Closed
Bug 318968
Opened 19 years ago
Closed 18 years ago
Implement ECDSA algorithm tests for FIPS 140-2 validation
Categories
(NSS :: Test, enhancement, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.2
People
(Reporter: glenbeasley, Assigned: wtc)
References
Details
(Whiteboard: ECC FIPS)
Attachments
(4 files, 4 obsolete files)
998 bytes,
text/plain
|
glenbeasley
:
review+
|
Details |
23.62 KB,
patch
|
glenbeasley
:
review+
|
Details | Diff | Splinter Review |
3.51 KB,
patch
|
Details | Diff | Splinter Review | |
4.75 KB,
patch
|
glenbeasley
:
review+
|
Details | Diff | Splinter Review |
Reporter | ||
Updated•19 years ago
|
Assignee: glen.beasley → wtchang
Assignee | ||
Comment 1•19 years ago
|
||
Glen, hopefully you can adapt the ECDSA tests in this patch for the DSA tests.
Assignee | ||
Comment 2•19 years ago
|
||
Comment on attachment 206148 [details] [diff] [review] Work in progress Glen, the parsing of the "R = ..." and "S = ..." lines in ecdsa_sigver_test in this patch is not correct.
Assignee | ||
Comment 3•19 years ago
|
||
This patch is near final. I will review it, but I expect to only make comment and buffer size changes. So it is safe to adapt this patch for DSA.
Attachment #206148 -
Attachment is obsolete: true
Assignee | ||
Comment 4•19 years ago
|
||
Attachment #206346 -
Attachment is obsolete: true
Attachment #206627 -
Flags: review?(glen.beasley)
Assignee | ||
Comment 5•19 years ago
|
||
Attachment #206629 -
Flags: review?(glen.beasley)
Assignee | ||
Comment 6•19 years ago
|
||
I made some cosmetic changes.
Attachment #206627 -
Attachment is obsolete: true
Attachment #206644 -
Flags: review?(glen.beasley)
Attachment #206627 -
Flags: review?(glen.beasley)
Reporter | ||
Updated•19 years ago
|
Attachment #206629 -
Flags: review?(glen.beasley) → review+
Reporter | ||
Updated•19 years ago
|
Attachment #206644 -
Flags: review?(glen.beasley) → review+
Assignee | ||
Comment 7•19 years ago
|
||
Checked in on the tip and the NSS_3_11_BRANCH. RCS file: /cvsroot/mozilla/security/nss/cmd/fipstest/ecdsa.sh,v done Checking in ecdsa.sh; /cvsroot/mozilla/security/nss/cmd/fipstest/ecdsa.sh,v <-- ecdsa.sh initial revision: 1.1 done Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.14; previous revision: 1.13 done Checking in ecdsa.sh; /cvsroot/mozilla/security/nss/cmd/fipstest/ecdsa.sh,v <-- ecdsa.sh new revision: 1.1.2.2; previous revision: 1.1.2.1 done Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.3.2.7; previous revision: 1.3.2.6 done
Severity: normal → enhancement
Status: NEW → RESOLVED
Closed: 19 years ago
OS: Solaris → All
Hardware: Sun → All
Resolution: --- → FIXED
Version: 3.11.1 → 3.11
Comment 8•19 years ago
|
||
The last checkin busted the build when not building with NSS_ENABLE_ECC .
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 9•19 years ago
|
||
Attachment #206670 -
Flags: superreview?(wtchang)
Attachment #206670 -
Flags: review?(glen.beasley)
Comment 10•19 years ago
|
||
Because I didn't want the builds to fail tonight, I checked this in to the tip : Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.15; previous revision: 1.14 done And to NSS_3_11_BRANCH : Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.3.2.8; previous revision: 1.3.2.7 done If you agree with the fix, just r+ and close the bug.
Reporter | ||
Updated•19 years ago
|
Attachment #206670 -
Flags: review?(glen.beasley) → review+
Assignee | ||
Comment 11•19 years ago
|
||
Thanks for fixing the build error. I did do a verification build with NSS_ENABLE_ECC unset, but I made a mistake. The only essential difference of this patch from Julien's patch is that in the makefile we need to add -DNSS_ENABLE_ECC to DEFINES if NSS_ENABLE_ECC is defined.
Attachment #206670 -
Attachment is obsolete: true
Attachment #206670 -
Flags: superreview?(wtchang)
Assignee | ||
Comment 12•18 years ago
|
||
Previously I took the shortcut of using a structure assignment to copy an ECParams structure. This patch does the copy properly with an EC_CopyParams call. Here is a summary of the changes in this patch. 1. Pass PR_FALSE as the 'zero' argument to the PORT_FreeArena calls for ECParams' arena because EC domain parameters are public and so don't need to be zeroized. 2. Use EC_CopyParams to copy 'ecparams' to 'ecpub.ecParams'. That is, I changed ecpub.ecParams = *ecparams; to if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams) != SECSuccess) { goto loser; } Since this copying requires an arena (saved in 'ecpub.ecParams.arena'), I also allocate 'ecpub.publicValue' from that arena. 3. Reduce the scope of 'ecparams' to the 'if' block. Outside the 'if' block, we will use 'ecpub.ecParams' instead.
Attachment #212008 -
Flags: review?(glen.beasley)
Reporter | ||
Updated•18 years ago
|
Attachment #212008 -
Flags: review?(glen.beasley) → review+
Assignee | ||
Comment 13•18 years ago
|
||
Comment on attachment 212008 [details] [diff] [review] Use EC_CopyParams to copy a ECParams structure I checked in the EC_CopyParams patch on the NSS trunk (3.12) and the NSS_3_11_BRANCH (3.11.1). Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.23; previous revision: 1.22 done Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.3.2.16; previous revision: 1.3.2.15 done
Assignee | ||
Updated•18 years ago
|
Comment 14•18 years ago
|
||
Is this bug ready to be resolved/fixed?
Priority: -- → P1
Whiteboard: ECC FIPS
Assignee | ||
Comment 15•18 years ago
|
||
Let's wait until we have passed the FIPS ECDSA algorithm test. This bug also depends on some other open bugs.
Status: REOPENED → ASSIGNED
Assignee | ||
Updated•18 years ago
|
Target Milestone: 3.11.1 → 3.11.2
Updated•18 years ago
|
QA Contact: jason.m.reid → test
Assignee | ||
Updated•18 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 19 years ago → 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•