Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
mozilla-nss.15292
nss-fips-combined-hash-sign-dsa-ecdsa.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nss-fips-combined-hash-sign-dsa-ecdsa.patch of Package mozilla-nss.15292
From 7f3606a84f6c62b002246ee73121279e59f83437 Mon Sep 17 00:00:00 2001 From: Hans Petter Jansson <hpj@cl.no> Date: Thu, 28 May 2020 22:44:22 +0200 Subject: [PATCH] CKM_(EC)DSA_SHAxxx mechs: Add some missing pieces. This includes pairwise consistency checks and entry points for power-on self tests. --- cmd/lib/pk11table.c | 8 ++ lib/pk11wrap/pk11mech.c | 8 ++ lib/softoken/pkcs11c.c | 213 +++++++++++++++++++++++++++------------- lib/softoken/softoken.h | 10 ++ 4 files changed, 169 insertions(+), 70 deletions(-) diff --git a/cmd/lib/pk11table.c b/cmd/lib/pk11table.c index f7a45fa..d302436 100644 --- a/cmd/lib/pk11table.c +++ b/cmd/lib/pk11table.c @@ -273,6 +273,10 @@ const Constant _consts[] = { mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism), mkEntry(CKM_DSA, Mechanism), mkEntry(CKM_DSA_SHA1, Mechanism), + mkEntry(CKM_DSA_SHA224, Mechanism), + mkEntry(CKM_DSA_SHA256, Mechanism), + mkEntry(CKM_DSA_SHA384, Mechanism), + mkEntry(CKM_DSA_SHA512, Mechanism), mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism), mkEntry(CKM_DH_PKCS_DERIVE, Mechanism), mkEntry(CKM_X9_42_DH_DERIVE, Mechanism), @@ -438,6 +442,10 @@ const Constant _consts[] = { mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism), mkEntry(CKM_ECDSA, Mechanism), mkEntry(CKM_ECDSA_SHA1, Mechanism), + mkEntry(CKM_ECDSA_SHA224, Mechanism), + mkEntry(CKM_ECDSA_SHA256, Mechanism), + mkEntry(CKM_ECDSA_SHA384, Mechanism), + mkEntry(CKM_ECDSA_SHA512, Mechanism), mkEntry(CKM_ECDH1_DERIVE, Mechanism), mkEntry(CKM_ECDH1_COFACTOR_DERIVE, Mechanism), mkEntry(CKM_ECMQV_DERIVE, Mechanism), diff --git a/lib/pk11wrap/pk11mech.c b/lib/pk11wrap/pk11mech.c index d94d59a..ac280f0 100644 --- a/lib/pk11wrap/pk11mech.c +++ b/lib/pk11wrap/pk11mech.c @@ -376,6 +376,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len) return CKK_RSA; case CKM_DSA: case CKM_DSA_SHA1: + case CKM_DSA_SHA224: + case CKM_DSA_SHA256: + case CKM_DSA_SHA384: + case CKM_DSA_SHA512: case CKM_DSA_KEY_PAIR_GEN: return CKK_DSA; case CKM_DH_PKCS_DERIVE: @@ -386,6 +390,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len) return CKK_KEA; case CKM_ECDSA: case CKM_ECDSA_SHA1: + case CKM_ECDSA_SHA224: + case CKM_ECDSA_SHA256: + case CKM_ECDSA_SHA384: + case CKM_ECDSA_SHA512: case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */ case CKM_ECDH1_DERIVE: return CKK_EC; /* CKK_ECDSA is deprecated */ diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c index 08f94bc..ec6b205 100644 --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c @@ -2606,7 +2606,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen, static SECStatus nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, unsigned int *sigLen, unsigned int maxSigLen, - void *dataBuf, unsigned int dataLen) + const void *dataBuf, unsigned int dataLen) { SECItem signature, digest; SECStatus rv; @@ -2624,6 +2624,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, return rv; } +SECStatus +DSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key, + unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, + const unsigned char *hash, unsigned int hashLen) +{ + SECStatus rv; + + rv = nsc_DSA_Sign_Stub(key, sig, sigLen, maxLen, hash, hashLen); + + if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { + sftk_fatalError = PR_TRUE; + } + + return rv; +} + static SECStatus nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, void *dataBuf, unsigned int dataLen) @@ -2641,7 +2657,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, static SECStatus nsc_ECDSASignStub(void *ctx, void *sigBuf, unsigned int *sigLen, unsigned int maxSigLen, - void *dataBuf, unsigned int dataLen) + const void *dataBuf, unsigned int dataLen) { SECItem signature, digest; SECStatus rv; @@ -2659,6 +2675,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf, return rv; } +SECStatus +ECDSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key, + unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, + const unsigned char *hash, unsigned int hashLen) +{ + SECStatus rv; + + rv = nsc_ECDSASignStub(key, sig, sigLen, maxLen, hash, hashLen); + + if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) { + sftk_fatalError = PR_TRUE; + } + + return rv; +} + /* NSC_SignInit setups up the signing operations. There are three basic * types of signing: * (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied @@ -3511,6 +3543,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession, info->hashOid = SEC_OID_##mmm; \ goto finish_rsa; +#define INIT_DSA_VFY_MECH(mmm) \ + case CKM_DSA_##mmm: \ + context->multi = PR_TRUE; \ + crv = sftk_doSub##mmm(context); \ + if (crv != CKR_OK) \ + break; \ + goto finish_dsa; + +#define INIT_ECDSA_VFY_MECH(mmm) \ + case CKM_ECDSA_##mmm: \ + context->multi = PR_TRUE; \ + crv = sftk_doSub##mmm(context); \ + if (crv != CKR_OK) \ + break; \ + goto finish_ecdsa; + switch (pMechanism->mechanism) { INIT_RSA_VFY_MECH(MD5) INIT_RSA_VFY_MECH(MD2) @@ -3575,13 +3623,15 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession, context->destroy = (SFTKDestroy)sftk_Space; context->verify = (SFTKVerify)sftk_RSACheckSignPSS; break; - case CKM_DSA_SHA1: - context->multi = PR_TRUE; - crv = sftk_doSubSHA1(context); - if (crv != CKR_OK) - break; - /* fall through */ + + INIT_DSA_VFY_MECH(SHA1) + INIT_DSA_VFY_MECH(SHA224) + INIT_DSA_VFY_MECH(SHA256) + INIT_DSA_VFY_MECH(SHA384) + INIT_DSA_VFY_MECH(SHA512) + case CKM_DSA: + finish_dsa: if (key_type != CKK_DSA) { crv = CKR_KEY_TYPE_INCONSISTENT; break; @@ -3594,13 +3644,15 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession, context->verify = (SFTKVerify)nsc_DSA_Verify_Stub; context->destroy = sftk_Null; break; - case CKM_ECDSA_SHA1: - context->multi = PR_TRUE; - crv = sftk_doSubSHA1(context); - if (crv != CKR_OK) - break; - /* fall through */ + + INIT_ECDSA_VFY_MECH(SHA1) + INIT_ECDSA_VFY_MECH(SHA224) + INIT_ECDSA_VFY_MECH(SHA256) + INIT_ECDSA_VFY_MECH(SHA384) + INIT_ECDSA_VFY_MECH(SHA512) + case CKM_ECDSA: + finish_ecdsa: if (key_type != CKK_EC) { crv = CKR_KEY_TYPE_INCONSISTENT; break; @@ -4733,6 +4785,73 @@ loser: #define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */ #define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */ +static CK_RV +pairwise_signverify_mech (CK_SESSION_HANDLE hSession, + SFTKObject *publicKey, SFTKObject *privateKey, + CK_MECHANISM mech, + CK_ULONG signature_length, + CK_ULONG pairwise_digest_length) +{ + /* Variables used for Signature/Verification functions. */ + /* Must be at least 256 bits for DSA2 digest */ + unsigned char *known_digest = (unsigned char *)"Mozilla Rules the World through NSS!"; + unsigned char *signature; + CK_RV crv; + + /* Allocate space for signature data. */ + signature = (unsigned char *)PORT_ZAlloc(signature_length); + if (signature == NULL) { + return CKR_HOST_MEMORY; + } + + /* Sign the known hash using the private key. */ + crv = NSC_SignInit(hSession, &mech, privateKey->handle); + if (crv != CKR_OK) { + PORT_Free(signature); + return crv; + } + + crv = NSC_Sign(hSession, + known_digest, + pairwise_digest_length, + signature, + &signature_length); + if (crv != CKR_OK) { + PORT_Free(signature); + return crv; + } + + /* detect trivial signing transforms */ + if ((signature_length >= pairwise_digest_length) && + (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0)) { + PORT_Free(signature); + return CKR_DEVICE_ERROR; + } + + /* Verify the known hash using the public key. */ + crv = NSC_VerifyInit(hSession, &mech, publicKey->handle); + if (crv != CKR_OK) { + PORT_Free(signature); + return crv; + } + + crv = NSC_Verify(hSession, + known_digest, + pairwise_digest_length, + signature, + signature_length); + + /* Free signature data. */ + PORT_Free(signature); + + if ((crv == CKR_SIGNATURE_LEN_RANGE) || + (crv == CKR_SIGNATURE_INVALID)) { + return CKR_GENERAL_ERROR; + } + + return crv; +} + /* * FIPS 140-2 pairwise consistency check utilized to validate key pair. * @@ -4780,8 +4899,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, /* Variables used for Signature/Verification functions. */ /* Must be at least 256 bits for DSA2 digest */ - unsigned char *known_digest = (unsigned char *)"Mozilla Rules the World through NSS!"; - unsigned char *signature; CK_ULONG signature_length; if (keyType == CKK_RSA) { @@ -4935,76 +5052,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, } } +#define SIGNVERIFY_CHECK_MECH(vfymech) \ + mech.mechanism = vfymech; \ + crv = pairwise_signverify_mech (hSession, publicKey, privateKey, \ + mech, signature_length, pairwise_digest_length); \ + if (crv != CKR_OK) \ + return crv; + if (canSignVerify) { - /* Determine length of signature. */ switch (keyType) { case CKK_RSA: signature_length = modulusLen; - mech.mechanism = CKM_RSA_PKCS; + SIGNVERIFY_CHECK_MECH(CKM_SHA224_RSA_PKCS) break; case CKK_DSA: signature_length = DSA_MAX_SIGNATURE_LEN; pairwise_digest_length = subPrimeLen; - mech.mechanism = CKM_DSA; + SIGNVERIFY_CHECK_MECH(CKM_DSA_SHA224) break; case CKK_EC: signature_length = MAX_ECKEY_LEN * 2; - mech.mechanism = CKM_ECDSA; + SIGNVERIFY_CHECK_MECH(CKM_ECDSA_SHA224) break; default: return CKR_DEVICE_ERROR; } - /* Allocate space for signature data. */ - signature = (unsigned char *)PORT_ZAlloc(signature_length); - if (signature == NULL) { - return CKR_HOST_MEMORY; - } - - /* Sign the known hash using the private key. */ - crv = NSC_SignInit(hSession, &mech, privateKey->handle); - if (crv != CKR_OK) { - PORT_Free(signature); - return crv; - } - - crv = NSC_Sign(hSession, - known_digest, - pairwise_digest_length, - signature, - &signature_length); - if (crv != CKR_OK) { - PORT_Free(signature); - return crv; - } - - /* detect trivial signing transforms */ - if ((signature_length >= pairwise_digest_length) && - (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0)) { - PORT_Free(signature); - return CKR_DEVICE_ERROR; - } - - /* Verify the known hash using the public key. */ - crv = NSC_VerifyInit(hSession, &mech, publicKey->handle); - if (crv != CKR_OK) { - PORT_Free(signature); - return crv; - } - - crv = NSC_Verify(hSession, - known_digest, - pairwise_digest_length, - signature, - signature_length); - - /* Free signature data. */ - PORT_Free(signature); - - if ((crv == CKR_SIGNATURE_LEN_RANGE) || - (crv == CKR_SIGNATURE_INVALID)) { - return CKR_GENERAL_ERROR; - } if (crv != CKR_OK) { return crv; } diff --git a/lib/softoken/softoken.h b/lib/softoken/softoken.h index 30586fc..d5aaffa 100644 --- a/lib/softoken/softoken.h +++ b/lib/softoken/softoken.h @@ -35,6 +35,16 @@ RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, const unsigned char *sig, unsigned int sigLen, const unsigned char *hash, unsigned int hashLen); +extern SECStatus +DSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key, + unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, + const unsigned char *hash, unsigned int hashLen); + +extern SECStatus +ECDSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key, + unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, + const unsigned char *hash, unsigned int hashLen); + /* ** Prepare a buffer for padded CBC encryption, growing to the appropriate ** boundary, filling with the appropriate padding. -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor