSA Public/Private Key Pair. */
1522 /****************************************/
1524 low_public_key.u.rsa = bl_public_key;
1525 low_private_key.u.rsa = bl_private_key;
1527 rsa_public_key = &low_public_key;
1528 rsa_private_key = &low_private_key;
1530 #ifdef CREATE_TEMP_ARENAS
1531 /* Create some space for the RSA public key. */
1532 rsa_public_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
1534 if( rsa_public_arena == NULL ) {
1535 PORT_SetError( SEC_ERROR_NO_MEMORY );
1536 return( CKR_HOST_MEMORY );
1537 }
1539 /* Create some space for the RSA private key. */
1540 rsa_private_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
1542 if( rsa_private_arena == NULL ) {
1543 PORT_FreeArena( rsa_public_arena, PR_TRUE );
1544 PORT_SetError( SEC_ERROR_NO_MEMORY );
1545 return( CKR_HOST_MEMORY );
1546 }
1548 rsa_public_key->arena = rsa_public_arena;
1549 rsa_private_key->arena = rsa_private_arena;
1550 #endif
1552 /**************************************************/
1553 /* RSA Single-Round Known Answer Encryption Test. */
1554 /**************************************************/
1556 /* Perform RSA Public Key Encryption. */
1557 rsa_status = RSA_PublicKeyOp(&rsa_public_key->u.rsa,
1558 rsa_computed_ciphertext,
1559 rsa_known_plaintext_msg);
1561 if( ( rsa_status != SECSuccess ) ||
1562 ( PORT_Memcmp( rsa_computed_ciphertext, rsa_known_ciphertext,
1563 FIPS_RSA_ENCRYPT_LENGTH ) != 0 ) )
1564 goto rsa_loser;
1566 /**************************************************/
1567 /* RSA Single-Round Known Answer Decryption Test. */
1568 /**************************************************/
1570 /* Perform RSA Private Key Decryption. */
1571 rsa_status = RSA_PrivateKeyOp(&rsa_private_key->u.rsa,
1572 rsa_computed_plaintext,
1573 rsa_known_ciphertext);
1575 if( ( rsa_status != SECSuccess ) ||
1576 ( PORT_Memcmp( rsa_computed_plaintext, rsa_known_plaintext_msg,
1577 FIPS_RSA_DECRYPT_LENGTH ) != 0 ) )
1578 goto rsa_loser;
1580 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA256,
1581 rsa_public_key, rsa_private_key,
1582 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1583 rsa_known_sha256_signature);
1584 if( rsa_status != SECSuccess )
1585 goto rsa_loser;
1587 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA384,
1588 rsa_public_key, rsa_private_key,
1589 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1590 rsa_known_sha384_signature);
1591 if( rsa_status != SECSuccess )
1592 goto rsa_loser;
1594 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA512,
1595 rsa_public_key, rsa_private_key,
1596 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1597 rsa_known_sha512_signature);
1598 if( rsa_status != SECSuccess )
1599 goto rsa_loser;
1601 /* Dispose of all RSA key material. */
1602 nsslowkey_DestroyPublicKey( rsa_public_key );
1603 nsslowkey_DestroyPrivateKey( rsa_private_key );
1605 return( CKR_OK );
1607 rsa_loser:
1609 nsslowkey_DestroyPublicKey( rsa_public_key );
1610 nsslowkey_DestroyPrivateKey( rsa_private_key );
1612 return( CKR_DEVICE_ERROR );
1613 }
1615 #ifndef NSS_DISABLE_ECC
1617 static CK_RV
1618 sftk_fips_ECDSA_Test(const PRUint8 *encodedParams,
1619 unsigned int encodedParamsLen,
1620 const PRUint8 *knownSignature,
1621 unsigned int knownSignatureLen) {
1623 /* ECDSA Known Seed info for curves nistp256 and nistk283 */
1624 static const PRUint8 ecdsa_Known_Seed[] = {
1625 0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
1626 0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
1627 0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
1628 0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f};
1630 static const PRUint8 msg[] = {
1631 "Firefox and ThunderBird are awesome!"};
1633 unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */
1634 unsigned char sig[2*MAX_ECKEY_LEN];
1635 SECItem signature, digest;
1636 SECItem encodedparams;
1637 ECParams *ecparams = NULL;
1638 ECPrivateKey *ecdsa_private_key = NULL;
1639 ECPublicKey ecdsa_public_key;
1640 SECStatus ecdsaStatus = SECSuccess;
1642 /* construct the ECDSA private/public key pair */
1643 encodedparams.type = siBuffer;
1644 encodedparams.data = (unsigned char *) encodedParams;
1645 encodedparams.len = encodedParamsLen;
1647 if (EC_DecodeParams(&encodedparams, &ecparams) != SECSuccess) {
1648 return( CKR_DEVICE_ERROR );
1649 }
1651 /* Generates a new EC key pair. The private key is a supplied
1652 * random value (in seed) and the public key is the result of
1653 * performing a scalar point multiplication of that value with
1654 * the curve's base point.
1655 */
1656 ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key,
1657 ecdsa_Known_Seed,
1658 sizeof(ecdsa_Known_Seed));
1659 /* free the ecparams they are no longer needed */
1660 PORT_FreeArena(ecparams->arena, PR_FALSE);
1661 ecparams = NULL;
1662 if (ecdsaStatus != SECSuccess) {
1663 return ( CKR_DEVICE_ERROR );
1664 }
1666 /* construct public key from private key. */
1667 ecdsaStatus = EC_CopyParams(ecdsa_private_key->ecParams.arena,
1668 &ecdsa_public_key.ecParams,
1669 &ecdsa_private_key->ecParams);
1670 if (ecdsaStatus != SECSuccess) {
1671 goto loser;
1672 }
1673 ecdsa_public_key.publicValue = ecdsa_private_key->publicValue;
1675 /* validate public key value */
1676 ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams,
1677 &ecdsa_public_key.publicValue);
1678 if (ecdsaStatus != SECSuccess) {
1679 goto loser;
1680 }
1682 /* validate public key value */
1683 ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams,
1684 &ecdsa_private_key->publicValue);
1685 if (ecdsaStatus != SECSuccess) {
1686 goto loser;
1687 }
1689 /***************************************************/
1690 /* ECDSA Single-Round Known Answer Signature Test. */
1691 /***************************************************/
1693 ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg);
1694 if (ecdsaStatus != SECSuccess) {
1695 goto loser;
1696 }
1697 digest.type = siBuffer;
1698 digest.data = sha1;
1699 digest.len = SHA1_LENGTH;
1701 memset(sig, 0, sizeof sig);
1702 signature.type = siBuffer;
1703 signature.data = sig;
1704 signature.len = sizeof sig;
1706 ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature,
1707 &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed);
1708 if (ecdsaStatus != SECSuccess) {
1709 goto loser;
1710 }
1712 if( ( signature.len != knownSignatureLen ) ||
1713 ( PORT_Memcmp( signature.data, knownSignature,
1714 knownSignatureLen ) != 0 ) ) {
1715 ecdsaStatus = SECFailure;
1716 goto loser;
1717 }
1719 /******************************************************/
1720 /* ECDSA Single-Round Known Answer Verification Test. */
1721 /******************************************************/
1723 /* Perform ECDSA verification process. */
1724 ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest);
1726 loser:
1727 /* free the memory for the private key arena*/
1728 if (ecdsa_private_key != NULL) {
1729 PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE);
1730 }
1732 if (ecdsaStatus != SECSuccess) {
1733 return CKR_DEVICE_ERROR ;
1734 }
1735 return( CKR_OK );
1736 }
1738 static CK_RV
1739 sftk_fips_ECDSA_PowerUpSelfTest() {
1741 /* ECDSA Known curve nistp256 == SEC_OID_SECG_EC_SECP256R1 params */
1742 static const PRUint8 ecdsa_known_P256_EncodedParams[] = {
1743 0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,
1744 0x01,0x07};
1746 static const PRUint8 ecdsa_known_P256_signature[] = {
1747 0x07,0xb1,0xcb,0x57,0x20,0xa7,0x10,0xd6,
1748 0x9d,0x37,0x4b,0x1c,0xdc,0x35,0x90,0xff,
1749 0x1a,0x2d,0x98,0x95,0x1b,0x2f,0xeb,0x7f,
1750 0xbb,0x81,0xca,0xc0,0x69,0x75,0xea,0xc5,
1751 0x59,0x6a,0x62,0x49,0x3d,0x50,0xc9,0xe1,
1752 0x27,0x3b,0xff,0x9b,0x13,0x66,0x67,0xdd,
1753 0x7d,0xd1,0x0d,0x2d,0x7c,0x44,0x04,0x1b,
1754 0x16,0x21,0x12,0xc5,0xcb,0xbd,0x9e,0x75};
1756 #ifdef NSS_ECC_MORE_THAN_SUITE_B
1757 /* ECDSA Known curve nistk283 == SEC_OID_SECG_EC_SECT283K1 params */
1758 static const PRUint8 ecdsa_known_K283_EncodedParams[] = {
1759 0x06,0x05,0x2b,0x81,0x04,0x00,0x10};
1761 static const PRUint8 ecdsa_known_K283_signature[] = {
1762 0x00,0x45,0x88,0xc0,0x79,0x09,0x07,0xd1,
1763 0x4e,0x88,0xe6,0xd5,0x2f,0x22,0x04,0x74,
1764 0x35,0x24,0x65,0xe8,0x15,0xde,0x90,0x66,
1765 0x94,0x70,0xdd,0x3a,0x14,0x70,0x02,0xd1,
1766 0xef,0x86,0xbd,0x15,0x00,0xd9,0xdc,0xfc,
1767 0x87,0x2e,0x7c,0x99,0xe2,0xe3,0x79,0xb8,
1768 0xd9,0x10,0x49,0x78,0x4b,0x59,0x8b,0x05,
1769 0x77,0xec,0x6c,0xe8,0x35,0xe6,0x2e,0xa9,
1770 0xf9,0x77,0x1f,0x71,0x86,0xa5,0x4a,0xd0};
1771 #endif
1773 CK_RV crv;
1775 /* ECDSA GF(p) prime field curve test */
1776 crv = sftk_fips_ECDSA_Test(ecdsa_known_P256_EncodedParams,
1777 sizeof ecdsa_known_P256_EncodedParams,
1778 ecdsa_known_P256_signature,
1779 sizeof ecdsa_known_P256_signature );
1780 if (crv != CKR_OK) {
1781 return( CKR_DEVICE_ERROR );
1782 }
1784 #ifdef NSS_ECC_MORE_THAN_SUITE_B
1785 /* ECDSA GF(2m) binary field curve test */
1786 crv = sftk_fips_ECDSA_Test(ecdsa_known_K283_EncodedParams,
1787 sizeof ecdsa_known_K283_EncodedParams,
1788 ecdsa_known_K283_signature,
1789 sizeof ecdsa_known_K283_signature );
1790 if (crv != CKR_OK) {
1791 return( CKR_DEVICE_ERROR );
1792 }
1793 #endif
1795 return( CKR_OK );
1796 }
1798 #endif /* NSS_DISABLE_ECC */
1800 static CK_RV
1801 sftk_fips_DSA_PowerUpSelfTest( void )
1802 {
1803 /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */
1804 static const PRUint8 dsa_P[] = {
1805 0x80,0xb0,0xd1,0x9d,0x6e,0xa4,0xf3,0x28,
1806 0x9f,0x24,0xa9,0x8a,0x49,0xd0,0x0c,0x63,
1807 0xe8,0x59,0x04,0xf9,0x89,0x4a,0x5e,0xc0,
1808 0x6d,0xd2,0x67,0x6b,0x37,0x81,0x83,0x0c,
1809 0xfe,0x3a,0x8a,0xfd,0xa0,0x3b,0x08,0x91,
1810 0x1c,0xcb,0xb5,0x63,0xb0,0x1c,0x70,0xd0,
1811 0xae,0xe1,0x60,0x2e,0x12,0xeb,0x54,0xc7,
1812 0xcf,0xc6,0xcc,0xae,0x97,0x52,0x32,0x63,
1813 0xd3,0xeb,0x55,0xea,0x2f,0x4c,0xd5,0xd7,
1814 0x3f,0xda,0xec,0x49,0x27,0x0b,0x14,0x56,
1815 0xc5,0x09,0xbe,0x4d,0x09,0x15,0x75,0x2b,
1816 0xa3,0x42,0x0d,0x03,0x71,0xdf,0x0f,0xf4,
1817 0x0e,0xe9,0x0c,0x46,0x93,0x3d,0x3f,0xa6,
1818 0x6c,0xdb,0xca,0xe5,0xac,0x96,0xc8,0x64,
1819 0x5c,0xec,0x4b,0x35,0x65,0xfc,0xfb,0x5a,
