Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-10 17:24:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1401594 - land NSS NSS_3_34_BETA1 UPGRADE_NSS_RELEASE, r=me

Browse Source 
MozReview-Commit-ID: 8ckNdJ29KWZ

--HG--
extra : rebase_source : 9766af247842aabce5e46c4a8d1d03c3f70d21f7
This commit is contained in:
Franziskus Kiefer 2017-11-01 15:38:36 +01:00
parent cb5eb53200
commit 1db8f13af3
58 changed files with 3673 additions and 2797 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
security/nss.symbols
View File

@ -718,6 +718,9 @@ __PK11_SetCertificateNickname
NSS_SecureMemcmpZero
PORT_ZAllocAlignedOffset_Util
CERT_FindCertByNicknameOrEmailAddrCX
SECKEY_GetPrivateKeyType
SEC_DerSignDataWithAlgorithmID
SEC_CreateSignatureAlgorithmParameters
# These symbols are not used by Firefox itself, but are used by Java's security
# libraries, which in turn are used by Java applets/plugins/etc. Provide them
# to make Java code happy.

2
security/nss/TAG-INFO
View File

@ -1 +1 @@
f3766809817b
NSS_3_34_BETA1

11
security/nss/automation/abi-check/expected-report-libnss3.so.txt
View File

@ -0,0 +1,11 @@
Functions changes summary: 0 Removed, 0 Changed, 4 Added functions
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
4 Added functions:
'function SECItem* SEC_CreateSignatureAlgorithmParameters(SECItem*, SECOidTag, SECOidTag, const SECItem*, const SECKEYPrivateKey*)' {SEC_CreateSignatureAlgorithmParameters@@NSS_3.34}
'function SECStatus SEC_DerSignDataWithAlgorithmID(SECItem*, const unsigned char*, int, SECKEYPrivateKey*, SECAlgorithmID*)' {SEC_DerSignDataWithAlgorithmID@@NSS_3.34}
'function SECStatus SEC_SignDataWithAlgorithmID(SECItem*, const unsigned char*, int, SECKEYPrivateKey*, SECAlgorithmID*)' {SEC_SignDataWithAlgorithmID@@NSS_3.34}
'function void SGN_NewContextWithAlgorithmID(SECAlgorithmID*, SECKEYPrivateKey*)' {SGN_NewContextWithAlgorithmID@@NSS_3.34}

15
security/nss/automation/abi-check/expected-report-libssl3.so.txt
View File

@ -0,0 +1,15 @@
Functions changes summary: 0 Removed, 1 Changed, 0 Added function
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
1 function with some indirect sub-type change:
[C]'function SECStatus SSL_GetChannelInfo(SSLChannelInfo*, PRUintn)' at sslinfo.c:26:1 has some indirect sub-type changes:
parameter 1 of type 'SSLChannelInfo*' has sub-type changes:
in pointed to type 'typedef SSLChannelInfo' at sslt.h:288:1:
underlying type 'struct SSLChannelInfoStr' at sslt.h:229:1 changed:
type size changed from 896 to 960 bits
2 data member insertions:
'SSLNamedGroup SSLChannelInfoStr::originalKeaGroup', at offset 864 (in bits) at sslt.h:281:1
'PRBool SSLChannelInfoStr::resumed', at offset 896 (in bits) at sslt.h:284:1

25
security/nss/automation/buildbot-slave/build.sh
View File

@ -256,26 +256,41 @@ check_abi()
fi
popd
ABI_PROBLEM_FOUND=0
ABI_REPORT=${OUTPUTDIR}/abi-diff.txt
rm -f ${ABI_REPORT}
PREVDIST=${HGDIR}/baseline/dist
NEWDIST=${HGDIR}/dist
ALL_SOs="libfreebl3.so libfreeblpriv3.so libnspr4.so libnss3.so libnssckbi.so libnssdbm3.so libnsssysinit.so libnssutil3.so libplc4.so libplds4.so libsmime3.so libsoftokn3.so libssl3.so"
for SO in ${ALL_SOs}; do
if [ ! -f nss/automation/abi-check/expected-report-$SO.txt ]; then
touch nss/automation/abi-check/expected-report-$SO.txt
if [ ! -f ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt ]; then
touch ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt
fi
abidiff --hd1 $PREVDIST/public/ --hd2 $NEWDIST/public \
$PREVDIST/*/lib/$SO $NEWDIST/*/lib/$SO \
> nss/automation/abi-check/new-report-$SO.txt
diff -u nss/automation/abi-check/expected-report-$SO.txt \
nss/automation/abi-check/new-report-$SO.txt >> ${ABI_REPORT}
> ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt
if [ $? -ne 0 ]; then
ABI_PROBLEM_FOUND=1
fi
if [ ! -f ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt ]; then
ABI_PROBLEM_FOUND=1
fi
diff -wB -u ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt \
${HGDIR}/nss/automation/abi-check/new-report-$SO.txt >> ${ABI_REPORT}
if [ ! -f ${ABI_REPORT} ]; then
ABI_PROBLEM_FOUND=1
fi
done
if [ -s ${ABI_REPORT} ]; then
print_log "FAILED: there are new unexpected ABI changes"
cat ${ABI_REPORT}
return 1
elif [ $ABI_PROBLEM_FOUND -ne 0 ]; then
print_log "FAILED: failure executing the ABI checks"
cat ${ABI_REPORT}
return 1
fi
return 0

211
security/nss/cmd/certutil/certutil.c
View File

@ -194,6 +194,8 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
PLArenaPool *arena;
void *extHandle;
SECItem signedReq = { siBuffer, NULL, 0 };
SECAlgorithmID signAlg;
SECItem *params = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) {
@ -211,11 +213,25 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
/* Change cert type to RSA-PSS, if desired. */
if (pssCertificate) {
params = SEC_CreateSignatureAlgorithmParameters(arena,
NULL,
SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
hashAlgTag,
NULL,
privk);
if (!params) {
PORT_FreeArena(arena, PR_FALSE);
SECKEY_DestroySubjectPublicKeyInfo(spki);
SECU_PrintError(progName, "unable to create RSA-PSS parameters");
return SECFailure;
}
spki->algorithm.parameters.data = NULL;
rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
SEC_OID_PKCS1_RSA_PSS_SIGNATURE, 0);
SEC_OID_PKCS1_RSA_PSS_SIGNATURE, params);
if (rv != SECSuccess) {
PORT_FreeArena(arena, PR_FALSE);
SECKEY_DestroySubjectPublicKeyInfo(spki);
SECU_PrintError(progName, "unable to set algorithm ID");
return SECFailure;
}
@ -256,16 +272,34 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
return SECFailure;
}
/* Sign the request */
signAlgTag = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag);
if (signAlgTag == SEC_OID_UNKNOWN) {
PORT_FreeArena(arena, PR_FALSE);
SECU_PrintError(progName, "unknown Key or Hash type");
return SECFailure;
PORT_Memset(&signAlg, 0, sizeof(signAlg));
if (pssCertificate) {
rv = SECOID_SetAlgorithmID(arena, &signAlg,
SEC_OID_PKCS1_RSA_PSS_SIGNATURE, params);
if (rv != SECSuccess) {
PORT_FreeArena(arena, PR_FALSE);
SECU_PrintError(progName, "unable to set algorithm ID");
return SECFailure;
}
} else {
signAlgTag = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag);
if (signAlgTag == SEC_OID_UNKNOWN) {
PORT_FreeArena(arena, PR_FALSE);
SECU_PrintError(progName, "unknown Key or Hash type");
return SECFailure;
}
rv = SECOID_SetAlgorithmID(arena, &signAlg, signAlgTag, 0);
if (rv != SECSuccess) {
PORT_FreeArena(arena, PR_FALSE);
SECU_PrintError(progName, "unable to set algorithm ID");
return SECFailure;
}
}
rv = SEC_DerSignData(arena, &signedReq, encoding->data, encoding->len,
privk, signAlgTag);
/* Sign the request */
rv = SEC_DerSignDataWithAlgorithmID(arena, &signedReq,
encoding->data, encoding->len,
privk, &signAlg);
if (rv) {
PORT_FreeArena(arena, PR_FALSE);
SECU_PrintError(progName, "signing of data failed");
@ -1183,6 +1217,8 @@ luC(enum usage_level ul, const char *command)
" -o output-cert");
FPS "%-20s Self sign\n",
" -x");
FPS "%-20s Sign the certificate with RSA-PSS (the issuer key must be rsa)\n",
" --pss-sign");
FPS "%-20s Cert serial number\n",
" -m serial-number");
FPS "%-20s Time Warp\n",
@ -1516,6 +1552,8 @@ luR(enum usage_level ul, const char *command)
" -h token-name");
FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
FPS "%-20s Create a certificate request restricted to RSA-PSS (rsa only)\n",
" --pss");
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
" -q pqgfile");
FPS "%-20s Elliptic curve name (ec only)\n",
@ -1693,6 +1731,8 @@ luS(enum usage_level ul, const char *command)
" -h token-name");
FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
FPS "%-20s Create a certificate restricted to RSA-PSS (rsa only)\n",
" --pss");
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
" -q pqgfile");
FPS "%-20s Elliptic curve name (ec only)\n",
@ -1701,6 +1741,8 @@ luS(enum usage_level ul, const char *command)
"");
FPS "%-20s Self sign\n",
" -x");
FPS "%-20s Sign the certificate with RSA-PSS (the issuer key must be rsa)\n",
" --pss-sign");
FPS "%-20s Cert serial number\n",
" -m serial-number");
FPS "%-20s Time Warp\n",
@ -1864,47 +1906,120 @@ MakeV1Cert(CERTCertDBHandle *handle,
return (cert);
}
static SECStatus
SetSignatureAlgorithm(PLArenaPool *arena,
SECAlgorithmID *signAlg,
SECAlgorithmID *spkiAlg,
SECOidTag hashAlgTag,
SECKEYPrivateKey *privKey,
PRBool pssSign)
{
SECStatus rv;
if (pssSign ||
SECOID_GetAlgorithmTag(spkiAlg) == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
SECItem *srcParams;
SECItem *params;
if (SECOID_GetAlgorithmTag(spkiAlg) == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
srcParams = &spkiAlg->parameters;
} else {
/* If the issuer's public key is RSA, the parameter field
* of the SPKI should be NULL, which can't be used as a
* basis of RSA-PSS parameters. */
srcParams = NULL;
}
params = SEC_CreateSignatureAlgorithmParameters(arena,
NULL,
SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
hashAlgTag,
srcParams,
privKey);
if (!params) {
SECU_PrintError(progName, "Could not create RSA-PSS parameters");
return SECFailure;
}
rv = SECOID_SetAlgorithmID(arena, signAlg,
SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
params);
if (rv != SECSuccess) {
SECU_PrintError(progName, "Could not set signature algorithm id.");
return rv;
}
} else {
KeyType keyType = SECKEY_GetPrivateKeyType(privKey);
SECOidTag algID;
algID = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag);
if (algID == SEC_OID_UNKNOWN) {
SECU_PrintError(progName, "Unknown key or hash type for issuer.");
return SECFailure;
}
rv = SECOID_SetAlgorithmID(arena, signAlg, algID, 0);
if (rv != SECSuccess) {
SECU_PrintError(progName, "Could not set signature algorithm id.");
return rv;
}
}
return SECSuccess;
}
static SECStatus
SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
SECOidTag hashAlgTag,
SECKEYPrivateKey *privKey, char *issuerNickName,
int certVersion, void *pwarg)
int certVersion, PRBool pssSign, void *pwarg)
{
SECItem der;
SECKEYPrivateKey *caPrivateKey = NULL;
SECStatus rv;
PLArenaPool *arena;
SECOidTag algID;
CERTCertificate *issuer;
void *dummy;
if (!selfsign) {
CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, pwarg);
if ((CERTCertificate *)NULL == issuer) {
SECU_PrintError(progName, "unable to find issuer with nickname %s",
issuerNickName);
return SECFailure;
}
privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg);
CERT_DestroyCertificate(issuer);
if (caPrivateKey == NULL) {
SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName);
return SECFailure;
}
}
arena = cert->arena;
algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, hashAlgTag);
if (algID == SEC_OID_UNKNOWN) {
fprintf(stderr, "Unknown key or hash type for issuer.");
if (selfsign) {
issuer = cert;
} else {
issuer = PK11_FindCertFromNickname(issuerNickName, pwarg);
if ((CERTCertificate *)NULL == issuer) {
SECU_PrintError(progName, "unable to find issuer with nickname %s",
issuerNickName);
rv = SECFailure;
goto done;
}
privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg);
if (caPrivateKey == NULL) {
SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName);
rv = SECFailure;
CERT_DestroyCertificate(issuer);
goto done;
}
}
if (pssSign &&
(SECKEY_GetPrivateKeyType(privKey) != rsaKey &&
SECKEY_GetPrivateKeyType(privKey) != rsaPssKey)) {
SECU_PrintError(progName, "unable to create RSA-PSS signature with key %s",
issuerNickName);
rv = SECFailure;
if (!selfsign) {
CERT_DestroyCertificate(issuer);
}
goto done;
}
rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0);
rv = SetSignatureAlgorithm(arena,
&cert->signature,
&issuer->subjectPublicKeyInfo.algorithm,
hashAlgTag,
privKey,
pssSign);
if (!selfsign) {
CERT_DestroyCertificate(issuer);
}
if (rv != SECSuccess) {
fprintf(stderr, "Could not set signature algorithm id.");
goto done;
}
@ -1923,7 +2038,8 @@ SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
rv = SECFailure;
goto done;
}
der.len = 0;
@ -1936,7 +2052,8 @@ SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
goto done;
}
rv = SEC_DerSignData(arena, &cert->derCert, der.data, der.len, privKey, algID);
rv = SEC_DerSignDataWithAlgorithmID(arena, &cert->derCert, der.data, der.len,
privKey, &cert->signature);
if (rv != SECSuccess) {
fprintf(stderr, "Could not sign encoded certificate data.\n");
/* result allocated out of the arena, it will be freed
@ -1969,6 +2086,7 @@ CreateCert(
certutilExtnList extnList,
const char *extGeneric,
int certVersion,
PRBool pssSign,
SECItem *certDER)
{
void *extHandle = NULL;
@ -2029,7 +2147,7 @@ CreateCert(
rv = SignCert(handle, subjectCert, selfsign, hashAlgTag,
*selfsignprivkey, issuerNickName,
certVersion, pwarg);
certVersion, pssSign, pwarg);
if (rv != SECSuccess)
break;
@ -2352,6 +2470,7 @@ enum certutilOpts {
opt_GenericExtensions,
opt_NewNickname,
opt_Pss,
opt_PssSign,
opt_Help
};
@ -2472,6 +2591,8 @@ static const secuCommandFlag options_init[] =
"new-n" },
{ /* opt_Pss */ 0, PR_FALSE, 0, PR_FALSE,
"pss" },
{ /* opt_PssSign */ 0, PR_FALSE, 0, PR_FALSE,
"pss-sign" },
};
#define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0]))
@ -3363,6 +3484,25 @@ certutil_main(int argc, char **argv, PRBool initialize)
}
}
/* --pss-sign is to sign a certificate with RSA-PSS, even if the
* issuer's key is an RSA key. If the key is an RSA-PSS key, the
* generated signature is always RSA-PSS. */
if (certutil.options[opt_PssSign].activated) {
if (!certutil.commands[cmd_CreateNewCert].activated &&
!certutil.commands[cmd_CreateAndAddCert].activated) {
PR_fprintf(PR_STDERR,
"%s -%c: --pss-sign only works with -C or -S.\n",
progName, commandToRun);
return 255;
}
if (keytype != rsaKey) {
PR_fprintf(PR_STDERR,
"%s -%c: --pss-sign only works with RSA keys.\n",
progName, commandToRun);
return 255;
}
}
/* If we need a list of extensions convert the flags into list format */
if (certutil.commands[cmd_CertReq].activated ||
certutil.commands[cmd_CreateAndAddCert].activated ||
@ -3500,6 +3640,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
(certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg
: NULL),
certVersion,
certutil.options[opt_PssSign].activated,
&certDER);
if (rv)
goto shutdown;

7
security/nss/cmd/lib/secutil.c
View File

@ -1312,15 +1312,12 @@ SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level)
return;
}
if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level + 1);
return;
}
if (a->parameters.len == 0 ||
(a->parameters.len == 2 &&
PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) {
/* No arguments or NULL argument */
} else if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level + 1);
} else {
/* Print args to algorithm */
SECU_PrintAsHex(out, &a->parameters, "Args", level + 1);

48
security/nss/cmd/listsuites/listsuites.c
View File

@ -10,7 +10,9 @@
#include <errno.h>
#include <stdio.h>
#include "nss.h"
#include "secport.h"
#include "secutil.h"
#include "ssl.h"
int
@ -19,6 +21,43 @@ main(int argc, char **argv)
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
int i;
int errCount = 0;
SECStatus rv;
PRErrorCode err;
char *certDir = NULL;
/* load policy from $SSL_DIR/pkcs11.txt, for testing */
certDir = SECU_DefaultSSLDir();
if (certDir) {
rv = NSS_Init(certDir);
} else {
rv = NSS_NoDB_Init(NULL);
}
if (rv != SECSuccess) {
err = PR_GetError();
++errCount;
fprintf(stderr, "NSS_Init failed: %s\n", PORT_ErrorToString(err));
goto out;
}
/* apply policy */
rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, 0);
if (rv != SECSuccess) {
err = PR_GetError();
++errCount;
fprintf(stderr, "NSS_SetAlgorithmPolicy failed: %s\n",
PORT_ErrorToString(err));
goto out;
}
/* update the default cipher suites according to the policy */
rv = SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE);
if (rv != SECSuccess) {
err = PR_GetError();
++errCount;
fprintf(stderr, "SSL_OptionSetDefault failed: %s\n",
PORT_ErrorToString(err));
goto out;
}
fputs("This version of libSSL supports these cipher suites:\n\n", stdout);
@ -58,5 +97,14 @@ main(int argc, char **argv)
info.isFIPS ? "FIPS" : "",
info.nonStandard ? "nonStandard" : "");
}
out:
rv = NSS_Shutdown();
if (rv != SECSuccess) {
err = PR_GetError();
++errCount;
fprintf(stderr, "NSS_Shutdown failed: %s\n", PORT_ErrorToString(err));
}
return errCount;
}

1
security/nss/cmd/manifest.mn
View File

@ -63,6 +63,7 @@ NSS_SRCDIRS = \
pp \
pwdecrypt \
rsaperf \
rsapoptst \
sdrtest \
selfserv \
signtool \

