mozilla-nss/nss-fips-pct-pubkeys.patch

# HG changeset patch
# Parent  5786c2bb5c229b530e95e435ee0cf51314359e7b

Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -20,6 +20,7 @@
 
 #include <limits.h> /* for UINT_MAX and ULONG_MAX */
 
+#include "lowkeyti.h"
 #include "seccomon.h"
 #include "secitem.h"
 #include "secport.h"
@@ -4965,6 +4966,88 @@ pairwise_signverify_mech (CK_SESSION_HAN
     return crv;
 }
 
+/* This function regenerates a public key from a private key 
+ * (not simply returning the saved public key) and compares it
+ * to the given publicKey
+ */
+static CK_RV
+regeneratePublicKeyFromPrivateKeyAndCompare(NSSLOWKEYPrivateKey *currPrivKey,
+                                  NSSLOWKEYPublicKey *currPubKey)
+{
+    NSSLOWKEYPublicKey *pubk;
+    SECItem publicValue;
+    PLArenaPool *arena;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return CKR_HOST_MEMORY;
+    }
+
+    switch (currPrivKey->keyType) {
+        case NSSLOWKEYDHKey:
+            pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
+                                                          sizeof(NSSLOWKEYPublicKey));
+            if (pubk != NULL) {
+                SECStatus rv;
+
+                pubk->arena = arena;
+                pubk->keyType = currPrivKey->keyType;
+
+                // Regenerate the publicValue
+                rv = DH_Derive(&currPrivKey->u.dh.base, &currPrivKey->u.dh.prime,
+                               &currPrivKey->u.dh.privateValue, &publicValue, 0);
+                if (rv != SECSuccess) {
+                    break;
+                }
+                rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
+                                      &publicValue);
+                SECITEM_ZfreeItem(&publicValue, PR_FALSE);
+                if (rv != SECSuccess) {
+                    break;
+                }
+
+                if (SECITEM_CompareItem(&pubk->u.dh.publicValue, &currPubKey->u.dh.publicValue) != SECEqual) {
+                    nsslowkey_DestroyPublicKey(pubk);
+                    return CKR_GENERAL_ERROR;
+                }
+                nsslowkey_DestroyPublicKey(pubk);
+                return CKR_OK;
+            }
+            break;
+        case NSSLOWKEYECKey:
+            {
+                ECPrivateKey *privk = NULL;
+                SECStatus rv;
+
+                /* The "seed" is an octet stream corresponding to our private key.
+                 * The new public key is derived from this + the parameters and
+                 * stored in the new private key's publicValue. */
+                rv = EC_NewKeyFromSeed (&currPrivKey->u.ec.ecParams,
+                                        &privk,
+                                        currPrivKey->u.ec.privateValue.data,
+                                        currPrivKey->u.ec.privateValue.len);
+                if (rv != SECSuccess)
+                    break;
+
+                /* Verify that the passed-in public value is equal to the one derived */
+                if (SECITEM_CompareItem (&privk->publicValue, &currPubKey->u.ec.publicValue) != SECEqual) {
+                    PORT_FreeArena (privk->ecParams.arena, PR_TRUE);
+                    return CKR_GENERAL_ERROR;
+                }
+
+                PORT_FreeArena (privk->ecParams.arena, PR_TRUE);
+                return CKR_OK;
+            }
+            break;
+        default:
+            break;
+    }
+
+    PORT_FreeArena(arena, PR_TRUE);
+    return CKR_GENERAL_ERROR;
+}
+
 /*
  * FIPS 140-2 pairwise consistency check utilized to validate key pair.
  *
@@ -5311,6 +5394,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
         }
     }
 
+    // Regenerate the publicKey from the privateKey and compare it to the
+    // original publicKey
+    if (keyType == CKK_DH || keyType == CKK_EC) {
+        NSSLOWKEYPrivateKey *currPrivKey = sftk_GetPrivKey(privateKey, CKK_DH, &crv);
+        if (crv != CKR_OK) {
+            return crv;
+        }
+        if (!currPrivKey) {
+            return CKR_DEVICE_ERROR;
+        }
+
+        NSSLOWKEYPublicKey *currPubKey = sftk_GetPubKey(publicKey, CKK_DH, &crv);
+        if (crv != CKR_OK) {
+            return crv;
+        }
+        if (!currPubKey) {
+            return CKR_DEVICE_ERROR;
+        }
+
+        crv = regeneratePublicKeyFromPrivateKeyAndCompare(currPrivKey, currPubKey);
+        if (crv != CKR_OK) {
+            return crv;
+        }
+    }
     return CKR_OK;
 }
- update to NSS 3.90 * bmo#1623338 - ride along: remove a duplicated doc page * bmo#1623338 - remove a reference to IRC * bmo#1831983 - clang-format lib/freebl/stubs.c * bmo#1831983 - Add a constant time select function * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * bmo#1830973 - output early build errors by default * bmo#1804505 - Update the technical constraints for KamuSM * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates * bmo#1790763 - Enable default UBSan Checks * bmo#1786018 - Add explicit handling of zero length records * bmo#1829391 - Tidy up DTLS ACK Error Handling Path * bmo#1786018 - Refactor zero length record tests * bmo#1829112 - Fix compiler warning via correct assert * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * bmo#1784163 - Fix reading raw negative numbers * bmo#1748237 - Repairing unreachable code in clang built with gyp * bmo#1783647 - Integrate Vale Curve25519 * bmo#1799468 - Removing unused flags for Hacl* * bmo#1748237 - Adding a better error message * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * bmo#1782980 - Fall back to the softokn when writing certificate trust * bmo#1806010 - FIPS-104-3 requires we restart post programmatically * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13 * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=418 2023-07-05 13:49:19 +02:00			`# HG changeset patch`
			`# Parent 5786c2bb5c229b530e95e435ee0cf51314359e7b`

			`Index: nss/lib/softoken/pkcs11c.c`
			`===================================================================`
			`--- nss.orig/lib/softoken/pkcs11c.c`
			`+++ nss/lib/softoken/pkcs11c.c`
Accepting request 1109028 from home:dimstar:Factory - Update to NSS 3.93: + bmo#1849471 - Update zlib in NSS to 1.3. + bmo#1848183 - softoken: iterate hashUpdate calls for long inputs. + bmo#1813401 - regenerate NameConstraints test certificates (boo#1214980). - Rebase nss-fips-pct-pubkeys.patch. OBS-URL: https://build.opensuse.org/request/show/1109028 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=426 2023-09-05 20:57:40 +02:00			`@@ -20,6 +20,7 @@`

