2
* PKCS #11 FIPS Power-Up Self Test.
4
* ***** BEGIN LICENSE BLOCK *****
5
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
7
* The contents of this file are subject to the Mozilla Public License Version
8
* 1.1 (the "License"); you may not use this file except in compliance with
9
* the License. You may obtain a copy of the License at
10
* http://www.mozilla.org/MPL/
12
* Software distributed under the License is distributed on an "AS IS" basis,
13
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14
* for the specific language governing rights and limitations under the
17
* The Original Code is the Netscape security libraries.
19
* The Initial Developer of the Original Code is
20
* Netscape Communications Corporation.
21
* Portions created by the Initial Developer are Copyright (C) 1994-2000
22
* the Initial Developer. All Rights Reserved.
26
* Alternatively, the contents of this file may be used under the terms of
27
* either the GNU General Public License Version 2 or later (the "GPL"), or
28
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
29
* in which case the provisions of the GPL or the LGPL are applicable instead
30
* of those above. If you wish to allow use of your version of this file only
31
* under the terms of either the GPL or the LGPL, and not to allow others to
32
* use your version of this file under the terms of the MPL, indicate your
33
* decision by deleting the provisions above and replace them with the notice
34
* and other provisions required by the GPL or the LGPL. If you do not delete
35
* the provisions above, a recipient may use your version of this file under
36
* the terms of any one of the MPL, the GPL or the LGPL.
38
* ***** END LICENSE BLOCK ***** */
39
/* $Id: fipstest.c,v 1.13.2.10 2006/10/02 23:03:49 wtchang%redhat.com Exp $ */
41
#include "softoken.h" /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB, */
42
/* DES-CBC, DES3-ECB, DES3-CBC, RSA */
44
#include "seccomon.h" /* Required for RSA and DSA. */
45
#include "lowkeyi.h" /* Required for RSA and DSA. */
46
#include "pkcs11.h" /* Required for PKCS #11. */
50
#include "secdert.h" /* Required for ECDSA */
51
#include "ec.h" /* Required for ECDSA */
53
EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams);
55
EC_CopyParams(PRArenaPool *arena, ECParams *dstParams,
56
const ECParams *srcParams);
60
/* FIPS preprocessor directives for RC2-ECB and RC2-CBC. */
61
#define FIPS_RC2_KEY_LENGTH 5 /* 40-bits */
62
#define FIPS_RC2_ENCRYPT_LENGTH 8 /* 64-bits */
63
#define FIPS_RC2_DECRYPT_LENGTH 8 /* 64-bits */
66
/* FIPS preprocessor directives for RC4. */
67
#define FIPS_RC4_KEY_LENGTH 5 /* 40-bits */
68
#define FIPS_RC4_ENCRYPT_LENGTH 8 /* 64-bits */
69
#define FIPS_RC4_DECRYPT_LENGTH 8 /* 64-bits */
72
/* FIPS preprocessor directives for DES-ECB and DES-CBC. */
73
#define FIPS_DES_ENCRYPT_LENGTH 8 /* 64-bits */
74
#define FIPS_DES_DECRYPT_LENGTH 8 /* 64-bits */
77
/* FIPS preprocessor directives for DES3-CBC and DES3-ECB. */
78
#define FIPS_DES3_ENCRYPT_LENGTH 8 /* 64-bits */
79
#define FIPS_DES3_DECRYPT_LENGTH 8 /* 64-bits */
82
/* FIPS preprocessor directives for AES-ECB and AES-CBC. */
83
#define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */
84
#define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */
85
#define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */
86
#define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */
87
#define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */
88
#define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */
91
/* FIPS preprocessor directives for message digests */
92
#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
95
/* FIPS preprocessor directives for RSA. */
96
#define FIPS_RSA_TYPE siBuffer
97
#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */
98
#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */
99
#define FIPS_RSA_MESSAGE_LENGTH 128 /* 1024-bits */
100
#define FIPS_RSA_COEFFICIENT_LENGTH 64 /* 512-bits */
101
#define FIPS_RSA_PRIME0_LENGTH 64 /* 512-bits */
102
#define FIPS_RSA_PRIME1_LENGTH 64 /* 512-bits */
103
#define FIPS_RSA_EXPONENT0_LENGTH 64 /* 512-bits */
104
#define FIPS_RSA_EXPONENT1_LENGTH 64 /* 512-bits */
105
#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 128 /* 1024-bits */
106
#define FIPS_RSA_ENCRYPT_LENGTH 128 /* 1024-bits */
107
#define FIPS_RSA_DECRYPT_LENGTH 128 /* 1024-bits */
108
#define FIPS_RSA_SIGNATURE_LENGTH 128 /* 1024-bits */
109
#define FIPS_RSA_MODULUS_LENGTH 128 /* 1024-bits */
112
/* FIPS preprocessor directives for DSA. */
113
#define FIPS_DSA_TYPE siBuffer
114
#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */
115
#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */
116
#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */
117
#define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */
118
#define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */
120
/* FIPS preprocessor directives for RNG. */
121
#define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */
124
sftk_fips_RC2_PowerUpSelfTest( void )
126
/* RC2 Known Key (40-bits). */
127
static const PRUint8 rc2_known_key[] = { "RSARC" };
129
/* RC2-CBC Known Initialization Vector (64-bits). */
130
static const PRUint8 rc2_cbc_known_initialization_vector[] = {"Security"};
132
/* RC2 Known Plaintext (64-bits). */
133
static const PRUint8 rc2_ecb_known_plaintext[] = {"Netscape"};
134
static const PRUint8 rc2_cbc_known_plaintext[] = {"Netscape"};
136
/* RC2 Known Ciphertext (64-bits). */
137
static const PRUint8 rc2_ecb_known_ciphertext[] = {
138
0x1a,0x71,0x33,0x54,0x8d,0x5c,0xd2,0x30};
139
static const PRUint8 rc2_cbc_known_ciphertext[] = {
140
0xff,0x41,0xdb,0x94,0x8a,0x4c,0x33,0xb3};
143
PRUint8 rc2_computed_ciphertext[FIPS_RC2_ENCRYPT_LENGTH];
144
PRUint8 rc2_computed_plaintext[FIPS_RC2_DECRYPT_LENGTH];
145
RC2Context * rc2_context;
146
unsigned int rc2_bytes_encrypted;
147
unsigned int rc2_bytes_decrypted;
148
SECStatus rc2_status;
151
/******************************************************/
152
/* RC2-ECB Single-Round Known Answer Encryption Test: */
153
/******************************************************/
155
rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
157
FIPS_RC2_KEY_LENGTH );
159
if( rc2_context == NULL )
160
return( CKR_HOST_MEMORY );
162
rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
163
&rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
164
rc2_ecb_known_plaintext,
165
FIPS_RC2_DECRYPT_LENGTH );
167
RC2_DestroyContext( rc2_context, PR_TRUE );
169
if( ( rc2_status != SECSuccess ) ||
170
( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
171
( PORT_Memcmp( rc2_computed_ciphertext, rc2_ecb_known_ciphertext,
172
FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
173
return( CKR_DEVICE_ERROR );
176
/******************************************************/
177
/* RC2-ECB Single-Round Known Answer Decryption Test: */
178
/******************************************************/
180
rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
182
FIPS_RC2_KEY_LENGTH );
184
if( rc2_context == NULL )
185
return( CKR_HOST_MEMORY );
187
rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
188
&rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
189
rc2_ecb_known_ciphertext,
190
FIPS_RC2_ENCRYPT_LENGTH );
192
RC2_DestroyContext( rc2_context, PR_TRUE );
194
if( ( rc2_status != SECSuccess ) ||
195
( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
196
( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
197
FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
198
return( CKR_DEVICE_ERROR );
201
/******************************************************/
202
/* RC2-CBC Single-Round Known Answer Encryption Test: */
203
/******************************************************/
205
rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
206
rc2_cbc_known_initialization_vector,
207
NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
209
if( rc2_context == NULL )
210
return( CKR_HOST_MEMORY );
212
rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
213
&rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
214
rc2_cbc_known_plaintext,
215
FIPS_RC2_DECRYPT_LENGTH );
217
RC2_DestroyContext( rc2_context, PR_TRUE );
219
if( ( rc2_status != SECSuccess ) ||
220
( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
221
( PORT_Memcmp( rc2_computed_ciphertext, rc2_cbc_known_ciphertext,
222
FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
223
return( CKR_DEVICE_ERROR );
226
/******************************************************/
227
/* RC2-CBC Single-Round Known Answer Decryption Test: */
228
/******************************************************/
230
rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
231
rc2_cbc_known_initialization_vector,
232
NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
234
if( rc2_context == NULL )
235
return( CKR_HOST_MEMORY );
237
rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
238
&rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
239
rc2_cbc_known_ciphertext,
240
FIPS_RC2_ENCRYPT_LENGTH );
242
RC2_DestroyContext( rc2_context, PR_TRUE );
244
if( ( rc2_status != SECSuccess ) ||
245
( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
246
( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
247
FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
248
return( CKR_DEVICE_ERROR );
255
sftk_fips_RC4_PowerUpSelfTest( void )
257
/* RC4 Known Key (40-bits). */
258
static const PRUint8 rc4_known_key[] = { "RSARC" };
260
/* RC4 Known Plaintext (64-bits). */
261
static const PRUint8 rc4_known_plaintext[] = { "Netscape" };
263
/* RC4 Known Ciphertext (64-bits). */
264
static const PRUint8 rc4_known_ciphertext[] = {
265
0x29,0x33,0xc7,0x9a,0x9d,0x6c,0x09,0xdd};
268
PRUint8 rc4_computed_ciphertext[FIPS_RC4_ENCRYPT_LENGTH];
269
PRUint8 rc4_computed_plaintext[FIPS_RC4_DECRYPT_LENGTH];
270
RC4Context * rc4_context;
271
unsigned int rc4_bytes_encrypted;
272
unsigned int rc4_bytes_decrypted;
273
SECStatus rc4_status;
276
/**************************************************/
277
/* RC4 Single-Round Known Answer Encryption Test: */
278
/**************************************************/
280
rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
282
if( rc4_context == NULL )
283
return( CKR_HOST_MEMORY );
285
rc4_status = RC4_Encrypt( rc4_context, rc4_computed_ciphertext,
286
&rc4_bytes_encrypted, FIPS_RC4_ENCRYPT_LENGTH,
287
rc4_known_plaintext, FIPS_RC4_DECRYPT_LENGTH );
289
RC4_DestroyContext( rc4_context, PR_TRUE );
291
if( ( rc4_status != SECSuccess ) ||
292
( rc4_bytes_encrypted != FIPS_RC4_ENCRYPT_LENGTH ) ||
293
( PORT_Memcmp( rc4_computed_ciphertext, rc4_known_ciphertext,
294
FIPS_RC4_ENCRYPT_LENGTH ) != 0 ) )
295
return( CKR_DEVICE_ERROR );
298
/**************************************************/
299
/* RC4 Single-Round Known Answer Decryption Test: */
300
/**************************************************/
302
rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
304
if( rc4_context == NULL )
305
return( CKR_HOST_MEMORY );
307
rc4_status = RC4_Decrypt( rc4_context, rc4_computed_plaintext,
308
&rc4_bytes_decrypted, FIPS_RC4_DECRYPT_LENGTH,
309
rc4_known_ciphertext, FIPS_RC4_ENCRYPT_LENGTH );
311
RC4_DestroyContext( rc4_context, PR_TRUE );
313
if( ( rc4_status != SECSuccess ) ||
314
( rc4_bytes_decrypted != FIPS_RC4_DECRYPT_LENGTH ) ||
315
( PORT_Memcmp( rc4_computed_plaintext, rc4_known_plaintext,
316
FIPS_RC4_DECRYPT_LENGTH ) != 0 ) )
317
return( CKR_DEVICE_ERROR );
324
sftk_fips_DES_PowerUpSelfTest( void )
326
/* DES Known Key (56-bits). */
327
static const PRUint8 des_known_key[] = { "ANSI DES" };
329
/* DES-CBC Known Initialization Vector (64-bits). */
330
static const PRUint8 des_cbc_known_initialization_vector[] = { "Security" };
332
/* DES Known Plaintext (64-bits). */
333
static const PRUint8 des_ecb_known_plaintext[] = { "Netscape" };
334
static const PRUint8 des_cbc_known_plaintext[] = { "Netscape" };
336
/* DES Known Ciphertext (64-bits). */
337
static const PRUint8 des_ecb_known_ciphertext[] = {
338
0x26,0x14,0xe9,0xc3,0x28,0x80,0x50,0xb0};
339
static const PRUint8 des_cbc_known_ciphertext[] = {
340
0x5e,0x95,0x94,0x5d,0x76,0xa2,0xd3,0x7d};
343
PRUint8 des_computed_ciphertext[FIPS_DES_ENCRYPT_LENGTH];
344
PRUint8 des_computed_plaintext[FIPS_DES_DECRYPT_LENGTH];
345
DESContext * des_context;
346
unsigned int des_bytes_encrypted;
347
unsigned int des_bytes_decrypted;
348
SECStatus des_status;
351
/******************************************************/
352
/* DES-ECB Single-Round Known Answer Encryption Test: */
353
/******************************************************/
355
des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_TRUE );
357
if( des_context == NULL )
358
return( CKR_HOST_MEMORY );
360
des_status = DES_Encrypt( des_context, des_computed_ciphertext,
361
&des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
362
des_ecb_known_plaintext,
363
FIPS_DES_DECRYPT_LENGTH );
365
DES_DestroyContext( des_context, PR_TRUE );
367
if( ( des_status != SECSuccess ) ||
368
( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
369
( PORT_Memcmp( des_computed_ciphertext, des_ecb_known_ciphertext,
370
FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
371
return( CKR_DEVICE_ERROR );
374
/******************************************************/
375
/* DES-ECB Single-Round Known Answer Decryption Test: */
376
/******************************************************/
378
des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_FALSE );
380
if( des_context == NULL )
381
return( CKR_HOST_MEMORY );
383
des_status = DES_Decrypt( des_context, des_computed_plaintext,
384
&des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
385
des_ecb_known_ciphertext,
386
FIPS_DES_ENCRYPT_LENGTH );
388
DES_DestroyContext( des_context, PR_TRUE );
390
if( ( des_status != SECSuccess ) ||
391
( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
392
( PORT_Memcmp( des_computed_plaintext, des_ecb_known_plaintext,
393
FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
394
return( CKR_DEVICE_ERROR );
397
/******************************************************/
398
/* DES-CBC Single-Round Known Answer Encryption Test. */
399
/******************************************************/
401
des_context = DES_CreateContext( des_known_key,
402
des_cbc_known_initialization_vector,
403
NSS_DES_CBC, PR_TRUE );
405
if( des_context == NULL )
406
return( CKR_HOST_MEMORY );
408
des_status = DES_Encrypt( des_context, des_computed_ciphertext,
409
&des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
410
des_cbc_known_plaintext,
411
FIPS_DES_DECRYPT_LENGTH );
413
DES_DestroyContext( des_context, PR_TRUE );
415
if( ( des_status != SECSuccess ) ||
416
( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
417
( PORT_Memcmp( des_computed_ciphertext, des_cbc_known_ciphertext,
418
FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
419
return( CKR_DEVICE_ERROR );
422
/******************************************************/
423
/* DES-CBC Single-Round Known Answer Decryption Test. */
424
/******************************************************/
426
des_context = DES_CreateContext( des_known_key,
427
des_cbc_known_initialization_vector,
428
NSS_DES_CBC, PR_FALSE );
430
if( des_context == NULL )
431
return( CKR_HOST_MEMORY );
433
des_status = DES_Decrypt( des_context, des_computed_plaintext,
434
&des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
435
des_cbc_known_ciphertext,
436
FIPS_DES_ENCRYPT_LENGTH );
438
DES_DestroyContext( des_context, PR_TRUE );
440
if( ( des_status != SECSuccess ) ||
441
( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
442
( PORT_Memcmp( des_computed_plaintext, des_cbc_known_plaintext,
443
FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
444
return( CKR_DEVICE_ERROR );
451
sftk_fips_DES3_PowerUpSelfTest( void )
453
/* DES3 Known Key (56-bits). */
454
static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
456
/* DES3-CBC Known Initialization Vector (64-bits). */
457
static const PRUint8 des3_cbc_known_initialization_vector[] = { "Security" };
459
/* DES3 Known Plaintext (64-bits). */
460
static const PRUint8 des3_ecb_known_plaintext[] = { "Netscape" };
461
static const PRUint8 des3_cbc_known_plaintext[] = { "Netscape" };
463
/* DES3 Known Ciphertext (64-bits). */
464
static const PRUint8 des3_ecb_known_ciphertext[] = {
465
0x55,0x8e,0xad,0x3c,0xee,0x49,0x69,0xbe};
466
static const PRUint8 des3_cbc_known_ciphertext[] = {
467
0x43,0xdc,0x6a,0xc1,0xaf,0xa6,0x32,0xf5};
469
/* DES3 variables. */
470
PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
471
PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
472
DESContext * des3_context;
473
unsigned int des3_bytes_encrypted;
474
unsigned int des3_bytes_decrypted;
475
SECStatus des3_status;
478
/*******************************************************/
479
/* DES3-ECB Single-Round Known Answer Encryption Test. */
480
/*******************************************************/
482
des3_context = DES_CreateContext( des3_known_key, NULL,
483
NSS_DES_EDE3, PR_TRUE );
485
if( des3_context == NULL )
486
return( CKR_HOST_MEMORY );
488
des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
489
&des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
490
des3_ecb_known_plaintext,
491
FIPS_DES3_DECRYPT_LENGTH );
493
DES_DestroyContext( des3_context, PR_TRUE );
495
if( ( des3_status != SECSuccess ) ||
496
( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
497
( PORT_Memcmp( des3_computed_ciphertext, des3_ecb_known_ciphertext,
498
FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
499
return( CKR_DEVICE_ERROR );
502
/*******************************************************/
503
/* DES3-ECB Single-Round Known Answer Decryption Test. */
504
/*******************************************************/
506
des3_context = DES_CreateContext( des3_known_key, NULL,
507
NSS_DES_EDE3, PR_FALSE );
509
if( des3_context == NULL )
510
return( CKR_HOST_MEMORY );
512
des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
513
&des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
514
des3_ecb_known_ciphertext,
515
FIPS_DES3_ENCRYPT_LENGTH );
517
DES_DestroyContext( des3_context, PR_TRUE );
519
if( ( des3_status != SECSuccess ) ||
520
( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
521
( PORT_Memcmp( des3_computed_plaintext, des3_ecb_known_plaintext,
522
FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
523
return( CKR_DEVICE_ERROR );
526
/*******************************************************/
527
/* DES3-CBC Single-Round Known Answer Encryption Test. */
528
/*******************************************************/
530
des3_context = DES_CreateContext( des3_known_key,
531
des3_cbc_known_initialization_vector,
532
NSS_DES_EDE3_CBC, PR_TRUE );
534
if( des3_context == NULL )
535
return( CKR_HOST_MEMORY );
537
des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
538
&des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
539
des3_cbc_known_plaintext,
540
FIPS_DES3_DECRYPT_LENGTH );
542
DES_DestroyContext( des3_context, PR_TRUE );
544
if( ( des3_status != SECSuccess ) ||
545
( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
546
( PORT_Memcmp( des3_computed_ciphertext, des3_cbc_known_ciphertext,
547
FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
548
return( CKR_DEVICE_ERROR );
551
/*******************************************************/
552
/* DES3-CBC Single-Round Known Answer Decryption Test. */
553
/*******************************************************/
555
des3_context = DES_CreateContext( des3_known_key,
556
des3_cbc_known_initialization_vector,
557
NSS_DES_EDE3_CBC, PR_FALSE );
559
if( des3_context == NULL )
560
return( CKR_HOST_MEMORY );
562
des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
563
&des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
564
des3_cbc_known_ciphertext,
565
FIPS_DES3_ENCRYPT_LENGTH );
567
DES_DestroyContext( des3_context, PR_TRUE );
569
if( ( des3_status != SECSuccess ) ||
570
( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
571
( PORT_Memcmp( des3_computed_plaintext, des3_cbc_known_plaintext,
572
FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
573
return( CKR_DEVICE_ERROR );
579
/* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/
581
sftk_fips_AES_PowerUpSelfTest( int aes_key_size )
583
/* AES Known Key (up to 256-bits). */
584
static const PRUint8 aes_known_key[] =
585
{ "AES-128 RIJNDAELLEADNJIR 821-SEA" };
587
/* AES-CBC Known Initialization Vector (128-bits). */
588
static const PRUint8 aes_cbc_known_initialization_vector[] =
589
{ "SecurityytiruceS" };
591
/* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
592
static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" };
594
/* AES Known Ciphertext (128-bit key). */
595
static const PRUint8 aes_ecb128_known_ciphertext[] = {
596
0x3c,0xa5,0x96,0xf3,0x34,0x6a,0x96,0xc1,
597
0x03,0x88,0x16,0x7b,0x20,0xbf,0x35,0x47 };
599
static const PRUint8 aes_cbc128_known_ciphertext[] = {
600
0xcf,0x15,0x1d,0x4f,0x96,0xe4,0x4f,0x63,
601
0x15,0x54,0x14,0x1d,0x4e,0xd8,0xd5,0xea };
603
/* AES Known Ciphertext (192-bit key). */
604
static const PRUint8 aes_ecb192_known_ciphertext[] = {
605
0xa0,0x18,0x62,0xed,0x88,0x19,0xcb,0x62,
606
0x88,0x1d,0x4d,0xfe,0x84,0x02,0x89,0x0e };
608
static const PRUint8 aes_cbc192_known_ciphertext[] = {
609
0x83,0xf7,0xa4,0x76,0xd1,0x6f,0x07,0xbe,
610
0x07,0xbc,0x43,0x2f,0x6d,0xad,0x29,0xe1 };
612
/* AES Known Ciphertext (256-bit key). */
613
static const PRUint8 aes_ecb256_known_ciphertext[] = {
614
0xdb,0xa6,0x52,0x01,0x8a,0x70,0xae,0x66,
615
0x3a,0x99,0xd8,0x95,0x7f,0xfb,0x01,0x67 };
617
static const PRUint8 aes_cbc256_known_ciphertext[] = {
618
0x37,0xea,0x07,0x06,0x31,0x1c,0x59,0x27,
619
0xc5,0xc5,0x68,0x71,0x6e,0x34,0x40,0x16 };
621
const PRUint8 *aes_ecb_known_ciphertext =
622
( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext :
623
( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext :
624
aes_ecb256_known_ciphertext;
626
const PRUint8 *aes_cbc_known_ciphertext =
627
( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext :
628
( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext :
629
aes_cbc256_known_ciphertext;
632
PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH];
633
PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH];
634
AESContext * aes_context;
635
unsigned int aes_bytes_encrypted;
636
unsigned int aes_bytes_decrypted;
637
SECStatus aes_status;
639
/*check if aes_key_size is 128, 192, or 256 bits */
640
if ((aes_key_size != FIPS_AES_128_KEY_SIZE) &&
641
(aes_key_size != FIPS_AES_192_KEY_SIZE) &&
642
(aes_key_size != FIPS_AES_256_KEY_SIZE))
643
return( CKR_DEVICE_ERROR );
645
/******************************************************/
646
/* AES-ECB Single-Round Known Answer Encryption Test: */
647
/******************************************************/
649
aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_TRUE,
650
aes_key_size, FIPS_AES_BLOCK_SIZE );
652
if( aes_context == NULL )
653
return( CKR_HOST_MEMORY );
655
aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
656
&aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
658
FIPS_AES_DECRYPT_LENGTH );
660
AES_DestroyContext( aes_context, PR_TRUE );
662
if( ( aes_status != SECSuccess ) ||
663
( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
664
( PORT_Memcmp( aes_computed_ciphertext, aes_ecb_known_ciphertext,
665
FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
666
return( CKR_DEVICE_ERROR );
669
/******************************************************/
670
/* AES-ECB Single-Round Known Answer Decryption Test: */
671
/******************************************************/
673
aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_FALSE,
674
aes_key_size, FIPS_AES_BLOCK_SIZE );
676
if( aes_context == NULL )
677
return( CKR_HOST_MEMORY );
679
aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
680
&aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
681
aes_ecb_known_ciphertext,
682
FIPS_AES_ENCRYPT_LENGTH );
684
AES_DestroyContext( aes_context, PR_TRUE );
686
if( ( aes_status != SECSuccess ) ||
687
( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
688
( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
689
FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
690
return( CKR_DEVICE_ERROR );
693
/******************************************************/
694
/* AES-CBC Single-Round Known Answer Encryption Test. */
695
/******************************************************/
697
aes_context = AES_CreateContext( aes_known_key,
698
aes_cbc_known_initialization_vector,
699
NSS_AES_CBC, PR_TRUE, aes_key_size,
700
FIPS_AES_BLOCK_SIZE );
702
if( aes_context == NULL )
703
return( CKR_HOST_MEMORY );
705
aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
706
&aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
708
FIPS_AES_DECRYPT_LENGTH );
710
AES_DestroyContext( aes_context, PR_TRUE );
712
if( ( aes_status != SECSuccess ) ||
713
( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
714
( PORT_Memcmp( aes_computed_ciphertext, aes_cbc_known_ciphertext,
715
FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
716
return( CKR_DEVICE_ERROR );
719
/******************************************************/
720
/* AES-CBC Single-Round Known Answer Decryption Test. */
721
/******************************************************/
723
aes_context = AES_CreateContext( aes_known_key,
724
aes_cbc_known_initialization_vector,
725
NSS_AES_CBC, PR_FALSE, aes_key_size,
726
FIPS_AES_BLOCK_SIZE );
728
if( aes_context == NULL )
729
return( CKR_HOST_MEMORY );
731
aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
732
&aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
733
aes_cbc_known_ciphertext,
734
FIPS_AES_ENCRYPT_LENGTH );
736
AES_DestroyContext( aes_context, PR_TRUE );
738
if( ( aes_status != SECSuccess ) ||
739
( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
740
( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
741
FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
742
return( CKR_DEVICE_ERROR );
747
/* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */
748
static const PRUint8 known_hash_message[] = {
749
"The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
753
sftk_fips_MD2_PowerUpSelfTest( void )
755
/* MD2 Known Digest Message (128-bits). */
756
static const PRUint8 md2_known_digest[] = {
757
0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17,
758
0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b};
761
MD2Context * md2_context;
762
unsigned int md2_bytes_hashed;
763
PRUint8 md2_computed_digest[MD2_LENGTH];
766
/***********************************************/
767
/* MD2 Single-Round Known Answer Hashing Test. */
768
/***********************************************/
770
md2_context = MD2_NewContext();
772
if( md2_context == NULL )
773
return( CKR_HOST_MEMORY );
775
MD2_Begin( md2_context );
777
MD2_Update( md2_context, known_hash_message,
778
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
780
MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH );
782
MD2_DestroyContext( md2_context , PR_TRUE );
784
if( ( md2_bytes_hashed != MD2_LENGTH ) ||
785
( PORT_Memcmp( md2_computed_digest, md2_known_digest,
786
MD2_LENGTH ) != 0 ) )
787
return( CKR_DEVICE_ERROR );
794
sftk_fips_MD5_PowerUpSelfTest( void )
796
/* MD5 Known Digest Message (128-bits). */
797
static const PRUint8 md5_known_digest[] = {
798
0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28,
799
0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d};
802
PRUint8 md5_computed_digest[MD5_LENGTH];
803
SECStatus md5_status;
806
/***********************************************/
807
/* MD5 Single-Round Known Answer Hashing Test. */
808
/***********************************************/
810
md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message,
811
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
813
if( ( md5_status != SECSuccess ) ||
814
( PORT_Memcmp( md5_computed_digest, md5_known_digest,
815
MD5_LENGTH ) != 0 ) )
816
return( CKR_DEVICE_ERROR );
821
/****************************************************/
822
/* Single Round HMAC SHA-X test */
823
/****************************************************/
825
sftk_fips_HMAC(unsigned char *hmac_computed,
826
const PRUint8 *secret_key,
827
unsigned int secret_key_length,
828
const PRUint8 *message,
829
unsigned int message_length,
830
HASH_HashType hashAlg )
832
SECStatus hmac_status = SECFailure;
833
HMACContext *cx = NULL;
834
SECHashObject *hashObj = NULL;
835
unsigned int bytes_hashed = 0;
837
hashObj = (SECHashObject *) HASH_GetRawHashObject(hashAlg);
840
return( SECFailure );
842
cx = HMAC_Create(hashObj, secret_key,
844
PR_TRUE); /* PR_TRUE for in FIPS mode */
847
return( SECFailure );
850
HMAC_Update(cx, message, message_length);
851
hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
854
HMAC_Destroy(cx, PR_TRUE);
856
return( hmac_status );
860
sftk_fips_HMAC_PowerUpSelfTest( void )
862
static const PRUint8 HMAC_known_secret_key[] = {
863
"Firefox and ThunderBird are awesome!"};
865
static const PRUint8 HMAC_known_secret_key_length
866
= sizeof HMAC_known_secret_key;
868
/* known SHA1 hmac (20 bytes) */
869
static const PRUint8 known_SHA1_hmac[] = {
870
0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05,
871
0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
872
0x5d, 0x0e, 0x1e, 0x11};
874
/* known SHA256 hmac (32 bytes) */
875
static const PRUint8 known_SHA256_hmac[] = {
876
0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44,
877
0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0,
878
0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9,
879
0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48};
881
/* known SHA384 hmac (48 bytes) */
882
static const PRUint8 known_SHA384_hmac[] = {
883
0xcd, 0x56, 0x14, 0xec, 0x05, 0x53, 0x06, 0x2b,
884
0x7e, 0x9c, 0x8a, 0x18, 0x5e, 0xea, 0xf3, 0x91,
885
0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b,
886
0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d,
887
0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa,
888
0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87};
890
/* known SHA512 hmac (64 bytes) */
891
static const PRUint8 known_SHA512_hmac[] = {
892
0xf6, 0x0e, 0x97, 0x12, 0x00, 0x67, 0x6e, 0xb9,
893
0x0c, 0xb2, 0x63, 0xf0, 0x60, 0xac, 0x75, 0x62,
894
0x70, 0x95, 0x2a, 0x52, 0x22, 0xee, 0xdd, 0xd2,
895
0x71, 0xb1, 0xe8, 0x26, 0x33, 0xd3, 0x13, 0x27,
896
0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb,
897
0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1,
898
0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4,
899
0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37};
901
SECStatus hmac_status;
902
PRUint8 hmac_computed[HASH_LENGTH_MAX];
904
/***************************************************/
905
/* HMAC SHA-1 Single-Round Known Answer HMAC Test. */
906
/***************************************************/
908
hmac_status = sftk_fips_HMAC(hmac_computed,
909
HMAC_known_secret_key,
910
HMAC_known_secret_key_length,
912
FIPS_KNOWN_HASH_MESSAGE_LENGTH,
915
if( ( hmac_status != SECSuccess ) ||
916
( PORT_Memcmp( hmac_computed, known_SHA1_hmac,
917
SHA1_LENGTH ) != 0 ) )
918
return( CKR_DEVICE_ERROR );
920
/***************************************************/
921
/* HMAC SHA-256 Single-Round Known Answer Test. */
922
/***************************************************/
924
hmac_status = sftk_fips_HMAC(hmac_computed,
925
HMAC_known_secret_key,
926
HMAC_known_secret_key_length,
928
FIPS_KNOWN_HASH_MESSAGE_LENGTH,
931
if( ( hmac_status != SECSuccess ) ||
932
( PORT_Memcmp( hmac_computed, known_SHA256_hmac,
933
SHA256_LENGTH ) != 0 ) )
934
return( CKR_DEVICE_ERROR );
936
/***************************************************/
937
/* HMAC SHA-384 Single-Round Known Answer Test. */
938
/***************************************************/
940
hmac_status = sftk_fips_HMAC(hmac_computed,
941
HMAC_known_secret_key,
942
HMAC_known_secret_key_length,
944
FIPS_KNOWN_HASH_MESSAGE_LENGTH,
947
if( ( hmac_status != SECSuccess ) ||
948
( PORT_Memcmp( hmac_computed, known_SHA384_hmac,
949
SHA384_LENGTH ) != 0 ) )
950
return( CKR_DEVICE_ERROR );
952
/***************************************************/
953
/* HMAC SHA-512 Single-Round Known Answer Test. */
954
/***************************************************/
956
hmac_status = sftk_fips_HMAC(hmac_computed,
957
HMAC_known_secret_key,
958
HMAC_known_secret_key_length,
960
FIPS_KNOWN_HASH_MESSAGE_LENGTH,
963
if( ( hmac_status != SECSuccess ) ||
964
( PORT_Memcmp( hmac_computed, known_SHA512_hmac,
965
SHA512_LENGTH ) != 0 ) )
966
return( CKR_DEVICE_ERROR );
972
sftk_fips_SHA_PowerUpSelfTest( void )
974
/* SHA-1 Known Digest Message (160-bits). */
975
static const PRUint8 sha1_known_digest[] = {
976
0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
977
0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
978
0xe0,0x68,0x47,0x7a};
980
/* SHA-256 Known Digest Message (256-bits). */
981
static const PRUint8 sha256_known_digest[] = {
982
0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
983
0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d,
984
0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9,
985
0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79};
987
/* SHA-384 Known Digest Message (384-bits). */
988
static const PRUint8 sha384_known_digest[] = {
989
0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3,
990
0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe,
991
0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8,
992
0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b,
993
0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3,
994
0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72};
996
/* SHA-512 Known Digest Message (512-bits). */
997
static const PRUint8 sha512_known_digest[] = {
998
0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf,
999
0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb,
1000
0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99,
1001
0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28,
1002
0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12,
1003
0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f,
1004
0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a,
1005
0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07};
1007
/* SHA-X variables. */
1008
PRUint8 sha_computed_digest[HASH_LENGTH_MAX];
1009
SECStatus sha_status;
1011
/*************************************************/
1012
/* SHA-1 Single-Round Known Answer Hashing Test. */
1013
/*************************************************/
1015
sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message,
1016
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1018
if( ( sha_status != SECSuccess ) ||
1019
( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
1020
SHA1_LENGTH ) != 0 ) )
1021
return( CKR_DEVICE_ERROR );
1023
/***************************************************/
1024
/* SHA-256 Single-Round Known Answer Hashing Test. */
1025
/***************************************************/
1027
sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message,
1028
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1030
if( ( sha_status != SECSuccess ) ||
1031
( PORT_Memcmp( sha_computed_digest, sha256_known_digest,
1032
SHA256_LENGTH ) != 0 ) )
1033
return( CKR_DEVICE_ERROR );
1035
/***************************************************/
1036
/* SHA-384 Single-Round Known Answer Hashing Test. */
1037
/***************************************************/
1039
sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message,
1040
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1042
if( ( sha_status != SECSuccess ) ||
1043
( PORT_Memcmp( sha_computed_digest, sha384_known_digest,
1044
SHA384_LENGTH ) != 0 ) )
1045
return( CKR_DEVICE_ERROR );
1047
/***************************************************/
1048
/* SHA-512 Single-Round Known Answer Hashing Test. */
1049
/***************************************************/
1051
sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message,
1052
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
1054
if( ( sha_status != SECSuccess ) ||
1055
( PORT_Memcmp( sha_computed_digest, sha512_known_digest,
1056
SHA512_LENGTH ) != 0 ) )
1057
return( CKR_DEVICE_ERROR );
1063
* Single round RSA Signature Known Answer Test
1066
sftk_fips_RSA_PowerUpSigSelfTest (HASH_HashType shaAlg,
1067
NSSLOWKEYPublicKey *rsa_public_key,
1068
NSSLOWKEYPrivateKey *rsa_private_key,
1069
const unsigned char *rsa_known_msg,
1070
const unsigned int rsa_kmsg_length,
1071
const unsigned char *rsa_known_signature)
1073
SECOidTag shaOid; /* SHA OID */
1074
unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
1075
unsigned int shaLength = 0; /* length of SHA */
1076
unsigned int rsa_bytes_signed;
1077
unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
1080
if (shaAlg == HASH_AlgSHA1) {
1081
if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1085
shaLength = SHA1_LENGTH;
1086
shaOid = SEC_OID_SHA1;
1087
} else if (shaAlg == HASH_AlgSHA256) {
1088
if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1092
shaLength = SHA256_LENGTH;
1093
shaOid = SEC_OID_SHA256;
1094
} else if (shaAlg == HASH_AlgSHA384) {
1095
if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1099
shaLength = SHA384_LENGTH;
1100
shaOid = SEC_OID_SHA384;
1101
} else if (shaAlg == HASH_AlgSHA512) {
1102
if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
1106
shaLength = SHA512_LENGTH;
1107
shaOid = SEC_OID_SHA512;
1112
/*************************************************/
1113
/* RSA Single-Round Known Answer Signature Test. */
1114
/*************************************************/
1116
/* Perform RSA signature with the RSA private key. */
1117
rv = RSA_HashSign( shaOid,
1119
rsa_computed_signature,
1121
FIPS_RSA_SIGNATURE_LENGTH,
1125
if( ( rv != SECSuccess ) ||
1126
( rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH ) ||
1127
( PORT_Memcmp( rsa_computed_signature, rsa_known_signature,
1128
FIPS_RSA_SIGNATURE_LENGTH ) != 0 ) ) {
1132
/****************************************************/
1133
/* RSA Single-Round Known Answer Verification Test. */
1134
/****************************************************/
1136
/* Perform RSA verification with the RSA public key. */
1137
rv = RSA_HashCheckSign( shaOid,
1139
rsa_computed_signature,
1144
if( rv != SECSuccess ) {
1147
return( SECSuccess );
1151
return( SECFailure );
1156
sftk_fips_RSA_PowerUpSelfTest( void )
1158
/* RSA Known Modulus used in both Public/Private Key Values (1024-bits). */
1159
static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
1160
0xd5, 0x84, 0x95, 0x07, 0xf4, 0xd0, 0x1f, 0x82,
1161
0xf3, 0x79, 0xf4, 0x99, 0x48, 0x10, 0xe1, 0x71,
1162
0xa5, 0x62, 0x22, 0xa3, 0x4b, 0x00, 0xe3, 0x5b,
1163
0x3a, 0xcc, 0x10, 0x83, 0xe0, 0xaf, 0x61, 0x13,
1164
0x54, 0x6a, 0xa2, 0x6a, 0x2c, 0x5e, 0xb3, 0xcc,
1165
0xa3, 0x71, 0x9a, 0xb2, 0x3e, 0x78, 0xec, 0xb5,
1166
0x0e, 0x6e, 0x31, 0x3b, 0x77, 0x1f, 0x6e, 0x94,
1167
0x41, 0x60, 0xd5, 0x6e, 0xd9, 0xc6, 0xf9, 0x29,
1168
0xc3, 0x40, 0x36, 0x25, 0xdb, 0xea, 0x0b, 0x07,
1169
0xae, 0x76, 0xfd, 0x99, 0x29, 0xf4, 0x22, 0xc1,
1170
0x1a, 0x8f, 0x05, 0xfe, 0x98, 0x09, 0x07, 0x05,
1171
0xc2, 0x0f, 0x0b, 0x11, 0x83, 0x39, 0xca, 0xc7,
1172
0x43, 0x63, 0xff, 0x33, 0x80, 0xe7, 0xc3, 0x78,
1173
0xae, 0xf1, 0x73, 0x52, 0x98, 0x1d, 0xde, 0x5c,
1174
0x53, 0x6e, 0x01, 0x73, 0x0d, 0x12, 0x7e, 0x77,
1175
0x03, 0xf1, 0xef, 0x1b, 0xc8, 0xa8, 0x0f, 0x97};
1177
/* RSA Known Public Key Values (24-bits). */
1178
static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH]
1179
= { 0x01, 0x00, 0x01 };
1180
/* RSA Known Private Key Values (version is 8-bits), */
1181
/* (private exponent is 1024-bits), */
1182
/* (private prime0 is 512-bits), */
1183
/* (private prime1 is 512-bits), */
1184
/* (private prime exponent0 is 512-bits), */
1185
/* (private prime exponent1 is 512-bits), */
1186
/* and (private coefficient is 512-bits). */
1187
static const PRUint8 rsa_version[] = { 0x00 };
1189
static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH]
1190
= { 0x85, 0x27, 0x47, 0x61, 0x4c, 0xd4, 0xb5, 0xb2,
1191
0x0e, 0x70, 0x91, 0x8f, 0x3d, 0x97, 0xf9, 0x5f,
1192
0xcc, 0x09, 0x65, 0x1c, 0x7c, 0x5b, 0xb3, 0x6d,
1193
0x63, 0x3f, 0x7b, 0x55, 0x22, 0xbb, 0x7c, 0x48,
1194
0x77, 0xae, 0x80, 0x56, 0xc2, 0x10, 0xd5, 0x03,
1195
0xdb, 0x31, 0xaf, 0x8d, 0x54, 0xd4, 0x48, 0x99,
1196
0xa8, 0xc4, 0x23, 0x43, 0xb8, 0x48, 0x0b, 0xc7,
1197
0xbc, 0xf5, 0xcc, 0x64, 0x72, 0xbf, 0x59, 0x06,
1198
0x04, 0x1c, 0x32, 0xf5, 0x14, 0x2e, 0x6e, 0xe2,
1199
0x0f, 0x5c, 0xde, 0x36, 0x3c, 0x6e, 0x7c, 0x4d,
1200
0xcc, 0xd3, 0x00, 0x6e, 0xe5, 0x45, 0x46, 0xef,
1201
0x4d, 0x25, 0x46, 0x6d, 0x7f, 0xed, 0xbb, 0x4f,
1202
0x4d, 0x9f, 0xda, 0x87, 0x47, 0x8f, 0x74, 0x44,
1203
0xb7, 0xbe, 0x9d, 0xf5, 0xdd, 0xd2, 0x4c, 0xa5,
1204
0xab, 0x74, 0xe5, 0x29, 0xa1, 0xd2, 0x45, 0x3b,
1205
0x33, 0xde, 0xd5, 0xae, 0xf7, 0x03, 0x10, 0x21};
1207
static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
1208
0xf9, 0x74, 0x8f, 0x16, 0x02, 0x6b, 0xa0, 0xee,
1209
0x7f, 0x28, 0x97, 0x91, 0xdc, 0xec, 0xc0, 0x7c,
1210
0x49, 0xc2, 0x85, 0x76, 0xee, 0x66, 0x74, 0x2d,
1211
0x1a, 0xb8, 0xf7, 0x2f, 0x11, 0x5b, 0x36, 0xd8,
1212
0x46, 0x33, 0x3b, 0xd8, 0xf3, 0x2d, 0xa1, 0x03,
1213
0x83, 0x2b, 0xec, 0x35, 0x43, 0x32, 0xff, 0xdd,
1214
0x81, 0x7c, 0xfd, 0x65, 0x13, 0x04, 0x7c, 0xfc,
1215
0x03, 0x97, 0xf0, 0xd5, 0x62, 0xdc, 0x0d, 0xbf};
1216
static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
1217
0xdb, 0x1e, 0xa7, 0x3d, 0xe7, 0xfa, 0x8b, 0x04,
1218
0x83, 0x48, 0xf3, 0xa5, 0x31, 0x9d, 0x35, 0x5e,
1219
0x4d, 0x54, 0x77, 0xcc, 0x84, 0x09, 0xf3, 0x11,
1220
0x0d, 0x54, 0xed, 0x85, 0x39, 0xa9, 0xca, 0xa8,
1221
0xea, 0xae, 0x19, 0x9c, 0x75, 0xdb, 0x88, 0xb8,
1222
0x04, 0x8d, 0x54, 0xc6, 0xa4, 0x80, 0xf8, 0x93,
1223
0xf0, 0xdb, 0x19, 0xef, 0xd7, 0x87, 0x8a, 0x8f,
1224
0x5a, 0x09, 0x2e, 0x54, 0xf3, 0x45, 0x24, 0x29};
1225
static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
1226
0x6a, 0xd1, 0x25, 0x80, 0x18, 0x33, 0x3c, 0x2b,
1227
0x44, 0x19, 0xfe, 0xa5, 0x40, 0x03, 0xc4, 0xfc,
1228
0xb3, 0x9c, 0xef, 0x07, 0x99, 0x58, 0x17, 0xc1,
1229
0x44, 0xa3, 0x15, 0x7d, 0x7b, 0x22, 0x22, 0xdf,
1230
0x03, 0x58, 0x66, 0xf5, 0x24, 0x54, 0x52, 0x91,
1231
0x2d, 0x76, 0xfe, 0x63, 0x64, 0x4e, 0x0f, 0x50,
1232
0x2b, 0x65, 0x79, 0x1f, 0xf1, 0xbf, 0xc7, 0x41,
1233
0x26, 0xcc, 0xc6, 0x1c, 0xa9, 0x83, 0x6f, 0x03};
1234
static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
1235
0x12, 0x84, 0x1a, 0x99, 0xce, 0x9a, 0x8b, 0x58,
1236
0xcc, 0x47, 0x43, 0xdf, 0x77, 0xbb, 0xd3, 0x20,
1237
0xae, 0xe4, 0x2e, 0x63, 0x67, 0xdc, 0xf7, 0x5f,
1238
0x3f, 0x83, 0x27, 0xb7, 0x14, 0x52, 0x56, 0xbf,
1239
0xc3, 0x65, 0x06, 0xe1, 0x03, 0xcc, 0x93, 0x57,
1240
0x09, 0x7b, 0x6f, 0xe8, 0x81, 0x4a, 0x2c, 0xb7,
1241
0x43, 0xa9, 0x20, 0x1d, 0xf6, 0x56, 0x8b, 0xcc,
1242
0xe5, 0x4c, 0xd5, 0x4f, 0x74, 0x67, 0x29, 0x51};
1243
static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
1244
0x23, 0xab, 0xf4, 0x03, 0x2f, 0x29, 0x95, 0x74,
1245
0xac, 0x1a, 0x33, 0x96, 0x62, 0xed, 0xf7, 0xf6,
1246
0xae, 0x07, 0x2a, 0x2e, 0xe8, 0xab, 0xfb, 0x1e,
1247
0xb9, 0xb2, 0x88, 0x1e, 0x85, 0x05, 0x42, 0x64,
1248
0x03, 0xb2, 0x8b, 0xc1, 0x81, 0x75, 0xd7, 0xba,
1249
0xaa, 0xd4, 0x31, 0x3c, 0x8a, 0x96, 0x23, 0x9d,
1250
0x3f, 0x06, 0x3e, 0x44, 0xa9, 0x62, 0x2f, 0x61,
1251
0x5a, 0x51, 0x82, 0x2c, 0x04, 0x85, 0x73, 0xd1};
1253
/* RSA Known Plaintext Message (1024-bits). */
1254
static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
1255
"Known plaintext message utilized"
1256
"for RSA Encryption & Decryption"
1257
"block, SHA1, SHA256, SHA384 and"
1258
"SHA512 RSA Signature KAT tests."};
1260
/* RSA Known Ciphertext (1024-bits). */
1261
static const PRUint8 rsa_known_ciphertext[] = {
1262
0x1e, 0x7e, 0x12, 0xbb, 0x15, 0x62, 0xd0, 0x23,
1263
0x53, 0x4c, 0x51, 0x97, 0x77, 0x06, 0xa0, 0xbb,
1264
0x26, 0x99, 0x9a, 0x8f, 0x39, 0xad, 0x88, 0x5c,
1265
0xc4, 0xce, 0x33, 0x40, 0x94, 0x92, 0xb4, 0x0e,
1266
0xab, 0x71, 0xa9, 0x5d, 0x9a, 0x37, 0xe3, 0x9a,
1267
0x24, 0x95, 0x13, 0xea, 0x0f, 0xbb, 0xf7, 0xff,
1268
0xdf, 0x31, 0x33, 0x23, 0x1d, 0xce, 0x26, 0x9e,
1269
0xd1, 0xde, 0x98, 0x40, 0xde, 0x57, 0x86, 0x12,
1270
0xf1, 0xe6, 0x5a, 0x3f, 0x08, 0x02, 0x81, 0x85,
1271
0xe0, 0xd9, 0xad, 0x3c, 0x8c, 0x71, 0xf8, 0xcf,
1272
0x0a, 0x98, 0xc5, 0x08, 0xdc, 0xc4, 0xca, 0x8c,
1273
0x23, 0x1b, 0x4d, 0x9b, 0xb5, 0x13, 0x44, 0xe1,
1274
0x5f, 0xf9, 0x30, 0x80, 0x25, 0xe0, 0x1e, 0x94,
1275
0xa3, 0x0c, 0xdc, 0x82, 0x2e, 0xfb, 0x30, 0xbe,
1276
0x89, 0xba, 0x76, 0xb6, 0x23, 0xf7, 0xda, 0x7c,
1277
0xca, 0xe6, 0x02, 0xbd, 0x92, 0xce, 0x64, 0xfc};
1279
/* RSA Known Signed Hash (1024-bits). */
1280
static const PRUint8 rsa_known_sha1_signature[] = {
1281
0xd2, 0xa4, 0xe0, 0x2b, 0xc7, 0x03, 0x7f, 0xc6,
1282
0x06, 0x9e, 0xa2, 0x82, 0x19, 0xe9, 0x2b, 0xaf,
1283
0xe3, 0x48, 0x88, 0xc1, 0xf3, 0xb5, 0x0d, 0xe4,
1284
0x52, 0x9e, 0xad, 0xd5, 0x58, 0xb5, 0x9f, 0xe8,
1285
0x40, 0xe9, 0xb7, 0x2e, 0xc6, 0x71, 0x58, 0x56,
1286
0x04, 0xac, 0xb0, 0xf3, 0x3a, 0x42, 0x38, 0x08,
1287
0xc4, 0x43, 0x39, 0xba, 0x19, 0xce, 0xb1, 0x99,
1288
0xf1, 0x8d, 0x89, 0xd8, 0x50, 0x07, 0x14, 0x3d,
1289
0xcf, 0xd0, 0xb6, 0x79, 0xde, 0x9c, 0x89, 0x32,
1290
0xb0, 0x73, 0x3f, 0xed, 0x03, 0x0b, 0xdf, 0x6d,
1291
0x7e, 0xc9, 0x1c, 0x39, 0xe8, 0x2b, 0x16, 0x09,
1292
0xbb, 0x5f, 0x99, 0x2f, 0xeb, 0xf3, 0x37, 0x73,
1293
0x0d, 0x0e, 0xcc, 0x95, 0xad, 0x90, 0x80, 0x03,
1294
0x1d, 0x80, 0x55, 0x37, 0xa1, 0x2a, 0x71, 0x76,
1295
0x23, 0x87, 0x8c, 0x9b, 0x41, 0x07, 0xc6, 0x3d,
1296
0xc6, 0xa3, 0x7d, 0x1b, 0xff, 0x4e, 0x11, 0x19};
1298
/* RSA Known Signed Hash (1024-bits). */
1299
static const PRUint8 rsa_known_sha256_signature[] = {
1300
0x27, 0x35, 0xdd, 0xc4, 0xf8, 0xe2, 0x0b, 0xa3,
1301
0xef, 0x63, 0x57, 0x3b, 0xe1, 0x58, 0x9a, 0xbc,
1302
0x20, 0x9c, 0x25, 0x12, 0x01, 0xbf, 0xbb, 0x29,
1303
0x80, 0x1a, 0xb1, 0x37, 0x9c, 0xcd, 0x67, 0xc7,
1304
0x0d, 0xf8, 0x64, 0x10, 0x9f, 0xe2, 0xa1, 0x9b,
1305
0x21, 0x90, 0xcc, 0xda, 0x8b, 0x76, 0x5e, 0x79,
1306
0x00, 0x9d, 0x58, 0x8b, 0x8a, 0xb3, 0xc3, 0xb5,
1307
0xf1, 0x54, 0xc5, 0x8c, 0x72, 0xba, 0xde, 0x51,
1308
0x3c, 0x6b, 0x94, 0xd6, 0xf3, 0x1b, 0xa2, 0x53,
1309
0xe6, 0x1a, 0x46, 0x1d, 0x7f, 0x14, 0x86, 0xcc,
1310
0xa6, 0x30, 0x92, 0x96, 0xc0, 0x96, 0x24, 0xf0,
1311
0x42, 0x53, 0x4c, 0xdd, 0x27, 0xdf, 0x1d, 0x2e,
1312
0x8b, 0x83, 0xbe, 0xed, 0x85, 0x1d, 0x50, 0x46,
1313
0xa3, 0x7d, 0x20, 0xea, 0x3e, 0x91, 0xfb, 0xf6,
1314
0x86, 0x51, 0xfd, 0x8c, 0xe5, 0x31, 0xe6, 0x7e,
1315
0x60, 0x08, 0x0e, 0xec, 0xa6, 0xea, 0x24, 0x8d};
1317
/* RSA Known Signed Hash (1024-bits). */
1318
static const PRUint8 rsa_known_sha384_signature[] = {
1319
0x0b, 0x03, 0x94, 0x4f, 0x94, 0x78, 0x9b, 0x96,
1320
0x76, 0xeb, 0x72, 0x58, 0xe1, 0xc5, 0xc7, 0x5f,
1321
0x85, 0x01, 0xa8, 0xc4, 0xf6, 0x1a, 0xb5, 0x2c,
1322
0xd1, 0xd8, 0x87, 0xde, 0x3a, 0x9c, 0x9f, 0x57,
1323
0x81, 0x2a, 0x1e, 0x23, 0x07, 0x70, 0xb0, 0xf9,
1324
0x28, 0x3d, 0xfa, 0xe5, 0x2e, 0x1b, 0x9a, 0x72,
1325
0xc3, 0x74, 0xb3, 0x42, 0x1c, 0x9a, 0x13, 0xdc,
1326
0xc9, 0xd6, 0xd5, 0x88, 0xc9, 0x9c, 0x46, 0xf1,
1327
0x0c, 0xa6, 0xf7, 0xd8, 0x06, 0xa3, 0x1b, 0xdf,
1328
0x55, 0xb3, 0x1b, 0x7b, 0x58, 0x1d, 0xff, 0x19,
1329
0xc7, 0xe0, 0xdd, 0x59, 0xac, 0x2f, 0x78, 0x71,
1330
0xe7, 0xe0, 0x17, 0xa3, 0x1c, 0x5c, 0x92, 0xef,
1331
0xb6, 0x75, 0xed, 0xbe, 0x18, 0x39, 0x6b, 0xd7,
1332
0xc9, 0x08, 0x62, 0x55, 0x62, 0xac, 0x5d, 0xa1,
1333
0x9b, 0xd5, 0xb8, 0x98, 0x15, 0xc0, 0xf5, 0x41,
1334
0x85, 0x44, 0x96, 0xca, 0x10, 0xdc, 0x57, 0x21};
1336
/* RSA Known Signed Hash (1024-bits). */
1337
static const PRUint8 rsa_known_sha512_signature[] = {
1338
0xa5, 0xd0, 0x80, 0x04, 0x22, 0xfc, 0x80, 0x73,
1339
0x7d, 0x46, 0xc8, 0x7b, 0xac, 0x44, 0x7b, 0xe6,
1340
0x07, 0xe5, 0x61, 0x4c, 0x33, 0x7f, 0x6f, 0x46,
1341
0x7c, 0x30, 0xe3, 0x75, 0x59, 0x4b, 0x42, 0xf3,
1342
0x9f, 0x35, 0x3c, 0x10, 0x56, 0xdb, 0xd2, 0x69,
1343
0x43, 0xcb, 0x77, 0xe9, 0x7d, 0xcd, 0x07, 0x43,
1344
0xc5, 0xd4, 0x0c, 0x9d, 0xf5, 0x92, 0xbd, 0x0e,
1345
0x3b, 0xb7, 0x68, 0x88, 0x84, 0xca, 0xae, 0x0d,
1346
0xab, 0x71, 0x10, 0xad, 0xab, 0x27, 0xe4, 0xa3,
1347
0x24, 0x41, 0xeb, 0x1c, 0xa6, 0x5f, 0xf1, 0x85,
1348
0xd0, 0xf6, 0x22, 0x74, 0x3d, 0x81, 0xbe, 0xdd,
1349
0x1b, 0x2a, 0x4c, 0xd1, 0x6c, 0xb5, 0x6d, 0x7a,
1350
0xbb, 0x99, 0x69, 0x01, 0xa6, 0xc0, 0x98, 0xfa,
1351
0x97, 0xa3, 0xd1, 0xb0, 0xdf, 0x09, 0xe3, 0x3d,
1352
0x88, 0xee, 0x90, 0xf3, 0x10, 0x41, 0x0f, 0x06,
1353
0x31, 0xe9, 0x60, 0x2d, 0xbf, 0x63, 0x7b, 0xf8};
1355
static const RSAPublicKey bl_public_key = { NULL,
1356
{ FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1357
FIPS_RSA_MODULUS_LENGTH },
1358
{ FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1359
FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
1361
static const RSAPrivateKey bl_private_key = { NULL,
1362
{ FIPS_RSA_TYPE, (unsigned char *)rsa_version,
1363
FIPS_RSA_PRIVATE_VERSION_LENGTH },
1364
{ FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
1365
FIPS_RSA_MODULUS_LENGTH },
1366
{ FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
1367
FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
1368
{ FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
1369
FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
1370
{ FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
1371
FIPS_RSA_PRIME0_LENGTH },
1372
{ FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
1373
FIPS_RSA_PRIME1_LENGTH },
1374
{ FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
1375
FIPS_RSA_EXPONENT0_LENGTH },
1376
{ FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
1377
FIPS_RSA_EXPONENT1_LENGTH },
1378
{ FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
1379
FIPS_RSA_COEFFICIENT_LENGTH }
1382
/* RSA variables. */
1383
#ifdef CREATE_TEMP_ARENAS
1384
PLArenaPool * rsa_public_arena;
1385
PLArenaPool * rsa_private_arena;
1387
NSSLOWKEYPublicKey * rsa_public_key;
1388
NSSLOWKEYPrivateKey * rsa_private_key;
1389
SECStatus rsa_status;
1391
NSSLOWKEYPublicKey low_public_key = { NULL, NSSLOWKEYRSAKey, };
1392
NSSLOWKEYPrivateKey low_private_key = { NULL, NSSLOWKEYRSAKey, };
1393
PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
1394
PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
1396
/****************************************/
1397
/* Compose RSA Public/Private Key Pair. */
1398
/****************************************/
1400
low_public_key.u.rsa = bl_public_key;
1401
low_private_key.u.rsa = bl_private_key;
1403
rsa_public_key = &low_public_key;
1404
rsa_private_key = &low_private_key;
1406
#ifdef CREATE_TEMP_ARENAS
1407
/* Create some space for the RSA public key. */
1408
rsa_public_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
1410
if( rsa_public_arena == NULL ) {
1411
PORT_SetError( SEC_ERROR_NO_MEMORY );
1412
return( CKR_HOST_MEMORY );
1415
/* Create some space for the RSA private key. */
1416
rsa_private_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
1418
if( rsa_private_arena == NULL ) {
1419
PORT_FreeArena( rsa_public_arena, PR_TRUE );
1420
PORT_SetError( SEC_ERROR_NO_MEMORY );
1421
return( CKR_HOST_MEMORY );
1424
rsa_public_key->arena = rsa_public_arena;
1425
rsa_private_key->arena = rsa_private_arena;
1428
/**************************************************/
1429
/* RSA Single-Round Known Answer Encryption Test. */
1430
/**************************************************/
1432
/* Perform RSA Public Key Encryption. */
1433
rsa_status = RSA_PublicKeyOp(&rsa_public_key->u.rsa,
1434
rsa_computed_ciphertext,
1435
rsa_known_plaintext_msg);
1437
if( ( rsa_status != SECSuccess ) ||
1438
( PORT_Memcmp( rsa_computed_ciphertext, rsa_known_ciphertext,
1439
FIPS_RSA_ENCRYPT_LENGTH ) != 0 ) )
1442
/**************************************************/
1443
/* RSA Single-Round Known Answer Decryption Test. */
1444
/**************************************************/
1446
/* Perform RSA Private Key Decryption. */
1447
rsa_status = RSA_PrivateKeyOp(&rsa_private_key->u.rsa,
1448
rsa_computed_plaintext,
1449
rsa_known_ciphertext);
1451
if( ( rsa_status != SECSuccess ) ||
1452
( PORT_Memcmp( rsa_computed_plaintext, rsa_known_plaintext_msg,
1453
FIPS_RSA_DECRYPT_LENGTH ) != 0 ) )
1456
rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA1,
1457
rsa_public_key, rsa_private_key,
1458
rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1459
rsa_known_sha1_signature);
1460
if( rsa_status != SECSuccess )
1463
rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA256,
1464
rsa_public_key, rsa_private_key,
1465
rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1466
rsa_known_sha256_signature);
1467
if( rsa_status != SECSuccess )
1470
rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA384,
1471
rsa_public_key, rsa_private_key,
1472
rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1473
rsa_known_sha384_signature);
1474
if( rsa_status != SECSuccess )
1477
rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA512,
1478
rsa_public_key, rsa_private_key,
1479
rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
1480
rsa_known_sha512_signature);
1481
if( rsa_status != SECSuccess )
1484
/* Dispose of all RSA key material. */
1485
nsslowkey_DestroyPublicKey( rsa_public_key );
1486
nsslowkey_DestroyPrivateKey( rsa_private_key );
1492
nsslowkey_DestroyPublicKey( rsa_public_key );
1493
nsslowkey_DestroyPrivateKey( rsa_private_key );
1495
return( CKR_DEVICE_ERROR );
1498
#ifdef NSS_ENABLE_ECC
1501
sftk_fips_ECDSA_Test(const PRUint8 *encodedParams,
1502
unsigned int encodedParamsLen,
1503
const PRUint8 *knownSignature,
1504
unsigned int knownSignatureLen) {
1506
/* ECDSA Known Seed info for curves nistp256 and nistk283 */
1507
static const PRUint8 ecdsa_Known_Seed[] = {
1508
0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
1509
0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
1510
0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
1511
0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f};
1513
static const PRUint8 msg[] = {
1514
"Firefox and ThunderBird are awesome!"};
1516
unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */
1517
unsigned char sig[2*MAX_ECKEY_LEN];
1518
SECItem signature, digest;
1519
SECItem encodedparams;
1520
ECParams *ecparams = NULL;
1521
ECPrivateKey *ecdsa_private_key = NULL;
1522
ECPublicKey ecdsa_public_key;
1523
SECStatus ecdsaStatus = SECSuccess;
1525
/* construct the ECDSA private/public key pair */
1526
encodedparams.type = siBuffer;
1527
encodedparams.data = (unsigned char *) encodedParams;
1528
encodedparams.len = encodedParamsLen;
1530
if (EC_DecodeParams(&encodedparams, &ecparams) != SECSuccess) {
1531
return( CKR_DEVICE_ERROR );
1534
/* Generates a new EC key pair. The private key is a supplied
1535
* random value (in seed) and the public key is the result of
1536
* performing a scalar point multiplication of that value with
1537
* the curve's base point.
1539
ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key,
1541
sizeof(ecdsa_Known_Seed));
1542
/* free the ecparams they are no longer needed */
1543
PORT_FreeArena(ecparams->arena, PR_FALSE);
1545
if (ecdsaStatus != SECSuccess) {
1546
return ( CKR_DEVICE_ERROR );
1549
/* construct public key from private key. */
1550
ecdsaStatus = EC_CopyParams(ecdsa_private_key->ecParams.arena,
1551
&ecdsa_public_key.ecParams,
1552
&ecdsa_private_key->ecParams);
1553
if (ecdsaStatus != SECSuccess) {
1556
ecdsa_public_key.publicValue = ecdsa_private_key->publicValue;
1558
/* validate public key value */
1559
ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams,
1560
&ecdsa_public_key.publicValue);
1561
if (ecdsaStatus != SECSuccess) {
1565
/* validate public key value */
1566
ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams,
1567
&ecdsa_private_key->publicValue);
1568
if (ecdsaStatus != SECSuccess) {
1572
/***************************************************/
1573
/* ECDSA Single-Round Known Answer Signature Test. */
1574
/***************************************************/
1576
ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg);
1577
if (ecdsaStatus != SECSuccess) {
1580
digest.type = siBuffer;
1582
digest.len = SHA1_LENGTH;
1584
memset(sig, 0, sizeof sig);
1585
signature.type = siBuffer;
1586
signature.data = sig;
1587
signature.len = sizeof sig;
1589
ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature,
1590
&digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed);
1591
if (ecdsaStatus != SECSuccess) {
1595
if( ( signature.len != knownSignatureLen ) ||
1596
( PORT_Memcmp( signature.data, knownSignature,
1597
knownSignatureLen ) != 0 ) ) {
1598
ecdsaStatus = SECFailure;
1602
/******************************************************/
1603
/* ECDSA Single-Round Known Answer Verification Test. */
1604
/******************************************************/
1606
/* Perform ECDSA verification process. */
1607
ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest);
1610
/* free the memory for the private key arena*/
1611
if (ecdsa_private_key != NULL) {
1612
PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE);
1615
if (ecdsaStatus != SECSuccess) {
1616
return CKR_DEVICE_ERROR ;
1622
sftk_fips_ECDSA_PowerUpSelfTest() {
1624
/* ECDSA Known curve nistp256 == SEC_OID_SECG_EC_SECP256R1 params */
1625
static const PRUint8 ecdsa_known_P256_EncodedParams[] = {
1626
0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,
1629
static const PRUint8 ecdsa_known_P256_signature[] = {
1630
0x07,0xb1,0xcb,0x57,0x20,0xa7,0x10,0xd6,
1631
0x9d,0x37,0x4b,0x1c,0xdc,0x35,0x90,0xff,
1632
0x1a,0x2d,0x98,0x95,0x1b,0x2f,0xeb,0x7f,
1633
0xbb,0x81,0xca,0xc0,0x69,0x75,0xea,0xc5,
1634
0x59,0x6a,0x62,0x49,0x3d,0x50,0xc9,0xe1,
1635
0x27,0x3b,0xff,0x9b,0x13,0x66,0x67,0xdd,
1636
0x7d,0xd1,0x0d,0x2d,0x7c,0x44,0x04,0x1b,
1637
0x16,0x21,0x12,0xc5,0xcb,0xbd,0x9e,0x75};
1639
#ifdef NSS_ECC_MORE_THAN_SUITE_B
1640
/* ECDSA Known curve nistk283 == SEC_OID_SECG_EC_SECT283K1 params */
1641
static const PRUint8 ecdsa_known_K283_EncodedParams[] = {
1642
0x06,0x05,0x2b,0x81,0x04,0x00,0x10};
1644
static const PRUint8 ecdsa_known_K283_signature[] = {
1645
0x00,0x45,0x88,0xc0,0x79,0x09,0x07,0xd1,
1646
0x4e,0x88,0xe6,0xd5,0x2f,0x22,0x04,0x74,
1647
0x35,0x24,0x65,0xe8,0x15,0xde,0x90,0x66,
1648
0x94,0x70,0xdd,0x3a,0x14,0x70,0x02,0xd1,
1649
0xef,0x86,0xbd,0x15,0x00,0xd9,0xdc,0xfc,
1650
0x87,0x2e,0x7c,0x99,0xe2,0xe3,0x79,0xb8,
1651
0xd9,0x10,0x49,0x78,0x4b,0x59,0x8b,0x05,
1652
0x77,0xec,0x6c,0xe8,0x35,0xe6,0x2e,0xa9,
1653
0xf9,0x77,0x1f,0x71,0x86,0xa5,0x4a,0xd0};
1658
/* ECDSA GF(p) prime field curve test */
1659
crv = sftk_fips_ECDSA_Test(ecdsa_known_P256_EncodedParams,
1660
sizeof ecdsa_known_P256_EncodedParams,
1661
ecdsa_known_P256_signature,
1662
sizeof ecdsa_known_P256_signature );
1663
if (crv != CKR_OK) {
1664
return( CKR_DEVICE_ERROR );
1667
#ifdef NSS_ECC_MORE_THAN_SUITE_B
1668
/* ECDSA GF(2m) binary field curve test */
1669
crv = sftk_fips_ECDSA_Test(ecdsa_known_K283_EncodedParams,
1670
sizeof ecdsa_known_K283_EncodedParams,
1671
ecdsa_known_K283_signature,
1672
sizeof ecdsa_known_K283_signature );
1673
if (crv != CKR_OK) {
1674
return( CKR_DEVICE_ERROR );
1681
#endif /* NSS_ENABLE_ECC */
1684
sftk_fips_DSA_PowerUpSelfTest( void )
1686
/* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */
1687
static const PRUint8 dsa_P[] = {
1688
0x80,0xb0,0xd1,0x9d,0x6e,0xa4,0xf3,0x28,
1689
0x9f,0x24,0xa9,0x8a,0x49,0xd0,0x0c,0x63,
1690
0xe8,0x59,0x04,0xf9,0x89,0x4a,0x5e,0xc0,
1691
0x6d,0xd2,0x67,0x6b,0x37,0x81,0x83,0x0c,
1692
0xfe,0x3a,0x8a,0xfd,0xa0,0x3b,0x08,0x91,
1693
0x1c,0xcb,0xb5,0x63,0xb0,0x1c,0x70,0xd0,
1694
0xae,0xe1,0x60,0x2e,0x12,0xeb,0x54,0xc7,
1695
0xcf,0xc6,0xcc,0xae,0x97,0x52,0x32,0x63,
1696
0xd3,0xeb,0x55,0xea,0x2f,0x4c,0xd5,0xd7,
1697
0x3f,0xda,0xec,0x49,0x27,0x0b,0x14,0x56,
1698
0xc5,0x09,0xbe,0x4d,0x09,0x15,0x75,0x2b,
1699
0xa3,0x42,0x0d,0x03,0x71,0xdf,0x0f,0xf4,
1700
0x0e,0xe9,0x0c,0x46,0x93,0x3d,0x3f,0xa6,
1701
0x6c,0xdb,0xca,0xe5,0xac,0x96,0xc8,0x64,
1702
0x5c,0xec,0x4b,0x35,0x65,0xfc,0xfb,0x5a,
1703
0x1b,0x04,0x1b,0xa1,0x0e,0xfd,0x88,0x15};
1705
static const PRUint8 dsa_Q[] = {
1706
0xad,0x22,0x59,0xdf,0xe5,0xec,0x4c,0x6e,
1707
0xf9,0x43,0xf0,0x4b,0x2d,0x50,0x51,0xc6,
1708
0x91,0x99,0x8b,0xcf};
1710
static const PRUint8 dsa_G[] = {
1711
0x78,0x6e,0xa9,0xd8,0xcd,0x4a,0x85,0xa4,
1712
0x45,0xb6,0x6e,0x5d,0x21,0x50,0x61,0xf6,
1713
0x5f,0xdf,0x5c,0x7a,0xde,0x0d,0x19,0xd3,
1714
0xc1,0x3b,0x14,0xcc,0x8e,0xed,0xdb,0x17,
1715
0xb6,0xca,0xba,0x86,0xa9,0xea,0x51,0x2d,
1716
0xc1,0xa9,0x16,0xda,0xf8,0x7b,0x59,0x8a,
1717
0xdf,0xcb,0xa4,0x67,0x00,0x44,0xea,0x24,
1718
0x73,0xe5,0xcb,0x4b,0xaf,0x2a,0x31,0x25,
1719
0x22,0x28,0x3f,0x16,0x10,0x82,0xf7,0xeb,
1720
0x94,0x0d,0xdd,0x09,0x22,0x14,0x08,0x79,
1721
0xba,0x11,0x0b,0xf1,0xff,0x2d,0x67,0xac,
1722
0xeb,0xb6,0x55,0x51,0x69,0x97,0xa7,0x25,
1723
0x6b,0x9c,0xa0,0x9b,0xd5,0x08,0x9b,0x27,
1724
0x42,0x1c,0x7a,0x69,0x57,0xe6,0x2e,0xed,
1725
0xa9,0x5b,0x25,0xe8,0x1f,0xd2,0xed,0x1f,
1726
0xdf,0xe7,0x80,0x17,0xba,0x0d,0x4d,0x38};
1728
/* DSA Known Random Values (known random key block is 160-bits) */
1729
/* and (known random signature block is 160-bits). */
1730
static const PRUint8 dsa_known_random_key_block[] = {
1731
"Mozilla Rules World!"};
1732
static const PRUint8 dsa_known_random_signature_block[] = {
1733
"Random DSA Signature"};
1735
/* DSA Known Digest (160-bits) */
1736
static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" };
1738
/* DSA Known Signature (320-bits). */
1739
static const PRUint8 dsa_known_signature[] = {
1740
0x25,0x7c,0x3a,0x79,0x32,0x45,0xb7,0x32,
1741
0x70,0xca,0x62,0x63,0x2b,0xf6,0x29,0x2c,
1742
0x22,0x2a,0x03,0xce,0x48,0x15,0x11,0x72,
1743
0x7b,0x7e,0xf5,0x7a,0xf3,0x10,0x3b,0xde,
1744
0x34,0xc1,0x9e,0xd7,0x27,0x9e,0x77,0x38};
1746
/* DSA variables. */
1747
DSAPrivateKey * dsa_private_key;
1748
SECStatus dsa_status;
1749
SECItem dsa_signature_item;
1750
SECItem dsa_digest_item;
1751
DSAPublicKey dsa_public_key;
1752
PRUint8 dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
1753
static const PQGParams dsa_pqg = { NULL,
1754
{ FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PRIME_LENGTH },
1755
{ FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SUBPRIME_LENGTH },
1756
{ FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BASE_LENGTH }};
1758
/*******************************************/
1759
/* Generate a DSA public/private key pair. */
1760
/*******************************************/
1762
/* Generate a DSA public/private key pair. */
1763
dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block,
1766
if( dsa_status != SECSuccess )
1767
return( CKR_HOST_MEMORY );
1769
/* construct public key from private key. */
1770
dsa_public_key.params = dsa_private_key->params;
1771
dsa_public_key.publicValue = dsa_private_key->publicValue;
1773
/*************************************************/
1774
/* DSA Single-Round Known Answer Signature Test. */
1775
/*************************************************/
1777
dsa_signature_item.data = dsa_computed_signature;
1778
dsa_signature_item.len = sizeof dsa_computed_signature;
1780
dsa_digest_item.data = (unsigned char *)dsa_known_digest;
1781
dsa_digest_item.len = SHA1_LENGTH;
1783
/* Perform DSA signature process. */
1784
dsa_status = DSA_SignDigestWithSeed( dsa_private_key,
1785
&dsa_signature_item,
1787
dsa_known_random_signature_block );
1789
if( ( dsa_status != SECSuccess ) ||
1790
( dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH ) ||
1791
( PORT_Memcmp( dsa_computed_signature, dsa_known_signature,
1792
FIPS_DSA_SIGNATURE_LENGTH ) != 0 ) ) {
1793
dsa_status = SECFailure;
1796
/****************************************************/
1797
/* DSA Single-Round Known Answer Verification Test. */
1798
/****************************************************/
1800
/* Perform DSA verification process. */
1801
dsa_status = DSA_VerifyDigest( &dsa_public_key,
1802
&dsa_signature_item,
1806
PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE);
1807
/* Don't free public key, it uses same arena as private key */
1809
/* Verify DSA signature. */
1810
if( dsa_status != SECSuccess )
1811
return( CKR_DEVICE_ERROR );
1819
sftk_fips_RNG_PowerUpSelfTest( void )
1821
static const PRUint8 XKeyValue[] = {
1822
0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
1823
0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
1824
0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
1825
0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5};
1826
static const PRUint8 XSeed[] = {
1827
0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
1828
0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
1829
0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
1830
0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac};
1831
static const PRUint8 Q[] = {
1832
0x85,0x89,0x9c,0x77,0xa3,0x79,0xff,0x1a,
1833
0x86,0x6f,0x2f,0x3e,0x2e,0xf9,0x8c,0x9c,
1834
0x9d,0xef,0xeb,0xed};
1835
static const PRUint8 rng_known_GENX[] = {
1836
0x65,0x48,0xe3,0xca,0xac,0x64,0x2d,0xf7,
1837
0x7b,0xd3,0x4e,0x79,0xc9,0x7d,0xa6,0xa8,
1838
0xa2,0xc2,0x1f,0x8f,0xe9,0xb9,0xd3,0xa1,
1839
0x3f,0xf7,0x0c,0xcd,0xa6,0xca,0xbf,0xce,
1840
0x84,0x0e,0xb6,0xf1,0x0d,0xbe,0xa9,0xa3};
1841
static const PRUint8 rng_known_DSAX[] = {
1842
0x7a,0x86,0xf1,0x7f,0xbd,0x4e,0x6e,0xd9,
1843
0x0a,0x26,0x21,0xd0,0x19,0xcb,0x86,0x73,
1844
0x10,0x1f,0x60,0xd7};
1846
SECStatus rng_status = SECSuccess;
1847
PRUint8 GENX[2*SHA1_LENGTH];
1848
PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH];
1849
PRUint8 XKey[FIPS_RNG_XKEY_LENGTH];
1851
PORT_Memcpy (XKey, XKeyValue, FIPS_RNG_XKEY_LENGTH);
1853
/*******************************************/
1854
/* Generate X with a known seed. */
1855
/*******************************************/
1856
rng_status = FIPS186Change_GenerateX(XKey, XSeed, GENX);
1858
/* Verify GENX to perform the RNG integrity check */
1859
if( ( rng_status != SECSuccess ) ||
1860
( PORT_Memcmp( GENX, rng_known_GENX,
1861
(2*SHA1_LENGTH) ) != 0 ) )
1862
return( CKR_DEVICE_ERROR );
1864
/*******************************************/
1865
/* Generate DSAX fow given Q. */
1866
/*******************************************/
1868
rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
1870
/* Verify DSAX to perform the RNG integrity check */
1871
if( ( rng_status != SECSuccess ) ||
1872
( PORT_Memcmp( DSAX, rng_known_DSAX,
1873
(FIPS_DSA_SUBPRIME_LENGTH) ) != 0 ) )
1874
return( CKR_DEVICE_ERROR );
1880
sftk_fipsSoftwareIntegrityTest(void)
1884
/* make sure that our check file signatures are OK */
1885
if( !BLAPI_VerifySelf( NULL ) ||
1886
!BLAPI_SHVerify( SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_fips_HMAC ) ) {
1887
crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
1893
sftk_fipsPowerUpSelfTest( void )
1897
/* RC2 Power-Up SelfTest(s). */
1898
rv = sftk_fips_RC2_PowerUpSelfTest();
1903
/* RC4 Power-Up SelfTest(s). */
1904
rv = sftk_fips_RC4_PowerUpSelfTest();
1909
/* DES Power-Up SelfTest(s). */
1910
rv = sftk_fips_DES_PowerUpSelfTest();
1915
/* DES3 Power-Up SelfTest(s). */
1916
rv = sftk_fips_DES3_PowerUpSelfTest();
1921
/* AES Power-Up SelfTest(s) for 128-bit key. */
1922
rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);
1927
/* AES Power-Up SelfTest(s) for 192-bit key. */
1928
rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);
1933
/* AES Power-Up SelfTest(s) for 256-bit key. */
1934
rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);
1939
/* MD2 Power-Up SelfTest(s). */
1940
rv = sftk_fips_MD2_PowerUpSelfTest();
1945
/* MD5 Power-Up SelfTest(s). */
1946
rv = sftk_fips_MD5_PowerUpSelfTest();
1951
/* SHA-X Power-Up SelfTest(s). */
1952
rv = sftk_fips_SHA_PowerUpSelfTest();
1957
/* HMAC SHA-X Power-Up SelfTest(s). */
1958
rv = sftk_fips_HMAC_PowerUpSelfTest();
1963
/* RSA Power-Up SelfTest(s). */
1964
rv = sftk_fips_RSA_PowerUpSelfTest();
1969
/* DSA Power-Up SelfTest(s). */
1970
rv = sftk_fips_DSA_PowerUpSelfTest();
1975
/* RNG Power-Up SelfTest(s). */
1976
rv = sftk_fips_RNG_PowerUpSelfTest();
1981
#ifdef NSS_ENABLE_ECC
1982
/* ECDSA Power-Up SelfTest(s). */
1983
rv = sftk_fips_ECDSA_PowerUpSelfTest();
1989
/* Software/Firmware Integrity Test. */
1990
rv = sftk_fipsSoftwareIntegrityTest();
1995
/* Passed Power-Up SelfTest(s). */