185
security/nss/cmd/rsapoptst/rsapoptst.c
View File

@ -23,7 +23,7 @@ static const struct test_args test_array[] = {
{ "d_n_q", 0x02, "private exponent, modulus, prime2" },
{ "d_p_q", 0x04, "private exponent, prime1, prime2" },
{ "e_d_q", 0x08, "public exponent, private exponent, prime2" },
{ "e_d_n", 0x10, "public exponent, private exponent, moduls" }
{ "e_d_n", 0x10, "public exponent, private exponent, modulus" }
};
static const int test_array_size =
(sizeof(test_array) / sizeof(struct test_args));
@ -58,6 +58,7 @@ const static CK_ATTRIBUTE rsaTemplate[] = {
{ CKA_TOKEN, NULL, 0 },
{ CKA_SENSITIVE, NULL, 0 },
{ CKA_PRIVATE, NULL, 0 },
{ CKA_ID, NULL, 0 },
{ CKA_MODULUS, NULL, 0 },
{ CKA_PUBLIC_EXPONENT, NULL, 0 },
{ CKA_PRIVATE_EXPONENT, NULL, 0 },
@ -123,48 +124,79 @@ fail:
#define ATTR_STRING(x) getNameFromAttribute(x)
void
dumpTemplate(CK_ATTRIBUTE *template, int start, int end)
static void
dumphex(FILE *file, const unsigned char *cpval, int start, int end)
{
int i, j;
for (i = 0; i < end; i++) {
int i;
for (i = start; i < end; i++) {
if ((i % 16) == 0)
fprintf(file, "\n ");
fprintf(file, " %02x", cpval[i]);
}
return;
}
void
dumpTemplate(FILE *file, const CK_ATTRIBUTE *template, int start, int end)
{
int i;
for (i = start; i < end; i++) {
unsigned char cval;
CK_ULONG ulval;
unsigned char *cpval;
const unsigned char *cpval;
fprintf(stderr, "%s:", ATTR_STRING(template[i].type));
fprintf(file, "%s:", ATTR_STRING(template[i].type));
switch (template[i].ulValueLen) {
case 1:
cval = *(unsigned char *)template[i].pValue;
switch (cval) {
case 0:
fprintf(stderr, " false");
fprintf(file, " false");
break;
case 1:
fprintf(stderr, " true");
fprintf(file, " true");
break;
default:
fprintf(stderr, " %d (=0x%02x,'%c')", cval, cval, cval);
fprintf(file, " %d (=0x%02x,'%c')", cval, cval, cval);
break;
}
break;
case sizeof(CK_ULONG):
ulval = *(CK_ULONG *)template[i].pValue;
fprintf(stderr, " %ld (=0x%04lx)", ulval, ulval);
fprintf(file, " %ld (=0x%04lx)", ulval, ulval);
break;
default:
cpval = (unsigned char *)template[i].pValue;
for (j = 0; j < template[i].ulValueLen; j++) {
if ((j % 16) == 0)
fprintf(stderr, "\n ");
fprintf(stderr, " %02x", cpval[j]);
}
cpval = (const unsigned char *)template[i].pValue;
dumphex(file, cpval, 0, template[i].ulValueLen);
break;
}
fprintf(stderr, "\n");
fprintf(file, "\n");
}
}
void
dumpItem(FILE *file, const SECItem *item)
{
const unsigned char *cpval;
if (item == NULL) {
fprintf(file, " pNULL ");
return;
}
if (item->data == NULL) {
fprintf(file, " NULL ");
return;
}
if (item->len == 0) {
fprintf(file, " Empty ");
return;
}
cpval = item->data;
dumphex(file, cpval, 0, item->len);
fprintf(file, " ");
return;
}
PRBool
rsaKeysAreEqual(PK11ObjectType srcType, void *src,
PK11ObjectType destType, void *dest)
@ -191,6 +223,9 @@ rsaKeysAreEqual(PK11ObjectType srcType, void *src,
}
for (i = 0; i < RSA_ATTRIBUTES; i++) {
if (srcTemplate[i].type == CKA_ID) {
continue; /* we purposefully make the CKA_ID different */
}
if (srcTemplate[i].ulValueLen != destTemplate[i].ulValueLen) {
printf("key->%s not equal src_len = %ld, dest_len=%ld\n",
ATTR_STRING(srcTemplate[i].type),
@ -204,18 +239,22 @@ rsaKeysAreEqual(PK11ObjectType srcType, void *src,
}
if (!areEqual) {
fprintf(stderr, "original key:\n");
dumpTemplate(srcTemplate, 0, RSA_ATTRIBUTES);
dumpTemplate(stderr, srcTemplate, 0, RSA_ATTRIBUTES);
fprintf(stderr, "created key:\n");
dumpTemplate(destTemplate, 0, RSA_ATTRIBUTES);
dumpTemplate(stderr, destTemplate, 0, RSA_ATTRIBUTES);
}
resetTemplate(srcTemplate, 0, RSA_ATTRIBUTES);
resetTemplate(destTemplate, 0, RSA_ATTRIBUTES);
return areEqual;
}
static int exp_exp_prime_fail_count = 0;
#define LEAK_ID 0xf
static int
doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
int mask, void *pwarg)
int mask, int round, void *pwarg)
{
SECKEYPrivateKey *rsaPrivKey;
SECKEYPublicKey *rsaPubKey;
@ -227,7 +266,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
CK_OBJECT_CLASS obj_class = CKO_PRIVATE_KEY;
CK_KEY_TYPE key_type = CKK_RSA;
CK_BBOOL ck_false = CK_FALSE;
CK_BYTE cka_id[2] = { 0, 0 };
int failed = 0;
int leak_found; /* did we find the expected leak */
int expect_leak = 0; /* are we expecting a leak? */
rsaParams.pe = exponent;
rsaParams.keySizeInBits = keySize;
@ -259,11 +301,15 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
tstTemplate[3].ulValueLen = sizeof(ck_false);
tstTemplate[4].pValue = &ck_false;
tstTemplate[4].ulValueLen = sizeof(ck_false);
tstHeaderCount = 5;
tstTemplate[5].pValue = &cka_id[0];
tstTemplate[5].ulValueLen = sizeof(cka_id);
tstHeaderCount = 6;
cka_id[0] = round;
if (mask & 1) {
printf("%s\n", test_array[1].description);
resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
cka_id[1] = 0;
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount, CKA_PUBLIC_EXPONENT);
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
@ -271,10 +317,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount + 2, CKA_PRIME_1);
tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
tstHeaderCount +
3,
PR_FALSE);
tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
tstHeaderCount +
3,
PR_FALSE);
if (tstPrivKey == NULL) {
fprintf(stderr, "RSA Populate failed: pubExp mod p\n");
failed = 1;
@ -290,6 +336,7 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
printf("%s\n", test_array[2].description);
/* test the basic2 case, public exponent, modulus, prime2 */
resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
cka_id[1] = 1;
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount, CKA_PUBLIC_EXPONENT);
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
@ -299,10 +346,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
/* test with q in the prime1 position */
tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1;
tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
tstHeaderCount +
3,
PR_FALSE);
tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
tstHeaderCount +
3,
PR_FALSE);
if (tstPrivKey == NULL) {
fprintf(stderr, "RSA Populate failed: pubExp mod q\n");
failed = 1;
@ -318,6 +365,7 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
printf("%s\n", test_array[3].description);
/* test the medium case, private exponent, prime1, prime2 */
resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
cka_id[1] = 2;
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount, CKA_PRIVATE_EXPONENT);
@ -329,10 +377,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1;
tstTemplate[tstHeaderCount + 1].type = CKA_PRIME_2;
tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
tstHeaderCount +
3,
PR_FALSE);
tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
tstHeaderCount +
3,
PR_FALSE);
if (tstPrivKey == NULL) {
fprintf(stderr, "RSA Populate failed: privExp p q\n");
failed = 1;
@ -348,6 +396,7 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
printf("%s\n", test_array[4].description);
/* test the advanced case, public exponent, private exponent, prime2 */
resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
cka_id[1] = 3;
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount, CKA_PRIVATE_EXPONENT);
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
@ -355,10 +404,10 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount + 2, CKA_PRIME_2);
tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
tstHeaderCount +
3,
PR_FALSE);
tstPrivKey = PK11_CreateManagedGenericObject(slot, tstTemplate,
tstHeaderCount +
3,
PR_FALSE);
if (tstPrivKey == NULL) {
fprintf(stderr, "RSA Populate failed: pubExp privExp q\n");
fprintf(stderr, " this is expected periodically. It means we\n");
@ -373,11 +422,12 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
if (tstPrivKey)
PK11_DestroyGenericObject(tstPrivKey);
}
if (mask & 16) {
if (mask & 0x10) {
printf("%s\n", test_array[5].description);
/* test the advanced case2, public exponent, private exponent, modulus
*/
resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
cka_id[1] = LEAK_ID;
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount, CKA_PRIVATE_EXPONENT);
@ -386,6 +436,7 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
tstHeaderCount + 2, CKA_MODULUS);
/* purposefully use the old version. This will create a leak */
tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
tstHeaderCount +
3,
@ -398,9 +449,59 @@ doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n");
failed = 1;
}
expect_leak = 1;
if (tstPrivKey)
PK11_DestroyGenericObject(tstPrivKey);
}
resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
SECKEY_DestroyPrivateKey(rsaPrivKey);
SECKEY_DestroyPublicKey(rsaPubKey);
/* make sure we didn't leak */
leak_found = 0;
tstPrivKey = PK11_FindGenericObjects(slot, CKO_PRIVATE_KEY);
if (tstPrivKey) {
SECStatus rv;
PK11GenericObject *thisKey;
int i;
fprintf(stderr, "Leaking keys...\n");
for (i = 0, thisKey = tstPrivKey; thisKey; i++,
thisKey = PK11_GetNextGenericObject(thisKey)) {
SECItem id = { 0, NULL, 0 };
rv = PK11_ReadRawAttribute(PK11_TypeGeneric, thisKey,
CKA_ID, &id);
if (rv != SECSuccess) {
fprintf(stderr, "Key %d: couldn't read CKA_ID: %s\n",
i, PORT_ErrorToString(PORT_GetError()));
continue;
}
fprintf(stderr, "id = { ");
dumpItem(stderr, &id);
fprintf(stderr, "};");
if (id.data[1] == LEAK_ID) {
fprintf(stderr, " ---> leak expected\n");
if (id.data[0] == round)
leak_found = 1;
} else {
if (id.len != sizeof(cka_id)) {
fprintf(stderr,
" ---> ERROR unexpected leak in generated key\n");
} else {
fprintf(stderr,
" ---> ERROR unexpected leak in constructed key\n");
}
failed = 1;
}
SECITEM_FreeItem(&id, PR_FALSE);
}
PK11_DestroyGenericObjects(tstPrivKey);
}
if (expect_leak && !leak_found) {
fprintf(stderr, "ERROR expected leak not found\n");
failed = 1;
}
PK11_FreeSlot(slot);
return failed ? -1 : 0;
@ -517,7 +618,7 @@ main(int argc, char **argv)
exp_exp_prime_fail_count = 0;
for (i = 0; i < repeat; i++) {
printf("Running RSA Populate test run %d\n", i);
ret = doRSAPopulateTest(keySize, exponent, mask, NULL);
ret = doRSAPopulateTest(keySize, exponent, mask, i, NULL);
if (ret != 0) {
i++;
break;
@ -531,5 +632,9 @@ main(int argc, char **argv)
exp_exp_prime_fail_count, i,
(((double)exp_exp_prime_fail_count) * 100.0) / (double)i);
}
if (NSS_Shutdown() != SECSuccess) {
fprintf(stderr, "Shutdown failed\n");
ret = -1;
}
return ret;
}

25
security/nss/cmd/rsapoptst/rsapoptst.gyp Normal file
View File

@ -0,0 +1,25 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../../cmd/platlibs.gypi'
],
'targets': [
{
'target_name': 'rsapoptst',
'type': 'executable',
'sources': [
'rsapoptst.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:dbm_exports',
'<(DEPTH)/exports.gyp:nss_exports',
]
}
],
'variables': {
'module': 'nss',
}
}

1
security/nss/coreconf/coreconf.dep
View File

@ -10,3 +10,4 @@
*/
#error "Do not include this header file."

1
security/nss/cpputil/cpputil.gyp
View File

@ -10,6 +10,7 @@
'target_name': 'cpputil',
'type': 'static_library',
'sources': [
'databuffer.cc',
'dummy_io.cc',
'dummy_io_fwd.cc',
'tls_parser.cc',

116
security/nss/cpputil/databuffer.cc Normal file
View File

@ -0,0 +1,116 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "databuffer.h"
#include <algorithm>
#include <cassert>
#include <cstring>
#include <iomanip>
#include <iostream>
#if defined(WIN32) || defined(WIN64)
#include <winsock2.h>
#else
#include <arpa/inet.h>
#endif
namespace nss_test {
void DataBuffer::Assign(const uint8_t* data, size_t len) {
if (data) {
Allocate(len);
memcpy(static_cast<void*>(data_), static_cast<const void*>(data), len);
} else {
assert(len == 0);
data_ = nullptr;
len_ = 0;
}
}
// Write will do a new allocation and expand the size of the buffer if needed.
// Returns the offset of the end of the write.
size_t DataBuffer::Write(size_t index, const uint8_t* val, size_t count) {
assert(val);
if (index + count > len_) {
size_t newlen = index + count;
uint8_t* tmp = new uint8_t[newlen]; // Always > 0.
if (data_) {
memcpy(static_cast<void*>(tmp), static_cast<const void*>(data_), len_);
}
if (index > len_) {
memset(static_cast<void*>(tmp + len_), 0, index - len_);
}
delete[] data_;
data_ = tmp;
len_ = newlen;
}
if (data_) {
memcpy(static_cast<void*>(data_ + index), static_cast<const void*>(val),
count);
}
return index + count;
}
// Write an integer, also performing host-to-network order conversion.
// Returns the offset of the end of the write.
size_t DataBuffer::Write(size_t index, uint32_t val, size_t count) {
assert(count <= sizeof(uint32_t));
uint32_t nvalue = htonl(val);
auto* addr = reinterpret_cast<const uint8_t*>(&nvalue);
return Write(index, addr + sizeof(uint32_t) - count, count);
}
// This can't use the same trick as Write(), since we might be reading from a
// smaller data source.
bool DataBuffer::Read(size_t index, size_t count, uint32_t* val) const {
assert(count < sizeof(uint32_t));
assert(val);
if ((index > len()) || (count > (len() - index))) {
return false;
}
*val = 0;
for (size_t i = 0; i < count; ++i) {
*val = (*val << 8) | data()[index + i];
}
return true;
}
void DataBuffer::Splice(const uint8_t* ins, size_t ins_len, size_t index,
size_t remove) {
assert(ins);
uint8_t* old_value = data_;
size_t old_len = len_;
// The amount of stuff remaining from the tail of the old.
size_t tail_len = old_len - (std::min)(old_len, index + remove);
// The new length: the head of the old, the new, and the tail of the old.
len_ = index + ins_len + tail_len;
data_ = new uint8_t[len_ ? len_ : 1];
// The head of the old.
if (old_value) {
Write(0, old_value, (std::min)(old_len, index));
}
// Maybe a gap.
if (old_value && index > old_len) {
memset(old_value + index, 0, index - old_len);
}
// The new.
Write(index, ins, ins_len);
// The tail of the old.
if (tail_len > 0) {
Write(index + ins_len, old_value + index + remove, tail_len);
}
delete[] old_value;
}
size_t DataBuffer::logging_limit = 32;
/* static */ void DataBuffer::SetLogLimit(size_t limit) {
DataBuffer::logging_limit = limit;
}
} // namespace nss_test

101
security/nss/cpputil/databuffer.h
View File

@ -8,17 +8,9 @@
#define databuffer_h__
#include <algorithm>
#include <cassert>
#include <cstring>
#include <iomanip>
#include <iostream>
#if defined(WIN32) || defined(WIN64)
#include <winsock2.h>
#else
#include <arpa/inet.h>
#endif
extern bool g_ssl_gtest_verbose;
namespace nss_test {
@ -50,69 +42,22 @@ class DataBuffer {
void Assign(const DataBuffer& other) { Assign(other.data(), other.len()); }
void Assign(const uint8_t* data, size_t len) {
if (data) {
Allocate(len);
memcpy(static_cast<void*>(data_), static_cast<const void*>(data), len);
} else {
assert(len == 0);
data_ = nullptr;
len_ = 0;
}
}
void Assign(const uint8_t* data, size_t len);
// Write will do a new allocation and expand the size of the buffer if needed.
// Returns the offset of the end of the write.
size_t Write(size_t index, const uint8_t* val, size_t count) {
assert(val);
if (index + count > len_) {
size_t newlen = index + count;
uint8_t* tmp = new uint8_t[newlen]; // Always > 0.
if (data_) {
memcpy(static_cast<void*>(tmp), static_cast<const void*>(data_), len_);
}
if (index > len_) {
memset(static_cast<void*>(tmp + len_), 0, index - len_);
}
delete[] data_;
data_ = tmp;
len_ = newlen;
}
if (data_) {
memcpy(static_cast<void*>(data_ + index), static_cast<const void*>(val),
count);
}
return index + count;
}
size_t Write(size_t index, const uint8_t* val, size_t count);
size_t Write(size_t index, const DataBuffer& buf) {
return Write(index, buf.data(), buf.len());
}
// Write an integer, also performing host-to-network order conversion.
// Returns the offset of the end of the write.
size_t Write(size_t index, uint32_t val, size_t count) {
assert(count <= sizeof(uint32_t));
uint32_t nvalue = htonl(val);
auto* addr = reinterpret_cast<const uint8_t*>(&nvalue);
return Write(index, addr + sizeof(uint32_t) - count, count);
}
size_t Write(size_t index, uint32_t val, size_t count);
// This can't use the same trick as Write(), since we might be reading from a
// smaller data source.
bool Read(size_t index, size_t count, uint32_t* val) const {
assert(count < sizeof(uint32_t));
assert(val);
if ((index > len()) || (count > (len() - index))) {
return false;
}
*val = 0;
for (size_t i = 0; i < count; ++i) {
*val = (*val << 8) | data()[index + i];
}
return true;
}
bool Read(size_t index, size_t count, uint32_t* val) const;
// Starting at |index|, remove |remove| bytes and replace them with the
// contents of |buf|.
void Splice(const DataBuffer& buf, size_t index, size_t remove = 0) {
@ -120,35 +65,7 @@ class DataBuffer {
}
void Splice(const uint8_t* ins, size_t ins_len, size_t index,
size_t remove = 0) {
assert(ins);
uint8_t* old_value = data_;
size_t old_len = len_;
// The amount of stuff remaining from the tail of the old.
size_t tail_len = old_len - (std::min)(old_len, index + remove);
// The new length: the head of the old, the new, and the tail of the old.
len_ = index + ins_len + tail_len;
data_ = new uint8_t[len_ ? len_ : 1];
// The head of the old.
if (old_value) {
Write(0, old_value, (std::min)(old_len, index));
}
// Maybe a gap.
if (old_value && index > old_len) {
memset(old_value + index, 0, index - old_len);
}
// The new.
Write(index, ins, ins_len);
// The tail of the old.
if (tail_len > 0) {
Write(index + ins_len, old_value + index + remove, tail_len);
}
delete[] old_value;
}
size_t remove = 0);
void Append(const DataBuffer& buf) { Splice(buf, len_); }
const uint8_t* data() const { return data_; }
@ -156,17 +73,19 @@ class DataBuffer {
size_t len() const { return len_; }
bool empty() const { return len_ == 0; }
static void SetLogLimit(size_t limit);
friend std::ostream& operator<<(std::ostream& stream, const DataBuffer& buf);
private:
static size_t logging_limit;
uint8_t* data_;
size_t len_;
};
static const size_t kMaxBufferPrint = 32;
inline std::ostream& operator<<(std::ostream& stream, const DataBuffer& buf) {
stream << "[" << buf.len() << "] ";
for (size_t i = 0; i < buf.len(); ++i) {
if (!g_ssl_gtest_verbose && i >= kMaxBufferPrint) {
if (i >= DataBuffer::logging_limit) {
stream << "...";
break;
}

1
security/nss/cpputil/manifest.mn
View File

@ -13,6 +13,7 @@ CPPSRCS = \
$(NULL)
else
CPPSRCS = \
databuffer.cc \
dummy_io.cc \
dummy_io_fwd.cc \
tls_parser.cc \

10
security/nss/doc/certutil.xml
View File

@ -455,6 +455,16 @@ of the attribute codes:
<listitem><para>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</para></listitem>
</varlistentry>
<varlistentry>
<term>--pss</term>
<listitem><para>Restrict the generated certificate (with the <option>-S</option> option) or certificate request (with the <option>-R</option> option) to be used with the RSA-PSS signature scheme. This only works when the private key of the certificate or certificate request is RSA.</para></listitem>
</varlistentry>
<varlistentry>
<term>--pss-sign</term>
<listitem><para>Sign the generated certificate with the RSA-PSS signature scheme (with the <option>-C</option> or <option>-S</option> option). This only works when the private key of the signer's certificate is RSA. If the signer's certificate is restricted to RSA-PSS, it is not necessary to specify this option.</para></listitem>
</varlistentry>
<varlistentry>
<term>-z noise-file</term>
<listitem><para>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.</para></listitem>

43
security/nss/doc/html/certutil.html
View File

@ -1,4 +1,4 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil — Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm139774553663312"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil — Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code> [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm140440587239488"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
</p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Certificate Database Tool, <span class="command"><strong>certutil</strong></span>, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.</p><p>Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the <span class="command"><strong>modutil</strong></span> manpage.</p></div><div class="refsection"><a name="options"></a><h2>Command Options and Arguments</h2><p>Running <span class="command"><strong>certutil</strong></span> always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option <code class="option">-H</code> will list all the command options and their relevant arguments.</p><p><span class="command"><strong>Command Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A </span></dt><dd><p>Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.</p></dd><dt><span class="term">-B</span></dt><dd><p>Run a series of commands from the specified batch file. This requires the <code class="option">-i</code> argument.</p></dd><dt><span class="term">-C </span></dt><dd><p>Create a new binary certificate file from a binary certificate request file. Use the <code class="option">-i</code> argument to specify the certificate request file. If this argument is not used, <span class="command"><strong>certutil</strong></span> prompts for a filename. </p></dd><dt><span class="term">-D </span></dt><dd><p>Delete a certificate from the certificate database.</p></dd><dt><span class="term">--rename </span></dt><dd><p>Change the database nickname of a certificate.</p></dd><dt><span class="term">-E </span></dt><dd><p>Add an email certificate to the certificate database.</p></dd><dt><span class="term">-F</span></dt><dd><p>Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the
<code class="option">-d</code> argument. Use the <code class="option">-k</code> argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the <code class="option">-k</code> argument, the option looks for an RSA key matching the specified nickname.
</p><p>
@ -20,25 +20,26 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their
duplicate nicknames. Giving a key type generates a new key pair;
giving the ID of an existing key reuses that key pair (which is
required to renew certificates).
</p></dd><dt><span class="term">-l </span></dt><dd><p>Display detailed information when validating a certificate with the -V option.</p></dd><dt><span class="term">-m serial-number</span></dt><dd><p>Assign a unique serial number to a certificate being created. This operation should be performed by a CA. If no serial number is provided a default serial number is made from the current time. Serial numbers are limited to integers </p></dd><dt><span class="term">-n nickname</span></dt><dd><p>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-o output-file</span></dt><dd><p>Specify the output file name for new certificates or binary certificate requests. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.</p></dd><dt><span class="term">-P dbPrefix</span></dt><dd><p>Specify the prefix used on the certificate and key database file. This argument is provided to support legacy servers. Most applications do not use a database prefix.</p></dd><dt><span class="term">-p phone</span></dt><dd><p>Specify a contact telephone number to include in new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-q pqgfile or curve-name</span></dt><dd><p>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <span class="command"><strong>certutil</strong></span> generates its own PQG value. PQG files are created with a separate DSA utility.</p><p>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</p><p>If a token is available that supports more curves, the foolowing curves are supported as well:
sect163k1, nistk163, sect163r1, sect163r2,
nistb163, sect193r1, sect193r2, sect233k1, nistk233,
sect233r1, nistb233, sect239k1, sect283k1, nistk283,
sect283r1, nistb283, sect409k1, nistk409, sect409r1,
nistb409, sect571k1, nistk571, sect571r1, nistb571,
secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
nistp192, secp224k1, secp224r1, nistp224, secp256k1,
secp256r1, secp384r1, secp521r1,
prime192v1, prime192v2, prime192v3,
prime239v1, prime239v2, prime239v3, c2pnb163v1,
c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,
c2tnb191v2, c2tnb191v3,
c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,
c2pnb272w1, c2pnb304w1,
c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,
secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,
sect131r1, sect131r2</p>
</dd><dt><span class="term">-r </span></dt><dd><p>Display a certificate's binary DER encoding when listing information about that certificate with the -L option.</p></dd><dt><span class="term">-s subject</span></dt><dd><p>Identify a particular certificate owner for new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces. The subject identification format follows RFC #1485.</p></dd><dt><span class="term">-t trustargs</span></dt><dd><p>Specify the trust attributes to modify in an existing certificate or to apply to a certificate when creating it or adding it to a database. There are three available trust categories for each certificate, expressed in the order <span class="emphasis"><em>SSL, email, object signing</em></span> for each trust setting. In each category position, use none, any, or all
</p></dd><dt><span class="term">-l </span></dt><dd><p>Display detailed information when validating a certificate with the -V option.</p></dd><dt><span class="term">-m serial-number</span></dt><dd><p>Assign a unique serial number to a certificate being created. This operation should be performed by a CA. If no serial number is provided a default serial number is made from the current time. Serial numbers are limited to integers </p></dd><dt><span class="term">-n nickname</span></dt><dd><p>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-o output-file</span></dt><dd><p>Specify the output file name for new certificates or binary certificate requests. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.</p></dd><dt><span class="term">-P dbPrefix</span></dt><dd><p>Specify the prefix used on the certificate and key database file. This argument is provided to support legacy servers. Most applications do not use a database prefix.</p></dd><dt><span class="term">-p phone</span></dt><dd><p>Specify a contact telephone number to include in new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-q pqgfile or curve-name</span></dt><dd><p>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <span class="command"><strong>certutil</strong></span> generates its own PQG value. PQG files are created with a separate DSA utility.</p><p>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</p><p>
If a token is available that supports more curves, the foolowing curves are supported as well:
sect163k1, nistk163, sect163r1, sect163r2,
nistb163, sect193r1, sect193r2, sect233k1, nistk233,
sect233r1, nistb233, sect239k1, sect283k1, nistk283,
sect283r1, nistb283, sect409k1, nistk409, sect409r1,
nistb409, sect571k1, nistk571, sect571r1, nistb571,
secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
nistp192, secp224k1, secp224r1, nistp224, secp256k1,
secp256r1, secp384r1, secp521r1,
prime192v1, prime192v2, prime192v3,
prime239v1, prime239v2, prime239v3, c2pnb163v1,
c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,
c2tnb191v2, c2tnb191v3,
c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,
c2pnb272w1, c2pnb304w1,
c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,
secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,
sect131r1, sect131r2
</p></dd><dt><span class="term">-r </span></dt><dd><p>Display a certificate's binary DER encoding when listing information about that certificate with the -L option.</p></dd><dt><span class="term">-s subject</span></dt><dd><p>Identify a particular certificate owner for new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces. The subject identification format follows RFC #1485.</p></dd><dt><span class="term">-t trustargs</span></dt><dd><p>Specify the trust attributes to modify in an existing certificate or to apply to a certificate when creating it or adding it to a database. There are three available trust categories for each certificate, expressed in the order <span class="emphasis"><em>SSL, email, object signing</em></span> for each trust setting. In each category position, use none, any, or all
of the attribute codes:
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
<span class="command"><strong>p</strong></span> - Valid peer
@ -59,7 +60,7 @@ of the attribute codes:
the certificate or adding it to a database. Express the offset in integers,
using a minus sign (-) to indicate a negative offset. If this argument is
not used, the validity period begins at the current system time. The length
of the validity period is set with the -v argument. </p></dd><dt><span class="term">-X </span></dt><dd><p>Force the key and certificate database to open in read-write mode. This is used with the <code class="option">-U</code> and <code class="option">-L</code> command options.</p></dd><dt><span class="term">-x </span></dt><dd><p>Use <span class="command"><strong>certutil</strong></span> to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.</p></dd><dt><span class="term">-y exp</span></dt><dd><p>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</p></dd><dt><span class="term">-z noise-file</span></dt><dd><p>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.</p></dd><dt><span class="term">-Z hashAlg</span></dt><dd><p>Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>MD2</p></li><li class="listitem"><p>MD4</p></li><li class="listitem"><p>MD5</p></li><li class="listitem"><p>SHA1</p></li><li class="listitem"><p>SHA224</p></li><li class="listitem"><p>SHA256</p></li><li class="listitem"><p>SHA384</p></li><li class="listitem"><p>SHA512</p></li></ul></div></dd><dt><span class="term">-0 SSO_password</span></dt><dd><p>Set a site security officer password on a token.</p></dd><dt><span class="term">-1 | --keyUsage keyword,keyword</span></dt><dd><p>Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
of the validity period is set with the -v argument. </p></dd><dt><span class="term">-X </span></dt><dd><p>Force the key and certificate database to open in read-write mode. This is used with the <code class="option">-U</code> and <code class="option">-L</code> command options.</p></dd><dt><span class="term">-x </span></dt><dd><p>Use <span class="command"><strong>certutil</strong></span> to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.</p></dd><dt><span class="term">-y exp</span></dt><dd><p>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</p></dd><dt><span class="term">--pss</span></dt><dd><p>Restrict the generated certificate (with the <code class="option">-S</code> option) or certificate request (with the <code class="option">-R</code> option) to be used with the RSA-PSS signature scheme. This only works when the private key of the certificate or certificate request is RSA.</p></dd><dt><span class="term">--pss-sign</span></dt><dd><p>Sign the generated certificate with the RSA-PSS signature scheme (with the <code class="option">-C</code> or <code class="option">-S</code> option). This only works when the private key of the signer's certificate is RSA. If the signer's certificate is restricted to RSA-PSS, it is not necessary to specify this option.</p></dd><dt><span class="term">-z noise-file</span></dt><dd><p>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.</p></dd><dt><span class="term">-Z hashAlg</span></dt><dd><p>Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>MD2</p></li><li class="listitem"><p>MD4</p></li><li class="listitem"><p>MD5</p></li><li class="listitem"><p>SHA1</p></li><li class="listitem"><p>SHA224</p></li><li class="listitem"><p>SHA256</p></li><li class="listitem"><p>SHA384</p></li><li class="listitem"><p>SHA512</p></li></ul></div></dd><dt><span class="term">-0 SSO_password</span></dt><dd><p>Set a site security officer password on a token.</p></dd><dt><span class="term">-1 | --keyUsage keyword,keyword</span></dt><dd><p>Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
digitalSignature
</p></li><li class="listitem"><p>
nonRepudiation

12
security/nss/doc/html/pk12util.html
View File

@ -1,6 +1,6 @@
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PK12UTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PK12UTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PK12UTIL</th></tr></table><hr></div><div class="refentry"><a name="pk12util"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pk12util</code> [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p></div></div><div class="refsection"><a name="idm233250345408"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
</p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The PKCS #12 utility, <span class="command"><strong>pk12util</strong></span>, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i p12file</span></dt><dd><p>Import keys and certificates from a PKCS#12 file into a security database.</p></dd><dt><span class="term">-l p12file</span></dt><dd><p>List the keys and certificates in PKCS#12 file.</p></dd><dt><span class="term">-o p12file</span></dt><dd><p>Export keys and certificates from the security database to a PKCS#12 file.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-c keyCipher</span></dt><dd><p>Specify the key encryption algorithm.</p></dd><dt><span class="term">-C certCipher</span></dt><dd><p>Specify the key cert (overall package) encryption algorithm.</p></dd><dt><span class="term">-d [sql:]directory</span></dt><dd><p>Specify the database directory into which to import to or export from certificates and keys.</p><p><span class="command"><strong>pk12util</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of the token to import into or export from.</p></dd><dt><span class="term">-k slotPasswordFile</span></dt><dd><p>Specify the text file containing the slot's password.</p></dd><dt><span class="term">-K slotPassword</span></dt><dd><p>Specify the slot's password.</p></dd><dt><span class="term">-m | --key-len keyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the private key.</p></dd><dt><span class="term">-n | --cert-key-len certKeyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</p></dd><dt><span class="term">-n certname</span></dt><dd><p>Specify the nickname of the cert and private key to export.</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>Specify the prefix used on the certificate and key databases. This option is provided as a special case.
Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-r</span></dt><dd><p>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</p></dd><dt><span class="term">-v </span></dt><dd><p>Enable debug logging when importing.</p></dd><dt><span class="term">-w p12filePasswordFile</span></dt><dd><p>Specify the text file containing the pkcs #12 file password.</p></dd><dt><span class="term">-W p12filePassword</span></dt><dd><p>Specify the pkcs #12 file password.</p></dd></dl></div></div><div class="refsection"><a name="return-codes"></a><h2>Return Codes</h2><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> 0 - No error</p></li><li class="listitem"><p> 1 - User Cancelled</p></li><li class="listitem"><p> 2 - Usage error</p></li><li class="listitem"><p> 6 - NLS init error</p></li><li class="listitem"><p> 8 - Certificate DB open error</p></li><li class="listitem"><p> 9 - Key DB open error</p></li><li class="listitem"><p> 10 - File initialization error</p></li><li class="listitem"><p> 11 - Unicode conversion error</p></li><li class="listitem"><p> 12 - Temporary file creation error</p></li><li class="listitem"><p> 13 - PKCS11 get slot error</p></li><li class="listitem"><p> 14 - PKCS12 decoder start error</p></li><li class="listitem"><p> 15 - error read from import file</p></li><li class="listitem"><p> 16 - pkcs12 decode error</p></li><li class="listitem"><p> 17 - pkcs12 decoder verify error</p></li><li class="listitem"><p> 18 - pkcs12 decoder validate bags error</p></li><li class="listitem"><p> 19 - pkcs12 decoder import bags error</p></li><li class="listitem"><p> 20 - key db conversion version 3 to version 2 error</p></li><li class="listitem"><p> 21 - cert db conversion version 7 to version 5 error</p></li><li class="listitem"><p> 22 - cert and key dbs patch error</p></li><li class="listitem"><p> 23 - get default cert db error</p></li><li class="listitem"><p> 24 - find cert by nickname error</p></li><li class="listitem"><p> 25 - create export context error</p></li><li class="listitem"><p> 26 - PKCS12 add password itegrity error</p></li><li class="listitem"><p> 27 - cert and key Safes creation error</p></li><li class="listitem"><p> 28 - PKCS12 add cert and key error</p></li><li class="listitem"><p> 29 - PKCS12 encode error</p></li></ul></div></div><div class="refsection"><a name="examples"></a><h2>Examples</h2><p><span class="command"><strong>Importing Keys and Certificates</strong></span></p><p>The most basic usage of <span class="command"><strong>pk12util</strong></span> for importing a certificate or key is the PKCS#12 input file (<code class="option">-i</code>) and some way to specify the security database being accessed (either <code class="option">-d</code> for a directory or <code class="option">-h</code> for a token).
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PK12UTIL</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><link rel="home" href="index.html" title="PK12UTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PK12UTIL</th></tr></table><hr></div><div class="refentry"><a name="pk12util"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pk12util</code> [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p></div></div><div class="refsection"><a name="idm139975398059856"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
</p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The PKCS #12 utility, <span class="command"><strong>pk12util</strong></span>, enables sharing certificates among any server that supports PKCS #12. The tool can import certificates and keys from PKCS #12 files into security databases, export certificates, and list certificates and keys.</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i p12file</span></dt><dd><p>Import keys and certificates from a PKCS #12 file into a security database.</p></dd><dt><span class="term">-l p12file</span></dt><dd><p>List the keys and certificates in PKCS #12 file.</p></dd><dt><span class="term">-o p12file</span></dt><dd><p>Export keys and certificates from the security database to a PKCS #12 file.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-c keyCipher</span></dt><dd><p>Specify the key encryption algorithm.</p></dd><dt><span class="term">-C certCipher</span></dt><dd><p>Specify the certiticate encryption algorithm.</p></dd><dt><span class="term">-d [sql:]directory</span></dt><dd><p>Specify the database directory into which to import to or export from certificates and keys.</p><p><span class="command"><strong>pk12util</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of the token to import into or export from.</p></dd><dt><span class="term">-k slotPasswordFile</span></dt><dd><p>Specify the text file containing the slot's password.</p></dd><dt><span class="term">-K slotPassword</span></dt><dd><p>Specify the slot's password.</p></dd><dt><span class="term">-m | --key-len keyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the private key.</p></dd><dt><span class="term">-n | --cert-key-len certKeyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</p></dd><dt><span class="term">-n certname</span></dt><dd><p>Specify the nickname of the cert and private key to export.</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>Specify the prefix used on the certificate and key databases. This option is provided as a special case.
Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-r</span></dt><dd><p>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</p></dd><dt><span class="term">-v </span></dt><dd><p>Enable debug logging when importing.</p></dd><dt><span class="term">-w p12filePasswordFile</span></dt><dd><p>Specify the text file containing the pkcs #12 file password.</p></dd><dt><span class="term">-W p12filePassword</span></dt><dd><p>Specify the pkcs #12 file password.</p></dd></dl></div></div><div class="refsection"><a name="return-codes"></a><h2>Return Codes</h2><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> 0 - No error</p></li><li class="listitem"><p> 1 - User Cancelled</p></li><li class="listitem"><p> 2 - Usage error</p></li><li class="listitem"><p> 6 - NLS init error</p></li><li class="listitem"><p> 8 - Certificate DB open error</p></li><li class="listitem"><p> 9 - Key DB open error</p></li><li class="listitem"><p> 10 - File initialization error</p></li><li class="listitem"><p> 11 - Unicode conversion error</p></li><li class="listitem"><p> 12 - Temporary file creation error</p></li><li class="listitem"><p> 13 - PKCS11 get slot error</p></li><li class="listitem"><p> 14 - PKCS12 decoder start error</p></li><li class="listitem"><p> 15 - error read from import file</p></li><li class="listitem"><p> 16 - pkcs12 decode error</p></li><li class="listitem"><p> 17 - pkcs12 decoder verify error</p></li><li class="listitem"><p> 18 - pkcs12 decoder validate bags error</p></li><li class="listitem"><p> 19 - pkcs12 decoder import bags error</p></li><li class="listitem"><p> 20 - key db conversion version 3 to version 2 error</p></li><li class="listitem"><p> 21 - cert db conversion version 7 to version 5 error</p></li><li class="listitem"><p> 22 - cert and key dbs patch error</p></li><li class="listitem"><p> 23 - get default cert db error</p></li><li class="listitem"><p> 24 - find cert by nickname error</p></li><li class="listitem"><p> 25 - create export context error</p></li><li class="listitem"><p> 26 - PKCS12 add password itegrity error</p></li><li class="listitem"><p> 27 - cert and key Safes creation error</p></li><li class="listitem"><p> 28 - PKCS12 add cert and key error</p></li><li class="listitem"><p> 29 - PKCS12 encode error</p></li></ul></div></div><div class="refsection"><a name="examples"></a><h2>Examples</h2><p><span class="command"><strong>Importing Keys and Certificates</strong></span></p><p>The most basic usage of <span class="command"><strong>pk12util</strong></span> for importing a certificate or key is the PKCS #12 input file (<code class="option">-i</code>) and some way to specify the security database being accessed (either <code class="option">-d</code> for a directory or <code class="option">-h</code> for a token).
</p><p>
pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
</p><p>For example:</p><p> </p><pre class="programlisting"># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
@ -12,7 +12,7 @@ and should contain at least one non-alphabetic character.
Enter new password:
Re-enter password:
Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL</pre><p><span class="command"><strong>Exporting Keys and Certificates</strong></span></p><p>Using the <span class="command"><strong>pk12util</strong></span> command to export certificates and keys requires both the name of the certificate to extract from the database (<code class="option">-n</code>) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
pk12util: PKCS12 IMPORT SUCCESSFUL</pre><p><span class="command"><strong>Exporting Keys and Certificates</strong></span></p><p>Using the <span class="command"><strong>pk12util</strong></span> command to export certificates and keys requires both the name of the certificate to extract from the database (<code class="option">-n</code>) and the PKCS #12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
</p><p>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p><p>For example:</p><pre class="programlisting"># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
Enter password for PKCS12 file:
Re-enter password: </pre><p><span class="command"><strong>Listing Keys and Certificates</strong></span></p><p>The information in a <code class="filename">.p12</code> file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the <code class="filename">.p12</code> file.
@ -48,7 +48,7 @@ Key(shrouded):
Certificate Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting
Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
</pre></div><div class="refsection"><a name="encryption"></a><h2>Password Encryption</h2><p>PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</strong></span> for private key encryption. <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 40 Bit RC4</strong></span> is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.</p><p>The private key is always protected with strong encryption by default.</p><p>Several types of ciphers are supported.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">Symmetric CBC ciphers for PKCS#5 V2</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>DES-CBC</p></li><li class="listitem"><p>RC2-CBC</p></li><li class="listitem"><p>RC5-CBCPad</p></li><li class="listitem"><p>DES-EDE3-CBC (the default for key encryption)</p></li><li class="listitem"><p>AES-128-CBC</p></li><li class="listitem"><p>AES-192-CBC</p></li><li class="listitem"><p>AES-256-CBC</p></li><li class="listitem"><p>CAMELLIA-128-CBC</p></li><li class="listitem"><p>CAMELLIA-192-CBC</p></li><li class="listitem"><p>CAMELLIA-256-CBC</p></li></ul></div></dd><dt><span class="term">PKCS#12 PBE ciphers</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #12 PBE with Sha1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and Triple DES CBC</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</p></li></ul></div></dd><dt><span class="term">PKCS#5 PBE ciphers</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #5 Password Based Encryption with MD2 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with MD5 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with SHA1 and DES CBC</p></li></ul></div></dd></dl></div><p>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <span class="emphasis"><em>no security module can perform the requested operation</em></span>.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information.
</pre></div><div class="refsection"><a name="encryption"></a><h2>Password Encryption</h2><p>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using PKCS #12 SHA-1 and 3-key triple DES for private key encryption. When not in FIPS mode, PKCS #12 SHA-1 and 40-bit RC4 is used for certificate encryption. When in FIPS mode, there is no certificate encryption. If certificate encryption is not wanted, specify <strong class="userinput"><code>"NONE"</code></strong> as the argument of the <code class="option">-C</code> option.</p><p>The private key is always protected with strong encryption by default.</p><p>Several types of ciphers are supported.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">PKCS #5 password-based encryption</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PBES2 with AES-CBC-Pad as underlying encryption scheme (<strong class="userinput"><code>"AES-128-CBC"</code></strong>, <strong class="userinput"><code>"AES-192-CBC"</code></strong>, and <strong class="userinput"><code>"AES-256-CBC"</code></strong>)</p></li></ul></div></dd><dt><span class="term">PKCS #12 password-based encryption</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>SHA-1 and 128-bit RC4 (<strong class="userinput"><code>"PKCS #12 V2 PBE With SHA-1 And 128 Bit RC4"</code></strong> or <strong class="userinput"><code>"RC4"</code></strong>)</p></li><li class="listitem"><p>SHA-1 and 40-bit RC4 (<strong class="userinput"><code>"PKCS #12 V2 PBE With SHA-1 And 40 Bit RC4"</code></strong>) (used by default for certificate encryption in non-FIPS mode)</p></li><li class="listitem"><p>SHA-1 and 3-key triple-DES (<strong class="userinput"><code>"PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC"</code></strong> or <strong class="userinput"><code>"DES-EDE3-CBC"</code></strong>)</p></li><li class="listitem"><p>SHA-1 and 128-bit RC2 (<strong class="userinput"><code>"PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC"</code></strong> or <strong class="userinput"><code>"RC2-CBC"</code></strong>)</p></li><li class="listitem"><p>SHA-1 and 40-bit RC2 (<strong class="userinput"><code>"PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2 CBC"</code></strong>)</p></li></ul></div></dd></dl></div><p>With PKCS #12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <span class="emphasis"><em>no security module can perform the requested operation</em></span>.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information.
The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
cert8.db for certificates
</p></li><li class="listitem"><p>
@ -68,7 +68,7 @@ BerkleyDB. These new databases provide more accessibility and performance:</p><d
Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting"># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be set added to the <code class="filename">~/.bashrc</code> file to make the change permanent.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li></ul></div><p>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
https://wiki.mozilla.org/NSS_Shared_DB
</p></li></ul></div></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>certutil (1)</p><p>modutil (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
</p></li></ul></div></div><div class="refsection"><a name="compatibility"></a><h2>Compatibility Notes</h2><p>The exporting behavior of <span class="command"><strong>pk12util</strong></span> has changed over time, while importing files exported with older versions of NSS is still supported.</p><p>Until the 3.30 release, <span class="command"><strong>pk12util</strong></span> used the UTF-16 encoding for the PKCS #5 password-based encryption schemes, while the recommendation is to encode passwords in UTF-8 if the used encryption scheme is defined outside of the PKCS #12 standard.</p><p>Until the 3.31 release, even when <strong class="userinput"><code>"AES-128-CBC"</code></strong> or <strong class="userinput"><code>"AES-192-CBC"</code></strong> is given from the command line, <span class="command"><strong>pk12util</strong></span> always used 256-bit AES as the underlying encryption scheme.</p><p>For historical reasons, <span class="command"><strong>pk12util</strong></span> accepts password-based encryption schemes not listed in this document. However, those schemes are not officially supported and may have issues in interoperability with other tools.</p></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>certutil (1)</p><p>modutil (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li><li class="listitem"><p>
https://wiki.mozilla.org/NSS_Shared_DB
</p></li></ul></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</p><p>

37
security/nss/doc/nroff/certutil.1
View File

@ -1,13 +1,13 @@
'\" t
.\" Title: CERTUTIL
.\" Author: [see the "Authors" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 8 September 2016
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date: 27 October 2017
.\" Manual: NSS Security Tools
.\" Source: nss-tools
.\" Language: English
.\"
.TH "CERTUTIL" "1" "8 September 2016" "nss-tools" "NSS Security Tools"
.TH "CERTUTIL" "1" "27 October 2017" "nss-tools" "NSS Security Tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@ -371,9 +371,9 @@ Read an alternate PQG value from the specified file when generating DSA key pair
\fBcertutil\fR
generates its own PQG value\&. PQG files are created with a separate DSA utility\&.
.sp
Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.
Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519\&.
.sp
If a token is available that supports more curves, the foolowing curves are supported as well: sect163k1, nistk163, sect163r1, sect163r2, nistb163, sect193r1, sect193r2, sect233k1, nistk233, sect233r1, nistb233, sect239k1, sect283k1, nistk283, sect283r1, nistb283, sect409k1, nistk409, sect409r1, nistb409, sect571k1, nistk571, sect571r1, nistb571, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, nistp192, secp224k1, secp224r1, nistp224, secp256k1, secp256r1, secp384r1, secp521r1, prime192v1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, c2pnb163v1, c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1, c2pnb304w1, c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, secp112r2, secp128r1, secp128r2, sect113r1, sect113r2, sect131r1, sect131r2
If a token is available that supports more curves, the foolowing curves are supported as well: sect163k1, nistk163, sect163r1, sect163r2, nistb163, sect193r1, sect193r2, sect233k1, nistk233, sect233r1, nistb233, sect239k1, sect283k1, nistk283, sect283r1, nistb283, sect409k1, nistk409, sect409r1, nistb409, sect571k1, nistk571, sect571r1, nistb571, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, nistp192, secp224k1, secp224r1, nistp224, secp256k1, secp256r1, secp384r1, secp521r1, prime192v1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, c2pnb163v1, c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1, c2pnb304w1, c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, secp112r2, secp128r1, secp128r2, sect113r1, sect113r2, sect131r1, sect131r2
.RE
.PP
\-r
@ -609,6 +609,24 @@ to generate the signature for a certificate being created or added to a database
Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537\&. The available alternate values are 3 and 17\&.
.RE
.PP
\-\-pss
.RS 4
Restrict the generated certificate (with the
\fB\-S\fR
option) or certificate request (with the
\fB\-R\fR
option) to be used with the RSA\-PSS signature scheme\&. This only works when the private key of the certificate or certificate request is RSA\&.
.RE
.PP
\-\-pss\-sign
.RS 4
Sign the generated certificate with the RSA\-PSS signature scheme (with the
\fB\-C\fR
or
\fB\-S\fR
option)\&. This only works when the private key of the signer\*(Aqs certificate is RSA\&. If the signer\*(Aqs certificate is restricted to RSA\-PSS, it is not necessary to specify this option\&.
.RE
.PP
\-z noise\-file
.RS 4
Read a seed value from the specified file to generate a new private and public key pair\&. This argument makes it possible to use hardware\-generated seed values or manually create a value from the keyboard\&. The minimum file size is 20 bytes\&.
@ -1512,7 +1530,8 @@ There are ways to narrow the keys listed in the search results:
.IP \(bu 2.3
.\}
To return a specific key, use the
\fB\-n\fR\fIname\fR
\fB\-n\fR
\fIname\fR
argument with the name of the key\&.
.RE
.sp
@ -1525,7 +1544,8 @@ argument with the name of the key\&.
.IP \(bu 2.3
.\}
If there are multiple security devices loaded, then the
\fB\-h\fR\fItokenname\fR
\fB\-h\fR
\fItokenname\fR
argument can search a specific token or all tokens\&.
.RE
.sp
@ -1538,7 +1558,8 @@ argument can search a specific token or all tokens\&.
.IP \(bu 2.3
.\}
If there are multiple key types available, then the
\fB\-k\fR\fIkey\-type\fR
\fB\-k\fR
\fIkey\-type\fR
argument can search a specific type of key, like RSA, DSA, or ECC\&.
.RE
.PP

