summaryrefslogtreecommitdiffstats
path: root/security/nss/cmd/rsapoptst/rsapoptst.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/cmd/rsapoptst/rsapoptst.c')
-rw-r--r--security/nss/cmd/rsapoptst/rsapoptst.c185
1 files changed, 40 insertions, 145 deletions
diff --git a/security/nss/cmd/rsapoptst/rsapoptst.c b/security/nss/cmd/rsapoptst/rsapoptst.c
index d9468e6d6..81ddcd6c4 100644
--- a/security/nss/cmd/rsapoptst/rsapoptst.c
+++ b/security/nss/cmd/rsapoptst/rsapoptst.c
@@ -23,7 +23,7 @@ static const struct test_args test_array[] = {
{ "d_n_q", 0x02, "private exponent, modulus, prime2" },
{ "d_p_q", 0x04, "private exponent, prime1, prime2" },
{ "e_d_q", 0x08, "public exponent, private exponent, prime2" },
- { "e_d_n", 0x10, "public exponent, private exponent, modulus" }
+ { "e_d_n", 0x10, "public exponent, private exponent, moduls" }
};
static const int test_array_size =
(sizeof(test_array) / sizeof(struct test_args));
@@ -58,7 +58,6 @@ const static CK_ATTRIBUTE rsaTemplate[] = {
{ CKA_TOKEN, NULL, 0 },
{ CKA_SENSITIVE, NULL, 0 },
{ CKA_PRIVATE, NULL, 0 },
- { CKA_ID, NULL, 0 },
{ CKA_MODULUS, NULL, 0 },
{ CKA_PUBLIC_EXPONENT, NULL, 0 },
{ CKA_PRIVATE_EXPONENT, NULL, 0 },
@@ -124,77 +123,46 @@ fail:
#define ATTR_STRING(x) getNameFromAttribute(x)
-static void
-dumphex(FILE *file, const unsigned char *cpval, int start, int end)
-{
- int i;
- for (i = start; i < end; i++) {
- if ((i % 16) == 0)
- fprintf(file, "\n ");
- fprintf(file, " %02x", cpval[i]);
- }
- return;
-}
-
void
-dumpTemplate(FILE *file, const CK_ATTRIBUTE *template, int start, int end)
+dumpTemplate(CK_ATTRIBUTE *template, int start, int end)
{
- int i;
- for (i = start; i < end; i++) {
+ int i, j;
+ for (i = 0; i < end; i++) {
unsigned char cval;
CK_ULONG ulval;
- const unsigned char *cpval;
+ unsigned char *cpval;
- fprintf(file, "%s:", ATTR_STRING(template[i].type));
+ fprintf(stderr, "%s:", ATTR_STRING(template[i].type));
switch (template[i].ulValueLen) {
case 1:
cval = *(unsigned char *)template[i].pValue;
switch (cval) {
case 0:
- fprintf(file, " false");
+ fprintf(stderr, " false");
break;
case 1:
- fprintf(file, " true");
+ fprintf(stderr, " true");
break;
default:
- fprintf(file, " %d (=0x%02x,'%c')", cval, cval, cval);
+ fprintf(stderr, " %d (=0x%02x,'%c')", cval, cval, cval);
break;
}
break;
case sizeof(CK_ULONG):
ulval = *(CK_ULONG *)template[i].pValue;
- fprintf(file, " %ld (=0x%04lx)", ulval, ulval);
+ fprintf(stderr, " %ld (=0x%04lx)", ulval, ulval);
break;
default:
- cpval = (const unsigned char *)template[i].pValue;
- dumphex(file, cpval, 0, template[i].ulValueLen);
+ cpval = (unsigned char *)template[i].pValue;
+ for (j = 0; j < template[i].ulValueLen; j++) {
+ if ((j % 16) == 0)
+ fprintf(stderr, "\n ");
+ fprintf(stderr, " %02x", cpval[j]);
+ }
break;
}
- fprintf(file, "\n");
- }
-}
-
-void
-dumpItem(FILE *file, const SECItem *item)
-{
- const unsigned char *cpval;
-
- if (item == NULL) {
- fprintf(file, " pNULL ");
- return;
- }
- if (item->data == NULL) {
- fprintf(file, " NULL ");
- return;
+ fprintf(stderr, "\n");
}
- if (item->len == 0) {
- fprintf(file, " Empty ");
- return;
- }
- cpval = item->data;
- dumphex(file, cpval, 0, item->len);
- fprintf(file, " ");
- return;
}
PRBool
@@ -216,16 +184,13 @@ rsaKeysAreEqual(PK11ObjectType srcType, void *src,
printf("Could read source key\n");
return PR_FALSE;
}
- rv = readKey(destType, dest, destTemplate, 0, RSA_ATTRIBUTES);
+ readKey(destType, dest, destTemplate, 0, RSA_ATTRIBUTES);
if (rv != SECSuccess) {
printf("Could read dest key\n");
return PR_FALSE;
}
for (i = 0; i < RSA_ATTRIBUTES; i++) {
- if (srcTemplate[i].type == CKA_ID) {
- continue; /* we purposefully make the CKA_ID different */
- }
if (srcTemplate[i].ulValueLen != destTemplate[i].ulValueLen) {
printf("key->%s not equal src_len = %ld, dest_len=%ld\n",
ATTR_STRING(srcTemplate[i].type),
@@ -239,22 +204,18 @@ rsaKeysAreEqual(PK11ObjectType srcType, void *src,
}
if (!areEqual) {
fprintf(stderr, "original key:\n");
- dumpTemplate(stderr, srcTemplate, 0, RSA_ATTRIBUTES);
+ dumpTemplate(srcTemplate, 0, RSA_ATTRIBUTES);
fprintf(stderr, "created key:\n");
- dumpTemplate(stderr, destTemplate, 0, RSA_ATTRIBUTES);
+ dumpTemplate(destTemplate, 0, RSA_ATTRIBUTES);
}
- resetTemplate(srcTemplate, 0, RSA_ATTRIBUTES);
- resetTemplate(destTemplate, 0, RSA_ATTRIBUTES);
return areEqual;
}
static int exp_exp_prime_fail_count = 0;
-#define LEAK_ID 0xf
-
static int
doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
- int mask, int round, void *pwarg)
+ int mask, void *pwarg)
{
SECKEYPrivateKey *rsaPrivKey;
SECKEYPublicKey *rsaPubKey;
@@ -266,10 +227,7 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
CK_OBJECT_CLASS obj_class = CKO_PRIVATE_KEY;
CK_KEY_TYPE key_type = CKK_RSA;
CK_BBOOL ck_false = CK_FALSE;
- CK_BYTE cka_id[2] = { 0, 0 };
int failed = 0;
- int leak_found; /* did we find the expected leak */
- int expect_leak = 0; /* are we expecting a leak? */
rsaParams.pe = exponent;
rsaParams.keySizeInBits = keySize;
@@ -301,15 +259,11 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
tstTemplate[3].ulValueLen = sizeof(ck_false);
tstTemplate[4].pValue = &ck_false;
tstTemplate[4].ulValueLen = sizeof(ck_false);
- tstTemplate[5].pValue = &cka_id[0];
- tstTemplate[5].ulValueLen = sizeof(cka_id);
- tstHeaderCount = 6;
- cka_id[0] = round;
+ tstHeaderCount = 5;
if (mask & 1) {
printf("%s\n", test_array[1].description);
resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
- cka_id[1] = 0;
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount, CKA_PUBLIC_EXPONENT);
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
@@ -317,10 +271,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount + 2, CKA_PRIME_1);
- tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
- tstHeaderCount +
- 3,
- PR_FALSE);
+ tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+ tstHeaderCount +
+ 3,
+ PR_FALSE);
if (tstPrivKey == NULL) {
fprintf(stderr, "RSA Populate failed: pubExp mod p\n");
failed = 1;
@@ -336,7 +290,6 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
printf("%s\n", test_array[2].description);
/* test the basic2 case, public exponent, modulus, prime2 */
resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
- cka_id[1] = 1;
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount, CKA_PUBLIC_EXPONENT);
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
@@ -346,10 +299,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
/* test with q in the prime1 position */
tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1;
- tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
- tstHeaderCount +
- 3,
- PR_FALSE);
+ tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+ tstHeaderCount +
+ 3,
+ PR_FALSE);
if (tstPrivKey == NULL) {
fprintf(stderr, "RSA Populate failed: pubExp mod q\n");
failed = 1;
@@ -365,7 +318,6 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
printf("%s\n", test_array[3].description);
/* test the medium case, private exponent, prime1, prime2 */
resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
- cka_id[1] = 2;
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount, CKA_PRIVATE_EXPONENT);
@@ -377,10 +329,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1;
tstTemplate[tstHeaderCount + 1].type = CKA_PRIME_2;
- tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
- tstHeaderCount +
- 3,
- PR_FALSE);
+ tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+ tstHeaderCount +
