static int testMessageDigest(NSSLOWInitContext *initCtx, HASH_HashType algoType, unsigned int hashLen, const unsigned char *message, const PRUint8 expected[], PRUint8 results[]) { NSSLOWHASHContext *ctx; unsigned int len; int rv = 0; ctx = NSSLOWHASH_NewContext(initCtx, algoType); if (ctx == NULL) { SECU_PrintError(progName, "Couldn't get hash context\n"); return 1; } NSSLOWHASH_Begin(ctx); NSSLOWHASH_Update(ctx, message, PORT_Strlen((const char *)message)); NSSLOWHASH_End(ctx, results, &len, hashLen); PR_ASSERT(len == hashLen); PR_ASSERT(PORT_Memcmp(expected, results, len) == 0); if (PORT_Memcmp(expected, results, len) != 0) { SECU_PrintError(progName, "Hash mismatch\n"); SECU_PrintBuf(stdout, "Expected: ", expected, hashLen); SECU_PrintBuf(stdout, "Actual: ", results, len); rv = 1; } NSSLOWHASH_Destroy(ctx); NSSLOW_Shutdown(initCtx); return rv; }
static unsigned long nss_SMIME_FindCipherForSMIMECap(NSSSMIMECapability *cap) { int i; SECOidTag capIDTag; /* we need the OIDTag here */ capIDTag = SECOID_FindOIDTag(&(cap->capabilityID)); /* go over all the SMIME ciphers we know and see if we find a match */ for (i = 0; i < smime_cipher_map_count; i++) { if (smime_cipher_map[i].algtag != capIDTag) continue; /* * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing * 2 NULLs as equal and NULL and non-NULL as not equal), we could * use that here instead of all of the following comparison code. */ if (cap->parameters.Data == NULL && smime_cipher_map[i].parms == NULL) break; /* both empty: bingo */ if (cap->parameters.Data != NULL && smime_cipher_map[i].parms != NULL && cap->parameters.Length == smime_cipher_map[i].parms->Length && PORT_Memcmp (cap->parameters.Data, smime_cipher_map[i].parms->Data, cap->parameters.Length) == 0) { break; /* both not empty, same length & equal content: bingo */ } } if (i == smime_cipher_map_count) return 0; /* no match found */ else return smime_cipher_map[i].cipher; /* match found, point to cipher */ }
static SECStatus sftk_TLSPRFVerify(TLSPRFContext *cx, unsigned char *sig, /* input, for comparison. */ unsigned int sigLen, /* length of sig. */ unsigned char *hash, /* data to be verified. */ unsigned int hashLen) /* size of hash data. */ { unsigned char * tmp = (unsigned char *)PORT_Alloc(sigLen); unsigned int tmpLen = sigLen; SECStatus rv; if (!tmp) return SECFailure; if (hashLen) { /* hashLen is non-zero when the user does a one-step verify. ** In this case, none of the data has been input yet. */ sftk_TLSPRFHashUpdate(cx, hash, hashLen); } rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0); if (rv == SECSuccess) { rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen)); } PORT_ZFree(tmp, sigLen); return rv; }
SECComparison SECITEM_CompareItem(const SECItem *a, const SECItem *b) { unsigned m; int rv; if (a == b) return SECEqual; if (!a || !a->len || !a->data) return (!b || !b->len || !b->data) ? SECEqual : SECLessThan; if (!b || !b->len || !b->data) return SECGreaterThan; m = ( ( a->len < b->len ) ? a->len : b->len ); rv = PORT_Memcmp(a->data, b->data, m); if (rv) { return rv < 0 ? SECLessThan : SECGreaterThan; } if (a->len < b->len) { return SECLessThan; } if (a->len == b->len) { return SECEqual; } return SECGreaterThan; }
