Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1306319 - Fix layer violations, r=kaie,ueno
try: -b do -p linux,linux64-gyp -u all -t all -e all

--HG--
rename : cmd/ectest/Makefile => cmd/fbectest/Makefile
rename : cmd/ectest/ectest.c => cmd/fbectest/fbectest.c
rename : cmd/ectest/ectest.gyp => cmd/fbectest/fbectest.gyp
rename : cmd/ectest/manifest.mn => cmd/fbectest/manifest.mn
rename : cmd/ectest/testvecs.h => cmd/fbectest/testvecs.h
rename : cmd/ectest/Makefile => cmd/pk11ectest/Makefile
rename : cmd/ectest/manifest.mn => cmd/pk11ectest/manifest.mn
rename : cmd/ectest/ectest.c => cmd/pk11ectest/pk11ectest.c
rename : cmd/ectest/ectest.gyp => cmd/pk11ectest/pk11ectest.gyp
rename : cmd/ectest/testvecs.h => cmd/pk11ectest/testvecs.h
extra : rebase_source : 0d3fae26c25029a81edc7313b933c6f2136893bf
  • Loading branch information
franziskuskiefer committed Sep 30, 2016
1 parent a2776c9 commit 1d22d64
Show file tree
Hide file tree
Showing 16 changed files with 1,145 additions and 154 deletions.
4 changes: 2 additions & 2 deletions cmd/Makefile
Expand Up @@ -17,13 +17,13 @@ endif
ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
BLTEST_SRCDIR =
ECPERF_SRCDIR =
ECTEST_SRCDIR =
FREEBL_ECTEST_SRCDIR =
FIPSTEST_SRCDIR =
SHLIBSIGN_SRCDIR =
else
BLTEST_SRCDIR = bltest
ECPERF_SRCDIR = ecperf
ECTEST_SRCDIR = ectest
FREEBL_ECTEST_SRCDIR = fbectest
FIPSTEST_SRCDIR = fipstest
SHLIBSIGN_SRCDIR = shlibsign
endif
Expand Down
1 change: 0 additions & 1 deletion cmd/ecperf/ecperf.c
Expand Up @@ -9,7 +9,6 @@
#include "basicutil.h"
#include "pkcs11.h"
#include "nspr.h"
#include "certt.h" /* TODO: remove when old curves are removed */
#include <stdio.h>

#define __PASTE(x, y) x##y
Expand Down
File renamed without changes.
168 changes: 31 additions & 137 deletions cmd/ectest/ectest.c → cmd/fbectest/fbectest.c
Expand Up @@ -5,11 +5,11 @@
#include "blapi.h"
#include "ec.h"
#include "ecl-curve.h"
#include "nss.h"
#include "secutil.h"
#include "prprf.h"
#include "basicutil.h"
#include "secder.h"
#include "secitem.h"
#include "nspr.h"
#include "pk11pub.h"
#include <stdio.h>

typedef struct {
Expand Down Expand Up @@ -218,77 +218,6 @@ ectest_ecdh_kat(ECDH_KAT *kat)
return rv;
}

void
PrintKey(PK11SymKey *symKey)
{
char *name = PK11_GetSymKeyNickname(symKey);
int len = PK11_GetKeyLength(symKey);
int strength = PK11_GetKeyStrength(symKey, NULL);
SECItem *value = NULL;
CK_KEY_TYPE type = PK11_GetSymKeyType(symKey);
(void)PK11_ExtractKeyValue(symKey);

value = PK11_GetKeyData(symKey);
printf("%s %3d %4d %s ", name ? name : "no-name", len, strength,
type == CKK_GENERIC_SECRET ? "generic" : "ERROR! UNKNOWN KEY TYPE");
printBuf(value);

PORT_Free(name);
}

SECStatus
ectest_curve_pkcs11(SECOidTag oid)
{
SECKEYECParams pk_11_ecParams = { siBuffer, NULL, 0 };
SECKEYPublicKey *pubKey = NULL;
SECKEYPrivateKey *privKey = NULL;
SECOidData *oidData = NULL;
CK_MECHANISM_TYPE target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
PK11SymKey *symKey = NULL;
SECStatus rv = SECFailure;

oidData = SECOID_FindOIDByTag(oid);
if (oidData == NULL) {
printf(" >>> SECOID_FindOIDByTag failed.\n");
goto cleanup;
}
PORT_Assert(oidData->oid.len < 256);
SECITEM_AllocItem(NULL, &pk_11_ecParams, (2 + oidData->oid.len));
pk_11_ecParams.data[0] = SEC_ASN1_OBJECT_ID; /* we have to prepend 0x06 */
pk_11_ecParams.data[1] = oidData->oid.len;
memcpy(pk_11_ecParams.data + 2, oidData->oid.data, oidData->oid.len);

privKey = SECKEY_CreateECPrivateKey(&pk_11_ecParams, &pubKey, NULL);
if (!privKey || !pubKey) {
printf(" >>> SECKEY_CreateECPrivateKey failed.\n");
goto cleanup;
}

symKey = PK11_PubDeriveWithKDF(privKey, pubKey, PR_FALSE, NULL, NULL,
CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
CKD_NULL, NULL, NULL);
if (!symKey) {
printf(" >>> PK11_PubDeriveWithKDF failed.\n");
goto cleanup;
}
PrintKey(symKey);
rv = SECSuccess;

cleanup:
if (privKey) {
SECKEY_DestroyPrivateKey(privKey);
}
if (pubKey) {
SECKEY_DestroyPublicKey(pubKey);
}
if (symKey) {
PK11_FreeSymKey(symKey);
}
SECITEM_FreeItem(&pk_11_ecParams, PR_FALSE);

return rv;
}

SECStatus
ectest_validate_point(ECDH_BAD *bad)
{
Expand All @@ -313,11 +242,9 @@ void
printUsage(char *prog)
{
printf("Usage: %s [-fp] [-nd]\n"
"\t-f: usefreebl\n"
"\t-p: usepkcs11\n"
"\t-n: NIST curves\n"
"\t-d: non-NIST curves\n"
"You have to specify at least f or p and n or d.\n"
"You have to specify at at least one of n or d.\n"
"By default no tests are executed.\n",
prog);
}
Expand All @@ -331,20 +258,11 @@ main(int argv, char **argc)
SECStatus rv = SECSuccess;
int numkats = 0;
int i = 0;
int usepkcs11 = 0;
int usefreebl = 0;
int nist = 0;
int nonnist = 0;
SECOidTag nistOids[3] = { SEC_OID_SECG_EC_SECP256R1,
SEC_OID_SECG_EC_SECP384R1,
SEC_OID_SECG_EC_SECP521R1 };

for (i = 1; i < argv; i++) {
if (PL_strcasecmp(argc[i], "-p") == 0) {
usepkcs11 = 1;
} else if (PL_strcasecmp(argc[i], "-f") == 0) {
usefreebl = 1;
} else if (PL_strcasecmp(argc[i], "-n") == 0) {
if (PL_strcasecmp(argc[i], "-n") == 0) {
nist = 1;
} else if (PL_strcasecmp(argc[i], "-d") == 0) {
nonnist = 1;
Expand All @@ -353,79 +271,55 @@ main(int argv, char **argc)
return 1;
}
}
if (!(usepkcs11 || usefreebl) || !(nist || nonnist)) {
if (!nist && !nonnist) {
printUsage(argc[0]);
return 1;
}

rv = NSS_NoDB_Init(NULL);
rv = SECOID_Init();
if (rv != SECSuccess) {
SECU_PrintError("Error:", "NSS_NoDB_Init");
SECU_PrintError("Error:", "SECOID_Init");
goto cleanup;
}

/* Test P256, P384, P521 */
if (usefreebl) {
if (nist) {
while (ecdh_testvecs[numkats].curve != ECCurve_pastLastCurve) {
numkats++;
}
printf("1..%d\n", numkats);
for (i = 0; ecdh_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_ecdh_kat(&ecdh_testvecs[i]) != SECSuccess) {
printf("not okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
rv = SECFailure;
} else {
printf("okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
}
}
if (nist) {
while (ecdh_testvecs[numkats].curve != ECCurve_pastLastCurve) {
numkats++;
}

/* Test KAT for non-NIST curves */
if (nonnist) {
for (i = 0; nonnist_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_ecdh_kat(&nonnist_testvecs[i]) != SECSuccess) {
printf("not okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
rv = SECFailure;
} else {
printf("okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
}
}
for (i = 0; nonnist_testvecs_bad_values[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_validate_point(&nonnist_testvecs_bad_values[i]) == SECSuccess) {
printf("not okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
rv = SECFailure;
} else {
printf("okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
}
printf("1..%d\n", numkats);
for (i = 0; ecdh_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_ecdh_kat(&ecdh_testvecs[i]) != SECSuccess) {
printf("not okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
rv = SECFailure;
} else {
printf("okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
}
}
}

/* Test PK11 for non-NIST curves */
if (usepkcs11) {
if (nonnist) {
if (ectest_curve_pkcs11(SEC_OID_CURVE25519) != SECSuccess) {
printf("not okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
/* Test KAT for non-NIST curves */
if (nonnist) {
for (i = 0; nonnist_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_ecdh_kat(&nonnist_testvecs[i]) != SECSuccess) {
printf("not okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
rv = SECFailure;
} else {
printf("okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
printf("okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
}
}
if (nist) {
for (i = 0; i < 3; ++i) {
if (ectest_curve_pkcs11(nistOids[i]) != SECSuccess) {
printf("not okay (OID %d) - PK11 test\n", nistOids[i]);
rv = SECFailure;
} else {
printf("okay (OID %d) - PK11 test\n", nistOids[i]);
}
for (i = 0; nonnist_testvecs_bad_values[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_validate_point(&nonnist_testvecs_bad_values[i]) == SECSuccess) {
printf("not okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
rv = SECFailure;
} else {
printf("okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
}
}
}

cleanup:
rv |= NSS_Shutdown();
rv |= SECOID_Shutdown();

if (rv != SECSuccess) {
printf("Error: exiting with error value\n");
Expand Down
4 changes: 2 additions & 2 deletions cmd/ectest/ectest.gyp → cmd/fbectest/fbectest.gyp
Expand Up @@ -8,10 +8,10 @@
],
'targets': [
{
'target_name': 'ectest',
'target_name': 'fbectest',
'type': 'executable',
'sources': [
'ectest.c'
'fbectest.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
Expand Down
4 changes: 2 additions & 2 deletions cmd/ectest/manifest.mn → cmd/fbectest/manifest.mn
Expand Up @@ -11,8 +11,8 @@ MODULE = nss

INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken

CSRCS = ectest.c
CSRCS = fbectest.c

PROGRAM = ectest
PROGRAM = fbectest

USE_STATIC_LIBS = 1
File renamed without changes.
3 changes: 2 additions & 1 deletion cmd/manifest.mn
Expand Up @@ -23,7 +23,7 @@ ifndef NSS_BUILD_UTIL_ONLY
SOFTOKEN_SRCDIRS = \
$(BLTEST_SRCDIR) \
$(ECPERF_SRCDIR) \
$(ECTEST_SRCDIR) \
$(FREEBL_ECTEST_SRCDIR) \
$(FIPSTEST_SRCDIR) \
$(LOWHASHTEST_SRCDIR) \
$(SHLIBSIGN_SRCDIR) \
Expand Down Expand Up @@ -56,6 +56,7 @@ NSS_SRCDIRS = \
p7sign \
p7verify \
pk12util \
pk11ectest \
pk11gcmtest \
pk11mode \
pk1sign \
Expand Down
46 changes: 46 additions & 0 deletions cmd/pk11ectest/Makefile
@@ -0,0 +1,46 @@
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################

include manifest.mn

#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################

include $(CORE_DEPTH)/coreconf/config.mk

#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################

#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../platlibs.mk

#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################

include $(CORE_DEPTH)/coreconf/rules.mk

#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################



#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################


include ../platrules.mk

16 changes: 16 additions & 0 deletions cmd/pk11ectest/manifest.mn
@@ -0,0 +1,16 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

DEPTH = ../..
CORE_DEPTH = ../..

# MODULE public and private header directories are implicitly REQUIRED.
MODULE = nss

CSRCS = pk11ectest.c

PROGRAM = pk11ectest

USE_STATIC_LIBS = 1

0 comments on commit 1d22d64

Please sign in to comment.