279
security/nss/doc/nroff/pk12util.1
View File

@ -1,13 +1,13 @@
'\" t
.\" Title: PK12UTIL
.\" Author: [see the "Authors" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 5 June 2014
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date: 27 October 2017
.\" Manual: NSS Security Tools
.\" Source: nss-tools
.\" Language: English
.\"
.TH "PK12UTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
.TH "PK12UTIL" "1" "27 October 2017" "nss-tools" "NSS Security Tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@ -39,24 +39,24 @@ This documentation is still work in progress\&. Please contribute to the initial
.SH "DESCRIPTION"
.PP
The PKCS #12 utility,
\fBpk12util\fR, enables sharing certificates among any server that supports PKCS#12\&. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys\&.
\fBpk12util\fR, enables sharing certificates among any server that supports PKCS #12\&. The tool can import certificates and keys from PKCS #12 files into security databases, export certificates, and list certificates and keys\&.
.SH "OPTIONS AND ARGUMENTS"
.PP
\fBOptions\fR
.PP
\-i p12file
.RS 4
Import keys and certificates from a PKCS#12 file into a security database\&.
Import keys and certificates from a PKCS #12 file into a security database\&.
.RE
.PP
\-l p12file
.RS 4
List the keys and certificates in PKCS#12 file\&.
List the keys and certificates in PKCS #12 file\&.
.RE
.PP
\-o p12file
.RS 4
Export keys and certificates from the security database to a PKCS#12 file\&.
Export keys and certificates from the security database to a PKCS #12 file\&.
.RE
.PP
\fBArguments\fR
@ -68,7 +68,7 @@ Specify the key encryption algorithm\&.
.PP
\-C certCipher
.RS 4
Specify the key cert (overall package) encryption algorithm\&.
Specify the certiticate encryption algorithm\&.
.RE
.PP
\-d [sql:]directory
@ -432,7 +432,7 @@ Specify the pkcs #12 file password\&.
.PP
The most basic usage of
\fBpk12util\fR
for importing a certificate or key is the PKCS#12 input file (\fB\-i\fR) and some way to specify the security database being accessed (either
for importing a certificate or key is the PKCS #12 input file (\fB\-i\fR) and some way to specify the security database being accessed (either
\fB\-d\fR
for a directory or
\fB\-h\fR
@ -467,7 +467,7 @@ pk12util: PKCS12 IMPORT SUCCESSFUL
.PP
Using the
\fBpk12util\fR
command to export certificates and keys requires both the name of the certificate to extract from the database (\fB\-n\fR) and the PKCS#12\-formatted output file to write to\&. There are optional parameters that can be used to encrypt the file to protect the certificate material\&.
command to export certificates and keys requires both the name of the certificate to extract from the database (\fB\-n\fR) and the PKCS #12\-formatted output file to write to\&. There are optional parameters that can be used to encrypt the file to protect the certificate material\&.
.PP
pk12util \-o p12File \-n certname [\-c keyCipher] [\-C certCipher] [\-m|\-\-key_len keyLen] [\-n|\-\-cert_key_len certKeyLen] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword]
.PP
@ -559,17 +559,17 @@ Certificate Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pt
.\}
.SH "PASSWORD ENCRYPTION"
.PP
PKCS#12 provides for not only the protection of the private keys but also the certificate and meta\-data associated with the keys\&. Password\-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package\&. If no algorithm is specified, the tool defaults to using
\fBPKCS12 V2 PBE with SHA1 and 3KEY Triple DES\-cbc\fR
for private key encryption\&.
\fBPKCS12 V2 PBE with SHA1 and 40 Bit RC4\fR
is the default for the overall package encryption when not in FIPS mode\&. When in FIPS mode, there is no package encryption\&.
PKCS #12 provides for not only the protection of the private keys but also the certificate and meta\-data associated with the keys\&. Password\-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates\&. If no algorithm is specified, the tool defaults to using PKCS #12 SHA\-1 and 3\-key triple DES for private key encryption\&. When not in FIPS mode, PKCS #12 SHA\-1 and 40\-bit RC4 is used for certificate encryption\&. When in FIPS mode, there is no certificate encryption\&. If certificate encryption is not wanted, specify
\fB"NONE"\fR
as the argument of the
\fB\-C\fR
option\&.
.PP
The private key is always protected with strong encryption by default\&.
.PP
Several types of ciphers are supported\&.
.PP
Symmetric CBC ciphers for PKCS#5 V2
PKCS #5 password\-based encryption
.RS 4
.sp
.RS 4
@ -580,110 +580,13 @@ Symmetric CBC ciphers for PKCS#5 V2
.sp -1
.IP \(bu 2.3
.\}
DES\-CBC
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
RC2\-CBC
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
RC5\-CBCPad
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
DES\-EDE3\-CBC (the default for key encryption)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
AES\-128\-CBC
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
AES\-192\-CBC
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
AES\-256\-CBC
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
CAMELLIA\-128\-CBC
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
CAMELLIA\-192\-CBC
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
CAMELLIA\-256\-CBC
PBES2 with AES\-CBC\-Pad as underlying encryption scheme (\fB"AES\-128\-CBC"\fR,
\fB"AES\-192\-CBC"\fR, and
\fB"AES\-256\-CBC"\fR)
.RE
.RE
.PP
PKCS#12 PBE ciphers
PKCS #12 password\-based encryption
.RS 4
.sp
.RS 4
@ -694,7 +597,9 @@ PKCS#12 PBE ciphers
.sp -1
.IP \(bu 2.3
.\}
PKCS #12 PBE with Sha1 and 128 Bit RC4
SHA\-1 and 128\-bit RC4 (\fB"PKCS #12 V2 PBE With SHA\-1 And 128 Bit RC4"\fR
or
\fB"RC4"\fR)
.RE
.sp
.RS 4
@ -705,7 +610,7 @@ PKCS #12 PBE with Sha1 and 128 Bit RC4
.sp -1
.IP \(bu 2.3
.\}
PKCS #12 PBE with Sha1 and 40 Bit RC4
SHA\-1 and 40\-bit RC4 (\fB"PKCS #12 V2 PBE With SHA\-1 And 40 Bit RC4"\fR) (used by default for certificate encryption in non\-FIPS mode)
.RE
.sp
.RS 4
@ -716,7 +621,9 @@ PKCS #12 PBE with Sha1 and 40 Bit RC4
.sp -1
.IP \(bu 2.3
.\}
PKCS #12 PBE with Sha1 and Triple DES CBC
SHA\-1 and 3\-key triple\-DES (\fB"PKCS #12 V2 PBE With SHA\-1 And 3KEY Triple DES\-CBC"\fR
or
\fB"DES\-EDE3\-CBC"\fR)
.RE
.sp
.RS 4
@ -727,7 +634,9 @@ PKCS #12 PBE with Sha1 and Triple DES CBC
.sp -1
.IP \(bu 2.3
.\}
PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC
SHA\-1 and 128\-bit RC2 (\fB"PKCS #12 V2 PBE With SHA\-1 And 128 Bit RC2 CBC"\fR
or
\fB"RC2\-CBC"\fR)
.RE
.sp
.RS 4
@ -738,114 +647,11 @@ PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC
.sp -1
.IP \(bu 2.3
.\}
PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
PKCS12 V2 PBE with SHA1 and 128 Bit RC4
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non\-FIPS mode)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
PKCS12 V2 PBE with SHA1 and 3KEY Triple DES\-cbc
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
PKCS12 V2 PBE with SHA1 and 2KEY Triple DES\-cbc
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC
SHA\-1 and 40\-bit RC2 (\fB"PKCS #12 V2 PBE With SHA\-1 And 40 Bit RC2 CBC"\fR)
.RE
.RE
.PP
PKCS#5 PBE ciphers
.RS 4
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
PKCS #5 Password Based Encryption with MD2 and DES CBC
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
PKCS #5 Password Based Encryption with MD5 and DES CBC
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
PKCS #5 Password Based Encryption with SHA1 and DES CBC
.RE
.RE
.PP
With PKCS#12, the crypto provider may be the soft token module or an external hardware module\&. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default)\&. If no suitable replacement for the desired algorithm can be found, the tool returns the error
With PKCS #12, the crypto provider may be the soft token module or an external hardware module\&. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default)\&. If no suitable replacement for the desired algorithm can be found, the tool returns the error
\fIno security module can perform the requested operation\fR\&.
.SH "NSS DATABASE TYPES"
.PP
@ -987,6 +793,27 @@ For an engineering draft on the changes in the shared NSS databases, see the NSS
.\}
https://wiki\&.mozilla\&.org/NSS_Shared_DB
.RE
.SH "COMPATIBILITY NOTES"
.PP
The exporting behavior of
\fBpk12util\fR
has changed over time, while importing files exported with older versions of NSS is still supported\&.
.PP
Until the 3\&.30 release,
\fBpk12util\fR
used the UTF\-16 encoding for the PKCS #5 password\-based encryption schemes, while the recommendation is to encode passwords in UTF\-8 if the used encryption scheme is defined outside of the PKCS #12 standard\&.
.PP
Until the 3\&.31 release, even when
\fB"AES\-128\-CBC"\fR
or
\fB"AES\-192\-CBC"\fR
is given from the command line,
\fBpk12util\fR
always used 256\-bit AES as the underlying encryption scheme\&.
.PP
For historical reasons,
\fBpk12util\fR
accepts password\-based encryption schemes not listed in this document\&. However, those schemes are not officially supported and may have issues in interoperability with other tools\&.
.SH "SEE ALSO"
.PP
certutil (1)

74
security/nss/doc/pk12util.xml
View File

@ -46,7 +46,7 @@
<refsection id="description">
<title>Description</title>
<para>The PKCS #12 utility, <command>pk12util</command>, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.</para>
<para>The PKCS #12 utility, <command>pk12util</command>, enables sharing certificates among any server that supports PKCS #12. The tool can import certificates and keys from PKCS #12 files into security databases, export certificates, and list certificates and keys.</para>
</refsection>
<refsection id="options">
@ -55,17 +55,17 @@
<variablelist>
<varlistentry>
<term>-i p12file</term>
<listitem><para>Import keys and certificates from a PKCS#12 file into a security database.</para></listitem>
<listitem><para>Import keys and certificates from a PKCS #12 file into a security database.</para></listitem>
</varlistentry>
<varlistentry>
<term>-l p12file</term>
<listitem><para>List the keys and certificates in PKCS#12 file.</para></listitem>
<listitem><para>List the keys and certificates in PKCS #12 file.</para></listitem>
</varlistentry>
<varlistentry>
<term>-o p12file</term>
<listitem><para>Export keys and certificates from the security database to a PKCS#12 file.</para></listitem>
<listitem><para>Export keys and certificates from the security database to a PKCS #12 file.</para></listitem>
</varlistentry>
</variablelist>
@ -78,7 +78,7 @@
<varlistentry>
<term>-C certCipher</term>
<listitem><para>Specify the key cert (overall package) encryption algorithm.</para></listitem>
<listitem><para>Specify the certiticate encryption algorithm.</para></listitem>
</varlistentry>
<varlistentry>
@ -233,7 +233,7 @@
<refsection id="examples">
<title>Examples</title>
<para><command>Importing Keys and Certificates</command></para>
<para>The most basic usage of <command>pk12util</command> for importing a certificate or key is the PKCS#12 input file (<option>-i</option>) and some way to specify the security database being accessed (either <option>-d</option> for a directory or <option>-h</option> for a token).
<para>The most basic usage of <command>pk12util</command> for importing a certificate or key is the PKCS #12 input file (<option>-i</option>) and some way to specify the security database being accessed (either <option>-d</option> for a directory or <option>-h</option> for a token).
</para>
<para>
pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
@ -252,7 +252,7 @@ Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL</programlisting>
<para><command>Exporting Keys and Certificates</command></para>
<para>Using the <command>pk12util</command> command to export certificates and keys requires both the name of the certificate to extract from the database (<option>-n</option>) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
<para>Using the <command>pk12util</command> command to export certificates and keys requires both the name of the certificate to extract from the database (<option>-n</option>) and the PKCS #12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
</para>
<para>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</para>
<para>For example:</para>
@ -304,58 +304,34 @@ Certificate Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) L
<refsection id="encryption">
<title>Password Encryption</title>
<para>PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using <command>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</command> for private key encryption. <command>PKCS12 V2 PBE with SHA1 and 40 Bit RC4</command> is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.</para>
<para>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using PKCS #12 SHA-1 and 3-key triple DES for private key encryption. When not in FIPS mode, PKCS #12 SHA-1 and 40-bit RC4 is used for certificate encryption. When in FIPS mode, there is no certificate encryption. If certificate encryption is not wanted, specify <userinput>"NONE"</userinput> as the argument of the <option>-C</option> option.</para>
<para>The private key is always protected with strong encryption by default.</para>
<para>Several types of ciphers are supported.</para>
<variablelist>
<varlistentry>
<term>Symmetric CBC ciphers for PKCS#5 V2</term>
<term>PKCS #5 password-based encryption</term>
<listitem>
<itemizedlist>
<listitem><para>DES-CBC</para></listitem>
<listitem><para>RC2-CBC</para></listitem>
<listitem><para>RC5-CBCPad</para></listitem>
<listitem><para>DES-EDE3-CBC (the default for key encryption)</para></listitem>
<listitem><para>AES-128-CBC</para></listitem>
<listitem><para>AES-192-CBC</para></listitem>
<listitem><para>AES-256-CBC</para></listitem>
<listitem><para>CAMELLIA-128-CBC</para></listitem>
<listitem><para>CAMELLIA-192-CBC</para></listitem>
<listitem><para>CAMELLIA-256-CBC</para></listitem>
</itemizedlist>
<itemizedlist>
<listitem><para>PBES2 with AES-CBC-Pad as underlying encryption scheme (<userinput>"AES-128-CBC"</userinput>, <userinput>"AES-192-CBC"</userinput>, and <userinput>"AES-256-CBC"</userinput>)</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>PKCS#12 PBE ciphers</term>
<term>PKCS #12 password-based encryption</term>
<listitem>
<itemizedlist>
<listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC4</para></listitem>
<listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC4</para></listitem>
<listitem><para>PKCS #12 PBE with Sha1 and Triple DES CBC</para></listitem>
<listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</para></listitem>
<listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</para></listitem>
<listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</para></listitem>
<listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</para></listitem>
<listitem><para>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</para></listitem>
<listitem><para>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</para></listitem>
<listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</para></listitem>
<listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry><term>PKCS#5 PBE ciphers</term>
<listitem>
<itemizedlist>
<listitem><para>PKCS #5 Password Based Encryption with MD2 and DES CBC</para></listitem>
<listitem><para>PKCS #5 Password Based Encryption with MD5 and DES CBC</para></listitem>
<listitem><para>PKCS #5 Password Based Encryption with SHA1 and DES CBC</para></listitem>
</itemizedlist>
<itemizedlist>
<listitem><para>SHA-1 and 128-bit RC4 (<userinput>"PKCS #12 V2 PBE With SHA-1 And 128 Bit RC4"</userinput> or <userinput>"RC4"</userinput>)</para></listitem>
<listitem><para>SHA-1 and 40-bit RC4 (<userinput>"PKCS #12 V2 PBE With SHA-1 And 40 Bit RC4"</userinput>) (used by default for certificate encryption in non-FIPS mode)</para></listitem>
<listitem><para>SHA-1 and 3-key triple-DES (<userinput>"PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC"</userinput> or <userinput>"DES-EDE3-CBC"</userinput>)</para></listitem>
<listitem><para>SHA-1 and 128-bit RC2 (<userinput>"PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC"</userinput> or <userinput>"RC2-CBC"</userinput>)</para></listitem>
<listitem><para>SHA-1 and 40-bit RC2 (<userinput>"PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2 CBC"</userinput>)</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
</variablelist>
<para>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <emphasis>no security module can perform the requested operation</emphasis>.</para>
<para>With PKCS #12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <emphasis>no security module can perform the requested operation</emphasis>.</para>
</refsection>
<refsection id="databases"><title>NSS Database Types</title>
@ -432,6 +408,14 @@ Using the SQLite databases must be manually specified by using the <command>sql:
</itemizedlist>
</refsection>
<refsection id="compatibility">
<title>Compatibility Notes</title>
<para>The exporting behavior of <command>pk12util</command> has changed over time, while importing files exported with older versions of NSS is still supported.</para>
<para>Until the 3.30 release, <command>pk12util</command> used the UTF-16 encoding for the PKCS #5 password-based encryption schemes, while the recommendation is to encode passwords in UTF-8 if the used encryption scheme is defined outside of the PKCS #12 standard.</para>
<para>Until the 3.31 release, even when <userinput>"AES-128-CBC"</userinput> or <userinput>"AES-192-CBC"</userinput> is given from the command line, <command>pk12util</command> always used 256-bit AES as the underlying encryption scheme.</para>
<para>For historical reasons, <command>pk12util</command> accepts password-based encryption schemes not listed in this document. However, those schemes are not officially supported and may have issues in interoperability with other tools.</para>
</refsection>
<refsection id="seealso">
<title>See Also</title>
<para>certutil (1)</para>

