diff options
author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
---|---|---|
committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
tree | 10027f336435511475e392454359edea8e25895d /security/nss/cmd/rsapoptst/rsapoptst.c | |
parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip |
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/nss/cmd/rsapoptst/rsapoptst.c')
-rw-r--r-- | security/nss/cmd/rsapoptst/rsapoptst.c | 535 |
1 files changed, 535 insertions, 0 deletions
diff --git a/security/nss/cmd/rsapoptst/rsapoptst.c b/security/nss/cmd/rsapoptst/rsapoptst.c new file mode 100644 index 000000000..81ddcd6c4 --- /dev/null +++ b/security/nss/cmd/rsapoptst/rsapoptst.c @@ -0,0 +1,535 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <stdio.h> +#include <stdlib.h> +#include "plgetopt.h" +#include "nss.h" +#include "secutil.h" +#include "pk11table.h" +#include "secmodt.h" +#include "pk11pub.h" + +struct test_args { + char *arg; + int mask_value; + char *description; +}; + +static const struct test_args test_array[] = { + { "all", 0x1f, "run all the tests" }, + { "e_n_p", 0x01, "public exponent, modulus, prime1" }, + { "d_n_q", 0x02, "private exponent, modulus, prime2" }, + { "d_p_q", 0x04, "private exponent, prime1, prime2" }, + { "e_d_q", 0x08, "public exponent, private exponent, prime2" }, + { "e_d_n", 0x10, "public exponent, private exponent, moduls" } +}; +static const int test_array_size = + (sizeof(test_array) / sizeof(struct test_args)); + +static void +Usage(char *progName) +{ + int i; +#define PRINTUSAGE(subject, option, predicate) \ + fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate); + fprintf(stderr, "%s [-k keysize] [-e exp] [-r rounds] [-t tests]\n " + "Test creating RSA private keys from Partial components\n", + progName); + PRINTUSAGE("", "-k", "key size (in bit)"); + PRINTUSAGE("", "-e", "rsa public exponent"); + PRINTUSAGE("", "-r", "number times to repeat the test"); + PRINTUSAGE("", "-t", "run the specified tests"); + for (i = 0; i < test_array_size; i++) { + PRINTUSAGE("", test_array[i].arg, test_array[i].description); + } + fprintf(stderr, "\n"); +} + +/* + * Test the RSA populate command to see that it can really build + * keys from it's components. + */ + +const static CK_ATTRIBUTE rsaTemplate[] = { + { CKA_CLASS, NULL, 0 }, + { CKA_KEY_TYPE, NULL, 0 }, + { CKA_TOKEN, NULL, 0 }, + { CKA_SENSITIVE, NULL, 0 }, + { CKA_PRIVATE, NULL, 0 }, + { CKA_MODULUS, NULL, 0 }, + { CKA_PUBLIC_EXPONENT, NULL, 0 }, + { CKA_PRIVATE_EXPONENT, NULL, 0 }, + { CKA_PRIME_1, NULL, 0 }, + { CKA_PRIME_2, NULL, 0 }, + { CKA_EXPONENT_1, NULL, 0 }, + { CKA_EXPONENT_2, NULL, 0 }, + { CKA_COEFFICIENT, NULL, 0 }, +}; + +#define RSA_SIZE (sizeof(rsaTemplate)) +#define RSA_ATTRIBUTES (sizeof(rsaTemplate) / sizeof(CK_ATTRIBUTE)) + +static void +resetTemplate(CK_ATTRIBUTE *attribute, int start, int end) +{ + int i; + for (i = start; i < end; i++) { + if (attribute[i].pValue) { + PORT_Free(attribute[i].pValue); + } + attribute[i].pValue = NULL; + attribute[i].ulValueLen = 0; + } +} + +static SECStatus +copyAttribute(PK11ObjectType objType, void *object, CK_ATTRIBUTE *template, + int offset, CK_ATTRIBUTE_TYPE attrType) +{ + SECItem attributeItem = { 0, 0, 0 }; + SECStatus rv; + + rv = PK11_ReadRawAttribute(objType, object, attrType, &attributeItem); + if (rv != SECSuccess) { + return rv; + } + template[offset].type = attrType; + template[offset].pValue = attributeItem.data; + template[offset].ulValueLen = attributeItem.len; + return SECSuccess; +} + +static SECStatus +readKey(PK11ObjectType objType, void *object, CK_ATTRIBUTE *template, + int start, int end) +{ + int i; + SECStatus rv; + + for (i = start; i < end; i++) { + rv = copyAttribute(objType, object, template, i, template[i].type); + if (rv != SECSuccess) { + goto fail; + } + } + return SECSuccess; + +fail: + resetTemplate(template, start, i); + return rv; +} + +#define ATTR_STRING(x) getNameFromAttribute(x) + +void +dumpTemplate(CK_ATTRIBUTE *template, int start, int end) +{ + int i, j; + for (i = 0; i < end; i++) { + unsigned char cval; + CK_ULONG ulval; + unsigned char *cpval; + + fprintf(stderr, "%s:", ATTR_STRING(template[i].type)); + switch (template[i].ulValueLen) { + case 1: + cval = *(unsigned char *)template[i].pValue; + switch (cval) { + case 0: + fprintf(stderr, " false"); + break; + case 1: + fprintf(stderr, " true"); + break; + default: + fprintf(stderr, " %d (=0x%02x,'%c')", cval, cval, cval); + break; + } + break; + case sizeof(CK_ULONG): + ulval = *(CK_ULONG *)template[i].pValue; + fprintf(stderr, " %ld (=0x%04lx)", ulval, ulval); + break; + default: + cpval = (unsigned char *)template[i].pValue; + for (j = 0; j < template[i].ulValueLen; j++) { + if ((j % 16) == 0) + fprintf(stderr, "\n "); + fprintf(stderr, " %02x", cpval[j]); + } + break; + } + fprintf(stderr, "\n"); + } +} + +PRBool +rsaKeysAreEqual(PK11ObjectType srcType, void *src, + PK11ObjectType destType, void *dest) +{ + + CK_ATTRIBUTE srcTemplate[RSA_ATTRIBUTES]; + CK_ATTRIBUTE destTemplate[RSA_ATTRIBUTES]; + PRBool areEqual = PR_TRUE; + SECStatus rv; + int i; + + memcpy(srcTemplate, rsaTemplate, RSA_SIZE); + memcpy(destTemplate, rsaTemplate, RSA_SIZE); + + rv = readKey(srcType, src, srcTemplate, 0, RSA_ATTRIBUTES); + if (rv != SECSuccess) { + printf("Could read source key\n"); + return PR_FALSE; + } + readKey(destType, dest, destTemplate, 0, RSA_ATTRIBUTES); + if (rv != SECSuccess) { + printf("Could read dest key\n"); + return PR_FALSE; + } + + for (i = 0; i < RSA_ATTRIBUTES; i++) { + if (srcTemplate[i].ulValueLen != destTemplate[i].ulValueLen) { + printf("key->%s not equal src_len = %ld, dest_len=%ld\n", + ATTR_STRING(srcTemplate[i].type), + srcTemplate[i].ulValueLen, destTemplate[i].ulValueLen); + areEqual = 0; + } else if (memcmp(srcTemplate[i].pValue, destTemplate[i].pValue, + destTemplate[i].ulValueLen) != 0) { + printf("key->%s not equal.\n", ATTR_STRING(srcTemplate[i].type)); + areEqual = 0; + } + } + if (!areEqual) { + fprintf(stderr, "original key:\n"); + dumpTemplate(srcTemplate, 0, RSA_ATTRIBUTES); + fprintf(stderr, "created key:\n"); + dumpTemplate(destTemplate, 0, RSA_ATTRIBUTES); + } + return areEqual; +} + +static int exp_exp_prime_fail_count = 0; + +static int +doRSAPopulateTest(unsigned int keySize, unsigned long exponent, + int mask, void *pwarg) +{ + SECKEYPrivateKey *rsaPrivKey; + SECKEYPublicKey *rsaPubKey; + PK11GenericObject *tstPrivKey; + CK_ATTRIBUTE tstTemplate[RSA_ATTRIBUTES]; + int tstHeaderCount; + PK11SlotInfo *slot = NULL; + PK11RSAGenParams rsaParams; + CK_OBJECT_CLASS obj_class = CKO_PRIVATE_KEY; + CK_KEY_TYPE key_type = CKK_RSA; + CK_BBOOL ck_false = CK_FALSE; + int failed = 0; + + rsaParams.pe = exponent; + rsaParams.keySizeInBits = keySize; + + slot = PK11_GetInternalSlot(); + if (slot == NULL) { + fprintf(stderr, "Couldn't get the internal slot for the test \n"); + return -1; + } + + rsaPrivKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, + &rsaParams, &rsaPubKey, PR_FALSE, + PR_FALSE, pwarg); + if (rsaPrivKey == NULL) { + fprintf(stderr, "RSA Key Gen failed"); + PK11_FreeSlot(slot); + return -1; + } + + memcpy(tstTemplate, rsaTemplate, RSA_SIZE); + + tstTemplate[0].pValue = &obj_class; + tstTemplate[0].ulValueLen = sizeof(obj_class); + tstTemplate[1].pValue = &key_type; + tstTemplate[1].ulValueLen = sizeof(key_type); + tstTemplate[2].pValue = &ck_false; + tstTemplate[2].ulValueLen = sizeof(ck_false); + tstTemplate[3].pValue = &ck_false; + tstTemplate[3].ulValueLen = sizeof(ck_false); + tstTemplate[4].pValue = &ck_false; + tstTemplate[4].ulValueLen = sizeof(ck_false); + tstHeaderCount = 5; + + if (mask & 1) { + printf("%s\n", test_array[1].description); + resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount, CKA_PUBLIC_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount + 1, CKA_MODULUS); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount + 2, CKA_PRIME_1); + + tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate, + tstHeaderCount + + 3, + PR_FALSE); + if (tstPrivKey == NULL) { + fprintf(stderr, "RSA Populate failed: pubExp mod p\n"); + failed = 1; + } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey, + PK11_TypeGeneric, tstPrivKey)) { + fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n"); + failed = 1; + } + if (tstPrivKey) + PK11_DestroyGenericObject(tstPrivKey); + } + if (mask & 2) { + printf("%s\n", test_array[2].description); + /* test the basic2 case, public exponent, modulus, prime2 */ + resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount, CKA_PUBLIC_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount + 1, CKA_MODULUS); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount + 2, CKA_PRIME_2); + /* test with q in the prime1 position */ + tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1; + + tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate, + tstHeaderCount + + 3, + PR_FALSE); + if (tstPrivKey == NULL) { + fprintf(stderr, "RSA Populate failed: pubExp mod q\n"); + failed = 1; + } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey, + PK11_TypeGeneric, tstPrivKey)) { + fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n"); + failed = 1; + } + if (tstPrivKey) + PK11_DestroyGenericObject(tstPrivKey); + } + if (mask & 4) { + printf("%s\n", test_array[3].description); + /* test the medium case, private exponent, prime1, prime2 */ + resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES); + + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount, CKA_PRIVATE_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount + 1, CKA_PRIME_1); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount + 2, CKA_PRIME_2); + /* test with p & q swapped. Underlying code should swap these back */ + tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1; + tstTemplate[tstHeaderCount + 1].type = CKA_PRIME_2; + + tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate, + tstHeaderCount + + 3, + PR_FALSE); + if (tstPrivKey == NULL) { + fprintf(stderr, "RSA Populate failed: privExp p q\n"); + failed = 1; + } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey, + PK11_TypeGeneric, tstPrivKey)) { + fprintf(stderr, "RSA Populate key mismatch: privExp p q\n"); + failed = 1; + } + if (tstPrivKey) + PK11_DestroyGenericObject(tstPrivKey); + } + if (mask & 8) { + printf("%s\n", test_array[4].description); + /* test the advanced case, public exponent, private exponent, prime2 */ + resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount, CKA_PRIVATE_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount + 1, CKA_PUBLIC_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount + 2, CKA_PRIME_2); + + tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate, + tstHeaderCount + + 3, + PR_FALSE); + if (tstPrivKey == NULL) { + fprintf(stderr, "RSA Populate failed: pubExp privExp q\n"); + fprintf(stderr, " this is expected periodically. It means we\n"); + fprintf(stderr, " had more than one key that meets the " + "specification\n"); + exp_exp_prime_fail_count++; + } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey, + PK11_TypeGeneric, tstPrivKey)) { + fprintf(stderr, "RSA Populate key mismatch: pubExp privExp q\n"); + failed = 1; + } + if (tstPrivKey) + PK11_DestroyGenericObject(tstPrivKey); + } + if (mask & 16) { + printf("%s\n", test_array[5].description); + /* test the advanced case2, public exponent, private exponent, modulus + */ + resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES); + + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount, CKA_PRIVATE_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount + 1, CKA_PUBLIC_EXPONENT); + copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate, + tstHeaderCount + 2, CKA_MODULUS); + + tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate, + tstHeaderCount + + 3, + PR_FALSE); + if (tstPrivKey == NULL) { + fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n"); + failed = 1; + } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey, + PK11_TypeGeneric, tstPrivKey)) { + fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n"); + failed = 1; + } + if (tstPrivKey) + PK11_DestroyGenericObject(tstPrivKey); + } + + PK11_FreeSlot(slot); + return failed ? -1 : 0; +} + +/* populate options */ +enum { + opt_Exponent = 0, + opt_KeySize, + opt_Repeat, + opt_Tests +}; + +static secuCommandFlag populate_options[] = + { + { /* opt_Exponent */ 'e', PR_TRUE, 0, PR_FALSE }, + { /* opt_KeySize */ 'k', PR_TRUE, 0, PR_FALSE }, + { /* opt_Repeat */ 'r', PR_TRUE, 0, PR_FALSE }, + { /* opt_Tests */ 't', PR_TRUE, 0, PR_FALSE }, + }; + +int +is_delimiter(char c) +{ + if ((c == '+') || (c == ',') || (c == '|')) { + return 1; + } + return 0; +} + +int +parse_tests(char *test_string) +{ + int mask = 0; + int i; + + while (*test_string) { + if (is_delimiter(*test_string)) { + test_string++; + } + for (i = 0; i < test_array_size; i++) { + char *arg = test_array[i].arg; + int len = strlen(arg); + if (strncmp(test_string, arg, len) == 0) { + test_string += len; + mask |= test_array[i].mask_value; + break; + } + } + if (i == test_array_size) { + break; + } + } + return mask; +} + +int +main(int argc, char **argv) +{ + unsigned int keySize = 1024; + unsigned long exponent = 65537; + int i, repeat = 1, ret = 0; + SECStatus rv = SECFailure; + secuCommand populateArgs; + char *progName; + int mask = 0xff; + + populateArgs.numCommands = 0; + populateArgs.numOptions = sizeof(populate_options) / + sizeof(secuCommandFlag); + populateArgs.commands = NULL; + populateArgs.options = populate_options; + + progName = strrchr(argv[0], '/'); + if (!progName) + progName = strrchr(argv[0], '\\'); + progName = progName ? progName + 1 : argv[0]; + + rv = NSS_NoDB_Init(NULL); + if (rv != SECSuccess) { + SECU_PrintPRandOSError(progName); + return -1; + } + + rv = SECU_ParseCommandLine(argc, argv, progName, &populateArgs); + if (rv == SECFailure) { + fprintf(stderr, "%s: command line parsing error!\n", progName); + Usage(progName); + return -1; + } + rv = SECFailure; + + if (populateArgs.options[opt_KeySize].activated) { + keySize = PORT_Atoi(populateArgs.options[opt_KeySize].arg); + } + if (populateArgs.options[opt_Repeat].activated) { + repeat = PORT_Atoi(populateArgs.options[opt_Repeat].arg); + } + if (populateArgs.options[opt_Exponent].activated) { + exponent = PORT_Atoi(populateArgs.options[opt_Exponent].arg); + } + if (populateArgs.options[opt_Tests].activated) { + char *test_string = populateArgs.options[opt_Tests].arg; + mask = PORT_Atoi(test_string); + if (mask == 0) { + mask = parse_tests(test_string); + } + if (mask == 0) { + Usage(progName); + return -1; + } + } + + exp_exp_prime_fail_count = 0; + for (i = 0; i < repeat; i++) { + printf("Running RSA Populate test run %d\n", i); + ret = doRSAPopulateTest(keySize, exponent, mask, NULL); + if (ret != 0) { + i++; + break; + } + } + if (ret != 0) { + fprintf(stderr, "RSA Populate test round %d: FAILED\n", i); + } + if (repeat > 1) { + printf(" pub priv prime test: %d failures out of %d runs (%f %%)\n", + exp_exp_prime_fail_count, i, + (((double)exp_exp_prime_fail_count) * 100.0) / (double)i); + } + return ret; +} |