Closed Bug 1660304 Opened 5 years ago Closed 5 years ago

New FIPS IG requires self-tests for approved kdfs.

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.59
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rrelyea, Assigned: rrelyea)

Details

Attachments

(1 file)

Bug 1660304 New FIPS IG requires self-tests for approved kdfs.
47 bytes, text/x-phabricator-request
Details | Review

FIPS guidance now requires self-tests for our kdfs. It also requires self-tests for cmac which we didn't have in the cmac patch.

Currently only one test per kdf is necessary. Specifially for SP-800-108, only
one of the three flavors are needed (counter, feedback, or pipeline). HKDF is currently not included in FIPS, but is on track to be included, so hkdf should be included in this patch.

KDF's:
SP-800-108 (softoken/kbkdf.c)
pbkdf (softoken/lowpbe.c)
IKE (softoken/sftkike.c)
TLS KDF (freebl/tlsprfalg.c)
HDKDF (softoken/pkcs11c.c)

CMAC: (freebl/cmac.c)

FIPS guidance now requires self-tests for our kdfs. It also requires self-tests for cmac which we didn't have in the cmac patch.

Currently only one test per kdf is necessary. Specifially for SP-800-108, only
one of the three flavors are needed (counter, feedback, or pipeline). This
patch includes more complete testing but it has been turned off the currently
extraneous tests under the assumption that NIST guidance may require them
in the future. HKDF is currently not included in FIPS, but is on track to be
included, so hkdf have been included in this patch.

Because the test vectors are const strings, the patch pushes some const
definitions that were missing in existing private interfaces.

There are three flavors of self-tests:
Function implemented in freebl are added to the freebl/fipsfreebl.c
Functions implemented in pkcs11c.c have selftests completely implemented in
softoken/fipstest.c
Functions implemented in their own .c file have their selftest function
implemented in that .c file and called by fipstests.c
These are consistant with the previous choices for selftests.

Some private interfaces that took in keys from pkcs #11 structures or outputted keys to pkcs #11 structures were modified to optionally take keys in by bytes
and output keys as bytes so the self-tests can work in just bytes.

https://hg.mozilla.org/projects/nss/rev/5dca54fe61c2916e540129590a40772d5be89a1d

Assignee: nobody → rrelyea
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.57
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: