Commit 1d22d642 authored by Franziskus Kiefer's avatar Franziskus Kiefer

Bug 1306319 - Fix layer violations, r=kaie,ueno

try: -b do -p linux,linux64-gyp -u all -t all -e all

--HG--
rename : cmd/ectest/Makefile => cmd/fbectest/Makefile
rename : cmd/ectest/ectest.c => cmd/fbectest/fbectest.c
rename : cmd/ectest/ectest.gyp => cmd/fbectest/fbectest.gyp
rename : cmd/ectest/manifest.mn => cmd/fbectest/manifest.mn
rename : cmd/ectest/testvecs.h => cmd/fbectest/testvecs.h
rename : cmd/ectest/Makefile => cmd/pk11ectest/Makefile
rename : cmd/ectest/manifest.mn => cmd/pk11ectest/manifest.mn
rename : cmd/ectest/ectest.c => cmd/pk11ectest/pk11ectest.c
rename : cmd/ectest/ectest.gyp => cmd/pk11ectest/pk11ectest.gyp
rename : cmd/ectest/testvecs.h => cmd/pk11ectest/testvecs.h
extra : rebase_source : 0d3fae26c25029a81edc7313b933c6f2136893bf
parent a2776c94
......@@ -17,13 +17,13 @@ endif
ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
BLTEST_SRCDIR =
ECPERF_SRCDIR =
ECTEST_SRCDIR =
FREEBL_ECTEST_SRCDIR =
FIPSTEST_SRCDIR =
SHLIBSIGN_SRCDIR =
else
BLTEST_SRCDIR = bltest
ECPERF_SRCDIR = ecperf
ECTEST_SRCDIR = ectest
FREEBL_ECTEST_SRCDIR = fbectest
FIPSTEST_SRCDIR = fipstest
SHLIBSIGN_SRCDIR = shlibsign
endif
......
......@@ -9,7 +9,6 @@
#include "basicutil.h"
#include "pkcs11.h"
#include "nspr.h"
#include "certt.h" /* TODO: remove when old curves are removed */
#include <stdio.h>
#define __PASTE(x, y) x##y
......
......@@ -5,11 +5,11 @@
#include "blapi.h"
#include "ec.h"
#include "ecl-curve.h"
#include "nss.h"
#include "secutil.h"
#include "prprf.h"
#include "basicutil.h"
#include "secder.h"
#include "secitem.h"
#include "nspr.h"
#include "pk11pub.h"
#include <stdio.h>
typedef struct {
......@@ -218,77 +218,6 @@ cleanup:
return rv;
}
void
PrintKey(PK11SymKey *symKey)
{
char *name = PK11_GetSymKeyNickname(symKey);
int len = PK11_GetKeyLength(symKey);
int strength = PK11_GetKeyStrength(symKey, NULL);
SECItem *value = NULL;
CK_KEY_TYPE type = PK11_GetSymKeyType(symKey);
(void)PK11_ExtractKeyValue(symKey);
value = PK11_GetKeyData(symKey);
printf("%s %3d %4d %s ", name ? name : "no-name", len, strength,
type == CKK_GENERIC_SECRET ? "generic" : "ERROR! UNKNOWN KEY TYPE");
printBuf(value);
PORT_Free(name);
}
SECStatus
ectest_curve_pkcs11(SECOidTag oid)
{
SECKEYECParams pk_11_ecParams = { siBuffer, NULL, 0 };
SECKEYPublicKey *pubKey = NULL;
SECKEYPrivateKey *privKey = NULL;
SECOidData *oidData = NULL;
CK_MECHANISM_TYPE target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
PK11SymKey *symKey = NULL;
SECStatus rv = SECFailure;
oidData = SECOID_FindOIDByTag(oid);
if (oidData == NULL) {
printf(" >>> SECOID_FindOIDByTag failed.\n");
goto cleanup;
}
PORT_Assert(oidData->oid.len < 256);
SECITEM_AllocItem(NULL, &pk_11_ecParams, (2 + oidData->oid.len));
pk_11_ecParams.data[0] = SEC_ASN1_OBJECT_ID; /* we have to prepend 0x06 */