/* * this function locally records the user's preference */ SECStatus SECMIME_EnableCipher(long which, int on) { unsigned long mask; if (smime_newprefs == NULL || smime_prefs_complete) { /* * This is either the very first time, or we are starting over. */ smime_newprefs = (unsigned long*)PORT_ZAlloc (smime_symmetric_count * sizeof(*smime_newprefs)); if (smime_newprefs == NULL) return SECFailure; smime_current_pref_index = 0; smime_prefs_complete = PR_FALSE; } mask = which & CIPHER_FAMILYID_MASK; if (mask == CIPHER_FAMILYID_MASK) { /* * This call signifies that all preferences have been set. * Move "newprefs" over, after checking first whether or * not the new ones are different from the old ones. */ if (smime_prefs != NULL) { if (PORT_Memcmp (smime_prefs, smime_newprefs, smime_symmetric_count * sizeof(*smime_prefs)) == 0) smime_prefs_changed = PR_FALSE; else smime_prefs_changed = PR_TRUE; PORT_Free (smime_prefs); } smime_prefs = smime_newprefs; smime_prefs_complete = PR_TRUE; return SECSuccess; } PORT_Assert (mask == CIPHER_FAMILYID_SMIME); if (mask != CIPHER_FAMILYID_SMIME) { /* XXX set an error! */ return SECFailure; } if (on) { PORT_Assert (smime_current_pref_index < smime_symmetric_count); if (smime_current_pref_index >= smime_symmetric_count) { /* XXX set an error! */ return SECFailure; } smime_newprefs[smime_current_pref_index++] = which; } return SECSuccess; }
void sv_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m) { sv_PrintObjectID(out, &a->algorithm, m); if ((a->parameters.len != 2) || (PORT_Memcmp(a->parameters.data, "\005\000", 2) != 0)) { /* Print args to algorithm */ sv_PrintAsHex(out, &a->parameters, "Args="); } }
static int test_long_message(NSSLOWInitContext *initCtx, HASH_HashType algoType, unsigned int hashLen, const PRUint8 expected[], PRUint8 results[]) { unsigned int len, i, rv = 0; NSSLOWHASHContext *ctx; /* The message is meant to be 'a' repeated 1,000,000 times. * This is too much to allocate on the stack so we will use a 1,000 char * buffer and call update 1,000 times. */ unsigned char buf[1000]; (void)PORT_Memset(buf, 'a', sizeof(buf)); ctx = NSSLOWHASH_NewContext(initCtx, algoType); if (ctx == NULL) { SECU_PrintError(progName, "Couldn't get hash context\n"); return 1; } NSSLOWHASH_Begin(ctx); for (i = 0; i < 1000; ++i) { NSSLOWHASH_Update(ctx, buf, 1000); } NSSLOWHASH_End(ctx, results, &len, hashLen); PR_ASSERT(len == hashLen); PR_ASSERT(PORT_Memcmp(expected, results, hashLen) == 0); if (PORT_Memcmp(expected, results, len) != 0) { SECU_PrintError(progName, "Hash mismatch\n"); SECU_PrintBuf(stdout, "Expected: ", expected, hashLen); SECU_PrintBuf(stdout, "Actual: ", results, len); rv = 1; } NSSLOWHASH_Destroy(ctx); NSSLOW_Shutdown(initCtx); return rv; }
static PRBool IsP11KitProxyModule(SECMODModule *module) { CK_INFO modinfo; static const char p11KitManufacturerID[33] = "PKCS#11 Kit "; static const char p11KitLibraryDescription[33] = "PKCS#11 Kit Proxy Module "; if (PK11_GetModInfo(module, &modinfo) == SECSuccess && PORT_Memcmp(modinfo.manufacturerID, p11KitManufacturerID, sizeof(modinfo.manufacturerID)) == 0 && PORT_Memcmp(modinfo.libraryDescription, p11KitLibraryDescription, sizeof(modinfo.libraryDescription)) == 0) { return PR_TRUE; } return PR_FALSE; }
Boolean SECITEM_ItemsAreEqual(const SecAsn1Item *a, const SecAsn1Item *b) { if (a->Length != b->Length) return PR_FALSE; if (!a->Length) return PR_TRUE; if (!a->Data || !b->Data) { /* avoid null pointer crash. */ return (Boolean)(a->Data == b->Data); } return (Boolean)!PORT_Memcmp(a->Data, b->Data, a->Length); }
/* * NSS_CMSAttribute_CompareValue - compare the attribute's first value against data */ PRBool NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av) { SECItem *value; if (attr == NULL) return PR_FALSE; value = NSS_CMSAttribute_GetValue(attr); return (value != NULL && value->len == av->len && PORT_Memcmp (value->data, av->data, value->len) == 0); }
