82 lines
4.3 KiB
Diff
82 lines
4.3 KiB
Diff
|
# HG changeset patch
|
||
|
# User Tomas Mraz <tmraz@fedoraproject.org>
|
||
|
# Date 1560861770 -7200
|
||
|
# Tue Jun 18 14:42:50 2019 +0200
|
||
|
# Node ID 6ef49fe67d6227a1d290da5537ec0dade379a15a
|
||
|
# Parent ebc93d6daeaa9001d31fd18b5199779da99ae9aa
|
||
|
Bug 1559906, fipstest: use CKM_TLS12_MASTER_KEY_DERIVE in TLS test, r=rrelyea
|
||
|
|
||
|
This also lets us CAVS tests more than just SHA256.
|
||
|
|
||
|
diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c
|
||
|
--- a/cmd/fipstest/fipstest.c
|
||
|
+++ b/cmd/fipstest/fipstest.c
|
||
|
@@ -6669,12 +6669,13 @@ tls(char *reqfn)
|
||
|
|
||
|
CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE, NULL, 0 };
|
||
|
CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE, NULL, 0 };
|
||
|
- CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
|
||
|
- CK_SSL3_KEY_MAT_PARAMS key_block_params;
|
||
|
+ CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
|
||
|
+ CK_TLS12_KEY_MAT_PARAMS key_block_params;
|
||
|
CK_SSL3_KEY_MAT_OUT key_material;
|
||
|
CK_RV crv;
|
||
|
|
||
|
/* set up PKCS #11 parameters */
|
||
|
+ master_params.prfHashMechanism = CKM_SHA256;
|
||
|
master_params.pVersion = NULL;
|
||
|
master_params.RandomInfo.pClientRandom = clientHello_random;
|
||
|
master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random);
|
||
|
@@ -6682,6 +6683,7 @@ tls(char *reqfn)
|
||
|
master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random);
|
||
|
master_mech.pParameter = (void *)&master_params;
|
||
|
master_mech.ulParameterLen = sizeof(master_params);
|
||
|
+ key_block_params.prfHashMechanism = CKM_SHA256;
|
||
|
key_block_params.ulMacSizeInBits = 0;
|
||
|
key_block_params.ulKeySizeInBits = 0;
|
||
|
key_block_params.ulIVSizeInBits = 0;
|
||
|
@@ -6724,13 +6726,39 @@ tls(char *reqfn)
|
||
|
if (buf[0] == '[') {
|
||
|
if (strncmp(buf, "[TLS", 4) == 0) {
|
||
|
if (buf[7] == '0') {
|
||
|
+ /* CK_SSL3_MASTER_KEY_DERIVE_PARAMS is a subset of
|
||
|
+ * CK_TLS12_MASTER_KEY_DERIVE_PARAMS and
|
||
|
+ * CK_SSL3_KEY_MAT_PARAMS is a subset of
|
||
|
+ * CK_TLS12_KEY_MAT_PARAMS. The latter params have
|
||
|
+ * an extra prfHashMechanism field at the end. */
|
||
|
master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE;
|
||
|
key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
|
||
|
+ master_mech.ulParameterLen = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS);
|
||
|
+ key_block_mech.ulParameterLen = sizeof(CK_SSL3_KEY_MAT_PARAMS);
|
||
|
} else if (buf[7] == '2') {
|
||
|
- master_mech.mechanism =
|
||
|
- CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256;
|
||
|
- key_block_mech.mechanism =
|
||
|
- CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
|
||
|
+ if (strncmp(&buf[10], "SHA-1", 5) == 0) {
|
||
|
+ master_params.prfHashMechanism = CKM_SHA_1;
|
||
|
+ key_block_params.prfHashMechanism = CKM_SHA_1;
|
||
|
+ } else if (strncmp(&buf[10], "SHA-224", 7) == 0) {
|
||
|
+ master_params.prfHashMechanism = CKM_SHA224;
|
||
|
+ key_block_params.prfHashMechanism = CKM_SHA224;
|
||
|
+ } else if (strncmp(&buf[10], "SHA-256", 7) == 0) {
|
||
|
+ master_params.prfHashMechanism = CKM_SHA256;
|
||
|
+ key_block_params.prfHashMechanism = CKM_SHA256;
|
||
|
+ } else if (strncmp(&buf[10], "SHA-384", 7) == 0) {
|
||
|
+ master_params.prfHashMechanism = CKM_SHA384;
|
||
|
+ key_block_params.prfHashMechanism = CKM_SHA384;
|
||
|
+ } else if (strncmp(&buf[10], "SHA-512", 7) == 0) {
|
||
|
+ master_params.prfHashMechanism = CKM_SHA512;
|
||
|
+ key_block_params.prfHashMechanism = CKM_SHA512;
|
||
|
+ } else {
|
||
|
+ fprintf(tlsresp, "ERROR: Unable to find prf Hash type");
|
||
|
+ goto loser;
|
||
|
+ }
|
||
|
+ master_mech.mechanism = CKM_TLS12_MASTER_KEY_DERIVE;
|
||
|
+ key_block_mech.mechanism = CKM_TLS12_KEY_AND_MAC_DERIVE;
|
||
|
+ master_mech.ulParameterLen = sizeof(master_params);
|
||
|
+ key_block_mech.ulParameterLen = sizeof(key_block_params);
|
||
|
} else {
|
||
|
fprintf(stderr, "Unknown TLS type %x\n",
|
||
|
(unsigned int)buf[0]);
|