1820 0x1b,0x04,0x1b,0xa1,0x0e,0xfd,0x88,0x15};
1822 static const PRUint8 dsa_Q[] = {
1823 0xad,0x22,0x59,0xdf,0xe5,0xec,0x4c,0x6e,
1824 0xf9,0x43,0xf0,0x4b,0x2d,0x50,0x51,0xc6,
1825 0x91,0x99,0x8b,0xcf};
1827 static const PRUint8 dsa_G[] = {
1828 0x78,0x6e,0xa9,0xd8,0xcd,0x4a,0x85,0xa4,
1829 0x45,0xb6,0x6e,0x5d,0x21,0x50,0x61,0xf6,
1830 0x5f,0xdf,0x5c,0x7a,0xde,0x0d,0x19,0xd3,
1831 0xc1,0x3b,0x14,0xcc,0x8e,0xed,0xdb,0x17,
1832 0xb6,0xca,0xba,0x86,0xa9,0xea,0x51,0x2d,
1833 0xc1,0xa9,0x16,0xda,0xf8,0x7b,0x59,0x8a,
1834 0xdf,0xcb,0xa4,0x67,0x00,0x44,0xea,0x24,
1835 0x73,0xe5,0xcb,0x4b,0xaf,0x2a,0x31,0x25,
1836 0x22,0x28,0x3f,0x16,0x10,0x82,0xf7,0xeb,
1837 0x94,0x0d,0xdd,0x09,0x22,0x14,0x08,0x79,
1838 0xba,0x11,0x0b,0xf1,0xff,0x2d,0x67,0xac,
1839 0xeb,0xb6,0x55,0x51,0x69,0x97,0xa7,0x25,
1840 0x6b,0x9c,0xa0,0x9b,0xd5,0x08,0x9b,0x27,
1841 0x42,0x1c,0x7a,0x69,0x57,0xe6,0x2e,0xed,
1842 0xa9,0x5b,0x25,0xe8,0x1f,0xd2,0xed,0x1f,
1843 0xdf,0xe7,0x80,0x17,0xba,0x0d,0x4d,0x38};
1845 /* DSA Known Random Values (known random key block is 160-bits) */
1846 /* and (known random signature block is 160-bits). */
1847 static const PRUint8 dsa_known_random_key_block[] = {
1848 "Mozilla Rules World!"};
1849 static const PRUint8 dsa_known_random_signature_block[] = {
1850 "Random DSA Signature"};
1852 /* DSA Known Digest (160-bits) */
1853 static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" };
1855 /* DSA Known Signature (320-bits). */
1856 static const PRUint8 dsa_known_signature[] = {
1857 0x25,0x7c,0x3a,0x79,0x32,0x45,0xb7,0x32,
1858 0x70,0xca,0x62,0x63,0x2b,0xf6,0x29,0x2c,
1859 0x22,0x2a,0x03,0xce,0x48,0x15,0x11,0x72,
1860 0x7b,0x7e,0xf5,0x7a,0xf3,0x10,0x3b,0xde,
1861 0x34,0xc1,0x9e,0xd7,0x27,0x9e,0x77,0x38};
1863 /* DSA variables. */
1864 DSAPrivateKey * dsa_private_key;
1865 SECStatus dsa_status;
1866 SECItem dsa_signature_item;
1867 SECItem dsa_digest_item;
1868 DSAPublicKey dsa_public_key;
1869 PRUint8 dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
1870 static const PQGParams dsa_pqg = { NULL,
1871 { FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PRIME_LENGTH },
1872 { FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SUBPRIME_LENGTH },
1873 { FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BASE_LENGTH }};
1875 /*******************************************/
1876 /* Generate a DSA public/private key pair. */
1877 /*******************************************/
1879 /* Generate a DSA public/private key pair. */
1880 dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block,
1881 &dsa_private_key);
1883 if( dsa_status != SECSuccess )
1884 return( CKR_HOST_MEMORY );
1886 /* construct public key from private key. */
1887 dsa_public_key.params = dsa_private_key->params;
1888 dsa_public_key.publicValue = dsa_private_key->publicValue;
1890 /*************************************************/
1891 /* DSA Single-Round Known Answer Signature Test. */
1892 /*************************************************/
1894 dsa_signature_item.data = dsa_computed_signature;
1895 dsa_signature_item.len = sizeof dsa_computed_signature;
1897 dsa_digest_item.data = (unsigned char *)dsa_known_digest;
1898 dsa_digest_item.len = SHA1_LENGTH;
1900 /* Perform DSA signature process. */
1901 dsa_status = DSA_SignDigestWithSeed( dsa_private_key,
1902 &dsa_signature_item,
1903 &dsa_digest_item,
1904 dsa_known_random_signature_block );
1906 if( ( dsa_status != SECSuccess ) ||
1907 ( dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH ) ||
1908 ( PORT_Memcmp( dsa_computed_signature, dsa_known_signature,
1909 FIPS_DSA_SIGNATURE_LENGTH ) != 0 ) ) {
1910 dsa_status = SECFailure;
1911 } else {
1913 /****************************************************/
1914 /* DSA Single-Round Known Answer Verification Test. */
1915 /****************************************************/
1917 /* Perform DSA verification process. */
1918 dsa_status = DSA_VerifyDigest( &dsa_public_key,
1919 &dsa_signature_item,
1920 &dsa_digest_item);
1921 }
1923 PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE);
1924 /* Don't free public key, it uses same arena as private key */
1926 /* Verify DSA signature. */
1927 if( dsa_status != SECSuccess )
1928 return( CKR_DEVICE_ERROR );
1930 return( CKR_OK );
1933 }
1935 static CK_RV
1936 sftk_fips_RNG_PowerUpSelfTest( void )
1937 {
1938 static const PRUint8 Q[] = {
1939 0x85,0x89,0x9c,0x77,0xa3,0x79,0xff,0x1a,
1940 0x86,0x6f,0x2f,0x3e,0x2e,0xf9,0x8c,0x9c,
1941 0x9d,0xef,0xeb,0xed};
1942 static const PRUint8 GENX[] = {
1943 0x65,0x48,0xe3,0xca,0xac,0x64,0x2d,0xf7,
1944 0x7b,0xd3,0x4e,0x79,0xc9,0x7d,0xa6,0xa8,
1945 0xa2,0xc2,0x1f,0x8f,0xe9,0xb9,0xd3,0xa1,
1946 0x3f,0xf7,0x0c,0xcd,0xa6,0xca,0xbf,0xce,
1947 0x84,0x0e,0xb6,0xf1,0x0d,0xbe,0xa9,0xa3};
1948 static const PRUint8 rng_known_DSAX[] = {
1949 0x7a,0x86,0xf1,0x7f,0xbd,0x4e,0x6e,0xd9,
1950 0x0a,0x26,0x21,0xd0,0x19,0xcb,0x86,0x73,
1951 0x10,0x1f,0x60,0xd7};
1955 SECStatus rng_status = SECSuccess;
1956 PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH];
1958 /*******************************************/
1959 /* Run the SP 800-90 Health tests */
1960 /*******************************************/
1961 rng_status = PRNGTEST_RunHealthTests();
1962 if (rng_status != SECSuccess) {
1963 return (CKR_DEVICE_ERROR);
1964 }
1966 /*******************************************/
1967 /* Generate DSAX fow given Q. */
1968 /*******************************************/
1970 rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
1972 /* Verify DSAX to perform the RNG integrity check */
1973 if( ( rng_status != SECSuccess ) ||
1974 ( PORT_Memcmp( DSAX, rng_known_DSAX,
1975 (FIPS_DSA_SUBPRIME_LENGTH) ) != 0 ) )
1976 return( CKR_DEVICE_ERROR );
1978 return( CKR_OK );
1979 }
1981 static CK_RV
1982 sftk_fipsSoftwareIntegrityTest(void)
1983 {
1984 CK_RV crv = CKR_OK;
1986 /* make sure that our check file signatures are OK */
1987 if( !BLAPI_VerifySelf( NULL ) ||
1988 !BLAPI_SHVerify( SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_fips_HMAC ) ) {
1989 crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
1990 }
1991 return crv;
1992 }
1994 CK_RV
1995 sftk_fipsPowerUpSelfTest( void )
1996 {
1997 CK_RV rv;
1999 /* RC2 Power-Up SelfTest(s). */
2000 rv = sftk_fips_RC2_PowerUpSelfTest();
2002 if( rv != CKR_OK )
2003 return rv;
2005 /* RC4 Power-Up SelfTest(s). */
2006 rv = sftk_fips_RC4_PowerUpSelfTest();
2008 if( rv != CKR_OK )
2009 return rv;
2011 /* DES Power-Up SelfTest(s). */
2012 rv = sftk_fips_DES_PowerUpSelfTest();
2014 if( rv != CKR_OK )
2015 return rv;
2017 /* DES3 Power-Up SelfTest(s). */
2018 rv = sftk_fips_DES3_PowerUpSelfTest();
2020 if( rv != CKR_OK )
2021 return rv;
2023 /* AES Power-Up SelfTest(s) for 128-bit key. */
2024 rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);
2026 if( rv != CKR_OK )
2027 return rv;
2029 /* AES Power-Up SelfTest(s) for 192-bit key. */
2030 rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);
2032 if( rv != CKR_OK )
2033 return rv;
2035 /* AES Power-Up SelfTest(s) for 256-bit key. */
2036 rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);
2038 if( rv != CKR_OK )
2039 return rv;
2041 /* MD2 Power-Up SelfTest(s). */
2042 rv = sftk_fips_MD2_PowerUpSelfTest();
2044 if( rv != CKR_OK )
2045 return rv;
2047 /* MD5 Power-Up SelfTest(s). */
2048 rv = sftk_fips_MD5_PowerUpSelfTest();
2050 if( rv != CKR_OK )
2051 return rv;
2053 /* SHA-X Power-Up SelfTest(s). */
2054 rv = sftk_fips_SHA_PowerUpSelfTest();
2056 if( rv != CKR_OK )
2057 return rv;
2059 /* HMAC SHA-X Power-Up SelfTest(s). */
2060 rv = sftk_fips_HMAC_PowerUpSelfTest();
2062 if( rv != CKR_OK )
2063 return rv;
2065 /* RSA Power-Up SelfTest(s). */
2066 rv = sftk_fips_RSA_PowerUpSelfTest();
2068 if( rv != CKR_OK )
2069 return rv;
2071 /* DSA Power-Up SelfTest(s). */
2072 rv = sftk_fips_DSA_PowerUpSelfTest();
2074 if( rv != CKR_OK )
2075 return rv;
2077 /* RNG Power-Up SelfTest(s). */
2078 rv = sftk_fips_RNG_PowerUpSelfTest();
2080 if( rv != CKR_OK )
2081 return rv;
2083 #ifndef NSS_DISABLE_ECC
2084 /* ECDSA Power-Up SelfTest(s). */
2085 rv = sftk_fips_ECDSA_PowerUpSelfTest();
2087 if( rv != CKR_OK )
2088 return rv;
2089 #endif
2091 /* Software/Firmware Integrity Test. */
2092 rv = sftk_fipsSoftwareIntegrityTest();
2094 if( rv != CKR_OK )
2095 return rv;
2097 /* Passed Power-Up SelfTest(s). */
2098 return( CKR_OK );
2099 }
