fipstest.c (32975B)
1 /* 2 * PKCS #11 FIPS Power-Up Self Test. 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 7 8 #ifndef NSS_FIPS_DISABLED 9 #include "seccomon.h" 10 #include "blapi.h" 11 #include "softoken.h" 12 #include "lowkeyi.h" 13 #include "secoid.h" 14 #include "secerr.h" 15 #include "pkcs11i.h" 16 #include "lowpbe.h" 17 18 /* 19 * different platforms have different ways of calling and initial entry point 20 * when the dll/.so is loaded. Most platforms support either a posix pragma 21 * or the GCC attribute. Some platforms suppor a pre-defined name, and some 22 * platforms have a link line way of invoking this function. 23 */ 24 25 /* The pragma */ 26 #if defined(USE_INIT_PRAGMA) 27 #pragma init(sftk_startup_tests) 28 #endif 29 30 /* GCC Attribute */ 31 #if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT) 32 #define INIT_FUNCTION __attribute__((constructor)) 33 #else 34 #define INIT_FUNCTION 35 #endif 36 37 static void INIT_FUNCTION sftk_startup_tests(void); 38 39 /* Windows pre-defined entry */ 40 #if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT) 41 #include <windows.h> 42 43 BOOL WINAPI 44 DllMain( 45 HINSTANCE hinstDLL, // handle to DLL module 46 DWORD fdwReason, // reason for calling function 47 LPVOID lpReserved) // reserved 48 { 49 // Perform actions based on the reason for calling. 50 switch (fdwReason) { 51 case DLL_PROCESS_ATTACH: 52 // Initialize once for each new process. 53 // Return FALSE to fail DLL load. 54 sftk_startup_tests(); 55 break; 56 57 case DLL_THREAD_ATTACH: 58 // Do thread-specific initialization. 59 break; 60 61 case DLL_THREAD_DETACH: 62 // Do thread-specific cleanup. 63 break; 64 65 case DLL_PROCESS_DETACH: 66 // Perform any necessary cleanup. 67 break; 68 } 69 return TRUE; // Successful DLL_PROCESS_ATTACH. 70 } 71 #endif 72 73 /* FIPS preprocessor directives for RSA. */ 74 #define FIPS_RSA_TYPE siBuffer 75 #define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */ 76 #define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */ 77 #define FIPS_RSA_MESSAGE_LENGTH 256 /* 2048-bits */ 78 #define FIPS_RSA_COEFFICIENT_LENGTH 128 /* 1024-bits */ 79 #define FIPS_RSA_PRIME0_LENGTH 128 /* 1024-bits */ 80 #define FIPS_RSA_PRIME1_LENGTH 128 /* 1024-bits */ 81 #define FIPS_RSA_EXPONENT0_LENGTH 128 /* 1024-bits */ 82 #define FIPS_RSA_EXPONENT1_LENGTH 128 /* 1024-bits */ 83 #define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */ 84 #define FIPS_RSA_ENCRYPT_LENGTH 256 /* 2048-bits */ 85 #define FIPS_RSA_DECRYPT_LENGTH 256 /* 2048-bits */ 86 #define FIPS_RSA_SIGNATURE_LENGTH 256 /* 2048-bits */ 87 #define FIPS_RSA_MODULUS_LENGTH 256 /* 2048-bits */ 88 89 /* 90 * Test the softoken RSA_HashSign and RSH_HashCheckSign. 91 */ 92 static SECStatus 93 sftk_fips_RSA_PowerUpSigSelfTest(HASH_HashType shaAlg, 94 NSSLOWKEYPublicKey *rsa_public_key, 95 NSSLOWKEYPrivateKey *rsa_private_key, 96 const unsigned char *rsa_known_msg, 97 const unsigned int rsa_kmsg_length, 98 const unsigned char *rsa_known_signature) 99 { 100 SECOidTag shaOid; /* SHA OID */ 101 unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ 102 unsigned int shaLength = 0; /* length of SHA */ 103 unsigned int rsa_bytes_signed; 104 unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH]; 105 SECStatus rv; 106 107 if (shaAlg == HASH_AlgSHA1) { 108 if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { 109 goto loser; 110 } 111 shaLength = SHA1_LENGTH; 112 shaOid = SEC_OID_SHA1; 113 } else if (shaAlg == HASH_AlgSHA256) { 114 if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { 115 goto loser; 116 } 117 shaLength = SHA256_LENGTH; 118 shaOid = SEC_OID_SHA256; 119 } else if (shaAlg == HASH_AlgSHA384) { 120 if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { 121 goto loser; 122 } 123 shaLength = SHA384_LENGTH; 124 shaOid = SEC_OID_SHA384; 125 } else if (shaAlg == HASH_AlgSHA512) { 126 if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) { 127 goto loser; 128 } 129 shaLength = SHA512_LENGTH; 130 shaOid = SEC_OID_SHA512; 131 } else { 132 goto loser; 133 } 134 135 /*************************************************/ 136 /* RSA Single-Round Known Answer Signature Test. */ 137 /*************************************************/ 138 139 /* Perform RSA signature with the RSA private key. */ 140 rv = RSA_HashSign(shaOid, 141 rsa_private_key, 142 rsa_computed_signature, 143 &rsa_bytes_signed, 144 FIPS_RSA_SIGNATURE_LENGTH, 145 sha, 146 shaLength); 147 148 if ((rv != SECSuccess) || 149 (rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH) || 150 (PORT_Memcmp(rsa_computed_signature, rsa_known_signature, 151 FIPS_RSA_SIGNATURE_LENGTH) != 0)) { 152 goto loser; 153 } 154 155 /****************************************************/ 156 /* RSA Single-Round Known Answer Verification Test. */ 157 /****************************************************/ 158 159 /* Perform RSA verification with the RSA public key. */ 160 rv = RSA_HashCheckSign(shaOid, 161 rsa_public_key, 162 rsa_computed_signature, 163 rsa_bytes_signed, 164 sha, 165 shaLength); 166 167 if (rv != SECSuccess) { 168 goto loser; 169 } 170 return (SECSuccess); 171 172 loser: 173 174 return (SECFailure); 175 } 176 177 static SECStatus 178 sftk_fips_RSA_PowerUpSelfTest(void) 179 { 180 /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */ 181 static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = { 182 0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5, 183 0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2, 184 0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e, 185 0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88, 186 0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed, 187 0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f, 188 0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9, 189 0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e, 190 0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7, 191 0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7, 192 0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8, 193 0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2, 194 0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57, 195 0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6, 196 0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d, 197 0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20, 198 0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9, 199 0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d, 200 0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7, 201 0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e, 202 0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15, 203 0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12, 204 0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4, 205 0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e, 206 0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77, 207 0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53, 208 0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0, 209 0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46, 210 0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39, 211 0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4, 212 0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43, 213 0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b 214 }; 215 216 /* RSA Known Public Key Values (24-bits). */ 217 static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] = { 0x01, 0x00, 0x01 }; 218 /* RSA Known Private Key Values (version is 8-bits), */ 219 /* (private exponent is 2048-bits), */ 220 /* (private prime0 is 1024-bits), */ 221 /* (private prime1 is 1024-bits), */ 222 /* (private prime exponent0 is 1024-bits), */ 223 /* (private prime exponent1 is 1024-bits), */ 224 /* and (private coefficient is 1024-bits). */ 225 static const PRUint8 rsa_version[] = { 0x00 }; 226 227 static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] = { 228 0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c, 229 0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67, 230 0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5, 231 0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff, 232 0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35, 233 0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83, 234 0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0, 235 0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00, 236 0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e, 237 0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7, 238 0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67, 239 0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84, 240 0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4, 241 0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54, 242 0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9, 243 0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c, 244 0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06, 245 0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a, 246 0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7, 247 0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8, 248 0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95, 249 0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02, 250 0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb, 251 0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c, 252 0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38, 253 0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44, 254 0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23, 255 0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e, 256 0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d, 257 0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21, 258 0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48, 259 0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81 260 }; 261 262 static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = { 263 0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40, 264 0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96, 265 0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f, 266 0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96, 267 0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d, 268 0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc, 269 0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58, 270 0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38, 271 0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85, 272 0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6, 273 0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4, 274 0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f, 275 0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19, 276 0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4, 277 0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95, 278 0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05 279 }; 280 static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = { 281 0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06, 282 0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c, 283 0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8, 284 0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34, 285 0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36, 286 0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88, 287 0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9, 288 0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd, 289 0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b, 290 0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35, 291 0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a, 292 0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70, 293 0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05, 294 0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed, 295 0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9, 296 0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf 297 }; 298 static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = { 299 0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1, 300 0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a, 301 0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9, 302 0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37, 303 0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d, 304 0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c, 305 0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59, 306 0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01, 307 0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda, 308 0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63, 309 0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde, 310 0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62, 311 0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5, 312 0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2, 313 0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8, 314 0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d 315 }; 316 static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = { 317 0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b, 318 0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea, 319 0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44, 320 0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02, 321 0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c, 322 0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a, 323 0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4, 324 0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb, 325 0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea, 326 0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07, 327 0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97, 328 0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55, 329 0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4, 330 0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7, 331 0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40, 332 0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59 333 }; 334 static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = { 335 0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96, 336 0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3, 337 0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91, 338 0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83, 339 0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b, 340 0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b, 341 0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0, 342 0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a, 343 0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5, 344 0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd, 345 0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37, 346 0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22, 347 0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21, 348 0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1, 349 0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2, 350 0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02 351 }; 352 353 /* RSA Known Plaintext Message (1024-bits). */ 354 static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = { 355 "Known plaintext message utilized" 356 "for RSA Encryption & Decryption" 357 "blocks SHA256, SHA384 and " 358 "SHA512 RSA Signature KAT tests. " 359 "Known plaintext message utilized" 360 "for RSA Encryption & Decryption" 361 "blocks SHA256, SHA384 and " 362 "SHA512 RSA Signature KAT tests." 363 }; 364 365 /* RSA Known Signed Hash (2048-bits). */ 366 static const PRUint8 rsa_known_sha256_signature[] = { 367 0x8c, 0x2d, 0x2e, 0xfb, 0x37, 0xb5, 0x6f, 0x38, 368 0x9f, 0x06, 0x5a, 0xf3, 0x8c, 0xa0, 0xd0, 0x7a, 369 0xde, 0xcf, 0xf9, 0x14, 0x95, 0x59, 0xd3, 0x5f, 370 0x51, 0x5d, 0x5d, 0xad, 0xd8, 0x71, 0x33, 0x50, 371 0x1d, 0x03, 0x3b, 0x3a, 0x32, 0x00, 0xb4, 0xde, 372 0x7f, 0xe4, 0xb1, 0xe5, 0x6b, 0x83, 0xf4, 0x80, 373 0x10, 0x3b, 0xb8, 0x8a, 0xdb, 0xe8, 0x0a, 0x42, 374 0x9e, 0x8d, 0xd7, 0xbe, 0xed, 0xde, 0x5a, 0x3d, 375 0xc6, 0xdb, 0xfe, 0x49, 0x6a, 0xe9, 0x1e, 0x75, 376 0x66, 0xf1, 0x3f, 0x9e, 0x3f, 0xff, 0x05, 0x65, 377 0xde, 0xca, 0x62, 0x62, 0xf3, 0xec, 0x53, 0x09, 378 0xa0, 0x37, 0xd5, 0x66, 0x62, 0x72, 0x14, 0xb6, 379 0x51, 0x32, 0x67, 0x50, 0xc1, 0xe1, 0x2f, 0x9e, 380 0x98, 0x4e, 0x53, 0x96, 0x55, 0x4b, 0xc4, 0x92, 381 0xc3, 0xb4, 0x80, 0xf0, 0x35, 0xc9, 0x00, 0x4b, 382 0x5c, 0x85, 0x92, 0xb1, 0xe8, 0x6e, 0xa5, 0x51, 383 0x38, 0x9f, 0xc9, 0x11, 0xb6, 0x14, 0xdf, 0x34, 384 0x64, 0x40, 0x82, 0x82, 0xde, 0x16, 0x69, 0x93, 385 0x89, 0x4e, 0x5c, 0x32, 0xf2, 0x0a, 0x4e, 0x9e, 386 0xbd, 0x63, 0x99, 0x4f, 0xf3, 0x15, 0x90, 0xc2, 387 0xfe, 0x6f, 0xb7, 0xf4, 0xad, 0xd4, 0x8e, 0x0b, 388 0xd2, 0xf5, 0x22, 0xd2, 0x71, 0x65, 0x13, 0xf7, 389 0x82, 0x7b, 0x75, 0xb6, 0xc1, 0xb4, 0x45, 0xbd, 390 0x8f, 0x95, 0xcf, 0x5b, 0x95, 0x32, 0xef, 0x18, 391 0x5f, 0xd3, 0xdf, 0x7e, 0x22, 0xdd, 0x25, 0xeb, 392 0xe1, 0xbf, 0x3b, 0x9a, 0x55, 0x75, 0x4f, 0x3c, 393 0x38, 0x67, 0x57, 0x04, 0x04, 0x57, 0x27, 0xf6, 394 0x34, 0x0e, 0x57, 0x8a, 0x7c, 0xff, 0x7d, 0xca, 395 0x8c, 0x06, 0xf8, 0x9d, 0xdb, 0xe4, 0xd8, 0x19, 396 0xdd, 0x4d, 0xfd, 0x8f, 0xa0, 0x06, 0x53, 0xe8, 397 0x33, 0x00, 0x70, 0x3f, 0x6b, 0xc3, 0xbd, 0x9a, 398 0x78, 0xb5, 0xa9, 0xef, 0x6d, 0xda, 0x67, 0x92 399 }; 400 401 /* RSA Known Signed Hash (2048-bits). */ 402 static const PRUint8 rsa_known_sha384_signature[] = { 403 0x20, 0x2d, 0x21, 0x3a, 0xaa, 0x1e, 0x05, 0x15, 404 0x5c, 0xca, 0x84, 0x86, 0xc0, 0x15, 0x81, 0xdf, 405 0xd4, 0x06, 0x9f, 0xe0, 0xc1, 0xed, 0xef, 0x0f, 406 0xfe, 0xb3, 0xc3, 0xbb, 0x28, 0xa5, 0x56, 0xbf, 407 0xe3, 0x11, 0x5c, 0xc2, 0xc0, 0x0b, 0xfa, 0xfa, 408 0x3d, 0xd3, 0x06, 0x20, 0xe2, 0xc9, 0xe4, 0x66, 409 0x28, 0xb7, 0xc0, 0x3b, 0x3c, 0x96, 0xc6, 0x49, 410 0x3b, 0xcf, 0x86, 0x49, 0x31, 0xaf, 0x5b, 0xa3, 411 0xec, 0x63, 0x10, 0xdf, 0xda, 0x2f, 0x68, 0xac, 412 0x7b, 0x3a, 0x49, 0xfa, 0xe6, 0x0d, 0xfe, 0x37, 413 0x17, 0x56, 0x8e, 0x5c, 0x48, 0x97, 0x43, 0xf7, 414 0xa0, 0xbc, 0xe3, 0x4b, 0x42, 0xde, 0x58, 0x1d, 415 0xd9, 0x5d, 0xb3, 0x08, 0x35, 0xbd, 0xa4, 0xe1, 416 0x80, 0xc3, 0x64, 0xab, 0x21, 0x97, 0xad, 0xfb, 417 0x71, 0xee, 0xa3, 0x3d, 0x9c, 0xaa, 0xfa, 0x16, 418 0x60, 0x46, 0x32, 0xda, 0x44, 0x2e, 0x10, 0x92, 419 0x20, 0xd8, 0x98, 0x80, 0x84, 0x75, 0x5b, 0x70, 420 0x91, 0x00, 0x33, 0x19, 0x69, 0xc9, 0x2a, 0xec, 421 0x3d, 0xe5, 0x5f, 0x0f, 0x9a, 0xa7, 0x97, 0x1f, 422 0x79, 0xc3, 0x1d, 0x65, 0x74, 0x62, 0xc5, 0xa1, 423 0x23, 0x65, 0x4b, 0x84, 0xa1, 0x03, 0x98, 0xf3, 424 0xf1, 0x02, 0x24, 0xca, 0xe5, 0xd4, 0xc8, 0xa2, 425 0x30, 0xad, 0x72, 0x7d, 0x29, 0x60, 0x1a, 0x8e, 426 0x6f, 0x23, 0xa4, 0xda, 0x68, 0xa4, 0x45, 0x9c, 427 0x39, 0x70, 0x44, 0x18, 0x4b, 0x73, 0xfe, 0xf8, 428 0x33, 0x53, 0x1d, 0x7e, 0x93, 0x93, 0xac, 0xc7, 429 0x1e, 0x6e, 0x6b, 0xfd, 0x9e, 0xba, 0xa6, 0x71, 430 0x70, 0x47, 0x6a, 0xd6, 0x82, 0x32, 0xa2, 0x6e, 431 0x20, 0x72, 0xb0, 0xba, 0xec, 0x91, 0xbb, 0x6b, 432 0xcc, 0x84, 0x0a, 0x33, 0x2b, 0x8a, 0x8d, 0xeb, 433 0x71, 0xcd, 0xca, 0x67, 0x1b, 0xad, 0x10, 0xd4, 434 0xce, 0x4f, 0xc0, 0x29, 0xec, 0xfa, 0xed, 0xfa 435 }; 436 437 /* RSA Known Signed Hash (2048-bits). */ 438 static const PRUint8 rsa_known_sha512_signature[] = { 439 0x35, 0x0e, 0x74, 0x9d, 0xeb, 0xc7, 0x67, 0x31, 440 0x9f, 0xff, 0x0b, 0xbb, 0x5e, 0x66, 0xb4, 0x2f, 441 0xbf, 0x72, 0x60, 0x4f, 0xe9, 0xbd, 0xec, 0xc8, 442 0x17, 0x79, 0x5f, 0x39, 0x83, 0xb4, 0x54, 0x2e, 443 0x01, 0xb9, 0xd3, 0x20, 0x47, 0xcb, 0xd4, 0x42, 444 0xf2, 0x6e, 0x36, 0xc1, 0x97, 0xad, 0xef, 0x8e, 445 0xe6, 0x51, 0xee, 0x5e, 0x9e, 0x88, 0xb4, 0x9d, 446 0xda, 0x3e, 0x77, 0x4b, 0xe8, 0xae, 0x48, 0x53, 447 0x2c, 0xc4, 0xd3, 0x25, 0x6b, 0x23, 0xb7, 0x54, 448 0x3c, 0x95, 0x8f, 0xfb, 0x6f, 0x6d, 0xc5, 0x56, 449 0x39, 0x69, 0x28, 0x0e, 0x74, 0x9b, 0x31, 0xe8, 450 0x76, 0x77, 0x2b, 0xc1, 0x44, 0x89, 0x81, 0x93, 451 0xfc, 0xf6, 0xec, 0x5f, 0x8f, 0x89, 0xfc, 0x1d, 452 0xa4, 0x53, 0x58, 0x8c, 0xe9, 0xc0, 0xc0, 0x26, 453 0xe6, 0xdf, 0x6d, 0x27, 0xb1, 0x8e, 0x3e, 0xb6, 454 0x47, 0xe1, 0x02, 0x96, 0xc2, 0x5f, 0x7f, 0x3d, 455 0xc5, 0x6c, 0x2f, 0xea, 0xaa, 0x5e, 0x39, 0xfc, 456 0x77, 0xca, 0x00, 0x02, 0x5c, 0x64, 0x7c, 0xce, 457 0x7d, 0x63, 0x82, 0x05, 0xed, 0xf7, 0x5b, 0x55, 458 0x58, 0xc0, 0xeb, 0x76, 0xd7, 0x95, 0x55, 0x37, 459 0x85, 0x7d, 0x17, 0xad, 0xd2, 0x11, 0xfd, 0x97, 460 0x48, 0xb5, 0xc2, 0x5e, 0xc7, 0x62, 0xc0, 0xe0, 461 0x68, 0xa8, 0x61, 0x14, 0x41, 0xca, 0x25, 0x3a, 462 0xec, 0x48, 0x54, 0x22, 0x83, 0x2b, 0x69, 0x54, 463 0xfd, 0xc8, 0x99, 0x9a, 0xee, 0x37, 0x03, 0xa3, 464 0x8f, 0x0f, 0x32, 0xb0, 0xaa, 0x74, 0x39, 0x04, 465 0x7c, 0xd9, 0xc2, 0x8f, 0xbe, 0xf2, 0xc4, 0xbe, 466 0xdd, 0x7a, 0x7a, 0x7f, 0x72, 0xd3, 0x80, 0x59, 467 0x18, 0xa0, 0xa1, 0x2d, 0x6f, 0xa3, 0xa9, 0x48, 468 0xed, 0x20, 0xa6, 0xea, 0xaa, 0x10, 0x83, 0x98, 469 0x0c, 0x13, 0x69, 0x6e, 0xcd, 0x31, 0x6b, 0xd0, 470 0x66, 0xa6, 0x5e, 0x30, 0x0c, 0x82, 0xd5, 0x81 471 }; 472 473 static const RSAPublicKey bl_public_key = { 474 NULL, 475 { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus, 476 FIPS_RSA_MODULUS_LENGTH }, 477 { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent, 478 FIPS_RSA_PUBLIC_EXPONENT_LENGTH } 479 }; 480 static const RSAPrivateKey bl_private_key = { 481 NULL, 482 { FIPS_RSA_TYPE, (unsigned char *)rsa_version, 483 FIPS_RSA_PRIVATE_VERSION_LENGTH }, 484 { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus, 485 FIPS_RSA_MODULUS_LENGTH }, 486 { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent, 487 FIPS_RSA_PUBLIC_EXPONENT_LENGTH }, 488 { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent, 489 FIPS_RSA_PRIVATE_EXPONENT_LENGTH }, 490 { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0, 491 FIPS_RSA_PRIME0_LENGTH }, 492 { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1, 493 FIPS_RSA_PRIME1_LENGTH }, 494 { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0, 495 FIPS_RSA_EXPONENT0_LENGTH }, 496 { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1, 497 FIPS_RSA_EXPONENT1_LENGTH }, 498 { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient, 499 FIPS_RSA_COEFFICIENT_LENGTH } 500 }; 501 502 /* RSA variables. */ 503 #ifdef CREATE_TEMP_ARENAS 504 PLArenaPool *rsa_public_arena; 505 PLArenaPool *rsa_private_arena; 506 #endif 507 NSSLOWKEYPublicKey *rsa_public_key; 508 NSSLOWKEYPrivateKey *rsa_private_key; 509 SECStatus rsa_status; 510 511 NSSLOWKEYPublicKey low_public_key = { NULL, NSSLOWKEYRSAKey }; 512 NSSLOWKEYPrivateKey low_private_key = { NULL, NSSLOWKEYRSAKey }; 513 514 /****************************************/ 515 /* Compose RSA Public/Private Key Pair. */ 516 /****************************************/ 517 518 low_public_key.u.rsa = bl_public_key; 519 low_private_key.u.rsa = bl_private_key; 520 521 rsa_public_key = &low_public_key; 522 rsa_private_key = &low_private_key; 523 524 #ifdef CREATE_TEMP_ARENAS 525 /* Create some space for the RSA public key. */ 526 rsa_public_arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE); 527 528 if (rsa_public_arena == NULL) { 529 PORT_SetError(SEC_ERROR_NO_MEMORY); 530 return (SECFailure); 531 } 532 533 /* Create some space for the RSA private key. */ 534 rsa_private_arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE); 535 536 if (rsa_private_arena == NULL) { 537 PORT_FreeArena(rsa_public_arena, PR_TRUE); 538 PORT_SetError(SEC_ERROR_NO_MEMORY); 539 return (SECFailure); 540 } 541 542 rsa_public_key->arena = rsa_public_arena; 543 rsa_private_key->arena = rsa_private_arena; 544 #endif 545 546 /**************************************************/ 547 /* RSA Hash tests */ 548 /**************************************************/ 549 550 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA256, 551 rsa_public_key, rsa_private_key, 552 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 553 rsa_known_sha256_signature); 554 if (rsa_status != SECSuccess) 555 goto rsa_loser; 556 557 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA384, 558 rsa_public_key, rsa_private_key, 559 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 560 rsa_known_sha384_signature); 561 if (rsa_status != SECSuccess) 562 goto rsa_loser; 563 564 rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA512, 565 rsa_public_key, rsa_private_key, 566 rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 567 rsa_known_sha512_signature); 568 if (rsa_status != SECSuccess) 569 goto rsa_loser; 570 571 /* Dispose of all RSA key material. */ 572 nsslowkey_DestroyPublicKey(rsa_public_key); 573 nsslowkey_DestroyPrivateKey(rsa_private_key); 574 575 return (SECSuccess); 576 577 rsa_loser: 578 579 nsslowkey_DestroyPublicKey(rsa_public_key); 580 nsslowkey_DestroyPrivateKey(rsa_private_key); 581 582 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); 583 return (SECFailure); 584 } 585 586 static SECStatus 587 sftk_fips_HKDF_PowerUpSelfTest(void) 588 { 589 SECStatus status; 590 static const unsigned char base_key[] = { 591 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 592 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 593 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 594 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 595 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 596 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 597 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 598 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f 599 }; 600 static const unsigned char known_hkdf_sha256_key[] = { 601 0xdd, 0xdb, 0xeb, 0xe5, 0x6d, 0xd2, 0x96, 0xa4, 602 0x07, 0xc5, 0x7d, 0xda, 0x31, 0x56, 0x8d, 0xa5, 603 0x41, 0x3e, 0x90, 0xd4, 0xe6, 0x98, 0xeb, 0xf8, 604 0x5a, 0x49, 0x7f, 0x38, 0xef, 0x01, 0x8a, 0xe5, 605 0xda, 0x36, 0xe5, 0xcf, 0x21, 0xe3, 0x9f, 0xc3, 606 0x32, 0xb3, 0x1e, 0xf6, 0xc5, 0x10, 0x4c, 0x86, 607 0x53, 0x5e, 0x6f, 0xe0, 0x63, 0x6e, 0x43, 0x33, 608 0x61, 0x35, 0xf4, 0x17, 0x10, 0x77, 0x75, 0x2a 609 }; 610 /* current NIST IG's say we only need to test one instance 611 * of kdfs, keep these others around in case the guidance 612 * changes */ 613 #ifdef NSS_FULL_POST 614 static const unsigned char known_hkdf_sha384_key[] = { 615 0x35, 0x64, 0xc4, 0xa1, 0xcc, 0xc1, 0xdc, 0xe4, 616 0xe2, 0xca, 0x51, 0xae, 0xe8, 0x92, 0x88, 0x30, 617 0x8b, 0xb0, 0x2b, 0xac, 0x00, 0x15, 0xac, 0x15, 618 0x97, 0xc9, 0xf4, 0x6b, 0xf6, 0x3f, 0x97, 0xea, 619 0x48, 0x55, 0x38, 0x25, 0x06, 0x5d, 0x91, 0x64, 620 0xbd, 0x09, 0xf3, 0x44, 0xbc, 0x82, 0xbe, 0xdb, 621 0x5c, 0xd7, 0xf2, 0x24, 0xa5, 0x55, 0x8d, 0xa9, 622 0xa8, 0x85, 0xde, 0x8c, 0x33, 0xe0, 0x4d, 0xc3 623 }; 624 static const unsigned char known_hkdf_sha512_key[] = { 625 0x63, 0x4e, 0xbc, 0x42, 0xb3, 0x56, 0x74, 0x7d, 626 0x1b, 0x55, 0xf0, 0x34, 0x54, 0xcb, 0x6d, 0x58, 627 0x39, 0x96, 0x10, 0xda, 0x03, 0x20, 0x8f, 0x77, 628 0x0d, 0xb4, 0xf7, 0xf6, 0x67, 0x0d, 0x5b, 0x6b, 629 0xd0, 0x30, 0xc4, 0xdd, 0x67, 0x61, 0x5d, 0x9a, 630 0xf5, 0x18, 0x6e, 0x1b, 0x60, 0x97, 0xc2, 0x4d, 631 0x23, 0x43, 0x69, 0xe6, 0x3b, 0xa5, 0xdf, 0xe9, 632 0x7c, 0xf1, 0x87, 0x48, 0x6f, 0xb9, 0xd3, 0x02 633 }; 634 #endif 635 unsigned char outBytes[64] = { 0 }; 636 637 CK_HKDF_PARAMS hkdf_params; 638 639 hkdf_params.bExpand = CK_TRUE; 640 hkdf_params.bExtract = CK_TRUE; 641 hkdf_params.ulSaltType = CKF_HKDF_SALT_DATA; 642 hkdf_params.pSalt = (CK_BYTE_PTR)base_key; 643 hkdf_params.ulSaltLen = sizeof(base_key); 644 hkdf_params.pInfo = (CK_BYTE_PTR)base_key; 645 hkdf_params.ulInfoLen = sizeof(base_key); 646 647 /**************************************************/ 648 /* HKDF tests */ 649 /**************************************************/ 650 651 hkdf_params.prfHashMechanism = CKM_SHA256_HMAC; 652 status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL, 653 base_key, 32, NULL, outBytes, sizeof(outBytes), 654 PR_TRUE, PR_TRUE); 655 if ((status != SECSuccess) || 656 PORT_Memcmp(outBytes, known_hkdf_sha256_key, sizeof(outBytes)) != 0) { 657 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); 658 return (SECFailure); 659 } 660 661 #ifdef NSS_FULL_POST 662 hkdf_params.prfHashMechanism = CKM_SHA384_HMAC; 663 status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL, 664 base_key, 48, NULL, outBytes, sizeof(outBytes), 665 PR_TRUE, PR_TRUE); 666 if ((status != SECSuccess) || 667 PORT_Memcmp(outBytes, known_hkdf_sha384_key, sizeof(outBytes)) != 0) { 668 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); 669 return (SECFailure); 670 } 671 672 hkdf_params.prfHashMechanism = CKM_SHA512_HMAC; 673 status = sftk_HKDF(&hkdf_params, CK_INVALID_HANDLE, NULL, 674 base_key, 64, NULL, outBytes, sizeof(outBytes), 675 PR_TRUE, PR_TRUE); 676 if ((status != SECSuccess) || 677 PORT_Memcmp(outBytes, known_hkdf_sha512_key, sizeof(outBytes)) != 0) { 678 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); 679 return (SECFailure); 680 } 681 #endif 682 683 return (SECSuccess); 684 } 685 686 static PRBool sftk_self_tests_ran = PR_FALSE; 687 static PRBool sftk_self_tests_success = PR_FALSE; 688 689 /* 690 * This function is called at dll load time, the code tha makes this 691 * happen is platform specific on defined above. 692 */ 693 void 694 sftk_startup_tests_with_rerun(PRBool rerun) 695 { 696 SECStatus rv; 697 const char *libraryName = rerun ? BLAPI_FIPS_RERUN_FLAG_STRING SOFTOKEN_LIB_NAME : SOFTOKEN_LIB_NAME; 698 699 PORT_Assert(!sftk_self_tests_ran); 700 PORT_Assert(!sftk_self_tests_success); 701 sftk_self_tests_ran = PR_TRUE; 702 sftk_self_tests_success = PR_FALSE; /* just in case */ 703 704 /* need to initiallize the oid library before the RSA tests */ 705 rv = SECOID_Init(); 706 if (rv != SECSuccess) { 707 return; 708 } 709 /* make sure freebl is initialized, or our RSA check 710 * may fail. This is normally done at freebl load time, but it's 711 * possible we may have shut freebl down without unloading it. */ 712 rv = BL_Init(); 713 if (rv != SECSuccess) { 714 return; 715 } 716 717 rv = RNG_RNGInit(); 718 if (rv != SECSuccess) { 719 return; 720 } 721 /* check the RSA combined functions in softoken */ 722 rv = sftk_fips_RSA_PowerUpSelfTest(); 723 if (rv != SECSuccess) { 724 return; 725 } 726 if (!BLAPI_SHVerify(libraryName, 727 (PRFuncPtr)&sftk_fips_RSA_PowerUpSelfTest)) { 728 /* something is wrong with the library, fail without enabling 729 * the token */ 730 return; 731 } 732 rv = sftk_fips_IKE_PowerUpSelfTests(); 733 if (rv != SECSuccess) { 734 return; 735 } 736 737 rv = sftk_fips_SP800_108_PowerUpSelfTests(); 738 if (rv != SECSuccess) { 739 return; 740 } 741 742 rv = sftk_fips_HKDF_PowerUpSelfTest(); 743 if (rv != SECSuccess) { 744 return; 745 } 746 747 rv = sftk_fips_pbkdf_PowerUpSelfTests(); 748 if (rv != SECSuccess) { 749 return; 750 } 751 752 sftk_self_tests_success = PR_TRUE; 753 } 754 755 static void 756 sftk_startup_tests(void) 757 { 758 sftk_startup_tests_with_rerun(PR_FALSE); 759 } 760 761 /* 762 * this is called from nsc_Common_Initizialize entry points that gates access 763 * to * all other pkcs11 functions. This prevents softoken operation if our 764 * power on selftest failed. 765 */ 766 CK_RV 767 sftk_FIPSEntryOK(PRBool rerun) 768 { 769 #ifdef NSS_NO_INIT_SUPPORT 770 /* this should only be set on platforms that can't handle one of the INIT 771 * schemes. This code allows those platforms to continue to function, 772 * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT 773 * is not set, and init support has not been properly enabled, softken 774 * will always fail because of the test below 775 */ 776 if (!sftk_self_tests_ran) { 777 sftk_startup_tests(); 778 } 779 #endif 780 if (rerun) { 781 sftk_self_tests_ran = PR_FALSE; 782 sftk_self_tests_success = PR_FALSE; 783 sftk_startup_tests_with_rerun(PR_TRUE); 784 } 785 if (!sftk_self_tests_success) { 786 return CKR_DEVICE_ERROR; 787 } 788 return CKR_OK; 789 } 790 #else 791 #include "pkcs11t.h" 792 CK_RV 793 sftk_FIPSEntryOK() 794 { 795 return CKR_DEVICE_ERROR; 796 } 797 #endif /* NSS_FIPS_DISABLED */