Project server7/nss-softokn - Diff 1a57173733...e0b0f58bd0

... ... --- a/.abf.yml
... ... +++ b/.abf.yml
... ... @@ -1,2 +1,2 @@
1 1
sources:
2
  nss-softokn-3.16.2.3.tar.gz: 93048a6f84e161d641f77498ac27ca93d63dd584
2
  nss-softokn-3.28.3.tar.gz: ead8285aeb4547630b376e29f9597a05482f3c6f
view file @ 1a57173733
... ... --- a/CheckForPeqQ-or-PnoteqQ-before-adding-P-and-Q.patch
... ... +++ /dev/null
... ... @@ -1,64 +0,0 @@
0
# HG changeset patch
1
# User Wan-Teh Chang <wtc@google.com>
2
# Date 1430759760 25200
3
# Node ID 2c05e861ce070a1c29083b00f987cc930974909d
4
# Parent  ca159a08d006b28aff5b66545f9782a4a0e53349
5
Bug 1125025: Check for P == Q or P == -Q before adding P and Q.
6
Check for P == -P before doubling P. r=rrelyea.
7
8
diff --git a/lib/freebl/ecl/ecp_jac.c b/lib/freebl/ecl/ecp_jac.c
9
--- a/lib/freebl/ecl/ecp_jac.c
10
+++ b/lib/freebl/ecl/ecp_jac.c
11
@@ -139,16 +139,30 @@ ec_GFp_pt_add_jac_aff(const mp_int *px, 
12
 	MP_CHECKOK(group->meth->field_mul(&A, pz, &B, group->meth));
13
 	MP_CHECKOK(group->meth->field_mul(&A, qx, &A, group->meth));
14
 	MP_CHECKOK(group->meth->field_mul(&B, qy, &B, group->meth));
15
 
16
 	/* C = A - px, D = B - py */
17
 	MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth));
18
 	MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth));
19
 
20
+	if (mp_cmp_z(&C) == 0) {
21
+		/* P == Q or P == -Q */
22
+		if (mp_cmp_z(&D) == 0) {
23
+			/* P == Q */
24
+			/* It is cheaper to double (qx, qy, 1) than (px, py, pz). */
25
+			MP_DIGIT(&D, 0) = 1; /* Set D to 1. */
26
+			MP_CHECKOK(ec_GFp_pt_dbl_jac(qx, qy, &D, rx, ry, rz, group));
27
+		} else {
28
+			/* P == -Q */
29
+			MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
30
+		}
31
+		goto CLEANUP;
32
+	}
33
+
34
 	/* C2 = C^2, C3 = C^3 */
35
 	MP_CHECKOK(group->meth->field_sqr(&C, &C2, group->meth));
36
 	MP_CHECKOK(group->meth->field_mul(&C, &C2, &C3, group->meth));
37
 
38
 	/* rz = pz * C */
39
 	MP_CHECKOK(group->meth->field_mul(pz, &C, rz, group->meth));
40
 
41
 	/* C = px * C^2 */
42
@@ -200,17 +214,18 @@ ec_GFp_pt_dbl_jac(const mp_int *px, cons
43
 	MP_DIGITS(&t1) = 0;
44
 	MP_DIGITS(&M) = 0;
45
 	MP_DIGITS(&S) = 0;
46
 	MP_CHECKOK(mp_init(&t0));
47
 	MP_CHECKOK(mp_init(&t1));
48
 	MP_CHECKOK(mp_init(&M));
49
 	MP_CHECKOK(mp_init(&S));
50
 
51
-	if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
52
+	/* P == inf or P == -P */
53
+	if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES || mp_cmp_z(py) == 0) {
54
 		MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
55
 		goto CLEANUP;
56
 	}
57
 
58
 	if (mp_cmp_d(pz, 1) == 0) {
59
 		/* M = 3 * px^2 + a */
60
 		MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
61
 		MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth));
62
63
view file @ 1a57173733
... ... --- a/additional-covscan-fixes.patch
... ... +++ /dev/null
... ... @@ -1,73 +0,0 @@
0
diff -up ./nss/lib/freebl/cts.c.1154764extras ./nss/lib/freebl/cts.c
1
--- ./nss/lib/freebl/cts.c.1154764extras	2015-01-12 13:53:36.393855248 -0800
2
+++ ./nss/lib/freebl/cts.c	2015-01-12 13:53:36.548856551 -0800
3
@@ -97,7 +97,7 @@ CTS_EncryptUpdate(CTSContext *cts, unsig
4
     unsigned int tmp;
5
     int fullblocks;
6
     int written;
7
-    char *saveout = outbuf;
8
+    char *saveout = (char *) outbuf;
9
     SECStatus rv;
10
 
11
     if (inlen < blocksize) {
12
@@ -187,7 +187,7 @@ CTS_DecryptUpdate(CTSContext *cts, unsig
13
     unsigned char Cn[MAX_BLOCK_SIZE];   /* block Cn   */
14
     unsigned char lastBlock[MAX_BLOCK_SIZE];
15
     const unsigned char *tmp;
16
-    char *saveout = outbuf;
17
+    char *saveout = (char *) outbuf;
18
     unsigned int tmpLen;
19
     int fullblocks, pad;
20
     unsigned int i;
21
diff -up ./nss/lib/freebl/ldvector.c.1154764extras ./nss/lib/freebl/ldvector.c
22
--- ./nss/lib/freebl/ldvector.c.1154764extras	2015-01-12 13:53:36.541856492 -0800
23
+++ ./nss/lib/freebl/ldvector.c	2015-01-12 13:53:36.549856559 -0800
24
@@ -339,8 +339,6 @@ static const struct NSSLOWVectorStr nssv
25
 const NSSLOWVector *
26
 NSSLOW_GetVector(void)
27
 {
28
-    SECStatus rv;
29
-
30
     /* POST check and  stub init happens in FREEBL_GetVector() and 
31
      * NSSLOW_Init() respectively */
32
     return &nssvector;
33
diff -up ./nss/lib/freebl/lowhash_vector.c.1154764extras ./nss/lib/freebl/lowhash_vector.c
34
--- ./nss/lib/freebl/lowhash_vector.c.1154764extras	2015-01-12 13:53:36.542856500 -0800
35
+++ ./nss/lib/freebl/lowhash_vector.c	2015-01-12 13:53:36.549856559 -0800
36
@@ -107,8 +107,6 @@ static PRCallOnceType loadFreeBLOnce;
37
 static PRStatus
38
 freebl_RunLoaderOnce( void )
39
 {
40
-  PRStatus status;
41
-
42
   /* Don't have NSPR, so can use the real PR_CallOnce, implement a stripped
43
    * down version. */
44
   if (loadFreeBLOnce.initialized) {
45
diff -up ./nss/lib/freebl/rsa.c.1154764extras ./nss/lib/freebl/rsa.c
46
--- ./nss/lib/freebl/rsa.c.1154764extras	2015-01-12 13:53:36.479855971 -0800
47
+++ ./nss/lib/freebl/rsa.c	2015-01-12 13:53:36.549856559 -0800
48
@@ -343,11 +343,10 @@ RSA_NewKey(int keySizeInBits, SECItem *p
49
 	    if (rsa_fips186_verify(&p, &q, &d, keySizeInBits) ){
50
 		break;
51
 	    }
52
-	    prerr = PORT_GetError();
53
-	} else {
54
 	    prerr = SEC_ERROR_NEED_RANDOM; /* retry with different values */
55
+	} else {
56
+	    prerr = PORT_GetError();
57
 	}
58
-	prerr = PORT_GetError();
59
 	kiter++;
60
 	/* loop until have primes */
61
     } while (prerr == SEC_ERROR_NEED_RANDOM && kiter < max_attempts);
62
diff -up ./nss/lib/softoken/legacydb/lgfips.c.1154764extras ./nss/lib/softoken/legacydb/lgfips.c
63
--- ./nss/lib/softoken/legacydb/lgfips.c.1154764extras	2015-01-12 13:53:36.386855189 -0800
64
+++ ./nss/lib/softoken/legacydb/lgfips.c	2015-01-12 13:53:36.550856568 -0800
65
@@ -81,7 +81,6 @@ static void
66
 lg_startup_tests(void)
67
 {
68
     PRBool fipsInstalled;
69
-    SECStatus rv;
70
     const char *libraryName = LG_LIB_NAME;
71
 
72
     PORT_Assert(!sftk_self_tests_ran);
view file @ 1a57173733
... ... --- a/build-nss-softoken-only.patch
... ... +++ /dev/null
... ... @@ -1,39 +0,0 @@
0
diff -up nss/lib/Makefile.softokenonly nss/lib/Makefile
1
--- nss/lib/Makefile.softokenonly	2013-05-29 18:22:03.635077455 -0700
2
+++ nss/lib/Makefile	2013-05-29 18:24:15.721185676 -0700
3
@@ -68,8 +68,13 @@ UTIL_SRCDIR =
4
 FREEBL_SRCDIR =
5
 SOFTOKEN_SRCDIR =
6
 else
7
+ifeq ($(NSS_BUILD_SOFTOKEN_ONLY),1)
8
+UTIL_SRCDIR =
9
+FREEBL_SRCDIR = freebl
10
+SOFTOKEN_SRCDIR = softoken
11
 # default is to include all
12
 UTIL_SRCDIR = util
13
 FREEBL_SRCDIR = freebl
14
 SOFTOKEN_SRCDIR = softoken
15
 endif
16
+endif
17
diff -up nss/lib/manifest.mn.softokenonly nss/lib/manifest.mn
18
--- nss/lib/manifest.mn.softokenonly	2013-05-29 18:25:22.309716087 -0700
19
+++ nss/lib/manifest.mn	2013-05-29 18:26:24.601206689 -0700
20
@@ -17,18 +17,9 @@ DEPTH      = ..
21
 #  ckfw (builtins module)
22
 #  crmf jar (not dll's)
23
 DIRS = \
24
-	$(UTIL_SRCDIR) \
25
 	$(FREEBL_SRCDIR) \
26
 	$(SQLITE_SRCDIR) \
27
-	$(DBM_SRCDIR) \
28
 	$(SOFTOKEN_SRCDIR) \
29
-	base dev pki \
30
-	libpkix \
31
-	certdb certhigh pk11wrap cryptohi nss \
32
-	$(ZLIB_SRCDIR) ssl \
33
-	pkcs12 pkcs7 smime \
34
-	crmf jar \
35
-	ckfw $(SYSINIT_SRCDIR) \
36
 	$(NULL)
37
 
38
 #  fortcrypt  is no longer built
view file @ 1a57173733
... ... --- a/limit-create-fipscheck.patch
... ... +++ /dev/null
... ... @@ -1,41 +0,0 @@
0
diff -U10 ./nss/lib/softoken/fipstokn.c.limit-create-fipscheck ./nss/lib/softoken/fipstokn.c
1
--- ./nss/lib/softoken/fipstokn.c.limit-create-fipscheck	2014-12-19 13:18:57.374673644 +0100
2
+++ ./nss/lib/softoken/fipstokn.c	2014-12-19 13:40:13.817982735 +0100
3
@@ -742,27 +742,36 @@
4
     }
5
     return rv;
6
 }
7
 
8
 
9
 /* FC_CreateObject creates a new object. */
10
  CK_RV FC_CreateObject(CK_SESSION_HANDLE hSession,
11
 		CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 
12
 					CK_OBJECT_HANDLE_PTR phObject) {
13
     CK_OBJECT_CLASS * classptr;
14
+    CK_RV rv = CKR_OK;
15
 
16
-    SFTK_FIPSCHECK();
17
     CHECK_FORK();
18
 
19
     classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS);
20
     if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE;
21
 
22
+    if (*classptr == CKO_NETSCAPE_NEWSLOT || *classptr == CKO_NETSCAPE_DELSLOT) {
23
+        if (sftk_fatalError)
24
+            return CKR_DEVICE_ERROR;
25
+    } else {
26
+        rv = sftk_fipsCheck();
27
+        if (rv != CKR_OK)
28
+            return rv;
29
+    }
30
+
31
     /* FIPS can't create keys from raw key material */
32
     if (SFTK_IS_NONPUBLIC_KEY_OBJECT(*classptr)) {
33
 	rv = CKR_ATTRIBUTE_VALUE_INVALID;
34
     } else {
35
 	rv = NSC_CreateObject(hSession,pTemplate,ulCount,phObject);
36
     }
37
     if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(*classptr)) {
38
 	sftk_AuditCreateObject(hSession,pTemplate,ulCount,phObject,rv);
39
     }
40
     return rv;
view file @ 1a57173733
... ... --- a/nss-softokn-3.16-addG.patch
... ... +++ /dev/null
... ... @@ -1,194 +0,0 @@
0
diff -up ./nss/lib/freebl/pqg.c.addG ./nss/lib/freebl/pqg.c
1
--- ./nss/lib/freebl/pqg.c.addG	2014-09-22 14:29:55.360361453 -0700
2
+++ ./nss/lib/freebl/pqg.c	2014-09-22 14:29:55.386361892 -0700
3
@@ -1259,6 +1259,42 @@ pqg_ParamGen(unsigned int L, unsigned in
4
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
5
 	return SECFailure;
6
     }
7
+
8
+    /* Initialize bignums */
9
+    MP_DIGITS(&P) = 0;
10
+    MP_DIGITS(&Q) = 0;
11
+    MP_DIGITS(&G) = 0;
12
+    MP_DIGITS(&H) = 0;
13
+    MP_DIGITS(&l) = 0;
14
+    MP_DIGITS(&p0) = 0;
15
+    CHECK_MPI_OK( mp_init(&P) );
16
+    CHECK_MPI_OK( mp_init(&Q) );
17
+    CHECK_MPI_OK( mp_init(&G) );
18
+    CHECK_MPI_OK( mp_init(&H) );
19
+    CHECK_MPI_OK( mp_init(&l) );
20
+    CHECK_MPI_OK( mp_init(&p0) );
21
+
22
+    /* parameters have been passed in, only generate G */
23
+    if (*pParams != NULL) {
24
+	/* we only support G index generation if generating separate from PQ */
25
+	if ((*pVfy != NULL) || (type == FIPS186_1_TYPE) || 
26
+	    ((*pVfy)->h.len != 1) || ((*pVfy)->h.data == NULL) || 
27
+	    ((*pVfy)->seed.data == NULL) || ((*pVfy)->seed.len == 0)) {
28
+	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
29
+	    return SECFailure;
30
+	}
31
+	params = *pParams;
32
+	verify = *pVfy;
33
+
34
+	/* fill in P Q,  */
35
+	SECITEM_TO_MPINT((*pParams)->prime,    &P);
36
+	SECITEM_TO_MPINT((*pParams)->subPrime, &Q);
37
+    	hashtype = getFirstHash(L,N);
38
+	CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, &(*pVfy)->seed, 
39
+						(*pVfy)->h.data[0], &G) );
40
+	MPINT_TO_SECITEM(&G, &(*pParams)->base,     (*pParams)->arena);
41
+	goto cleanup;
42
+    }
43
     /* Initialize an arena for the params. */
44
     arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
45
     if (!arena) {
46
@@ -1517,8 +1553,12 @@ cleanup:
47
 	rv = SECFailure;
48
     }
49
     if (rv) {
50
-	PORT_FreeArena(params->arena, PR_TRUE);
51
-	PORT_FreeArena(verify->arena, PR_TRUE);
52
+	if (params) {
53
+	    PORT_FreeArena(params->arena, PR_TRUE);
54
+	}
55
+	if (verify) {
56
+	    PORT_FreeArena(verify->arena, PR_TRUE);
57
+	}
58
     }
59
     if (hit.data) {
60
         SECITEM_FreeItem(&hit, PR_FALSE);
61
diff -up ./nss/lib/softoken/pkcs11c.c.addG ./nss/lib/softoken/pkcs11c.c
62
--- ./nss/lib/softoken/pkcs11c.c.addG	2014-06-24 13:45:27.000000000 -0700
63
+++ ./nss/lib/softoken/pkcs11c.c	2014-09-22 14:31:07.813585255 -0700
64
@@ -1055,10 +1055,10 @@ finish_des:
65
 	context->destroy = (SFTKDestroy) AES_DestroyContext;
66
 	break;
67
 
68
-    case CKM_NETSCAPE_AES_KEY_WRAP_PAD:
69
+    case CKM_NSS_AES_KEY_WRAP_PAD:
70
     	context->doPad = PR_TRUE;
71
 	/* fall thru */
72
-    case CKM_NETSCAPE_AES_KEY_WRAP:
73
+    case CKM_NSS_AES_KEY_WRAP:
74
 	context->multi = PR_FALSE;
75
 	context->blockSize = 8;
76
 	if (key_type != CKK_AES) {
77
@@ -3497,10 +3497,17 @@ nsc_parameter_gen(CK_KEY_TYPE key_type,
78
 
79
     attribute = sftk_FindAttribute(key, CKA_PRIME_BITS);
80
     if (attribute == NULL) {
81
-	return CKR_TEMPLATE_INCOMPLETE;
82
+	attribute =sftk_FindAttribute(key, CKA_PRIME);
83
+	if (attribute == NULL) {
84
+	    return CKR_TEMPLATE_INCOMPLETE;
85
+	} else {
86
+	    primeBits = attribute->attrib.ulValueLen;
87
+	    sftk_FreeAttribute(attribute);
88
+	}
89
+    } else {
90
+	primeBits = (unsigned int) *(CK_ULONG *)attribute->attrib.pValue;
91
+	sftk_FreeAttribute(attribute);
92
     }
93
-    primeBits = (unsigned int) *(CK_ULONG *)attribute->attrib.pValue;
94
-    sftk_FreeAttribute(attribute);
95
     if (primeBits < 1024) {
96
 	j = PQG_PBITS_TO_INDEX(primeBits);
97
 	if (j == (unsigned int)-1) {
98
@@ -3508,7 +3515,7 @@ nsc_parameter_gen(CK_KEY_TYPE key_type,
99
 	}
100
     }
101
 
102
-    attribute = sftk_FindAttribute(key, CKA_NETSCAPE_PQG_SEED_BITS);
103
+    attribute = sftk_FindAttribute(key, CKA_NSS_PQG_SEED_BITS);
104
     if (attribute != NULL) {
105
 	seedBits = (unsigned int) *(CK_ULONG *)attribute->attrib.pValue;
106
 	sftk_FreeAttribute(attribute);
107
@@ -3520,9 +3527,61 @@ nsc_parameter_gen(CK_KEY_TYPE key_type,
108
 	sftk_FreeAttribute(attribute);
109
     }
110
 
