Beispiel #1
0
static int testMessageDigest(NSSLOWInitContext *initCtx,
	HASH_HashType algoType, unsigned int hashLen,
	const unsigned char *message,
	const PRUint8 expected[], PRUint8 results[])
{
    NSSLOWHASHContext *ctx;
    unsigned int len;
    int rv = 0;

    ctx = NSSLOWHASH_NewContext(initCtx, algoType);
    if (ctx == NULL) {
    	SECU_PrintError(progName, "Couldn't get hash context\n");
	return 1;
    }

    NSSLOWHASH_Begin(ctx);
    NSSLOWHASH_Update(ctx, message, PORT_Strlen((const char *)message));
    NSSLOWHASH_End(ctx, results, &len, hashLen);
    PR_ASSERT(len == hashLen);
    PR_ASSERT(PORT_Memcmp(expected, results, len) == 0);

    if (PORT_Memcmp(expected, results, len) != 0) {
  	SECU_PrintError(progName, "Hash mismatch\n");
	SECU_PrintBuf(stdout, "Expected: ", expected, hashLen);
	SECU_PrintBuf(stdout, "Actual:   ", results, len);
	rv = 1;
    }

    NSSLOWHASH_Destroy(ctx);
    NSSLOW_Shutdown(initCtx);

    return rv;
}
Beispiel #2
0
static unsigned long
nss_SMIME_FindCipherForSMIMECap(NSSSMIMECapability *cap)
{
    int i;
    SECOidTag capIDTag;

    /* we need the OIDTag here */
    capIDTag = SECOID_FindOIDTag(&(cap->capabilityID));

    /* go over all the SMIME ciphers we know and see if we find a match */
    for (i = 0; i < smime_cipher_map_count; i++) {
	if (smime_cipher_map[i].algtag != capIDTag)
	    continue;
	/*
	 * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
	 * 2 NULLs as equal and NULL and non-NULL as not equal), we could
	 * use that here instead of all of the following comparison code.
	 */
	if (cap->parameters.Data == NULL && smime_cipher_map[i].parms == NULL)
	    break;	/* both empty: bingo */

	if (cap->parameters.Data != NULL && smime_cipher_map[i].parms != NULL &&
	    cap->parameters.Length == smime_cipher_map[i].parms->Length &&
	    PORT_Memcmp (cap->parameters.Data, smime_cipher_map[i].parms->Data,
			     cap->parameters.Length) == 0)
	{
	    break;	/* both not empty, same length & equal content: bingo */
	}
    }

    if (i == smime_cipher_map_count)
	return 0;				/* no match found */
    else
	return smime_cipher_map[i].cipher;	/* match found, point to cipher */
}
static SECStatus
sftk_TLSPRFVerify(TLSPRFContext *cx, 
                  unsigned char *sig, 		/* input, for comparison. */
		  unsigned int   sigLen,	/* length of sig.         */
		  unsigned char *hash, 		/* data to be verified.   */
		  unsigned int   hashLen)	/* size of hash data.     */
{
    unsigned char * tmp    = (unsigned char *)PORT_Alloc(sigLen);
    unsigned int    tmpLen = sigLen;
    SECStatus       rv;

    if (!tmp)
    	return SECFailure;
    if (hashLen) {
    	/* hashLen is non-zero when the user does a one-step verify.
	** In this case, none of the data has been input yet.
	*/
    	sftk_TLSPRFHashUpdate(cx, hash, hashLen);
    }
    rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
    if (rv == SECSuccess) {
    	rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen));
    }
    PORT_ZFree(tmp, sigLen);
    return rv;
}
Beispiel #4
0
SECComparison
SECITEM_CompareItem(const SECItem *a, const SECItem *b)
{
    unsigned m;
    int rv;

    if (a == b)
    	return SECEqual;
    if (!a || !a->len || !a->data) 
        return (!b || !b->len || !b->data) ? SECEqual : SECLessThan;
    if (!b || !b->len || !b->data) 
    	return SECGreaterThan;

    m = ( ( a->len < b->len ) ? a->len : b->len );
    
    rv = PORT_Memcmp(a->data, b->data, m);
    if (rv) {
	return rv < 0 ? SECLessThan : SECGreaterThan;
    }
    if (a->len < b->len) {
	return SECLessThan;
    }
    if (a->len == b->len) {
	return SECEqual;
    }
    return SECGreaterThan;
}
Beispiel #5
0
/*
 * this function locally records the user's preference
 */
SECStatus 
SECMIME_EnableCipher(long which, int on)
{
    unsigned long mask;

    if (smime_newprefs == NULL || smime_prefs_complete) {
	/*
	 * This is either the very first time, or we are starting over.
	 */
	smime_newprefs = (unsigned long*)PORT_ZAlloc (smime_symmetric_count
				      * sizeof(*smime_newprefs));
	if (smime_newprefs == NULL)
	    return SECFailure;
	smime_current_pref_index = 0;
	smime_prefs_complete = PR_FALSE;
    }

    mask = which & CIPHER_FAMILYID_MASK;
    if (mask == CIPHER_FAMILYID_MASK) {
    	/*
	 * This call signifies that all preferences have been set.
	 * Move "newprefs" over, after checking first whether or
	 * not the new ones are different from the old ones.
	 */
	if (smime_prefs != NULL) {
	    if (PORT_Memcmp (smime_prefs, smime_newprefs,
			     smime_symmetric_count * sizeof(*smime_prefs)) == 0)
		smime_prefs_changed = PR_FALSE;
	    else
		smime_prefs_changed = PR_TRUE;
	    PORT_Free (smime_prefs);
	}

	smime_prefs = smime_newprefs;
	smime_prefs_complete = PR_TRUE;
	return SECSuccess;
    }