			`#include <limits.h> /* for UINT_MAX and ULONG_MAX */`

- update to NSS 3.90 * bmo#1623338 - ride along: remove a duplicated doc page * bmo#1623338 - remove a reference to IRC * bmo#1831983 - clang-format lib/freebl/stubs.c * bmo#1831983 - Add a constant time select function * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * bmo#1830973 - output early build errors by default * bmo#1804505 - Update the technical constraints for KamuSM * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates * bmo#1790763 - Enable default UBSan Checks * bmo#1786018 - Add explicit handling of zero length records * bmo#1829391 - Tidy up DTLS ACK Error Handling Path * bmo#1786018 - Refactor zero length record tests * bmo#1829112 - Fix compiler warning via correct assert * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * bmo#1784163 - Fix reading raw negative numbers * bmo#1748237 - Repairing unreachable code in clang built with gyp * bmo#1783647 - Integrate Vale Curve25519 * bmo#1799468 - Removing unused flags for Hacl* * bmo#1748237 - Adding a better error message * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * bmo#1782980 - Fall back to the softokn when writing certificate trust * bmo#1806010 - FIPS-104-3 requires we restart post programmatically * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13 * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=418 2023-07-05 13:49:19 +02:00			`+#include "lowkeyti.h"`
			`#include "seccomon.h"`
			`#include "secitem.h"`
			`#include "secport.h"`
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=437 2024-02-20 12:13:49 +01:00			`@@ -4965,6 +4966,88 @@ pairwise_signverify_mech (CK_SESSION_HAN`
- update to NSS 3.90 * bmo#1623338 - ride along: remove a duplicated doc page * bmo#1623338 - remove a reference to IRC * bmo#1831983 - clang-format lib/freebl/stubs.c * bmo#1831983 - Add a constant time select function * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * bmo#1830973 - output early build errors by default * bmo#1804505 - Update the technical constraints for KamuSM * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates * bmo#1790763 - Enable default UBSan Checks * bmo#1786018 - Add explicit handling of zero length records * bmo#1829391 - Tidy up DTLS ACK Error Handling Path * bmo#1786018 - Refactor zero length record tests * bmo#1829112 - Fix compiler warning via correct assert * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * bmo#1784163 - Fix reading raw negative numbers * bmo#1748237 - Repairing unreachable code in clang built with gyp * bmo#1783647 - Integrate Vale Curve25519 * bmo#1799468 - Removing unused flags for Hacl* * bmo#1748237 - Adding a better error message * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * bmo#1782980 - Fall back to the softokn when writing certificate trust * bmo#1806010 - FIPS-104-3 requires we restart post programmatically * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13 * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=418 2023-07-05 13:49:19 +02:00			`return crv;`
			`}`

			`+/* This function regenerates a public key from a private key`
			`+ * (not simply returning the saved public key) and compares it`
			`+ * to the given publicKey`
			`+ */`
			`+static CK_RV`
			`+regeneratePublicKeyFromPrivateKeyAndCompare(NSSLOWKEYPrivateKey *currPrivKey,`
			`+ NSSLOWKEYPublicKey *currPubKey)`
			`+{`
			`+ NSSLOWKEYPublicKey *pubk;`
			`+ SECItem publicValue;`
			`+ PLArenaPool *arena;`
			`+`
			`+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);`
			`+ if (arena == NULL) {`
			`+ PORT_SetError(SEC_ERROR_NO_MEMORY);`
			`+ return CKR_HOST_MEMORY;`
			`+ }`
			`+`
			`+ switch (currPrivKey->keyType) {`
			`+ case NSSLOWKEYDHKey:`
			`+ pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,`
			`+ sizeof(NSSLOWKEYPublicKey));`
			`+ if (pubk != NULL) {`
			`+ SECStatus rv;`
			`+`
			`+ pubk->arena = arena;`
			`+ pubk->keyType = currPrivKey->keyType;`
			`+`
			`+ // Regenerate the publicValue`
			`+ rv = DH_Derive(&currPrivKey->u.dh.base, &currPrivKey->u.dh.prime,`
			`+ &currPrivKey->u.dh.privateValue, &publicValue, 0);`
			`+ if (rv != SECSuccess) {`
			`+ break;`
			`+ }`
			`+ rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,`
			`+ &publicValue);`
			`+ SECITEM_ZfreeItem(&publicValue, PR_FALSE);`
			`+ if (rv != SECSuccess) {`
			`+ break;`
			`+ }`
			`+`
			`+ if (SECITEM_CompareItem(&pubk->u.dh.publicValue, &currPubKey->u.dh.publicValue) != SECEqual) {`
			`+ nsslowkey_DestroyPublicKey(pubk);`
			`+ return CKR_GENERAL_ERROR;`
			`+ }`
			`+ nsslowkey_DestroyPublicKey(pubk);`
			`+ return CKR_OK;`
			`+ }`
			`+ break;`
			`+ case NSSLOWKEYECKey:`
			`+ {`
			`+ ECPrivateKey *privk = NULL;`
			`+ SECStatus rv;`
			`+`
			`+ /* The "seed" is an octet stream corresponding to our private key.`
			`+ * The new public key is derived from this + the parameters and`
			`+ * stored in the new private key's publicValue. */`
			`+ rv = EC_NewKeyFromSeed (&currPrivKey->u.ec.ecParams,`
			`+ &privk,`
			`+ currPrivKey->u.ec.privateValue.data,`
			`+ currPrivKey->u.ec.privateValue.len);`
			`+ if (rv != SECSuccess)`
			`+ break;`
			`+`
			`+ /* Verify that the passed-in public value is equal to the one derived */`
			`+ if (SECITEM_CompareItem (&privk->publicValue, &currPubKey->u.ec.publicValue) != SECEqual) {`
			`+ PORT_FreeArena (privk->ecParams.arena, PR_TRUE);`
			`+ return CKR_GENERAL_ERROR;`
			`+ }`
			`+`
			`+ PORT_FreeArena (privk->ecParams.arena, PR_TRUE);`
			`+ return CKR_OK;`
			`+ }`
			`+ break;`
			`+ default:`
			`+ break;`
			`+ }`
			`+`
			`+ PORT_FreeArena(arena, PR_TRUE);`
			`+ return CKR_GENERAL_ERROR;`
			`+}`
			`+`
			`/*`
			`* FIPS 140-2 pairwise consistency check utilized to validate key pair.`
			`*`
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=437 2024-02-20 12:13:49 +01:00			`@@ -5311,6 +5394,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION`
- update to NSS 3.90 * bmo#1623338 - ride along: remove a duplicated doc page * bmo#1623338 - remove a reference to IRC * bmo#1831983 - clang-format lib/freebl/stubs.c * bmo#1831983 - Add a constant time select function * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * bmo#1830973 - output early build errors by default * bmo#1804505 - Update the technical constraints for KamuSM * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates * bmo#1790763 - Enable default UBSan Checks * bmo#1786018 - Add explicit handling of zero length records * bmo#1829391 - Tidy up DTLS ACK Error Handling Path * bmo#1786018 - Refactor zero length record tests * bmo#1829112 - Fix compiler warning via correct assert * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * bmo#1784163 - Fix reading raw negative numbers * bmo#1748237 - Repairing unreachable code in clang built with gyp * bmo#1783647 - Integrate Vale Curve25519 * bmo#1799468 - Removing unused flags for Hacl* * bmo#1748237 - Adding a better error message * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * bmo#1782980 - Fall back to the softokn when writing certificate trust * bmo#1806010 - FIPS-104-3 requires we restart post programmatically * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13 * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=418 2023-07-05 13:49:19 +02:00			`}`
			`}`

			`+ // Regenerate the publicKey from the privateKey and compare it to the`
			`+ // original publicKey`
			`+ if (keyType == CKK_DH \|\| keyType == CKK_EC) {`
			`+ NSSLOWKEYPrivateKey *currPrivKey = sftk_GetPrivKey(privateKey, CKK_DH, &crv);`
			`+ if (crv != CKR_OK) {`
			`+ return crv;`
			`+ }`
			`+ if (!currPrivKey) {`
			`+ return CKR_DEVICE_ERROR;`
			`+ }`
			`+`
			`+ NSSLOWKEYPublicKey *currPubKey = sftk_GetPubKey(publicKey, CKK_DH, &crv);`
			`+ if (crv != CKR_OK) {`
			`+ return crv;`
			`+ }`
			`+ if (!currPubKey) {`
			`+ return CKR_DEVICE_ERROR;`
			`+ }`
			`+`
			`+ crv = regeneratePublicKeyFromPrivateKeyAndCompare(currPrivKey, currPubKey);`
			`+ if (crv != CKR_OK) {`
			`+ return crv;`
			`+ }`
			`+ }`
			`return CKR_OK;`
			`}`