From 75071ce85cbfab128732d1d8606b1517e31fa34b Mon Sep 17 00:00:00 2001 From: "wtchang%redhat.com" Date: Mon, 8 May 2006 18:20:28 +0000 Subject: [PATCH] Bugzilla Bug 298522: implemented ECDSA power-up self-test. The patch was written by Glen Beasley of Sun. r=wtc. --- security/nss/lib/softoken/fipstest.c | 179 ++++++++++++++++++++++++++- 1 file changed, 177 insertions(+), 2 deletions(-) diff --git a/security/nss/lib/softoken/fipstest.c b/security/nss/lib/softoken/fipstest.c index a3258448ff9..7b8b09b471b 100644 --- a/security/nss/lib/softoken/fipstest.c +++ b/security/nss/lib/softoken/fipstest.c @@ -36,16 +36,27 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: fipstest.c,v 1.14 2006-04-21 17:13:50 wtchang%redhat.com Exp $ */ +/* $Id: fipstest.c,v 1.15 2006-05-08 18:20:28 wtchang%redhat.com Exp $ */ #include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */ /* DES-CBC, DES3-ECB, DES3-CBC, RSA */ /* and DSA. */ #include "seccomon.h" /* Required for RSA and DSA. */ -#include "lowkeyi.h" /* Required for RSA and DSA. */ +#include "lowkeyi.h" /* Required for RSA and DSA. */ #include "pkcs11.h" /* Required for PKCS #11. */ #include "secerr.h" +#ifdef NSS_ENABLE_ECC +#include "secdert.h" /* Required for ECDSA */ +#include "ec.h" /* Required for ECDSA */ +extern SECStatus +EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams); +extern SECStatus +EC_CopyParams(PRArenaPool *arena, ECParams *dstParams, + const ECParams *srcParams); +#endif + + /* FIPS preprocessor directives for RC2-ECB and RC2-CBC. */ #define FIPS_RC2_KEY_LENGTH 5 /* 40-bits */ #define FIPS_RC2_ENCRYPT_LENGTH 8 /* 64-bits */ @@ -1481,6 +1492,162 @@ rsa_loser: return( CKR_DEVICE_ERROR ); } +#ifdef NSS_ENABLE_ECC +static CK_RV +sftk_fips_ECDSA_PowerUpSelfTest() { + + /* ECDSA Known info for curve nistp256 */ + static const PRUint8 ecdsa_publicValue[] = { + EC_POINT_FORM_UNCOMPRESSED, + 0x07, 0xb1, 0xcb, 0x57, 0x20, 0xa7, 0x10, 0xd6, + 0x9d, 0x37, 0x4b, 0x1c, 0xdc, 0x35, 0x90, 0xff, + 0x1a, 0x2d, 0x98, 0x95, 0x1b, 0x2f, 0xeb, 0x7f, + 0xbb, 0x81, 0xca, 0xc0, 0x69, 0x75, 0xea, 0xc5, + 0xb8, 0x03, 0xe6, 0x89, 0xe5, 0x06, 0x55, 0x22, + 0x21, 0x0e, 0xcd, 0x1a, 0xf8, 0xc0, 0xd4, 0xa7, + 0x8f, 0x47, 0x81, 0x1e, 0x4a, 0x81, 0xb5, 0x41, + 0x3d, 0xa1, 0xf0, 0x4b, 0x65, 0xb4, 0x26, 0xe9}; + + static const PRUint8 ecdsa_privateValue[] = { + 0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11, + 0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1, + 0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc, + 0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f}; + + static const PRUint8 ecdsa_version[] = { 0x01 }; + + static const PRUint8 ecdsa_known_P256_signature[] = { + 0xa8, 0x6f, 0x0a, 0x04, 0x6b, 0x6c, 0x47, 0x0c, + 0x5a, 0xfd, 0xc6, 0x9f, 0xab, 0x65, 0x1d, 0x21, + 0xa5, 0x8f, 0x0d, 0xe6, 0xac, 0xaa, 0x63, 0xb6, + 0x7a, 0x39, 0x62, 0x4c, 0xae, 0xa1, 0x50, 0xb7, + 0x30, 0xa9, 0x88, 0xeb, 0x44, 0x94, 0xb7, 0x1f, + 0x23, 0x35, 0xe3, 0x52, 0x13, 0xd3, 0x46, 0xd0, + 0x54, 0xfd, 0x43, 0xdc, 0x3b, 0x7f, 0xf5, 0x60, + 0x92, 0xcc, 0x43, 0x67, 0x8c, 0xc5, 0xea, 0x75}; + + /* ECDSA Known curve nistp256 params */ + static const PRUint8 knownEncodedParams[] = { + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, + 0x01, 0x07}; + + static const PRUint8 ecdsa_Known_Seed[] = { + 0xe3, 0x2f, 0x50, 0x8d, 0xde, 0xd3, 0x55, 0x74, + 0xe7, 0x71, 0x86, 0x76, 0x3b, 0xeb, 0x84, 0x15, + 0x1b, 0x49, 0xf5, 0x18, 0xe5, 0x5f, 0x84, 0x7e, + 0x76, 0x16, 0x14, 0x4f, 0x79, 0x4f, 0xbb, 0xd6}; + + static const PRUint8 msg[] = { + "Firefox and ThunderBird are awesome!"}; + + unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */ + unsigned char sig[2*MAX_ECKEY_LEN]; + SECItem signature, digest; + SECItem encodedparams; + ECParams *ecparams; + ECPrivateKey ecdsa_private_key; + ECPublicKey ecdsa_public_key; + SECStatus ecdsaStatus = SECSuccess; + + /* construct the ECDSA private/public key pair */ + encodedparams.type = siBuffer; + encodedparams.data = (unsigned char *) knownEncodedParams; + encodedparams.len = sizeof knownEncodedParams; + if (EC_DecodeParams(&encodedparams, &ecparams) != SECSuccess) { + return( CKR_DEVICE_ERROR ); + } + + ecdsa_private_key.ecParams.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (ecdsa_private_key.ecParams.arena == NULL) { + PORT_FreeArena(ecparams->arena, PR_FALSE); + return CKR_HOST_MEMORY; + } + + ecdsaStatus = EC_CopyParams(ecdsa_private_key.ecParams.arena, + &ecdsa_private_key.ecParams, ecparams); + PORT_FreeArena(ecparams->arena, PR_FALSE); + + if (ecdsaStatus != SECSuccess) { + goto loser; + } + + ecdsa_private_key.publicValue.type = siBuffer; + ecdsa_private_key.publicValue.data = (unsigned char *)ecdsa_publicValue; + ecdsa_private_key.publicValue.len = sizeof ecdsa_publicValue; + + ecdsa_private_key.privateValue.type = siBuffer; + ecdsa_private_key.privateValue.data = (unsigned char *)ecdsa_privateValue; + ecdsa_private_key.privateValue.len = sizeof ecdsa_privateValue; + + ecdsa_private_key.version.type = siBuffer; + ecdsa_private_key.version.data = (unsigned char *)ecdsa_version; + ecdsa_private_key.version.len = sizeof ecdsa_version; + + /* validate public key value */ + ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key.ecParams, + &ecdsa_private_key.publicValue); + if (ecdsaStatus != SECSuccess) { + goto loser; + } + + /***************************************************/ + /* ECDSA Single-Round Known Answer Signature Test. */ + /***************************************************/ + + ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg); + if (ecdsaStatus != SECSuccess) { + goto loser; + } + digest.type = siBuffer; + digest.data = sha1; + digest.len = SHA1_LENGTH; + + memset(sig, 0, sizeof sig); + signature.type = siBuffer; + signature.data = sig; + signature.len = sizeof sig; + + ecdsaStatus = ECDSA_SignDigestWithSeed(&ecdsa_private_key, &signature, + &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed); + if (ecdsaStatus != SECSuccess) { + goto loser; + } + + if( ( signature.len != sizeof ecdsa_known_P256_signature ) || + ( PORT_Memcmp( signature.data, ecdsa_known_P256_signature, + sizeof ecdsa_known_P256_signature ) != 0 ) ) { + ecdsaStatus = SECFailure; + goto loser; + } + + /* construct public key from private key. */ + ecdsaStatus = EC_CopyParams(ecdsa_private_key.ecParams.arena, + &ecdsa_public_key.ecParams, + &ecdsa_private_key.ecParams); + if (ecdsaStatus != SECSuccess) { + goto loser; + } + ecdsa_public_key.publicValue = ecdsa_private_key.publicValue; + + /******************************************************/ + /* ECDSA Single-Round Known Answer Verification Test. */ + /******************************************************/ + + /* Perform ECDSA verification process. */ + ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest); + +loser: + /* free the memory for the private */ + if (ecdsa_private_key.ecParams.arena != NULL) { + PORT_FreeArena(ecdsa_private_key.ecParams.arena, PR_FALSE); + } + + if (ecdsaStatus != SECSuccess) { + return CKR_DEVICE_ERROR ; + } + return( CKR_OK ); +} +#endif /* NSS_ENABLE_ECC */ static CK_RV sftk_fips_DSA_PowerUpSelfTest( void ) @@ -1683,6 +1850,14 @@ sftk_fipsPowerUpSelfTest( void ) if( rv != CKR_OK ) return rv; + +#ifdef NSS_ENABLE_ECC + /* ECDSA Power-Up SelfTest(s). */ + rv = sftk_fips_ECDSA_PowerUpSelfTest(); + + if( rv != CKR_OK ) + return rv; +#endif /* Passed Power-Up SelfTest(s). */ return( CKR_OK );