static int testMessageDigest(NSSLOWInitContext *initCtx,
HASH_HashType algoType, unsigned int hashLen,
const unsigned char *message,
const PRUint8 expected[], PRUint8 results[])
{
NSSLOWHASHContext *ctx;
unsigned int len;
int rv = 0;
ctx = NSSLOWHASH_NewContext(initCtx, algoType);
if (ctx == NULL) {
SECU_PrintError(progName, "Couldn't get hash context\n");
return 1;
}
NSSLOWHASH_Begin(ctx);
NSSLOWHASH_Update(ctx, message, PORT_Strlen((const char *)message));
NSSLOWHASH_End(ctx, results, &len, hashLen);
PR_ASSERT(len == hashLen);
PR_ASSERT(PORT_Memcmp(expected, results, len) == 0);
if (PORT_Memcmp(expected, results, len) != 0) {
SECU_PrintError(progName, "Hash mismatch\n");
SECU_PrintBuf(stdout, "Expected: ", expected, hashLen);
SECU_PrintBuf(stdout, "Actual: ", results, len);
rv = 1;
}
NSSLOWHASH_Destroy(ctx);
NSSLOW_Shutdown(initCtx);
return rv;
}
static unsigned long
nss_SMIME_FindCipherForSMIMECap(NSSSMIMECapability *cap)
{
int i;
SECOidTag capIDTag;
/* we need the OIDTag here */
capIDTag = SECOID_FindOIDTag(&(cap->capabilityID));
/* go over all the SMIME ciphers we know and see if we find a match */
for (i = 0; i < smime_cipher_map_count; i++) {
if (smime_cipher_map[i].algtag != capIDTag)
continue;
/*
* XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
* 2 NULLs as equal and NULL and non-NULL as not equal), we could
* use that here instead of all of the following comparison code.
*/
if (cap->parameters.Data == NULL && smime_cipher_map[i].parms == NULL)
break; /* both empty: bingo */
if (cap->parameters.Data != NULL && smime_cipher_map[i].parms != NULL &&
cap->parameters.Length == smime_cipher_map[i].parms->Length &&
PORT_Memcmp (cap->parameters.Data, smime_cipher_map[i].parms->Data,
cap->parameters.Length) == 0)
{
break; /* both not empty, same length & equal content: bingo */
}
}
if (i == smime_cipher_map_count)
return 0; /* no match found */
else
return smime_cipher_map[i].cipher; /* match found, point to cipher */
}
static SECStatus
sftk_TLSPRFVerify(TLSPRFContext *cx,
unsigned char *sig, /* input, for comparison. */
unsigned int sigLen, /* length of sig. */
unsigned char *hash, /* data to be verified. */
unsigned int hashLen) /* size of hash data. */
{
unsigned char * tmp = (unsigned char *)PORT_Alloc(sigLen);
unsigned int tmpLen = sigLen;
SECStatus rv;
if (!tmp)
return SECFailure;
if (hashLen) {
/* hashLen is non-zero when the user does a one-step verify.
** In this case, none of the data has been input yet.
*/
sftk_TLSPRFHashUpdate(cx, hash, hashLen);
}
rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
if (rv == SECSuccess) {
rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen));
}
PORT_ZFree(tmp, sigLen);
return rv;
}
SECComparison
SECITEM_CompareItem(const SECItem *a, const SECItem *b)
{
unsigned m;
int rv;
if (a == b)
return SECEqual;
if (!a || !a->len || !a->data)
return (!b || !b->len || !b->data) ? SECEqual : SECLessThan;
if (!b || !b->len || !b->data)
return SECGreaterThan;
m = ( ( a->len < b->len ) ? a->len : b->len );
rv = PORT_Memcmp(a->data, b->data, m);
if (rv) {
return rv < 0 ? SECLessThan : SECGreaterThan;
}
if (a->len < b->len) {
return SECLessThan;
}
if (a->len == b->len) {
return SECEqual;
}
return SECGreaterThan;
}
/*
* this function locally records the user's preference
*/
SECStatus
SECMIME_EnableCipher(long which, int on)
{
unsigned long mask;
if (smime_newprefs == NULL || smime_prefs_complete) {
/*
* This is either the very first time, or we are starting over.
*/
smime_newprefs = (unsigned long*)PORT_ZAlloc (smime_symmetric_count
* sizeof(*smime_newprefs));
if (smime_newprefs == NULL)
return SECFailure;
smime_current_pref_index = 0;
smime_prefs_complete = PR_FALSE;
}
mask = which & CIPHER_FAMILYID_MASK;
if (mask == CIPHER_FAMILYID_MASK) {
/*
* This call signifies that all preferences have been set.
* Move "newprefs" over, after checking first whether or
* not the new ones are different from the old ones.
*/
if (smime_prefs != NULL) {
if (PORT_Memcmp (smime_prefs, smime_newprefs,
smime_symmetric_count * sizeof(*smime_prefs)) == 0)
smime_prefs_changed = PR_FALSE;
else
smime_prefs_changed = PR_TRUE;
PORT_Free (smime_prefs);
}
smime_prefs = smime_newprefs;
smime_prefs_complete = PR_TRUE;
return SECSuccess;
}
PORT_Assert (mask == CIPHER_FAMILYID_SMIME);
if (mask != CIPHER_FAMILYID_SMIME) {
/* XXX set an error! */
return SECFailure;
}
if (on) {
PORT_Assert (smime_current_pref_index < smime_symmetric_count);
if (smime_current_pref_index >= smime_symmetric_count) {
/* XXX set an error! */
return SECFailure;
}
smime_newprefs[smime_current_pref_index++] = which;
}
return SECSuccess;
}
void
sv_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m)
{
sv_PrintObjectID(out, &a->algorithm, m);
if ((a->parameters.len != 2) ||
(PORT_Memcmp(a->parameters.data, "\005\000", 2) != 0)) {
/* Print args to algorithm */
sv_PrintAsHex(out, &a->parameters, "Args=");
}
}
static int
test_long_message(NSSLOWInitContext *initCtx,
HASH_HashType algoType, unsigned int hashLen,
const PRUint8 expected[], PRUint8 results[])
{
unsigned int len, i, rv = 0;
NSSLOWHASHContext *ctx;
/* The message is meant to be 'a' repeated 1,000,000 times.
* This is too much to allocate on the stack so we will use a 1,000 char
* buffer and call update 1,000 times.
*/
unsigned char buf[1000];
(void)PORT_Memset(buf, 'a', sizeof(buf));
ctx = NSSLOWHASH_NewContext(initCtx, algoType);
if (ctx == NULL) {
SECU_PrintError(progName, "Couldn't get hash context\n");
return 1;
}
NSSLOWHASH_Begin(ctx);
for (i = 0; i < 1000; ++i) {
NSSLOWHASH_Update(ctx, buf, 1000);
}
NSSLOWHASH_End(ctx, results, &len, hashLen);
PR_ASSERT(len == hashLen);
PR_ASSERT(PORT_Memcmp(expected, results, hashLen) == 0);
if (PORT_Memcmp(expected, results, len) != 0) {
SECU_PrintError(progName, "Hash mismatch\n");
SECU_PrintBuf(stdout, "Expected: ", expected, hashLen);
SECU_PrintBuf(stdout, "Actual: ", results, len);
rv = 1;
}
NSSLOWHASH_Destroy(ctx);
NSSLOW_Shutdown(initCtx);
return rv;
}
static PRBool
IsP11KitProxyModule(SECMODModule *module)
{
CK_INFO modinfo;
static const char p11KitManufacturerID[33] =
"PKCS#11 Kit ";
static const char p11KitLibraryDescription[33] =
"PKCS#11 Kit Proxy Module ";
if (PK11_GetModInfo(module, &modinfo) == SECSuccess &&
PORT_Memcmp(modinfo.manufacturerID,
p11KitManufacturerID,
sizeof(modinfo.manufacturerID)) == 0 &&
PORT_Memcmp(modinfo.libraryDescription,
p11KitLibraryDescription,
sizeof(modinfo.libraryDescription)) == 0) {
return PR_TRUE;
}
return PR_FALSE;
}
Boolean
SECITEM_ItemsAreEqual(const SecAsn1Item *a, const SecAsn1Item *b)
{
if (a->Length != b->Length)
return PR_FALSE;
if (!a->Length)
return PR_TRUE;
if (!a->Data || !b->Data) {
/* avoid null pointer crash. */
return (Boolean)(a->Data == b->Data);
}
return (Boolean)!PORT_Memcmp(a->Data, b->Data, a->Length);
}
/*
* NSS_CMSAttribute_CompareValue - compare the attribute's first value against data
*/
PRBool
NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av)
{
SECItem *value;
if (attr == NULL)
return PR_FALSE;
value = NSS_CMSAttribute_GetValue(attr);
return (value != NULL && value->len == av->len &&
PORT_Memcmp (value->data, av->data, value->len) == 0);
}
/*
* SecCmsAttributeCompareValue - compare the attribute's first value against data
*/
Boolean
SecCmsAttributeCompareValue(SecCmsAttribute *attr, SecAsn1Item * av)
{
SecAsn1Item * value;
if (attr == NULL)
return PR_FALSE;
value = SecCmsAttributeGetValue(attr);
return (value != NULL && value->Length == av->Length &&
PORT_Memcmp (value->Data, av->Data, value->Length) == 0);
}
PRBool
SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b)
{
if (a->len != b->len)
return PR_FALSE;
if (!a->len)
return PR_TRUE;
if (!a->data || !b->data) {
/* avoid null pointer crash. */
return (PRBool)(a->data == b->data);
}
return (PRBool)!PORT_Memcmp(a->data, b->data, a->len);
}
/*
* SecCmsAttributeCompareValue - compare the attribute's first value against data
*/
Boolean
SecCmsAttributeCompareValue(SecCmsAttribute *attr, CSSM_DATA_PTR av)
{
CSSM_DATA_PTR value;
if (attr == NULL)
return PR_FALSE;
value = SecCmsAttributeGetValue(attr);
return (value != NULL && value->Length == av->Length &&
PORT_Memcmp (value->Data, av->Data, value->Length) == 0);
}
/*
* SecCmsAttributeArrayFindAttrByOidTag - look through a set of attributes and
* find one that matches the specified object ID.
*
* If "only" is true, then make sure that there is not more than one attribute
* of the same type. Otherwise, just return the first one found. (XXX Does
* anybody really want that first-found behavior? It was like that when I found it...)
*/
SecCmsAttribute *
SecCmsAttributeArrayFindAttrByOidTag(SecCmsAttribute **attrs, SECOidTag oidtag, Boolean only)
{
SECOidData *oid;
SecCmsAttribute *attr1, *attr2;
if (attrs == NULL)
return NULL;
oid = SECOID_FindOIDByTag(oidtag);
if (oid == NULL)
return NULL;
while ((attr1 = *attrs++) != NULL) {
if (attr1->type.Length == oid->oid.Length && PORT_Memcmp (attr1->type.Data,
oid->oid.Data,
oid->oid.Length) == 0)
break;
}
if (attr1 == NULL)
return NULL;
if (!only)
return attr1;
while ((attr2 = *attrs++) != NULL) {
if (attr2->type.Length == oid->oid.Length && PORT_Memcmp (attr2->type.Data,
oid->oid.Data,
oid->oid.Length) == 0)
break;
}
if (attr2 != NULL)
return NULL;
return attr1;
}
/*
* NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and
* find one that matches the specified object ID.
*
* If "only" is true, then make sure that there is not more than one attribute
* of the same type. Otherwise, just return the first one found. (XXX Does
* anybody really want that first-found behavior? It was like that when I found it...)
*/
NSSCMSAttribute *
NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only)
{
SECOidData *oid;
NSSCMSAttribute *attr1, *attr2;
if (attrs == NULL)
return NULL;
oid = SECOID_FindOIDByTag(oidtag);
if (oid == NULL)
return NULL;
while ((attr1 = *attrs++) != NULL) {
if (attr1->type.len == oid->oid.len && PORT_Memcmp (attr1->type.data,
oid->oid.data,
oid->oid.len) == 0)
break;
}
if (attr1 == NULL)
return NULL;
if (!only)
return attr1;
while ((attr2 = *attrs++) != NULL) {
if (attr2->type.len == oid->oid.len && PORT_Memcmp (attr2->type.data,
oid->oid.data,
oid->oid.len) == 0)
break;
}
if (attr2 != NULL)
return NULL;
return attr1;
}
SECComparison
SECITEM_CompareItem(const SecAsn1Item *a, const SecAsn1Item *b)
{
size_t m;
SECComparison rv;
m = ( ( a->Length < b->Length ) ? a->Length : b->Length );
rv = (SECComparison) PORT_Memcmp(a->Data, b->Data, m);
if (rv) {
return rv;
}
if (a->Length < b->Length) {
return SECLessThan;
}
if (a->Length == b->Length) {
return SECEqual;
}
return SECGreaterThan;
}
static void
smime_fill_capability(smime_capability *cap)
{
unsigned long cipher;
SECOidTag algtag;
int i;
algtag = SECOID_FindOIDTag(&(cap->capabilityID));
for (i = 0; i < smime_symmetric_count; i++) {
if (smime_cipher_maps[i].algtag != algtag)
continue;
/*
* XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
* 2 NULLs as equal and NULL and non-NULL as not equal), we could
* use that here instead of all of the following comparison code.
*/
if (cap->parameters.data != NULL) {
if (smime_cipher_maps[i].parms == NULL)
continue;
if (cap->parameters.len != smime_cipher_maps[i].parms->len)
continue;
if (PORT_Memcmp(cap->parameters.data,
smime_cipher_maps[i].parms->data,
cap->parameters.len) == 0)
break;
} else if (smime_cipher_maps[i].parms == NULL) {
break;
}
}
if (i == smime_symmetric_count)
cipher = 0;
else
cipher = smime_cipher_maps[i].cipher;
cap->cipher = cipher;
cap->capIDTag = algtag;
}
/*
* This function expands the internal state of the prng to fulfill any number
* of bytes we need for this request. We only use this call if we need more
* than can be supplied by a single call to SHA256_HashBuf.
*
* This function is specified in NIST SP 800-90 section 10.1.1.4, Hashgen
*/
static void
prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes,
unsigned int no_of_returned_bytes)
{
PRUint8 data[VSize(rng)];
PRUint8 thisHash[SHA256_LENGTH];
PRUint8 *lastHash = rng->lastOutput;
PORT_Memcpy(data, V(rng), VSize(rng));
while (no_of_returned_bytes) {
SHA256Context ctx;
unsigned int len;
unsigned int carry;
SHA256_Begin(&ctx);
SHA256_Update(&ctx, data, sizeof data);
SHA256_End(&ctx, thisHash, &len, SHA256_LENGTH);
if (PORT_Memcmp(lastHash, thisHash, len) == 0) {
rng->isValid = PR_FALSE;
break;
}
if (no_of_returned_bytes < SHA256_LENGTH) {
len = no_of_returned_bytes;
}
PORT_Memcpy(returned_bytes, thisHash, len);
lastHash = returned_bytes;
returned_bytes += len;
no_of_returned_bytes -= len;
/* The carry parameter is a bool (increment or not).
* This increments data if no_of_returned_bytes is not zero */
carry = no_of_returned_bytes;
PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry);
}
PORT_Memcpy(rng->lastOutput, thisHash, SHA256_LENGTH);
PORT_Memset(data, 0, sizeof data);
PORT_Memset(thisHash, 0, sizeof thisHash);
}
SECStatus
ssl_SelfEncryptUnprotectInt(
PK11SymKey *encKey, PK11SymKey *macKey, const unsigned char *keyName,
const PRUint8 *in, unsigned int inLen,
PRUint8 *out, unsigned int *outLen, unsigned int maxOutLen)
{
sslReader reader = SSL_READER(in, inLen);
sslReadBuffer encodedKeyNameBuffer = { 0 };
SECStatus rv = sslRead_Read(&reader, SELF_ENCRYPT_KEY_NAME_LEN,
&encodedKeyNameBuffer);
if (rv != SECSuccess) {
return SECFailure;
}
sslReadBuffer ivBuffer = { 0 };
rv = sslRead_Read(&reader, AES_BLOCK_SIZE, &ivBuffer);
if (rv != SECSuccess) {
return SECFailure;
}
PRUint64 cipherTextLen = 0;
rv = sslRead_ReadNumber(&reader, 2, &cipherTextLen);
if (rv != SECSuccess) {
return SECFailure;
}
sslReadBuffer cipherTextBuffer = { 0 };
rv = sslRead_Read(&reader, (unsigned int)cipherTextLen, &cipherTextBuffer);
if (rv != SECSuccess) {
return SECFailure;
}
unsigned int bytesToMac = reader.offset;
sslReadBuffer encodedMacBuffer = { 0 };
rv = sslRead_Read(&reader, SHA256_LENGTH, &encodedMacBuffer);
if (rv != SECSuccess) {
return SECFailure;
}
/* Make sure we're at the end of the block. */
if (reader.offset != reader.buf.len) {
PORT_SetError(SEC_ERROR_BAD_DATA);
return SECFailure;
}
/* Now that everything is decoded, we can make progress. */
/* 1. Check that we have the right key. */
if (PORT_Memcmp(keyName, encodedKeyNameBuffer.buf, SELF_ENCRYPT_KEY_NAME_LEN)) {
PORT_SetError(SEC_ERROR_NOT_A_RECIPIENT);
return SECFailure;
}
/* 2. Check the MAC */
unsigned char computedMac[SHA256_LENGTH];
unsigned int computedMacLen = 0;
rv = ssl_MacBuffer(macKey, CKM_SHA256_HMAC, in, bytesToMac,
computedMac, &computedMacLen, sizeof(computedMac));
if (rv != SECSuccess) {
return SECFailure;
}
PORT_Assert(computedMacLen == SHA256_LENGTH);
if (NSS_SecureMemcmp(computedMac, encodedMacBuffer.buf, computedMacLen) != 0) {
PORT_SetError(SEC_ERROR_BAD_DATA);
return SECFailure;
}
/* 3. OK, it verifies, now decrypt. */
SECItem ivItem = { siBuffer, (unsigned char *)ivBuffer.buf, AES_BLOCK_SIZE };
rv = PK11_Decrypt(encKey, CKM_AES_CBC_PAD, &ivItem,
out, outLen, maxOutLen, cipherTextBuffer.buf, cipherTextLen);
if (rv != SECSuccess) {
return SECFailure;
}
return SECSuccess;
}
/***************************************************************************
*
* v e r i f y _ g l o b a l
*/
static int
verify_global(JAR *jar)
{
FILE *fp;
JAR_Context *ctx;
JAR_Item *it;
JAR_Digest *globaldig;
char *ext;
unsigned char *md5_digest, *sha1_digest;
unsigned int sha1_length, md5_length;
int retval = 0;
char buf[BUFSIZ];
ctx = JAR_find(jar, "*", jarTypePhy);
while (JAR_find_next(ctx, &it) >= 0) {
if (!PORT_Strncmp(it->pathname, "META-INF", 8)) {
for (ext = it->pathname; *ext; ext++)
;
while (ext > it->pathname && *ext != '.')
ext--;
if (verbosity >= 0) {
if (!PORT_Strcasecmp(ext, ".rsa")) {
PR_fprintf(outputFD, "found a RSA signature file: %s\n",
it->pathname);
}
if (!PORT_Strcasecmp(ext, ".dsa")) {
PR_fprintf(outputFD, "found a DSA signature file: %s\n",
it->pathname);
}
if (!PORT_Strcasecmp(ext, ".mf")) {
PR_fprintf(outputFD,
"found a MF master manifest file: %s\n",
it->pathname);
}
}
if (!PORT_Strcasecmp(ext, ".sf")) {
if (verbosity >= 0) {
PR_fprintf(outputFD,
"found a SF signature manifest file: %s\n",
it->pathname);
}
rm_dash_r(TMP_OUTPUT);
if (JAR_extract(jar, it->pathname, TMP_OUTPUT) < 0) {
PR_fprintf(errorFD, "%s: error extracting %s\n",
PROGRAM_NAME, it->pathname);
errorCount++;
retval = -1;
continue;
}
md5_digest = NULL;
sha1_digest = NULL;
if ((fp = fopen(TMP_OUTPUT, "rb")) != NULL) {
while (fgets(buf, BUFSIZ, fp)) {
char *s;
if (*buf == 0 || *buf == '\n' || *buf == '\r')
break;
for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
;
*s = 0;
if (!PORT_Strncmp(buf, "MD5-Digest: ", 12)) {
md5_digest =
ATOB_AsciiToData(buf + 12, &md5_length);
}
if (!PORT_Strncmp(buf, "SHA1-Digest: ", 13)) {
sha1_digest =
ATOB_AsciiToData(buf + 13, &sha1_length);
}
if (!PORT_Strncmp(buf, "SHA-Digest: ", 12)) {
sha1_digest =
ATOB_AsciiToData(buf + 12, &sha1_length);
}
}
globaldig = jar->globalmeta;
if (globaldig && md5_digest && verbosity >= 0) {
PR_fprintf(outputFD,
" md5 digest on global metainfo: %s\n",
PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
? "no match"
: "match");
}
if (globaldig && sha1_digest && verbosity >= 0) {
PR_fprintf(outputFD,
" sha digest on global metainfo: %s\n",
PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
? "no match"
: "match");
}
if (globaldig == NULL && verbosity >= 0) {
PR_fprintf(outputFD,
"global metadigest is not available, strange.\n");
}
PORT_Free(md5_digest);
PORT_Free(sha1_digest);
fclose(fp);
}
}
}
}
JAR_find_end(ctx);
return retval;
}
NSS_IMPLEMENT NSSTrust *
nssTrust_Create (
nssPKIObject *object,
NSSItem *certData
)
{
PRStatus status;
PRUint32 i;
PRUint32 lastTrustOrder, myTrustOrder;
unsigned char sha1_hashcmp[SHA1_LENGTH];
unsigned char sha1_hashin[SHA1_LENGTH];
NSSItem sha1_hash;
NSSTrust *rvt;
nssCryptokiObject *instance;
nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection;
SECStatus rv; /* Should be stan flavor */
PRBool stepUp;
lastTrustOrder = 1<<16; /* just make it big */
PR_ASSERT(object->instances != NULL && object->numInstances > 0);
rvt = nss_ZNEW(object->arena, NSSTrust);
if (!rvt) {
return (NSSTrust *)NULL;
}
rvt->object = *object;
/* should be stan flavor of Hashbuf */
rv = PK11_HashBuf(SEC_OID_SHA1,sha1_hashcmp,certData->data,certData->size);
if (rv != SECSuccess) {
return (NSSTrust *)NULL;
}
sha1_hash.data = sha1_hashin;
sha1_hash.size = sizeof (sha1_hashin);
/* trust has to peek into the base object members */
nssPKIObject_Lock(object);
for (i=0; i<object->numInstances; i++) {
instance = object->instances[i];
myTrustOrder = nssToken_GetTrustOrder(instance->token);
status = nssCryptokiTrust_GetAttributes(instance, NULL,
&sha1_hash,
&serverAuth,
&clientAuth,
&codeSigning,
&emailProtection,
&stepUp);
if (status != PR_SUCCESS) {
nssPKIObject_Unlock(object);
return (NSSTrust *)NULL;
}
if (PORT_Memcmp(sha1_hashin,sha1_hashcmp,SHA1_LENGTH) != 0) {
nssPKIObject_Unlock(object);
return (NSSTrust *)NULL;
}
if (rvt->serverAuth == nssTrustLevel_Unknown ||
myTrustOrder < lastTrustOrder)
{
rvt->serverAuth = serverAuth;
}
if (rvt->clientAuth == nssTrustLevel_Unknown ||
myTrustOrder < lastTrustOrder)
{
rvt->clientAuth = clientAuth;
}
if (rvt->emailProtection == nssTrustLevel_Unknown ||
myTrustOrder < lastTrustOrder)
{
rvt->emailProtection = emailProtection;
}
if (rvt->codeSigning == nssTrustLevel_Unknown ||
myTrustOrder < lastTrustOrder)
{
rvt->codeSigning = codeSigning;
}
rvt->stepUpApproved = stepUp;
lastTrustOrder = myTrustOrder;
}
nssPKIObject_Unlock(object);
return rvt;
}
SECStatus
PRNGTEST_RunHealthTests()
{
static const PRUint8 entropy[] = {
0x8e,0x9c,0x0d,0x25,0x75,0x22,0x04,0xf9,
0xc5,0x79,0x10,0x8b,0x23,0x79,0x37,0x14,
0x9f,0x2c,0xc7,0x0b,0x39,0xf8,0xee,0xef,
0x95,0x0c,0x97,0x59,0xfc,0x0a,0x85,0x41,
0x76,0x9d,0x6d,0x67,0x00,0x4e,0x19,0x12,
0x02,0x16,0x53,0xea,0xf2,0x73,0xd7,0xd6,
0x7f,0x7e,0xc8,0xae,0x9c,0x09,0x99,0x7d,
0xbb,0x9e,0x48,0x7f,0xbb,0x96,0x46,0xb3,
0x03,0x75,0xf8,0xc8,0x69,0x45,0x3f,0x97,
0x5e,0x2e,0x48,0xe1,0x5d,0x58,0x97,0x4c };
static const PRUint8 rng_known_result[] = {
0x16,0xe1,0x8c,0x57,0x21,0xd8,0xf1,0x7e,
0x5a,0xa0,0x16,0x0b,0x7e,0xa6,0x25,0xb4,
0x24,0x19,0xdb,0x54,0xfa,0x35,0x13,0x66,
0xbb,0xaa,0x2a,0x1b,0x22,0x33,0x2e,0x4a,
0x14,0x07,0x9d,0x52,0xfc,0x73,0x61,0x48,
0xac,0xc1,0x22,0xfc,0xa4,0xfc,0xac,0xa4,
0xdb,0xda,0x5b,0x27,0x33,0xc4,0xb3 };
static const PRUint8 reseed_entropy[] = {
0xc6,0x0b,0x0a,0x30,0x67,0x07,0xf4,0xe2,
0x24,0xa7,0x51,0x6f,0x5f,0x85,0x3e,0x5d,
0x67,0x97,0xb8,0x3b,0x30,0x9c,0x7a,0xb1,
0x52,0xc6,0x1b,0xc9,0x46,0xa8,0x62,0x79 };
static const PRUint8 additional_input[] = {
0x86,0x82,0x28,0x98,0xe7,0xcb,0x01,0x14,
0xae,0x87,0x4b,0x1d,0x99,0x1b,0xc7,0x41,
0x33,0xff,0x33,0x66,0x40,0x95,0x54,0xc6,
0x67,0x4d,0x40,0x2a,0x1f,0xf9,0xeb,0x65 };
static const PRUint8 rng_reseed_result[] = {
0x02,0x0c,0xc6,0x17,0x86,0x49,0xba,0xc4,
0x7b,0x71,0x35,0x05,0xf0,0xdb,0x4a,0xc2,
0x2c,0x38,0xc1,0xa4,0x42,0xe5,0x46,0x4a,
0x7d,0xf0,0xbe,0x47,0x88,0xb8,0x0e,0xc6,
0x25,0x2b,0x1d,0x13,0xef,0xa6,0x87,0x96,
0xa3,0x7d,0x5b,0x80,0xc2,0x38,0x76,0x61,
0xc7,0x80,0x5d,0x0f,0x05,0x76,0x85 };
static const PRUint8 rng_no_reseed_result[] = {
0xc4,0x40,0x41,0x8c,0xbf,0x2f,0x70,0x23,
0x88,0xf2,0x7b,0x30,0xc3,0xca,0x1e,0xf3,
0xef,0x53,0x81,0x5d,0x30,0xed,0x4c,0xf1,
0xff,0x89,0xa5,0xee,0x92,0xf8,0xc0,0x0f,
0x88,0x53,0xdf,0xb6,0x76,0xf0,0xaa,0xd3,
0x2e,0x1d,0x64,0x37,0x3e,0xe8,0x4a,0x02,
0xff,0x0a,0x7f,0xe5,0xe9,0x2b,0x6d };
SECStatus rng_status = SECSuccess;
PR_STATIC_ASSERT(sizeof(rng_known_result) >= sizeof(rng_reseed_result));
PRUint8 result[sizeof(rng_known_result)];
/********************************************/
/* First test instantiate error path. */
/* In this case we supply enough entropy, */
/* but not enough seed. This will trigger */
/* the code that checks for a entropy */
/* source failure. */
/********************************************/
rng_status = PRNGTEST_Instantiate(entropy, 256/PR_BITS_PER_BYTE,
NULL, 0, NULL, 0);
if (rng_status == SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* we failed with the proper error code, we can continue */
/********************************************/
/* Generate random bytes with a known seed. */
/********************************************/
rng_status = PRNGTEST_Instantiate(entropy, sizeof entropy,
NULL, 0, NULL, 0);
if (rng_status != SECSuccess) {
/* Error set by PRNGTEST_Instantiate */
return SECFailure;
}
rng_status = PRNGTEST_Generate(result, sizeof rng_known_result, NULL, 0);
if ( ( rng_status != SECSuccess) ||
( PORT_Memcmp( result, rng_known_result,
sizeof rng_known_result ) != 0 ) ) {
PRNGTEST_Uninstantiate();
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
rng_status = PRNGTEST_Reseed(reseed_entropy, sizeof reseed_entropy,
additional_input, sizeof additional_input);
if (rng_status != SECSuccess) {
/* Error set by PRNG_Reseed */
PRNGTEST_Uninstantiate();
return SECFailure;
}
rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0);
if ( ( rng_status != SECSuccess) ||
( PORT_Memcmp( result, rng_reseed_result,
sizeof rng_reseed_result ) != 0 ) ) {
PRNGTEST_Uninstantiate();
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* This magic forces the reseed count to it's max count, so we can see if
* PRNGTEST_Generate will actually when it reaches it's count */
rng_status = PRNGTEST_Reseed(NULL, 0, NULL, 0);
if (rng_status != SECSuccess) {
PRNGTEST_Uninstantiate();
/* Error set by PRNG_Reseed */
return SECFailure;
}
/* This generate should now reseed */
rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0);
if ( ( rng_status != SECSuccess) ||
/* NOTE we fail if the result is equal to the no_reseed_result.
* no_reseed_result is the value we would have gotten if we didn't
* do an automatic reseed in PRNGTEST_Generate */
( PORT_Memcmp( result, rng_no_reseed_result,
sizeof rng_no_reseed_result ) == 0 ) ) {
PRNGTEST_Uninstantiate();
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* make sure reseed fails when we don't supply enough entropy */
rng_status = PRNGTEST_Reseed(reseed_entropy, 4, NULL, 0);
if (rng_status == SECSuccess) {
PRNGTEST_Uninstantiate();
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) {
PRNGTEST_Uninstantiate();
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
rng_status = PRNGTEST_Uninstantiate();
if (rng_status != SECSuccess) {
/* Error set by PRNG_Uninstantiate */
return rng_status;
}
/* make sure uninstantiate fails if the contest is not initiated (also tests
* if the context was cleared in the previous Uninstantiate) */
rng_status = PRNGTEST_Uninstantiate();
if (rng_status == SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
if (PORT_GetError() != SEC_ERROR_LIBRARY_FAILURE) {
return rng_status;
}
return SECSuccess;
}
NSS_IMPLEMENT NSSTrust *
nssTrust_Create (
nssPKIObject *object,
NSSItem *certData
)
{
PRStatus status;
PRUint32 i;
PRUint32 lastTrustOrder, myTrustOrder;
unsigned char sha1_hashcmp[SHA1_LENGTH];
unsigned char sha1_hashin[SHA1_LENGTH];
NSSItem sha1_hash;
NSSTrust *rvt;
nssCryptokiObject *instance;
nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection;
SECStatus rv; /* Should be stan flavor */
PRBool stepUp;
lastTrustOrder = 1<<16; /* just make it big */
PR_ASSERT(object->instances != NULL && object->numInstances > 0);
rvt = nss_ZNEW(object->arena, NSSTrust);
if (!rvt) {
return (NSSTrust *)NULL;
}
rvt->object = *object;
/* should be stan flavor of Hashbuf */
rv = PK11_HashBuf(SEC_OID_SHA1,sha1_hashcmp,certData->data,certData->size);
if (rv != SECSuccess) {
return (NSSTrust *)NULL;
}
sha1_hash.data = sha1_hashin;
sha1_hash.size = sizeof (sha1_hashin);
/* trust has to peek into the base object members */
nssPKIObject_Lock(object);
for (i=0; i<object->numInstances; i++) {
instance = object->instances[i];
myTrustOrder = nssToken_GetTrustOrder(instance->token);
status = nssCryptokiTrust_GetAttributes(instance, NULL,
&sha1_hash,
&serverAuth,
&clientAuth,
&codeSigning,
&emailProtection,
&stepUp);
if (status != PR_SUCCESS) {
nssPKIObject_Unlock(object);
return (NSSTrust *)NULL;
}
/* if no hash is specified, then trust applies to all certs with
* this issuer/SN. NOTE: This is only true for entries that
* have distrust and unknown record */
if (!(
/* we continue if there is no hash, and the trust type is
* safe to accept without a hash ... or ... */
((sha1_hash.size == 0) &&
nssTrust_IsSafeToIgnoreCertHash(serverAuth,clientAuth,
codeSigning, emailProtection,stepUp))
||
/* we have a hash of the correct size, and it matches */
((sha1_hash.size == SHA1_LENGTH) && (PORT_Memcmp(sha1_hashin,
sha1_hashcmp,SHA1_LENGTH) == 0)) )) {
nssPKIObject_Unlock(object);
return (NSSTrust *)NULL;
}
if (rvt->serverAuth == nssTrustLevel_Unknown ||
myTrustOrder < lastTrustOrder)
{
rvt->serverAuth = serverAuth;
}
if (rvt->clientAuth == nssTrustLevel_Unknown ||
myTrustOrder < lastTrustOrder)
{
rvt->clientAuth = clientAuth;
}
if (rvt->emailProtection == nssTrustLevel_Unknown ||
myTrustOrder < lastTrustOrder)
{
rvt->emailProtection = emailProtection;
}
if (rvt->codeSigning == nssTrustLevel_Unknown ||
myTrustOrder < lastTrustOrder)
{
rvt->codeSigning = codeSigning;
}
rvt->stepUpApproved = stepUp;
lastTrustOrder = myTrustOrder;
}
nssPKIObject_Unlock(object);
return rvt;
}
/*
* Test the softoken RSA_HashSign and RSH_HashCheckSign.
*/
static SECStatus
sftk_fips_RSA_PowerUpSigSelfTest(HASH_HashType shaAlg,
NSSLOWKEYPublicKey *rsa_public_key,
NSSLOWKEYPrivateKey *rsa_private_key,
const unsigned char *rsa_known_msg,
const unsigned int rsa_kmsg_length,
const unsigned char *rsa_known_signature)
{
SECOidTag shaOid; /* SHA OID */
unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
unsigned int shaLength = 0; /* length of SHA */
unsigned int rsa_bytes_signed;
unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
SECStatus rv;
if (shaAlg == HASH_AlgSHA1) {
if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
goto loser;
}
shaLength = SHA1_LENGTH;
shaOid = SEC_OID_SHA1;
} else if (shaAlg == HASH_AlgSHA256) {
if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
goto loser;
}
shaLength = SHA256_LENGTH;
shaOid = SEC_OID_SHA256;
} else if (shaAlg == HASH_AlgSHA384) {
if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
goto loser;
}
shaLength = SHA384_LENGTH;
shaOid = SEC_OID_SHA384;
} else if (shaAlg == HASH_AlgSHA512) {
if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
goto loser;
}
shaLength = SHA512_LENGTH;
shaOid = SEC_OID_SHA512;
} else {
goto loser;
}
/*************************************************/
/* RSA Single-Round Known Answer Signature Test. */
/*************************************************/
/* Perform RSA signature with the RSA private key. */
rv = RSA_HashSign(shaOid,
rsa_private_key,
rsa_computed_signature,
&rsa_bytes_signed,
FIPS_RSA_SIGNATURE_LENGTH,
sha,
shaLength);
if ((rv != SECSuccess) ||
(rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH) ||
(PORT_Memcmp(rsa_computed_signature, rsa_known_signature,
FIPS_RSA_SIGNATURE_LENGTH) != 0)) {
goto loser;
}
/****************************************************/
/* RSA Single-Round Known Answer Verification Test. */
/****************************************************/
/* Perform RSA verification with the RSA public key. */
rv = RSA_HashCheckSign(shaOid,
rsa_public_key,
rsa_computed_signature,
rsa_bytes_signed,
sha,
shaLength);
if (rv != SECSuccess) {
goto loser;
}
return (SECSuccess);
loser:
return (SECFailure);
}