/* * SecCmsAttributeCompareValue - compare the attribute's first value against data */ Boolean SecCmsAttributeCompareValue(SecCmsAttribute *attr, SecAsn1Item * av) { SecAsn1Item * value; if (attr == NULL) return PR_FALSE; value = SecCmsAttributeGetValue(attr); return (value != NULL && value->Length == av->Length && PORT_Memcmp (value->Data, av->Data, value->Length) == 0); }
PRBool SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b) { if (a->len != b->len) return PR_FALSE; if (!a->len) return PR_TRUE; if (!a->data || !b->data) { /* avoid null pointer crash. */ return (PRBool)(a->data == b->data); } return (PRBool)!PORT_Memcmp(a->data, b->data, a->len); }
/* * SecCmsAttributeCompareValue - compare the attribute's first value against data */ Boolean SecCmsAttributeCompareValue(SecCmsAttribute *attr, CSSM_DATA_PTR av) { CSSM_DATA_PTR value; if (attr == NULL) return PR_FALSE; value = SecCmsAttributeGetValue(attr); return (value != NULL && value->Length == av->Length && PORT_Memcmp (value->Data, av->Data, value->Length) == 0); }
/* * SecCmsAttributeArrayFindAttrByOidTag - look through a set of attributes and * find one that matches the specified object ID. * * If "only" is true, then make sure that there is not more than one attribute * of the same type. Otherwise, just return the first one found. (XXX Does * anybody really want that first-found behavior? It was like that when I found it...) */ SecCmsAttribute * SecCmsAttributeArrayFindAttrByOidTag(SecCmsAttribute **attrs, SECOidTag oidtag, Boolean only) { SECOidData *oid; SecCmsAttribute *attr1, *attr2; if (attrs == NULL) return NULL; oid = SECOID_FindOIDByTag(oidtag); if (oid == NULL) return NULL; while ((attr1 = *attrs++) != NULL) { if (attr1->type.Length == oid->oid.Length && PORT_Memcmp (attr1->type.Data, oid->oid.Data, oid->oid.Length) == 0) break; } if (attr1 == NULL) return NULL; if (!only) return attr1; while ((attr2 = *attrs++) != NULL) { if (attr2->type.Length == oid->oid.Length && PORT_Memcmp (attr2->type.Data, oid->oid.Data, oid->oid.Length) == 0) break; } if (attr2 != NULL) return NULL; return attr1; }
/* * NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and * find one that matches the specified object ID. * * If "only" is true, then make sure that there is not more than one attribute * of the same type. Otherwise, just return the first one found. (XXX Does * anybody really want that first-found behavior? It was like that when I found it...) */ NSSCMSAttribute * NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only) { SECOidData *oid; NSSCMSAttribute *attr1, *attr2; if (attrs == NULL) return NULL; oid = SECOID_FindOIDByTag(oidtag); if (oid == NULL) return NULL; while ((attr1 = *attrs++) != NULL) { if (attr1->type.len == oid->oid.len && PORT_Memcmp (attr1->type.data, oid->oid.data, oid->oid.len) == 0) break; } if (attr1 == NULL) return NULL; if (!only) return attr1; while ((attr2 = *attrs++) != NULL) { if (attr2->type.len == oid->oid.len && PORT_Memcmp (attr2->type.data, oid->oid.data, oid->oid.len) == 0) break; } if (attr2 != NULL) return NULL; return attr1; }
SECComparison SECITEM_CompareItem(const SecAsn1Item *a, const SecAsn1Item *b) { size_t m; SECComparison rv; m = ( ( a->Length < b->Length ) ? a->Length : b->Length ); rv = (SECComparison) PORT_Memcmp(a->Data, b->Data, m); if (rv) { return rv; } if (a->Length < b->Length) { return SECLessThan; } if (a->Length == b->Length) { return SECEqual; } return SECGreaterThan; }