    PORT_Assert (mask == CIPHER_FAMILYID_SMIME);
    if (mask != CIPHER_FAMILYID_SMIME) {
	/* XXX set an error! */
    	return SECFailure;
    }

    if (on) {
	PORT_Assert (smime_current_pref_index < smime_symmetric_count);
	if (smime_current_pref_index >= smime_symmetric_count) {
	    /* XXX set an error! */
	    return SECFailure;
	}

	smime_newprefs[smime_current_pref_index++] = which;
    }

    return SECSuccess;
}
Beispiel #6
0
void
sv_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m)
{
    sv_PrintObjectID(out, &a->algorithm, m);

    if ((a->parameters.len != 2) ||
        (PORT_Memcmp(a->parameters.data, "\005\000", 2) != 0)) {
        /* Print args to algorithm */
        sv_PrintAsHex(out, &a->parameters, "Args=");
    }
}
Beispiel #7
0
static int
test_long_message(NSSLOWInitContext *initCtx,
                  HASH_HashType algoType, unsigned int hashLen,
                  const PRUint8 expected[], PRUint8 results[])
{
    unsigned int len, i, rv = 0;
    NSSLOWHASHContext *ctx;

    /* The message is meant to be 'a' repeated 1,000,000 times.
     * This is too much to allocate on the stack so we will use a 1,000 char
     * buffer and call update 1,000 times.
     */
    unsigned char buf[1000];
    (void)PORT_Memset(buf, 'a', sizeof(buf));

    ctx = NSSLOWHASH_NewContext(initCtx, algoType);
    if (ctx == NULL) {
        SECU_PrintError(progName, "Couldn't get hash context\n");
        return 1;
    }

    NSSLOWHASH_Begin(ctx);
    for (i = 0; i < 1000; ++i) {
        NSSLOWHASH_Update(ctx, buf, 1000);
    }

    NSSLOWHASH_End(ctx, results, &len, hashLen);
    PR_ASSERT(len == hashLen);
    PR_ASSERT(PORT_Memcmp(expected, results, hashLen) == 0);
    if (PORT_Memcmp(expected, results, len) != 0) {
        SECU_PrintError(progName, "Hash mismatch\n");
        SECU_PrintBuf(stdout, "Expected: ", expected, hashLen);
        SECU_PrintBuf(stdout, "Actual:   ", results, len);
        rv = 1;
    }

    NSSLOWHASH_Destroy(ctx);
    NSSLOW_Shutdown(initCtx);

    return rv;
}
Beispiel #8
0
static PRBool
IsP11KitProxyModule(SECMODModule *module)
{
    CK_INFO modinfo;
    static const char p11KitManufacturerID[33] =
        "PKCS#11 Kit                     ";
    static const char p11KitLibraryDescription[33] =
        "PKCS#11 Kit Proxy Module        ";

    if (PK11_GetModInfo(module, &modinfo) == SECSuccess &&
        PORT_Memcmp(modinfo.manufacturerID,
                    p11KitManufacturerID,
                    sizeof(modinfo.manufacturerID)) == 0 &&
        PORT_Memcmp(modinfo.libraryDescription,
                    p11KitLibraryDescription,
                    sizeof(modinfo.libraryDescription)) == 0) {
        return PR_TRUE;
    }

    return PR_FALSE;
}
Boolean
SECITEM_ItemsAreEqual(const SecAsn1Item *a, const SecAsn1Item *b)
{
    if (a->Length != b->Length)
        return PR_FALSE;
    if (!a->Length)
    	return PR_TRUE;
    if (!a->Data || !b->Data) {
        /* avoid null pointer crash. */
		return (Boolean)(a->Data == b->Data);
    }
    return (Boolean)!PORT_Memcmp(a->Data, b->Data, a->Length);
}
Beispiel #10
0
/*
 * NSS_CMSAttribute_CompareValue - compare the attribute's first value against data
 */
PRBool
NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av)
{
    SECItem *value;
    
    if (attr == NULL)
	return PR_FALSE;

    value = NSS_CMSAttribute_GetValue(attr);

    return (value != NULL && value->len == av->len &&
	PORT_Memcmp (value->data, av->data, value->len) == 0);
}
/*
 * SecCmsAttributeCompareValue - compare the attribute's first value against data
 */
Boolean
SecCmsAttributeCompareValue(SecCmsAttribute *attr, SecAsn1Item * av)
{
    SecAsn1Item * value;
    
    if (attr == NULL)
	return PR_FALSE;

    value = SecCmsAttributeGetValue(attr);

    return (value != NULL && value->Length == av->Length &&
	PORT_Memcmp (value->Data, av->Data, value->Length) == 0);
}
Beispiel #12
0
PRBool
SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b)
{
    if (a->len != b->len)
        return PR_FALSE;
    if (!a->len)
    	return PR_TRUE;
    if (!a->data || !b->data) {
        /* avoid null pointer crash. */
	return (PRBool)(a->data == b->data);
    }
    return (PRBool)!PORT_Memcmp(a->data, b->data, a->len);
}
/*
 * SecCmsAttributeCompareValue - compare the attribute's first value against data
 */
Boolean
SecCmsAttributeCompareValue(SecCmsAttribute *attr, CSSM_DATA_PTR av)
{
    CSSM_DATA_PTR value;
    
    if (attr == NULL)
	return PR_FALSE;

    value = SecCmsAttributeGetValue(attr);

    return (value != NULL && value->Length == av->Length &&
	PORT_Memcmp (value->Data, av->Data, value->Length) == 0);
}
/*
 * SecCmsAttributeArrayFindAttrByOidTag - look through a set of attributes and
 * find one that matches the specified object ID.
 *
 * If "only" is true, then make sure that there is not more than one attribute
 * of the same type.  Otherwise, just return the first one found. (XXX Does
 * anybody really want that first-found behavior?  It was like that when I found it...)
 */
SecCmsAttribute *
SecCmsAttributeArrayFindAttrByOidTag(SecCmsAttribute **attrs, SECOidTag oidtag, Boolean only)
{
    SECOidData *oid;
    SecCmsAttribute *attr1, *attr2;

    if (attrs == NULL)
	return NULL;

    oid = SECOID_FindOIDByTag(oidtag);
    if (oid == NULL)
	return NULL;

    while ((attr1 = *attrs++) != NULL) {
	if (attr1->type.Length == oid->oid.Length && PORT_Memcmp (attr1->type.Data,
							    oid->oid.Data,
							    oid->oid.Length) == 0)
	    break;
    }

    if (attr1 == NULL)
	return NULL;

    if (!only)
	return attr1;

    while ((attr2 = *attrs++) != NULL) {
	if (attr2->type.Length == oid->oid.Length && PORT_Memcmp (attr2->type.Data,
							    oid->oid.Data,
							    oid->oid.Length) == 0)
	    break;
    }

    if (attr2 != NULL)
	return NULL;

    return attr1;
}
Beispiel #15
0
/*
 * NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and
 * find one that matches the specified object ID.
 *
 * If "only" is true, then make sure that there is not more than one attribute
 * of the same type.  Otherwise, just return the first one found. (XXX Does
 * anybody really want that first-found behavior?  It was like that when I found it...)
 */
NSSCMSAttribute *
NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only)
{
    SECOidData *oid;
    NSSCMSAttribute *attr1, *attr2;

    if (attrs == NULL)
	return NULL;

    oid = SECOID_FindOIDByTag(oidtag);
    if (oid == NULL)
	return NULL;

    while ((attr1 = *attrs++) != NULL) {
	if (attr1->type.len == oid->oid.len && PORT_Memcmp (attr1->type.data,
							    oid->oid.data,
							    oid->oid.len) == 0)
	    break;
    }

    if (attr1 == NULL)
	return NULL;

    if (!only)
	return attr1;

    while ((attr2 = *attrs++) != NULL) {
	if (attr2->type.len == oid->oid.len && PORT_Memcmp (attr2->type.data,
							    oid->oid.data,
							    oid->oid.len) == 0)
	    break;
    }

    if (attr2 != NULL)
	return NULL;

    return attr1;
}
SECComparison
SECITEM_CompareItem(const SecAsn1Item *a, const SecAsn1Item *b)
{
    size_t m;
    SECComparison rv;

    m = ( ( a->Length < b->Length ) ? a->Length : b->Length );
    
    rv = (SECComparison) PORT_Memcmp(a->Data, b->Data, m);
    if (rv) {
	return rv;
    }
    if (a->Length < b->Length) {
	return SECLessThan;
    }
    if (a->Length == b->Length) {
	return SECEqual;
    }
    return SECGreaterThan;
}
Beispiel #17
0
static void
smime_fill_capability(smime_capability *cap)
{
    unsigned long cipher;
    SECOidTag algtag;
    int i;

    algtag = SECOID_FindOIDTag(&(cap->capabilityID));

    for (i = 0; i < smime_symmetric_count; i++) {
        if (smime_cipher_maps[i].algtag != algtag)
            continue;
        /*
         * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
         * 2 NULLs as equal and NULL and non-NULL as not equal), we could
         * use that here instead of all of the following comparison code.
         */
        if (cap->parameters.data != NULL) {
            if (smime_cipher_maps[i].parms == NULL)
                continue;
            if (cap->parameters.len != smime_cipher_maps[i].parms->len)
                continue;
            if (PORT_Memcmp(cap->parameters.data,
                            smime_cipher_maps[i].parms->data,
                            cap->parameters.len) == 0)
                break;
        } else if (smime_cipher_maps[i].parms == NULL) {
            break;
        }
    }

    if (i == smime_symmetric_count)
        cipher = 0;
    else
        cipher = smime_cipher_maps[i].cipher;

    cap->cipher = cipher;
    cap->capIDTag = algtag;
}
Beispiel #18
0
/*
 * This function expands the internal state of the prng to fulfill any number
 * of bytes we need for this request. We only use this call if we need more
 * than can be supplied by a single call to SHA256_HashBuf. 
 *
 * This function is specified in NIST SP 800-90 section 10.1.1.4, Hashgen
 */
static void
prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, 
	     unsigned int no_of_returned_bytes)
{
    PRUint8 data[VSize(rng)];
    PRUint8 thisHash[SHA256_LENGTH];
    PRUint8 *lastHash = rng->lastOutput;

