mozilla-nss/nss-fips-aes-keywrap-post.patch
Wolfgang Rosenauer 088d6711db - update to NSS 3.105
* bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key
  * bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c
  * bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds
  * bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys
  * bmo#1918767 - override default definition of KRML_MUSTINLINE
  * bmo#1916525 - libssl support for mlkem768x25519
  * bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap
  * bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL
  * bmo#1911912 - Avoid misuse of ctype(3) functions
  * bmo#1917311 - part 2: run clang-format
  * bmo#1917311 - part 1: upgrade to clang-format 13
  * bmo#1916953 - clang-format fuzz
  * bmo#1910370 - DTLS client message buffer may not empty be on retransmit
  * bmo#1916413 - Optionally print config for TLS client and server
                  fuzz target
  * bmo#1916059 - Fix some simple documentation issues in NSS.
  * bmo#1915439 - improve performance of NSC_FindObjectsInit when
                  template has CKA_TOKEN attr
  * bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=463
2024-10-28 12:29:57 +00:00

131 lines
5.6 KiB
Diff

# HG changeset patch
# User M. Sirringhaus <msirringhaus@suse.de>
# Date 1589854460 -7200
# Tue May 19 04:14:20 2020 +0200
# Node ID ce99bba6375432c55a73c1367f619dfef7c7e9fc
# Parent 2c820431829b3e5c7e161bd0bf73b48def9d3822
commit e78f5a6a2124ce88002796d6aaefc6232f132526
Author: Hans Petter Jansson <hpj@cl.no>
AES Keywrap POST.
Index: nss/lib/freebl/fipsfreebl.c
===================================================================
--- nss.orig/lib/freebl/fipsfreebl.c
+++ nss/lib/freebl/fipsfreebl.c
@@ -113,6 +113,9 @@ DllMain(
#define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */
#define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */
+/* FIPS preprocessor directives for AES Keywrap */
+#define FIPS_AES_KEYWRAP_KNOWN_CIPHERTEXT_SIZE 24 /* 192-bits */
+
/* FIPS preprocessor directives for message digests */
#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
@@ -292,6 +295,9 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
static const PRUint8 aes_gcm_known_aad[] = { "MozillaallizoM" };
+ /* AES Keywrap Known Initialization Vector (64 bits) */
+ static const PRUint8 aes_key_wrap_iv[] = { "WrapparW" };
+
/* AES Known Ciphertext (128-bit key). */
static const PRUint8 aes_ecb128_known_ciphertext[] = {
0x3c, 0xa5, 0x96, 0xf3, 0x34, 0x6a, 0x96, 0xc1,
@@ -362,6 +368,25 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
};
+ /* AES Keywrap Known Ciphertexts. */
+ static const PRUint8 aes_kw128_known_ciphertext[] = {
+ 0xd7, 0xec, 0x33, 0x3a, 0x35, 0x50, 0x91, 0x4d,
+ 0x04, 0x69, 0x1f, 0xbc, 0x9b, 0x3a, 0x51, 0x9d,
+ 0xf3, 0x45, 0x01, 0xec, 0xaa, 0x43, 0x33, 0x42
+ };
+
+ static const PRUint8 aes_kw192_known_ciphertext[] = {
+ 0x18, 0x44, 0xab, 0x72, 0xbd, 0x35, 0x6c, 0x8f,
+ 0x34, 0x34, 0x2e, 0x0b, 0xb0, 0x19, 0xd3, 0x46,
+ 0x3e, 0x53, 0x4f, 0x2f, 0x43, 0xcc, 0xf5, 0x8c
+ };
+
+ static const PRUint8 aes_kw256_known_ciphertext[] = {
+ 0x3e, 0xaf, 0xf3, 0x36, 0xaf, 0xc3, 0x68, 0xab,
+ 0x5a, 0x07, 0xed, 0x64, 0x5b, 0xf8, 0x81, 0x0d,
+ 0x9e, 0x67, 0x75, 0xbd, 0x66, 0xe1, 0x52, 0xdc
+ };
+
const PRUint8 *aes_ecb_known_ciphertext =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext
: aes_ecb256_known_ciphertext;
@@ -378,11 +403,15 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
(aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cmac128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cmac192_known_ciphertext
: aes_cmac256_known_ciphertext;
+ const PRUint8 *aes_keywrap_known_ciphertext =
+ (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_kw128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_kw192_known_ciphertext : aes_kw256_known_ciphertext;
+
/* AES variables. */
PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH * 2];
PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH * 2];
AESContext *aes_context;
CMACContext *cmac_context;
+ AESKeyWrapContext *aes_keywrap_context;
unsigned int aes_bytes_encrypted;
unsigned int aes_bytes_decrypted;
CK_NSS_GCM_PARAMS gcmParams;
@@ -608,6 +637,52 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return (SECFailure);
}
+
+ /********************************/
+ /* AES Keywrap En/Decrypt Test. */
+ /********************************/
+
+ /* Create encryption context */
+ aes_keywrap_context = AESKeyWrap_CreateContext(aes_known_key, aes_key_wrap_iv, PR_TRUE,
+ aes_key_size);
+ if (aes_keywrap_context == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (SECFailure);
+ }
+
+ aes_status = AESKeyWrap_Encrypt(aes_keywrap_context,
+ aes_computed_ciphertext, &aes_bytes_encrypted,
+ FIPS_AES_ENCRYPT_LENGTH * 2,
+ aes_known_plaintext, FIPS_AES_ENCRYPT_LENGTH);
+
+ AESKeyWrap_DestroyContext(aes_keywrap_context, PR_TRUE);
+
+ if ((aes_status != SECSuccess) ||
+ (aes_bytes_encrypted != FIPS_AES_KEYWRAP_KNOWN_CIPHERTEXT_SIZE) ||
+ (PORT_Memcmp (aes_computed_ciphertext, aes_keywrap_known_ciphertext,
+ FIPS_AES_KEYWRAP_KNOWN_CIPHERTEXT_SIZE) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
+ }
+
+ /* Create decryption context */
+ aes_keywrap_context = AESKeyWrap_CreateContext(aes_known_key, aes_key_wrap_iv, PR_FALSE,
+ aes_key_size);
+
+ aes_status = AESKeyWrap_Decrypt(aes_keywrap_context,
+ aes_computed_plaintext, &aes_bytes_decrypted,
+ FIPS_AES_ENCRYPT_LENGTH,
+ aes_computed_ciphertext, aes_bytes_encrypted);
+
+ AESKeyWrap_DestroyContext(aes_keywrap_context, PR_TRUE);
+
+ if ((aes_status != SECSuccess) ||
+ (aes_bytes_decrypted != FIPS_AES_ENCRYPT_LENGTH) ||
+ (PORT_Memcmp (aes_computed_plaintext, aes_known_plaintext,
+ FIPS_AES_ENCRYPT_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
+ }
return (SECSuccess);
}