111
+    /* if P and Q are supplied, we want to generate a new G */
112
+    attribute = sftk_FindAttribute(key, CKA_PRIME);
113
+    if (attribute != NULL) {
114
+	PLArenaPool *arena;
115
+
116
+	sftk_FreeAttribute(attribute);
117
+	arena = PORT_NewArena(1024);
118
+	if (arena == NULL) {
119
+	    crv = CKR_HOST_MEMORY;
120
+	    goto loser;
121
+	}
122
+	params = PORT_ArenaAlloc(arena, sizeof(*params));
123
+	if (params == NULL) {
124
+	    crv = CKR_HOST_MEMORY;
125
+	    goto loser;
126
+	}
127
+	params->arena = arena;
128
+	crv = sftk_Attribute2SSecItem(arena, &params->prime, key, CKA_PRIME);
129
+	if (rv != SECSuccess) {
130
+	    goto loser;
131
+	}
132
+	crv = sftk_Attribute2SSecItem(arena, &params->subPrime, 
133
+							key, CKA_SUBPRIME);
134
+	if (crv != SECSuccess) {
135
+	    goto loser;
136
+	}
137
+
138
+	arena = PORT_NewArena(1024);
139
+	if (arena == NULL) {
140
+	    crv = CKR_HOST_MEMORY;
141
+	    goto loser;
142
+	}
143
+	vfy = PORT_ArenaAlloc(arena, sizeof(*vfy));
144
+	if (vfy == NULL) {
145
+	    crv = CKR_HOST_MEMORY;
146
+	    goto loser;
147
+	}
148
+	vfy->arena = arena;
149
+	crv = sftk_Attribute2SSecItem(arena, &vfy->seed, key, CKA_NSS_PQG_SEED);
150
+	if (rv != SECSuccess) {
151
+	    goto loser;
152
+	}
153
+	crv = sftk_Attribute2SSecItem(arena, &vfy->h, key, CKA_NSS_PQG_H);
154
+	if (crv != SECSuccess) {
155
+	    goto loser;
156
+	}
157
+    	sftk_DeleteAttributeType(key,CKA_PRIME);
158
+    	sftk_DeleteAttributeType(key,CKA_SUBPRIME);
159
+    	sftk_DeleteAttributeType(key,CKA_NSS_PQG_SEED);
160
+    	sftk_DeleteAttributeType(key,CKA_NSS_PQG_H);
161
+    }
162
+
163
     sftk_DeleteAttributeType(key,CKA_PRIME_BITS);
164
     sftk_DeleteAttributeType(key,CKA_SUBPRIME_BITS);
165
-    sftk_DeleteAttributeType(key,CKA_NETSCAPE_PQG_SEED_BITS);
166
+    sftk_DeleteAttributeType(key,CKA_NSS_PQG_SEED_BITS);
167
 
168
     /* use the old PQG interface if we have old input data */
169
     if ((primeBits < 1024) || ((primeBits == 1024) && (subprimeBits == 0))) {
170
@@ -3559,17 +3618,19 @@ nsc_parameter_gen(CK_KEY_TYPE key_type,
171
 				 params->base.data, params->base.len);
172
     if (crv != CKR_OK) goto loser;
173
     counter = vfy->counter;
174
-    crv = sftk_AddAttributeType(key,CKA_NETSCAPE_PQG_COUNTER,
175
+    crv = sftk_AddAttributeType(key,CKA_NSS_PQG_COUNTER,
176
 				 &counter, sizeof(counter));
177
-    crv = sftk_AddAttributeType(key,CKA_NETSCAPE_PQG_SEED,
178
+    crv = sftk_AddAttributeType(key,CKA_NSS_PQG_SEED,
179
 				 vfy->seed.data, vfy->seed.len);
180
     if (crv != CKR_OK) goto loser;
181
-    crv = sftk_AddAttributeType(key,CKA_NETSCAPE_PQG_H,
182
+    crv = sftk_AddAttributeType(key,CKA_NSS_PQG_H,
183
 				 vfy->h.data, vfy->h.len);
184
     if (crv != CKR_OK) goto loser;
185
 
186
 loser:
187
-    PQG_DestroyParams(params);
188
+    if (params) {
189
+         PQG_DestroyParams(params);
190
+    }
191
 
192
     if (vfy) {
193
 	PQG_DestroyVerify(vfy);
view file @ e0b0f58bd0
... ... --- a/nss-softokn-3.16-add_encrypt_derive.patch
... ... +++ b/nss-softokn-3.16-add_encrypt_derive.patch
... ... @@ -1,45 +1,45 @@
1 1
diff -up ./nss/lib/softoken/pkcs11.c.add_encrypt_derive ./nss/lib/softoken/pkcs11.c
2
--- ./nss/lib/softoken/pkcs11.c.add_encrypt_derive	2014-06-24 13:45:27.000000000 -0700
3
+++ ./nss/lib/softoken/pkcs11.c	2014-10-31 17:24:58.021526521 -0700
4
@@ -442,11 +442,22 @@ static const struct mechanismList mechan
2
--- ./nss/lib/softoken/pkcs11.c.add_encrypt_derive	2017-02-17 14:20:06.000000000 +0100
3
+++ ./nss/lib/softoken/pkcs11.c	2017-05-26 14:10:26.633700334 +0200
4
@@ -423,11 +423,22 @@ static const struct mechanismList mechan
5 5
 #endif
6
      /* --------------------- Secret Key Operations ------------------------ */
7
      {CKM_GENERIC_SECRET_KEY_GEN,	{1, 32, CKF_GENERATE}, PR_TRUE}, 
8
-     {CKM_CONCATENATE_BASE_AND_KEY,	{1, 32, CKF_GENERATE}, PR_FALSE}, 
9
-     {CKM_CONCATENATE_BASE_AND_DATA,	{1, 32, CKF_GENERATE}, PR_FALSE}, 
10
-     {CKM_CONCATENATE_DATA_AND_BASE,	{1, 32, CKF_GENERATE}, PR_FALSE}, 
11
-     {CKM_XOR_BASE_AND_DATA,		{1, 32, CKF_GENERATE}, PR_FALSE}, 
12
+     {CKM_CONCATENATE_BASE_AND_KEY,	{1, 32, CKF_DERIVE},   PR_FALSE}, 
13
+     {CKM_CONCATENATE_BASE_AND_DATA,	{1, 32, CKF_DERIVE},   PR_FALSE}, 
14
+     {CKM_CONCATENATE_DATA_AND_BASE,	{1, 32, CKF_DERIVE},   PR_FALSE}, 
15
+     {CKM_XOR_BASE_AND_DATA,		{1, 32, CKF_DERIVE},   PR_FALSE}, 
16
      {CKM_EXTRACT_KEY_FROM_KEY,		{1, 32, CKF_DERIVE},   PR_FALSE}, 
17
+     {CKM_EXTRACT_KEY_FROM_KEY,		{1, 32, CKF_DERIVE},   PR_FALSE}, 
18
+     {CKM_DES_ECB_ENCRYPT_DATA,		{1, 32, CKF_DERIVE},   PR_FALSE}, 
19
+     {CKM_DES_CBC_ENCRYPT_DATA,		{1, 32, CKF_DERIVE},   PR_FALSE}, 
20
+     {CKM_DES3_ECB_ENCRYPT_DATA,	{1, 32, CKF_DERIVE},   PR_FALSE}, 
21
+     {CKM_DES3_CBC_ENCRYPT_DATA,	{1, 32, CKF_DERIVE},   PR_FALSE}, 
22
+     {CKM_AES_ECB_ENCRYPT_DATA,		{1, 32, CKF_DERIVE},   PR_FALSE}, 
23
+     {CKM_AES_CBC_ENCRYPT_DATA,		{1, 32, CKF_DERIVE},   PR_FALSE}, 
24
+     {CKM_CAMELLIA_ECB_ENCRYPT_DATA,	{1, 32, CKF_DERIVE},   PR_FALSE}, 
25
+     {CKM_CAMELLIA_CBC_ENCRYPT_DATA,	{1, 32, CKF_DERIVE},   PR_FALSE}, 
26
+     {CKM_SEED_ECB_ENCRYPT_DATA,	{1, 32, CKF_DERIVE},   PR_FALSE}, 
27
+     {CKM_SEED_CBC_ENCRYPT_DATA,	{1, 32, CKF_DERIVE},   PR_FALSE}, 
28
      /* ---------------------- SSL Key Derivations ------------------------- */
29
      {CKM_SSL3_PRE_MASTER_KEY_GEN,	{48, 48, CKF_GENERATE}, PR_FALSE}, 
30
      {CKM_SSL3_MASTER_KEY_DERIVE,	{48, 48, CKF_DERIVE},   PR_FALSE}, 
6
     /* --------------------- Secret Key Operations ------------------------ */
7
     { CKM_GENERIC_SECRET_KEY_GEN, { 1, 32, CKF_GENERATE }, PR_TRUE },
8
-    { CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_GENERATE }, PR_FALSE },
9
-    { CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
10
-    { CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_GENERATE }, PR_FALSE },
11
-    { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
12
+    { CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
13
+    { CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
14
+    { CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_DERIVE }, PR_FALSE },
15
+    { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
16
     { CKM_EXTRACT_KEY_FROM_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
17
+    { CKM_EXTRACT_KEY_FROM_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
18
+    { CKM_DES_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
19
+    { CKM_DES_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
20
+    { CKM_DES3_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
21
+    { CKM_DES3_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
22
+    { CKM_AES_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
23
+    { CKM_AES_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
24
+    { CKM_CAMELLIA_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
25
+    { CKM_CAMELLIA_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
26
+    { CKM_SEED_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
27
+    { CKM_SEED_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
28
     /* ---------------------- SSL Key Derivations ------------------------- */
29
     { CKM_SSL3_PRE_MASTER_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_FALSE },
30
     { CKM_SSL3_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
31 31
diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs11c.c
32
--- ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive	2014-10-31 17:24:58.007526287 -0700
33
+++ ./nss/lib/softoken/pkcs11c.c	2014-10-31 17:33:59.457507480 -0700
34
@@ -5840,6 +5840,44 @@ static CK_RV sftk_ANSI_X9_63_kdf(CK_BYTE
32
--- ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive	2017-02-17 14:20:06.000000000 +0100
33
+++ ./nss/lib/softoken/pkcs11c.c	2017-05-26 14:09:34.990901108 +0200
34
@@ -6213,6 +6213,44 @@ sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_UL
35 35
 #endif /* NSS_DISABLE_ECC */
36 36
 
37 37
 /*
38 38
+ *  Handle The derive from a block encryption cipher
39 39
+ */
40 40
+CK_RV
41
+sftk_DeriveEncrypt(SFTKObject *key, CK_ULONG keySize, void *cipherInfo, 
42
+	int blockSize, unsigned char *data, CK_ULONG len, SFTKCipher encrypt)
41
+sftk_DeriveEncrypt(SFTKObject *key, CK_ULONG keySize, void *cipherInfo,
42
+                   int blockSize, unsigned char *data, CK_ULONG len, SFTKCipher encrypt)
43 43
+{
44 44
+    unsigned char *tmpdata = NULL;
45 45
+    SECStatus rv;
... ... @@ -47,28 +47,28 @@ diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs
47 47
+    CK_RV crv;
48 48
+
49 49
+    if ((len % blockSize) != 0) {
50
+	return CKR_MECHANISM_PARAM_INVALID;
50
+        return CKR_MECHANISM_PARAM_INVALID;
51 51
+    }
52 52
+    if (keySize && (len < keySize)) {
53
+	return CKR_MECHANISM_PARAM_INVALID;
53
+        return CKR_MECHANISM_PARAM_INVALID;
54 54
+    }
55 55
+    if (keySize == 0) {
56
+	keySize = len;
56
+        keySize = len;
57 57
+    }
58 58
+
59 59
+    tmpdata = PORT_Alloc(len);
60 60
+    if (tmpdata == NULL) {
61
+	return CKR_HOST_MEMORY;
61
+        return CKR_HOST_MEMORY;
62 62
+    }
63 63
+    rv = (*encrypt)(cipherInfo, tmpdata, &outLen, len, data, len);
64 64
+    if (rv != SECSuccess) {
65
+	crv = sftk_MapCryptError(PORT_GetError());
66
+	PORT_ZFree(tmpdata, len);
67
+	return crv;
65
+        crv = sftk_MapCryptError(PORT_GetError());
66
+        PORT_ZFree(tmpdata, len);
67
+        return crv;
68 68
+    }
69 69
+
70
+    crv = sftk_forceAttribute (key,CKA_VALUE,tmpdata,keySize);
71
+    PORT_ZFree(tmpdata,len);
70
+    crv = sftk_forceAttribute(key, CKA_VALUE, tmpdata, keySize);
71
+    PORT_ZFree(tmpdata, len);
72 72
+    return crv;
73 73
+}
74 74
+
... ... @@ -76,158 +76,190 @@ diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs
76 76
  * SSL Key generation given pre master secret
77 77
  */
78 78
 #define NUM_MIXERS 9
79
@@ -5883,6 +5921,9 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h
80
     CK_KEY_TYPE     keyType	= CKK_GENERIC_SECRET;
81
     CK_OBJECT_CLASS classType	= CKO_SECRET_KEY;
79
@@ -6257,6 +6295,9 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
80
     CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
81
     CK_OBJECT_CLASS classType = CKO_SECRET_KEY;
82 82
     CK_KEY_DERIVATION_STRING_DATA *stringPtr;
83 83
+    CK_AES_CBC_ENCRYPT_DATA_PARAMS *aesEncryptPtr;
84 84
+    CK_DES_CBC_ENCRYPT_DATA_PARAMS *desEncryptPtr;
85 85
+    void *cipherInfo;
86
     PRBool          isTLS = PR_FALSE;
87
     PRBool          isSHA256 = PR_FALSE;
88
     PRBool          isDH = PR_FALSE;
89
@@ -5892,6 +5933,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE h
90
     unsigned char   sha_out[SHA1_LENGTH];
91
     unsigned char   key_block[NUM_MIXERS * MD5_LENGTH];
92
     unsigned char   key_block2[MD5_LENGTH];
93
+    unsigned char   des3key[24];
94
     PRBool          isFIPS;		
95
     HASH_HashType   hashType;
96
     PRBool          extractValue = PR_TRUE;
97
@@ -6544,6 +6586,136 @@ key_and_mac_derive_fail:
98
 	break;
99
       }
86
     CK_MECHANISM_TYPE mechanism = pMechanism->mechanism;
87
     PRBool isTLS = PR_FALSE;
88
     PRBool isDH = PR_FALSE;
89
@@ -6266,6 +6307,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
90
     unsigned int outLen;
91
     unsigned char sha_out[SHA1_LENGTH];
92
     unsigned char key_block[NUM_MIXERS * SFTK_MAX_MAC_LENGTH];
93
+    unsigned char des3key[24];
94
     PRBool isFIPS;
95
     HASH_HashType hashType;
96
     PRBool extractValue = PR_TRUE;
97
@@ -6935,6 +6977,168 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
98
             break;
99
         }
100 100
 
101
+    case CKM_DES_ECB_ENCRYPT_DATA:
102
+	stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter;
103
+	cipherInfo =  DES_CreateContext( (unsigned char*)att->attrib.pValue,
104
+                NULL, NSS_DES, PR_TRUE);
105
+	if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
106
+	crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, 
107
+		stringPtr->pData, stringPtr->ulLen, (SFTKCipher) DES_Encrypt);
108
+	DES_DestroyContext(cipherInfo, PR_TRUE);
109
+	break;
101
+        case CKM_DES_ECB_ENCRYPT_DATA:
102
+            stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
103
+            cipherInfo = DES_CreateContext((unsigned char *)att->attrib.pValue,
104
+                                           NULL, NSS_DES, PR_TRUE);
105
+            if (cipherInfo == NULL) {
106
+                crv = CKR_HOST_MEMORY;
107
+                break;
108
+            }
109
+            crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8,
110
+                                     stringPtr->pData, stringPtr->ulLen, (SFTKCipher)DES_Encrypt);
111
+            DES_DestroyContext(cipherInfo, PR_TRUE);
112
+            break;
110 113
+
111
+    case CKM_DES_CBC_ENCRYPT_DATA:
112
+	desEncryptPtr = (CK_DES_CBC_ENCRYPT_DATA_PARAMS *)
113
+							pMechanism->pParameter;
114
+	cipherInfo =  DES_CreateContext( (unsigned char*)att->attrib.pValue,
115
+                desEncryptPtr->iv, NSS_DES_CBC, PR_TRUE);
116
+	if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
117
+	crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, 
118
+		desEncryptPtr->pData, desEncryptPtr->length, 
119
+		(SFTKCipher) DES_Encrypt);
120
+	DES_DestroyContext(cipherInfo, PR_TRUE);
121
+	break;
114
+        case CKM_DES_CBC_ENCRYPT_DATA:
115
+            desEncryptPtr = (CK_DES_CBC_ENCRYPT_DATA_PARAMS *)
116
+                                pMechanism->pParameter;
117
+            cipherInfo = DES_CreateContext((unsigned char *)att->attrib.pValue,
118
+                                           desEncryptPtr->iv, NSS_DES_CBC, PR_TRUE);
119
+            if (cipherInfo == NULL) {
120
+                crv = CKR_HOST_MEMORY;
121
+                break;
122
+            }
123
+            crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8,
124
+                                     desEncryptPtr->pData, desEncryptPtr->length,
125
+                                     (SFTKCipher)DES_Encrypt);
126
+            DES_DestroyContext(cipherInfo, PR_TRUE);
127
+            break;
122 128
+
123
+    case CKM_DES3_ECB_ENCRYPT_DATA:
124
+	stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter;
125
+	if (att->attrib.ulValueLen == 16) {
126
+	    PORT_Memcpy(des3key, att->attrib.pValue, 16);
127
+	    PORT_Memcpy(des3key + 16, des3key, 8);
128
+	} else if (att->attrib.ulValueLen == 24) {
129
+	    PORT_Memcpy(des3key, att->attrib.pValue, 24);
130
+	} else {
131
+	   crv = CKR_KEY_SIZE_RANGE; break;
132
+	}
133
+	cipherInfo =  DES_CreateContext( des3key, NULL, NSS_DES_EDE3, PR_TRUE);
134
+	PORT_Memset(des3key, 0, 24);
135
+	if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
136
+	crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, 
137
+		stringPtr->pData, stringPtr->ulLen, (SFTKCipher) DES_Encrypt);
138
+	DES_DestroyContext(cipherInfo, PR_TRUE);
139
+	break;
129
+        case CKM_DES3_ECB_ENCRYPT_DATA:
130
+            stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
131
+            if (att->attrib.ulValueLen == 16) {
132
+                PORT_Memcpy(des3key, att->attrib.pValue, 16);
133
+                PORT_Memcpy(des3key + 16, des3key, 8);
134
+            } else if (att->attrib.ulValueLen == 24) {
135
+                PORT_Memcpy(des3key, att->attrib.pValue, 24);
136
+            } else {
137
+                crv = CKR_KEY_SIZE_RANGE;
138
+                break;
139
+            }
140
+            cipherInfo = DES_CreateContext(des3key, NULL, NSS_DES_EDE3, PR_TRUE);
141
+            PORT_Memset(des3key, 0, 24);
142
+            if (cipherInfo == NULL) {
143
+                crv = CKR_HOST_MEMORY;
144
+                break;
145
+            }
146
+            crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8,
147
+                                     stringPtr->pData, stringPtr->ulLen, (SFTKCipher)DES_Encrypt);
148
+            DES_DestroyContext(cipherInfo, PR_TRUE);
149
+            break;
140 150
+
141
+    case CKM_DES3_CBC_ENCRYPT_DATA:
142
+	desEncryptPtr = (CK_DES_CBC_ENCRYPT_DATA_PARAMS *)
143
+							pMechanism->pParameter;
144
+	if (att->attrib.ulValueLen == 16) {
145
+	    PORT_Memcpy(des3key, att->attrib.pValue, 16);
146
+	    PORT_Memcpy(des3key + 16, des3key, 8);
147
+	} else if (att->attrib.ulValueLen == 24) {
148
+	    PORT_Memcpy(des3key, att->attrib.pValue, 24);
149
+	} else {
150
+	   crv = CKR_KEY_SIZE_RANGE; break;
151
+	}
152
+	cipherInfo =  DES_CreateContext( des3key, desEncryptPtr->iv, 
153
+				NSS_DES_EDE3_CBC, PR_TRUE);
154
+	PORT_Memset(des3key, 0, 24);
155
+	if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
156
+	crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8, 
157
+		desEncryptPtr->pData, desEncryptPtr->length, 
158
+		(SFTKCipher) DES_Encrypt);
159
+	DES_DestroyContext(cipherInfo, PR_TRUE);
160
+	break;
151
+        case CKM_DES3_CBC_ENCRYPT_DATA:
152
+            desEncryptPtr = (CK_DES_CBC_ENCRYPT_DATA_PARAMS *)
153
+                                pMechanism->pParameter;
154
+            if (att->attrib.ulValueLen == 16) {
155
+                PORT_Memcpy(des3key, att->attrib.pValue, 16);
156
+                PORT_Memcpy(des3key + 16, des3key, 8);
157
+            } else if (att->attrib.ulValueLen == 24) {
158
+                PORT_Memcpy(des3key, att->attrib.pValue, 24);
159
+            } else {
160
+                crv = CKR_KEY_SIZE_RANGE;
161
+                break;
162
+            }
163
+            cipherInfo = DES_CreateContext(des3key, desEncryptPtr->iv,
164
+                                           NSS_DES_EDE3_CBC, PR_TRUE);
165
+            PORT_Memset(des3key, 0, 24);
166
+            if (cipherInfo == NULL) {
167
+                crv = CKR_HOST_MEMORY;
168
+                break;
169
+            }
170
+            crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 8,
171
+                                     desEncryptPtr->pData, desEncryptPtr->length,
172
+                                     (SFTKCipher)DES_Encrypt);
173
+            DES_DestroyContext(cipherInfo, PR_TRUE);
174
+            break;
161 175
+
162
+    case CKM_AES_ECB_ENCRYPT_DATA:
163
+	stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter;
164
+	cipherInfo = AES_CreateContext( (unsigned char*)att->attrib.pValue,
165
+            NULL, NSS_AES, PR_TRUE, att->attrib.ulValueLen, 16);
166
+	if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
167
+	crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
168
+		stringPtr->pData, stringPtr->ulLen, (SFTKCipher) AES_Encrypt);
169
+	AES_DestroyContext(cipherInfo, PR_TRUE);
170
+	break;
176
+        case CKM_AES_ECB_ENCRYPT_DATA:
177
+            stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
178
+            cipherInfo = AES_CreateContext((unsigned char *)att->attrib.pValue,
179
+                                           NULL, NSS_AES, PR_TRUE, att->attrib.ulValueLen, 16);
180
+            if (cipherInfo == NULL) {
181
+                crv = CKR_HOST_MEMORY;
182
+                break;
183
+            }
184
+            crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
185
+                                     stringPtr->pData, stringPtr->ulLen, (SFTKCipher)AES_Encrypt);
186
+            AES_DestroyContext(cipherInfo, PR_TRUE);
187
+            break;
171 188
+
172
+    case CKM_AES_CBC_ENCRYPT_DATA:
173
+	aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
174
+							pMechanism->pParameter;
175
+	cipherInfo = AES_CreateContext( (unsigned char*)att->attrib.pValue,
176
+            			aesEncryptPtr->iv, NSS_AES_CBC, 
177
+				PR_TRUE, att->attrib.ulValueLen, 16);
178
+	if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
179
+	crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
180
+		aesEncryptPtr->pData, aesEncryptPtr->length, 
181
+		(SFTKCipher) AES_Encrypt);
182
+	AES_DestroyContext(cipherInfo, PR_TRUE);
183
+	break;
189
+        case CKM_AES_CBC_ENCRYPT_DATA:
190
+            aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
191
+                                pMechanism->pParameter;
192
+            cipherInfo = AES_CreateContext((unsigned char *)att->attrib.pValue,
193
+                                           aesEncryptPtr->iv, NSS_AES_CBC,
194
+                                           PR_TRUE, att->attrib.ulValueLen, 16);
195
+            if (cipherInfo == NULL) {
196
+                crv = CKR_HOST_MEMORY;
197
+                break;
198
+            }
199
+            crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
200
+                                     aesEncryptPtr->pData, aesEncryptPtr->length,
201
+                                     (SFTKCipher)AES_Encrypt);
202
+            AES_DestroyContext(cipherInfo, PR_TRUE);
203
+            break;
184 204
+
185
+    case CKM_CAMELLIA_ECB_ENCRYPT_DATA:
186
+	stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter;
187
+	cipherInfo = Camellia_CreateContext( (unsigned char*)att->attrib.pValue,
188
+            NULL, NSS_CAMELLIA, PR_TRUE,att->attrib.ulValueLen);
189
+	if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
190
+	crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
191
+		stringPtr->pData, stringPtr->ulLen, 
192
+		(SFTKCipher) Camellia_Encrypt);
193
+	Camellia_DestroyContext(cipherInfo, PR_TRUE);
194
+	break;
205
+        case CKM_CAMELLIA_ECB_ENCRYPT_DATA:
206
+            stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
207
+            cipherInfo = Camellia_CreateContext((unsigned char *)att->attrib.pValue,
208
+                                                NULL, NSS_CAMELLIA, PR_TRUE, att->attrib.ulValueLen);
209
+            if (cipherInfo == NULL) {
210
+                crv = CKR_HOST_MEMORY;
211
+                break;
212
+            }
213
+            crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
214
+                                     stringPtr->pData, stringPtr->ulLen,
215
+                                     (SFTKCipher)Camellia_Encrypt);
216
+            Camellia_DestroyContext(cipherInfo, PR_TRUE);
217
+            break;
195 218
+
196
+    case CKM_CAMELLIA_CBC_ENCRYPT_DATA:
197
+	aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
198
+							pMechanism->pParameter;
199
+	cipherInfo = Camellia_CreateContext((unsigned char*)att->attrib.pValue,
200
+				aesEncryptPtr->iv,NSS_CAMELLIA_CBC, 
201
+				PR_TRUE, att->attrib.ulValueLen);
202
+	if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
203
+	crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
204
+		aesEncryptPtr->pData, aesEncryptPtr->length, 
205
+		(SFTKCipher) Camellia_Encrypt);
206
+	Camellia_DestroyContext(cipherInfo, PR_TRUE);
207
+	break;
219
+        case CKM_CAMELLIA_CBC_ENCRYPT_DATA:
220
+            aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
221
+                                pMechanism->pParameter;
222
+            cipherInfo = Camellia_CreateContext((unsigned char *)att->attrib.pValue,
223
+                                                aesEncryptPtr->iv, NSS_CAMELLIA_CBC,
224
+                                                PR_TRUE, att->attrib.ulValueLen);
225
+            if (cipherInfo == NULL) {
226
+                crv = CKR_HOST_MEMORY;
227
+                break;
228
+            }
229
+            crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
230
+                                     aesEncryptPtr->pData, aesEncryptPtr->length,
231
+                                     (SFTKCipher)Camellia_Encrypt);
232
+            Camellia_DestroyContext(cipherInfo, PR_TRUE);
233
+            break;
208 234
+
209
+    case CKM_SEED_ECB_ENCRYPT_DATA:
210
+	stringPtr = (CK_KEY_DERIVATION_STRING_DATA *) pMechanism->pParameter;
211
+	cipherInfo = SEED_CreateContext( (unsigned char*)att->attrib.pValue,
212
+            NULL, NSS_SEED, PR_TRUE);
213
+	if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
214
+	crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
215
+		stringPtr->pData, stringPtr->ulLen, (SFTKCipher) SEED_Encrypt);
216
+	SEED_DestroyContext(cipherInfo, PR_TRUE);
217
+	break;
235
+        case CKM_SEED_ECB_ENCRYPT_DATA:
236
+            stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
237
+            cipherInfo = SEED_CreateContext((unsigned char *)att->attrib.pValue,
238
+                                            NULL, NSS_SEED, PR_TRUE);
239
+            if (cipherInfo == NULL) {
240
+                crv = CKR_HOST_MEMORY;
241
+                break;
242
+            }
243
+            crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
244
+                                     stringPtr->pData, stringPtr->ulLen, (SFTKCipher)SEED_Encrypt);
245
+            SEED_DestroyContext(cipherInfo, PR_TRUE);
246
+            break;
218 247
+
219
+    case CKM_SEED_CBC_ENCRYPT_DATA:
220
+	aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
221
+							pMechanism->pParameter;
222
+	cipherInfo = SEED_CreateContext( (unsigned char*)att->attrib.pValue,
223
+            aesEncryptPtr->iv, NSS_SEED_CBC, PR_TRUE);
224
+	if (cipherInfo == NULL) { crv = CKR_HOST_MEMORY; break; }
225
+	crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
226
+		aesEncryptPtr->pData, aesEncryptPtr->length,
227
+		(SFTKCipher) SEED_Encrypt);
228
+	SEED_DestroyContext(cipherInfo, PR_TRUE);
229
+	break;
248
+        case CKM_SEED_CBC_ENCRYPT_DATA:
249
+            aesEncryptPtr = (CK_AES_CBC_ENCRYPT_DATA_PARAMS *)
250
+                                pMechanism->pParameter;
251
+            cipherInfo = SEED_CreateContext((unsigned char *)att->attrib.pValue,
252
+                                            aesEncryptPtr->iv, NSS_SEED_CBC, PR_TRUE);
253
+            if (cipherInfo == NULL) {
254
+                crv = CKR_HOST_MEMORY;
255
+                break;
256
+            }
257
+            crv = sftk_DeriveEncrypt(key, keySize, cipherInfo, 16,
258
+                                     aesEncryptPtr->pData, aesEncryptPtr->length,
259
+                                     (SFTKCipher)SEED_Encrypt);
260
+            SEED_DestroyContext(cipherInfo, PR_TRUE);
261
+            break;
230 262
+
231
     case CKM_CONCATENATE_BASE_AND_DATA:
232
 	crv = sftk_DeriveSensitiveCheck(sourceKey,key);
233
 	if (crv != CKR_OK) break;
263
         case CKM_CONCATENATE_BASE_AND_DATA:
264
             crv = sftk_DeriveSensitiveCheck(sourceKey, key);
265
             if (crv != CKR_OK)
view file @ 1a57173733
... ... --- a/nss-softokn-3.16-block-sigchld.patch
... ... +++ /dev/null
... ... @@ -1,109 +0,0 @@
0
diff -up ./nss/lib/freebl/shvfy.c.block_sigchld ./nss/lib/freebl/shvfy.c
1
--- ./nss/lib/freebl/shvfy.c.block_sigchld	2014-10-23 10:38:01.494609227 -0700
2
+++ ./nss/lib/freebl/shvfy.c	2014-10-23 10:44:35.395609071 -0700
3
@@ -45,8 +45,50 @@
4
 #include <stdlib.h>
5
 #include <unistd.h>
6
 #include <fcntl.h>
7
-#include <sys/wait.h>
8
 #include <sys/stat.h>
9
+#include <errno.h>
10
+
11
+#define __USE_POSIX199309 1 /* need to use posix signal handler */
12
+#include <signal.h>
13
+#include <sys/wait.h> /* must be after signal.h */
14
+
15
+
16
+/*
17
+ * handler to block our sigchld call to keep from confusing parent apps
18
+ */
19
+static struct sigaction parent_handler;
20
+static int child_pid = 0;
21
+
22
+static void
23
+handle_sigchld(int signum, siginfo_t *sinfo, void *utcx)
24
+{
25
+    int status;
26
+    int save_errno = errno;
27
+    int ret;
28
+
29
+    if ((signum == SIGCHLD) && (sinfo->si_pid == child_pid)) {
30
+	waitpid(sinfo->si_pid,&status, 0);
31
+	errno = save_errno;
32
+	return;
33
+    }
34
+
35
+
36
+    /* call parent, first set the parents mask */
37
+    ret = sigprocmask(SIG_BLOCK, &parent_handler.sa_mask, NULL);
38
+    errno = save_errno; /* restore previous errno. allow parent to change
39
+			 * errno if it needs to */
40
+    if (ret < 0) {
41
+	return;
42
+    }
43
+    /* now call the parent */
44
+    if (parent_handler.sa_flags & SA_SIGINFO) {
45
+	(*parent_handler.sa_sigaction)(signum, sinfo, utcx);
46
+    } else {
47
+	(*parent_handler.sa_handler)(signum);
48
+    }
49
+    /* libc/kernel should restore our mask as this point, so we don't
50
+     * need to restore the mask we set above. */
51
+}
52
 
53
 /*
54
  * This function returns an NSPR PRFileDesc * which the caller can read to
55
@@ -72,6 +114,8 @@ bl_OpenUnPrelink(const char *shName, int
56
     pid_t child;
57
     int argc = 0, argNext = 0;
58
     struct stat statBuf;
59
+    struct sigaction our_handler;
60
+    sigset_t inMask,outMask;
61
     int pipefd[2] = {-1,-1};
62
     int ret;
63
 
64
@@ -155,6 +199,25 @@ bl_OpenUnPrelink(const char *shName, int
65
 	goto loser;
66
     }
67
 
68
+    child_pid = 0;
69
+    our_handler.sa_flags = SA_SIGINFO;
70
+    our_handler.sa_sigaction = handle_sigchld;
71
+    sigemptyset(&our_handler.sa_mask);
72
+    ret = sigaction(SIGCHLD, &our_handler, &parent_handler);
73
+    if (ret < 0) {
74
+	goto loser;
75
+    }
76
+
77
+    /* don't accept a sigchild until we've set out child pid */
78
+    sigemptyset(&inMask);
79
+    sigemptyset(&outMask);
80
+    sigaddset(&inMask,SIGCHLD);
81
+    ret = sigprocmask(SIG_BLOCK, &inMask, &outMask);
82
+    if (ret < 0) {
83
+	sigaction(SIGCHLD, &parent_handler, NULL);
84
+	goto loser;
85
+    }
86
+
87
     /* use vfork() so we don't trigger the pthread_at_fork() handlers */
88
     child = vfork();
89
     if (child < 0) goto loser;
90
@@ -174,6 +237,8 @@ bl_OpenUnPrelink(const char *shName, int
91
 	/* avoid at_exit() handlers */
92
 	_exit(1); /* shouldn't reach here except on an error */
93
     }
94
+    child_pid = child;
95
+    sigprocmask(SIG_SETMASK, &outMask, 0); /* child is set,accept signals now */
96
     close(pipefd[1]);
97
     pipefd[1] = -1;
98
 
99
@@ -218,6 +283,9 @@ bl_CloseUnPrelink( PRFileDesc *file, int
100
     /* reap the child */
101
     if (pid) {
102
 	waitpid(pid, NULL, 0);
103
+	/* restore the parent handler */
104
+	sigaction(SIGCHLD, &parent_handler, NULL);
105
+	child_pid = 0;
106
     }
107
 }
108
 #endif
view file @ 1a57173733
... ... --- a/nss-softokn-3.16-fips-post.patch
... ... +++ /dev/null
... ... @@ -1,5220 +0,0 @@
0
diff -up ./nss/cmd/bltest/blapitest.c.fips-post ./nss/cmd/bltest/blapitest.c
1
--- ./nss/cmd/bltest/blapitest.c.fips-post	2014-06-24 13:45:27.000000000 -0700
2
+++ ./nss/cmd/bltest/blapitest.c	2014-09-22 10:04:04.400776655 -0700
3
@@ -3615,7 +3615,7 @@ int main(int argc, char **argv)
4
 
5
     /* Do FIPS self-test */
6
     if (bltest.commands[cmd_FIPS].activated) {
7
-	CK_RV ckrv = sftk_fipsPowerUpSelfTest();
8
+	CK_RV ckrv = sftk_FIPSEntryOK();
9
 	fprintf(stdout, "CK_RV: %ld.\n", ckrv);
10
         PORT_Free(cipherInfo);
11
         if (ckrv == CKR_OK)
12
diff -up ./nss/cmd/shlibsign/Makefile.fips-post ./nss/cmd/shlibsign/Makefile
13
diff -up ./nss/lib/freebl/blapii.h.fips-post ./nss/lib/freebl/blapii.h
14
--- ./nss/lib/freebl/blapii.h.fips-post	2014-06-24 13:45:27.000000000 -0700
15
+++ ./nss/lib/freebl/blapii.h	2014-09-22 10:04:04.401776672 -0700
16
@@ -21,6 +21,9 @@ typedef void (*freeblDestroyFunc)(void *
17
 
18
 SEC_BEGIN_PROTOS
19
 
20
+SECStatus BL_FIPSEntryOK(PRBool freeblOnly);
21
+PRBool BL_POSTRan(PRBool freeblOnly);
22
+
23
 #if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
24
 
25
 extern PRBool bl_parentForkedAfterC_Initialize;
26
diff -up ./nss/lib/freebl/blname.c.fips-post ./nss/lib/freebl/blname.c
27
--- ./nss/lib/freebl/blname.c.fips-post	2014-09-22 10:04:04.402776689 -0700
28
+++ ./nss/lib/freebl/blname.c	2014-09-22 10:18:14.993028403 -0700
29
@@ -0,0 +1,93 @@
30
+/*
31
+ *  * blname.c - determine the freebl library name.
32
+ *   *
33
+ *    * This Source Code Form is subject to the terms of the Mozilla Public
34
+ *     * License, v. 2.0. If a copy of the MPL was not distributed with this
35
+ *      * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
36
+
37
+static const char* default_name =
38
+    SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX;
39
+
40
+/* getLibName() returns the name of the library to load. */
41
+
42
+#if defined(SOLARIS) && defined(__sparc)
43
+#include <stddef.h>
44
+#include <strings.h>
45
+#include <sys/systeminfo.h>
46
+
47
+
48
+#if defined(NSS_USE_64)
49
+
50
+const static char fpu_hybrid_shared_lib[] = "libfreebl_64fpu_3.so";
51
+const static char int_hybrid_shared_lib[] = "libfreebl_64int_3.so";
52
+const static char non_hybrid_shared_lib[] = "libfreebl_64fpu_3.so";
53
+
54
+const static char int_hybrid_isa[] = "sparcv9";
55
+const static char fpu_hybrid_isa[] = "sparcv9+vis";
56
+
57
+#else
58
+
59
+const static char fpu_hybrid_shared_lib[] = "libfreebl_32fpu_3.so";
60
+const static char int_hybrid_shared_lib[] = "libfreebl_32int64_3.so";
61
+/* This was for SPARC V8, now obsolete. */
62
+const static char *const non_hybrid_shared_lib = NULL;
63
+
64
+const static char int_hybrid_isa[] = "sparcv8plus";
65
+const static char fpu_hybrid_isa[] = "sparcv8plus+vis";
66
+
67
+#endif
68
+
69
+static const char *
70
+getLibName(void)
71
+{
72
+    char * found_int_hybrid;
73
+    char * found_fpu_hybrid;
74
+    long buflen;
75
+    char buf[256];
76
+
77
+    buflen = sysinfo(SI_ISALIST, buf, sizeof buf);
78
+    if (buflen <= 0) 
79
+	return NULL;
80
+    /* sysinfo output is always supposed to be NUL terminated, but ... */
81
+    if (buflen < sizeof buf) 
82
+    	buf[buflen] = '\0';
83
+    else
84
+    	buf[(sizeof buf) - 1] = '\0';
85
+    /* The ISA list is a space separated string of names of ISAs and
86
+     * ISA extensions, in order of decreasing performance.
87
+     * There are two different ISAs with which NSS's crypto code can be
88
+     * accelerated. If both are in the list, we take the first one.
89
+     * If one is in the list, we use it, and if neither then we use
90
+     * the base unaccelerated code.
91
+     */
92
+    found_int_hybrid = strstr(buf, int_hybrid_isa);
93
+    found_fpu_hybrid = strstr(buf, fpu_hybrid_isa);
94
+    if (found_fpu_hybrid && 
95
+	(!found_int_hybrid ||
96
+	 (found_int_hybrid - found_fpu_hybrid) >= 0)) {
97
+	return fpu_hybrid_shared_lib;
98
+    }
99
+    if (found_int_hybrid) {
100
+	return int_hybrid_shared_lib;
101
+    }
102
+    return non_hybrid_shared_lib;
103
+}
104
+
105
+#elif defined(HPUX) && !defined(NSS_USE_64) && !defined(__ia64)
106
+#include <unistd.h>
107
+
108
+/* This code tests to see if we're running on a PA2.x CPU.
109
+** It returns true (1) if so, and false (0) otherwise.
110
+*/
111
+static const char *
112
+getLibName(void)
113
+{
114
+    long cpu = sysconf(_SC_CPU_VERSION);
115
+    return (cpu == CPU_PA_RISC2_0) 
116
+		? "libfreebl_32fpu_3.sl"
117
+	        : "libfreebl_32int_3.sl" ;
118
+}
119
+#else
120
+/* default case, for platforms/ABIs that have only one freebl shared lib. */
121
+static const char * getLibName(void) { return default_name; }
122
+#endif
123
diff -up ./nss/lib/freebl/fipsfreebl.c.fips-post ./nss/lib/freebl/fipsfreebl.c
124
--- ./nss/lib/freebl/fipsfreebl.c.fips-post	2014-09-22 10:04:04.404776722 -0700
125
+++ ./nss/lib/freebl/fipsfreebl.c	2014-09-22 10:04:04.404776722 -0700
126
@@ -0,0 +1,2246 @@
127
+/*
128
+ * PKCS #11 FIPS Power-Up Self Test.
129
+ *
130
+ * This Source Code Form is subject to the terms of the Mozilla Public
131
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
132
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
133
+/* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */
134
+
135
+#ifdef FREEBL_NO_DEPEND
136
+#include "stubs.h"
137
+#endif
138
+
139
+#include "blapi.h"
140
+#include "seccomon.h"   /* Required for RSA and DSA. */
141
+#include "secerr.h"
142
+#include "prtypes.h"
143
+
144
+#ifdef NSS_ENABLE_ECC
145
+#include "ec.h"         /* Required for ECDSA */
146
+#endif
147
+
148
+/*
149
+ * different platforms have different ways of calling and initial entry point
150
+ * when the dll/.so is loaded. Most platforms support either a posix pragma
151
+ * or the GCC attribute. Some platforms suppor a pre-defined name, and some
152
+ * platforms have a link line way of invoking this function.
153
+ */
154
+
155
+/* The pragma */
156
+#if defined(USE_INIT_PRAGMA)
157
+#pragma init(bl_startup_tests)
158
+#endif
159
+
160
+
161
+/* GCC Attribute */
162
+#ifdef __GNUC__
163
+#define INIT_FUNCTION __attribute__((constructor))
164
+#else
165
+#define INIT_FUNCTION
166
+#endif
167
+
168
+static void INIT_FUNCTION bl_startup_tests(void);
169
+
170
+
171
+/* Windows pre-defined entry */
172
+#ifdef XP_WIN
173
+#include <windows.h>
174
+#include <primpl.h>
175
+
176
+BOOL WINAPI DllMain(
177
+    HINSTANCE hinstDLL,  // handle to DLL module
178
+    DWORD fdwReason,     // reason for calling function
179
+    LPVOID lpReserved )  // reserved
180
+{
181
+    // Perform actions based on the reason for calling.
182
+    switch( fdwReason ) 
183
+    { 
184
+        case DLL_PROCESS_ATTACH:
185
+         // Initialize once for each new process.
186
+         // Return FALSE to fail DLL load.
187
+	bl_startup_tests();
188
+            break;
189
+
190
+        case DLL_THREAD_ATTACH:
191
+         // Do thread-specific initialization.
192
+            break;
193
+
194
+        case DLL_THREAD_DETACH:
195
+         // Do thread-specific cleanup.
196
+            break;
197
+
198
+        case DLL_PROCESS_DETACH:
199
+         // Perform any necessary cleanup.
200
+            break;
201
+    }
202
+    return TRUE;  // Successful DLL_PROCESS_ATTACH.
203
+}
204
+#endif
205
+
206
+/* insert other platform dependent init entry points here, or modify
207
+ * the linker line */
208
+
209
+
210
+/* FIPS preprocessor directives for RC2-ECB and RC2-CBC.        */
211
+#define FIPS_RC2_KEY_LENGTH                      5  /*  40-bits */
212
+#define FIPS_RC2_ENCRYPT_LENGTH                  8  /*  64-bits */
213
+#define FIPS_RC2_DECRYPT_LENGTH                  8  /*  64-bits */
214
+
215
+
216
+/* FIPS preprocessor directives for RC4.                        */
217
+#define FIPS_RC4_KEY_LENGTH                      5  /*  40-bits */
218
+#define FIPS_RC4_ENCRYPT_LENGTH                  8  /*  64-bits */
219
+#define FIPS_RC4_DECRYPT_LENGTH                  8  /*  64-bits */
220
+
221
+
222
+/* FIPS preprocessor directives for DES-ECB and DES-CBC.        */
223
+#define FIPS_DES_ENCRYPT_LENGTH                  8  /*  64-bits */
224
+#define FIPS_DES_DECRYPT_LENGTH                  8  /*  64-bits */
225
+
226
+
227
+/* FIPS preprocessor directives for DES3-CBC and DES3-ECB.      */
228
+#define FIPS_DES3_ENCRYPT_LENGTH                 8  /*  64-bits */
229
+#define FIPS_DES3_DECRYPT_LENGTH                 8  /*  64-bits */
230
+
231
+
232
+/* FIPS preprocessor directives for AES-ECB and AES-CBC.        */
233
+#define FIPS_AES_BLOCK_SIZE                     16  /* 128-bits */
234
+#define FIPS_AES_ENCRYPT_LENGTH                 16  /* 128-bits */
235
+#define FIPS_AES_DECRYPT_LENGTH                 16  /* 128-bits */
236
+#define FIPS_AES_128_KEY_SIZE                   16  /* 128-bits */
237
+#define FIPS_AES_192_KEY_SIZE                   24  /* 192-bits */
238
+#define FIPS_AES_256_KEY_SIZE                   32  /* 256-bits */
239
+
240
+
241
+/* FIPS preprocessor directives for message digests             */
242
+#define FIPS_KNOWN_HASH_MESSAGE_LENGTH          64  /* 512-bits */
243
+
244
+
245
+/* FIPS preprocessor directives for RSA.                         */
246
+#define FIPS_RSA_TYPE                           siBuffer
247
+#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH           3 /*   24-bits */
248
+#define FIPS_RSA_PRIVATE_VERSION_LENGTH           1 /*    8-bits */
249
+#define FIPS_RSA_MESSAGE_LENGTH                 256 /* 2048-bits */
250
+#define FIPS_RSA_COEFFICIENT_LENGTH             128 /* 1024-bits */
251
+#define FIPS_RSA_PRIME0_LENGTH                  128 /* 1024-bits */
252
+#define FIPS_RSA_PRIME1_LENGTH                  128 /* 1024-bits */
253
+#define FIPS_RSA_EXPONENT0_LENGTH               128 /* 1024-bits */
254
+#define FIPS_RSA_EXPONENT1_LENGTH               128 /* 1024-bits */
255
+#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH        256 /* 2048-bits */
256
+#define FIPS_RSA_ENCRYPT_LENGTH                 256 /* 2048-bits */
257
+#define FIPS_RSA_DECRYPT_LENGTH                 256 /* 2048-bits */
258
+#define FIPS_RSA_SIGNATURE_LENGTH               256 /* 2048-bits */
259
+#define FIPS_RSA_MODULUS_LENGTH                 256 /* 2048-bits */
260
+
261
+
262
+/* FIPS preprocessor directives for DSA.                        */
263
+#define FIPS_DSA_TYPE                           siBuffer
264
+#define FIPS_DSA_DIGEST_LENGTH                  20 /*  160-bits */
265
+#define FIPS_DSA_SUBPRIME_LENGTH                20 /*  160-bits */
266
+#define FIPS_DSA_SIGNATURE_LENGTH               40 /*  320-bits */
267
+#define FIPS_DSA_PRIME_LENGTH                  128 /* 1024-bits */
268
+#define FIPS_DSA_BASE_LENGTH                   128 /* 1024-bits */
269
+
270
+/* FIPS preprocessor directives for RNG.                        */
271
+#define FIPS_RNG_XKEY_LENGTH                    32  /* 256-bits */
272
+
273
+static SECStatus
274
+freebl_fips_RC2_PowerUpSelfTest( void )
275
+{
276
+    /* RC2 Known Key (40-bits). */
277
+    static const PRUint8 rc2_known_key[] = { "RSARC" };
278
+
279
+    /* RC2-CBC Known Initialization Vector (64-bits). */
280
+    static const PRUint8 rc2_cbc_known_initialization_vector[] = {"Security"};
281
+
282
+    /* RC2 Known Plaintext (64-bits). */
283
+    static const PRUint8 rc2_ecb_known_plaintext[] = {"Netscape"};
284
+    static const PRUint8 rc2_cbc_known_plaintext[] = {"Netscape"};
285
+
286
+    /* RC2 Known Ciphertext (64-bits). */
287
+    static const PRUint8 rc2_ecb_known_ciphertext[] = {
288
+				  0x1a,0x71,0x33,0x54,0x8d,0x5c,0xd2,0x30};
289
+    static const PRUint8 rc2_cbc_known_ciphertext[] = {
290
+				  0xff,0x41,0xdb,0x94,0x8a,0x4c,0x33,0xb3};
291
+
292
+    /* RC2 variables. */
293
+    PRUint8        rc2_computed_ciphertext[FIPS_RC2_ENCRYPT_LENGTH];
294
+    PRUint8        rc2_computed_plaintext[FIPS_RC2_DECRYPT_LENGTH];
295
+    RC2Context *   rc2_context;
296
+    unsigned int   rc2_bytes_encrypted;
297
+    unsigned int   rc2_bytes_decrypted;
298
+    SECStatus      rc2_status;
299
+
300
+
301
+    /******************************************************/
302
+    /* RC2-ECB Single-Round Known Answer Encryption Test: */
303
+    /******************************************************/
304
+
305
+    rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
306
+                                     NULL, NSS_RC2,
307
+                                     FIPS_RC2_KEY_LENGTH );
308
+
309
+    if( rc2_context == NULL ) {
310
+        PORT_SetError( SEC_ERROR_NO_MEMORY );
311
+        return( SECFailure );
312
+    }
313
+
314
+    rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
315
+                              &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
316
+                              rc2_ecb_known_plaintext,
317
+                              FIPS_RC2_DECRYPT_LENGTH );
318
+
319
+    RC2_DestroyContext( rc2_context, PR_TRUE );
320
+
321
+    if( ( rc2_status != SECSuccess ) ||
322
+        ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
323
+        ( PORT_Memcmp( rc2_computed_ciphertext, rc2_ecb_known_ciphertext,
324
+                       FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) ) {
325
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
326
+        return( SECFailure );
327
+    }
328
+
329
+
330
+    /******************************************************/
331
+    /* RC2-ECB Single-Round Known Answer Decryption Test: */
332
+    /******************************************************/
333
+
334
+    rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
335
+                                     NULL, NSS_RC2,
336
+                                     FIPS_RC2_KEY_LENGTH );
337
+
338
+    if( rc2_context == NULL ) {
339
+        PORT_SetError( SEC_ERROR_NO_MEMORY );
340
+        return( SECFailure );
341
+    }
342
+
343
+    rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
344
+                              &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
345
+                              rc2_ecb_known_ciphertext,
346
+                              FIPS_RC2_ENCRYPT_LENGTH );
347
+
348
+    RC2_DestroyContext( rc2_context, PR_TRUE );
349
+
350
+    if( ( rc2_status != SECSuccess ) ||
351
+        ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
352
+        ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
353
+                       FIPS_RC2_DECRYPT_LENGTH ) != 0 ) ) {
354
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
355
+        return( SECFailure );
356
+    }
357
+
358
+
359
+    /******************************************************/
360
+    /* RC2-CBC Single-Round Known Answer Encryption Test: */
361
+    /******************************************************/
362
+
363
+    rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
364
+                                     rc2_cbc_known_initialization_vector,
365
+                                     NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
366
+
367
+    if( rc2_context == NULL ) {
368
+        PORT_SetError( SEC_ERROR_NO_MEMORY );
369
+        return( SECFailure );
370
+    }
371
+
372
+    rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
373
+                              &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
374
+                              rc2_cbc_known_plaintext,
375
+                              FIPS_RC2_DECRYPT_LENGTH );
376
+
377
+    RC2_DestroyContext( rc2_context, PR_TRUE );
378
+
379
+    if( ( rc2_status != SECSuccess ) ||
380
+        ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
381
+        ( PORT_Memcmp( rc2_computed_ciphertext, rc2_cbc_known_ciphertext,
382
+                       FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) ) {
383
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
384
+        return( SECFailure );
385
+    }
386
+
387
+
388
+    /******************************************************/
389
+    /* RC2-CBC Single-Round Known Answer Decryption Test: */
390
+    /******************************************************/
391
+
392
+    rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
393
+                                     rc2_cbc_known_initialization_vector,
394
+                                     NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
395
+
396
+    if( rc2_context == NULL ) {
397
+        PORT_SetError( SEC_ERROR_NO_MEMORY );
398
+        return( SECFailure );
399
+    }
400
+
401
+    rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
402
+                              &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
403
+                              rc2_cbc_known_ciphertext,
404
+                              FIPS_RC2_ENCRYPT_LENGTH );
405
+
406
+    RC2_DestroyContext( rc2_context, PR_TRUE );
407
+
408
+    if( ( rc2_status != SECSuccess ) ||
409
+        ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
410
+        ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
411
+                       FIPS_RC2_DECRYPT_LENGTH ) != 0 ) ) {
412
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
413
+        return( SECFailure );
414
+    }
415
+
416
+    return( SECSuccess );
417
+}
418
+
419
+
420
+static SECStatus
421
+freebl_fips_RC4_PowerUpSelfTest( void )
422
+{
423
+    /* RC4 Known Key (40-bits). */
424
+    static const PRUint8 rc4_known_key[] = { "RSARC" };
425
+
426
+    /* RC4 Known Plaintext (64-bits). */
427
+    static const PRUint8 rc4_known_plaintext[] = { "Netscape" };
428
+
429
+    /* RC4 Known Ciphertext (64-bits). */
430
+    static const PRUint8 rc4_known_ciphertext[] = {
431
+				0x29,0x33,0xc7,0x9a,0x9d,0x6c,0x09,0xdd};
432
+
433
+    /* RC4 variables. */
434
+    PRUint8        rc4_computed_ciphertext[FIPS_RC4_ENCRYPT_LENGTH];
435
+    PRUint8        rc4_computed_plaintext[FIPS_RC4_DECRYPT_LENGTH];
436
+    RC4Context *   rc4_context;
437
+    unsigned int   rc4_bytes_encrypted;
438
+    unsigned int   rc4_bytes_decrypted;
439
+    SECStatus      rc4_status;
440
+
441
+
442
+    /**************************************************/
443
+    /* RC4 Single-Round Known Answer Encryption Test: */
444
+    /**************************************************/
445
+
446
+    rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
447
+
448
+    if( rc4_context == NULL ) {
449
+        PORT_SetError( SEC_ERROR_NO_MEMORY );
450
+        return( SECFailure );
451
+    }
452
+
453
+    rc4_status = RC4_Encrypt( rc4_context, rc4_computed_ciphertext,
454
+                              &rc4_bytes_encrypted, FIPS_RC4_ENCRYPT_LENGTH,
455
+                              rc4_known_plaintext, FIPS_RC4_DECRYPT_LENGTH );
456
+
457
+    RC4_DestroyContext( rc4_context, PR_TRUE );
458
+
459
+    if( ( rc4_status != SECSuccess ) ||
460
+        ( rc4_bytes_encrypted != FIPS_RC4_ENCRYPT_LENGTH ) ||
461
+        ( PORT_Memcmp( rc4_computed_ciphertext, rc4_known_ciphertext,
462
+                       FIPS_RC4_ENCRYPT_LENGTH ) != 0 ) ) {
463
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
464
+        return( SECFailure );
465
+    }
466
+
467
+
468
+    /**************************************************/
469
+    /* RC4 Single-Round Known Answer Decryption Test: */
470
+    /**************************************************/
471
+
472
+    rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
473
+
474
+    if( rc4_context == NULL ) {
475
+        PORT_SetError( SEC_ERROR_NO_MEMORY );
476
+        return( SECFailure );
477
+    }
478
+
479
+    rc4_status = RC4_Decrypt( rc4_context, rc4_computed_plaintext,
480
+                              &rc4_bytes_decrypted, FIPS_RC4_DECRYPT_LENGTH,
481
+                              rc4_known_ciphertext, FIPS_RC4_ENCRYPT_LENGTH );
482
+
483
+    RC4_DestroyContext( rc4_context, PR_TRUE );
484
+
485
+    if( ( rc4_status != SECSuccess ) ||
486
+        ( rc4_bytes_decrypted != FIPS_RC4_DECRYPT_LENGTH ) ||
487
+        ( PORT_Memcmp( rc4_computed_plaintext, rc4_known_plaintext,
488
+                       FIPS_RC4_DECRYPT_LENGTH ) != 0 ) ) {
489
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
490
+        return( SECFailure );
491
+    }
492
+
493
+    return( SECSuccess );
494
+}
495
+
496
+
497
+static SECStatus
498
+freebl_fips_DES_PowerUpSelfTest( void )
499
+{
500
+    /* DES Known Key (56-bits). */
501
+    static const PRUint8 des_known_key[] = { "ANSI DES" };
502
+
503
+    /* DES-CBC Known Initialization Vector (64-bits). */
504
+    static const PRUint8 des_cbc_known_initialization_vector[] = { "Security" };
505
+
506
+    /* DES Known Plaintext (64-bits). */
507
+    static const PRUint8 des_ecb_known_plaintext[] = { "Netscape" };
508
+    static const PRUint8 des_cbc_known_plaintext[] = { "Netscape" };
509
+
510
+    /* DES Known Ciphertext (64-bits). */
511
+    static const PRUint8 des_ecb_known_ciphertext[] = {
512
+			       0x26,0x14,0xe9,0xc3,0x28,0x80,0x50,0xb0};
513
+    static const PRUint8 des_cbc_known_ciphertext[]  = {
514
+			       0x5e,0x95,0x94,0x5d,0x76,0xa2,0xd3,0x7d};
515
+
516
+    /* DES variables. */
517
+    PRUint8        des_computed_ciphertext[FIPS_DES_ENCRYPT_LENGTH];
518
+    PRUint8        des_computed_plaintext[FIPS_DES_DECRYPT_LENGTH];
519
+    DESContext *   des_context;
520
+    unsigned int   des_bytes_encrypted;
521
+    unsigned int   des_bytes_decrypted;
522
+    SECStatus      des_status;
523
+
524
+
525
+    /******************************************************/
526
+    /* DES-ECB Single-Round Known Answer Encryption Test: */
527
+    /******************************************************/
528
+
529
+    des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_TRUE );
530
+
531
+    if( des_context == NULL ) {
532
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
533
+        return( SECFailure );
534
+    }
535
+
536
+    des_status = DES_Encrypt( des_context, des_computed_ciphertext,
537
+                              &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
538
+                              des_ecb_known_plaintext,
539
+                              FIPS_DES_DECRYPT_LENGTH );
540
+
541
+    DES_DestroyContext( des_context, PR_TRUE );
542
+
543
+    if( ( des_status != SECSuccess ) ||
544
+        ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
545
+        ( PORT_Memcmp( des_computed_ciphertext, des_ecb_known_ciphertext,
546
+                       FIPS_DES_ENCRYPT_LENGTH ) != 0 ) ) {
547
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
548
+        return( SECFailure );
549
+    }
550
+
551
+
552
+    /******************************************************/
553
+    /* DES-ECB Single-Round Known Answer Decryption Test: */
554
+    /******************************************************/
555
+
556
+    des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_FALSE );
557
+
558
+    if( des_context == NULL ) {
559
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
560
+        return( SECFailure );
561
+    }
562
+
563
+    des_status = DES_Decrypt( des_context, des_computed_plaintext,
564
+                              &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
565
+                              des_ecb_known_ciphertext,
566
+                              FIPS_DES_ENCRYPT_LENGTH );
567
+
568
+    DES_DestroyContext( des_context, PR_TRUE );
569
+
570
+    if( ( des_status != SECSuccess ) ||
571
+        ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
572
+        ( PORT_Memcmp( des_computed_plaintext, des_ecb_known_plaintext,
573
+                       FIPS_DES_DECRYPT_LENGTH ) != 0 ) ) {
574
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
575
+        return( SECFailure );
576
+    }
577
+
578
+
579
+    /******************************************************/
580
+    /* DES-CBC Single-Round Known Answer Encryption Test. */
581
+    /******************************************************/
582
+
583
+    des_context = DES_CreateContext( des_known_key,
584
+                                     des_cbc_known_initialization_vector,
585
+                                     NSS_DES_CBC, PR_TRUE );
586
+
587
+    if( des_context == NULL ) {
588
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
589
+        return( SECFailure );
590
+    }
591
+
592
+    des_status = DES_Encrypt( des_context, des_computed_ciphertext,
593
+                              &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
594
+                              des_cbc_known_plaintext,
595
+                              FIPS_DES_DECRYPT_LENGTH );
596
+
597
+    DES_DestroyContext( des_context, PR_TRUE );
598
+
599
+    if( ( des_status != SECSuccess ) ||
600
+        ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
601
+        ( PORT_Memcmp( des_computed_ciphertext, des_cbc_known_ciphertext,
602
+                       FIPS_DES_ENCRYPT_LENGTH ) != 0 ) ) {
603
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
604
+        return( SECFailure );
605
+    }
606
+
607
+
608
+    /******************************************************/
609
+    /* DES-CBC Single-Round Known Answer Decryption Test. */
610
+    /******************************************************/
611
+
612
+    des_context = DES_CreateContext( des_known_key,
613
+                                     des_cbc_known_initialization_vector,
614
+                                     NSS_DES_CBC, PR_FALSE );
615
+
616
+    if( des_context == NULL ) {
617
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
618
+        return( SECFailure );
619
+    }
620
+
621
+    des_status = DES_Decrypt( des_context, des_computed_plaintext,
622
+                              &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
623
+                              des_cbc_known_ciphertext,
624
+                              FIPS_DES_ENCRYPT_LENGTH );
625
+
626
+    DES_DestroyContext( des_context, PR_TRUE );
627
+
628
+    if( ( des_status != SECSuccess ) ||
629
+        ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
630
+        ( PORT_Memcmp( des_computed_plaintext, des_cbc_known_plaintext,
631
+                       FIPS_DES_DECRYPT_LENGTH ) != 0 ) ) {
632
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
633
+        return( SECFailure );
634
+    }
635
+
636
+    return( SECSuccess );
637
+}
638
+
639
+
640
+static SECStatus
641
+freebl_fips_DES3_PowerUpSelfTest( void )
642
+{
643
+    /* DES3 Known Key (56-bits). */
644
+    static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
645
+
646
+    /* DES3-CBC Known Initialization Vector (64-bits). */
647
+    static const PRUint8 des3_cbc_known_initialization_vector[] = { "Security" };
648
+
649
+    /* DES3 Known Plaintext (64-bits). */
650
+    static const PRUint8 des3_ecb_known_plaintext[] = { "Netscape" };
651
+    static const PRUint8 des3_cbc_known_plaintext[] = { "Netscape" };
652
+
653
+    /* DES3 Known Ciphertext (64-bits). */
654
+    static const PRUint8 des3_ecb_known_ciphertext[] = {
655
+			   0x55,0x8e,0xad,0x3c,0xee,0x49,0x69,0xbe};
656
+    static const PRUint8 des3_cbc_known_ciphertext[] = {
657
+			   0x43,0xdc,0x6a,0xc1,0xaf,0xa6,0x32,0xf5};
658
+
659
+    /* DES3 variables. */
660
+    PRUint8        des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
661
+    PRUint8        des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
662
+    DESContext *   des3_context;
663
+    unsigned int   des3_bytes_encrypted;
664
+    unsigned int   des3_bytes_decrypted;
665
+    SECStatus      des3_status;
666
+
667
+
668
+    /*******************************************************/
669
+    /* DES3-ECB Single-Round Known Answer Encryption Test. */
670
+    /*******************************************************/
671
+
672
+    des3_context = DES_CreateContext( des3_known_key, NULL,
673
+                                     NSS_DES_EDE3, PR_TRUE );
674
+
675
+    if( des3_context == NULL ) {
676
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
677
+        return( SECFailure );
678
+    }
679
+
680
+    des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
681
+                               &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
682
+                               des3_ecb_known_plaintext,
683
+                               FIPS_DES3_DECRYPT_LENGTH );
684
+
685
+    DES_DestroyContext( des3_context, PR_TRUE );
686
+
687
+    if( ( des3_status != SECSuccess ) ||
688
+        ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
689
+        ( PORT_Memcmp( des3_computed_ciphertext, des3_ecb_known_ciphertext,
690
+                       FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) ) {
691
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
692
+        return( SECFailure );
693
+    }
694
+
695
+
696
+    /*******************************************************/
697
+    /* DES3-ECB Single-Round Known Answer Decryption Test. */
698
+    /*******************************************************/
699
+
700
+    des3_context = DES_CreateContext( des3_known_key, NULL,
701
+                                     NSS_DES_EDE3, PR_FALSE );
702
+
703
+    if( des3_context == NULL ) {
704
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
705
+        return( SECFailure );
706
+    }
707
+
708
+    des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
709
+                               &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
710
+                               des3_ecb_known_ciphertext,
711
+                               FIPS_DES3_ENCRYPT_LENGTH );
712
+
713
+    DES_DestroyContext( des3_context, PR_TRUE );
714
+
715
+    if( ( des3_status != SECSuccess ) ||
716
+        ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
717
+        ( PORT_Memcmp( des3_computed_plaintext, des3_ecb_known_plaintext,
718
+                       FIPS_DES3_DECRYPT_LENGTH ) != 0 ) ) {
719
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
720
+        return( SECFailure );
721
+    }
722
+
723
+
724
+    /*******************************************************/
725
+    /* DES3-CBC Single-Round Known Answer Encryption Test. */
726
+    /*******************************************************/
727
+
728
+    des3_context = DES_CreateContext( des3_known_key,
729
+                                      des3_cbc_known_initialization_vector,
730
+                                      NSS_DES_EDE3_CBC, PR_TRUE );
731
+
732
+    if( des3_context == NULL ) {
733
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
734
+        return( SECFailure );
735
+    }
736
+
737
+    des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
738
+                               &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
739
+                               des3_cbc_known_plaintext,
740
+                               FIPS_DES3_DECRYPT_LENGTH );
741
+
742
+    DES_DestroyContext( des3_context, PR_TRUE );
743
+
744
+    if( ( des3_status != SECSuccess ) ||
745
+        ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
746
+        ( PORT_Memcmp( des3_computed_ciphertext, des3_cbc_known_ciphertext,
747
+                       FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) ) {
748
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
749
+        return( SECFailure );
750
+    }
751
+
752
+
753
+    /*******************************************************/
754
+    /* DES3-CBC Single-Round Known Answer Decryption Test. */
755
+    /*******************************************************/
756
+
757
+    des3_context = DES_CreateContext( des3_known_key,
758
+                                      des3_cbc_known_initialization_vector,
759
+                                      NSS_DES_EDE3_CBC, PR_FALSE );
760
+
761
+    if( des3_context == NULL ) {
762
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
763
+        return( SECFailure );
764
+    }
765
+
766
+    des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
767
+                               &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
768
+                               des3_cbc_known_ciphertext,
769
+                               FIPS_DES3_ENCRYPT_LENGTH );
770
+
771
+    DES_DestroyContext( des3_context, PR_TRUE );
772
+
773
+    if( ( des3_status != SECSuccess ) ||
774
+        ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
775
+        ( PORT_Memcmp( des3_computed_plaintext, des3_cbc_known_plaintext,
776
+                       FIPS_DES3_DECRYPT_LENGTH ) != 0 ) ) {
777
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
778
+        return( SECFailure );
779
+    }
780
+
781
+    return( SECSuccess );
782
+}
783
+
784
+
785
+/* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/
786
+static SECStatus
787
+freebl_fips_AES_PowerUpSelfTest( int aes_key_size )
788
+{
789
+    /* AES Known Key (up to 256-bits). */
790
+    static const PRUint8 aes_known_key[] = 
791
+        { "AES-128 RIJNDAELLEADNJIR 821-SEA" };
792
+
793
+    /* AES-CBC Known Initialization Vector (128-bits). */
794
+    static const PRUint8 aes_cbc_known_initialization_vector[] = 
795
+        { "SecurityytiruceS" };
796
+
797
+    /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
798
+    static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" };
799
+
800
+    /* AES Known Ciphertext (128-bit key). */
801
+    static const PRUint8 aes_ecb128_known_ciphertext[] = {
802
+        0x3c,0xa5,0x96,0xf3,0x34,0x6a,0x96,0xc1,
803
+        0x03,0x88,0x16,0x7b,0x20,0xbf,0x35,0x47 };
804
+
805
+    static const PRUint8 aes_cbc128_known_ciphertext[]  = {
806
+        0xcf,0x15,0x1d,0x4f,0x96,0xe4,0x4f,0x63,
807
+        0x15,0x54,0x14,0x1d,0x4e,0xd8,0xd5,0xea };
808
+
809
+    /* AES Known Ciphertext (192-bit key). */
810
+    static const PRUint8 aes_ecb192_known_ciphertext[] = { 
811
+        0xa0,0x18,0x62,0xed,0x88,0x19,0xcb,0x62,
812
+        0x88,0x1d,0x4d,0xfe,0x84,0x02,0x89,0x0e };
813
+
814
+    static const PRUint8 aes_cbc192_known_ciphertext[]  = { 
815
+        0x83,0xf7,0xa4,0x76,0xd1,0x6f,0x07,0xbe,
816
+        0x07,0xbc,0x43,0x2f,0x6d,0xad,0x29,0xe1 };
817
+
818
+    /* AES Known Ciphertext (256-bit key). */
819
+    static const PRUint8 aes_ecb256_known_ciphertext[] = { 
820
+        0xdb,0xa6,0x52,0x01,0x8a,0x70,0xae,0x66,
821
+        0x3a,0x99,0xd8,0x95,0x7f,0xfb,0x01,0x67 };
822
+    
823
+    static const PRUint8 aes_cbc256_known_ciphertext[]  = { 
824
+        0x37,0xea,0x07,0x06,0x31,0x1c,0x59,0x27,
825
+        0xc5,0xc5,0x68,0x71,0x6e,0x34,0x40,0x16 };
826
+
827
+    const PRUint8 *aes_ecb_known_ciphertext =
828
+        ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext :
829
+        ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext :
830
+                                aes_ecb256_known_ciphertext;
831
+
832
+    const PRUint8 *aes_cbc_known_ciphertext =
833
+        ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext :
834
+        ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext :
835
+                                aes_cbc256_known_ciphertext;
836
+
837
+    /* AES variables. */
838
+    PRUint8        aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH];
839
+    PRUint8        aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH];
840
+    AESContext *   aes_context;
841
+    unsigned int   aes_bytes_encrypted;
842
+    unsigned int   aes_bytes_decrypted;
843
+    SECStatus      aes_status;
844
+
845
+    /*check if aes_key_size is 128, 192, or 256 bits */
846
+    if ((aes_key_size != FIPS_AES_128_KEY_SIZE) && 
847
+        (aes_key_size != FIPS_AES_192_KEY_SIZE) && 
848
+        (aes_key_size != FIPS_AES_256_KEY_SIZE))  {
849
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
850
+        return( SECFailure );
851
+    }
852
+
853
+    /******************************************************/
854
+    /* AES-ECB Single-Round Known Answer Encryption Test: */
855
+    /******************************************************/
856
+
857
+    aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_TRUE,
858
+                                     aes_key_size, FIPS_AES_BLOCK_SIZE );
859
+
860
+    if( aes_context == NULL ) {
861
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
862
+        return( SECFailure );
863
+    }
864
+
865
+    aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
866
+                              &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
867
+                              aes_known_plaintext,
868
+                              FIPS_AES_DECRYPT_LENGTH );
869
+    
870
+    AES_DestroyContext( aes_context, PR_TRUE );
871
+
872
+    if( ( aes_status != SECSuccess ) ||
873
+        ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
874
+        ( PORT_Memcmp( aes_computed_ciphertext, aes_ecb_known_ciphertext,
875
+                       FIPS_AES_ENCRYPT_LENGTH ) != 0 ) ) {
876
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
877
+        return( SECFailure );
878
+    }
879
+
880
+
881
+    /******************************************************/
882
+    /* AES-ECB Single-Round Known Answer Decryption Test: */
883
+    /******************************************************/
884
+
885
+    aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_FALSE,
886
+                                     aes_key_size, FIPS_AES_BLOCK_SIZE );
887
+
888
+    if( aes_context == NULL ) {
889
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
890
+        return( SECFailure );
891
+    }
892
+
893
+    aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
894
+                              &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
895
+                              aes_ecb_known_ciphertext,
896
+                              FIPS_AES_ENCRYPT_LENGTH );
897
+
898
+    AES_DestroyContext( aes_context, PR_TRUE );
899
+
900
+    if( ( aes_status != SECSuccess ) ||         
901
+        ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
902
+        ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
903
+                       FIPS_AES_DECRYPT_LENGTH ) != 0 ) ) {
904
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
905
+        return( SECFailure );
906
+    }
907
+
908
+
909
+    /******************************************************/
910
+    /* AES-CBC Single-Round Known Answer Encryption Test. */
911
+    /******************************************************/
912
+
913
+    aes_context = AES_CreateContext( aes_known_key,
914
+                                     aes_cbc_known_initialization_vector,
915
+                                     NSS_AES_CBC, PR_TRUE, aes_key_size, 
916
+                                     FIPS_AES_BLOCK_SIZE );
917
+
918
+    if( aes_context == NULL ) {
919
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
920
+        return( SECFailure );
921
+    }
922
+
923
+    aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
924
+                              &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
925
+                              aes_known_plaintext,
926
+                              FIPS_AES_DECRYPT_LENGTH );
927
+
928
+    AES_DestroyContext( aes_context, PR_TRUE );
929
+
930
+    if( ( aes_status != SECSuccess ) ||
931
+        ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
932
+        ( PORT_Memcmp( aes_computed_ciphertext, aes_cbc_known_ciphertext,
933
+                       FIPS_AES_ENCRYPT_LENGTH ) != 0 ) ) {
934
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
935
+        return( SECFailure );
936
+    }
937
+
938
+
939
+    /******************************************************/
940
+    /* AES-CBC Single-Round Known Answer Decryption Test. */
941
+    /******************************************************/
942
+
943
+    aes_context = AES_CreateContext( aes_known_key,
944
+                                     aes_cbc_known_initialization_vector,
945
+                                     NSS_AES_CBC, PR_FALSE, aes_key_size, 
946
+                                     FIPS_AES_BLOCK_SIZE );
947
+
948
+    if( aes_context == NULL ) {
949
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
950
+        return( SECFailure );
951
+    }
952
+
953
+    aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
954
+                              &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
955
+                              aes_cbc_known_ciphertext,
956
+                              FIPS_AES_ENCRYPT_LENGTH );
957
+
958
+    AES_DestroyContext( aes_context, PR_TRUE );
959
+
960
+    if( ( aes_status != SECSuccess ) ||
961
+        ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
962
+        ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
963
+                       FIPS_AES_DECRYPT_LENGTH ) != 0 ) ) {
964
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
965
+        return( SECFailure );
966
+    }
967
+
968
+    return( SECSuccess );
969
+}
970
+
971
+/* Known Hash Message (512-bits).  Used for all hashes (incl. SHA-N [N>1]). */
972
+static const PRUint8 known_hash_message[] = {
973
+  "The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
974
+
975
+
976
+static SECStatus
977
+freebl_fips_MD2_PowerUpSelfTest( void )
978
+{
979
+    /* MD2 Known Digest Message (128-bits). */
980
+    static const PRUint8 md2_known_digest[]  = {
981
+                                   0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17,
982
+                                   0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b};
983
+
984
+    /* MD2 variables. */
985
+    MD2Context * md2_context;
986
+    unsigned int md2_bytes_hashed;
987
+    PRUint8      md2_computed_digest[MD2_LENGTH];
988
+
989
+
990
+    /***********************************************/
991
+    /* MD2 Single-Round Known Answer Hashing Test. */
992
+    /***********************************************/
993
+
994
+    md2_context = MD2_NewContext();
995
+
996
+    if( md2_context == NULL ) {
997
+        PORT_SetError( SEC_ERROR_NO_MEMORY ); 
998
+        return( SECFailure );
999
+    }
1000
+
1001
+    MD2_Begin( md2_context );
1002
+
1003
+    MD2_Update( md2_context, known_hash_message,
1004
+                FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1005
+
1006
+    MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH );
1007
+
1008
+    MD2_DestroyContext( md2_context , PR_TRUE );
1009
+    
1010
+    if( ( md2_bytes_hashed != MD2_LENGTH ) ||
1011
+        ( PORT_Memcmp( md2_computed_digest, md2_known_digest,
1012
+                       MD2_LENGTH ) != 0 ) ) {
1013
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1014
+        return( SECFailure );
1015
+    }
1016
+
1017
+    return( SECSuccess );
1018
+}
1019
+
1020
+
1021
+static SECStatus
1022
+freebl_fips_MD5_PowerUpSelfTest( void )
1023
+{
1024
+    /* MD5 Known Digest Message (128-bits). */
1025
+    static const PRUint8 md5_known_digest[]  = {
1026
+				   0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28,
1027
+				   0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d};
1028
+
1029
+    /* MD5 variables. */
1030
+    PRUint8        md5_computed_digest[MD5_LENGTH];
1031
+    SECStatus      md5_status;
1032
+
1033
+
1034
+    /***********************************************/
1035
+    /* MD5 Single-Round Known Answer Hashing Test. */
1036
+    /***********************************************/
1037
+
1038
+    md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message,
1039
+                              FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1040
+
1041
+    if( ( md5_status != SECSuccess ) ||
1042
+        ( PORT_Memcmp( md5_computed_digest, md5_known_digest,
1043
+                       MD5_LENGTH ) != 0 ) ) {
1044
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1045
+        return( SECFailure );
1046
+    }
1047
+
1048
+    return( SECSuccess );
1049
+}
1050
+
1051
+/****************************************************/
1052
+/* Single Round HMAC SHA-X test                     */
1053
+/****************************************************/
1054
+static SECStatus
1055
+freebl_fips_HMAC(unsigned char *hmac_computed,
1056
+               const PRUint8 *secret_key,
1057
+               unsigned int secret_key_length,
1058
+               const PRUint8 *message,
1059
+               unsigned int message_length,
1060
+               HASH_HashType hashAlg )
1061
+{
1062
+    SECStatus hmac_status = SECFailure;
1063
+    HMACContext *cx = NULL;
1064
+    SECHashObject *hashObj = NULL;
1065
+    unsigned int bytes_hashed = 0;
1066
+
1067
+    hashObj = (SECHashObject *) HASH_GetRawHashObject(hashAlg);
1068
+ 
1069
+    if (!hashObj) 
1070
+        return( SECFailure );
1071
+
1072
+    cx = HMAC_Create(hashObj, secret_key, 
1073
+                     secret_key_length, 
1074
+                     PR_TRUE);  /* PR_TRUE for in FIPS mode */
1075
+
1076
+    if (cx == NULL) 
1077
+        return( SECFailure );
1078
+
1079
+    HMAC_Begin(cx);
1080
+    HMAC_Update(cx, message, message_length);
1081
+    hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed, 
1082
+                              hashObj->length);
1083
+
1084
+    HMAC_Destroy(cx, PR_TRUE);
1085
+
1086
+    return( hmac_status );
1087
+}
1088
+
1089
+static SECStatus
1090
+freebl_fips_HMAC_PowerUpSelfTest( void )
1091
+{
1092
+    static const PRUint8 HMAC_known_secret_key[] = {
1093
+                         "Firefox and ThunderBird are awesome!"};
1094
+
1095
+    static const PRUint8 HMAC_known_secret_key_length 
1096
+                         = sizeof HMAC_known_secret_key;
1097
+
1098
+    /* known SHA1 hmac (20 bytes) */
1099
+    static const PRUint8 known_SHA1_hmac[] = {
1100
+        0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05, 
1101
+        0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e, 
1102
+        0x5d, 0x0e, 0x1e, 0x11};
1103
+
1104
+    /* known SHA224 hmac (28 bytes) */
1105
+    static const PRUint8 known_SHA224_hmac[] = {
1106
+        0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb, 
1107
+        0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
1108
+        0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
1109
+        0x9a, 0xb8, 0x98, 0x4e};
1110
+
1111
+    /* known SHA256 hmac (32 bytes) */
1112
+    static const PRUint8 known_SHA256_hmac[] = {
1113
+        0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44, 
1114
+        0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0, 
1115
+        0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9, 
1116
+        0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48};        
1117
+
1118
+    /* known SHA384 hmac (48 bytes) */
1119
+    static const PRUint8 known_SHA384_hmac[] = {
1120
+        0xcd, 0x56, 0x14, 0xec, 0x05, 0x53, 0x06, 0x2b,
1121
+        0x7e, 0x9c, 0x8a, 0x18, 0x5e, 0xea, 0xf3, 0x91,
1122
+        0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b,
1123
+        0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d,
1124
+        0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa,
1125
+        0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87};
1126
+
1127
+    /* known SHA512 hmac (64 bytes) */
1128
+    static const PRUint8 known_SHA512_hmac[] = {
1129
+        0xf6, 0x0e, 0x97, 0x12, 0x00, 0x67, 0x6e, 0xb9,
1130
+        0x0c, 0xb2, 0x63, 0xf0, 0x60, 0xac, 0x75, 0x62,
1131
+        0x70, 0x95, 0x2a, 0x52, 0x22, 0xee, 0xdd, 0xd2,
1132
+        0x71, 0xb1, 0xe8, 0x26, 0x33, 0xd3, 0x13, 0x27,
1133
+        0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb,
1134
+        0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1,
1135
+        0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4,
1136
+        0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37};
1137
+
1138
+    SECStatus    hmac_status;
1139
+    PRUint8      hmac_computed[HASH_LENGTH_MAX]; 
1140
+
1141
+    /***************************************************/
1142
+    /* HMAC SHA-1 Single-Round Known Answer HMAC Test. */
1143
+    /***************************************************/
1144
+
1145
+    hmac_status = freebl_fips_HMAC(hmac_computed, 
1146
+                                 HMAC_known_secret_key,
1147
+                                 HMAC_known_secret_key_length,
1148
+                                 known_hash_message,
1149
+                                 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
1150
+                                 HASH_AlgSHA1); 
1151
+
1152
+    if( ( hmac_status != SECSuccess ) || 
1153
+        ( PORT_Memcmp( hmac_computed, known_SHA1_hmac,
1154
+                       SHA1_LENGTH ) != 0 ) ) {
1155
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1156
+        return( SECFailure );
1157
+    }
1158
+
1159
+    /***************************************************/
1160
+    /* HMAC SHA-224 Single-Round Known Answer Test.    */
1161
+    /***************************************************/
1162
+
1163
+    hmac_status = freebl_fips_HMAC(hmac_computed, 
1164
+                                 HMAC_known_secret_key,
1165
+                                 HMAC_known_secret_key_length,
1166
+                                 known_hash_message,
1167
+                                 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
1168
+                                 HASH_AlgSHA224);
1169
+
1170
+    if( ( hmac_status != SECSuccess ) || 
1171
+        ( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
1172
+                       SHA224_LENGTH ) != 0 ) ) {
1173
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1174
+        return( SECFailure );
1175
+    }
1176
+
1177
+    /***************************************************/
1178
+    /* HMAC SHA-256 Single-Round Known Answer Test.    */
1179
+    /***************************************************/
1180
+
1181
+    hmac_status = freebl_fips_HMAC(hmac_computed, 
1182
+                                 HMAC_known_secret_key,
1183
+                                 HMAC_known_secret_key_length,
1184
+                                 known_hash_message,
1185
+                                 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
1186
+                                 HASH_AlgSHA256); 
1187
+
1188
+    if( ( hmac_status != SECSuccess ) || 
1189
+        ( PORT_Memcmp( hmac_computed, known_SHA256_hmac,
1190
+                       SHA256_LENGTH ) != 0 ) ) {
1191
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1192
+        return( SECFailure );
1193
+    }
1194
+
1195
+    /***************************************************/
1196
+    /* HMAC SHA-384 Single-Round Known Answer Test.    */
1197
+    /***************************************************/
1198
+
1199
+    hmac_status = freebl_fips_HMAC(hmac_computed,
1200
+                                 HMAC_known_secret_key,
1201
+                                 HMAC_known_secret_key_length,
1202
+                                 known_hash_message,
1203
+                                 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
1204
+                                 HASH_AlgSHA384);
1205
+
1206
+    if( ( hmac_status != SECSuccess ) ||
1207
+        ( PORT_Memcmp( hmac_computed, known_SHA384_hmac,
1208
+                       SHA384_LENGTH ) != 0 ) ) {
1209
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1210
+        return( SECFailure );
1211
+    }
1212
+
1213
+    /***************************************************/
1214
+    /* HMAC SHA-512 Single-Round Known Answer Test.    */
1215
+    /***************************************************/
1216
+
1217
+    hmac_status = freebl_fips_HMAC(hmac_computed,
1218
+                                 HMAC_known_secret_key,
1219
+                                 HMAC_known_secret_key_length,
1220
+                                 known_hash_message,
1221
+                                 FIPS_KNOWN_HASH_MESSAGE_LENGTH,
1222
+                                 HASH_AlgSHA512);
1223
+
1224
+    if( ( hmac_status != SECSuccess ) ||
1225
+        ( PORT_Memcmp( hmac_computed, known_SHA512_hmac,
1226
+                       SHA512_LENGTH ) != 0 ) ) {
1227
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1228
+        return( SECFailure );
1229
+    }
1230
+
1231
+    return( SECSuccess );
1232
+}
1233
+
1234
+static SECStatus
1235
+freebl_fips_SHA_PowerUpSelfTest( void )
1236
+{
1237
+    /* SHA-1 Known Digest Message (160-bits). */
1238
+    static const PRUint8 sha1_known_digest[] = {
1239
+			       0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
1240
+			       0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
1241
+			       0xe0,0x68,0x47,0x7a};
1242
+
1243
+    /* SHA-224 Known Digest Message (224-bits). */
1244
+    static const PRUint8 sha224_known_digest[] = {
1245
+        0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
1246
+        0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f, 
1247
+        0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f, 
1248
+        0x8e,0x08,0xe5,0xcb};
1249
+
1250
+    /* SHA-256 Known Digest Message (256-bits). */
1251
+    static const PRUint8 sha256_known_digest[] = {
1252
+        0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
1253
+        0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d,
1254
+        0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9,
1255
+        0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79};
1256
+ 
1257
+    /* SHA-384 Known Digest Message (384-bits). */
1258
+    static const PRUint8 sha384_known_digest[] = {
1259
+        0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3,
1260
+        0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe,
1261
+        0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8,
1262
+        0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b,
1263
+        0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3,
1264
+        0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72};
1265
+
1266
+    /* SHA-512 Known Digest Message (512-bits). */
1267
+    static const PRUint8 sha512_known_digest[] = {
1268
+        0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf,
1269
+        0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb,
1270
+        0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99,
1271
+        0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28,
1272
+        0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12,
1273
+        0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f,
1274
+        0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a,
1275
+        0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07};
1276
+
1277
+    /* SHA-X variables. */
1278
+    PRUint8        sha_computed_digest[HASH_LENGTH_MAX];
1279
+    SECStatus      sha_status;
1280
+
1281
+    /*************************************************/
1282
+    /* SHA-1 Single-Round Known Answer Hashing Test. */
1283
+    /*************************************************/
1284
+
1285
+    sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message,
1286
+                                FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1287
+ 
1288
+    if( ( sha_status != SECSuccess ) ||
1289
+        ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
1290
+                       SHA1_LENGTH ) != 0 ) ) {
1291
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1292
+        return( SECFailure );
1293
+    }
1294
+
1295
+    /***************************************************/
1296
+    /* SHA-224 Single-Round Known Answer Hashing Test. */
1297
+    /***************************************************/
1298
+
1299
+    sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
1300
+                                FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1301
+
1302
+    if( ( sha_status != SECSuccess ) ||
1303
+        ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
1304
+                       SHA224_LENGTH ) != 0 ) ) {
1305
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1306
+        return( SECFailure );
1307
+    }
1308
+
1309
+    /***************************************************/
1310
+    /* SHA-256 Single-Round Known Answer Hashing Test. */
1311
+    /***************************************************/
1312
+
1313
+    sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message,
1314
+                                FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1315
+
1316
+    if( ( sha_status != SECSuccess ) ||
1317
+        ( PORT_Memcmp( sha_computed_digest, sha256_known_digest,
1318
+                       SHA256_LENGTH ) != 0 ) ) {
1319
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1320
+        return( SECFailure );
1321
+    }
1322
+
1323
+    /***************************************************/
1324
+    /* SHA-384 Single-Round Known Answer Hashing Test. */
1325
+    /***************************************************/
1326
+
1327
+    sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message,
1328
+                                FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1329
+
1330
+    if( ( sha_status != SECSuccess ) ||
1331
+        ( PORT_Memcmp( sha_computed_digest, sha384_known_digest,
1332
+                       SHA384_LENGTH ) != 0 ) ) {
1333
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1334
+        return( SECFailure );
1335
+    }
1336
+
1337
+    /***************************************************/
1338
+    /* SHA-512 Single-Round Known Answer Hashing Test. */
1339
+    /***************************************************/
1340
+
1341
+    sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message,
1342
+                                FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1343
+
1344
+    if( ( sha_status != SECSuccess ) ||
1345
+        ( PORT_Memcmp( sha_computed_digest, sha512_known_digest,
1346
+                       SHA512_LENGTH ) != 0 ) ) {
1347
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1348
+        return( SECFailure );
1349
+    }
1350
+
1351
+    return( SECSuccess );
1352
+}
1353
+
1354
+
1355
+static SECStatus
1356
+freebl_fips_RSA_PowerUpSelfTest( void )
1357
+{
1358
+    /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */
1359
+    static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
1360
+                            0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
1361
+                            0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
1362
+                            0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
1363
+                            0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
1364
+                            0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
1365
+                            0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
1366
+                            0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
1367
+                            0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
1368
+                            0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
1369
+                            0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
1370
+                            0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
1371
+                            0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
1372
+                            0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
1373
+                            0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
1374
+                            0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
1375
+                            0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
1376
+                            0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
1377
+                            0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
1378
+                            0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
1379
+                            0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
1380
+                            0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
1381
+                            0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
1382
+                            0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
1383
+                            0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
1384
+                            0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
1385
+                            0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
1386
+                            0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
1387
+                            0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
1388
+                            0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
1389
+                            0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
1390
+                            0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
1391
+                            0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b};
1392
+
1393
+    /* RSA Known Public Key Values (24-bits). */
1394
+    static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] 
1395
+                                                       = { 0x01, 0x00, 0x01 };
1396
+    /* RSA Known Private Key Values (version                 is    8-bits), */
1397
+    /*                              (private exponent        is 2048-bits), */
1398
+    /*                              (private prime0          is 1024-bits), */
1399
+    /*                              (private prime1          is 1024-bits), */
1400
+    /*                              (private prime exponent0 is 1024-bits), */
1401
+    /*                              (private prime exponent1 is 1024-bits), */
1402
+    /*                          and (private coefficient     is 1024-bits). */
1403
+    static const PRUint8 rsa_version[] = { 0x00 };
1404
+
1405
+    static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH]
1406
+                         = {0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
1407
+                            0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
1408
+                            0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
1409
+                            0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
1410
+                            0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
1411
+                            0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
1412
+                            0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
1413
+                            0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
1414
+                            0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
1415
+                            0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
1416
+                            0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
1417
+                            0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
1418
+                            0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
1419
+                            0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
1420
+                            0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
1421
+                            0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
1422
+                            0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
1423
+                            0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
1424
+                            0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
1425
+                            0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
1426
+                            0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
1427
+                            0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
1428
+                            0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
1429
+                            0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
1430
+                            0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
1431
+                            0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
1432
+                            0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
1433
+                            0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
1434
+                            0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
1435
+                            0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
1436
+                            0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
1437
+                            0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81 };
1438
+
1439
+    static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH]   = {
1440
+                            0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
1441
+                            0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
1442
+                            0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
1443
+                            0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
1444
+                            0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
1445
+                            0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
1446
+                            0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
1447
+                            0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
1448
+                            0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
1449
+                            0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
1450
+                            0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
1451
+                            0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
1452
+                            0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
1453
+                            0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
1454
+                            0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
1455
+                            0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05};
1456
+    static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH]   = {
1457
+                            0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
1458
+                            0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
1459
+                            0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
1460
+                            0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
1461
+                            0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
1462
+                            0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
1463
+                            0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
1464
+                            0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
1465
+                            0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
1466
+                            0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
1467
+                            0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
1468
+                            0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
1469
+                            0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
1470
+                            0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
1471
+                            0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
1472
+                            0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf};
1473
+    static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
1474
+                            0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
1475
+                            0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
1476
+                            0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
1477
+                            0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
1478
+                            0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
1479
+                            0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
1480
+                            0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
1481
+                            0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
1482
+                            0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
1483
+                            0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
1484
+                            0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
1485
+                            0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
1486
+                            0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
1487
+                            0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
1488
+                            0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
1489
+                            0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d};
1490
+    static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
1491
+                            0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
1492
+                            0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
1493
+                            0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
1494
+                            0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
1495
+                            0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
1496
+                            0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
1497
+                            0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
1498
+                            0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
1499
+                            0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
1500
+                            0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
1501
+                            0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
1502
+                            0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
1503
+                            0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
1504
+                            0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
1505
+                            0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
1506
+                            0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59};
1507
+    static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
1508
+                            0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
1509
+                            0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
1510
+                            0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
1511
+                            0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
1512
+                            0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
1513
+                            0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
1514
+                            0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
1515
+                            0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
1516
+                            0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
1517
+                            0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
1518
+                            0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
1519
+                            0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
1520
+                            0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
1521
+                            0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
1522
+                            0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
1523
+                            0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02};
1524
+
1525
+    /* RSA Known Plaintext Message (1024-bits). */
1526
+    static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
1527
+                                         "Known plaintext message utilized"
1528
+                                         "for RSA Encryption &  Decryption"
1529
+                                         "blocks SHA256, SHA384  and      "
1530
+                                         "SHA512 RSA Signature KAT tests. "
1531
+                                         "Known plaintext message utilized"
1532
+                                         "for RSA Encryption &  Decryption"
1533
+                                         "blocks SHA256, SHA384  and      "
1534
+                                         "SHA512 RSA Signature KAT  tests."};
1535
+
1536
+    /* RSA Known Ciphertext (2048-bits). */
1537
+    static const PRUint8 rsa_known_ciphertext[] = {
1538
+                            0x04, 0x12, 0x46, 0xe3, 0x6a, 0xee, 0xde, 0xdd,
1539
+                            0x49, 0xa1, 0xd9, 0x83, 0xf7, 0x35, 0xf9, 0x70,
1540
+                            0x88, 0x03, 0x2d, 0x01, 0x8b, 0xd1, 0xbf, 0xdb,
1541
+                            0xe5, 0x1c, 0x85, 0xbe, 0xb5, 0x0b, 0x48, 0x45,
1542
+                            0x7a, 0xf0, 0xa0, 0xe3, 0xa2, 0xbb, 0x4b, 0xf6,
1543
+                            0x27, 0xd0, 0x1b, 0x12, 0xe3, 0x77, 0x52, 0x34,
1544
+                            0x9e, 0x8e, 0x03, 0xd2, 0xf8, 0x79, 0x6e, 0x39,
1545
+                            0x79, 0x53, 0x3c, 0x44, 0x14, 0x94, 0xbb, 0x8d,
1546
+                            0xaa, 0x14, 0x44, 0xa0, 0x7b, 0xa5, 0x8c, 0x93,
1547
+                            0x5f, 0x99, 0xa4, 0xa3, 0x6e, 0x7a, 0x38, 0x40,
1548
+                            0x78, 0xfa, 0x36, 0x91, 0x5e, 0x9a, 0x9c, 0xba,
1549
+                            0x1e, 0xd4, 0xf9, 0xda, 0x4b, 0x0f, 0xa8, 0xa3,
1550
+                            0x1c, 0xf3, 0x3a, 0xd1, 0xa5, 0xb4, 0x51, 0x16,
1551
+                            0xed, 0x4b, 0xcf, 0xec, 0x93, 0x7b, 0x90, 0x21,
1552
+                            0xbc, 0x3a, 0xf4, 0x0b, 0xd1, 0x3a, 0x2b, 0xba,
1553
+                            0xa6, 0x7d, 0x5b, 0x53, 0xd8, 0x64, 0xf9, 0x29,
1554
+                            0x7b, 0x7f, 0x77, 0x3e, 0x51, 0x4c, 0x9a, 0x94,
1555
+                            0xd2, 0x4b, 0x4a, 0x8d, 0x61, 0x74, 0x97, 0xae,
1556
+                            0x53, 0x6a, 0xf4, 0x90, 0xc2, 0x2c, 0x49, 0xe2,
1557
+                            0xfa, 0xeb, 0x91, 0xc5, 0xe5, 0x83, 0x13, 0xc9,
1558
+                            0x44, 0x4b, 0x95, 0x2c, 0x57, 0x70, 0x15, 0x5c,
1559
+                            0x64, 0x8d, 0x1a, 0xfd, 0x2a, 0xc7, 0xb2, 0x9c,
1560
+                            0x5c, 0x99, 0xd3, 0x4a, 0xfd, 0xdd, 0xf6, 0x82,
1561
+                            0x87, 0x8c, 0x5a, 0xc4, 0xa8, 0x0d, 0x2a, 0xef,
1562
+                            0xc3, 0xa2, 0x7e, 0x8e, 0x67, 0x9f, 0x6f, 0x63,
1563
+                            0xdb, 0xbb, 0x1d, 0x31, 0xc4, 0xbb, 0xbc, 0x13,
1564
+                            0x3f, 0x54, 0xc6, 0xf6, 0xc5, 0x28, 0x32, 0xab,
1565
+                            0x96, 0x42, 0x10, 0x36, 0x40, 0x92, 0xbb, 0x57,
1566
+                            0x55, 0x38, 0xf5, 0x43, 0x7e, 0x43, 0xc4, 0x65,
1567
+                            0x47, 0x64, 0xaa, 0x0f, 0x4c, 0xe9, 0x49, 0x16,
1568
+                            0xec, 0x6a, 0x50, 0xfd, 0x14, 0x49, 0xca, 0xdb,
1569
+                            0x44, 0x54, 0xca, 0xbe, 0xa3, 0x0e, 0x5f, 0xef};
1570
+
1571
+
1572
+    static const RSAPublicKey    bl_public_key = { NULL,
1573
+      { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,         
1574
+                                        FIPS_RSA_MODULUS_LENGTH },
1575
+      { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent, 
1576
+                                        FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
1577
+    };
1578
+    static const RSAPrivateKey   bl_private_key = { NULL,
1579
+      { FIPS_RSA_TYPE, (unsigned char *)rsa_version,          
1580
+                                        FIPS_RSA_PRIVATE_VERSION_LENGTH },
1581
+      { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,          
1582
+                                        FIPS_RSA_MODULUS_LENGTH },
1583
+      { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,  
1584
+                                        FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
1585
+      { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent, 
1586
+                                        FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
1587
+      { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,           
1588
+                                        FIPS_RSA_PRIME0_LENGTH },
1589
+      { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,           
1590
+                                        FIPS_RSA_PRIME1_LENGTH },
1591
+      { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,        
1592
+                                        FIPS_RSA_EXPONENT0_LENGTH },
1593
+      { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,        
1594
+                                        FIPS_RSA_EXPONENT1_LENGTH },
1595
+      { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,      
1596
+                                        FIPS_RSA_COEFFICIENT_LENGTH }
1597
+    };
1598
+
1599
+    /* RSA variables. */
1600
+    SECStatus             rsa_status;
1601
+    RSAPublicKey	 rsa_public_key;
1602
+    RSAPrivateKey	 rsa_private_key;
1603
+
1604
+    PRUint8               rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
1605
+    PRUint8               rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
1606
+
1607
+    rsa_public_key = bl_public_key;
1608
+    rsa_private_key = bl_private_key;
1609
+
1610
+    /**************************************************/
1611
+    /* RSA Single-Round Known Answer Encryption Test. */
1612
+    /**************************************************/
1613
+
1614
+    /* Perform RSA Public Key Encryption. */
1615
+    rsa_status = RSA_PublicKeyOp(&rsa_public_key,
1616
+                                 rsa_computed_ciphertext,
1617
+                                 rsa_known_plaintext_msg);
1618
+
1619
+    if( ( rsa_status != SECSuccess ) ||
1620
+        ( PORT_Memcmp( rsa_computed_ciphertext, rsa_known_ciphertext,
1621
+                       FIPS_RSA_ENCRYPT_LENGTH ) != 0 ) )
1622
+        goto rsa_loser;
1623
+
1624
+    /**************************************************/
1625
+    /* RSA Single-Round Known Answer Decryption Test. */
1626
+    /**************************************************/
1627
+
1628
+    /* Perform RSA Private Key Decryption. */
1629
+    rsa_status = RSA_PrivateKeyOp(&rsa_private_key,
1630
+                                  rsa_computed_plaintext,
1631
+                                  rsa_known_ciphertext);
1632
+
1633
+    if( ( rsa_status != SECSuccess ) ||
1634
+        ( PORT_Memcmp( rsa_computed_plaintext, rsa_known_plaintext_msg,
1635
+                       FIPS_RSA_DECRYPT_LENGTH ) != 0 ) )
1636
+        goto rsa_loser;
1637
+
1638
+    return( SECSuccess );
1639
+
1640
+rsa_loser:
1641
+
1642
+    PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1643
+    return( SECFailure );
1644
+}
1645
+
1646
+#ifdef NSS_ENABLE_ECC
1647
+
1648
+static SECStatus
1649
+freebl_fips_ECDSA_Test(ECParams *ecparams, 
1650
+                     const PRUint8 *knownSignature, 
1651
+                     unsigned int knownSignatureLen) {
1652
+
1653
+    /* ECDSA Known Seed info for curves nistp256 and nistk283  */
1654
+    static const PRUint8 ecdsa_Known_Seed[] = {
1655
+                            0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
1656
+                            0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
1657
+                            0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
1658
+                            0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f};
1659
+
1660
+    static const PRUint8 msg[] = {
1661
+                            "Firefox and ThunderBird are awesome!"};
1662
+
1663
+    unsigned char sha1[SHA1_LENGTH];  /* SHA-1 hash (160 bits) */
1664
+    unsigned char sig[2*MAX_ECKEY_LEN];
1665
+    SECItem signature, digest;
1666
+    ECPrivateKey *ecdsa_private_key = NULL;
1667
+    ECPublicKey ecdsa_public_key;
1668
+    SECStatus ecdsaStatus = SECSuccess;
1669
+
1670
+    /* Generates a new EC key pair. The private key is a supplied
1671
+     * random value (in seed) and the public key is the result of 
1672
+     * performing a scalar point multiplication of that value with 
1673
+     * the curve's base point.
1674
+     */
1675
+    ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key, 
1676
+                                   ecdsa_Known_Seed, 
1677
+                                   sizeof(ecdsa_Known_Seed));
1678
+    if (ecdsaStatus != SECSuccess) {
1679
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1680
+        return( SECFailure );
1681
+    }
1682
+
1683
+    /* construct public key from private key. */
1684
+    ecdsa_public_key.ecParams = ecdsa_private_key->ecParams;
1685
+    ecdsa_public_key.publicValue = ecdsa_private_key->publicValue;
1686
+
1687
+    /* validate public key value */
1688
+    ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams, 
1689
+                                       &ecdsa_public_key.publicValue);
1690
+    if (ecdsaStatus != SECSuccess) {
1691
+        goto loser;
1692
+    }
1693
+
1694
+    /* validate public key value */
1695
+    ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams, 
1696
+                                       &ecdsa_private_key->publicValue);
1697
+    if (ecdsaStatus != SECSuccess) {
1698
+        goto loser;
1699
+    }
1700
+
1701
+    /***************************************************/
1702
+    /* ECDSA Single-Round Known Answer Signature Test. */
1703
+    /***************************************************/
1704
+    
1705
+    ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg);
1706
+    if (ecdsaStatus != SECSuccess) {
1707
+        goto loser;
1708
+    }
1709
+    digest.type = siBuffer;
1710
+    digest.data = sha1;
1711
+    digest.len = SHA1_LENGTH;
1712
+    
1713
+    memset(sig, 0, sizeof sig);
1714
+    signature.type = siBuffer;
1715
+    signature.data = sig;
1716
+    signature.len = sizeof sig;
1717
+    
1718
+    ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature, 
1719
+                         &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed);
1720
+    if (ecdsaStatus != SECSuccess) {
1721
+        goto loser;
1722
+    }
1723
+
1724
+    if( ( signature.len != knownSignatureLen ) ||
1725
+        ( PORT_Memcmp( signature.data, knownSignature,
1726
+                    knownSignatureLen ) != 0 ) ) {
1727
+        ecdsaStatus = SECFailure;
1728
+        goto loser;
1729
+    }
1730
+    
1731
+    /******************************************************/
1732
+    /* ECDSA Single-Round Known Answer Verification Test. */
1733
+    /******************************************************/
1734
+
1735
+    /* Perform ECDSA verification process. */
1736
+    ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest);
1737
+
1738
+loser:
1739
+    /* free the memory for the private key arena*/
1740
+    if (ecdsa_private_key != NULL) {
1741
+        PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE);
1742
+    }
1743
+
1744
+    if (ecdsaStatus != SECSuccess) {
1745
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
1746
+        return( SECFailure );
1747
+    }
1748
+    return( SECSuccess );
1749
+}
1750
+
1751
+static SECStatus
1752
+freebl_fips_ECDSA_PowerUpSelfTest() {
1753
+    
1754
+    /* ECDSA Known curve nistp256 == ECCCurve_X9_62_PRIME_256V1 params */
1755
+    static const unsigned char p256_prime[] = {
1756
+	0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,
1757
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
1758
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
1759
+    static const unsigned char p256_a[] = {
1760
+	0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,
1761
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
1762
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFC};
1763
+    static const unsigned char p256_b[] = {
1764
+	0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB,0xBD,0x55,0x76,
1765
+	0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,0x3B,0xCE,
1766
+	0x3C,0x3E,0x27,0xD2,0x60,0x4B};
1767
+    static const unsigned char p256_base[] = { 0x04,
1768
+	0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC,0xE6,0xE5,0x63,
1769
+	0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,0xF4,0xA1,
1770
+	0x39,0x45,0xD8,0x98,0xC2,0x96,
1771
+	0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,0x8E,0xE7,0xEB,0x4A,0x7C,
1772
+	0x0F,0x9E,0x16,0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,0xCB,0xB6,
1773
+	0x40,0x68,0x37,0xBF,0x51,0xF5};
1774
+    static const unsigned char p256_order[] = {
1775
+	0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,
1776
+	0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,0xF3,0xB9,
1777
+	0xCA,0xC2,0xFC,0x63,0x25,0x51};
1778
+    static const unsigned char p256_encoding[] = {
1779
+	0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03, 0x01,0x07 };
1780
+    static const ECParams ecdsa_known_P256_Params = {
1781
+		NULL, ec_params_named,       /* arena, type */
1782
+		/* fieldID */ 
1783
+                {   256 , ec_field_GFp,   /* size and type */
1784
+		    {{siBuffer, p256_prime, sizeof(p256_prime)}}, /* u.prime */
1785
+		    0, 0, 0 },
1786
+		/* curve */
1787
+		{ 
1788
+		/* a = curvea b = curveb */
1789
+		    /* curve.a */
1790
+		    { siBuffer, p256_a, sizeof(p256_a) },
1791
+		    /* curve.b */
1792
+		    { siBuffer, p256_b, sizeof(p256_b) },
1793
+		    /* curve.seed */
1794
+		    { siBuffer, NULL, 0}
1795
+		},
1796
+		/* base  = 04xy*/
1797
+		{ siBuffer, p256_base, sizeof(p256_base) },
1798
+		/* order */
1799
+		{ siBuffer, p256_order, sizeof(p256_order) },
1800
+		1,/* cofactor */
1801
+		/* DEREncoding */
1802
+		{ siBuffer, p256_encoding, sizeof(p256_encoding)}, 
1803
+		ECCurve_X9_62_PRIME_256V1,
1804
+		/* curveOID */
1805
+		{ siBuffer, p256_encoding+2, sizeof(p256_encoding)-2}, 
1806
+    };
1807
+	
1808
+
1809
+    static const PRUint8 ecdsa_known_P256_signature[] = {
1810
+                            0x07,0xb1,0xcb,0x57,0x20,0xa7,0x10,0xd6, 
1811
+                            0x9d,0x37,0x4b,0x1c,0xdc,0x35,0x90,0xff, 
1812
+                            0x1a,0x2d,0x98,0x95,0x1b,0x2f,0xeb,0x7f, 
1813
+                            0xbb,0x81,0xca,0xc0,0x69,0x75,0xea,0xc5,
1814
+                            0x59,0x6a,0x62,0x49,0x3d,0x50,0xc9,0xe1, 
1815
+                            0x27,0x3b,0xff,0x9b,0x13,0x66,0x67,0xdd, 
1816
+                            0x7d,0xd1,0x0d,0x2d,0x7c,0x44,0x04,0x1b, 
1817
+                            0x16,0x21,0x12,0xc5,0xcb,0xbd,0x9e,0x75};
1818
+
1819
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
1820
+    /* ECDSA Known curve nistk283 == SEC_OID_SECG_EC_SECT283K1 params */
1821
+    static const unsigned char k283_poly[] = {
1822
+	0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1823
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1824
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10,0xA1};
1825
+    static const unsigned char k283_a[] = {
1826
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1827
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1828
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
1829
+    static const unsigned char k283_b[] = {
1830
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1831
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
1832
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01};
1833
+    static const unsigned char k283_base[] = { 0x04,
1834
+	0x05,0x03,0x21,0x3F,0x78,0xCA,0x44,0x88,0x3F,0x1A,0x3B,0x81,0x62,
1835
+	0xF1,0x88,0xE5,0x53,0xCD,0x26,0x5F,0x23,0xC1,0x56,0x7A,0x16,0x87,
1836
+	0x69,0x13,0xB0,0xC2,0xAC,0x24,0x58,0x49,0x28,0x36,
1837
+        0x01,0xCC,0xDA,0x38,0x0F,0x1C,0x9E,0x31,0x8D,0x90,0xF9,0x5D,0x07,
1838
+	0xE5,0x42,0x6F,0xE8,0x7E,0x45,0xC0,0xE8,0x18,0x46,0x98,0xE4,0x59,
1839
+	0x62,0x36,0x4E,0x34,0x11,0x61,0x77,0xDD,0x22,0x59};
1840
+    static const unsigned char k283_order[] = {
1841
+ 	0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
1842
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xE9,0xAE,0x2E,0xD0,0x75,0x77,0x26,0x5D,
1843
+	0xFF,0x7F,0x94,0x45,0x1E,0x06,0x1E,0x16,0x3C,0x61};
1844
+    static const PRUint8 k283_encoding[] = {
1845
+	0x06,0x05,0x2b,0x81,0x04,0x00,0x10};
1846
+
1847
+    static const ECParams ecdsa_known_K283_Params = {
1848
+		NULL, ec_params_named,       /* arena, type */
1849
+		/* fieldID */ 
1850
+                {   283 , ec_field_GF2m,   /* size and type */
1851
+		    {{siBuffer, p283_poly, sizeof(p283_poly)}},   /* u.poly */
1852
+		    0, 0, 0 },
1853
+		/* curve */
1854
+		{ 
1855
+		/* a = curvea b = curveb */
1856
+		    /* curve.a */
1857
+		    { siBuffer, p283_a, sizeof(p283_a) },
1858
+		    /* curve.b */
1859
+		    { siBuffer, p283_b, sizeof(p283_b) },
1860
+		    /* curve.seed */
1861
+		    { siBuffer, NULL, 0}
1862
+		},
1863
+		/* base  = 04xy*/
1864
+		{ siBuffer, p283_base, sizeof(p283_base) },
1865
+		/* order */
1866
+		{ siBuffer, p283_order, sizeof(p283_order) },
1867
+		4,/* cofactor */
1868
+		/* DEREncoding */
1869
+		{ siBuffer, k283_encoding, sizeof(k283_encoding)}, 
1870
+		/* name */
1871
+		ECCurve_SECG_CHAR2_283K1,
1872
+		/* curveOID */
1873
+		{ siBuffer, k283_encoding+2, sizeof(k283_encoding)-2}, 
1874
+    };
1875
+                         
1876
+    static const PRUint8 ecdsa_known_K283_signature[] = {
1877
+                            0x00,0x45,0x88,0xc0,0x79,0x09,0x07,0xd1, 
1878
+                            0x4e,0x88,0xe6,0xd5,0x2f,0x22,0x04,0x74, 
1879
+                            0x35,0x24,0x65,0xe8,0x15,0xde,0x90,0x66, 
1880
+                            0x94,0x70,0xdd,0x3a,0x14,0x70,0x02,0xd1,
1881
+                            0xef,0x86,0xbd,0x15,0x00,0xd9,0xdc,0xfc, 
1882
+                            0x87,0x2e,0x7c,0x99,0xe2,0xe3,0x79,0xb8, 
1883
+                            0xd9,0x10,0x49,0x78,0x4b,0x59,0x8b,0x05, 
1884
+                            0x77,0xec,0x6c,0xe8,0x35,0xe6,0x2e,0xa9,
1885
+                            0xf9,0x77,0x1f,0x71,0x86,0xa5,0x4a,0xd0};
1886
+#endif
1887
+    ECParams ecparams;
1888
+
1889
+    SECStatus rv;
1890
+
1891
+    /* ECDSA GF(p) prime field curve test */
1892
+    ecparams = ecdsa_known_P256_Params;
1893
+    rv = freebl_fips_ECDSA_Test(&ecparams,
1894
+                               ecdsa_known_P256_signature,
1895
+                               sizeof ecdsa_known_P256_signature );
1896
+    if (rv != SECSuccess) {
1897
+        return( SECFailure );
1898
+    }
1899
+
1900
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
1901
+    /* ECDSA GF(2m) binary field curve test */
1902
+    ecparams = ecdsa_known_K283_Params;
1903
+    rv = freebl_fips_ECDSA_Test(&ecparams,
1904
+                               ecdsa_known_K283_signature,
1905
+                               sizeof ecdsa_known_K283_signature );
1906
+    if (rv != SECSuccess) {
1907
+        return( SECFailure );
1908
+    }
1909
+#endif
1910
+
1911
+    return( SECSuccess );
1912
+}
1913
+
1914
+#endif    /* NSS_ENABLE_ECC */
1915
+
1916
+static SECStatus
1917
+freebl_fips_DSA_PowerUpSelfTest( void )
1918
+{
1919
+    /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */
1920
+    static const PRUint8 dsa_P[] = {
1921
+         0x80,0xb0,0xd1,0x9d,0x6e,0xa4,0xf3,0x28, 
1922
+         0x9f,0x24,0xa9,0x8a,0x49,0xd0,0x0c,0x63, 
1923
+         0xe8,0x59,0x04,0xf9,0x89,0x4a,0x5e,0xc0, 
1924
+         0x6d,0xd2,0x67,0x6b,0x37,0x81,0x83,0x0c,
1925
+         0xfe,0x3a,0x8a,0xfd,0xa0,0x3b,0x08,0x91, 
1926
+         0x1c,0xcb,0xb5,0x63,0xb0,0x1c,0x70,0xd0, 
1927
+         0xae,0xe1,0x60,0x2e,0x12,0xeb,0x54,0xc7, 
1928
+         0xcf,0xc6,0xcc,0xae,0x97,0x52,0x32,0x63,
1929
+         0xd3,0xeb,0x55,0xea,0x2f,0x4c,0xd5,0xd7, 
1930
+         0x3f,0xda,0xec,0x49,0x27,0x0b,0x14,0x56, 
1931
+         0xc5,0x09,0xbe,0x4d,0x09,0x15,0x75,0x2b, 
1932
+         0xa3,0x42,0x0d,0x03,0x71,0xdf,0x0f,0xf4,
1933
+         0x0e,0xe9,0x0c,0x46,0x93,0x3d,0x3f,0xa6, 
1934
+         0x6c,0xdb,0xca,0xe5,0xac,0x96,0xc8,0x64, 
1935
+         0x5c,0xec,0x4b,0x35,0x65,0xfc,0xfb,0x5a, 
1936
+         0x1b,0x04,0x1b,0xa1,0x0e,0xfd,0x88,0x15};
1937
+        
1938
+    static const PRUint8 dsa_Q[] = {
1939
+         0xad,0x22,0x59,0xdf,0xe5,0xec,0x4c,0x6e, 
1940
+         0xf9,0x43,0xf0,0x4b,0x2d,0x50,0x51,0xc6, 
1941
+         0x91,0x99,0x8b,0xcf};
1942
+        
1943
+    static const PRUint8 dsa_G[] = {
1944
+         0x78,0x6e,0xa9,0xd8,0xcd,0x4a,0x85,0xa4, 
1945
+         0x45,0xb6,0x6e,0x5d,0x21,0x50,0x61,0xf6, 
1946
+         0x5f,0xdf,0x5c,0x7a,0xde,0x0d,0x19,0xd3, 
1947
+         0xc1,0x3b,0x14,0xcc,0x8e,0xed,0xdb,0x17,
1948
+         0xb6,0xca,0xba,0x86,0xa9,0xea,0x51,0x2d, 
1949
+         0xc1,0xa9,0x16,0xda,0xf8,0x7b,0x59,0x8a, 
1950
+         0xdf,0xcb,0xa4,0x67,0x00,0x44,0xea,0x24, 
1951
+         0x73,0xe5,0xcb,0x4b,0xaf,0x2a,0x31,0x25,
1952
+         0x22,0x28,0x3f,0x16,0x10,0x82,0xf7,0xeb, 
1953
+         0x94,0x0d,0xdd,0x09,0x22,0x14,0x08,0x79, 
1954
+         0xba,0x11,0x0b,0xf1,0xff,0x2d,0x67,0xac, 
1955
+         0xeb,0xb6,0x55,0x51,0x69,0x97,0xa7,0x25,
1956
+         0x6b,0x9c,0xa0,0x9b,0xd5,0x08,0x9b,0x27, 
1957
+         0x42,0x1c,0x7a,0x69,0x57,0xe6,0x2e,0xed, 
1958
+         0xa9,0x5b,0x25,0xe8,0x1f,0xd2,0xed,0x1f, 
1959
+         0xdf,0xe7,0x80,0x17,0xba,0x0d,0x4d,0x38};
1960
+
1961
+    /* DSA Known Random Values (known random key block       is 160-bits)  */
1962
+    /*                     and (known random signature block is 160-bits). */
1963
+    static const PRUint8 dsa_known_random_key_block[] = {
1964
+                                                      "Mozilla Rules World!"};
1965
+    static const PRUint8 dsa_known_random_signature_block[] = {
1966
+                                                      "Random DSA Signature"};
1967
+
1968
+    /* DSA Known Digest (160-bits) */
1969
+    static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" };
1970
+
1971
+    /* DSA Known Signature (320-bits). */
1972
+    static const PRUint8 dsa_known_signature[] = {
1973
+        0x25,0x7c,0x3a,0x79,0x32,0x45,0xb7,0x32, 
1974
+        0x70,0xca,0x62,0x63,0x2b,0xf6,0x29,0x2c, 
1975
+        0x22,0x2a,0x03,0xce,0x48,0x15,0x11,0x72, 
1976
+        0x7b,0x7e,0xf5,0x7a,0xf3,0x10,0x3b,0xde,
1977
+        0x34,0xc1,0x9e,0xd7,0x27,0x9e,0x77,0x38};
1978
+
1979
+    /* DSA variables. */
1980
+    DSAPrivateKey *        dsa_private_key;
1981
+    SECStatus              dsa_status;
1982
+    SECItem                dsa_signature_item;
1983
+    SECItem                dsa_digest_item;
1984
+    DSAPublicKey           dsa_public_key;
1985
+    PRUint8                dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
1986
+    static const PQGParams dsa_pqg = { NULL,
1987
+			    { FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PRIME_LENGTH },
1988
+			    { FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SUBPRIME_LENGTH },
1989
+			    { FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BASE_LENGTH }};
1990
+
1991
+    /*******************************************/
1992
+    /* Generate a DSA public/private key pair. */
1993
+    /*******************************************/
1994
+
1995
+    /* Generate a DSA public/private key pair. */
1996
+    dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block,
1997
+                                    &dsa_private_key);
1998
+
1999
+    if( dsa_status != SECSuccess ) {
2000
+        PORT_SetError( SEC_ERROR_NO_MEMORY );
2001
+        return( SECFailure );
2002
+    }
2003
+
2004
+    /* construct public key from private key. */
2005
+    dsa_public_key.params      = dsa_private_key->params;
2006
+    dsa_public_key.publicValue = dsa_private_key->publicValue;
2007
+
2008
+    /*************************************************/
2009
+    /* DSA Single-Round Known Answer Signature Test. */
2010
+    /*************************************************/
2011
+
2012
+    dsa_signature_item.data = dsa_computed_signature;
2013
+    dsa_signature_item.len  = sizeof dsa_computed_signature;
2014
+
2015
+    dsa_digest_item.data    = (unsigned char *)dsa_known_digest;
2016
+    dsa_digest_item.len     = SHA1_LENGTH;
2017
+
2018
+    /* Perform DSA signature process. */
2019
+    dsa_status = DSA_SignDigestWithSeed( dsa_private_key, 
2020
+                                         &dsa_signature_item,
2021
+                                         &dsa_digest_item,
2022
+                                         dsa_known_random_signature_block );
2023
+
2024
+    if( ( dsa_status != SECSuccess ) ||
2025
+        ( dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH ) ||
2026
+        ( PORT_Memcmp( dsa_computed_signature, dsa_known_signature,
2027
+                       FIPS_DSA_SIGNATURE_LENGTH ) != 0 ) ) {
2028
+        dsa_status = SECFailure;
2029
+    } else {
2030
+
2031
+    /****************************************************/
2032
+    /* DSA Single-Round Known Answer Verification Test. */
2033
+    /****************************************************/
2034
+
2035
+    /* Perform DSA verification process. */
2036
+    dsa_status = DSA_VerifyDigest( &dsa_public_key, 
2037
+                                   &dsa_signature_item,
2038
+                                   &dsa_digest_item);
2039
+    }
2040
+
2041
+    PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE);
2042
+    /* Don't free public key, it uses same arena as private key */
2043
+
2044
+    /* Verify DSA signature. */
2045
+    if( dsa_status != SECSuccess ) {
2046
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
2047
+	return SECFailure;
2048
+    }
2049
+
2050
+    return( SECSuccess );
2051
+
2052
+
2053
+}
2054
+
2055
+static SECStatus
2056
+freebl_fips_RNG_PowerUpSelfTest( void )
2057
+{
2058
+   static const PRUint8 Q[] = {
2059
+			0x85,0x89,0x9c,0x77,0xa3,0x79,0xff,0x1a,
2060
+			0x86,0x6f,0x2f,0x3e,0x2e,0xf9,0x8c,0x9c,
2061
+			0x9d,0xef,0xeb,0xed};
2062
+   static const PRUint8 GENX[] = {
2063
+			0x65,0x48,0xe3,0xca,0xac,0x64,0x2d,0xf7,
2064
+			0x7b,0xd3,0x4e,0x79,0xc9,0x7d,0xa6,0xa8,
2065
+			0xa2,0xc2,0x1f,0x8f,0xe9,0xb9,0xd3,0xa1,
2066
+			0x3f,0xf7,0x0c,0xcd,0xa6,0xca,0xbf,0xce,
2067
+			0x84,0x0e,0xb6,0xf1,0x0d,0xbe,0xa9,0xa3};
2068
+   static const PRUint8 rng_known_DSAX[] = {
2069
+			0x7a,0x86,0xf1,0x7f,0xbd,0x4e,0x6e,0xd9,
2070
+			0x0a,0x26,0x21,0xd0,0x19,0xcb,0x86,0x73,
2071
+			0x10,0x1f,0x60,0xd7};
2072
+
2073
+
2074
+
2075
+   SECStatus rng_status = SECSuccess;
2076
+   PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH];
2077
+
2078
+   /*******************************************/
2079
+   /*   Run the SP 800-90 Health tests        */
2080
+   /*******************************************/
2081
+   rng_status = PRNGTEST_RunHealthTests();
2082
+   if (rng_status != SECSuccess) {
2083
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
2084
+	return SECFailure;
2085
+   }
2086
+  
2087
+   /*******************************************/
2088
+   /* Generate DSAX fow given Q.              */
2089
+   /*******************************************/
2090
+
2091
+   rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
2092
+
2093
+   /* Verify DSAX to perform the RNG integrity check */
2094
+   if( ( rng_status != SECSuccess ) ||
2095
+       ( PORT_Memcmp( DSAX, rng_known_DSAX,
2096
+                      (FIPS_DSA_SUBPRIME_LENGTH) ) != 0 ) ) {
2097
+        PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
2098
+	return SECFailure;
2099
+   }
2100
+       
2101
+   return( SECSuccess ); 
2102
+}
2103
+
2104
+static SECStatus
2105
+freebl_fipsSoftwareIntegrityTest(const char *libname)
2106
+{
2107
+    SECStatus rv = SECSuccess;
2108
+
2109
+    /* make sure that our check file signatures are OK */
2110
+    if( !BLAPI_VerifySelf(libname) ) {
2111
+	rv = SECFailure;
2112
+    }
2113
+    return rv;
2114
+}
2115
+
2116
+#define DO_FREEBL 1
2117
+#define DO_REST 2
2118
+
2119
+static SECStatus
2120
+freebl_fipsPowerUpSelfTest( unsigned int tests )
2121
+{
2122
+    SECStatus rv;
2123
+
2124
+    /*
2125
+     * stand alone freebl. Test hash, and rng
2126
+     */
2127
+    if (tests & DO_FREEBL) {
2128
+
2129
+    /* MD2 Power-Up SelfTest(s). */
2130
+    rv = freebl_fips_MD2_PowerUpSelfTest();
2131
+
2132
+    if( rv != SECSuccess )
2133
+        return rv;
2134
+
2135
+    /* MD5 Power-Up SelfTest(s). */
2136
+    rv = freebl_fips_MD5_PowerUpSelfTest();
2137
+
2138
+    if( rv != SECSuccess )
2139
+        return rv;
2140
+
2141
+    /* SHA-X Power-Up SelfTest(s). */
2142
+    rv = freebl_fips_SHA_PowerUpSelfTest();
2143
+
2144
+    if( rv != SECSuccess )
2145
+        return rv;
2146
+
2147
+    /* RNG Power-Up SelfTest(s). */
2148
+    rv = freebl_fips_RNG_PowerUpSelfTest();
2149
+
2150
+    if( rv != SECSuccess )
2151
+        return rv;
2152
+    }
2153
+
2154
+    /*
2155
+     * test the rest of the algorithms not accessed through freebl
2156
+     * standalone */
2157
+    if (tests & DO_REST) {
2158
+
2159
+    /* RC2 Power-Up SelfTest(s). */
2160
+    rv = freebl_fips_RC2_PowerUpSelfTest();
2161
+
2162
+    if( rv != SECSuccess )
2163
+        return rv;
2164
+
2165
+    /* RC4 Power-Up SelfTest(s). */
2166
+    rv = freebl_fips_RC4_PowerUpSelfTest();
2167
+
2168
+    if( rv != SECSuccess )
2169
+        return rv;
2170
+
2171
+    /* DES Power-Up SelfTest(s). */
2172
+    rv = freebl_fips_DES_PowerUpSelfTest();
2173
+
2174
+    if( rv != SECSuccess )
2175
+        return rv;
2176
+
2177
+    /* DES3 Power-Up SelfTest(s). */
2178
+    rv = freebl_fips_DES3_PowerUpSelfTest();
2179
+
2180
+    if( rv != SECSuccess )
2181
+        return rv;
2182
+ 
2183
+    /* AES Power-Up SelfTest(s) for 128-bit key. */
2184
+    rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);
2185
+
2186
+    if( rv != SECSuccess )
2187
+        return rv;
2188
+
2189
+    /* AES Power-Up SelfTest(s) for 192-bit key. */
2190
+    rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);
2191
+
2192
+    if( rv != SECSuccess )
2193
+        return rv;
2194
+
2195
+    /* AES Power-Up SelfTest(s) for 256-bit key. */
2196
+    rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);
2197
+
2198
+    if( rv != SECSuccess )
2199
+        return rv;