pk_11_ecParams.data[1] = oidData->oid.len;
memcpy(pk_11_ecParams.data + 2, oidData->oid.data, oidData->oid.len);
privKey = SECKEY_CreateECPrivateKey(&pk_11_ecParams, &pubKey, NULL);
if (!privKey || !pubKey) {
printf(" >>> SECKEY_CreateECPrivateKey failed.\n");
goto cleanup;
}
symKey = PK11_PubDeriveWithKDF(privKey, pubKey, PR_FALSE, NULL, NULL,
CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
CKD_NULL, NULL, NULL);
if (!symKey) {
printf(" >>> PK11_PubDeriveWithKDF failed.\n");
goto cleanup;
}
PrintKey(symKey);
rv = SECSuccess;
cleanup:
if (privKey) {
SECKEY_DestroyPrivateKey(privKey);
}
if (pubKey) {
SECKEY_DestroyPublicKey(pubKey);
}
if (symKey) {
PK11_FreeSymKey(symKey);
}
SECITEM_FreeItem(&pk_11_ecParams, PR_FALSE);
return rv;
}
SECStatus
ectest_validate_point(ECDH_BAD *bad)
{
......@@ -313,11 +242,9 @@ void
printUsage(char *prog)
{
printf("Usage: %s [-fp] [-nd]\n"
"\t-f: usefreebl\n"
"\t-p: usepkcs11\n"
"\t-n: NIST curves\n"
"\t-d: non-NIST curves\n"
"You have to specify at least f or p and n or d.\n"
"You have to specify at at least one of n or d.\n"
"By default no tests are executed.\n",
prog);
}
......@@ -331,20 +258,11 @@ main(int argv, char **argc)
SECStatus rv = SECSuccess;
int numkats = 0;
int i = 0;
int usepkcs11 = 0;
int usefreebl = 0;
int nist = 0;
int nonnist = 0;
SECOidTag nistOids[3] = { SEC_OID_SECG_EC_SECP256R1,
SEC_OID_SECG_EC_SECP384R1,
SEC_OID_SECG_EC_SECP521R1 };
for (i = 1; i < argv; i++) {
if (PL_strcasecmp(argc[i], "-p") == 0) {
usepkcs11 = 1;
} else if (PL_strcasecmp(argc[i], "-f") == 0) {
usefreebl = 1;
} else if (PL_strcasecmp(argc[i], "-n") == 0) {
if (PL_strcasecmp(argc[i], "-n") == 0) {
nist = 1;
} else if (PL_strcasecmp(argc[i], "-d") == 0) {
nonnist = 1;
......@@ -353,79 +271,55 @@ main(int argv, char **argc)
return 1;
}
}
if (!(usepkcs11 || usefreebl) || !(nist || nonnist)) {
if (!nist && !nonnist) {
printUsage(argc[0]);
return 1;
}
rv = NSS_NoDB_Init(NULL);
rv = SECOID_Init();
if (rv != SECSuccess) {
SECU_PrintError("Error:", "NSS_NoDB_Init");
SECU_PrintError("Error:", "SECOID_Init");
goto cleanup;
}
/* Test P256, P384, P521 */
if (usefreebl) {
if (nist) {
while (ecdh_testvecs[numkats].curve != ECCurve_pastLastCurve) {
numkats++;
}
printf("1..%d\n", numkats);
for (i = 0; ecdh_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_ecdh_kat(&ecdh_testvecs[i]) != SECSuccess) {
printf("not okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
rv = SECFailure;
} else {
printf("okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
}
}
if (nist) {
while (ecdh_testvecs[numkats].curve != ECCurve_pastLastCurve) {
numkats++;
}
/* Test KAT for non-NIST curves */
if (nonnist) {
for (i = 0; nonnist_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_ecdh_kat(&nonnist_testvecs[i]) != SECSuccess) {
printf("not okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
rv = SECFailure;
} else {