+ 3,
+ PR_FALSE);
if (tstPrivKey == NULL) {
fprintf(stderr, "RSA Populate failed: privExp p q\n");
failed = 1;
@@ -396,7 +348,6 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
printf("%s\n", test_array[4].description);
/* test the advanced case, public exponent, private exponent, prime2 */
resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
- cka_id[1] = 3;
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount, CKA_PRIVATE_EXPONENT);
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
@@ -404,10 +355,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount + 2, CKA_PRIME_2);
- tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
- tstHeaderCount +
- 3,
- PR_FALSE);
+ tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+ tstHeaderCount +
+ 3,
+ PR_FALSE);
if (tstPrivKey == NULL) {
fprintf(stderr, "RSA Populate failed: pubExp privExp q\n");
fprintf(stderr, " this is expected periodically. It means we\n");
@@ -422,12 +373,11 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
if (tstPrivKey)
PK11_DestroyGenericObject(tstPrivKey);
}
- if (mask & 0x10) {
+ if (mask & 16) {
printf("%s\n", test_array[5].description);
/* test the advanced case2, public exponent, private exponent, modulus
*/
resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
- cka_id[1] = LEAK_ID;
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount, CKA_PRIVATE_EXPONENT);
@@ -436,7 +386,6 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount + 2, CKA_MODULUS);
- /* purposefully use the old version. This will create a leak */
tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
tstHeaderCount +
3,
@@ -449,59 +398,9 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n");
failed = 1;
}
- expect_leak = 1;
if (tstPrivKey)
PK11_DestroyGenericObject(tstPrivKey);
}
- resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
- SECKEY_DestroyPrivateKey(rsaPrivKey);
- SECKEY_DestroyPublicKey(rsaPubKey);
-
- /* make sure we didn't leak */
- leak_found = 0;
- tstPrivKey = PK11_FindGenericObjects(slot, CKO_PRIVATE_KEY);
- if (tstPrivKey) {
- SECStatus rv;
- PK11GenericObject *thisKey;
- int i;
-
- fprintf(stderr, "Leaking keys...\n");
- for (i = 0, thisKey = tstPrivKey; thisKey; i++,
- thisKey = PK11_GetNextGenericObject(thisKey)) {
- SECItem id = { 0, NULL, 0 };
-
- rv = PK11_ReadRawAttribute(PK11_TypeGeneric, thisKey,
- CKA_ID, &id);
- if (rv != SECSuccess) {
- fprintf(stderr, "Key %d: couldn't read CKA_ID: %s\n",
- i, PORT_ErrorToString(PORT_GetError()));
- continue;
- }
- fprintf(stderr, "id = { ");
- dumpItem(stderr, &id);
- fprintf(stderr, "};");
- if (id.data[1] == LEAK_ID) {
- fprintf(stderr, " ---> leak expected\n");
- if (id.data[0] == round)
- leak_found = 1;
- } else {
- if (id.len != sizeof(cka_id)) {
- fprintf(stderr,
- " ---> ERROR unexpected leak in generated key\n");
- } else {
- fprintf(stderr,
- " ---> ERROR unexpected leak in constructed key\n");
- }
- failed = 1;
- }
- SECITEM_FreeItem(&id, PR_FALSE);
- }
- PK11_DestroyGenericObjects(tstPrivKey);
- }
- if (expect_leak && !leak_found) {
- fprintf(stderr, "ERROR expected leak not found\n");
- failed = 1;
- }
PK11_FreeSlot(slot);
return failed ? -1 : 0;
@@ -618,7 +517,7 @@ main(int argc, char **argv)
exp_exp_prime_fail_count = 0;
for (i = 0; i < repeat; i++) {
printf("Running RSA Populate test run %d\n", i);
- ret = doRSAPopulateTest(keySize, exponent, mask, i, NULL);
+ ret = doRSAPopulateTest(keySize, exponent, mask, NULL);
if (ret != 0) {
i++;
break;
@@ -632,9 +531,5 @@ main(int argc, char **argv)
exp_exp_prime_fail_count, i,
(((double)exp_exp_prime_fail_count) * 100.0) / (double)i);
}
- if (NSS_Shutdown() != SECSuccess) {
- fprintf(stderr, "Shutdown failed\n");
- ret = -1;
- }
return ret;
}