tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pk11ectest.c (7723B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #include "blapi.h"
      6 #include "nss.h"
      7 #include "secutil.h"
      8 #include "secitem.h"
      9 #include "nspr.h"
     10 #include "pk11pub.h"
     11 #include <stdio.h>
     12 
     13 typedef struct KeyLengthEntryStr {
     14    SECOidTag tag;
     15    unsigned int len;
     16    PRBool encoded;
     17 } KeyLengthEntry;
     18 
     19 const KeyLengthEntry keyLengthTable[] = {
     20    { SEC_OID_SECG_EC_SECP256R1, 65, PR_TRUE },
     21    { SEC_OID_SECG_EC_SECP384R1, 97, PR_TRUE },
     22    { SEC_OID_SECG_EC_SECP521R1, 133, PR_TRUE },
     23    { SEC_OID_CURVE25519, 32, PR_FALSE }
     24 };
     25 
     26 const KeyLengthEntry *
     27 getKeyLengthEntry(SECOidTag tag)
     28 {
     29    int i;
     30 
     31    for (i = 0; i < PR_ARRAY_SIZE(keyLengthTable); i++) {
     32        if (keyLengthTable[i].tag == tag) {
     33            return &keyLengthTable[i];
     34        }
     35    }
     36    return NULL;
     37 }
     38 
     39 void
     40 printBuf(const SECItem *item)
     41 {
     42    int i;
     43    if (!item || !item->len) {
     44        printf("(null)\n");
     45        return;
     46    }
     47 
     48    for (i = 0; i < item->len; i++) {
     49        printf("%02x", item->data[i]);
     50    }
     51    printf("\n");
     52 }
     53 
     54 void
     55 PrintKey(PK11SymKey *symKey)
     56 {
     57    char *name = PK11_GetSymKeyNickname(symKey);
     58    int len = PK11_GetKeyLength(symKey);
     59    int strength = PK11_GetKeyStrength(symKey, NULL);
     60    SECItem *value = NULL;
     61    CK_KEY_TYPE type = PK11_GetSymKeyType(symKey);
     62    (void)PK11_ExtractKeyValue(symKey);
     63 
     64    value = PK11_GetKeyData(symKey);
     65    printf("%s %3d   %4d   %s  ", name ? name : "no-name", len, strength,
     66           type == CKK_GENERIC_SECRET ? "generic" : "ERROR! UNKNOWN KEY TYPE");
     67    printBuf(value);
     68 
     69    PORT_Free(name);
     70 }
     71 
     72 SECStatus
     73 ectest_curve_pkcs11(SECOidTag oid)
     74 {
     75    SECKEYECParams pk_11_ecParams = { siBuffer, NULL, 0 };
     76    SECKEYPublicKey *pubKey = NULL;
     77    SECKEYPrivateKey *privKey = NULL;
     78    SECOidData *oidData = NULL;
     79    CK_MECHANISM_TYPE target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
     80    PK11SymKey *symKey = NULL;
     81    SECStatus rv = SECFailure;
     82    const KeyLengthEntry *keyLengthEntry;
     83    SECItem point = { siBuffer, NULL, 0 };
     84    SECItem value = { siBuffer, NULL, 0 };
     85    PLArenaPool *arena = NULL;
     86 
     87    oidData = SECOID_FindOIDByTag(oid);
     88    if (oidData == NULL) {
     89        printf(" >>> SECOID_FindOIDByTag failed.\n");
     90        goto cleanup;
     91    }
     92    PORT_Assert(oidData->oid.len < 256);
     93    SECITEM_AllocItem(NULL, &pk_11_ecParams, (2 + oidData->oid.len));
     94    pk_11_ecParams.data[0] = SEC_ASN1_OBJECT_ID; /* we have to prepend 0x06 */
     95    pk_11_ecParams.data[1] = oidData->oid.len;
     96    memcpy(pk_11_ecParams.data + 2, oidData->oid.data, oidData->oid.len);
     97 
     98    privKey = SECKEY_CreateECPrivateKey(&pk_11_ecParams, &pubKey, NULL);
     99    if (!privKey || !pubKey) {
    100        printf(" >>> SECKEY_CreateECPrivateKey failed.\n");
    101        goto cleanup;
    102    }
    103 
    104    symKey = PK11_PubDeriveWithKDF(privKey, pubKey, PR_FALSE, NULL, NULL,
    105                                   CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
    106                                   CKD_NULL, NULL, NULL);
    107    if (!symKey) {
    108        printf(" >>> PK11_PubDeriveWithKDF failed.\n");
    109        goto cleanup;
    110    }
    111    PrintKey(symKey);
    112 
    113    keyLengthEntry = getKeyLengthEntry(oid);
    114    /* this shouldn't happen unless new curves are added without adding them
    115     * to the keyLengthTable */
    116    PR_ASSERT(keyLengthEntry);
    117 
    118    /* make sure we are returning CKA_EC_POINT according to the PKCS #11 standard.
    119     * NSS itself can tolerate non-standard CKA_EC_POINT, so this is the only place
    120     * our test will detect incorrect behavior */
    121    rv = PK11_ReadRawAttribute(PK11_TypePubKey, pubKey, CKA_EC_POINT, &point);
    122    if (rv == SECFailure) {
    123        printf(" >>> Couldn't get CKA_EC_POINT from the ec pubKey.\n");
    124        goto cleanup;
    125    }
    126    rv = SECFailure;
    127    if (keyLengthEntry->encoded) {
    128        if (point.len == keyLengthEntry->len) {
    129            printf(" >>> Expected encoded CKA_EC_POINT and got a decoded value.\n");
    130            printBuf(&point);
    131            goto cleanup;
    132        }
    133        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    134        if (arena == NULL) {
    135            printf(" >>> arena alloc failed.\n");
    136            goto cleanup;
    137        }
    138 
    139        rv = SEC_QuickDERDecodeItem(arena, &value, SEC_ASN1_GET(SEC_OctetStringTemplate),
    140                                    &point);
    141        if (rv != SECSuccess) {
    142            printf(" >>> invalid endoded CKA_EC_POINT.\n");
    143            printBuf(&point);
    144            goto cleanup;
    145        }
    146        rv = SECFailure;
    147        if (value.len != keyLengthEntry->len) {
    148            printf(" >>> invalid decoded CKA_EC_POINT len (%d) expected %d.\n",
    149                   value.len, keyLengthEntry->len);
    150            printBuf(&value);
    151            goto cleanup;
    152        }
    153        if (value.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
    154            printf(" >>> invalid CKA_EC_POINT format (%02x) expected %02x.\n",
    155                   value.data[0], EC_POINT_FORM_UNCOMPRESSED);
    156            printBuf(&value);
    157            goto cleanup;
    158        }
    159    } else {
    160        if (point.len != keyLengthEntry->len) {
    161            printf(" >>> invalid CKA_EC_POINT len (%d) expected %d.\n",
    162                   point.len, keyLengthEntry->len);
    163            printBuf(&point);
    164            goto cleanup;
    165        }
    166    }
    167 
    168    rv = SECSuccess;
    169 cleanup:
    170    if (privKey) {
    171        SECKEY_DestroyPrivateKey(privKey);
    172    }
    173    if (pubKey) {
    174        SECKEY_DestroyPublicKey(pubKey);
    175    }
    176    if (symKey) {
    177        PK11_FreeSymKey(symKey);
    178    }
    179    if (arena) {
    180        PORT_FreeArena(arena, PR_TRUE);
    181    }
    182    SECITEM_FreeItem(&pk_11_ecParams, PR_FALSE);
    183    SECITEM_FreeItem(&point, PR_FALSE);
    184 
    185    return rv;
    186 }
    187 
    188 void
    189 printUsage(char *prog)
    190 {
    191    printf("Usage: %s [-fp] [-nd]\n"
    192           "\t-n: NIST curves\n"
    193           "\t-d: non-NIST curves\n"
    194           "You have to specify at at least one of n or d.\n"
    195           "By default no tests are executed.\n",
    196           prog);
    197 }
    198 
    199 /* Performs tests of elliptic curve cryptography over prime fields If
    200 * tests fail, then it prints an error message, aborts, and returns an
    201 * error code. Otherwise, returns 0. */
    202 int
    203 main(int argv, char **argc)
    204 {
    205    SECStatus rv = SECSuccess;
    206    int i = 0;
    207    int nist = 0;
    208    int nonnist = 0;
    209    SECOidTag nistOids[3] = { SEC_OID_SECG_EC_SECP256R1,
    210                              SEC_OID_SECG_EC_SECP384R1,
    211                              SEC_OID_SECG_EC_SECP521R1 };
    212 
    213    for (i = 1; i < argv; i++) {
    214        if (PL_strcasecmp(argc[i], "-n") == 0) {
    215            nist = 1;
    216        } else if (PL_strcasecmp(argc[i], "-d") == 0) {
    217            nonnist = 1;
    218        } else {
    219            printUsage(argc[0]);
    220            return 1;
    221        }
    222    }
    223    if (!nist && !nonnist) {
    224        printUsage(argc[0]);
    225        return 1;
    226    }
    227 
    228    rv = NSS_NoDB_Init(NULL);
    229    if (rv != SECSuccess) {
    230        SECU_PrintError("Error:", "NSS_NoDB_Init");
    231        goto cleanup;
    232    }
    233 
    234    if (nonnist) {
    235        if (ectest_curve_pkcs11(SEC_OID_CURVE25519) != SECSuccess) {
    236            printf("not okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
    237            rv = SECFailure;
    238        } else {
    239            printf("okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
    240        }
    241    }
    242    if (nist) {
    243        for (i = 0; i < 3; ++i) {
    244            if (ectest_curve_pkcs11(nistOids[i]) != SECSuccess) {
    245                printf("not okay (OID %d) - PK11 test\n", nistOids[i]);
    246                rv = SECFailure;
    247            } else {
    248                printf("okay (OID %d) - PK11 test\n", nistOids[i]);
    249            }
    250        }
    251    }
    252 
    253 cleanup:
    254    rv |= NSS_Shutdown();
    255 
    256    if (rv != SECSuccess) {
    257        printf("Error: exiting with error value\n");
    258    }
    259    return rv;
    260 }