printf("okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
}
}
for (i = 0; nonnist_testvecs_bad_values[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_validate_point(&nonnist_testvecs_bad_values[i]) == SECSuccess) {
printf("not okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
rv = SECFailure;
} else {
printf("okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
}
printf("1..%d\n", numkats);
for (i = 0; ecdh_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_ecdh_kat(&ecdh_testvecs[i]) != SECSuccess) {
printf("not okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
rv = SECFailure;
} else {
printf("okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
}
}
}
/* Test PK11 for non-NIST curves */
if (usepkcs11) {
if (nonnist) {
if (ectest_curve_pkcs11(SEC_OID_CURVE25519) != SECSuccess) {
printf("not okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
/* Test KAT for non-NIST curves */
if (nonnist) {
for (i = 0; nonnist_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_ecdh_kat(&nonnist_testvecs[i]) != SECSuccess) {
printf("not okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
rv = SECFailure;
} else {
printf("okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
printf("okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
}
}
if (nist) {
for (i = 0; i < 3; ++i) {
if (ectest_curve_pkcs11(nistOids[i]) != SECSuccess) {
printf("not okay (OID %d) - PK11 test\n", nistOids[i]);
rv = SECFailure;
} else {
printf("okay (OID %d) - PK11 test\n", nistOids[i]);
}
for (i = 0; nonnist_testvecs_bad_values[i].curve != ECCurve_pastLastCurve; i++) {
if (ectest_validate_point(&nonnist_testvecs_bad_values[i]) == SECSuccess) {
printf("not okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
rv = SECFailure;
} else {
printf("okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
}
}
}
cleanup:
rv |= NSS_Shutdown();
rv |= SECOID_Shutdown();
if (rv != SECSuccess) {
printf("Error: exiting with error value\n");
......
......@@ -8,10 +8,10 @@
],
'targets': [
{
'target_name': 'ectest',
'target_name': 'fbectest',
'type': 'executable',
'sources': [
'ectest.c'
'fbectest.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
......
......@@ -11,8 +11,8 @@ MODULE = nss
INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken
CSRCS = ectest.c
CSRCS = fbectest.c
PROGRAM = ectest
PROGRAM = fbectest
USE_STATIC_LIBS = 1
......@@ -23,7 +23,7 @@ ifndef NSS_BUILD_UTIL_ONLY
SOFTOKEN_SRCDIRS = \
$(BLTEST_SRCDIR) \
$(ECPERF_SRCDIR) \
$(ECTEST_SRCDIR) \
$(FREEBL_ECTEST_SRCDIR) \
$(FIPSTEST_SRCDIR) \
$(LOWHASHTEST_SRCDIR) \
$(SHLIBSIGN_SRCDIR) \
......@@ -56,6 +56,7 @@ NSS_SRCDIRS = \
p7sign \
p7verify \
pk12util \
pk11ectest \
pk11gcmtest \
pk11mode \
pk1sign \
......
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include ../platrules.mk
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
DEPTH = ../..
CORE_DEPTH = ../..
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = nss
CSRCS = pk11ectest.c
PROGRAM = pk11ectest
USE_STATIC_LIBS = 1
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "blapi.h"
#include "nss.h"
#include "secutil.h"
#include "secitem.h"
#include "nspr.h"
#include "pk11pub.h"
#include <stdio.h>
void
printBuf(const SECItem *item)
{
int i;
if (!item || !item->len) {
printf("(null)\n");
return;
}
for (i = 0; i < item->len; i++) {
printf("%02x", item->data[i]);
}
printf("\n");
}
void
PrintKey(PK11SymKey *symKey)
{
char *name = PK11_GetSymKeyNickname(symKey);
int len = PK11_GetKeyLength(symKey);
int strength = PK11_GetKeyStrength(symKey, NULL);
SECItem *value = NULL;
CK_KEY_TYPE type = PK11_GetSymKeyType(symKey);
(void)PK11_ExtractKeyValue(symKey);
value = PK11_GetKeyData(symKey);
printf("%s %3d %4d %s ", name ? name : "no-name", len, strength,
type == CKK_GENERIC_SECRET ? "generic" : "ERROR! UNKNOWN KEY TYPE");
printBuf(value);
PORT_Free(name);
}
SECStatus
ectest_curve_pkcs11(SECOidTag oid)
{
SECKEYECParams pk_11_ecParams = { siBuffer, NULL, 0 };
SECKEYPublicKey *pubKey = NULL;
SECKEYPrivateKey *privKey = NULL;
SECOidData *oidData = NULL;
CK_MECHANISM_TYPE target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
PK11SymKey *symKey = NULL;
SECStatus rv = SECFailure;
oidData = SECOID_FindOIDByTag(oid);
if (oidData == NULL) {
printf(" >>> SECOID_FindOIDByTag failed.\n");
goto cleanup;
}
PORT_Assert(oidData->oid.len < 256);
SECITEM_AllocItem(NULL, &pk_11_ecParams, (2 + oidData->oid.len));
pk_11_ecParams.data[0] = SEC_ASN1_OBJECT_ID; /* we have to prepend 0x06 */
pk_11_ecParams.data[1] = oidData->oid.len;
memcpy(pk_11_ecParams.data + 2, oidData->oid.data, oidData->oid.len);
privKey = SECKEY_CreateECPrivateKey(&pk_11_ecParams, &pubKey, NULL);
if (!privKey || !pubKey) {
printf(" >>> SECKEY_CreateECPrivateKey failed.\n");
goto cleanup;
}
symKey = PK11_PubDeriveWithKDF(privKey, pubKey, PR_FALSE, NULL, NULL,
CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
CKD_NULL, NULL, NULL);
if (!symKey) {
printf(" >>> PK11_PubDeriveWithKDF failed.\n");
goto cleanup;
}
PrintKey(symKey);
rv = SECSuccess;
cleanup:
if (privKey) {
SECKEY_DestroyPrivateKey(privKey);
}
if (pubKey) {
SECKEY_DestroyPublicKey(pubKey);
}
if (symKey) {
PK11_FreeSymKey(symKey);
}
SECITEM_FreeItem(&pk_11_ecParams, PR_FALSE);
return rv;
}
void
printUsage(char *prog)
{
printf("Usage: %s [-fp] [-nd]\n"
"\t-n: NIST curves\n"
"\t-d: non-NIST curves\n"
"You have to specify at at least one of n or d.\n"
"By default no tests are executed.\n",
prog);
}
/* Performs tests of elliptic curve cryptography over prime fields If
* tests fail, then it prints an error message, aborts, and returns an
* error code. Otherwise, returns 0. */
int
main(int argv, char **argc)
{
SECStatus rv = SECSuccess;
int i = 0;
int nist = 0;
int nonnist = 0;
SECOidTag nistOids[3] = { SEC_OID_SECG_EC_SECP256R1,
SEC_OID_SECG_EC_SECP384R1,
SEC_OID_SECG_EC_SECP521R1 };
for (i = 1; i < argv; i++) {
if (PL_strcasecmp(argc[i], "-n") == 0) {
nist = 1;
} else if (PL_strcasecmp(argc[i], "-d") == 0) {
nonnist = 1;
} else {
printUsage(argc[0]);
return 1;
}
}
if (!nist && !nonnist) {
printUsage(argc[0]);
return 1;
}
rv = NSS_NoDB_Init(NULL);
if (rv != SECSuccess) {
SECU_PrintError("Error:", "NSS_NoDB_Init");
goto cleanup;
}
if (nonnist) {
if (ectest_curve_pkcs11(SEC_OID_CURVE25519) != SECSuccess) {
printf("not okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
rv = SECFailure;
} else {
printf("okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
}
}
if (nist) {
for (i = 0; i < 3; ++i) {
if (ectest_curve_pkcs11(nistOids[i]) != SECSuccess) {
printf("not okay (OID %d) - PK11 test\n", nistOids[i]);
rv = SECFailure;
} else {
printf("okay (OID %d) - PK11 test\n", nistOids[i]);
}
}
}
cleanup:
rv |= NSS_Shutdown();
if (rv != SECSuccess) {
printf("Error: exiting with error value\n");
}
return rv;
}
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../../cmd/platlibs.gypi'
],
'targets': [
{
'target_name': 'pk11ectest',
'type': 'executable',
'sources': [
'pk11ectest.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
]
}
],
'target_defaults': {
'defines': [
'NSS_USE_STATIC_LIBS'
]
},
'variables': {
'module': 'nss',
'use_static_libs': 1
}
}
\ No newline at end of file
This diff is collapsed.
......@@ -2,7 +2,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "certt.h"
#include "ecl-exp.h"
#include <stdlib.h>
......@@ -13,6 +12,10 @@
#error This source file is for Basic ECC only .
#endif
/* copied from certt.h */
#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
#define KU_KEY_AGREEMENT (0x08) /* bit 4 */
static const ECCurveParams ecCurve_NIST_P256 = {
"NIST-P256", ECField_GFp, 256,
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
......
......@@ -143,7 +143,7 @@
'cmd/derdump/derdump.gyp:derdump',
'cmd/digest/digest.gyp:digest',
'cmd/ecperf/ecperf.gyp:ecperf',
'cmd/ectest/ectest.gyp:ectest',
'cmd/fbectest/fbectest.gyp:fbectest',
'cmd/fipstest/fipstest.gyp:fipstest',
'cmd/httpserv/httpserv.gyp:httpserv',
'cmd/listsuites/listsuites.gyp:listsuites',
......@@ -156,6 +156,7 @@
'cmd/p7env/p7env.gyp:p7env',
'cmd/p7sign/p7sign.gyp:p7sign',
'cmd/p7verify/p7verify.gyp:p7verify',
'cmd/pk11ectest/pk11ectest.gyp:pk11ectest',
'cmd/pk11gcmtest/pk11gcmtest.gyp:pk11gcmtest',
'cmd/pk11mode/pk11mode.gyp:pk11mode',
'cmd/pk1sign/pk1sign.gyp:pk1sign',
......
......@@ -29,7 +29,7 @@ ectest_init()
. ./init.sh
fi
SCRIPTNAME="ectest.sh"
html_head "ectest test"
html_head "freebl and pk11 ectest tests"
}
ectest_cleanup()
......@@ -71,12 +71,23 @@ ectest_genkeydb_test()
ectest_init
ectest_genkeydb_test
ECTEST_OUT=$(ectest -f -p -n -d 2>&1)
ECTEST_OUT=`echo $ECTEST_OUT | grep -i 'not okay\|Assertion failure'`
# TODO: expose individual tests and failures instead of overall
if [ -n "$ECTEST_OUT" ] ; then
html_failed "ec freebl and pk11 test"
else
html_passed "ec freebl and pk11 test"
if [ -f ${BINDIR}/fbectest ]; then
FB_ECTEST_OUT=$(fbectest -n -d 2>&1)
FB_ECTEST_OUT=`echo $FB_ECTEST_OUT | grep -i 'not okay\|Assertion failure'`
if [ -n "$FB_ECTEST_OUT" ] ; then
html_failed "freebl ec tests"
else
html_passed "freebl ec tests"
fi
fi
if [ -f ${BINDIR}/pk11ectest ]; then
PK11_ECTEST_OUT=$(pk11ectest -n -d 2>&1)
PK11_ECTEST_OUT=`echo $PK11_ECTEST_OUT | grep -i 'not okay\|Assertion failure'`
if [ -n "$PK11_ECTEST_OUT" ] ; then
html_failed "pk11 ec tests"
else
html_passed "pk11 ec tests"
fi
fi
ectest_cleanup
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment