Back to index

lightning-sunbird  0.9+nobinonly
fipstest.c
Go to the documentation of this file.
00001 /*
00002  * PKCS #11 FIPS Power-Up Self Test.
00003  *
00004  * ***** BEGIN LICENSE BLOCK *****
00005  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00006  *
00007  * The contents of this file are subject to the Mozilla Public License Version
00008  * 1.1 (the "License"); you may not use this file except in compliance with
00009  * the License. You may obtain a copy of the License at
00010  * http://www.mozilla.org/MPL/
00011  *
00012  * Software distributed under the License is distributed on an "AS IS" basis,
00013  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00014  * for the specific language governing rights and limitations under the
00015  * License.
00016  *
00017  * The Original Code is the Netscape security libraries.
00018  *
00019  * The Initial Developer of the Original Code is
00020  * Netscape Communications Corporation.
00021  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00022  * the Initial Developer. All Rights Reserved.
00023  *
00024  * Contributor(s):
00025  *
00026  * Alternatively, the contents of this file may be used under the terms of
00027  * either the GNU General Public License Version 2 or later (the "GPL"), or
00028  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00029  * in which case the provisions of the GPL or the LGPL are applicable instead
00030  * of those above. If you wish to allow use of your version of this file only
00031  * under the terms of either the GPL or the LGPL, and not to allow others to
00032  * use your version of this file under the terms of the MPL, indicate your
00033  * decision by deleting the provisions above and replace them with the notice
00034  * and other provisions required by the GPL or the LGPL. If you do not delete
00035  * the provisions above, a recipient may use your version of this file under
00036  * the terms of any one of the MPL, the GPL or the LGPL.
00037  *
00038  * ***** END LICENSE BLOCK ***** */
00039 /* $Id: fipstest.c,v 1.13.2.10 2006/10/02 23:03:49 wtchang%redhat.com Exp $ */
00040 
00041 #include "softoken.h"   /* Required for RC2-ECB, RC2-CBC, RC4, DES-ECB,  */
00042                         /*              DES-CBC, DES3-ECB, DES3-CBC, RSA */
00043                         /*              and DSA.                         */
00044 #include "seccomon.h"   /* Required for RSA and DSA. */
00045 #include "lowkeyi.h"    /* Required for RSA and DSA. */
00046 #include "pkcs11.h"     /* Required for PKCS #11. */
00047 #include "secerr.h"
00048 
00049 #ifdef NSS_ENABLE_ECC
00050 #include "secdert.h"    /* Required for ECDSA */
00051 #include "ec.h"         /* Required for ECDSA */
00052 extern SECStatus
00053 EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams);
00054 extern SECStatus
00055 EC_CopyParams(PRArenaPool *arena, ECParams *dstParams,
00056               const ECParams *srcParams);
00057 #endif
00058 
00059 
00060 /* FIPS preprocessor directives for RC2-ECB and RC2-CBC.        */
00061 #define FIPS_RC2_KEY_LENGTH                      5  /*  40-bits */
00062 #define FIPS_RC2_ENCRYPT_LENGTH                  8  /*  64-bits */
00063 #define FIPS_RC2_DECRYPT_LENGTH                  8  /*  64-bits */
00064 
00065 
00066 /* FIPS preprocessor directives for RC4.                        */
00067 #define FIPS_RC4_KEY_LENGTH                      5  /*  40-bits */
00068 #define FIPS_RC4_ENCRYPT_LENGTH                  8  /*  64-bits */
00069 #define FIPS_RC4_DECRYPT_LENGTH                  8  /*  64-bits */
00070 
00071 
00072 /* FIPS preprocessor directives for DES-ECB and DES-CBC.        */
00073 #define FIPS_DES_ENCRYPT_LENGTH                  8  /*  64-bits */
00074 #define FIPS_DES_DECRYPT_LENGTH                  8  /*  64-bits */
00075 
00076 
00077 /* FIPS preprocessor directives for DES3-CBC and DES3-ECB.      */
00078 #define FIPS_DES3_ENCRYPT_LENGTH                 8  /*  64-bits */
00079 #define FIPS_DES3_DECRYPT_LENGTH                 8  /*  64-bits */
00080 
00081 
00082 /* FIPS preprocessor directives for AES-ECB and AES-CBC.        */
00083 #define FIPS_AES_BLOCK_SIZE                     16  /* 128-bits */
00084 #define FIPS_AES_ENCRYPT_LENGTH                 16  /* 128-bits */
00085 #define FIPS_AES_DECRYPT_LENGTH                 16  /* 128-bits */
00086 #define FIPS_AES_128_KEY_SIZE                   16  /* 128-bits */
00087 #define FIPS_AES_192_KEY_SIZE                   24  /* 192-bits */
00088 #define FIPS_AES_256_KEY_SIZE                   32  /* 256-bits */
00089 
00090 
00091 /* FIPS preprocessor directives for message digests             */
00092 #define FIPS_KNOWN_HASH_MESSAGE_LENGTH          64  /* 512-bits */
00093 
00094 
00095 /* FIPS preprocessor directives for RSA.                         */
00096 #define FIPS_RSA_TYPE                           siBuffer
00097 #define FIPS_RSA_PUBLIC_EXPONENT_LENGTH           3 /*   24-bits */
00098 #define FIPS_RSA_PRIVATE_VERSION_LENGTH           1 /*    8-bits */
00099 #define FIPS_RSA_MESSAGE_LENGTH                 128 /* 1024-bits */
00100 #define FIPS_RSA_COEFFICIENT_LENGTH              64 /*  512-bits */
00101 #define FIPS_RSA_PRIME0_LENGTH                   64 /*  512-bits */
00102 #define FIPS_RSA_PRIME1_LENGTH                   64 /*  512-bits */
00103 #define FIPS_RSA_EXPONENT0_LENGTH                64 /*  512-bits */
00104 #define FIPS_RSA_EXPONENT1_LENGTH                64 /*  512-bits */
00105 #define FIPS_RSA_PRIVATE_EXPONENT_LENGTH        128 /* 1024-bits */
00106 #define FIPS_RSA_ENCRYPT_LENGTH                 128 /* 1024-bits */
00107 #define FIPS_RSA_DECRYPT_LENGTH                 128 /* 1024-bits */
00108 #define FIPS_RSA_SIGNATURE_LENGTH               128 /* 1024-bits */
00109 #define FIPS_RSA_MODULUS_LENGTH                 128 /* 1024-bits */
00110 
00111 
00112 /* FIPS preprocessor directives for DSA.                        */
00113 #define FIPS_DSA_TYPE                           siBuffer
00114 #define FIPS_DSA_DIGEST_LENGTH                  20 /*  160-bits */
00115 #define FIPS_DSA_SUBPRIME_LENGTH                20 /*  160-bits */
00116 #define FIPS_DSA_SIGNATURE_LENGTH               40 /*  320-bits */
00117 #define FIPS_DSA_PRIME_LENGTH                  128 /* 1024-bits */
00118 #define FIPS_DSA_BASE_LENGTH                   128 /* 1024-bits */
00119 
00120 /* FIPS preprocessor directives for RNG.                        */
00121 #define FIPS_RNG_XKEY_LENGTH                    32  /* 256-bits */
00122 
00123 static CK_RV
00124 sftk_fips_RC2_PowerUpSelfTest( void )
00125 {
00126     /* RC2 Known Key (40-bits). */
00127     static const PRUint8 rc2_known_key[] = { "RSARC" };
00128 
00129     /* RC2-CBC Known Initialization Vector (64-bits). */
00130     static const PRUint8 rc2_cbc_known_initialization_vector[] = {"Security"};
00131 
00132     /* RC2 Known Plaintext (64-bits). */
00133     static const PRUint8 rc2_ecb_known_plaintext[] = {"Netscape"};
00134     static const PRUint8 rc2_cbc_known_plaintext[] = {"Netscape"};
00135 
00136     /* RC2 Known Ciphertext (64-bits). */
00137     static const PRUint8 rc2_ecb_known_ciphertext[] = {
00138                               0x1a,0x71,0x33,0x54,0x8d,0x5c,0xd2,0x30};
00139     static const PRUint8 rc2_cbc_known_ciphertext[] = {
00140                               0xff,0x41,0xdb,0x94,0x8a,0x4c,0x33,0xb3};
00141 
00142     /* RC2 variables. */
00143     PRUint8        rc2_computed_ciphertext[FIPS_RC2_ENCRYPT_LENGTH];
00144     PRUint8        rc2_computed_plaintext[FIPS_RC2_DECRYPT_LENGTH];
00145     RC2Context *   rc2_context;
00146     unsigned int   rc2_bytes_encrypted;
00147     unsigned int   rc2_bytes_decrypted;
00148     SECStatus      rc2_status;
00149 
00150 
00151     /******************************************************/
00152     /* RC2-ECB Single-Round Known Answer Encryption Test: */
00153     /******************************************************/
00154 
00155     rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
00156                                      NULL, NSS_RC2,
00157                                      FIPS_RC2_KEY_LENGTH );
00158 
00159     if( rc2_context == NULL )
00160         return( CKR_HOST_MEMORY );
00161 
00162     rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
00163                               &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
00164                               rc2_ecb_known_plaintext,
00165                               FIPS_RC2_DECRYPT_LENGTH );
00166 
00167     RC2_DestroyContext( rc2_context, PR_TRUE );
00168 
00169     if( ( rc2_status != SECSuccess ) ||
00170         ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
00171         ( PORT_Memcmp( rc2_computed_ciphertext, rc2_ecb_known_ciphertext,
00172                        FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
00173         return( CKR_DEVICE_ERROR );
00174 
00175 
00176     /******************************************************/
00177     /* RC2-ECB Single-Round Known Answer Decryption Test: */
00178     /******************************************************/
00179 
00180     rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
00181                                      NULL, NSS_RC2,
00182                                      FIPS_RC2_KEY_LENGTH );
00183 
00184     if( rc2_context == NULL )
00185         return( CKR_HOST_MEMORY );
00186 
00187     rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
00188                               &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
00189                               rc2_ecb_known_ciphertext,
00190                               FIPS_RC2_ENCRYPT_LENGTH );
00191 
00192     RC2_DestroyContext( rc2_context, PR_TRUE );
00193 
00194     if( ( rc2_status != SECSuccess ) ||
00195         ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
00196         ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
00197                        FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
00198         return( CKR_DEVICE_ERROR );
00199 
00200 
00201     /******************************************************/
00202     /* RC2-CBC Single-Round Known Answer Encryption Test: */
00203     /******************************************************/
00204 
00205     rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
00206                                      rc2_cbc_known_initialization_vector,
00207                                      NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
00208 
00209     if( rc2_context == NULL )
00210         return( CKR_HOST_MEMORY );
00211 
00212     rc2_status = RC2_Encrypt( rc2_context, rc2_computed_ciphertext,
00213                               &rc2_bytes_encrypted, FIPS_RC2_ENCRYPT_LENGTH,
00214                               rc2_cbc_known_plaintext,
00215                               FIPS_RC2_DECRYPT_LENGTH );
00216 
00217     RC2_DestroyContext( rc2_context, PR_TRUE );
00218 
00219     if( ( rc2_status != SECSuccess ) ||
00220         ( rc2_bytes_encrypted != FIPS_RC2_ENCRYPT_LENGTH ) ||
00221         ( PORT_Memcmp( rc2_computed_ciphertext, rc2_cbc_known_ciphertext,
00222                        FIPS_RC2_ENCRYPT_LENGTH ) != 0 ) )
00223         return( CKR_DEVICE_ERROR );
00224 
00225 
00226     /******************************************************/
00227     /* RC2-CBC Single-Round Known Answer Decryption Test: */
00228     /******************************************************/
00229 
00230     rc2_context = RC2_CreateContext( rc2_known_key, FIPS_RC2_KEY_LENGTH,
00231                                      rc2_cbc_known_initialization_vector,
00232                                      NSS_RC2_CBC, FIPS_RC2_KEY_LENGTH );
00233 
00234     if( rc2_context == NULL )
00235         return( CKR_HOST_MEMORY );
00236 
00237     rc2_status = RC2_Decrypt( rc2_context, rc2_computed_plaintext,
00238                               &rc2_bytes_decrypted, FIPS_RC2_DECRYPT_LENGTH,
00239                               rc2_cbc_known_ciphertext,
00240                               FIPS_RC2_ENCRYPT_LENGTH );
00241 
00242     RC2_DestroyContext( rc2_context, PR_TRUE );
00243 
00244     if( ( rc2_status != SECSuccess ) ||
00245         ( rc2_bytes_decrypted != FIPS_RC2_DECRYPT_LENGTH ) ||
00246         ( PORT_Memcmp( rc2_computed_plaintext, rc2_ecb_known_plaintext,
00247                        FIPS_RC2_DECRYPT_LENGTH ) != 0 ) )
00248         return( CKR_DEVICE_ERROR );
00249 
00250     return( CKR_OK );
00251 }
00252 
00253 
00254 static CK_RV
00255 sftk_fips_RC4_PowerUpSelfTest( void )
00256 {
00257     /* RC4 Known Key (40-bits). */
00258     static const PRUint8 rc4_known_key[] = { "RSARC" };
00259 
00260     /* RC4 Known Plaintext (64-bits). */
00261     static const PRUint8 rc4_known_plaintext[] = { "Netscape" };
00262 
00263     /* RC4 Known Ciphertext (64-bits). */
00264     static const PRUint8 rc4_known_ciphertext[] = {
00265                             0x29,0x33,0xc7,0x9a,0x9d,0x6c,0x09,0xdd};
00266 
00267     /* RC4 variables. */
00268     PRUint8        rc4_computed_ciphertext[FIPS_RC4_ENCRYPT_LENGTH];
00269     PRUint8        rc4_computed_plaintext[FIPS_RC4_DECRYPT_LENGTH];
00270     RC4Context *   rc4_context;
00271     unsigned int   rc4_bytes_encrypted;
00272     unsigned int   rc4_bytes_decrypted;
00273     SECStatus      rc4_status;
00274 
00275 
00276     /**************************************************/
00277     /* RC4 Single-Round Known Answer Encryption Test: */
00278     /**************************************************/
00279 
00280     rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
00281 
00282     if( rc4_context == NULL )
00283         return( CKR_HOST_MEMORY );
00284 
00285     rc4_status = RC4_Encrypt( rc4_context, rc4_computed_ciphertext,
00286                               &rc4_bytes_encrypted, FIPS_RC4_ENCRYPT_LENGTH,
00287                               rc4_known_plaintext, FIPS_RC4_DECRYPT_LENGTH );
00288 
00289     RC4_DestroyContext( rc4_context, PR_TRUE );
00290 
00291     if( ( rc4_status != SECSuccess ) ||
00292         ( rc4_bytes_encrypted != FIPS_RC4_ENCRYPT_LENGTH ) ||
00293         ( PORT_Memcmp( rc4_computed_ciphertext, rc4_known_ciphertext,
00294                        FIPS_RC4_ENCRYPT_LENGTH ) != 0 ) )
00295         return( CKR_DEVICE_ERROR );
00296 
00297 
00298     /**************************************************/
00299     /* RC4 Single-Round Known Answer Decryption Test: */
00300     /**************************************************/
00301 
00302     rc4_context = RC4_CreateContext( rc4_known_key, FIPS_RC4_KEY_LENGTH );
00303 
00304     if( rc4_context == NULL )
00305         return( CKR_HOST_MEMORY );
00306 
00307     rc4_status = RC4_Decrypt( rc4_context, rc4_computed_plaintext,
00308                               &rc4_bytes_decrypted, FIPS_RC4_DECRYPT_LENGTH,
00309                               rc4_known_ciphertext, FIPS_RC4_ENCRYPT_LENGTH );
00310 
00311     RC4_DestroyContext( rc4_context, PR_TRUE );
00312 
00313     if( ( rc4_status != SECSuccess ) ||
00314         ( rc4_bytes_decrypted != FIPS_RC4_DECRYPT_LENGTH ) ||
00315         ( PORT_Memcmp( rc4_computed_plaintext, rc4_known_plaintext,
00316                        FIPS_RC4_DECRYPT_LENGTH ) != 0 ) )
00317         return( CKR_DEVICE_ERROR );
00318 
00319     return( CKR_OK );
00320 }
00321 
00322 
00323 static CK_RV
00324 sftk_fips_DES_PowerUpSelfTest( void )
00325 {
00326     /* DES Known Key (56-bits). */
00327     static const PRUint8 des_known_key[] = { "ANSI DES" };
00328 
00329     /* DES-CBC Known Initialization Vector (64-bits). */
00330     static const PRUint8 des_cbc_known_initialization_vector[] = { "Security" };
00331 
00332     /* DES Known Plaintext (64-bits). */
00333     static const PRUint8 des_ecb_known_plaintext[] = { "Netscape" };
00334     static const PRUint8 des_cbc_known_plaintext[] = { "Netscape" };
00335 
00336     /* DES Known Ciphertext (64-bits). */
00337     static const PRUint8 des_ecb_known_ciphertext[] = {
00338                             0x26,0x14,0xe9,0xc3,0x28,0x80,0x50,0xb0};
00339     static const PRUint8 des_cbc_known_ciphertext[]  = {
00340                             0x5e,0x95,0x94,0x5d,0x76,0xa2,0xd3,0x7d};
00341 
00342     /* DES variables. */
00343     PRUint8        des_computed_ciphertext[FIPS_DES_ENCRYPT_LENGTH];
00344     PRUint8        des_computed_plaintext[FIPS_DES_DECRYPT_LENGTH];
00345     DESContext *   des_context;
00346     unsigned int   des_bytes_encrypted;
00347     unsigned int   des_bytes_decrypted;
00348     SECStatus      des_status;
00349 
00350 
00351     /******************************************************/
00352     /* DES-ECB Single-Round Known Answer Encryption Test: */
00353     /******************************************************/
00354 
00355     des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_TRUE );
00356 
00357     if( des_context == NULL )
00358         return( CKR_HOST_MEMORY );
00359 
00360     des_status = DES_Encrypt( des_context, des_computed_ciphertext,
00361                               &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
00362                               des_ecb_known_plaintext,
00363                               FIPS_DES_DECRYPT_LENGTH );
00364 
00365     DES_DestroyContext( des_context, PR_TRUE );
00366 
00367     if( ( des_status != SECSuccess ) ||
00368         ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
00369         ( PORT_Memcmp( des_computed_ciphertext, des_ecb_known_ciphertext,
00370                        FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
00371         return( CKR_DEVICE_ERROR );
00372 
00373 
00374     /******************************************************/
00375     /* DES-ECB Single-Round Known Answer Decryption Test: */
00376     /******************************************************/
00377 
00378     des_context = DES_CreateContext( des_known_key, NULL, NSS_DES, PR_FALSE );
00379 
00380     if( des_context == NULL )
00381         return( CKR_HOST_MEMORY );
00382 
00383     des_status = DES_Decrypt( des_context, des_computed_plaintext,
00384                               &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
00385                               des_ecb_known_ciphertext,
00386                               FIPS_DES_ENCRYPT_LENGTH );
00387 
00388     DES_DestroyContext( des_context, PR_TRUE );
00389 
00390     if( ( des_status != SECSuccess ) ||
00391         ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
00392         ( PORT_Memcmp( des_computed_plaintext, des_ecb_known_plaintext,
00393                        FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
00394         return( CKR_DEVICE_ERROR );
00395 
00396 
00397     /******************************************************/
00398     /* DES-CBC Single-Round Known Answer Encryption Test. */
00399     /******************************************************/
00400 
00401     des_context = DES_CreateContext( des_known_key,
00402                                      des_cbc_known_initialization_vector,
00403                                      NSS_DES_CBC, PR_TRUE );
00404 
00405     if( des_context == NULL )
00406         return( CKR_HOST_MEMORY );
00407 
00408     des_status = DES_Encrypt( des_context, des_computed_ciphertext,
00409                               &des_bytes_encrypted, FIPS_DES_ENCRYPT_LENGTH,
00410                               des_cbc_known_plaintext,
00411                               FIPS_DES_DECRYPT_LENGTH );
00412 
00413     DES_DestroyContext( des_context, PR_TRUE );
00414 
00415     if( ( des_status != SECSuccess ) ||
00416         ( des_bytes_encrypted != FIPS_DES_ENCRYPT_LENGTH ) ||
00417         ( PORT_Memcmp( des_computed_ciphertext, des_cbc_known_ciphertext,
00418                        FIPS_DES_ENCRYPT_LENGTH ) != 0 ) )
00419         return( CKR_DEVICE_ERROR );
00420 
00421 
00422     /******************************************************/
00423     /* DES-CBC Single-Round Known Answer Decryption Test. */
00424     /******************************************************/
00425 
00426     des_context = DES_CreateContext( des_known_key,
00427                                      des_cbc_known_initialization_vector,
00428                                      NSS_DES_CBC, PR_FALSE );
00429 
00430     if( des_context == NULL )
00431         return( CKR_HOST_MEMORY );
00432 
00433     des_status = DES_Decrypt( des_context, des_computed_plaintext,
00434                               &des_bytes_decrypted, FIPS_DES_DECRYPT_LENGTH,
00435                               des_cbc_known_ciphertext,
00436                               FIPS_DES_ENCRYPT_LENGTH );
00437 
00438     DES_DestroyContext( des_context, PR_TRUE );
00439 
00440     if( ( des_status != SECSuccess ) ||
00441         ( des_bytes_decrypted != FIPS_DES_DECRYPT_LENGTH ) ||
00442         ( PORT_Memcmp( des_computed_plaintext, des_cbc_known_plaintext,
00443                        FIPS_DES_DECRYPT_LENGTH ) != 0 ) )
00444         return( CKR_DEVICE_ERROR );
00445 
00446     return( CKR_OK );
00447 }
00448 
00449 
00450 static CK_RV
00451 sftk_fips_DES3_PowerUpSelfTest( void )
00452 {
00453     /* DES3 Known Key (56-bits). */
00454     static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
00455 
00456     /* DES3-CBC Known Initialization Vector (64-bits). */
00457     static const PRUint8 des3_cbc_known_initialization_vector[] = { "Security" };
00458 
00459     /* DES3 Known Plaintext (64-bits). */
00460     static const PRUint8 des3_ecb_known_plaintext[] = { "Netscape" };
00461     static const PRUint8 des3_cbc_known_plaintext[] = { "Netscape" };
00462 
00463     /* DES3 Known Ciphertext (64-bits). */
00464     static const PRUint8 des3_ecb_known_ciphertext[] = {
00465                         0x55,0x8e,0xad,0x3c,0xee,0x49,0x69,0xbe};
00466     static const PRUint8 des3_cbc_known_ciphertext[] = {
00467                         0x43,0xdc,0x6a,0xc1,0xaf,0xa6,0x32,0xf5};
00468 
00469     /* DES3 variables. */
00470     PRUint8        des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
00471     PRUint8        des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
00472     DESContext *   des3_context;
00473     unsigned int   des3_bytes_encrypted;
00474     unsigned int   des3_bytes_decrypted;
00475     SECStatus      des3_status;
00476 
00477 
00478     /*******************************************************/
00479     /* DES3-ECB Single-Round Known Answer Encryption Test. */
00480     /*******************************************************/
00481 
00482     des3_context = DES_CreateContext( des3_known_key, NULL,
00483                                      NSS_DES_EDE3, PR_TRUE );
00484 
00485     if( des3_context == NULL )
00486         return( CKR_HOST_MEMORY );
00487 
00488     des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
00489                                &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
00490                                des3_ecb_known_plaintext,
00491                                FIPS_DES3_DECRYPT_LENGTH );
00492 
00493     DES_DestroyContext( des3_context, PR_TRUE );
00494 
00495     if( ( des3_status != SECSuccess ) ||
00496         ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
00497         ( PORT_Memcmp( des3_computed_ciphertext, des3_ecb_known_ciphertext,
00498                        FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
00499         return( CKR_DEVICE_ERROR );
00500 
00501 
00502     /*******************************************************/
00503     /* DES3-ECB Single-Round Known Answer Decryption Test. */
00504     /*******************************************************/
00505 
00506     des3_context = DES_CreateContext( des3_known_key, NULL,
00507                                      NSS_DES_EDE3, PR_FALSE );
00508 
00509     if( des3_context == NULL )
00510         return( CKR_HOST_MEMORY );
00511 
00512     des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
00513                                &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
00514                                des3_ecb_known_ciphertext,
00515                                FIPS_DES3_ENCRYPT_LENGTH );
00516 
00517     DES_DestroyContext( des3_context, PR_TRUE );
00518 
00519     if( ( des3_status != SECSuccess ) ||
00520         ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
00521         ( PORT_Memcmp( des3_computed_plaintext, des3_ecb_known_plaintext,
00522                        FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
00523         return( CKR_DEVICE_ERROR );
00524 
00525 
00526     /*******************************************************/
00527     /* DES3-CBC Single-Round Known Answer Encryption Test. */
00528     /*******************************************************/
00529 
00530     des3_context = DES_CreateContext( des3_known_key,
00531                                       des3_cbc_known_initialization_vector,
00532                                       NSS_DES_EDE3_CBC, PR_TRUE );
00533 
00534     if( des3_context == NULL )
00535         return( CKR_HOST_MEMORY );
00536 
00537     des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
00538                                &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
00539                                des3_cbc_known_plaintext,
00540                                FIPS_DES3_DECRYPT_LENGTH );
00541 
00542     DES_DestroyContext( des3_context, PR_TRUE );
00543 
00544     if( ( des3_status != SECSuccess ) ||
00545         ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
00546         ( PORT_Memcmp( des3_computed_ciphertext, des3_cbc_known_ciphertext,
00547                        FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) )
