Loading security/nss/cmd/fipstest/fipstest.c +40 −26 Original line number Diff line number Diff line Loading @@ -42,8 +42,8 @@ #include "blapi.h" #include "nss.h" #include "secerr.h" #include "secdert.h" #include "secoidt.h" #include "secder.h" #include "secdig.h" #include "keythi.h" #include "ec.h" #include "hasht.h" Loading Loading @@ -3999,6 +3999,7 @@ rsa_siggen_test(char *reqfn) unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ unsigned int shaLength = 0; /* length of SHA */ HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */ SECOidTag shaOid = SEC_OID_UNKNOWN; int modulus; /* the Modulus size */ int publicExponent = DEFAULT_RSA_PUBLIC_EXPONENT; SECItem pe = {0, 0, 0 }; Loading @@ -4014,10 +4015,10 @@ rsa_siggen_test(char *reqfn) /* calculate the exponent */ for (i=0; i < 4; i++) { if (peCount || (publicExponent & ((unsigned long)0xff000000L >> (i*8)))) { pubEx[peCount] = (unsigned char)((publicExponent >> (3-i)*8) & 0xff); if (peCount || (publicExponent & ((unsigned long)0xff000000L >> (i*8)))) { pubEx[peCount] = (unsigned char)((publicExponent >> (3-i)*8) & 0xff); peCount++; } } Loading Loading @@ -4059,7 +4060,7 @@ rsa_siggen_test(char *reqfn) to_hex_str(buf, rsaBlapiPrivKey->modulus.data, rsaBlapiPrivKey->modulus.len); fprintf(rsaresp, "n = %s\n\n", buf); fprintf(rsaresp, "\nn = %s\n\n", buf); to_hex_str(buf, rsaBlapiPrivKey->publicExponent.data, rsaBlapiPrivKey->publicExponent.len); fprintf(rsaresp, "e = %s\n", buf); Loading Loading @@ -4140,38 +4141,44 @@ rsa_siggen_test(char *reqfn) goto loser; } shaLength = SHA1_LENGTH; shaOid = SEC_OID_SHA1; } else if (shaAlg == HASH_AlgSHA256) { if (SHA256_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA256"); goto loser; } shaLength = SHA256_LENGTH; shaOid = SEC_OID_SHA256; } else if (shaAlg == HASH_AlgSHA384) { if (SHA384_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA384"); goto loser; } shaLength = SHA384_LENGTH; shaOid = SEC_OID_SHA384; } else if (shaAlg == HASH_AlgSHA512) { if (SHA512_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA512"); goto loser; } shaLength = SHA512_LENGTH; shaOid = SEC_OID_SHA512; } else { fprintf(rsaresp, "ERROR: SHAAlg not defined."); goto loser; } /* Perform RSA signature with the RSA private key. */ rv = RSA_Sign( rsa_private_key, rsa_computed_signature, rv = RSA_HashSign( shaOid, rsa_private_key, rsa_computed_signature, &rsa_bytes_signed, nsslowkey_PrivateModulusLen(rsa_private_key), sha, shaLength); if( rv != SECSuccess ) { fprintf(rsaresp, "ERROR: RSA_Sign failed"); fprintf(rsaresp, "ERROR: RSA_HashSign failed"); goto loser; } Loading @@ -4181,13 +4188,14 @@ rsa_siggen_test(char *reqfn) fprintf(rsaresp, "S = %s\n", buf); /* Perform RSA verification with the RSA public key. */ rv = RSA_CheckSign( rsa_public_key, rv = RSA_HashCheckSign( shaOid, rsa_public_key, rsa_computed_signature, rsa_bytes_signed, sha, shaLength); if( rv != SECSuccess ) { fprintf(rsaresp, "ERROR: RSA_CheckSign failed"); fprintf(rsaresp, "ERROR: RSA_HashCheckSign failed"); goto loser; } continue; Loading Loading @@ -4225,6 +4233,7 @@ rsa_sigver_test(char *reqfn) unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ unsigned int shaLength = 0; /* actual length of the digest */ HASH_HashType shaAlg = HASH_AlgNULL; SECOidTag shaOid = SEC_OID_UNKNOWN; int modulus = 0; /* the Modulus size */ unsigned char signature[513]; /* largest signature size + '\n' */ unsigned int signatureLength = 0; /* actual length of the signature */ Loading Loading @@ -4376,24 +4385,28 @@ rsa_sigver_test(char *reqfn) goto loser; } shaLength = SHA1_LENGTH; shaOid = SEC_OID_SHA1; } else if (shaAlg == HASH_AlgSHA256) { if (SHA256_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA256"); goto loser; } shaLength = SHA256_LENGTH; shaOid = SEC_OID_SHA256; } else if (shaAlg == HASH_AlgSHA384) { if (SHA384_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA384"); goto loser; } shaLength = SHA384_LENGTH; shaOid = SEC_OID_SHA384; } else if (shaAlg == HASH_AlgSHA512) { if (SHA512_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA512"); goto loser; } shaLength = SHA512_LENGTH; shaOid = SEC_OID_SHA512; } else { fprintf(rsaresp, "ERROR: SHAAlg not defined."); goto loser; Loading Loading @@ -4429,7 +4442,8 @@ rsa_sigver_test(char *reqfn) fputs(buf, rsaresp); /* Perform RSA verification with the RSA public key. */ rv = RSA_CheckSign( rsa_public_key, rv = RSA_HashCheckSign( shaOid, rsa_public_key, signature, signatureLength, sha, Loading security/nss/lib/softoken/pkcs11c.c +25 −7 Original line number Diff line number Diff line Loading @@ -1593,6 +1593,15 @@ static SECStatus sftk_HashSign(SFTKHashSignInfo *info,unsigned char *sig,unsigned int *sigLen, unsigned int maxLen,unsigned char *hash, unsigned int hashLen) { return RSA_HashSign(info->hashOid,info->key,sig,sigLen,maxLen, hash,hashLen); } SECStatus RSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key, unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, unsigned char *hash, unsigned int hashLen) { SECStatus rv = SECFailure; SECItem digder; Loading @@ -1605,7 +1614,7 @@ sftk_HashSign(SFTKHashSignInfo *info,unsigned char *sig,unsigned int *sigLen, if ( !arena ) { goto loser; } /* Construct digest info */ di = SGN_CreateDigestInfo(info->hashOid, hash, hashLen); di = SGN_CreateDigestInfo(hashOid, hash, hashLen); if (!di) { goto loser; } /* Der encode the digest as a DigestInfo */ Loading @@ -1618,7 +1627,7 @@ sftk_HashSign(SFTKHashSignInfo *info,unsigned char *sig,unsigned int *sigLen, ** Encrypt signature after constructing appropriate PKCS#1 signature ** block */ rv = RSA_Sign(info->key,sig,sigLen,maxLen,digder.data,digder.len); rv = RSA_Sign(key,sig,sigLen,maxLen,digder.data,digder.len); loser: SGN_DestroyDigestInfo(di); Loading Loading @@ -2100,11 +2109,20 @@ CK_RV NSC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, ************** Crypto Functions: verify ************************ */ /* Handle RSA Signature formating */ /* Handle RSA Signature formatting */ static SECStatus sftk_hashCheckSign(SFTKHashVerifyInfo *info, unsigned char *sig, unsigned int sigLen, unsigned char *digest, unsigned int digestLen) { return RSA_HashCheckSign(info->hashOid, info->key, sig, sigLen, digest, digestLen); } SECStatus RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, unsigned char *sig, unsigned int sigLen, unsigned char *digest, unsigned int digestLen) { SECItem it; SGNDigestInfo *di = NULL; Loading @@ -2112,16 +2130,16 @@ sftk_hashCheckSign(SFTKHashVerifyInfo *info, unsigned char *sig, it.data = NULL; if (info->key == NULL) goto loser; if (key == NULL) goto loser; it.len = nsslowkey_PublicModulusLen(info->key); it.len = nsslowkey_PublicModulusLen(key); if (!it.len) goto loser; it.data = (unsigned char *) PORT_Alloc(it.len); if (it.data == NULL) goto loser; /* decrypt the block */ rv = RSA_CheckSignRecover(info->key, it.data, &it.len, it.len, sig, sigLen); rv = RSA_CheckSignRecover(key, it.data, &it.len, it.len, sig, sigLen); if (rv != SECSuccess) goto loser; di = SGN_DecodeDigestInfo(&it); Loading @@ -2129,7 +2147,7 @@ sftk_hashCheckSign(SFTKHashVerifyInfo *info, unsigned char *sig, if (di->digest.len != digestLen) goto loser; /* make sure the tag is OK */ if (SECOID_GetAlgorithmTag(&di->digestAlgorithm) != info->hashOid) { if (SECOID_GetAlgorithmTag(&di->digestAlgorithm) != hashOid) { goto loser; } /* Now check the signature */ Loading security/nss/lib/softoken/softoken.h +12 −2 Original line number Diff line number Diff line Loading @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ /* $Id: softoken.h,v 1.10 2006/03/21 19:33:52 rrelyea%redhat.com Exp $ */ /* $Id: softoken.h,v 1.11 2006/03/25 23:45:23 glen.beasley%sun.com Exp $ */ #ifndef _SOFTOKEN_H_ #define _SOFTOKEN_H_ Loading Loading @@ -81,7 +81,7 @@ extern unsigned char *RSA_FormatOneBlock(unsigned int modulusLen, /* * convenience wrappers for doing single RSA operations. They create the * RSA context internally and take care of the formatting * requirements. Blinding happens automagically within RSA_SignHash and * requirements. Blinding happens automagically within RSA_Sign and * RSA_DecryptBlock. */ extern Loading @@ -89,10 +89,20 @@ SECStatus RSA_Sign(NSSLOWKEYPrivateKey *key, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, unsigned char *input, unsigned int inputLen); extern SECStatus RSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key, unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, unsigned char *hash, unsigned int hashLen); extern SECStatus RSA_CheckSign(NSSLOWKEYPublicKey *key, unsigned char *sign, unsigned int signLength, unsigned char *hash, unsigned int hashLength); extern SECStatus RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, unsigned char *sig, unsigned int sigLen, unsigned char *digest, unsigned int digestLen); extern SECStatus RSA_CheckSignRecover(NSSLOWKEYPublicKey *key, unsigned char *data, unsigned int *data_len,unsigned int max_output_len, unsigned char *sign, unsigned int sign_len); Loading Loading
security/nss/cmd/fipstest/fipstest.c +40 −26 Original line number Diff line number Diff line Loading @@ -42,8 +42,8 @@ #include "blapi.h" #include "nss.h" #include "secerr.h" #include "secdert.h" #include "secoidt.h" #include "secder.h" #include "secdig.h" #include "keythi.h" #include "ec.h" #include "hasht.h" Loading Loading @@ -3999,6 +3999,7 @@ rsa_siggen_test(char *reqfn) unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ unsigned int shaLength = 0; /* length of SHA */ HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */ SECOidTag shaOid = SEC_OID_UNKNOWN; int modulus; /* the Modulus size */ int publicExponent = DEFAULT_RSA_PUBLIC_EXPONENT; SECItem pe = {0, 0, 0 }; Loading @@ -4014,10 +4015,10 @@ rsa_siggen_test(char *reqfn) /* calculate the exponent */ for (i=0; i < 4; i++) { if (peCount || (publicExponent & ((unsigned long)0xff000000L >> (i*8)))) { pubEx[peCount] = (unsigned char)((publicExponent >> (3-i)*8) & 0xff); if (peCount || (publicExponent & ((unsigned long)0xff000000L >> (i*8)))) { pubEx[peCount] = (unsigned char)((publicExponent >> (3-i)*8) & 0xff); peCount++; } } Loading Loading @@ -4059,7 +4060,7 @@ rsa_siggen_test(char *reqfn) to_hex_str(buf, rsaBlapiPrivKey->modulus.data, rsaBlapiPrivKey->modulus.len); fprintf(rsaresp, "n = %s\n\n", buf); fprintf(rsaresp, "\nn = %s\n\n", buf); to_hex_str(buf, rsaBlapiPrivKey->publicExponent.data, rsaBlapiPrivKey->publicExponent.len); fprintf(rsaresp, "e = %s\n", buf); Loading Loading @@ -4140,38 +4141,44 @@ rsa_siggen_test(char *reqfn) goto loser; } shaLength = SHA1_LENGTH; shaOid = SEC_OID_SHA1; } else if (shaAlg == HASH_AlgSHA256) { if (SHA256_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA256"); goto loser; } shaLength = SHA256_LENGTH; shaOid = SEC_OID_SHA256; } else if (shaAlg == HASH_AlgSHA384) { if (SHA384_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA384"); goto loser; } shaLength = SHA384_LENGTH; shaOid = SEC_OID_SHA384; } else if (shaAlg == HASH_AlgSHA512) { if (SHA512_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA512"); goto loser; } shaLength = SHA512_LENGTH; shaOid = SEC_OID_SHA512; } else { fprintf(rsaresp, "ERROR: SHAAlg not defined."); goto loser; } /* Perform RSA signature with the RSA private key. */ rv = RSA_Sign( rsa_private_key, rsa_computed_signature, rv = RSA_HashSign( shaOid, rsa_private_key, rsa_computed_signature, &rsa_bytes_signed, nsslowkey_PrivateModulusLen(rsa_private_key), sha, shaLength); if( rv != SECSuccess ) { fprintf(rsaresp, "ERROR: RSA_Sign failed"); fprintf(rsaresp, "ERROR: RSA_HashSign failed"); goto loser; } Loading @@ -4181,13 +4188,14 @@ rsa_siggen_test(char *reqfn) fprintf(rsaresp, "S = %s\n", buf); /* Perform RSA verification with the RSA public key. */ rv = RSA_CheckSign( rsa_public_key, rv = RSA_HashCheckSign( shaOid, rsa_public_key, rsa_computed_signature, rsa_bytes_signed, sha, shaLength); if( rv != SECSuccess ) { fprintf(rsaresp, "ERROR: RSA_CheckSign failed"); fprintf(rsaresp, "ERROR: RSA_HashCheckSign failed"); goto loser; } continue; Loading Loading @@ -4225,6 +4233,7 @@ rsa_sigver_test(char *reqfn) unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ unsigned int shaLength = 0; /* actual length of the digest */ HASH_HashType shaAlg = HASH_AlgNULL; SECOidTag shaOid = SEC_OID_UNKNOWN; int modulus = 0; /* the Modulus size */ unsigned char signature[513]; /* largest signature size + '\n' */ unsigned int signatureLength = 0; /* actual length of the signature */ Loading Loading @@ -4376,24 +4385,28 @@ rsa_sigver_test(char *reqfn) goto loser; } shaLength = SHA1_LENGTH; shaOid = SEC_OID_SHA1; } else if (shaAlg == HASH_AlgSHA256) { if (SHA256_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA256"); goto loser; } shaLength = SHA256_LENGTH; shaOid = SEC_OID_SHA256; } else if (shaAlg == HASH_AlgSHA384) { if (SHA384_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA384"); goto loser; } shaLength = SHA384_LENGTH; shaOid = SEC_OID_SHA384; } else if (shaAlg == HASH_AlgSHA512) { if (SHA512_HashBuf(sha, msg, j) != SECSuccess) { fprintf(rsaresp, "ERROR: Unable to generate SHA512"); goto loser; } shaLength = SHA512_LENGTH; shaOid = SEC_OID_SHA512; } else { fprintf(rsaresp, "ERROR: SHAAlg not defined."); goto loser; Loading Loading @@ -4429,7 +4442,8 @@ rsa_sigver_test(char *reqfn) fputs(buf, rsaresp); /* Perform RSA verification with the RSA public key. */ rv = RSA_CheckSign( rsa_public_key, rv = RSA_HashCheckSign( shaOid, rsa_public_key, signature, signatureLength, sha, Loading
security/nss/lib/softoken/pkcs11c.c +25 −7 Original line number Diff line number Diff line Loading @@ -1593,6 +1593,15 @@ static SECStatus sftk_HashSign(SFTKHashSignInfo *info,unsigned char *sig,unsigned int *sigLen, unsigned int maxLen,unsigned char *hash, unsigned int hashLen) { return RSA_HashSign(info->hashOid,info->key,sig,sigLen,maxLen, hash,hashLen); } SECStatus RSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key, unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, unsigned char *hash, unsigned int hashLen) { SECStatus rv = SECFailure; SECItem digder; Loading @@ -1605,7 +1614,7 @@ sftk_HashSign(SFTKHashSignInfo *info,unsigned char *sig,unsigned int *sigLen, if ( !arena ) { goto loser; } /* Construct digest info */ di = SGN_CreateDigestInfo(info->hashOid, hash, hashLen); di = SGN_CreateDigestInfo(hashOid, hash, hashLen); if (!di) { goto loser; } /* Der encode the digest as a DigestInfo */ Loading @@ -1618,7 +1627,7 @@ sftk_HashSign(SFTKHashSignInfo *info,unsigned char *sig,unsigned int *sigLen, ** Encrypt signature after constructing appropriate PKCS#1 signature ** block */ rv = RSA_Sign(info->key,sig,sigLen,maxLen,digder.data,digder.len); rv = RSA_Sign(key,sig,sigLen,maxLen,digder.data,digder.len); loser: SGN_DestroyDigestInfo(di); Loading Loading @@ -2100,11 +2109,20 @@ CK_RV NSC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, ************** Crypto Functions: verify ************************ */ /* Handle RSA Signature formating */ /* Handle RSA Signature formatting */ static SECStatus sftk_hashCheckSign(SFTKHashVerifyInfo *info, unsigned char *sig, unsigned int sigLen, unsigned char *digest, unsigned int digestLen) { return RSA_HashCheckSign(info->hashOid, info->key, sig, sigLen, digest, digestLen); } SECStatus RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, unsigned char *sig, unsigned int sigLen, unsigned char *digest, unsigned int digestLen) { SECItem it; SGNDigestInfo *di = NULL; Loading @@ -2112,16 +2130,16 @@ sftk_hashCheckSign(SFTKHashVerifyInfo *info, unsigned char *sig, it.data = NULL; if (info->key == NULL) goto loser; if (key == NULL) goto loser; it.len = nsslowkey_PublicModulusLen(info->key); it.len = nsslowkey_PublicModulusLen(key); if (!it.len) goto loser; it.data = (unsigned char *) PORT_Alloc(it.len); if (it.data == NULL) goto loser; /* decrypt the block */ rv = RSA_CheckSignRecover(info->key, it.data, &it.len, it.len, sig, sigLen); rv = RSA_CheckSignRecover(key, it.data, &it.len, it.len, sig, sigLen); if (rv != SECSuccess) goto loser; di = SGN_DecodeDigestInfo(&it); Loading @@ -2129,7 +2147,7 @@ sftk_hashCheckSign(SFTKHashVerifyInfo *info, unsigned char *sig, if (di->digest.len != digestLen) goto loser; /* make sure the tag is OK */ if (SECOID_GetAlgorithmTag(&di->digestAlgorithm) != info->hashOid) { if (SECOID_GetAlgorithmTag(&di->digestAlgorithm) != hashOid) { goto loser; } /* Now check the signature */ Loading
security/nss/lib/softoken/softoken.h +12 −2 Original line number Diff line number Diff line Loading @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ /* $Id: softoken.h,v 1.10 2006/03/21 19:33:52 rrelyea%redhat.com Exp $ */ /* $Id: softoken.h,v 1.11 2006/03/25 23:45:23 glen.beasley%sun.com Exp $ */ #ifndef _SOFTOKEN_H_ #define _SOFTOKEN_H_ Loading Loading @@ -81,7 +81,7 @@ extern unsigned char *RSA_FormatOneBlock(unsigned int modulusLen, /* * convenience wrappers for doing single RSA operations. They create the * RSA context internally and take care of the formatting * requirements. Blinding happens automagically within RSA_SignHash and * requirements. Blinding happens automagically within RSA_Sign and * RSA_DecryptBlock. */ extern Loading @@ -89,10 +89,20 @@ SECStatus RSA_Sign(NSSLOWKEYPrivateKey *key, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, unsigned char *input, unsigned int inputLen); extern SECStatus RSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key, unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, unsigned char *hash, unsigned int hashLen); extern SECStatus RSA_CheckSign(NSSLOWKEYPublicKey *key, unsigned char *sign, unsigned int signLength, unsigned char *hash, unsigned int hashLength); extern SECStatus RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, unsigned char *sig, unsigned int sigLen, unsigned char *digest, unsigned int digestLen); extern SECStatus RSA_CheckSignRecover(NSSLOWKEYPublicKey *key, unsigned char *data, unsigned int *data_len,unsigned int max_output_len, unsigned char *sign, unsigned int sign_len); Loading