Closed
Bug 318967
Opened 19 years ago
Closed 18 years ago
Implement DSA algorithm tests for FIPS 140-2 validation
Categories
(NSS :: Test, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.1
People
(Reporter: glenbeasley, Assigned: glenbeasley)
Details
(Whiteboard: FIPS)
Attachments
(3 files, 4 obsolete files)
|
39.23 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
|
2.99 KB,
patch
|
glenbeasley
:
review+
|
Details | Diff | Splinter Review |
|
6.53 KB,
patch
|
glenbeasley
:
review+
|
Details | Diff | Splinter Review |
|
Assignee | |
Comment 1•19 years ago
|
||
Attachment #208765 -
Flags: review?(wtchang)
|
||
Comment 2•19 years ago
|
||
Comment on attachment 208765 [details] [diff] [review] dsa tests Glen, please regenerate the patch with "cvs diff -uN".
|
|
Assignee | |
Comment 3•19 years ago
|
||
Attachment #208765 -
Attachment is obsolete: true
Attachment #208778 -
Flags: review?(wtchang)
Attachment #208765 -
Flags: review?(wtchang)
|
|
Assignee | |
Updated•19 years ago
|
Attachment #208778 -
Flags: review?(wtchang)
|
|
Assignee | |
Comment 4•19 years ago
|
||
Attachment #208778 -
Attachment is obsolete: true
Attachment #209643 -
Flags: review?(wtchang)
|
|
||
Updated•19 years ago
|
Attachment #209643 -
Flags: review?(wtchang) → review+
|
|
Assignee | |
Comment 5•19 years ago
|
||
Checked into the NSS tip, and the NSS 3.11 branch cvs commit -m "328967 DSA FIPS tests r=Wan-Teh" dsa.sh fipstest.c Enter passphrase for key '/home/gb134726/.ssh/id_dsa': RCS file: /cvsroot/mozilla/security/nss/cmd/fipstest/Attic/dsa.sh,v done Checking in dsa.sh; /cvsroot/mozilla/security/nss/cmd/fipstest/Attic/dsa.sh,v <-- dsa.sh new revision: 1.1.2.1; previous revision: 1.1 done Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.3.2.10; previous revision: 1.3.2.9 done cvs commit -m "328967 DSA FIPS tests r=Wan-Teh" dsa.sh fipstest.c Enter passphrase for key '/home/gb134726/.ssh/id_dsa': Checking in dsa.sh; /cvsroot/mozilla/security/nss/cmd/fipstest/dsa.sh,v <-- dsa.sh new revision: 1.2; previous revision: 1.1 done Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.17; previous revision: 1.16 done
Status: NEW → ASSIGNED
|
||
Comment 6•19 years ago
|
||
The checkin done Friday morning appears to have broken the build on AIX and Linux. Here are the errors from the AIX build: gmake[2]: Entering directory `/share/builds/mccrel3/security/securityjes5/builds/20060130.1/wozzeck_Solaris8/mozilla/security/nss/cmd/fipstest' xlc_r -o AIX5.1_DBG.OBJ/fipstest.o -c -g -DAIX -DSYSV -DXP_UNIX -DDEBUG -UNDEBUG -DDEBUG_svbld -DNSS_ENABLE_ECC -DNSS_ENABLE_ECC -I../../../../dist/AIX5.1_DBG.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss /share/builds/mccrel3/security/securityjes5/builds/20060130.1/wozzeck_Solaris8/mozilla/security/nss/cmd/fipstest/fipstest.c "fipstest.c", line 105.32: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed. "fipstest.c", line 115.32: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed. "fipstest.c", line 163.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 167.28: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "const char*" is not allowed. "fipstest.c", line 370.36: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 385.36: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 397.36: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 409.36: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 424.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 441.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 471.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 790.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 801.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 812.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 824.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 842.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 865.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 1069.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 1083.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 1100.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 1131.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 1267.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 1284.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 1382.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 1552.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 1565.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 1581.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 1693.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 2297.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 2455.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 2724.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 2724.41: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed. "fipstest.c", line 2730.27: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed. "fipstest.c", line 2748.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 2800.31: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "const char*" is not allowed. "fipstest.c", line 2808.21: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "const char*" is not allowed. "fipstest.c", line 2914.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 2914.41: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed. "fipstest.c", line 2935.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 2935.41: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed. "fipstest.c", line 3159.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3173.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3187.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3201.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3228.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3468.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3590.13: 1506-046 (S) Syntax error. "fipstest.c", line 3590.15: 1506-045 (S) Undeclared identifier calculate. "fipstest.c", line 3590.43: 1506-045 (S) Undeclared identifier and. "fipstest.c", line 3612.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3627.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3642.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3660.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3679.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3694.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. "fipstest.c", line 3708.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed. gmake[2]: *** [AIX5.1_DBG.OBJ/fipstest.o] Error 1
Severity: normal → blocker
Priority: -- → P1
|
|
Assignee | |
Comment 7•19 years ago
|
||
Attachment #210378 -
Flags: review?(wtchang)
|
|
||
Comment 8•19 years ago
|
||
Using casts to fix compiler warnings should only be used as a last resort. The correct fix is usally to declare the variables or function parameters with the correct types. This usually takes more time because you need to understand the code in order to figure out what the correct types should be. In C, we usually use the following convention regarding 'char' and 'unsigned char'. 1. We use 'char' for a character, as in a character string. 2. We use 'unsigned char' for a byte (also known as an octet) or an 8-bit unsigned integer. 3. We use 'signed char' for an 8-bit signed integer. Under this convention, the 'c2' parameters of hex_from_2char and char2_from_hex should be 'char' instead of 'unsigned char' because they represent characters that are hexadecimal digits, and the variables 'msg', 'secret_key', 'message', and 'key' should be 'unsigned char' instead of 'char' because they represents bytes (or octets). I also fixed a warning about sscanf format (use %u instead of %d because vfy.counter is an unsigned int) and a warning about unused variable 'len'. Please review and test this patch on AIX to see all the warnings Nelson reported in comment 6 are fixed.
Attachment #210378 -
Attachment is obsolete: true
Attachment #210405 -
Flags: review?(glen.beasley)
Attachment #210378 -
Flags: review?(wtchang)
|
|
Assignee | |
Comment 9•19 years ago
|
||
Comment on attachment 210405 [details] [diff] [review] removal of compiler warnings, v2 builds with no warnings on Solaris 8, AIX, and HP 11, but there are some uninitialized warnings on Red Hat Enterprise Linux AS release 3 (Taroon Update 3) Kernel 2.4.21-19.ELsmp on an x86_64 fipstest.c: In function `tdea_kat_mmt': fipstest.c:318: warning: `mode' might be used uninitialized in this function fipstest.c: In function `aes_kat_mmt': fipstest.c:1027: warning: `mode' might be used uninitialized in this function fipstest.c:1030: warning: `keysize' might be used uninitialized in this functionfipstest.c: In function `aes_ecb_mct': fipstest.c:1227: warning: `keysize' might be used uninitialized in this functionfipstest.c: In function `aes_cbc_mct': fipstest.c:1510: warning: `keysize' might be used uninitialized in this functionfipstest.c: In function `rng_vst': fipstest.c:2581: warning: `b' might be used uninitialized in this function fipstest.c: In function `rng_mct': fipstest.c:2704: warning: `b' might be used uninitialized in this function fipstest.c: In function `sha_test': fipstest.c:2902: warning: `MDlen' might be used uninitialized in this function fipstest.c:2903: warning: `msgLen' might be used uninitialized in this function fipstest.c:2910: warning: `req' might be used uninitialized in this function fipstest.c: In function `hmac_test': fipstest.c:3073: warning: `keyLen' might be used uninitialized in this function fipstest.c:3078: warning: `HMACLen' might be used uninitialized in this functionfipstest.c:3080: warning: `hash_alg' might be used uninitialized in this function fipstest.c:3082: warning: `req' might be used uninitialized in this function fipstest.c: In function `dsa_pqggen_test': fipstest.c:3527: warning: `keySizeIndex' might be used uninitialized in this function fipstest.c: In function `rsa_sigver_test': fipstest.c:4231: warning: `shaLength' might be used uninitialized in this function fipstest.c:4235: warning: `signatureLength' might be used uninitialized in this function
Attachment #210405 -
Flags: review?(glen.beasley) → review+
|
|
||
Comment 10•19 years ago
|
||
Comment on attachment 210405 [details] [diff] [review] removal of compiler warnings, v2 I checked in this compiler warning patch on the trunk (NSS 3.12) and NSS_3_11_BRANCH (NSS 3.11.1). Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.21; previous revision: 1.20 done Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.3.2.14; previous revision: 1.3.2.13 done
|
|
Assignee | |
Comment 11•18 years ago
|
||
Attachment #212018 -
Flags: review?(wtchang)
|
|
||
Comment 12•18 years ago
|
||
Comment on attachment 212018 [details] [diff] [review] FIPS 186-2 says the length of Seed is at least 160 bits. The change to pqg.c is not necessary because L/8 >= 512/8 = 64 > DSA_SEED_LENGTH_BYTES. I will attach a better patch for fipstest.c.
Attachment #212018 -
Flags: review?(wtchang) → review-
|
|
||
Comment 13•18 years ago
|
||
This patch contains the following changes to the DSA tests. 1. Replace all PQG_ParamGen calls with PQG_ParamGenSeedLen calls, with seedBytes=20 (DSA_TEST_SEED_BYTES). 2. Remove the unused keySizeIndex variable from two tests. 3. Handle the return value 'rv' and the 'result' output parameter of PQG_VerifyParams separately. rv=SECFailure means the verification could not be done; it doesn't mean the parameters are verified to be invalid. 4. In the Domain Parameter Generation Test (PQGGen), pad the output of H values with leading 0's.
Attachment #212038 -
Flags: review?(glen.beasley)
|
|
||
Updated•18 years ago
|
Attachment #212018 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•18 years ago
|
Attachment #212038 -
Flags: review?(glen.beasley) → review+
|
|
||
Comment 14•18 years ago
|
||
Comment on attachment 212038 [details] [diff] [review] Use 160-bit SEED in DSA tests I checked in the "160-bit SEED" patch on the NSS trunk (3.12) and NSS_3_11_BRANCH (3.11.1). Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.25; previous revision: 1.24 done Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.3.2.18; previous revision: 1.3.2.17 done
|
|
||
Updated•18 years ago
|
Whiteboard: FIPS
|
|
||
Updated•18 years ago
|
QA Contact: jason.m.reid → test
|
|
Assignee | |
Updated•18 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•