00548         return( CKR_DEVICE_ERROR );
00549 
00550 
00551     /*******************************************************/
00552     /* DES3-CBC Single-Round Known Answer Decryption Test. */
00553     /*******************************************************/
00554 
00555     des3_context = DES_CreateContext( des3_known_key,
00556                                       des3_cbc_known_initialization_vector,
00557                                       NSS_DES_EDE3_CBC, PR_FALSE );
00558 
00559     if( des3_context == NULL )
00560         return( CKR_HOST_MEMORY );
00561 
00562     des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
00563                                &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
00564                                des3_cbc_known_ciphertext,
00565                                FIPS_DES3_ENCRYPT_LENGTH );
00566 
00567     DES_DestroyContext( des3_context, PR_TRUE );
00568 
00569     if( ( des3_status != SECSuccess ) ||
00570         ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
00571         ( PORT_Memcmp( des3_computed_plaintext, des3_cbc_known_plaintext,
00572                        FIPS_DES3_DECRYPT_LENGTH ) != 0 ) )
00573         return( CKR_DEVICE_ERROR );
00574 
00575     return( CKR_OK );
00576 }
00577 
00578 
00579 /* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/
00580 static CK_RV
00581 sftk_fips_AES_PowerUpSelfTest( int aes_key_size )
00582 {
00583     /* AES Known Key (up to 256-bits). */
00584     static const PRUint8 aes_known_key[] = 
00585         { "AES-128 RIJNDAELLEADNJIR 821-SEA" };
00586 
00587     /* AES-CBC Known Initialization Vector (128-bits). */
00588     static const PRUint8 aes_cbc_known_initialization_vector[] = 
00589         { "SecurityytiruceS" };
00590 
00591     /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
00592     static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" };
00593 
00594     /* AES Known Ciphertext (128-bit key). */
00595     static const PRUint8 aes_ecb128_known_ciphertext[] = {
00596         0x3c,0xa5,0x96,0xf3,0x34,0x6a,0x96,0xc1,
00597         0x03,0x88,0x16,0x7b,0x20,0xbf,0x35,0x47 };
00598 
00599     static const PRUint8 aes_cbc128_known_ciphertext[]  = {
00600         0xcf,0x15,0x1d,0x4f,0x96,0xe4,0x4f,0x63,
00601         0x15,0x54,0x14,0x1d,0x4e,0xd8,0xd5,0xea };
00602 
00603     /* AES Known Ciphertext (192-bit key). */
00604     static const PRUint8 aes_ecb192_known_ciphertext[] = { 
00605         0xa0,0x18,0x62,0xed,0x88,0x19,0xcb,0x62,
00606         0x88,0x1d,0x4d,0xfe,0x84,0x02,0x89,0x0e };
00607 
00608     static const PRUint8 aes_cbc192_known_ciphertext[]  = { 
00609         0x83,0xf7,0xa4,0x76,0xd1,0x6f,0x07,0xbe,
00610         0x07,0xbc,0x43,0x2f,0x6d,0xad,0x29,0xe1 };
00611 
00612     /* AES Known Ciphertext (256-bit key). */
00613     static const PRUint8 aes_ecb256_known_ciphertext[] = { 
00614         0xdb,0xa6,0x52,0x01,0x8a,0x70,0xae,0x66,
00615         0x3a,0x99,0xd8,0x95,0x7f,0xfb,0x01,0x67 };
00616     
00617     static const PRUint8 aes_cbc256_known_ciphertext[]  = { 
00618         0x37,0xea,0x07,0x06,0x31,0x1c,0x59,0x27,
00619         0xc5,0xc5,0x68,0x71,0x6e,0x34,0x40,0x16 };
00620 
00621     const PRUint8 *aes_ecb_known_ciphertext =
00622         ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext :
00623         ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext :
00624                                 aes_ecb256_known_ciphertext;
00625 
00626     const PRUint8 *aes_cbc_known_ciphertext =
00627         ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext :
00628         ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext :
00629                                 aes_cbc256_known_ciphertext;
00630 
00631     /* AES variables. */
00632     PRUint8        aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH];
00633     PRUint8        aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH];
00634     AESContext *   aes_context;
00635     unsigned int   aes_bytes_encrypted;
00636     unsigned int   aes_bytes_decrypted;
00637     SECStatus      aes_status;
00638 
00639     /*check if aes_key_size is 128, 192, or 256 bits */
00640     if ((aes_key_size != FIPS_AES_128_KEY_SIZE) && 
00641         (aes_key_size != FIPS_AES_192_KEY_SIZE) && 
00642         (aes_key_size != FIPS_AES_256_KEY_SIZE)) 
00643             return( CKR_DEVICE_ERROR );
00644 
00645     /******************************************************/
00646     /* AES-ECB Single-Round Known Answer Encryption Test: */
00647     /******************************************************/
00648 
00649     aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_TRUE,
00650                                      aes_key_size, FIPS_AES_BLOCK_SIZE );
00651 
00652     if( aes_context == NULL )
00653         return( CKR_HOST_MEMORY );
00654 
00655     aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
00656                               &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
00657                               aes_known_plaintext,
00658                               FIPS_AES_DECRYPT_LENGTH );
00659     
00660     AES_DestroyContext( aes_context, PR_TRUE );
00661 
00662     if( ( aes_status != SECSuccess ) ||
00663         ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
00664         ( PORT_Memcmp( aes_computed_ciphertext, aes_ecb_known_ciphertext,
00665                        FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
00666         return( CKR_DEVICE_ERROR );
00667 
00668 
00669     /******************************************************/
00670     /* AES-ECB Single-Round Known Answer Decryption Test: */
00671     /******************************************************/
00672 
00673     aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_FALSE,
00674                                      aes_key_size, FIPS_AES_BLOCK_SIZE );
00675 
00676     if( aes_context == NULL )
00677         return( CKR_HOST_MEMORY );
00678 
00679     aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
00680                               &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
00681                               aes_ecb_known_ciphertext,
00682                               FIPS_AES_ENCRYPT_LENGTH );
00683 
00684     AES_DestroyContext( aes_context, PR_TRUE );
00685 
00686     if( ( aes_status != SECSuccess ) ||         
00687         ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
00688         ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
00689                        FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
00690         return( CKR_DEVICE_ERROR );
00691 
00692 
00693     /******************************************************/
00694     /* AES-CBC Single-Round Known Answer Encryption Test. */
00695     /******************************************************/
00696 
00697     aes_context = AES_CreateContext( aes_known_key,
00698                                      aes_cbc_known_initialization_vector,
00699                                      NSS_AES_CBC, PR_TRUE, aes_key_size, 
00700                                      FIPS_AES_BLOCK_SIZE );
00701 
00702     if( aes_context == NULL )
00703         return( CKR_HOST_MEMORY );
00704 
00705     aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
00706                               &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
00707                               aes_known_plaintext,
00708                               FIPS_AES_DECRYPT_LENGTH );
00709 
00710     AES_DestroyContext( aes_context, PR_TRUE );
00711 
00712     if( ( aes_status != SECSuccess ) ||
00713         ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
00714         ( PORT_Memcmp( aes_computed_ciphertext, aes_cbc_known_ciphertext,
00715                        FIPS_AES_ENCRYPT_LENGTH ) != 0 ) )
00716         return( CKR_DEVICE_ERROR );
00717 
00718 
00719     /******************************************************/
00720     /* AES-CBC Single-Round Known Answer Decryption Test. */
00721     /******************************************************/
00722 
00723     aes_context = AES_CreateContext( aes_known_key,
00724                                      aes_cbc_known_initialization_vector,
00725                                      NSS_AES_CBC, PR_FALSE, aes_key_size, 
00726                                      FIPS_AES_BLOCK_SIZE );
00727 
00728     if( aes_context == NULL )
00729         return( CKR_HOST_MEMORY );
00730 
00731     aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
00732                               &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
00733                               aes_cbc_known_ciphertext,
00734                               FIPS_AES_ENCRYPT_LENGTH );
00735 
00736     AES_DestroyContext( aes_context, PR_TRUE );
00737 
00738     if( ( aes_status != SECSuccess ) ||
00739         ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
00740         ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
00741                        FIPS_AES_DECRYPT_LENGTH ) != 0 ) )
00742         return( CKR_DEVICE_ERROR );
00743 
00744     return( CKR_OK );
00745 }
00746 
00747 /* Known Hash Message (512-bits).  Used for all hashes (incl. SHA-N [N>1]). */
00748 static const PRUint8 known_hash_message[] = {
00749   "The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
00750 
00751 
00752 static CK_RV
00753 sftk_fips_MD2_PowerUpSelfTest( void )
00754 {
00755     /* MD2 Known Digest Message (128-bits). */
00756     static const PRUint8 md2_known_digest[]  = {
00757                                    0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17,
00758                                    0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b};
00759 
00760     /* MD2 variables. */
00761     MD2Context * md2_context;
00762     unsigned int md2_bytes_hashed;
00763     PRUint8      md2_computed_digest[MD2_LENGTH];
00764 
00765 
00766     /***********************************************/
00767     /* MD2 Single-Round Known Answer Hashing Test. */
00768     /***********************************************/
00769 
00770     md2_context = MD2_NewContext();
00771 
00772     if( md2_context == NULL )
00773         return( CKR_HOST_MEMORY );
00774 
00775     MD2_Begin( md2_context );
00776 
00777     MD2_Update( md2_context, known_hash_message,
00778                 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
00779 
00780     MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH );
00781 
00782     MD2_DestroyContext( md2_context , PR_TRUE );
00783     
00784     if( ( md2_bytes_hashed != MD2_LENGTH ) ||
00785         ( PORT_Memcmp( md2_computed_digest, md2_known_digest,
00786                        MD2_LENGTH ) != 0 ) )
00787         return( CKR_DEVICE_ERROR );
00788 
00789     return( CKR_OK );
00790 }
00791 
00792 
00793 static CK_RV
00794 sftk_fips_MD5_PowerUpSelfTest( void )
00795 {
00796     /* MD5 Known Digest Message (128-bits). */
00797     static const PRUint8 md5_known_digest[]  = {
00798                                0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28,
00799                                0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d};
00800 
00801     /* MD5 variables. */
00802     PRUint8        md5_computed_digest[MD5_LENGTH];
00803     SECStatus      md5_status;
00804 
00805 
00806     /***********************************************/
00807     /* MD5 Single-Round Known Answer Hashing Test. */
00808     /***********************************************/
00809 
00810     md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message,
00811                               FIPS_KNOWN_HASH_MESSAGE_LENGTH );
00812 
00813     if( ( md5_status != SECSuccess ) ||
00814         ( PORT_Memcmp( md5_computed_digest, md5_known_digest,
00815                        MD5_LENGTH ) != 0 ) )
00816         return( CKR_DEVICE_ERROR );
00817 
00818     return( CKR_OK );
00819 }
00820 
00821 /****************************************************/
00822 /* Single Round HMAC SHA-X test                     */
00823 /****************************************************/
00824 static SECStatus
00825 sftk_fips_HMAC(unsigned char *hmac_computed,
00826                const PRUint8 *secret_key,
00827                unsigned int secret_key_length,
00828                const PRUint8 *message,
00829                unsigned int message_length,
00830                HASH_HashType hashAlg )
00831 {
00832     SECStatus hmac_status = SECFailure;
00833     HMACContext *cx = NULL;
00834     SECHashObject *hashObj = NULL;
00835     unsigned int bytes_hashed = 0;
00836 
00837     hashObj = (SECHashObject *) HASH_GetRawHashObject(hashAlg);
00838  
00839     if (!hashObj) 
00840         return( SECFailure );
00841 
00842     cx = HMAC_Create(hashObj, secret_key, 
00843                      secret_key_length, 
00844                      PR_TRUE);  /* PR_TRUE for in FIPS mode */
00845 
00846     if (cx == NULL) 
00847         return( SECFailure );
00848 
00849     HMAC_Begin(cx);
00850     HMAC_Update(cx, message, message_length);
00851     hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed, 
00852                               hashObj->length);
00853 
00854     HMAC_Destroy(cx, PR_TRUE);
00855 
00856     return( hmac_status );
00857 }
00858 
00859 static CK_RV
00860 sftk_fips_HMAC_PowerUpSelfTest( void )
00861 {
00862     static const PRUint8 HMAC_known_secret_key[] = {
00863                          "Firefox and ThunderBird are awesome!"};
00864 
00865     static const PRUint8 HMAC_known_secret_key_length 
00866                          = sizeof HMAC_known_secret_key;
00867 
00868     /* known SHA1 hmac (20 bytes) */
00869     static const PRUint8 known_SHA1_hmac[] = {
00870         0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05, 
00871         0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e, 
00872         0x5d, 0x0e, 0x1e, 0x11};
00873 
00874     /* known SHA256 hmac (32 bytes) */
00875     static const PRUint8 known_SHA256_hmac[] = {
00876         0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44, 
00877         0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0, 
00878         0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9, 
00879         0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48};        
00880 
00881     /* known SHA384 hmac (48 bytes) */
00882     static const PRUint8 known_SHA384_hmac[] = {
00883         0xcd, 0x56, 0x14, 0xec, 0x05, 0x53, 0x06, 0x2b,
00884         0x7e, 0x9c, 0x8a, 0x18, 0x5e, 0xea, 0xf3, 0x91,
00885         0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b,
00886         0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d,
00887         0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa,
00888         0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87};
00889 
00890     /* known SHA512 hmac (64 bytes) */
00891     static const PRUint8 known_SHA512_hmac[] = {
00892         0xf6, 0x0e, 0x97, 0x12, 0x00, 0x67, 0x6e, 0xb9,
00893         0x0c, 0xb2, 0x63, 0xf0, 0x60, 0xac, 0x75, 0x62,
00894         0x70, 0x95, 0x2a, 0x52, 0x22, 0xee, 0xdd, 0xd2,
00895         0x71, 0xb1, 0xe8, 0x26, 0x33, 0xd3, 0x13, 0x27,
00896         0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb,
00897         0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1,
00898         0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4,
00899         0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37};
00900 
00901     SECStatus    hmac_status;
00902     PRUint8      hmac_computed[HASH_LENGTH_MAX]; 
00903 
00904     /***************************************************/
00905     /* HMAC SHA-1 Single-Round Known Answer HMAC Test. */
00906     /***************************************************/
00907 
00908     hmac_status = sftk_fips_HMAC(hmac_computed, 
00909                                  HMAC_known_secret_key,
00910                                  HMAC_known_secret_key_length,
00911                                  known_hash_message,
00912                                  FIPS_KNOWN_HASH_MESSAGE_LENGTH,
00913                                  HASH_AlgSHA1); 
00914 
00915     if( ( hmac_status != SECSuccess ) || 
00916         ( PORT_Memcmp( hmac_computed, known_SHA1_hmac,
00917                        SHA1_LENGTH ) != 0 ) )
00918         return( CKR_DEVICE_ERROR );
00919 
00920     /***************************************************/
00921     /* HMAC SHA-256 Single-Round Known Answer Test.    */
00922     /***************************************************/
00923 
00924     hmac_status = sftk_fips_HMAC(hmac_computed, 
00925                                  HMAC_known_secret_key,
00926                                  HMAC_known_secret_key_length,
00927                                  known_hash_message,
00928                                  FIPS_KNOWN_HASH_MESSAGE_LENGTH,
00929                                  HASH_AlgSHA256); 
00930 
00931     if( ( hmac_status != SECSuccess ) || 
00932         ( PORT_Memcmp( hmac_computed, known_SHA256_hmac,
00933                        SHA256_LENGTH ) != 0 ) )
00934         return( CKR_DEVICE_ERROR );
00935 
00936     /***************************************************/
00937     /* HMAC SHA-384 Single-Round Known Answer Test.    */
00938     /***************************************************/
00939 
00940     hmac_status = sftk_fips_HMAC(hmac_computed,
00941                                  HMAC_known_secret_key,
00942                                  HMAC_known_secret_key_length,
00943                                  known_hash_message,
00944                                  FIPS_KNOWN_HASH_MESSAGE_LENGTH,
00945                                  HASH_AlgSHA384);
00946 
00947     if( ( hmac_status != SECSuccess ) ||
00948         ( PORT_Memcmp( hmac_computed, known_SHA384_hmac,
00949                        SHA384_LENGTH ) != 0 ) )
00950         return( CKR_DEVICE_ERROR );
00951 
00952     /***************************************************/
00953     /* HMAC SHA-512 Single-Round Known Answer Test.    */
00954     /***************************************************/
00955 
00956     hmac_status = sftk_fips_HMAC(hmac_computed,
00957                                  HMAC_known_secret_key,
00958                                  HMAC_known_secret_key_length,
00959                                  known_hash_message,
00960                                  FIPS_KNOWN_HASH_MESSAGE_LENGTH,
00961                                  HASH_AlgSHA512);
00962 
00963     if( ( hmac_status != SECSuccess ) ||
00964         ( PORT_Memcmp( hmac_computed, known_SHA512_hmac,
00965                        SHA512_LENGTH ) != 0 ) )
00966         return( CKR_DEVICE_ERROR );
00967 
00968     return( CKR_OK );
00969 }
00970 
00971 static CK_RV
00972 sftk_fips_SHA_PowerUpSelfTest( void )
00973 {
00974     /* SHA-1 Known Digest Message (160-bits). */
00975     static const PRUint8 sha1_known_digest[] = {
00976                             0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
00977                             0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
00978                             0xe0,0x68,0x47,0x7a};
00979 
00980     /* SHA-256 Known Digest Message (256-bits). */
00981     static const PRUint8 sha256_known_digest[] = {
00982         0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
00983         0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d,
00984         0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9,
00985         0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79};
00986  
00987     /* SHA-384 Known Digest Message (384-bits). */
00988     static const PRUint8 sha384_known_digest[] = {
00989         0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3,
00990         0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe,
00991         0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8,
00992         0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b,
00993         0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3,
00994         0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72};
00995 
00996     /* SHA-512 Known Digest Message (512-bits). */
00997     static const PRUint8 sha512_known_digest[] = {
00998         0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf,
00999         0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb,
01000         0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99,
01001         0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28,
01002         0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12,
01003         0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f,
01004         0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a,
01005         0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07};
01006 
01007     /* SHA-X variables. */
01008     PRUint8        sha_computed_digest[HASH_LENGTH_MAX];
01009     SECStatus      sha_status;
01010 
01011     /*************************************************/
01012     /* SHA-1 Single-Round Known Answer Hashing Test. */
01013     /*************************************************/
01014 
01015     sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message,
01016                                 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
01017  
01018     if( ( sha_status != SECSuccess ) ||
01019         ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
01020                        SHA1_LENGTH ) != 0 ) )
01021         return( CKR_DEVICE_ERROR );
01022 
01023     /***************************************************/
01024     /* SHA-256 Single-Round Known Answer Hashing Test. */
01025     /***************************************************/
01026 
01027     sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message,
01028                                 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
01029 
01030     if( ( sha_status != SECSuccess ) ||
01031         ( PORT_Memcmp( sha_computed_digest, sha256_known_digest,
01032                        SHA256_LENGTH ) != 0 ) )
01033         return( CKR_DEVICE_ERROR );
01034 
01035     /***************************************************/
01036     /* SHA-384 Single-Round Known Answer Hashing Test. */
01037     /***************************************************/
01038 
01039     sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message,
01040                                 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
01041 
01042     if( ( sha_status != SECSuccess ) ||
01043         ( PORT_Memcmp( sha_computed_digest, sha384_known_digest,
01044                        SHA384_LENGTH ) != 0 ) )
01045         return( CKR_DEVICE_ERROR );
01046 
01047     /***************************************************/
01048     /* SHA-512 Single-Round Known Answer Hashing Test. */
01049     /***************************************************/
01050 
01051     sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message,
01052                                 FIPS_KNOWN_HASH_MESSAGE_LENGTH );
01053 
01054     if( ( sha_status != SECSuccess ) ||
01055         ( PORT_Memcmp( sha_computed_digest, sha512_known_digest,
01056                        SHA512_LENGTH ) != 0 ) )
01057         return( CKR_DEVICE_ERROR );
01058 
01059     return( CKR_OK );
01060 }
01061 
01062 /*
01063 * Single round RSA Signature Known Answer Test
01064 */
01065 static SECStatus
01066 sftk_fips_RSA_PowerUpSigSelfTest (HASH_HashType  shaAlg,
01067                                   NSSLOWKEYPublicKey *rsa_public_key,
01068                                   NSSLOWKEYPrivateKey *rsa_private_key,
01069                                   const unsigned char *rsa_known_msg,
01070                                   const unsigned int rsa_kmsg_length,
01071                                   const unsigned char *rsa_known_signature)
01072 {
01073     SECOidTag      shaOid;   /* SHA OID */
01074     unsigned char  sha[HASH_LENGTH_MAX];    /* SHA digest */
01075     unsigned int   shaLength = 0;           /* length of SHA */
01076     unsigned int   rsa_bytes_signed;
01077     unsigned char  rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
01078     SECStatus      rv;
01079 
01080     if (shaAlg == HASH_AlgSHA1) {
01081         if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
01082                             != SECSuccess) {
01083              goto loser;
01084         }
01085         shaLength = SHA1_LENGTH;
01086         shaOid = SEC_OID_SHA1;
01087     } else if (shaAlg == HASH_AlgSHA256) {
01088         if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
01089                             != SECSuccess) {
01090              goto loser;
01091         }
01092         shaLength = SHA256_LENGTH;
01093         shaOid = SEC_OID_SHA256;
01094     } else if (shaAlg == HASH_AlgSHA384) {
01095         if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
01096                             != SECSuccess) {
01097              goto loser;
01098         }
01099         shaLength = SHA384_LENGTH;
01100         shaOid = SEC_OID_SHA384;
01101     } else if (shaAlg == HASH_AlgSHA512) {
01102         if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
01103                             != SECSuccess) {
01104              goto loser;
01105         }
01106         shaLength = SHA512_LENGTH;
01107         shaOid = SEC_OID_SHA512;
01108     } else {
01109         goto loser;
01110     }
01111 
01112     /*************************************************/
01113     /* RSA Single-Round Known Answer Signature Test. */
01114     /*************************************************/
01115 
01116     /* Perform RSA signature with the RSA private key. */
01117     rv = RSA_HashSign( shaOid,
01118                        rsa_private_key,
01119                        rsa_computed_signature,
01120                        &rsa_bytes_signed,
01121                        FIPS_RSA_SIGNATURE_LENGTH,
01122                        sha,
01123                        shaLength);
01124 
01125     if( ( rv != SECSuccess ) ||
01126         ( rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH ) ||
01127         ( PORT_Memcmp( rsa_computed_signature, rsa_known_signature,
01128                        FIPS_RSA_SIGNATURE_LENGTH ) != 0 ) ) {
01129         goto loser;
01130     }
01131 
01132     /****************************************************/
01133     /* RSA Single-Round Known Answer Verification Test. */
01134     /****************************************************/
01135 
01136     /* Perform RSA verification with the RSA public key. */
01137     rv = RSA_HashCheckSign( shaOid,
01138                             rsa_public_key,
01139                             rsa_computed_signature,
01140                             rsa_bytes_signed,
01141                             sha,
01142                             shaLength);
01143 
01144     if( rv != SECSuccess ) {
01145          goto loser;
01146     }
01147     return( SECSuccess );
01148 
01149 loser:
01150 
01151     return( SECFailure );
01152 
01153 }
01154 
01155 static CK_RV
01156 sftk_fips_RSA_PowerUpSelfTest( void )
01157 {
01158     /* RSA Known Modulus used in both Public/Private Key Values (1024-bits). */
01159     static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
01160                                0xd5, 0x84, 0x95, 0x07, 0xf4, 0xd0, 0x1f, 0x82,
01161                                0xf3, 0x79, 0xf4, 0x99, 0x48, 0x10, 0xe1, 0x71,
01162                                0xa5, 0x62, 0x22, 0xa3, 0x4b, 0x00, 0xe3, 0x5b,
01163                                0x3a, 0xcc, 0x10, 0x83, 0xe0, 0xaf, 0x61, 0x13,
01164                                0x54, 0x6a, 0xa2, 0x6a, 0x2c, 0x5e, 0xb3, 0xcc,
01165                                0xa3, 0x71, 0x9a, 0xb2, 0x3e, 0x78, 0xec, 0xb5,
01166                                0x0e, 0x6e, 0x31, 0x3b, 0x77, 0x1f, 0x6e, 0x94,
01167                                0x41, 0x60, 0xd5, 0x6e, 0xd9, 0xc6, 0xf9, 0x29,
01168                                0xc3, 0x40, 0x36, 0x25, 0xdb, 0xea, 0x0b, 0x07,
01169                                0xae, 0x76, 0xfd, 0x99, 0x29, 0xf4, 0x22, 0xc1,
01170                                0x1a, 0x8f, 0x05, 0xfe, 0x98, 0x09, 0x07, 0x05,
01171                                0xc2, 0x0f, 0x0b, 0x11, 0x83, 0x39, 0xca, 0xc7,
01172                                0x43, 0x63, 0xff, 0x33, 0x80, 0xe7, 0xc3, 0x78,
01173                                0xae, 0xf1, 0x73, 0x52, 0x98, 0x1d, 0xde, 0x5c,
01174                                0x53, 0x6e, 0x01, 0x73, 0x0d, 0x12, 0x7e, 0x77,
01175                                0x03, 0xf1, 0xef, 0x1b, 0xc8, 0xa8, 0x0f, 0x97};
01176 
01177     /* RSA Known Public Key Values (24-bits). */
01178     static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] 
01179                                                        = { 0x01, 0x00, 0x01 };
01180     /* RSA Known Private Key Values (version                 is    8-bits), */
01181     /*                              (private exponent        is 1024-bits), */
01182     /*                              (private prime0          is  512-bits), */
01183     /*                              (private prime1          is  512-bits), */
01184     /*                              (private prime exponent0 is  512-bits), */
01185     /*                              (private prime exponent1 is  512-bits), */
01186     /*                          and (private coefficient     is  512-bits). */
01187     static const PRUint8 rsa_version[] = { 0x00 };
01188 
01189     static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH]
01190                            = { 0x85, 0x27, 0x47, 0x61, 0x4c, 0xd4, 0xb5, 0xb2,
01191                                0x0e, 0x70, 0x91, 0x8f, 0x3d, 0x97, 0xf9, 0x5f,
01192                                0xcc, 0x09, 0x65, 0x1c, 0x7c, 0x5b, 0xb3, 0x6d,
01193                                0x63, 0x3f, 0x7b, 0x55, 0x22, 0xbb, 0x7c, 0x48,
01194                                0x77, 0xae, 0x80, 0x56, 0xc2, 0x10, 0xd5, 0x03,
01195                                0xdb, 0x31, 0xaf, 0x8d, 0x54, 0xd4, 0x48, 0x99,
01196                                0xa8, 0xc4, 0x23, 0x43, 0xb8, 0x48, 0x0b, 0xc7,
01197                                0xbc, 0xf5, 0xcc, 0x64, 0x72, 0xbf, 0x59, 0x06,
01198                                0x04, 0x1c, 0x32, 0xf5, 0x14, 0x2e, 0x6e, 0xe2,
01199                                0x0f, 0x5c, 0xde, 0x36, 0x3c, 0x6e, 0x7c, 0x4d,
01200                                0xcc, 0xd3, 0x00, 0x6e, 0xe5, 0x45, 0x46, 0xef,
01201                                0x4d, 0x25, 0x46, 0x6d, 0x7f, 0xed, 0xbb, 0x4f,
01202                                0x4d, 0x9f, 0xda, 0x87, 0x47, 0x8f, 0x74, 0x44,
01203                                0xb7, 0xbe, 0x9d, 0xf5, 0xdd, 0xd2, 0x4c, 0xa5,
01204                                0xab, 0x74, 0xe5, 0x29, 0xa1, 0xd2, 0x45, 0x3b,
01205                                0x33, 0xde, 0xd5, 0xae, 0xf7, 0x03, 0x10, 0x21};
01206 
01207     static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH]   = {
01208                                0xf9, 0x74, 0x8f, 0x16, 0x02, 0x6b, 0xa0, 0xee,
01209                                0x7f, 0x28, 0x97, 0x91, 0xdc, 0xec, 0xc0, 0x7c,
01210                                0x49, 0xc2, 0x85, 0x76, 0xee, 0x66, 0x74, 0x2d,
01211                                0x1a, 0xb8, 0xf7, 0x2f, 0x11, 0x5b, 0x36, 0xd8,
01212                                0x46, 0x33, 0x3b, 0xd8, 0xf3, 0x2d, 0xa1, 0x03,
01213                                0x83, 0x2b, 0xec, 0x35, 0x43, 0x32, 0xff, 0xdd,
01214                                0x81, 0x7c, 0xfd, 0x65, 0x13, 0x04, 0x7c, 0xfc,
01215                                0x03, 0x97, 0xf0, 0xd5, 0x62, 0xdc, 0x0d, 0xbf};
01216     static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH]   = {
01217                                0xdb, 0x1e, 0xa7, 0x3d, 0xe7, 0xfa, 0x8b, 0x04,
01218                                0x83, 0x48, 0xf3, 0xa5, 0x31, 0x9d, 0x35, 0x5e,
01219                                0x4d, 0x54, 0x77, 0xcc, 0x84, 0x09, 0xf3, 0x11,
01220                                0x0d, 0x54, 0xed, 0x85, 0x39, 0xa9, 0xca, 0xa8,
01221                                0xea, 0xae, 0x19, 0x9c, 0x75, 0xdb, 0x88, 0xb8,
01222                                0x04, 0x8d, 0x54, 0xc6, 0xa4, 0x80, 0xf8, 0x93,
01223                                0xf0, 0xdb, 0x19, 0xef, 0xd7, 0x87, 0x8a, 0x8f,
01224                                0x5a, 0x09, 0x2e, 0x54, 0xf3, 0x45, 0x24, 0x29};
01225     static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
01226                                0x6a, 0xd1, 0x25, 0x80, 0x18, 0x33, 0x3c, 0x2b,
01227                                0x44, 0x19, 0xfe, 0xa5, 0x40, 0x03, 0xc4, 0xfc,
01228                                0xb3, 0x9c, 0xef, 0x07, 0x99, 0x58, 0x17, 0xc1,
01229                                0x44, 0xa3, 0x15, 0x7d, 0x7b, 0x22, 0x22, 0xdf,
01230                                0x03, 0x58, 0x66, 0xf5, 0x24, 0x54, 0x52, 0x91,
01231                                0x2d, 0x76, 0xfe, 0x63, 0x64, 0x4e, 0x0f, 0x50,
01232                                0x2b, 0x65, 0x79, 0x1f, 0xf1, 0xbf, 0xc7, 0x41,
01233                                0x26, 0xcc, 0xc6, 0x1c, 0xa9, 0x83, 0x6f, 0x03};
01234     static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
01235                                0x12, 0x84, 0x1a, 0x99, 0xce, 0x9a, 0x8b, 0x58,
01236                                0xcc, 0x47, 0x43, 0xdf, 0x77, 0xbb, 0xd3, 0x20,
01237                                0xae, 0xe4, 0x2e, 0x63, 0x67, 0xdc, 0xf7, 0x5f,
01238                                0x3f, 0x83, 0x27, 0xb7, 0x14, 0x52, 0x56, 0xbf,
01239                                0xc3, 0x65, 0x06, 0xe1, 0x03, 0xcc, 0x93, 0x57,
01240                                0x09, 0x7b, 0x6f, 0xe8, 0x81, 0x4a, 0x2c, 0xb7,
01241                                0x43, 0xa9, 0x20, 0x1d, 0xf6, 0x56, 0x8b, 0xcc,
01242                                0xe5, 0x4c, 0xd5, 0x4f, 0x74, 0x67, 0x29, 0x51};
01243     static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
01244                                0x23, 0xab, 0xf4, 0x03, 0x2f, 0x29, 0x95, 0x74,
01245                                0xac, 0x1a, 0x33, 0x96, 0x62, 0xed, 0xf7, 0xf6,
01246                                0xae, 0x07, 0x2a, 0x2e, 0xe8, 0xab, 0xfb, 0x1e,
01247                                0xb9, 0xb2, 0x88, 0x1e, 0x85, 0x05, 0x42, 0x64,
01248                                0x03, 0xb2, 0x8b, 0xc1, 0x81, 0x75, 0xd7, 0xba,
01249                                0xaa, 0xd4, 0x31, 0x3c, 0x8a, 0x96, 0x23, 0x9d,
01250                                0x3f, 0x06, 0x3e, 0x44, 0xa9, 0x62, 0x2f, 0x61,
01251                                0x5a, 0x51, 0x82, 0x2c, 0x04, 0x85, 0x73, 0xd1};
01252 
01253     /* RSA Known Plaintext Message (1024-bits). */
01254     static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
01255                                          "Known plaintext message utilized" 
01256                                          "for RSA Encryption &  Decryption"
01257                                          "block, SHA1, SHA256, SHA384  and"
01258                                          "SHA512 RSA Signature KAT tests."};
01259 
01260     /* RSA Known Ciphertext (1024-bits). */
01261     static const PRUint8 rsa_known_ciphertext[] = {
01262                                0x1e, 0x7e, 0x12, 0xbb, 0x15, 0x62, 0xd0, 0x23,
01263                                0x53, 0x4c, 0x51, 0x97, 0x77, 0x06, 0xa0, 0xbb,
01264                                0x26, 0x99, 0x9a, 0x8f, 0x39, 0xad, 0x88, 0x5c,
01265                                0xc4, 0xce, 0x33, 0x40, 0x94, 0x92, 0xb4, 0x0e,
01266                                0xab, 0x71, 0xa9, 0x5d, 0x9a, 0x37, 0xe3, 0x9a,
01267                                0x24, 0x95, 0x13, 0xea, 0x0f, 0xbb, 0xf7, 0xff,
01268                                0xdf, 0x31, 0x33, 0x23, 0x1d, 0xce, 0x26, 0x9e,
01269                                0xd1, 0xde, 0x98, 0x40, 0xde, 0x57, 0x86, 0x12,
01270                                0xf1, 0xe6, 0x5a, 0x3f, 0x08, 0x02, 0x81, 0x85,
01271                                0xe0, 0xd9, 0xad, 0x3c, 0x8c, 0x71, 0xf8, 0xcf,
01272                                0x0a, 0x98, 0xc5, 0x08, 0xdc, 0xc4, 0xca, 0x8c,
01273                                0x23, 0x1b, 0x4d, 0x9b, 0xb5, 0x13, 0x44, 0xe1,
01274                                0x5f, 0xf9, 0x30, 0x80, 0x25, 0xe0, 0x1e, 0x94,
01275                                0xa3, 0x0c, 0xdc, 0x82, 0x2e, 0xfb, 0x30, 0xbe,
01276                                0x89, 0xba, 0x76, 0xb6, 0x23, 0xf7, 0xda, 0x7c,
01277                                0xca, 0xe6, 0x02, 0xbd, 0x92, 0xce, 0x64, 0xfc};
01278 
01279     /* RSA Known Signed Hash (1024-bits). */
01280     static const PRUint8 rsa_known_sha1_signature[] = {
01281                                0xd2, 0xa4, 0xe0, 0x2b, 0xc7, 0x03, 0x7f, 0xc6,
01282                                0x06, 0x9e, 0xa2, 0x82, 0x19, 0xe9, 0x2b, 0xaf,
01283                                0xe3, 0x48, 0x88, 0xc1, 0xf3, 0xb5, 0x0d, 0xe4,
01284                                0x52, 0x9e, 0xad, 0xd5, 0x58, 0xb5, 0x9f, 0xe8,
01285                                0x40, 0xe9, 0xb7, 0x2e, 0xc6, 0x71, 0x58, 0x56,
01286                                0x04, 0xac, 0xb0, 0xf3, 0x3a, 0x42, 0x38, 0x08,
01287                                0xc4, 0x43, 0x39, 0xba, 0x19, 0xce, 0xb1, 0x99,
01288                                0xf1, 0x8d, 0x89, 0xd8, 0x50, 0x07, 0x14, 0x3d,
01289                                0xcf, 0xd0, 0xb6, 0x79, 0xde, 0x9c, 0x89, 0x32,
01290                                0xb0, 0x73, 0x3f, 0xed, 0x03, 0x0b, 0xdf, 0x6d,
01291                                0x7e, 0xc9, 0x1c, 0x39, 0xe8, 0x2b, 0x16, 0x09,
01292                                0xbb, 0x5f, 0x99, 0x2f, 0xeb, 0xf3, 0x37, 0x73,
01293                                0x0d, 0x0e, 0xcc, 0x95, 0xad, 0x90, 0x80, 0x03,
01294                                0x1d, 0x80, 0x55, 0x37, 0xa1, 0x2a, 0x71, 0x76,
01295                                0x23, 0x87, 0x8c, 0x9b, 0x41, 0x07, 0xc6, 0x3d,
01296                                0xc6, 0xa3, 0x7d, 0x1b, 0xff, 0x4e, 0x11, 0x19};
01297 
01298     /* RSA Known Signed Hash (1024-bits). */
01299     static const PRUint8 rsa_known_sha256_signature[] = {
01300                                0x27, 0x35, 0xdd, 0xc4, 0xf8, 0xe2, 0x0b, 0xa3,
01301                                0xef, 0x63, 0x57, 0x3b, 0xe1, 0x58, 0x9a, 0xbc,
01302                                0x20, 0x9c, 0x25, 0x12, 0x01, 0xbf, 0xbb, 0x29,
01303                                0x80, 0x1a, 0xb1, 0x37, 0x9c, 0xcd, 0x67, 0xc7,
01304                                0x0d, 0xf8, 0x64, 0x10, 0x9f, 0xe2, 0xa1, 0x9b,
01305                                0x21, 0x90, 0xcc, 0xda, 0x8b, 0x76, 0x5e, 0x79,
01306                                0x00, 0x9d, 0x58, 0x8b, 0x8a, 0xb3, 0xc3, 0xb5,
01307                                0xf1, 0x54, 0xc5, 0x8c, 0x72, 0xba, 0xde, 0x51,
01308                                0x3c, 0x6b, 0x94, 0xd6, 0xf3, 0x1b, 0xa2, 0x53,
01309                                0xe6, 0x1a, 0x46, 0x1d, 0x7f, 0x14, 0x86, 0xcc,
01310                                0xa6, 0x30, 0x92, 0x96, 0xc0, 0x96, 0x24, 0xf0,
01311                                0x42, 0x53, 0x4c, 0xdd, 0x27, 0xdf, 0x1d, 0x2e,
01312                                0x8b, 0x83, 0xbe, 0xed, 0x85, 0x1d, 0x50, 0x46,
01313                                0xa3, 0x7d, 0x20, 0xea, 0x3e, 0x91, 0xfb, 0xf6,
01314                                0x86, 0x51, 0xfd, 0x8c, 0xe5, 0x31, 0xe6, 0x7e,
01315                                0x60, 0x08, 0x0e, 0xec, 0xa6, 0xea, 0x24, 0x8d};
01316 
01317     /* RSA Known Signed Hash (1024-bits). */
01318     static const PRUint8 rsa_known_sha384_signature[] = {
01319                                0x0b, 0x03, 0x94, 0x4f, 0x94, 0x78, 0x9b, 0x96,
01320                                0x76, 0xeb, 0x72, 0x58, 0xe1, 0xc5, 0xc7, 0x5f,
01321                                0x85, 0x01, 0xa8, 0xc4, 0xf6, 0x1a, 0xb5, 0x2c,
01322                                0xd1, 0xd8, 0x87, 0xde, 0x3a, 0x9c, 0x9f, 0x57,
01323                                0x81, 0x2a, 0x1e, 0x23, 0x07, 0x70, 0xb0, 0xf9,
01324                                0x28, 0x3d, 0xfa, 0xe5, 0x2e, 0x1b, 0x9a, 0x72,
01325                                0xc3, 0x74, 0xb3, 0x42, 0x1c, 0x9a, 0x13, 0xdc,
01326                                0xc9, 0xd6, 0xd5, 0x88, 0xc9, 0x9c, 0x46, 0xf1,
01327                                0x0c, 0xa6, 0xf7, 0xd8, 0x06, 0xa3, 0x1b, 0xdf,
01328                                0x55, 0xb3, 0x1b, 0x7b, 0x58, 0x1d, 0xff, 0x19,
01329                                0xc7, 0xe0, 0xdd, 0x59, 0xac, 0x2f, 0x78, 0x71,
01330                                0xe7, 0xe0, 0x17, 0xa3, 0x1c, 0x5c, 0x92, 0xef,
01331                                0xb6, 0x75, 0xed, 0xbe, 0x18, 0x39, 0x6b, 0xd7,
01332                                0xc9, 0x08, 0x62, 0x55, 0x62, 0xac, 0x5d, 0xa1,
01333                                0x9b, 0xd5, 0xb8, 0x98, 0x15, 0xc0, 0xf5, 0x41,
01334                                0x85, 0x44, 0x96, 0xca, 0x10, 0xdc, 0x57, 0x21};
01335 
01336     /* RSA Known Signed Hash (1024-bits). */
01337     static const PRUint8 rsa_known_sha512_signature[] = {
01338                                0xa5, 0xd0, 0x80, 0x04, 0x22, 0xfc, 0x80, 0x73,
01339                                0x7d, 0x46, 0xc8, 0x7b, 0xac, 0x44, 0x7b, 0xe6,
01340                                0x07, 0xe5, 0x61, 0x4c, 0x33, 0x7f, 0x6f, 0x46,
01341                                0x7c, 0x30, 0xe3, 0x75, 0x59, 0x4b, 0x42, 0xf3,
01342                                0x9f, 0x35, 0x3c, 0x10, 0x56, 0xdb, 0xd2, 0x69,
01343                                0x43, 0xcb, 0x77, 0xe9, 0x7d, 0xcd, 0x07, 0x43,
01344                                0xc5, 0xd4, 0x0c, 0x9d, 0xf5, 0x92, 0xbd, 0x0e,
01345                                0x3b, 0xb7, 0x68, 0x88, 0x84, 0xca, 0xae, 0x0d,
01346                                0xab, 0x71, 0x10, 0xad, 0xab, 0x27, 0xe4, 0xa3,
01347                                0x24, 0x41, 0xeb, 0x1c, 0xa6, 0x5f, 0xf1, 0x85,
01348                                0xd0, 0xf6, 0x22, 0x74, 0x3d, 0x81, 0xbe, 0xdd,
01349                                0x1b, 0x2a, 0x4c, 0xd1, 0x6c, 0xb5, 0x6d, 0x7a,
01350                                0xbb, 0x99, 0x69, 0x01, 0xa6, 0xc0, 0x98, 0xfa,
01351                                0x97, 0xa3, 0xd1, 0xb0, 0xdf, 0x09, 0xe3, 0x3d,
01352                                0x88, 0xee, 0x90, 0xf3, 0x10, 0x41, 0x0f, 0x06,
01353                                0x31, 0xe9, 0x60, 0x2d, 0xbf, 0x63, 0x7b, 0xf8};
01354 
01355     static const RSAPublicKey    bl_public_key = { NULL,
01356       { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,         
01357                                         FIPS_RSA_MODULUS_LENGTH },
01358       { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent, 
01359                                         FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
01360     };
01361     static const RSAPrivateKey   bl_private_key = { NULL,
01362       { FIPS_RSA_TYPE, (unsigned char *)rsa_version,          
01363                                         FIPS_RSA_PRIVATE_VERSION_LENGTH },
01364       { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,          
01365                                         FIPS_RSA_MODULUS_LENGTH },
01366       { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,  
01367                                         FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
01368       { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent, 
01369                                         FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
01370       { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,           
01371                                         FIPS_RSA_PRIME0_LENGTH },
01372       { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,           
01373                                         FIPS_RSA_PRIME1_LENGTH },
01374       { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,        
01375                                         FIPS_RSA_EXPONENT0_LENGTH },
01376       { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,        
01377                                         FIPS_RSA_EXPONENT1_LENGTH },
01378       { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,      
01379                                         FIPS_RSA_COEFFICIENT_LENGTH }
01380     };
01381 
01382     /* RSA variables. */
01383 #ifdef CREATE_TEMP_ARENAS
01384     PLArenaPool *         rsa_public_arena;
01385     PLArenaPool *         rsa_private_arena;
01386 #endif
01387     NSSLOWKEYPublicKey *  rsa_public_key;
01388     NSSLOWKEYPrivateKey * rsa_private_key;
01389     SECStatus             rsa_status;
01390 
01391     NSSLOWKEYPublicKey    low_public_key   = { NULL, NSSLOWKEYRSAKey, };
01392     NSSLOWKEYPrivateKey   low_private_key  = { NULL, NSSLOWKEYRSAKey, };
01393     PRUint8               rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
01394     PRUint8               rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
01395 
01396     /****************************************/
01397     /* Compose RSA Public/Private Key Pair. */
01398     /****************************************/
01399 
01400     low_public_key.u.rsa  = bl_public_key;
01401     low_private_key.u.rsa = bl_private_key;
01402 
01403     rsa_public_key  = &low_public_key;
01404     rsa_private_key = &low_private_key;
01405 
01406 #ifdef CREATE_TEMP_ARENAS
01407     /* Create some space for the RSA public key. */
01408     rsa_public_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
01409 
01410     if( rsa_public_arena == NULL ) {
01411         PORT_SetError( SEC_ERROR_NO_MEMORY );
01412         return( CKR_HOST_MEMORY );
01413     }
01414 
01415     /* Create some space for the RSA private key. */
01416     rsa_private_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
01417 
01418     if( rsa_private_arena == NULL ) {
01419         PORT_FreeArena( rsa_public_arena, PR_TRUE );
01420         PORT_SetError( SEC_ERROR_NO_MEMORY );
01421         return( CKR_HOST_MEMORY );
01422     }
01423 
01424     rsa_public_key->arena = rsa_public_arena;
01425     rsa_private_key->arena = rsa_private_arena;
01426 #endif
01427 
01428     /**************************************************/
01429     /* RSA Single-Round Known Answer Encryption Test. */
01430     /**************************************************/
01431 
01432     /* Perform RSA Public Key Encryption. */
01433     rsa_status = RSA_PublicKeyOp(&rsa_public_key->u.rsa,
01434                                  rsa_computed_ciphertext,
01435                                  rsa_known_plaintext_msg);
01436 
01437     if( ( rsa_status != SECSuccess ) ||
01438         ( PORT_Memcmp( rsa_computed_ciphertext, rsa_known_ciphertext,
01439                        FIPS_RSA_ENCRYPT_LENGTH ) != 0 ) )
01440         goto rsa_loser;
01441 
01442     /**************************************************/
01443     /* RSA Single-Round Known Answer Decryption Test. */
01444     /**************************************************/
01445 
01446     /* Perform RSA Private Key Decryption. */
01447     rsa_status = RSA_PrivateKeyOp(&rsa_private_key->u.rsa,
01448                                   rsa_computed_plaintext,
01449                                   rsa_known_ciphertext);
01450 
01451     if( ( rsa_status != SECSuccess ) ||
01452         ( PORT_Memcmp( rsa_computed_plaintext, rsa_known_plaintext_msg,
01453                        FIPS_RSA_DECRYPT_LENGTH ) != 0 ) )
01454         goto rsa_loser;
01455 
01456     rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA1,
01457                            rsa_public_key, rsa_private_key,
01458                            rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH, 
01459                            rsa_known_sha1_signature);
01460     if( rsa_status != SECSuccess )
01461         goto rsa_loser;
01462 
01463     rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA256,
01464                            rsa_public_key, rsa_private_key,
01465                            rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
01466                            rsa_known_sha256_signature);
01467     if( rsa_status != SECSuccess )
01468         goto rsa_loser;
01469 
01470     rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA384,
01471                            rsa_public_key, rsa_private_key,
01472                            rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
01473                            rsa_known_sha384_signature);
01474     if( rsa_status != SECSuccess )
01475         goto rsa_loser;
01476 
01477     rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA512,
01478                            rsa_public_key, rsa_private_key,
01479                            rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
01480                            rsa_known_sha512_signature);
01481     if( rsa_status != SECSuccess )
01482         goto rsa_loser;
01483 
01484     /* Dispose of all RSA key material. */
01485     nsslowkey_DestroyPublicKey( rsa_public_key );
01486     nsslowkey_DestroyPrivateKey( rsa_private_key );
01487 
01488     return( CKR_OK );
01489 
01490 rsa_loser:
01491 
01492     nsslowkey_DestroyPublicKey( rsa_public_key );
01493     nsslowkey_DestroyPrivateKey( rsa_private_key );
01494 
01495     return( CKR_DEVICE_ERROR );
01496 }
01497 
01498 #ifdef NSS_ENABLE_ECC
01499 
01500 static CK_RV
01501 sftk_fips_ECDSA_Test(const PRUint8 *encodedParams, 
01502                      unsigned int encodedParamsLen,
01503                      const PRUint8 *knownSignature, 
01504                      unsigned int knownSignatureLen) {
01505 
01506     /* ECDSA Known Seed info for curves nistp256 and nistk283  */
01507     static const PRUint8 ecdsa_Known_Seed[] = {
01508                             0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
01509                             0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
01510                             0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
01511                             0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f};
01512 
01513     static const PRUint8 msg[] = {
01514                             "Firefox and ThunderBird are awesome!"};
01515 
01516     unsigned char sha1[SHA1_LENGTH];  /* SHA-1 hash (160 bits) */
01517     unsigned char sig[2*MAX_ECKEY_LEN];
01518     SECItem signature, digest;
01519     SECItem encodedparams;
01520     ECParams *ecparams = NULL;
01521     ECPrivateKey *ecdsa_private_key = NULL;
01522     ECPublicKey ecdsa_public_key;
01523     SECStatus ecdsaStatus = SECSuccess;
01524 
01525     /* construct the ECDSA private/public key pair */
01526     encodedparams.type = siBuffer;
01527     encodedparams.data = (unsigned char *) encodedParams;
01528     encodedparams.len = encodedParamsLen;
01529     
01530     if (EC_DecodeParams(&encodedparams, &ecparams) != SECSuccess) {
01531         return( CKR_DEVICE_ERROR );
01532     }
01533 
01534     /* Generates a new EC key pair. The private key is a supplied
01535      * random value (in seed) and the public key is the result of 
01536      * performing a scalar point multiplication of that value with 
01537      * the curve's base point.
01538      */
01539     ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key, 
01540                                    ecdsa_Known_Seed, 
01541                                    sizeof(ecdsa_Known_Seed));
01542     /* free the ecparams they are no longer needed */
01543     PORT_FreeArena(ecparams->arena, PR_FALSE);
01544     ecparams = NULL;
01545     if (ecdsaStatus != SECSuccess) {
01546         return ( CKR_DEVICE_ERROR );    
01547     }
01548 
01549     /* construct public key from private key. */
01550     ecdsaStatus = EC_CopyParams(ecdsa_private_key->ecParams.arena, 
01551                                 &ecdsa_public_key.ecParams,
01552                                 &ecdsa_private_key->ecParams);
01553     if (ecdsaStatus != SECSuccess) {
01554         goto loser;
01555     }
01556     ecdsa_public_key.publicValue = ecdsa_private_key->publicValue;
01557 
01558     /* validate public key value */
01559     ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams, 
01560                                        &ecdsa_public_key.publicValue);
01561     if (ecdsaStatus != SECSuccess) {
01562         goto loser;
01563     }
01564 
01565     /* validate public key value */
01566     ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams, 
01567                                        &ecdsa_private_key->publicValue);
01568     if (ecdsaStatus != SECSuccess) {
01569         goto loser;
01570     }
01571 
01572     /***************************************************/
01573     /* ECDSA Single-Round Known Answer Signature Test. */
01574     /***************************************************/
01575     
01576     ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg);
01577     if (ecdsaStatus != SECSuccess) {
01578         goto loser;
01579     }
01580     digest.type = siBuffer;
01581     digest.data = sha1;
01582     digest.len = SHA1_LENGTH;
01583     
01584     memset(sig, 0, sizeof sig);
01585     signature.type = siBuffer;
01586     signature.data = sig;
01587     signature.len = sizeof sig;
01588     
01589     ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature, 
01590                          &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed);
01591     if (ecdsaStatus != SECSuccess) {
01592         goto loser;
01593     }
01594 
01595     if( ( signature.len != knownSignatureLen ) ||
01596         ( PORT_Memcmp( signature.data, knownSignature,
01597                     knownSignatureLen ) != 0 ) ) {
01598         ecdsaStatus = SECFailure;
01599         goto loser;
01600     }
01601     
01602     /******************************************************/
01603     /* ECDSA Single-Round Known Answer Verification Test. */
01604     /******************************************************/
01605 
01606     /* Perform ECDSA verification process. */
01607     ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest);
01608 
01609 loser:
01610     /* free the memory for the private key arena*/
01611     if (ecdsa_private_key != NULL) {
01612         PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE);
01613     }
01614 
01615     if (ecdsaStatus != SECSuccess) {
01616         return CKR_DEVICE_ERROR ;
01617     }
01618     return( CKR_OK );
01619 }
01620 
01621 static CK_RV
01622 sftk_fips_ECDSA_PowerUpSelfTest() {
01623 
01624    /* ECDSA Known curve nistp256 == SEC_OID_SECG_EC_SECP256R1 params */
01625     static const PRUint8 ecdsa_known_P256_EncodedParams[] = {
01626                             0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,
01627                             0x01,0x07};
01628 
01629     static const PRUint8 ecdsa_known_P256_signature[] = {
01630                             0x07,0xb1,0xcb,0x57,0x20,0xa7,0x10,0xd6, 
01631                             0x9d,0x37,0x4b,0x1c,0xdc,0x35,0x90,0xff, 
01632                             0x1a,0x2d,0x98,0x95,0x1b,0x2f,0xeb,0x7f, 
01633                             0xbb,0x81,0xca,0xc0,0x69,0x75,0xea,0xc5,
01634                             0x59,0x6a,0x62,0x49,0x3d,0x50,0xc9,0xe1, 
01635                             0x27,0x3b,0xff,0x9b,0x13,0x66,0x67,0xdd, 
01636                             0x7d,0xd1,0x0d,0x2d,0x7c,0x44,0x04,0x1b, 
01637                             0x16,0x21,0x12,0xc5,0xcb,0xbd,0x9e,0x75};
01638 
01639 #ifdef NSS_ECC_MORE_THAN_SUITE_B
01640     /* ECDSA Known curve nistk283 == SEC_OID_SECG_EC_SECT283K1 params */
01641     static const PRUint8 ecdsa_known_K283_EncodedParams[] = {
01642                             0x06,0x05,0x2b,0x81,0x04,0x00,0x10};
01643                          
01644     static const PRUint8 ecdsa_known_K283_signature[] = {
01645                             0x00,0x45,0x88,0xc0,0x79,0x09,0x07,0xd1, 
01646                             0x4e,0x88,0xe6,0xd5,0x2f,0x22,0x04,0x74, 
01647                             0x35,0x24,0x65,0xe8,0x15,0xde,0x90,0x66, 
01648                             0x94,0x70,0xdd,0x3a,0x14,0x70,0x02,0xd1,
01649                             0xef,0x86,0xbd,0x15,0x00,0xd9,0xdc,0xfc, 
01650                             0x87,0x2e,0x7c,0x99,0xe2,0xe3,0x79,0xb8, 
01651                             0xd9,0x10,0x49,0x78,0x4b,0x59,0x8b,0x05, 
01652                             0x77,0xec,0x6c,0xe8,0x35,0xe6,0x2e,0xa9,
01653                             0xf9,0x77,0x1f,0x71,0x86,0xa5,0x4a,0xd0};
01654 #endif
01655 
01656     CK_RV crv;
01657 
01658     /* ECDSA GF(p) prime field curve test */
01659     crv = sftk_fips_ECDSA_Test(ecdsa_known_P256_EncodedParams,
01660                                sizeof ecdsa_known_P256_EncodedParams,
01661                                ecdsa_known_P256_signature,
01662                                sizeof ecdsa_known_P256_signature );
01663     if (crv != CKR_OK) {
01664         return( CKR_DEVICE_ERROR );
01665     }
01666 
01667 #ifdef NSS_ECC_MORE_THAN_SUITE_B
01668     /* ECDSA GF(2m) binary field curve test */
01669     crv = sftk_fips_ECDSA_Test(ecdsa_known_K283_EncodedParams,
01670                                sizeof ecdsa_known_K283_EncodedParams,
01671                                ecdsa_known_K283_signature,
01672                                sizeof ecdsa_known_K283_signature );
01673     if (crv != CKR_OK) {
01674         return( CKR_DEVICE_ERROR );
01675     }
01676 #endif
01677 
01678     return( CKR_OK );
01679 }
01680 
01681 #endif    /* NSS_ENABLE_ECC */
01682 
01683 static CK_RV
01684 sftk_fips_DSA_PowerUpSelfTest( void )
01685 {
01686     /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */
01687     static const PRUint8 dsa_P[] = {
01688          0x80,0xb0,0xd1,0x9d,0x6e,0xa4,0xf3,0x28, 
01689          0x9f,0x24,0xa9,0x8a,0x49,0xd0,0x0c,0x63, 
01690          0xe8,0x59,0x04,0xf9,0x89,0x4a,0x5e,0xc0, 
01691          0x6d,0xd2,0x67,0x6b,0x37,0x81,0x83,0x0c,
01692          0xfe,0x3a,0x8a,0xfd,0xa0,0x3b,0x08,0x91, 
01693          0x1c,0xcb,0xb5,0x63,0xb0,0x1c,0x70,0xd0, 
01694          0xae,0xe1,0x60,0x2e,0x12,0xeb,0x54,0xc7, 
01695          0xcf,0xc6,0xcc,0xae,0x97,0x52,0x32,0x63,
01696          0xd3,0xeb,0x55,0xea,0x2f,0x4c,0xd5,0xd7, 
01697          0x3f,0xda,0xec,0x49,0x27,0x0b,0x14,0x56, 
01698          0xc5,0x09,0xbe,0x4d,0x09,0x15,0x75,0x2b, 
01699          0xa3,0x42,0x0d,0x03,0x71,0xdf,0x0f,0xf4,
01700          0x0e,0xe9,0x0c,0x46,0x93,0x3d,0x3f,0xa6, 
01701          0x6c,0xdb,0xca,0xe5,0xac,0x96,0xc8,0x64, 
01702          0x5c,0xec,0x4b,0x35,0x65,0xfc,0xfb,0x5a, 
01703          0x1b,0x04,0x1b,0xa1,0x0e,0xfd,0x88,0x15};
01704         
01705     static const PRUint8 dsa_Q[] = {
01706          0xad,0x22,0x59,0xdf,0xe5,0xec,0x4c,0x6e, 
01707          0xf9,0x43,0xf0,0x4b,0x2d,0x50,0x51,0xc6, 
01708          0x91,0x99,0x8b,0xcf};
01709         
01710     static const PRUint8 dsa_G[] = {
01711          0x78,0x6e,0xa9,0xd8,0xcd,0x4a,0x85,0xa4, 
01712          0x45,0xb6,0x6e,0x5d,0x21,0x50,0x61,0xf6, 
01713          0x5f,0xdf,0x5c,0x7a,0xde,0x0d,0x19,0xd3, 
01714          0xc1,0x3b,0x14,0xcc,0x8e,0xed,0xdb,0x17,
01715          0xb6,0xca,0xba,0x86,0xa9,0xea,0x51,0x2d, 
01716          0xc1,0xa9,0x16,0xda,0xf8,0x7b,0x59,0x8a, 
01717          0xdf,0xcb,0xa4,0x67,0x00,0x44,0xea,0x24, 
01718          0x73,0xe5,0xcb,0x4b,0xaf,0x2a,0x31,0x25,
01719          0x22,0x28,0x3f,0x16,0x10,0x82,0xf7,0xeb, 
01720          0x94,0x0d,0xdd,0x09,0x22,0x14,0x08,0x79, 
01721          0xba,0x11,0x0b,0xf1,0xff,0x2d,0x67,0xac, 
01722          0xeb,0xb6,0x55,0x51,0x69,0x97,0xa7,0x25,
01723          0x6b,0x9c,0xa0,0x9b,0xd5,0x08,0x9b,0x27, 
01724          0x42,0x1c,0x7a,0x69,0x57,0xe6,0x2e,0xed, 
01725          0xa9,0x5b,0x25,0xe8,0x1f,0xd2,0xed,0x1f, 
01726          0xdf,0xe7,0x80,0x17,0xba,0x0d,0x4d,0x38};
01727 
01728     /* DSA Known Random Values (known random key block       is 160-bits)  */
01729     /*                     and (known random signature block is 160-bits). */
01730     static const PRUint8 dsa_known_random_key_block[] = {
01731                                                       "Mozilla Rules World!"};
01732     static const PRUint8 dsa_known_random_signature_block[] = {
01733                                                       "Random DSA Signature"};
01734 
01735     /* DSA Known Digest (160-bits) */
01736     static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" };
01737 
01738     /* DSA Known Signature (320-bits). */
01739     static const PRUint8 dsa_known_signature[] = {
01740         0x25,0x7c,0x3a,0x79,0x32,0x45,0xb7,0x32, 
01741         0x70,0xca,0x62,0x63,0x2b,0xf6,0x29,0x2c, 
01742         0x22,0x2a,0x03,0xce,0x48,0x15,0x11,0x72, 
01743         0x7b,0x7e,0xf5,0x7a,0xf3,0x10,0x3b,0xde,
01744         0x34,0xc1,0x9e,0xd7,0x27,0x9e,0x77,0x38};
01745 
01746     /* DSA variables. */
01747     DSAPrivateKey *        dsa_private_key;
01748     SECStatus              dsa_status;
01749     SECItem                dsa_signature_item;
01750     SECItem                dsa_digest_item;
01751     DSAPublicKey           dsa_public_key;
01752     PRUint8                dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
01753     static const PQGParams dsa_pqg = { NULL,
01754                          { FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PRIME_LENGTH },
01755                          { FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SUBPRIME_LENGTH },
01756                          { FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BASE_LENGTH }};
01757 
01758     /*******************************************/
01759     /* Generate a DSA public/private key pair. */
01760     /*******************************************/
01761 
01762     /* Generate a DSA public/private key pair. */
01763     dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block,
01764                                     &dsa_private_key);
01765 
01766     if( dsa_status != SECSuccess )
01767         return( CKR_HOST_MEMORY );
01768 
01769     /* construct public key from private key. */
01770     dsa_public_key.params      = dsa_private_key->params;
01771     dsa_public_key.publicValue = dsa_private_key->publicValue;
01772 
01773     /*************************************************/
01774     /* DSA Single-Round Known Answer Signature Test. */
01775     /*************************************************/
01776 
01777     dsa_signature_item.data = dsa_computed_signature;
01778     dsa_signature_item.len  = sizeof dsa_computed_signature;
01779 
01780     dsa_digest_item.data    = (unsigned char *)dsa_known_digest;
01781     dsa_digest_item.len     = SHA1_LENGTH;
01782 
01783     /* Perform DSA signature process. */
01784     dsa_status = DSA_SignDigestWithSeed( dsa_private_key, 
01785                                          &dsa_signature_item,
01786                                          &dsa_digest_item,
01787                                          dsa_known_random_signature_block );
01788 
01789     if( ( dsa_status != SECSuccess ) ||
01790         ( dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH ) ||
01791         ( PORT_Memcmp( dsa_computed_signature, dsa_known_signature,
01792                        FIPS_DSA_SIGNATURE_LENGTH ) != 0 ) ) {
01793         dsa_status = SECFailure;
01794     } else {
01795 
01796     /****************************************************/
01797     /* DSA Single-Round Known Answer Verification Test. */
01798     /****************************************************/
01799 
01800     /* Perform DSA verification process. */
01801     dsa_status = DSA_VerifyDigest( &dsa_public_key, 
01802                                    &dsa_signature_item,
01803                                    &dsa_digest_item);
01804     }
01805 
01806     PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE);
01807     /* Don't free public key, it uses same arena as private key */
01808 
01809     /* Verify DSA signature. */
01810     if( dsa_status != SECSuccess )
01811         return( CKR_DEVICE_ERROR );
01812 
01813     return( CKR_OK );
01814 
01815 
01816 }
01817 
01818 static CK_RV
01819 sftk_fips_RNG_PowerUpSelfTest( void )
01820 {
01821    static const PRUint8 XKeyValue[] = {
01822                      0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
01823                      0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
01824                      0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
01825                      0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5};
01826    static const PRUint8 XSeed[] = {
01827                      0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
01828                      0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
01829                      0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
01830                      0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac};
01831    static const PRUint8 Q[] = {   
01832                      0x85,0x89,0x9c,0x77,0xa3,0x79,0xff,0x1a,
01833                      0x86,0x6f,0x2f,0x3e,0x2e,0xf9,0x8c,0x9c,
01834                      0x9d,0xef,0xeb,0xed};
01835    static const PRUint8 rng_known_GENX[] = {
01836                      0x65,0x48,0xe3,0xca,0xac,0x64,0x2d,0xf7,
01837                      0x7b,0xd3,0x4e,0x79,0xc9,0x7d,0xa6,0xa8,
01838                      0xa2,0xc2,0x1f,0x8f,0xe9,0xb9,0xd3,0xa1,
01839                      0x3f,0xf7,0x0c,0xcd,0xa6,0xca,0xbf,0xce,
01840                      0x84,0x0e,0xb6,0xf1,0x0d,0xbe,0xa9,0xa3};
01841    static const PRUint8 rng_known_DSAX[] = {
01842                      0x7a,0x86,0xf1,0x7f,0xbd,0x4e,0x6e,0xd9,
01843                      0x0a,0x26,0x21,0xd0,0x19,0xcb,0x86,0x73,
01844                      0x10,0x1f,0x60,0xd7};
01845 
01846    SECStatus rng_status = SECSuccess;
01847    PRUint8 GENX[2*SHA1_LENGTH];
01848    PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH];
01849    PRUint8 XKey[FIPS_RNG_XKEY_LENGTH];
01850   
01851    PORT_Memcpy (XKey, XKeyValue, FIPS_RNG_XKEY_LENGTH);
01852    
01853    /*******************************************/
01854    /* Generate X with a known seed.           */
01855    /*******************************************/
01856    rng_status = FIPS186Change_GenerateX(XKey, XSeed, GENX);
01857 
01858    /* Verify GENX to perform the RNG integrity check */
01859    if( ( rng_status != SECSuccess ) ||
01860        ( PORT_Memcmp( GENX, rng_known_GENX,
01861                       (2*SHA1_LENGTH) ) != 0 ) )
01862        return( CKR_DEVICE_ERROR );
01863 
01864    /*******************************************/
01865    /* Generate DSAX fow given Q.              */
01866    /*******************************************/
01867 
01868    rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
01869 
01870    /* Verify DSAX to perform the RNG integrity check */
01871    if( ( rng_status != SECSuccess ) ||
01872        ( PORT_Memcmp( DSAX, rng_known_DSAX,
01873                       (FIPS_DSA_SUBPRIME_LENGTH) ) != 0 ) )
01874        return( CKR_DEVICE_ERROR );
01875        
01876    return( CKR_OK ); 
01877 }
01878 
01879 static CK_RV
01880 sftk_fipsSoftwareIntegrityTest(void)
01881 {
01882     CK_RV crv = CKR_OK;
01883 
01884     /* make sure that our check file signatures are OK */
01885     if( !BLAPI_VerifySelf( NULL ) || 
01886        !BLAPI_SHVerify( SOFTOKEN_LIB_NAME, (PRFuncPtr) sftk_fips_HMAC ) ) {
01887        crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
01888     }
01889     return crv;
01890 }
01891 
01892 CK_RV
01893 sftk_fipsPowerUpSelfTest( void )
01894 {
01895     CK_RV rv;
01896 
01897     /* RC2 Power-Up SelfTest(s). */
01898     rv = sftk_fips_RC2_PowerUpSelfTest();
01899 
01900     if( rv != CKR_OK )
01901         return rv;
01902 
01903     /* RC4 Power-Up SelfTest(s). */
01904     rv = sftk_fips_RC4_PowerUpSelfTest();
01905 
01906     if( rv != CKR_OK )
01907         return rv;
01908 
01909     /* DES Power-Up SelfTest(s). */
01910     rv = sftk_fips_DES_PowerUpSelfTest();
01911 
01912     if( rv != CKR_OK )
01913         return rv;
01914 
01915     /* DES3 Power-Up SelfTest(s). */
01916     rv = sftk_fips_DES3_PowerUpSelfTest();
01917 
01918     if( rv != CKR_OK )
01919         return rv;
01920  
01921     /* AES Power-Up SelfTest(s) for 128-bit key. */
01922     rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);
01923 
01924     if( rv != CKR_OK )
01925         return rv;
01926 
01927     /* AES Power-Up SelfTest(s) for 192-bit key. */
01928     rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);
01929 
01930     if( rv != CKR_OK )
01931         return rv;
01932 
01933     /* AES Power-Up SelfTest(s) for 256-bit key. */
01934     rv = sftk_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);
01935 
01936     if( rv != CKR_OK )
01937         return rv;
01938 
01939     /* MD2 Power-Up SelfTest(s). */
01940     rv = sftk_fips_MD2_PowerUpSelfTest();
01941 
01942     if( rv != CKR_OK )
01943         return rv;
01944 
01945     /* MD5 Power-Up SelfTest(s). */
01946     rv = sftk_fips_MD5_PowerUpSelfTest();
01947 
01948     if( rv != CKR_OK )
01949         return rv;
01950 
01951     /* SHA-X Power-Up SelfTest(s). */
01952     rv = sftk_fips_SHA_PowerUpSelfTest();
01953 
01954     if( rv != CKR_OK )
01955         return rv;
01956 
01957     /* HMAC SHA-X Power-Up SelfTest(s). */
01958     rv = sftk_fips_HMAC_PowerUpSelfTest();
01959  
01960     if( rv != CKR_OK )
01961         return rv;
01962 
01963     /* RSA Power-Up SelfTest(s). */
01964     rv = sftk_fips_RSA_PowerUpSelfTest();
01965 
01966     if( rv != CKR_OK )
01967         return rv;
01968 
01969     /* DSA Power-Up SelfTest(s). */
01970     rv = sftk_fips_DSA_PowerUpSelfTest();
01971 
01972     if( rv != CKR_OK )
01973         return rv;
01974 
01975     /* RNG Power-Up SelfTest(s). */
01976     rv = sftk_fips_RNG_PowerUpSelfTest();
01977 
01978     if( rv != CKR_OK )
01979         return rv;
01980     
01981 #ifdef NSS_ENABLE_ECC
01982     /* ECDSA Power-Up SelfTest(s). */
01983     rv = sftk_fips_ECDSA_PowerUpSelfTest();
01984 
01985     if( rv != CKR_OK )
01986         return rv;
01987 #endif
01988 
01989     /* Software/Firmware Integrity Test. */
01990     rv = sftk_fipsSoftwareIntegrityTest();
01991 
01992     if( rv != CKR_OK )
01993         return rv;
01994 
01995     /* Passed Power-Up SelfTest(s). */
01996     return( CKR_OK );
01997 }
01998