Commit c2f253f4 authored by Robert Relyea's avatar Robert Relyea

This implements NIST SP800-108 Counter, Feedback, and Double Pipeline

mode KDFs suitable for use in SCP03 and other protocols. These KDFs were
introduced in PKCS#11 v3.0.

Resolves: BZ#1599603

https://phabricator.services.mozilla.com/D54821
parent 8f6ff334
This diff is collapsed.
......@@ -20,6 +20,7 @@ CPPSRCS = \
pk11_export_unittest.cc \
pk11_find_certs_unittest.cc \
pk11_import_unittest.cc \
pk11_kbkdf.cc \
pk11_keygen.cc \
pk11_key_unittest.cc \
pk11_module_unittest.cc \
......
......@@ -25,6 +25,7 @@
'pk11_encrypt_derive_unittest.cc',
'pk11_find_certs_unittest.cc',
'pk11_import_unittest.cc',
'pk11_kbkdf.cc',
'pk11_keygen.cc',
'pk11_key_unittest.cc',
'pk11_module_unittest.cc',
......
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <memory>
#include "nss.h"
#include "pk11pub.h"
#include "secerr.h"
#include "sechash.h"
#include "stdio.h"
#include "blapi.h"
#include "gtest/gtest.h"
#include "nss_scoped_ptrs.h"
#include "util.h"
namespace nss_test {
class Pkcs11KbkdfTest : public ::testing::Test {
protected:
ScopedPK11SymKey ImportKey(CK_MECHANISM_TYPE mech, SECItem *key_item) {
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
if (!slot) {
ADD_FAILURE() << "Can't get slot";
return nullptr;
}
ScopedPK11SymKey result(PK11_ImportSymKey(
slot.get(), mech, PK11_OriginUnwrap, CKA_SIGN, key_item, nullptr));
return result;
}
void RunKDF(CK_MECHANISM_TYPE kdfMech, CK_SP800_108_KDF_PARAMS_PTR kdfParams,
CK_BYTE_PTR inputKey, unsigned int inputKeyLen,
CK_BYTE_PTR expectedKey, unsigned int expectedKeyLen,
CK_BYTE_PTR expectedAdditional,
unsigned int expectedAdditionalLen) {
SECItem keyItem = {siBuffer, inputKey, inputKeyLen};
ScopedPK11SymKey p11Key = ImportKey(kdfParams->prfType, &keyItem);
ASSERT_NE(kdfParams, nullptr);
SECItem paramsItem = {siBuffer, (unsigned char *)kdfParams,
sizeof(*kdfParams)};
ScopedPK11SymKey result(PK11_Derive(p11Key.get(), kdfMech, &paramsItem,
CKM_SHA512_HMAC, CKA_SIGN,
expectedKeyLen));
ASSERT_NE(result, nullptr);
ASSERT_EQ(PK11_ExtractKeyValue(result.get()), SECSuccess);
/* We don't need to free this -- it is just a reference... */
SECItem *actualItem = PK11_GetKeyData(result.get());
ASSERT_NE(actualItem, nullptr);
SECItem expectedItem = {siBuffer, expectedKey, expectedKeyLen};
ASSERT_EQ(SECITEM_CompareItem(actualItem, &expectedItem), 0);
/* Extract the additional key. */
if (expectedAdditional == NULL || kdfParams->ulAdditionalDerivedKeys != 1) {
return;
}
ScopedPK11SlotInfo slot(PK11_GetSlotFromKey(result.get()));
CK_OBJECT_HANDLE_PTR keyHandle = kdfParams->pAdditionalDerivedKeys[0].phKey;
ScopedPK11SymKey additionalKey(
PK11_SymKeyFromHandle(slot.get(), result.get(), PK11_OriginDerive,
CKM_SHA512_HMAC, *keyHandle, PR_FALSE, NULL));
ASSERT_EQ(PK11_ExtractKeyValue(additionalKey.get()), SECSuccess);
/* We don't need to free this -- it is just a reference... */
actualItem = PK11_GetKeyData(additionalKey.get());
ASSERT_NE(actualItem, nullptr);
expectedItem = {siBuffer, expectedAdditional, expectedAdditionalLen};
ASSERT_EQ(SECITEM_CompareItem(actualItem, &expectedItem), 0);
}
};
TEST_F(Pkcs11KbkdfTest, TestAdditionalKey) {
/* Test number 11 of NIST CAVP vectors for Counter mode KDF, with counter
* after a fixed input (AES/128 CMAC). Resulting key (of size 256 bits)
* split into two 128-bit chunks since that aligns with a PRF invocation
* boundary. */
CK_BYTE inputKey[] = {0x23, 0xeb, 0x06, 0x5b, 0xe1, 0x27, 0xa8, 0x81,
0xe3, 0x5a, 0x65, 0x14, 0xd4, 0x35, 0x67, 0x9f};
CK_BYTE expectedKey[] = {0xea, 0x4e, 0xbb, 0xb4, 0xef, 0xff, 0x4b, 0x01,
0x68, 0x40, 0x12, 0xed, 0x8f, 0xf9, 0xc6, 0x4e};
CK_BYTE expectedAdditional[] = {0x70, 0xae, 0x38, 0x19, 0x7c, 0x36,
0x44, 0x5a, 0x6c, 0x80, 0x4a, 0x0e,
0x44, 0x81, 0x9a, 0xc3};
CK_SP800_108_COUNTER_FORMAT iterator = {CK_FALSE, 8};
CK_BYTE fixedData[] = {
0xe6, 0x79, 0x86, 0x1a, 0x61, 0x34, 0x65, 0xa6, 0x73, 0x85, 0x37, 0x26,
0x71, 0xb1, 0x07, 0xe6, 0xb8, 0x95, 0xa2, 0xf6, 0x40, 0x43, 0xc9, 0x34,
0xff, 0x42, 0x56, 0xa7, 0xe6, 0x3c, 0xfb, 0x8b, 0xfa, 0xcc, 0x21, 0x24,
0x25, 0x1c, 0x90, 0xfa, 0x67, 0x0d, 0x45, 0x74, 0x5c, 0x1c, 0x35, 0xda,
0x9b, 0x6e, 0x05, 0xaf, 0x77, 0xea, 0x9c, 0x4a, 0xd4, 0x86, 0xfd, 0x1a};
CK_PRF_DATA_PARAM dataParams[] = {
{CK_SP800_108_BYTE_ARRAY, fixedData,
sizeof(fixedData) / sizeof(*fixedData)},
{CK_SP800_108_ITERATION_VARIABLE, &iterator, sizeof(iterator)}};
CK_KEY_TYPE ckGeneric = CKK_GENERIC_SECRET;
CK_OBJECT_CLASS ckClass = CKO_SECRET_KEY;
CK_ULONG derivedLength = 16;
CK_ATTRIBUTE derivedTemplate[] = {
{CKA_CLASS, &ckClass, sizeof(ckClass)},
{CKA_KEY_TYPE, &ckGeneric, sizeof(ckGeneric)},
{CKA_VALUE_LEN, &derivedLength, sizeof(derivedLength)}};
CK_OBJECT_HANDLE keyHandle;
CK_DERIVED_KEY derivedKey = {
derivedTemplate, sizeof(derivedTemplate) / sizeof(*derivedTemplate),
&keyHandle};
CK_SP800_108_KDF_PARAMS kdfParams = {CKM_AES_CMAC,
sizeof(dataParams) / sizeof(*dataParams),
dataParams, 1, &derivedKey};
RunKDF(CKM_SP800_108_COUNTER_KDF, &kdfParams, inputKey,
sizeof(inputKey) / sizeof(*inputKey), expectedKey,
sizeof(expectedKey) / sizeof(*expectedKey), expectedAdditional,
sizeof(expectedAdditional) / sizeof(*expectedAdditional));
}
// Close the namespace
}
This diff is collapsed.
......@@ -36,6 +36,7 @@ CSRCS = \
fipsaudt.c \
fipstest.c \
fipstokn.c \
kbkdf.c \
lgglue.c \
lowkey.c \
lowpbe.c \
......
......@@ -496,6 +496,13 @@ static const struct mechanismList mechanisms[] = {
{ CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 32, 32, CKF_GENERATE }, PR_TRUE },
{ CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_TRUE },
{ CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN, { 64, 64, CKF_GENERATE }, PR_TRUE },
/* ------------------ NIST 800-108 Key Derivations ------------------- */
{ CKM_SP800_108_COUNTER_KDF, { 0, CK_MAX, CKF_DERIVE }, PR_TRUE },
{ CKM_SP800_108_FEEDBACK_KDF, { 0, CK_MAX, CKF_DERIVE }, PR_TRUE },
{ CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 0, CK_MAX, CKF_DERIVE }, PR_TRUE },
{ CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_DERIVE }, PR_TRUE },
{ CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_DERIVE }, PR_TRUE },
{ CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_DERIVE }, PR_TRUE },
/* ------------------ AES Key Wrap (also encrypt) ------------------- */
{ CKM_NETSCAPE_AES_KEY_WRAP, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
{ CKM_NETSCAPE_AES_KEY_WRAP_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
......
......@@ -6644,6 +6644,11 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession,
extractValue = PR_FALSE;
classType = CKO_PUBLIC_KEY;
break;
case CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA: /* fall through */
case CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA: /* fall through */
case CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA:
classType = CKO_DATA;
break;
case CKM_NSS_JPAKE_FINAL_SHA1: /* fall through */
case CKM_NSS_JPAKE_FINAL_SHA256: /* fall through */
case CKM_NSS_JPAKE_FINAL_SHA384: /* fall through */
......@@ -8148,6 +8153,19 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession,
sourceKey, key);
break;
case CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA: /* fall through */
case CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA: /* fall through */
case CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA: /* fall through */
case CKM_SP800_108_COUNTER_KDF: /* fall through */
case CKM_SP800_108_FEEDBACK_KDF: /* fall through */
case CKM_SP800_108_DOUBLE_PIPELINE_KDF:
crv = sftk_DeriveSensitiveCheck(sourceKey, key);
if (crv != CKR_OK) {
break;
}
crv = kbkdf_Dispatch(mechanism, hSession, pMechanism, sourceKey, key, keySize);
break;
default:
crv = CKR_MECHANISM_INVALID;
}
......
......@@ -781,6 +781,8 @@ extern CK_RV sftk_PutPubKey(SFTKObject *publicKey, SFTKObject *privKey, CK_KEY_T
extern void sftk_FormatDESKey(unsigned char *key, int length);
extern PRBool sftk_CheckDESKey(unsigned char *key);
extern PRBool sftk_IsWeakKey(unsigned char *key, CK_KEY_TYPE key_type);
extern void sftk_EncodeInteger(PRUint64 integer, CK_ULONG num_bits, CK_BBOOL littleEndian,
CK_BYTE_PTR output, CK_ULONG_PTR output_len);
/* ike and xcbc helpers */
extern CK_RV sftk_ike_prf(CK_SESSION_HANDLE hSession,
......@@ -870,6 +872,7 @@ sftk_TLSPRFInit(SFTKSessionContext *context,
/* PKCS#11 MAC implementation. See sftk_MACCtxStr declaration above for
* calling semantics for these functions. */
HASH_HashType sftk_HMACMechanismToHash(CK_MECHANISM_TYPE mech);
CK_RV sftk_MAC_Create(CK_MECHANISM_TYPE mech, SFTKObject *key, sftk_MACCtx **ret_ctx);
CK_RV sftk_MAC_Init(sftk_MACCtx *ctx, CK_MECHANISM_TYPE mech, SFTKObject *key);
CK_RV sftk_MAC_InitRaw(sftk_MACCtx *ctx, CK_MECHANISM_TYPE mech, const unsigned char *key, unsigned int key_len, PRBool isFIPS);
......@@ -882,6 +885,10 @@ void sftk_MAC_Destroy(sftk_MACCtx *ctx, PRBool free_it);
unsigned int sftk_CKRVToMask(CK_RV rv);
CK_RV sftk_CheckCBCPadding(CK_BYTE_PTR pBuf, unsigned int bufLen,
unsigned int blockSize, unsigned int *outPadSize);
/* NIST 800-108 (kbkdf.c) implementations */
extern CK_RV kbkdf_Dispatch(CK_MECHANISM_TYPE mech, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, SFTKObject *base_key, SFTKObject *ret_key, CK_ULONG keySize);
SEC_END_PROTOS
#endif /* _PKCS11I_H_ */
......@@ -2061,3 +2061,25 @@ sftk_CheckCBCPadding(CK_BYTE_PTR pBuf, unsigned int bufLen,
/* Return OK if the pad is valid */
return CT_SEL(goodPad, CKR_OK, CKR_ENCRYPTED_DATA_INVALID);
}
void
sftk_EncodeInteger(PRUint64 integer, CK_ULONG num_bits, CK_BBOOL littleEndian,
CK_BYTE_PTR output, CK_ULONG_PTR output_len)
{
if (output_len) {
*output_len = (num_bits / 8);
}
PR_ASSERT(num_bits > 0 && num_bits <= 64 && (num_bits % 8) == 0);
if (littleEndian == CK_TRUE) {
for (size_t offset = 0; offset < num_bits / 8; offset++) {
output[offset] = (unsigned char)((integer >> (offset * 8)) & 0xFF);
}
} else {
for (size_t offset = 0; offset < num_bits / 8; offset++) {
PRUint64 shift = num_bits - (offset + 1) * 8;
output[offset] = (unsigned char)((integer >> shift) & 0xFF);
}
}
}
......@@ -9,10 +9,10 @@
#include "softoken.h"
#include "hmacct.h"
/* HMACMechanismToHash converts a PKCS#11 MAC mechanism into a freebl hash
/* sftk_HMACMechanismToHash converts a PKCS#11 MAC mechanism into a freebl hash
* type. */
static HASH_HashType
HMACMechanismToHash(CK_MECHANISM_TYPE mech)
HASH_HashType
sftk_HMACMechanismToHash(CK_MECHANISM_TYPE mech)
{
switch (mech) {
case CKM_MD2_HMAC:
......@@ -50,7 +50,7 @@ SetupMAC(CK_MECHANISM_PTR mech, SFTKObject *key)
return NULL;
}
alg = HMACMechanismToHash(params->macAlg);
alg = sftk_HMACMechanismToHash(params->macAlg);
if (alg == HASH_AlgNULL) {
return NULL;
}
......@@ -261,7 +261,7 @@ sftk_MAC_InitRaw(sftk_MACCtx *ctx, CK_MECHANISM_TYPE mech, const unsigned char *
case CKM_SHA256_HMAC:
case CKM_SHA384_HMAC:
case CKM_SHA512_HMAC:
hashObj = HASH_GetRawHashObject(HMACMechanismToHash(mech));
hashObj = HASH_GetRawHashObject(sftk_HMACMechanismToHash(mech));
/* Because we condition above only on hashes we know to be valid,
* hashObj should never be NULL. This assert is only useful when
......
......@@ -48,6 +48,7 @@
'fipstest.c',
'fipstokn.c',
'jpakesftk.c',
'kbkdf.c',
'lgglue.c',
'lowkey.c',
'lowpbe.c',
......
......@@ -243,6 +243,11 @@
#define CKM_NSS_PUB_FROM_PRIV (CKM_NSS + 40)
/* SP800-108 NSS mechanism with support for data object derivation */
#define CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA (CKM_NSS + 42)
#define CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA (CKM_NSS + 43)
#define CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA (CKM_NSS + 44)
/*
* HISTORICAL:
* Do not attempt to use these. They are only used by NETSCAPE's internal
......
......@@ -940,6 +940,11 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
/* CKM_SP800_108_xxx_KDF are new for v3.0 */
#define CKM_SP800_108_COUNTER_KDF 0x000003acUL
#define CKM_SP800_108_FEEDBACK_KDF 0x000003adUL
#define CKM_SP800_108_DOUBLE_PIPELINE_KDF 0x000003aeUL
#define CKM_VENDOR_DEFINED 0x80000000
typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
......@@ -1724,6 +1729,94 @@ typedef struct CK_WTLS_KEY_MAT_PARAMS {
typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
/* The following types for NIST 800-108 KBKDF are defined in PKCS#11 v3.0 */
typedef CK_MECHANISM_TYPE CK_SP800_108_PRF_TYPE;
typedef CK_ULONG CK_PRF_DATA_TYPE;
#define CK_SP800_108_ITERATION_VARIABLE 0x00000001UL
#define CK_SP800_108_OPTIONAL_COUNTER 0x00000002UL
#define CK_SP800_108_DKM_LENGTH 0x00000003UL
#define CK_SP800_108_BYTE_ARRAY 0x00000004UL
/* ERRATA: PKCS#11 v3.0 Cryptographic Token Interface Current Mechanisms
* specification specifies a CK_SP800_108_COUNTER, while the pkcs11t.h from
* PKCS#11 v3.0 Cryptographic Token Interface Base Specification specifies
* CK_SP800_108_OPTIONAL_COUNTER. */
#define CK_SP800_108_COUNTER CK_SP800_108_OPTIONAL_COUNTER
typedef struct CK_PRF_DATA_PARAM {
CK_PRF_DATA_TYPE type;
CK_VOID_PTR pValue;
CK_ULONG ulValueLen;
} CK_PRF_DATA_PARAM;
typedef CK_PRF_DATA_PARAM CK_PTR CK_PRF_DATA_PARAM_PTR;
typedef struct CK_SP800_108_COUNTER_FORMAT {
CK_BBOOL bLittleEndian;
CK_ULONG ulWidthInBits;
} CK_SP800_108_COUNTER_FORMAT;
typedef CK_SP800_108_COUNTER_FORMAT CK_PTR CK_SP800_108_COUNTER_FORMAT_PTR;
typedef CK_ULONG CK_SP800_108_DKM_LENGTH_METHOD;
/* ERRATA: PKCS#11 v3.0 Cryptographic Token Interface Current Mechanisms
* defines that these constants exist, but doesn't specify values. pkcs11t.h
* from PKCS#11 v3.0 Cryptographic Token Interface Base Specification doesn't
* define these constants either. */
#define CK_SP800_108_DKM_LENGTH_SUM_OF_KEYS 0x00000001UL
#define CK_SP800_108_DKM_LENGTH_SUM_OF_SEGMENTS 0x00000002UL
typedef struct CK_SP800_108_DKM_LENGTH_FORMAT {
CK_SP800_108_DKM_LENGTH_METHOD dkmLengthMethod;
CK_BBOOL bLittleEndian;
CK_ULONG ulWidthInBits;
} CK_SP800_108_DKM_LENGTH_FORMAT;
typedef CK_SP800_108_DKM_LENGTH_FORMAT CK_PTR CK_SP800_108_DKM_LENGTH_FORMAT_PTR;
typedef struct CK_DERIVED_KEY {
CK_ATTRIBUTE_PTR pTemplate;
CK_ULONG ulAttributeCount;
CK_OBJECT_HANDLE_PTR phKey;
} CK_DERIVED_KEY;
typedef CK_DERIVED_KEY CK_PTR CK_DERIVED_KEY_PTR;
/* UNFIXED ERRATA: NIST SP800-108 specifies that implementer can decide the
* number of bits to take from each PRF invocation. However, all three forms
* of the PKCS#11 v3.0 implementation lack a bitwidth for the PRF and only
* allow the full-width mechanism varieties. Additionally, outside of the
* base key (used as the key to the PRF), there is no way to pass any
* additional, PRF-mechanism specific data. */
typedef struct CK_SP800_108_KDF_PARAMS {
CK_SP800_108_PRF_TYPE prfType;
CK_ULONG ulNumberOfDataParams;
CK_PRF_DATA_PARAM_PTR pDataParams;
CK_ULONG ulAdditionalDerivedKeys;
/* ERRATA: in PKCS#11 v3.0, pAdditionalDerivedKeys is typed as
* CK_DERVIED_KEY; it needs to be of type CK_DERIVED_KEY_PTR. */
CK_DERIVED_KEY_PTR pAdditionalDerivedKeys;
} CK_SP800_108_KDF_PARAMS;
typedef CK_SP800_108_KDF_PARAMS CK_PTR CK_SP800_108_KDF_PARAMS_PTR;
typedef struct CK_SP800_108_FEEDBACK_KDF_PARAMS {
CK_SP800_108_PRF_TYPE prfType;
CK_ULONG ulNumberOfDataParams;
CK_PRF_DATA_PARAM_PTR pDataParams;
CK_ULONG ulIVLen;
CK_BYTE_PTR pIV;
CK_ULONG ulAdditionalDerivedKeys;
/* ERRATA: in PKCS#11 v3.0, pAdditionalDerivedKeys is typed as
* CK_DERVIED_KEY; it needs to be of type CK_DERIVED_KEY_PTR. */
CK_DERIVED_KEY_PTR pAdditionalDerivedKeys;
} CK_SP800_108_FEEDBACK_KDF_PARAMS;
typedef CK_SP800_108_FEEDBACK_KDF_PARAMS CK_PTR CK_SP800_108_FEEDBACK_KDF_PARAMS_PTR;
/* CMS is new for version 2.20 */
typedef struct CK_CMS_SIG_PARAMS {
CK_OBJECT_HANDLE certificateHandle;
......
This diff is collapsed.
This diff is collapsed.
Vectors taken from:
https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Key-Derivation
Modified to remove CMAC TDES2/TDES3 test vectors.
This diff is collapsed.
This diff is collapsed.
Vectors taken from:
https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Key-Derivation
Modified to remove CMAC TDES2/TDES3 test vectors.
......@@ -2,7 +2,7 @@ These scripts are used to run fipstest on a directory of CAVS vectors.
individual cipher scripts:
aesgcm.sh aes.sh dsa.sh ecdsa.sh hmac.sh ike.sh kas.sh
rng.sh rsa.sh sha.sh tdea.sh tls.sh
kbkdf.sh rng.sh rsa.sh sha.sh tdea.sh tls.sh
Each individual cipher script handles all the tests in a particular directory.
The scripts have 2 modes:
......
#!/bin/sh
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# A Bourne shell script for running the NIST SHA Algorithm Validation Suite
#
# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
# variables appropriately so that the fipstest command and the NSPR and NSS
# shared libraries/DLLs are on the search path. Then run this script in the
# directory where the REQUEST (.req) files reside. The script generates the
# RESPONSE (.rsp) files in the same directory.
BASEDIR=${1-.}
TESTDIR=${BASEDIR}/KBKDF
COMMAND=${2-run}
REQDIR=${TESTDIR}/req
RSPDIR=${TESTDIR}/resp
all_requests="
KBKDFCounter.req
"
if [ ${COMMAND} = "verify" ]; then
result=0
for request in $all_requests; do
sh ./validate1.sh ${TESTDIR} $request
last_result=$?
result=`expr $result + $last_result`
done
exit $result
fi
test -d "${RSPDIR}" || mkdir "${RSPDIR}"
for request in $all_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest kbkdf ${REQDIR}/$request > ${RSPDIR}/$response
done
exit 0
......@@ -6,7 +6,7 @@
#
TESTDIR=${1-.}
COMMAND=${2-run}
DEFAULT_TESTS="aes aesgcm dsa ecdsa hmac kas tls ike rng rsa sha tdea"
DEFAULT_TESTS="aes aesgcm dsa ecdsa hmac kas kbkdf tls ike rng rsa sha tdea"
shift;
shift;
TESTS=${@-$DEFAULT_TESTS}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment