diff options
| author | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2017-04-05 14:11:42 +0200 |
|---|---|---|
| committer | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2017-04-05 14:11:42 +0200 |
| commit | df423e35f9a95fe7bb72d04c1327d3922c35ca67 (patch) | |
| tree | 7e0ed8b98107af295187cc59a408c6b8d0c3a919 | |
| parent | 1c1a9ec07fdfa5c8c674b93f079f365e2ee8041e (diff) | |
| download | nss-hg-df423e35f9a95fe7bb72d04c1327d3922c35ca67.tar.gz | |
Bug 1345089 - add prng kat tests, r=ttaubert
| -rw-r--r-- | lib/freebl/blapi.h | 6 | ||||
| -rw-r--r-- | lib/freebl/drbg.c | 27 |
2 files changed, 27 insertions, 6 deletions
diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h index a7a8aa993..e5a6cf30e 100644 --- a/lib/freebl/blapi.h +++ b/lib/freebl/blapi.h @@ -1469,6 +1469,12 @@ FIPS186Change_ReduceModQForDSA(const unsigned char *w, const unsigned char *q, unsigned char *xj); +/* To allow NIST KAT tests */ +extern SECStatus +PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len, + const PRUint8 *nonce, unsigned int nonce_len, + const PRUint8 *personal_string, unsigned int ps_len); + /* * The following functions are for FIPS poweron self test and FIPS algorithm * testing. diff --git a/lib/freebl/drbg.c b/lib/freebl/drbg.c index 658faa326..ac0bba6e0 100644 --- a/lib/freebl/drbg.c +++ b/lib/freebl/drbg.c @@ -99,7 +99,8 @@ struct RNGContextStr { * RNG_RandomUpdate. */ PRUint8 additionalDataCache[PRNG_ADDITONAL_DATA_CACHE_SIZE]; PRUint32 additionalAvail; - PRBool isValid; /* false if RNG reaches an invalid state */ + PRBool isValid; /* false if RNG reaches an invalid state */ + PRBool isKatTest; /* true if running NIST PRNG KAT tests */ }; typedef struct RNGContextStr RNGContext; @@ -150,7 +151,7 @@ prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return, } /* - * Hash_DRBG Instantiate NIST SP 800-80 10.1.1.2 + * Hash_DRBG Instantiate NIST SP 800-90 10.1.1.2 * * NOTE: bytes & len are entropy || nonce || personalization_string. In * normal operation, NSS calculates them all together in a single call. @@ -158,9 +159,11 @@ prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return, static SECStatus prng_instantiate(RNGContext *rng, const PRUint8 *bytes, unsigned int len) { - if (len < PRNG_SEEDLEN) { - /* if the seedlen is to small, it's probably because we failed to get - * enough random data */ + if (!rng->isKatTest && len < PRNG_SEEDLEN) { + /* If the seedlen is too small, it's probably because we failed to get + * enough random data. + * This is stricter than NIST SP800-90A requires. Don't enforce it for + * tests. */ PORT_SetError(SEC_ERROR_NEED_RANDOM); return SECFailure; } @@ -272,7 +275,7 @@ prng_reseed_test(RNGContext *rng, const PRUint8 *entropy, #define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \ PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ - PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry) + PRNG_ADD_CARRY_ONLY(dest, dest_len - len - 1, carry) /* * This function expands the internal state of the prng to fulfill any number @@ -441,6 +444,7 @@ rng_init(void) } /* the RNG is in a valid state */ globalrng->isValid = PR_TRUE; + globalrng->isKatTest = PR_FALSE; /* fetch one random value so that we can populate rng->oldV for our * continous random number test. */ @@ -696,6 +700,17 @@ RNG_RNGShutdown(void) * entropy we may have previously collected. */ RNGContext testContext; +SECStatus +PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len, + const PRUint8 *nonce, unsigned int nonce_len, + const PRUint8 *personal_string, unsigned int ps_len) +{ + testContext.isKatTest = PR_TRUE; + return PRNGTEST_Instantiate(entropy, entropy_len, + nonce, nonce_len, + personal_string, ps_len); +} + /* * Test vector API. Use NIST SP 800-90 general interface so one of the * other NIST SP 800-90 algorithms may be used in the future. |