088d6711db
* bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key * bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c * bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds * bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * bmo#1918767 - override default definition of KRML_MUSTINLINE * bmo#1916525 - libssl support for mlkem768x25519 * bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap * bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL * bmo#1911912 - Avoid misuse of ctype(3) functions * bmo#1917311 - part 2: run clang-format * bmo#1917311 - part 1: upgrade to clang-format 13 * bmo#1916953 - clang-format fuzz * bmo#1910370 - DTLS client message buffer may not empty be on retransmit * bmo#1916413 - Optionally print config for TLS client and server fuzz target * bmo#1916059 - Fix some simple documentation issues in NSS. * bmo#1915439 - improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=463
131 lines
5.6 KiB
Diff
131 lines
5.6 KiB
Diff
# HG changeset patch
|
|
# User M. Sirringhaus <msirringhaus@suse.de>
|
|
# Date 1589854460 -7200
|
|
# Tue May 19 04:14:20 2020 +0200
|
|
# Node ID ce99bba6375432c55a73c1367f619dfef7c7e9fc
|
|
# Parent 2c820431829b3e5c7e161bd0bf73b48def9d3822
|
|
commit e78f5a6a2124ce88002796d6aaefc6232f132526
|
|
Author: Hans Petter Jansson <hpj@cl.no>
|
|
AES Keywrap POST.
|
|
|
|
|
|
Index: nss/lib/freebl/fipsfreebl.c
|
|
===================================================================
|
|
--- nss.orig/lib/freebl/fipsfreebl.c
|
|
+++ nss/lib/freebl/fipsfreebl.c
|
|
@@ -113,6 +113,9 @@ DllMain(
|
|
#define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */
|
|
#define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */
|
|
|
|
+/* FIPS preprocessor directives for AES Keywrap */
|
|
+#define FIPS_AES_KEYWRAP_KNOWN_CIPHERTEXT_SIZE 24 /* 192-bits */
|
|
+
|
|
/* FIPS preprocessor directives for message digests */
|
|
#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
|
|
|
|
@@ -292,6 +295,9 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
|
|
|
|
static const PRUint8 aes_gcm_known_aad[] = { "MozillaallizoM" };
|
|
|
|
+ /* AES Keywrap Known Initialization Vector (64 bits) */
|
|
+ static const PRUint8 aes_key_wrap_iv[] = { "WrapparW" };
|
|
+
|
|
/* AES Known Ciphertext (128-bit key). */
|
|
static const PRUint8 aes_ecb128_known_ciphertext[] = {
|
|
0x3c, 0xa5, 0x96, 0xf3, 0x34, 0x6a, 0x96, 0xc1,
|
|
@@ -362,6 +368,25 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
|
|
|
|
};
|
|
|
|
+ /* AES Keywrap Known Ciphertexts. */
|
|
+ static const PRUint8 aes_kw128_known_ciphertext[] = {
|
|
+ 0xd7, 0xec, 0x33, 0x3a, 0x35, 0x50, 0x91, 0x4d,
|
|
+ 0x04, 0x69, 0x1f, 0xbc, 0x9b, 0x3a, 0x51, 0x9d,
|
|
+ 0xf3, 0x45, 0x01, 0xec, 0xaa, 0x43, 0x33, 0x42
|
|
+ };
|
|
+
|
|
+ static const PRUint8 aes_kw192_known_ciphertext[] = {
|
|
+ 0x18, 0x44, 0xab, 0x72, 0xbd, 0x35, 0x6c, 0x8f,
|
|
+ 0x34, 0x34, 0x2e, 0x0b, 0xb0, 0x19, 0xd3, 0x46,
|
|
+ 0x3e, 0x53, 0x4f, 0x2f, 0x43, 0xcc, 0xf5, 0x8c
|
|
+ };
|
|
+
|
|
+ static const PRUint8 aes_kw256_known_ciphertext[] = {
|
|
+ 0x3e, 0xaf, 0xf3, 0x36, 0xaf, 0xc3, 0x68, 0xab,
|
|
+ 0x5a, 0x07, 0xed, 0x64, 0x5b, 0xf8, 0x81, 0x0d,
|
|
+ 0x9e, 0x67, 0x75, 0xbd, 0x66, 0xe1, 0x52, 0xdc
|
|
+ };
|
|
+
|
|
const PRUint8 *aes_ecb_known_ciphertext =
|
|
(aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext
|
|
: aes_ecb256_known_ciphertext;
|
|
@@ -378,11 +403,15 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
|
|
(aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cmac128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cmac192_known_ciphertext
|
|
: aes_cmac256_known_ciphertext;
|
|
|
|
+ const PRUint8 *aes_keywrap_known_ciphertext =
|
|
+ (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_kw128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_kw192_known_ciphertext : aes_kw256_known_ciphertext;
|
|
+
|
|
/* AES variables. */
|
|
PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH * 2];
|
|
PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH * 2];
|
|
AESContext *aes_context;
|
|
CMACContext *cmac_context;
|
|
+ AESKeyWrapContext *aes_keywrap_context;
|
|
unsigned int aes_bytes_encrypted;
|
|
unsigned int aes_bytes_decrypted;
|
|
CK_NSS_GCM_PARAMS gcmParams;
|
|
@@ -608,6 +637,52 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
|
|
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
return (SECFailure);
|
|
}
|
|
+
|
|
+ /********************************/
|
|
+ /* AES Keywrap En/Decrypt Test. */
|
|
+ /********************************/
|
|
+
|
|
+ /* Create encryption context */
|
|
+ aes_keywrap_context = AESKeyWrap_CreateContext(aes_known_key, aes_key_wrap_iv, PR_TRUE,
|
|
+ aes_key_size);
|
|
+ if (aes_keywrap_context == NULL) {
|
|
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
|
|
+ return (SECFailure);
|
|
+ }
|
|
+
|
|
+ aes_status = AESKeyWrap_Encrypt(aes_keywrap_context,
|
|
+ aes_computed_ciphertext, &aes_bytes_encrypted,
|
|
+ FIPS_AES_ENCRYPT_LENGTH * 2,
|
|
+ aes_known_plaintext, FIPS_AES_ENCRYPT_LENGTH);
|
|
+
|
|
+ AESKeyWrap_DestroyContext(aes_keywrap_context, PR_TRUE);
|
|
+
|
|
+ if ((aes_status != SECSuccess) ||
|
|
+ (aes_bytes_encrypted != FIPS_AES_KEYWRAP_KNOWN_CIPHERTEXT_SIZE) ||
|
|
+ (PORT_Memcmp (aes_computed_ciphertext, aes_keywrap_known_ciphertext,
|
|
+ FIPS_AES_KEYWRAP_KNOWN_CIPHERTEXT_SIZE) != 0)) {
|
|
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
+ return (SECFailure);
|
|
+ }
|
|
+
|
|
+ /* Create decryption context */
|
|
+ aes_keywrap_context = AESKeyWrap_CreateContext(aes_known_key, aes_key_wrap_iv, PR_FALSE,
|
|
+ aes_key_size);
|
|
+
|
|
+ aes_status = AESKeyWrap_Decrypt(aes_keywrap_context,
|
|
+ aes_computed_plaintext, &aes_bytes_decrypted,
|
|
+ FIPS_AES_ENCRYPT_LENGTH,
|
|
+ aes_computed_ciphertext, aes_bytes_encrypted);
|
|
+
|
|
+ AESKeyWrap_DestroyContext(aes_keywrap_context, PR_TRUE);
|
|
+
|
|
+ if ((aes_status != SECSuccess) ||
|
|
+ (aes_bytes_decrypted != FIPS_AES_ENCRYPT_LENGTH) ||
|
|
+ (PORT_Memcmp (aes_computed_plaintext, aes_known_plaintext,
|
|
+ FIPS_AES_ENCRYPT_LENGTH) != 0)) {
|
|
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
+ return (SECFailure);
|
|
+ }
|
|
|
|
return (SECSuccess);
|
|
}
|