    PORT_Memcpy(data, V(rng), VSize(rng));
    while (no_of_returned_bytes) {
	SHA256Context ctx;
	unsigned int len;
	unsigned int carry;

 	SHA256_Begin(&ctx);
 	SHA256_Update(&ctx, data, sizeof data);
	SHA256_End(&ctx, thisHash, &len, SHA256_LENGTH);
	if (PORT_Memcmp(lastHash, thisHash, len) == 0) {
	    rng->isValid = PR_FALSE;
	    break;
	}
	if (no_of_returned_bytes < SHA256_LENGTH) {
	    len = no_of_returned_bytes;
	}
	PORT_Memcpy(returned_bytes, thisHash, len);
	lastHash = returned_bytes;
	returned_bytes += len;
	no_of_returned_bytes -= len;
	/* The carry parameter is a bool (increment or not). 
	 * This increments data if no_of_returned_bytes is not zero */
        carry = no_of_returned_bytes;
	PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry);
    }
    PORT_Memcpy(rng->lastOutput, thisHash, SHA256_LENGTH);
    PORT_Memset(data, 0, sizeof data); 
    PORT_Memset(thisHash, 0, sizeof thisHash); 
}
Beispiel #19
0
SECStatus
ssl_SelfEncryptUnprotectInt(
    PK11SymKey *encKey, PK11SymKey *macKey, const unsigned char *keyName,
    const PRUint8 *in, unsigned int inLen,
    PRUint8 *out, unsigned int *outLen, unsigned int maxOutLen)
{
    sslReader reader = SSL_READER(in, inLen);

    sslReadBuffer encodedKeyNameBuffer = { 0 };
    SECStatus rv = sslRead_Read(&reader, SELF_ENCRYPT_KEY_NAME_LEN,
                                &encodedKeyNameBuffer);
    if (rv != SECSuccess) {
        return SECFailure;
    }

    sslReadBuffer ivBuffer = { 0 };
    rv = sslRead_Read(&reader, AES_BLOCK_SIZE, &ivBuffer);
    if (rv != SECSuccess) {
        return SECFailure;
    }

    PRUint64 cipherTextLen = 0;
    rv = sslRead_ReadNumber(&reader, 2, &cipherTextLen);
    if (rv != SECSuccess) {
        return SECFailure;
    }

    sslReadBuffer cipherTextBuffer = { 0 };
    rv = sslRead_Read(&reader, (unsigned int)cipherTextLen, &cipherTextBuffer);
    if (rv != SECSuccess) {
        return SECFailure;
    }
    unsigned int bytesToMac = reader.offset;

    sslReadBuffer encodedMacBuffer = { 0 };
    rv = sslRead_Read(&reader, SHA256_LENGTH, &encodedMacBuffer);
    if (rv != SECSuccess) {
        return SECFailure;
    }

    /* Make sure we're at the end of the block. */
    if (reader.offset != reader.buf.len) {
        PORT_SetError(SEC_ERROR_BAD_DATA);
        return SECFailure;
    }

    /* Now that everything is decoded, we can make progress. */
    /* 1. Check that we have the right key. */
    if (PORT_Memcmp(keyName, encodedKeyNameBuffer.buf, SELF_ENCRYPT_KEY_NAME_LEN)) {
        PORT_SetError(SEC_ERROR_NOT_A_RECIPIENT);
        return SECFailure;
    }

    /* 2. Check the MAC */
    unsigned char computedMac[SHA256_LENGTH];
    unsigned int computedMacLen = 0;
    rv = ssl_MacBuffer(macKey, CKM_SHA256_HMAC, in, bytesToMac,
                       computedMac, &computedMacLen, sizeof(computedMac));
    if (rv != SECSuccess) {
        return SECFailure;
    }
    PORT_Assert(computedMacLen == SHA256_LENGTH);
    if (NSS_SecureMemcmp(computedMac, encodedMacBuffer.buf, computedMacLen) != 0) {
        PORT_SetError(SEC_ERROR_BAD_DATA);
        return SECFailure;
    }

    /* 3. OK, it verifies, now decrypt. */
    SECItem ivItem = { siBuffer, (unsigned char *)ivBuffer.buf, AES_BLOCK_SIZE };
    rv = PK11_Decrypt(encKey, CKM_AES_CBC_PAD, &ivItem,
                      out, outLen, maxOutLen, cipherTextBuffer.buf, cipherTextLen);
    if (rv != SECSuccess) {
        return SECFailure;
    }

    return SECSuccess;
}
Beispiel #20
0
/***************************************************************************
 *
 * v e r i f y _ g l o b a l
 */
static int
verify_global(JAR *jar)
{
    FILE *fp;
    JAR_Context *ctx;
    JAR_Item *it;
    JAR_Digest *globaldig;
    char *ext;
    unsigned char *md5_digest, *sha1_digest;
    unsigned int sha1_length, md5_length;
    int retval = 0;
    char buf[BUFSIZ];

    ctx = JAR_find(jar, "*", jarTypePhy);

    while (JAR_find_next(ctx, &it) >= 0) {
        if (!PORT_Strncmp(it->pathname, "META-INF", 8)) {
            for (ext = it->pathname; *ext; ext++)
                ;
            while (ext > it->pathname && *ext != '.')
                ext--;

            if (verbosity >= 0) {
                if (!PORT_Strcasecmp(ext, ".rsa")) {
                    PR_fprintf(outputFD, "found a RSA signature file: %s\n",
                               it->pathname);
                }

                if (!PORT_Strcasecmp(ext, ".dsa")) {
                    PR_fprintf(outputFD, "found a DSA signature file: %s\n",
                               it->pathname);
                }

                if (!PORT_Strcasecmp(ext, ".mf")) {
                    PR_fprintf(outputFD,
                               "found a MF master manifest file: %s\n",
                               it->pathname);
                }
            }

            if (!PORT_Strcasecmp(ext, ".sf")) {
                if (verbosity >= 0) {
                    PR_fprintf(outputFD,
                               "found a SF signature manifest file: %s\n",
                               it->pathname);
                }

                rm_dash_r(TMP_OUTPUT);
                if (JAR_extract(jar, it->pathname, TMP_OUTPUT) < 0) {
                    PR_fprintf(errorFD, "%s: error extracting %s\n",
                               PROGRAM_NAME, it->pathname);
                    errorCount++;
                    retval = -1;
                    continue;
                }

                md5_digest = NULL;
                sha1_digest = NULL;

                if ((fp = fopen(TMP_OUTPUT, "rb")) != NULL) {
                    while (fgets(buf, BUFSIZ, fp)) {
                        char *s;

                        if (*buf == 0 || *buf == '\n' || *buf == '\r')
                            break;

                        for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
                            ;
                        *s = 0;

                        if (!PORT_Strncmp(buf, "MD5-Digest: ", 12)) {
                            md5_digest =
                                ATOB_AsciiToData(buf + 12, &md5_length);
                        }
                        if (!PORT_Strncmp(buf, "SHA1-Digest: ", 13)) {
                            sha1_digest =
                                ATOB_AsciiToData(buf + 13, &sha1_length);
                        }
                        if (!PORT_Strncmp(buf, "SHA-Digest: ", 12)) {
                            sha1_digest =
                                ATOB_AsciiToData(buf + 12, &sha1_length);
                        }
                    }

                    globaldig = jar->globalmeta;

                    if (globaldig && md5_digest && verbosity >= 0) {
                        PR_fprintf(outputFD,
                                   "  md5 digest on global metainfo: %s\n",
                                   PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
                                       ? "no match"
                                       : "match");
                    }

                    if (globaldig && sha1_digest && verbosity >= 0) {
                        PR_fprintf(outputFD,
                                   "  sha digest on global metainfo: %s\n",
                                   PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
                                       ? "no match"
                                       : "match");
                    }

                    if (globaldig == NULL && verbosity >= 0) {
                        PR_fprintf(outputFD,
                                   "global metadigest is not available, strange.\n");
                    }

                    PORT_Free(md5_digest);
                    PORT_Free(sha1_digest);
                    fclose(fp);
                }
            }
        }
    }

    JAR_find_end(ctx);

    return retval;
}
Beispiel #21
0
NSS_IMPLEMENT NSSTrust *
nssTrust_Create (
  nssPKIObject *object,
  NSSItem *certData
)
{
    PRStatus status;
    PRUint32 i;
    PRUint32 lastTrustOrder, myTrustOrder;
    unsigned char sha1_hashcmp[SHA1_LENGTH];
    unsigned char sha1_hashin[SHA1_LENGTH];
    NSSItem sha1_hash;
    NSSTrust *rvt;
    nssCryptokiObject *instance;
    nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection;
    SECStatus rv; /* Should be stan flavor */
    PRBool stepUp;

    lastTrustOrder = 1<<16; /* just make it big */
    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
    rvt = nss_ZNEW(object->arena, NSSTrust);
    if (!rvt) {
	return (NSSTrust *)NULL;
    }
    rvt->object = *object;

    /* should be stan flavor of Hashbuf */
    rv = PK11_HashBuf(SEC_OID_SHA1,sha1_hashcmp,certData->data,certData->size);
    if (rv != SECSuccess) {
	return (NSSTrust *)NULL;
    }
    sha1_hash.data = sha1_hashin;
    sha1_hash.size = sizeof (sha1_hashin);
    /* trust has to peek into the base object members */
    nssPKIObject_Lock(object);
    for (i=0; i<object->numInstances; i++) {
	instance = object->instances[i];
	myTrustOrder = nssToken_GetTrustOrder(instance->token);
	status = nssCryptokiTrust_GetAttributes(instance, NULL,
						&sha1_hash,
	                                        &serverAuth,
	                                        &clientAuth,
	                                        &codeSigning,
	                                        &emailProtection,
	                                        &stepUp);
	if (status != PR_SUCCESS) {
	    nssPKIObject_Unlock(object);
	    return (NSSTrust *)NULL;
	}
	if (PORT_Memcmp(sha1_hashin,sha1_hashcmp,SHA1_LENGTH) != 0) {
	    nssPKIObject_Unlock(object);
	    return (NSSTrust *)NULL;
	}
	if (rvt->serverAuth == nssTrustLevel_Unknown ||
	    myTrustOrder < lastTrustOrder) 
	{
	    rvt->serverAuth = serverAuth;
	}
	if (rvt->clientAuth == nssTrustLevel_Unknown ||
	    myTrustOrder < lastTrustOrder) 
	{
	    rvt->clientAuth = clientAuth;
	}
	if (rvt->emailProtection == nssTrustLevel_Unknown ||
	    myTrustOrder < lastTrustOrder) 
	{
	    rvt->emailProtection = emailProtection;
	}
	if (rvt->codeSigning == nssTrustLevel_Unknown ||
	    myTrustOrder < lastTrustOrder) 
	{
	    rvt->codeSigning = codeSigning;
	}
	rvt->stepUpApproved = stepUp;
	lastTrustOrder = myTrustOrder;
    }
    nssPKIObject_Unlock(object);
    return rvt;
}
Beispiel #22
0
SECStatus
PRNGTEST_RunHealthTests()
{
   static const PRUint8 entropy[] = {
			0x8e,0x9c,0x0d,0x25,0x75,0x22,0x04,0xf9,
			0xc5,0x79,0x10,0x8b,0x23,0x79,0x37,0x14,
			0x9f,0x2c,0xc7,0x0b,0x39,0xf8,0xee,0xef,
			0x95,0x0c,0x97,0x59,0xfc,0x0a,0x85,0x41,
			0x76,0x9d,0x6d,0x67,0x00,0x4e,0x19,0x12,
			0x02,0x16,0x53,0xea,0xf2,0x73,0xd7,0xd6,
			0x7f,0x7e,0xc8,0xae,0x9c,0x09,0x99,0x7d,
			0xbb,0x9e,0x48,0x7f,0xbb,0x96,0x46,0xb3,
			0x03,0x75,0xf8,0xc8,0x69,0x45,0x3f,0x97,
			0x5e,0x2e,0x48,0xe1,0x5d,0x58,0x97,0x4c };
   static const PRUint8 rng_known_result[] = {
			0x16,0xe1,0x8c,0x57,0x21,0xd8,0xf1,0x7e,
			0x5a,0xa0,0x16,0x0b,0x7e,0xa6,0x25,0xb4,
			0x24,0x19,0xdb,0x54,0xfa,0x35,0x13,0x66,
			0xbb,0xaa,0x2a,0x1b,0x22,0x33,0x2e,0x4a,
			0x14,0x07,0x9d,0x52,0xfc,0x73,0x61,0x48,
			0xac,0xc1,0x22,0xfc,0xa4,0xfc,0xac,0xa4,
			0xdb,0xda,0x5b,0x27,0x33,0xc4,0xb3 };
   static const PRUint8 reseed_entropy[] = {
			0xc6,0x0b,0x0a,0x30,0x67,0x07,0xf4,0xe2,
			0x24,0xa7,0x51,0x6f,0x5f,0x85,0x3e,0x5d,
			0x67,0x97,0xb8,0x3b,0x30,0x9c,0x7a,0xb1,
			0x52,0xc6,0x1b,0xc9,0x46,0xa8,0x62,0x79 };
   static const PRUint8 additional_input[] = {
			0x86,0x82,0x28,0x98,0xe7,0xcb,0x01,0x14,
			0xae,0x87,0x4b,0x1d,0x99,0x1b,0xc7,0x41,
			0x33,0xff,0x33,0x66,0x40,0x95,0x54,0xc6,
			0x67,0x4d,0x40,0x2a,0x1f,0xf9,0xeb,0x65 };
   static const PRUint8 rng_reseed_result[] = {
			0x02,0x0c,0xc6,0x17,0x86,0x49,0xba,0xc4,
			0x7b,0x71,0x35,0x05,0xf0,0xdb,0x4a,0xc2,
			0x2c,0x38,0xc1,0xa4,0x42,0xe5,0x46,0x4a,
			0x7d,0xf0,0xbe,0x47,0x88,0xb8,0x0e,0xc6,
			0x25,0x2b,0x1d,0x13,0xef,0xa6,0x87,0x96,
			0xa3,0x7d,0x5b,0x80,0xc2,0x38,0x76,0x61,
			0xc7,0x80,0x5d,0x0f,0x05,0x76,0x85 };
   static const PRUint8 rng_no_reseed_result[] = {
			0xc4,0x40,0x41,0x8c,0xbf,0x2f,0x70,0x23,
			0x88,0xf2,0x7b,0x30,0xc3,0xca,0x1e,0xf3,
			0xef,0x53,0x81,0x5d,0x30,0xed,0x4c,0xf1,
			0xff,0x89,0xa5,0xee,0x92,0xf8,0xc0,0x0f,
			0x88,0x53,0xdf,0xb6,0x76,0xf0,0xaa,0xd3,
			0x2e,0x1d,0x64,0x37,0x3e,0xe8,0x4a,0x02,
			0xff,0x0a,0x7f,0xe5,0xe9,0x2b,0x6d };

   SECStatus rng_status = SECSuccess;
   PR_STATIC_ASSERT(sizeof(rng_known_result) >= sizeof(rng_reseed_result));
   PRUint8 result[sizeof(rng_known_result)];

   /********************************************/
   /*   First test instantiate error path.     */
   /*   In this case we supply enough entropy, */
   /*   but not enough seed. This will trigger */
   /*   the code that checks for a entropy     */
   /*   source failure.                        */
   /********************************************/
   rng_status = PRNGTEST_Instantiate(entropy, 256/PR_BITS_PER_BYTE, 
				     NULL, 0, NULL, 0);
   if (rng_status == SECSuccess) {
	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
	return SECFailure;
   }
   if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) {
	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
	return SECFailure;
   }
   /* we failed with the proper error code, we can continue */

   /********************************************/
   /* Generate random bytes with a known seed. */
   /********************************************/
   rng_status = PRNGTEST_Instantiate(entropy, sizeof entropy, 
				     NULL, 0, NULL, 0);
   if (rng_status != SECSuccess) {
	/* Error set by PRNGTEST_Instantiate */
	return SECFailure;
   }
   rng_status = PRNGTEST_Generate(result, sizeof rng_known_result, NULL, 0);
   if ( ( rng_status != SECSuccess)  ||
        ( PORT_Memcmp( result, rng_known_result,
                       sizeof rng_known_result ) != 0 ) ) {
	PRNGTEST_Uninstantiate();
	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
	return SECFailure;
   }
   rng_status = PRNGTEST_Reseed(reseed_entropy, sizeof reseed_entropy,
				additional_input, sizeof additional_input);
   if (rng_status != SECSuccess) {
	/* Error set by PRNG_Reseed */
	PRNGTEST_Uninstantiate();
	return SECFailure;
   }
   rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0);
   if ( ( rng_status != SECSuccess)  ||
        ( PORT_Memcmp( result, rng_reseed_result,
                       sizeof rng_reseed_result ) != 0 ) ) {
	PRNGTEST_Uninstantiate();
	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
	return SECFailure;
   }
   /* This magic forces the reseed count to it's max count, so we can see if
    * PRNGTEST_Generate will actually when it reaches it's count */
   rng_status = PRNGTEST_Reseed(NULL, 0, NULL, 0);
   if (rng_status != SECSuccess) {
	PRNGTEST_Uninstantiate();
	/* Error set by PRNG_Reseed */
	return SECFailure;
   }
   /* This generate should now reseed */
   rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0);
   if ( ( rng_status != SECSuccess)  ||
	/* NOTE we fail if the result is equal to the no_reseed_result. 
         * no_reseed_result is the value we would have gotten if we didn't
	 * do an automatic reseed in PRNGTEST_Generate */
        ( PORT_Memcmp( result, rng_no_reseed_result,
                       sizeof rng_no_reseed_result ) == 0 ) ) {
	PRNGTEST_Uninstantiate();
	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
	return SECFailure;
   }
   /* make sure reseed fails when we don't supply enough entropy */
   rng_status = PRNGTEST_Reseed(reseed_entropy, 4, NULL, 0);
   if (rng_status == SECSuccess) {
	PRNGTEST_Uninstantiate();
	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
	return SECFailure;
   }
   if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) {
	PRNGTEST_Uninstantiate();
	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
	return SECFailure;
   }
   rng_status = PRNGTEST_Uninstantiate();
   if (rng_status != SECSuccess) {
	/* Error set by PRNG_Uninstantiate */
	return rng_status;
   }
   /* make sure uninstantiate fails if the contest is not initiated (also tests
    * if the context was cleared in the previous Uninstantiate) */
   rng_status = PRNGTEST_Uninstantiate();
   if (rng_status == SECSuccess) {
	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
	return SECFailure;
   }
   if (PORT_GetError() != SEC_ERROR_LIBRARY_FAILURE) {
	return rng_status;
   }
  
   return SECSuccess;
}
Beispiel #23
0
NSS_IMPLEMENT NSSTrust *
nssTrust_Create (
  nssPKIObject *object,
  NSSItem *certData
)
{
    PRStatus status;
    PRUint32 i;
    PRUint32 lastTrustOrder, myTrustOrder;
    unsigned char sha1_hashcmp[SHA1_LENGTH];
    unsigned char sha1_hashin[SHA1_LENGTH];
    NSSItem sha1_hash;
    NSSTrust *rvt;
    nssCryptokiObject *instance;
    nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection;
    SECStatus rv; /* Should be stan flavor */
    PRBool stepUp;

    lastTrustOrder = 1<<16; /* just make it big */
    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
    rvt = nss_ZNEW(object->arena, NSSTrust);
    if (!rvt) {
	return (NSSTrust *)NULL;
    }
    rvt->object = *object;

