• Robert Relyea's avatar
    Bug 1630721 Softoken Functions for FIPS missing r=mt · 60de8da9
    Robert Relyea authored
    For FIPS we need the following:
    
     1. NIST official Key padding for AES Key Wrap.
     2. Combined Hash/Sign mechanisms for DSA and ECDSA.
    
    In the first case our AES_KEY_WRAP_PAD function addes pkcs8 padding to the
    normal AES_KEY_WRAP, which is a different algorithm then the padded key wrap
    specified by NIST. PKCS #11 recognized this and created a special mechanism to
    handle NIST padding. That is why we don't have industry test vectors for
    CKM_NSS_AES_KEY_WRAP_PAD. This patch implements that NIST version (while
    maintaining our own). Also PKCS #11 v3.0 specified PKCS #11 mechanism for
    AES_KEY_WRAP which are compatible (semantically) with the NSS vendor specific
    versions, but with non-vendor specific numbers. Softoken now accepts both
    numbers.
    
    This patch also updates softoken to handle DSA and ECDSA combined hash
    algorithms other than just SHA1 (which is no longer validated).
    
    Finally this patch uses the NIST KWP test vectors in new gtests for the
    AES_KEY_WRAP_KWP wrapping algorithm.
    
    As part of the AES_KEY_WRAP_KWP code, the Constant time macros have been
    generalized and moved to secport. Old macros scattered throughout the code
    have been deleted and existing contant time code has been updated to use
    the new macros.
    
    Differential Revision: https://phabricator.services.mozilla.com/D71225
    60de8da9