static void smime_fill_capability(smime_capability *cap) { unsigned long cipher; SECOidTag algtag; int i; algtag = SECOID_FindOIDTag(&(cap->capabilityID)); for (i = 0; i < smime_symmetric_count; i++) { if (smime_cipher_maps[i].algtag != algtag) continue; /* * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing * 2 NULLs as equal and NULL and non-NULL as not equal), we could * use that here instead of all of the following comparison code. */ if (cap->parameters.data != NULL) { if (smime_cipher_maps[i].parms == NULL) continue; if (cap->parameters.len != smime_cipher_maps[i].parms->len) continue; if (PORT_Memcmp(cap->parameters.data, smime_cipher_maps[i].parms->data, cap->parameters.len) == 0) break; } else if (smime_cipher_maps[i].parms == NULL) { break; } } if (i == smime_symmetric_count) cipher = 0; else cipher = smime_cipher_maps[i].cipher; cap->cipher = cipher; cap->capIDTag = algtag; }
/* * This function expands the internal state of the prng to fulfill any number * of bytes we need for this request. We only use this call if we need more * than can be supplied by a single call to SHA256_HashBuf. * * This function is specified in NIST SP 800-90 section 10.1.1.4, Hashgen */ static void prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, unsigned int no_of_returned_bytes) { PRUint8 data[VSize(rng)]; PRUint8 thisHash[SHA256_LENGTH]; PRUint8 *lastHash = rng->lastOutput; PORT_Memcpy(data, V(rng), VSize(rng)); while (no_of_returned_bytes) { SHA256Context ctx; unsigned int len; unsigned int carry; SHA256_Begin(&ctx); SHA256_Update(&ctx, data, sizeof data); SHA256_End(&ctx, thisHash, &len, SHA256_LENGTH); if (PORT_Memcmp(lastHash, thisHash, len) == 0) { rng->isValid = PR_FALSE; break; } if (no_of_returned_bytes < SHA256_LENGTH) { len = no_of_returned_bytes; } PORT_Memcpy(returned_bytes, thisHash, len); lastHash = returned_bytes; returned_bytes += len; no_of_returned_bytes -= len; /* The carry parameter is a bool (increment or not). * This increments data if no_of_returned_bytes is not zero */ carry = no_of_returned_bytes; PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry); } PORT_Memcpy(rng->lastOutput, thisHash, SHA256_LENGTH); PORT_Memset(data, 0, sizeof data); PORT_Memset(thisHash, 0, sizeof thisHash); }
SECStatus ssl_SelfEncryptUnprotectInt( PK11SymKey *encKey, PK11SymKey *macKey, const unsigned char *keyName, const PRUint8 *in, unsigned int inLen, PRUint8 *out, unsigned int *outLen, unsigned int maxOutLen) { sslReader reader = SSL_READER(in, inLen); sslReadBuffer encodedKeyNameBuffer = { 0 }; SECStatus rv = sslRead_Read(&reader, SELF_ENCRYPT_KEY_NAME_LEN, &encodedKeyNameBuffer); if (rv != SECSuccess) { return SECFailure; } sslReadBuffer ivBuffer = { 0 }; rv = sslRead_Read(&reader, AES_BLOCK_SIZE, &ivBuffer); if (rv != SECSuccess) { return SECFailure; } PRUint64 cipherTextLen = 0; rv = sslRead_ReadNumber(&reader, 2, &cipherTextLen); if (rv != SECSuccess) { return SECFailure; } sslReadBuffer cipherTextBuffer = { 0 }; rv = sslRead_Read(&reader, (unsigned int)cipherTextLen, &cipherTextBuffer); if (rv != SECSuccess) { return SECFailure; } unsigned int bytesToMac = reader.offset; sslReadBuffer encodedMacBuffer = { 0 }; rv = sslRead_Read(&reader, SHA256_LENGTH, &encodedMacBuffer); if (rv != SECSuccess) { return SECFailure; } /* Make sure we're at the end of the block. */ if (reader.offset != reader.buf.len) { PORT_SetError(SEC_ERROR_BAD_DATA); return SECFailure; } /* Now that everything is decoded, we can make progress. */ /* 1. Check that we have the right key. */ if (PORT_Memcmp(keyName, encodedKeyNameBuffer.buf, SELF_ENCRYPT_KEY_NAME_LEN)) { PORT_SetError(SEC_ERROR_NOT_A_RECIPIENT); return SECFailure; } /* 2. Check the MAC */ unsigned char computedMac[SHA256_LENGTH]; unsigned int computedMacLen = 0; rv = ssl_MacBuffer(macKey, CKM_SHA256_HMAC, in, bytesToMac, computedMac, &computedMacLen, sizeof(computedMac)); if (rv != SECSuccess) { return SECFailure; } PORT_Assert(computedMacLen == SHA256_LENGTH); if (NSS_SecureMemcmp(computedMac, encodedMacBuffer.buf, computedMacLen) != 0) { PORT_SetError(SEC_ERROR_BAD_DATA); return SECFailure; } /* 3. OK, it verifies, now decrypt. */ SECItem ivItem = { siBuffer, (unsigned char *)ivBuffer.buf, AES_BLOCK_SIZE }; rv = PK11_Decrypt(encKey, CKM_AES_CBC_PAD, &ivItem, out, outLen, maxOutLen, cipherTextBuffer.buf, cipherTextLen); if (rv != SECSuccess) { return SECFailure; } return SECSuccess; }
/*************************************************************************** * * v e r i f y _ g l o b a l */ static int verify_global(JAR *jar) { FILE *fp; JAR_Context *ctx; JAR_Item *it; JAR_Digest *globaldig; char *ext; unsigned char *md5_digest, *sha1_digest; unsigned int sha1_length, md5_length; int retval = 0; char buf[BUFSIZ]; ctx = JAR_find(jar, "*", jarTypePhy); while (JAR_find_next(ctx, &it) >= 0) { if (!PORT_Strncmp(it->pathname, "META-INF", 8)) { for (ext = it->pathname; *ext; ext++) ; while (ext > it->pathname && *ext != '.') ext--; if (verbosity >= 0) { if (!PORT_Strcasecmp(ext, ".rsa")) { PR_fprintf(outputFD, "found a RSA signature file: %s\n", it->pathname); } if (!PORT_Strcasecmp(ext, ".dsa")) { PR_fprintf(outputFD, "found a DSA signature file: %s\n", it->pathname); } if (!PORT_Strcasecmp(ext, ".mf")) { PR_fprintf(outputFD, "found a MF master manifest file: %s\n", it->pathname); } } if (!PORT_Strcasecmp(ext, ".sf")) { if (verbosity >= 0) { PR_fprintf(outputFD, "found a SF signature manifest file: %s\n", it->pathname); } rm_dash_r(TMP_OUTPUT); if (JAR_extract(jar, it->pathname, TMP_OUTPUT) < 0) { PR_fprintf(errorFD, "%s: error extracting %s\n", PROGRAM_NAME, it->pathname); errorCount++; retval = -1; continue; } md5_digest = NULL; sha1_digest = NULL; if ((fp = fopen(TMP_OUTPUT, "rb")) != NULL) { while (fgets(buf, BUFSIZ, fp)) { char *s; if (*buf == 0 || *buf == '\n' || *buf == '\r') break; for (s = buf; *s && *s != '\n' && *s != '\r'; s++) ; *s = 0; if (!PORT_Strncmp(buf, "MD5-Digest: ", 12)) { md5_digest = ATOB_AsciiToData(buf + 12, &md5_length); } if (!PORT_Strncmp(buf, "SHA1-Digest: ", 13)) { sha1_digest = ATOB_AsciiToData(buf + 13, &sha1_length); } if (!PORT_Strncmp(buf, "SHA-Digest: ", 12)) { sha1_digest = ATOB_AsciiToData(buf + 12, &sha1_length); } } globaldig = jar->globalmeta; if (globaldig && md5_digest && verbosity >= 0) { PR_fprintf(outputFD, " md5 digest on global metainfo: %s\n", PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH) ? "no match" : "match"); } if (globaldig && sha1_digest && verbosity >= 0) { PR_fprintf(outputFD, " sha digest on global metainfo: %s\n", PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH) ? "no match" : "match"); } if (globaldig == NULL && verbosity >= 0) { PR_fprintf(outputFD, "global metadigest is not available, strange.\n"); } PORT_Free(md5_digest); PORT_Free(sha1_digest); fclose(fp); } } } } JAR_find_end(ctx); return retval; }
NSS_IMPLEMENT NSSTrust * nssTrust_Create ( nssPKIObject *object, NSSItem *certData ) { PRStatus status; PRUint32 i; PRUint32 lastTrustOrder, myTrustOrder; unsigned char sha1_hashcmp[SHA1_LENGTH]; unsigned char sha1_hashin[SHA1_LENGTH]; NSSItem sha1_hash; NSSTrust *rvt; nssCryptokiObject *instance; nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection; SECStatus rv; /* Should be stan flavor */ PRBool stepUp; lastTrustOrder = 1<<16; /* just make it big */ PR_ASSERT(object->instances != NULL && object->numInstances > 0); rvt = nss_ZNEW(object->arena, NSSTrust); if (!rvt) { return (NSSTrust *)NULL; } rvt->object = *object; /* should be stan flavor of Hashbuf */ rv = PK11_HashBuf(SEC_OID_SHA1,sha1_hashcmp,certData->data,certData->size); if (rv != SECSuccess) { return (NSSTrust *)NULL; } sha1_hash.data = sha1_hashin; sha1_hash.size = sizeof (sha1_hashin); /* trust has to peek into the base object members */ nssPKIObject_Lock(object); for (i=0; i<object->numInstances; i++) { instance = object->instances[i]; myTrustOrder = nssToken_GetTrustOrder(instance->token); status = nssCryptokiTrust_GetAttributes(instance, NULL, &sha1_hash, &serverAuth, &clientAuth, &codeSigning, &emailProtection, &stepUp); if (status != PR_SUCCESS) { nssPKIObject_Unlock(object); return (NSSTrust *)NULL; } if (PORT_Memcmp(sha1_hashin,sha1_hashcmp,SHA1_LENGTH) != 0) { nssPKIObject_Unlock(object); return (NSSTrust *)NULL; } if (rvt->serverAuth == nssTrustLevel_Unknown || myTrustOrder < lastTrustOrder) { rvt->serverAuth = serverAuth; } if (rvt->clientAuth == nssTrustLevel_Unknown || myTrustOrder < lastTrustOrder) { rvt->clientAuth = clientAuth; } if (rvt->emailProtection == nssTrustLevel_Unknown || myTrustOrder < lastTrustOrder) { rvt->emailProtection = emailProtection; } if (rvt->codeSigning == nssTrustLevel_Unknown || myTrustOrder < lastTrustOrder) { rvt->codeSigning = codeSigning; } rvt->stepUpApproved = stepUp; lastTrustOrder = myTrustOrder; } nssPKIObject_Unlock(object); return rvt; }
SECStatus PRNGTEST_RunHealthTests() { static const PRUint8 entropy[] = { 0x8e,0x9c,0x0d,0x25,0x75,0x22,0x04,0xf9, 0xc5,0x79,0x10,0x8b,0x23,0x79,0x37,0x14, 0x9f,0x2c,0xc7,0x0b,0x39,0xf8,0xee,0xef, 0x95,0x0c,0x97,0x59,0xfc,0x0a,0x85,0x41, 0x76,0x9d,0x6d,0x67,0x00,0x4e,0x19,0x12, 0x02,0x16,0x53,0xea,0xf2,0x73,0xd7,0xd6, 0x7f,0x7e,0xc8,0xae,0x9c,0x09,0x99,0x7d, 0xbb,0x9e,0x48,0x7f,0xbb,0x96,0x46,0xb3, 0x03,0x75,0xf8,0xc8,0x69,0x45,0x3f,0x97, 0x5e,0x2e,0x48,0xe1,0x5d,0x58,0x97,0x4c }; static const PRUint8 rng_known_result[] = { 0x16,0xe1,0x8c,0x57,0x21,0xd8,0xf1,0x7e, 0x5a,0xa0,0x16,0x0b,0x7e,0xa6,0x25,0xb4, 0x24,0x19,0xdb,0x54,0xfa,0x35,0x13,0x66, 0xbb,0xaa,0x2a,0x1b,0x22,0x33,0x2e,0x4a, 0x14,0x07,0x9d,0x52,0xfc,0x73,0x61,0x48, 0xac,0xc1,0x22,0xfc,0xa4,0xfc,0xac,0xa4, 0xdb,0xda,0x5b,0x27,0x33,0xc4,0xb3 }; static const PRUint8 reseed_entropy[] = { 0xc6,0x0b,0x0a,0x30,0x67,0x07,0xf4,0xe2, 0x24,0xa7,0x51,0x6f,0x5f,0x85,0x3e,0x5d, 0x67,0x97,0xb8,0x3b,0x30,0x9c,0x7a,0xb1, 0x52,0xc6,0x1b,0xc9,0x46,0xa8,0x62,0x79 }; static const PRUint8 additional_input[] = { 0x86,0x82,0x28,0x98,0xe7,0xcb,0x01,0x14, 0xae,0x87,0x4b,0x1d,0x99,0x1b,0xc7,0x41, 0x33,0xff,0x33,0x66,0x40,0x95,0x54,0xc6, 0x67,0x4d,0x40,0x2a,0x1f,0xf9,0xeb,0x65 }; static const PRUint8 rng_reseed_result[] = { 0x02,0x0c,0xc6,0x17,0x86,0x49,0xba,0xc4, 0x7b,0x71,0x35,0x05,0xf0,0xdb,0x4a,0xc2, 0x2c,0x38,0xc1,0xa4,0x42,0xe5,0x46,0x4a, 0x7d,0xf0,0xbe,0x47,0x88,0xb8,0x0e,0xc6, 0x25,0x2b,0x1d,0x13,0xef,0xa6,0x87,0x96, 0xa3,0x7d,0x5b,0x80,0xc2,0x38,0x76,0x61, 0xc7,0x80,0x5d,0x0f,0x05,0x76,0x85 }; static const PRUint8 rng_no_reseed_result[] = { 0xc4,0x40,0x41,0x8c,0xbf,0x2f,0x70,0x23, 0x88,0xf2,0x7b,0x30,0xc3,0xca,0x1e,0xf3, 0xef,0x53,0x81,0x5d,0x30,0xed,0x4c,0xf1, 0xff,0x89,0xa5,0xee,0x92,0xf8,0xc0,0x0f, 0x88,0x53,0xdf,0xb6,0x76,0xf0,0xaa,0xd3, 0x2e,0x1d,0x64,0x37,0x3e,0xe8,0x4a,0x02, 0xff,0x0a,0x7f,0xe5,0xe9,0x2b,0x6d }; SECStatus rng_status = SECSuccess; PR_STATIC_ASSERT(sizeof(rng_known_result) >= sizeof(rng_reseed_result)); PRUint8 result[sizeof(rng_known_result)]; /********************************************/ /* First test instantiate error path. */ /* In this case we supply enough entropy, */ /* but not enough seed. This will trigger */ /* the code that checks for a entropy */ /* source failure. */ /********************************************/ rng_status = PRNGTEST_Instantiate(entropy, 256/PR_BITS_PER_BYTE, NULL, 0, NULL, 0); if (rng_status == SECSuccess) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } /* we failed with the proper error code, we can continue */ /********************************************/ /* Generate random bytes with a known seed. */ /********************************************/ rng_status = PRNGTEST_Instantiate(entropy, sizeof entropy, NULL, 0, NULL, 0); if (rng_status != SECSuccess) { /* Error set by PRNGTEST_Instantiate */ return SECFailure; } rng_status = PRNGTEST_Generate(result, sizeof rng_known_result, NULL, 0); if ( ( rng_status != SECSuccess) || ( PORT_Memcmp( result, rng_known_result, sizeof rng_known_result ) != 0 ) ) { PRNGTEST_Uninstantiate(); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } rng_status = PRNGTEST_Reseed(reseed_entropy, sizeof reseed_entropy, additional_input, sizeof additional_input); if (rng_status != SECSuccess) { /* Error set by PRNG_Reseed */ PRNGTEST_Uninstantiate(); return SECFailure; } rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0); if ( ( rng_status != SECSuccess) || ( PORT_Memcmp( result, rng_reseed_result, sizeof rng_reseed_result ) != 0 ) ) { PRNGTEST_Uninstantiate(); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } /* This magic forces the reseed count to it's max count, so we can see if * PRNGTEST_Generate will actually when it reaches it's count */ rng_status = PRNGTEST_Reseed(NULL, 0, NULL, 0); if (rng_status != SECSuccess) { PRNGTEST_Uninstantiate(); /* Error set by PRNG_Reseed */ return SECFailure; } /* This generate should now reseed */ rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0); if ( ( rng_status != SECSuccess) || /* NOTE we fail if the result is equal to the no_reseed_result. * no_reseed_result is the value we would have gotten if we didn't * do an automatic reseed in PRNGTEST_Generate */ ( PORT_Memcmp( result, rng_no_reseed_result, sizeof rng_no_reseed_result ) == 0 ) ) { PRNGTEST_Uninstantiate(); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } /* make sure reseed fails when we don't supply enough entropy */ rng_status = PRNGTEST_Reseed(reseed_entropy, 4, NULL, 0); if (rng_status == SECSuccess) { PRNGTEST_Uninstantiate(); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) { PRNGTEST_Uninstantiate(); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } rng_status = PRNGTEST_Uninstantiate(); if (rng_status != SECSuccess) { /* Error set by PRNG_Uninstantiate */ return rng_status; } /* make sure uninstantiate fails if the contest is not initiated (also tests * if the context was cleared in the previous Uninstantiate) */ rng_status = PRNGTEST_Uninstantiate(); if (rng_status == SECSuccess) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } if (PORT_GetError() != SEC_ERROR_LIBRARY_FAILURE) { return rng_status; } return SECSuccess; }
NSS_IMPLEMENT NSSTrust * nssTrust_Create ( nssPKIObject *object, NSSItem *certData ) { PRStatus status; PRUint32 i; PRUint32 lastTrustOrder, myTrustOrder; unsigned char sha1_hashcmp[SHA1_LENGTH]; unsigned char sha1_hashin[SHA1_LENGTH]; NSSItem sha1_hash; NSSTrust *rvt; nssCryptokiObject *instance; nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection; SECStatus rv; /* Should be stan flavor */ PRBool stepUp; lastTrustOrder = 1<<16; /* just make it big */ PR_ASSERT(object->instances != NULL && object->numInstances > 0); rvt = nss_ZNEW(object->arena, NSSTrust); if (!rvt) { return (NSSTrust *)NULL; } rvt->object = *object; /* should be stan flavor of Hashbuf */ rv = PK11_HashBuf(SEC_OID_SHA1,sha1_hashcmp,certData->data,certData->size); if (rv != SECSuccess) { return (NSSTrust *)NULL; } sha1_hash.data = sha1_hashin; sha1_hash.size = sizeof (sha1_hashin); /* trust has to peek into the base object members */ nssPKIObject_Lock(object); for (i=0; i<object->numInstances; i++) { instance = object->instances[i]; myTrustOrder = nssToken_GetTrustOrder(instance->token); status = nssCryptokiTrust_GetAttributes(instance, NULL, &sha1_hash, &serverAuth, &clientAuth, &codeSigning, &emailProtection, &stepUp); if (status != PR_SUCCESS) { nssPKIObject_Unlock(object); return (NSSTrust *)NULL; } /* if no hash is specified, then trust applies to all certs with * this issuer/SN. NOTE: This is only true for entries that * have distrust and unknown record */ if (!( /* we continue if there is no hash, and the trust type is * safe to accept without a hash ... or ... */ ((sha1_hash.size == 0) && nssTrust_IsSafeToIgnoreCertHash(serverAuth,clientAuth, codeSigning, emailProtection,stepUp)) || /* we have a hash of the correct size, and it matches */ ((sha1_hash.size == SHA1_LENGTH) && (PORT_Memcmp(sha1_hashin, sha1_hashcmp,SHA1_LENGTH) == 0)) )) { nssPKIObject_Unlock(object); return (NSSTrust *)NULL; } if (rvt->serverAuth == nssTrustLevel_Unknown || myTrustOrder < lastTrustOrder) { rvt->serverAuth = serverAuth; } if (rvt->clientAuth == nssTrustLevel_Unknown || myTrustOrder < lastTrustOrder) { rvt->clientAuth = clientAuth; } if (rvt->emailProtection == nssTrustLevel_Unknown || myTrustOrder < lastTrustOrder) { rvt->emailProtection = emailProtection; } if (rvt->codeSigning == nssTrustLevel_Unknown || myTrustOrder < lastTrustOrder) { rvt->codeSigning = codeSigning; } rvt->stepUpApproved = stepUp; lastTrustOrder = myTrustOrder; } nssPKIObject_Unlock(object); return rvt; }
/* * Test the softoken RSA_HashSign and RSH_HashCheckSign. */ static SECStatus sftk_fips_RSA_PowerUpSigSelfTest(HASH_HashType shaAlg, NSSLOWKEYPublicKey *rsa_public_key, NSSLOWKEYPrivateKey *rsa_private_key, const unsigned char *rsa_known_msg, const unsigned int rsa_kmsg_length, const unsigned char *rsa_known_signature) { SECOidTag shaOid; /* SHA OID */ unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ unsigned int shaLength = 0; /* length of SHA */ unsigned int rsa_bytes_signed; unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH]; SECStatus rv; if (shaAlg == HASH_AlgSHA1) { if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { goto loser; } shaLength = SHA1_LENGTH; shaOid = SEC_OID_SHA1; } else if (shaAlg == HASH_AlgSHA256) { if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { goto loser; } shaLength = SHA256_LENGTH; shaOid = SEC_OID_SHA256; } else if (shaAlg == HASH_AlgSHA384) { if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { goto loser; } shaLength = SHA384_LENGTH; shaOid = SEC_OID_SHA384; } else if (shaAlg == HASH_AlgSHA512) { if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { goto loser; } shaLength = SHA512_LENGTH; shaOid = SEC_OID_SHA512; } else { goto loser; } /*************************************************/ /* RSA Single-Round Known Answer Signature Test. */ /*************************************************/ /* Perform RSA signature with the RSA private key. */ rv = RSA_HashSign(shaOid, rsa_private_key, rsa_computed_signature, &rsa_bytes_signed, FIPS_RSA_SIGNATURE_LENGTH, sha, shaLength); if ((rv != SECSuccess) || (rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH) || (PORT_Memcmp(rsa_computed_signature, rsa_known_signature, FIPS_RSA_SIGNATURE_LENGTH) != 0)) { goto loser; } /****************************************************/ /* RSA Single-Round Known Answer Verification Test. */ /****************************************************/ /* Perform RSA verification with the RSA public key. */ rv = RSA_HashCheckSign(shaOid, rsa_public_key, rsa_computed_signature, rsa_bytes_signed, sha, shaLength); if (rv != SECSuccess) { goto loser; } return (SECSuccess); loser: return (SECFailure); }