    /* should be stan flavor of Hashbuf */
    rv = PK11_HashBuf(SEC_OID_SHA1,sha1_hashcmp,certData->data,certData->size);
    if (rv != SECSuccess) {
	return (NSSTrust *)NULL;
    }
    sha1_hash.data = sha1_hashin;
    sha1_hash.size = sizeof (sha1_hashin);
    /* trust has to peek into the base object members */
    nssPKIObject_Lock(object);
    for (i=0; i<object->numInstances; i++) {
	instance = object->instances[i];
	myTrustOrder = nssToken_GetTrustOrder(instance->token);
	status = nssCryptokiTrust_GetAttributes(instance, NULL,
						&sha1_hash,
	                                        &serverAuth,
	                                        &clientAuth,
	                                        &codeSigning,
	                                        &emailProtection,
	                                        &stepUp);
	if (status != PR_SUCCESS) {
	    nssPKIObject_Unlock(object);
	    return (NSSTrust *)NULL;
	}
	/* if no hash is specified, then trust applies to all certs with
	 * this issuer/SN. NOTE: This is only true for entries that
	 * have distrust and unknown record */
	if (!(
            /* we continue if there is no hash, and the trust type is
	     * safe to accept without a hash ... or ... */
	     ((sha1_hash.size == 0)  && 
		nssTrust_IsSafeToIgnoreCertHash(serverAuth,clientAuth,
		codeSigning, emailProtection,stepUp)) 
	   ||
            /* we have a hash of the correct size, and it matches */
            ((sha1_hash.size == SHA1_LENGTH) && (PORT_Memcmp(sha1_hashin,
	        sha1_hashcmp,SHA1_LENGTH) == 0))   )) {
	    nssPKIObject_Unlock(object);
	    return (NSSTrust *)NULL;
	}
	if (rvt->serverAuth == nssTrustLevel_Unknown ||
	    myTrustOrder < lastTrustOrder) 
	{
	    rvt->serverAuth = serverAuth;
	}
	if (rvt->clientAuth == nssTrustLevel_Unknown ||
	    myTrustOrder < lastTrustOrder) 
	{
	    rvt->clientAuth = clientAuth;
	}
	if (rvt->emailProtection == nssTrustLevel_Unknown ||
	    myTrustOrder < lastTrustOrder) 
	{
	    rvt->emailProtection = emailProtection;
	}
	if (rvt->codeSigning == nssTrustLevel_Unknown ||
	    myTrustOrder < lastTrustOrder) 
	{
	    rvt->codeSigning = codeSigning;
	}
	rvt->stepUpApproved = stepUp;
	lastTrustOrder = myTrustOrder;
    }
    nssPKIObject_Unlock(object);
    return rvt;
}
Beispiel #24
0
/*
* Test the softoken RSA_HashSign and RSH_HashCheckSign.
*/
static SECStatus
sftk_fips_RSA_PowerUpSigSelfTest(HASH_HashType shaAlg,
                                 NSSLOWKEYPublicKey *rsa_public_key,
                                 NSSLOWKEYPrivateKey *rsa_private_key,
                                 const unsigned char *rsa_known_msg,
                                 const unsigned int rsa_kmsg_length,
                                 const unsigned char *rsa_known_signature)
{
    SECOidTag shaOid;                   /* SHA OID */
    unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
    unsigned int shaLength = 0;         /* length of SHA */
    unsigned int rsa_bytes_signed;
    unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
    SECStatus rv;

    if (shaAlg == HASH_AlgSHA1) {
        if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
            goto loser;
        }
        shaLength = SHA1_LENGTH;
        shaOid = SEC_OID_SHA1;
    } else if (shaAlg == HASH_AlgSHA256) {
        if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
            goto loser;
        }
        shaLength = SHA256_LENGTH;
        shaOid = SEC_OID_SHA256;
    } else if (shaAlg == HASH_AlgSHA384) {
        if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
            goto loser;
        }
        shaLength = SHA384_LENGTH;
        shaOid = SEC_OID_SHA384;
    } else if (shaAlg == HASH_AlgSHA512) {
        if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
            goto loser;
        }
        shaLength = SHA512_LENGTH;
        shaOid = SEC_OID_SHA512;
    } else {
        goto loser;
    }

    /*************************************************/
    /* RSA Single-Round Known Answer Signature Test. */
    /*************************************************/

    /* Perform RSA signature with the RSA private key. */
    rv = RSA_HashSign(shaOid,
                      rsa_private_key,
                      rsa_computed_signature,
                      &rsa_bytes_signed,
                      FIPS_RSA_SIGNATURE_LENGTH,
                      sha,
                      shaLength);

    if ((rv != SECSuccess) ||
        (rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH) ||
        (PORT_Memcmp(rsa_computed_signature, rsa_known_signature,
                     FIPS_RSA_SIGNATURE_LENGTH) != 0)) {
        goto loser;
    }

    /****************************************************/
    /* RSA Single-Round Known Answer Verification Test. */
    /****************************************************/

    /* Perform RSA verification with the RSA public key. */
    rv = RSA_HashCheckSign(shaOid,
                           rsa_public_key,
                           rsa_computed_signature,
                           rsa_bytes_signed,
                           sha,
                           shaLength);

    if (rv != SECSuccess) {
        goto loser;
    }
    return (SECSuccess);

loser:

    return (SECFailure);
}