Implement DSA algorithm tests for FIPS 140-2 validation

RESOLVED FIXED in 3.11.1

Status

P1
blocker
RESOLVED FIXED
13 years ago
13 years ago

People

(Reporter: glenbeasley, Assigned: glenbeasley)

Tracking

3.11.1
3.11.1
Sun
Solaris

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: FIPS)

Attachments

(3 attachments, 4 obsolete attachments)

(Assignee)

Comment 1

13 years ago
Created attachment 208765 [details] [diff] [review]
dsa tests
Attachment #208765 - Flags: review?(wtchang)

Comment 2

13 years ago
Comment on attachment 208765 [details] [diff] [review]
dsa tests

Glen, please regenerate the patch with "cvs diff -uN".
(Assignee)

Comment 3

13 years ago
Created attachment 208778 [details] [diff] [review]
dsa tests
Attachment #208765 - Attachment is obsolete: true
Attachment #208778 - Flags: review?(wtchang)
Attachment #208765 - Flags: review?(wtchang)
(Assignee)

Updated

13 years ago
Attachment #208778 - Flags: review?(wtchang)
(Assignee)

Comment 4

13 years ago
Created attachment 209643 [details] [diff] [review]
dsa tests
Attachment #208778 - Attachment is obsolete: true
Attachment #209643 - Flags: review?(wtchang)

Updated

13 years ago
Attachment #209643 - Flags: review?(wtchang) → review+
(Assignee)

Comment 5

13 years ago
Checked into the NSS tip, and the NSS 3.11 branch

 cvs commit -m "328967 DSA FIPS tests r=Wan-Teh" dsa.sh fipstest.c
Enter passphrase for key '/home/gb134726/.ssh/id_dsa':
RCS file: /cvsroot/mozilla/security/nss/cmd/fipstest/Attic/dsa.sh,v
done
Checking in dsa.sh;
/cvsroot/mozilla/security/nss/cmd/fipstest/Attic/dsa.sh,v  <--  dsa.sh
new revision: 1.1.2.1; previous revision: 1.1
done
Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v  <--  fipstest.c
new revision: 1.3.2.10; previous revision: 1.3.2.9
done
 cvs commit -m "328967 DSA FIPS tests r=Wan-Teh" dsa.sh fipstest.c
Enter passphrase for key '/home/gb134726/.ssh/id_dsa':
Checking in dsa.sh;
/cvsroot/mozilla/security/nss/cmd/fipstest/dsa.sh,v  <--  dsa.sh
new revision: 1.2; previous revision: 1.1
done
Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v  <--  fipstest.c
new revision: 1.17; previous revision: 1.16
done




Status: NEW → ASSIGNED
The checkin done Friday morning appears to have broken the build on AIX and 
Linux.  Here are the errors from the AIX build:


gmake[2]: Entering directory `/share/builds/mccrel3/security/securityjes5/builds/20060130.1/wozzeck_Solaris8/mozilla/security/nss/cmd/fipstest'
xlc_r -o AIX5.1_DBG.OBJ/fipstest.o -c -g -DAIX -DSYSV -DXP_UNIX -DDEBUG -UNDEBUG -DDEBUG_svbld -DNSS_ENABLE_ECC -DNSS_ENABLE_ECC -I../../../../dist/AIX5.1_DBG.OBJ/include  -I../../../../dist/public/nss -I../../../../dist/private/nss  /share/builds/mccrel3/security/securityjes5/builds/20060130.1/wozzeck_Solaris8/mozilla/security/nss/cmd/fipstest/fipstest.c
"fipstest.c", line 105.32: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed.
"fipstest.c", line 115.32: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed.
"fipstest.c", line 163.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 167.28: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "const char*" is not allowed.
"fipstest.c", line 370.36: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 385.36: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 397.36: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 409.36: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 424.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 441.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 471.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 790.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 801.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 812.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 824.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 842.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 865.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 1069.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 1083.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 1100.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 1131.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 1267.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 1284.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 1382.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 1552.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 1565.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 1581.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 1693.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 2297.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 2455.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 2724.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 2724.41: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed.
"fipstest.c", line 2730.27: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed.
"fipstest.c", line 2748.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 2800.31: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "const char*" is not allowed.
"fipstest.c", line 2808.21: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "const char*" is not allowed.
"fipstest.c", line 2914.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 2914.41: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed.
"fipstest.c", line 2935.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 2935.41: 1506-280 (E) Function argument assignment between types "unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3159.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3173.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3187.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3201.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3228.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3468.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3590.13: 1506-046 (S) Syntax error.
"fipstest.c", line 3590.15: 1506-045 (S) Undeclared identifier calculate.
"fipstest.c", line 3590.43: 1506-045 (S) Undeclared identifier and.
"fipstest.c", line 3612.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3627.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3642.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3660.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3679.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3694.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
"fipstest.c", line 3708.32: 1506-280 (E) Function argument assignment between types "const unsigned char*" and "char*" is not allowed.
gmake[2]: *** [AIX5.1_DBG.OBJ/fipstest.o] Error 1
Severity: normal → blocker
Priority: -- → P1
(Assignee)

Comment 7

13 years ago
Created attachment 210378 [details] [diff] [review]
removal of compiler warnings
Attachment #210378 - Flags: review?(wtchang)

Comment 8

13 years ago
Created attachment 210405 [details] [diff] [review]
removal of compiler warnings, v2

Using casts to fix compiler warnings should only be
used as a last resort.  The correct fix is usally to
declare the variables or function parameters with
the correct types.  This usually takes more time
because you need to understand the code in order to
figure out what the correct types should be.

In C, we usually use the following convention regarding
'char' and 'unsigned char'.

1. We use 'char' for a character, as in a character
string.

2. We use 'unsigned char' for a byte (also known as an
octet) or an 8-bit unsigned integer.

3. We use 'signed char' for an 8-bit signed integer.

Under this convention, the 'c2' parameters of hex_from_2char
and char2_from_hex should be 'char' instead of 'unsigned char'
because they represent characters that are hexadecimal digits,
and the variables 'msg', 'secret_key', 'message', and 'key'
should be 'unsigned char' instead of 'char' because they
represents bytes (or octets).

I also fixed a warning about sscanf format (use %u instead
of %d because vfy.counter is an unsigned int) and a warning
about unused variable 'len'.

Please review and test this patch on AIX to see all the
warnings Nelson reported in comment 6 are fixed.
Attachment #210378 - Attachment is obsolete: true
Attachment #210405 - Flags: review?(glen.beasley)
Attachment #210378 - Flags: review?(wtchang)
(Assignee)

Comment 9

13 years ago
Comment on attachment 210405 [details] [diff] [review]
removal of compiler warnings, v2

builds with no warnings
on Solaris 8, AIX, and HP 11, but there are some uninitialized warnings on 
Red Hat Enterprise Linux AS release 3 (Taroon Update 3)
Kernel 2.4.21-19.ELsmp on an x86_64
fipstest.c: In function `tdea_kat_mmt':
fipstest.c:318: warning: `mode' might be used uninitialized in this function
fipstest.c: In function `aes_kat_mmt':
fipstest.c:1027: warning: `mode' might be used uninitialized in this function
fipstest.c:1030: warning: `keysize' might be used uninitialized in this functionfipstest.c: In function `aes_ecb_mct':
fipstest.c:1227: warning: `keysize' might be used uninitialized in this functionfipstest.c: In function `aes_cbc_mct':
fipstest.c:1510: warning: `keysize' might be used uninitialized in this functionfipstest.c: In function `rng_vst':
fipstest.c:2581: warning: `b' might be used uninitialized in this function
fipstest.c: In function `rng_mct':
fipstest.c:2704: warning: `b' might be used uninitialized in this function
fipstest.c: In function `sha_test':
fipstest.c:2902: warning: `MDlen' might be used uninitialized in this function
fipstest.c:2903: warning: `msgLen' might be used uninitialized in this function
fipstest.c:2910: warning: `req' might be used uninitialized in this function
fipstest.c: In function `hmac_test':
fipstest.c:3073: warning: `keyLen' might be used uninitialized in this function
fipstest.c:3078: warning: `HMACLen' might be used uninitialized in this functionfipstest.c:3080: warning: `hash_alg' might be used uninitialized in this function
fipstest.c:3082: warning: `req' might be used uninitialized in this function
fipstest.c: In function `dsa_pqggen_test':
fipstest.c:3527: warning: `keySizeIndex' might be used uninitialized in this function
fipstest.c: In function `rsa_sigver_test':
fipstest.c:4231: warning: `shaLength' might be used uninitialized in this function
fipstest.c:4235: warning: `signatureLength' might be used uninitialized in this function
Attachment #210405 - Flags: review?(glen.beasley) → review+

Comment 10

13 years ago
Comment on attachment 210405 [details] [diff] [review]
removal of compiler warnings, v2

I checked in this compiler warning patch on the
trunk (NSS 3.12) and NSS_3_11_BRANCH (NSS 3.11.1).

Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v  <--  fipstest.c
new revision: 1.21; previous revision: 1.20
done

Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v  <--  fipstest.c
new revision: 1.3.2.14; previous revision: 1.3.2.13
done
(Assignee)

Comment 11

13 years ago
Created attachment 212018 [details] [diff] [review]
FIPS 186-2 says the length of Seed is at least 160 bits.
Attachment #212018 - Flags: review?(wtchang)

Comment 12

13 years ago
Comment on attachment 212018 [details] [diff] [review]
FIPS 186-2 says the length of Seed is at least 160 bits.

The change to pqg.c is not necessary because
L/8 >= 512/8 = 64 > DSA_SEED_LENGTH_BYTES.
I will attach a better patch for fipstest.c.
Attachment #212018 - Flags: review?(wtchang) → review-

Comment 13

13 years ago
Created attachment 212038 [details] [diff] [review]
Use 160-bit SEED in DSA tests

This patch contains the following changes to the
DSA tests.

1. Replace all PQG_ParamGen calls with PQG_ParamGenSeedLen
calls, with seedBytes=20 (DSA_TEST_SEED_BYTES).

2. Remove the unused keySizeIndex variable from two tests.

3. Handle the return value 'rv' and the 'result' output
parameter of PQG_VerifyParams separately.  rv=SECFailure
means the verification could not be done; it doesn't mean
the parameters are verified to be invalid.

4. In the Domain Parameter Generation Test (PQGGen), pad
the output of H values with leading 0's.
Attachment #212038 - Flags: review?(glen.beasley)

Updated

13 years ago
Attachment #212018 - Attachment is obsolete: true
(Assignee)

Updated

13 years ago
Attachment #212038 - Flags: review?(glen.beasley) → review+

Comment 14

13 years ago
Comment on attachment 212038 [details] [diff] [review]
Use 160-bit SEED in DSA tests

I checked in the "160-bit SEED" patch on the NSS trunk
(3.12) and NSS_3_11_BRANCH (3.11.1).

Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v  <--  fipstest.c
new revision: 1.25; previous revision: 1.24
done

Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v  <--  fipstest.c
new revision: 1.3.2.18; previous revision: 1.3.2.17
done
Whiteboard: FIPS
QA Contact: jason.m.reid → test
(Assignee)

Updated

13 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.