1
security/nss/fuzz/tls_mutators.cc
View File

@ -2,6 +2,7 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <algorithm>
#include "shared.h"
#include "tls_parser.h"

43
security/nss/gtests/cryptohi_gtest/Makefile Normal file
View File

@ -0,0 +1,43 @@
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../common/gtest.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################

29
security/nss/gtests/cryptohi_gtest/cryptohi_gtest.gyp Normal file
View File

@ -0,0 +1,29 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../common/gtest.gypi',
],
'targets': [
{
'target_name': 'cryptohi_gtest',
'type': 'executable',
'sources': [
'cryptohi_unittest.cc',
'<(DEPTH)/gtests/common/gtests.cc'
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
'<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
'<(DEPTH)/lib/nss/nss.gyp:nss3',
]
}
],
'variables': {
'module': 'nss'
}
}

373
security/nss/gtests/cryptohi_gtest/cryptohi_unittest.cc Normal file
View File

@ -0,0 +1,373 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <string>
#include "gtest/gtest.h"
#include "scoped_ptrs.h"
#include "cryptohi.h"
#include "secitem.h"
#include "secerr.h"
namespace nss_test {
class SignParamsTestF : public ::testing::Test {
protected:
ScopedPLArenaPool arena_;
ScopedSECKEYPrivateKey privk_;
ScopedSECKEYPublicKey pubk_;
ScopedSECKEYPrivateKey ecPrivk_;
ScopedSECKEYPublicKey ecPubk_;
void SetUp() {
arena_.reset(PORT_NewArena(2048));
SECKEYPublicKey *pubk;
SECKEYPrivateKey *privk = SECKEY_CreateRSAPrivateKey(1024, &pubk, NULL);
ASSERT_NE(nullptr, pubk);
pubk_.reset(pubk);
ASSERT_NE(nullptr, privk);
privk_.reset(privk);
SECKEYECParams ecParams = {siBuffer, NULL, 0};
SECOidData *oidData;
oidData = SECOID_FindOIDByTag(SEC_OID_CURVE25519);
ASSERT_NE(nullptr, oidData);
ASSERT_NE(nullptr,
SECITEM_AllocItem(NULL, &ecParams, (2 + oidData->oid.len)))
<< "Couldn't allocate memory for OID.";
ecParams.data[0] = SEC_ASN1_OBJECT_ID; /* we have to prepend 0x06 */
ecParams.data[1] = oidData->oid.len;
memcpy(ecParams.data + 2, oidData->oid.data, oidData->oid.len);
SECKEYPublicKey *ecPubk;
SECKEYPrivateKey *ecPrivk =
SECKEY_CreateECPrivateKey(&ecParams, &ecPubk, NULL);
ASSERT_NE(nullptr, ecPubk);
ecPubk_.reset(ecPubk);
ASSERT_NE(nullptr, ecPrivk);
ecPrivk_.reset(ecPrivk);
}
void CreatePssParams(SECKEYRSAPSSParams *params, SECOidTag hashAlgTag) {
PORT_Memset(params, 0, sizeof(SECKEYRSAPSSParams));
params->hashAlg = (SECAlgorithmID *)PORT_ArenaZAlloc(
arena_.get(), sizeof(SECAlgorithmID));
ASSERT_NE(nullptr, params->hashAlg);
SECStatus rv =
SECOID_SetAlgorithmID(arena_.get(), params->hashAlg, hashAlgTag, NULL);
ASSERT_EQ(SECSuccess, rv);
}
void CreatePssParams(SECKEYRSAPSSParams *params, SECOidTag hashAlgTag,
SECOidTag maskHashAlgTag) {
CreatePssParams(params, hashAlgTag);
SECAlgorithmID maskHashAlg;
PORT_Memset(&maskHashAlg, 0, sizeof(maskHashAlg));
SECStatus rv =
SECOID_SetAlgorithmID(arena_.get(), &maskHashAlg, maskHashAlgTag, NULL);
ASSERT_EQ(SECSuccess, rv);
SECItem *maskHashAlgItem =
SEC_ASN1EncodeItem(arena_.get(), NULL, &maskHashAlg,
SEC_ASN1_GET(SECOID_AlgorithmIDTemplate));
params->maskAlg = (SECAlgorithmID *)PORT_ArenaZAlloc(
arena_.get(), sizeof(SECAlgorithmID));
ASSERT_NE(nullptr, params->maskAlg);
rv = SECOID_SetAlgorithmID(arena_.get(), params->maskAlg,
SEC_OID_PKCS1_MGF1, maskHashAlgItem);
ASSERT_EQ(SECSuccess, rv);
}
void CreatePssParams(SECKEYRSAPSSParams *params, SECOidTag hashAlgTag,
SECOidTag maskHashAlgTag, unsigned long saltLength) {
CreatePssParams(params, hashAlgTag, maskHashAlgTag);
SECItem *saltLengthItem =
SEC_ASN1EncodeInteger(arena_.get(), &params->saltLength, saltLength);
ASSERT_EQ(&params->saltLength, saltLengthItem);
}
void CheckHashAlg(SECKEYRSAPSSParams *params, SECOidTag hashAlgTag) {
// If hash algorithm is SHA-1, it must be omitted in the parameters
if (hashAlgTag == SEC_OID_SHA1) {
EXPECT_EQ(nullptr, params->hashAlg);
} else {
EXPECT_NE(nullptr, params->hashAlg);
EXPECT_EQ(hashAlgTag, SECOID_GetAlgorithmTag(params->hashAlg));
}
}
void CheckMaskAlg(SECKEYRSAPSSParams *params, SECOidTag hashAlgTag) {
SECStatus rv;
// If hash algorithm is SHA-1, it must be omitted in the parameters
if (hashAlgTag == SEC_OID_SHA1)
EXPECT_EQ(nullptr, params->hashAlg);
else {
EXPECT_NE(nullptr, params->maskAlg);
EXPECT_EQ(SEC_OID_PKCS1_MGF1, SECOID_GetAlgorithmTag(params->maskAlg));
SECAlgorithmID hashAlg;
rv = SEC_QuickDERDecodeItem(arena_.get(), &hashAlg,
SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
&params->maskAlg->parameters);
ASSERT_EQ(SECSuccess, rv);
EXPECT_EQ(hashAlgTag, SECOID_GetAlgorithmTag(&hashAlg));
}
}
void CheckSaltLength(SECKEYRSAPSSParams *params, SECOidTag hashAlg) {
// If the salt length parameter is missing, that means it is 20 (default)
if (!params->saltLength.data) {
return;
}
unsigned long value;
SECStatus rv = SEC_ASN1DecodeInteger(&params->saltLength, &value);
ASSERT_EQ(SECSuccess, rv);
// The salt length are usually the same as the hash length,
// except for the case where the hash length exceeds the limit
// set by the key length
switch (hashAlg) {
case SEC_OID_SHA1:
EXPECT_EQ(20UL, value);
break;
case SEC_OID_SHA224:
EXPECT_EQ(28UL, value);
break;
case SEC_OID_SHA256:
EXPECT_EQ(32UL, value);
break;
case SEC_OID_SHA384:
EXPECT_EQ(48UL, value);
break;
case SEC_OID_SHA512:
// Truncated from 64, because our private key is 1024-bit
EXPECT_EQ(62UL, value);
break;
default:
FAIL();
}
}
};
class SignParamsTest
: public SignParamsTestF,
public ::testing::WithParamInterface<std::tuple<SECOidTag, SECOidTag>> {};
class SignParamsSourceTest : public SignParamsTestF,
public ::testing::WithParamInterface<SECOidTag> {};
TEST_P(SignParamsTest, CreateRsa) {
SECOidTag hashAlg = std::get<0>(GetParam());
SECOidTag srcHashAlg = std::get<1>(GetParam());
SECItem *srcParams;
if (srcHashAlg != SEC_OID_UNKNOWN) {
SECKEYRSAPSSParams pssParams;
ASSERT_NO_FATAL_FAILURE(
CreatePssParams(&pssParams, srcHashAlg, srcHashAlg));
srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
ASSERT_NE(nullptr, srcParams);
} else {
srcParams = NULL;
}
SECItem *params = SEC_CreateSignatureAlgorithmParameters(
arena_.get(), nullptr, SEC_OID_PKCS1_RSA_ENCRYPTION, hashAlg, srcParams,
privk_.get());
// PKCS#1 RSA actually doesn't take any parameters, but if it is
// given, return a copy of it
if (srcHashAlg != SEC_OID_UNKNOWN) {
EXPECT_EQ(srcParams->len, params->len);
EXPECT_EQ(0, memcmp(params->data, srcParams->data, srcParams->len));
} else {
EXPECT_EQ(nullptr, params);
}
}
TEST_P(SignParamsTest, CreateRsaPss) {
SECOidTag hashAlg = std::get<0>(GetParam());
SECOidTag srcHashAlg = std::get<1>(GetParam());
SECItem *srcParams;
if (srcHashAlg != SEC_OID_UNKNOWN) {
SECKEYRSAPSSParams pssParams;
ASSERT_NO_FATAL_FAILURE(
CreatePssParams(&pssParams, srcHashAlg, srcHashAlg));
srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
ASSERT_NE(nullptr, srcParams);
} else {
srcParams = NULL;
}
SECItem *params = SEC_CreateSignatureAlgorithmParameters(
arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg,
srcParams, privk_.get());
if (hashAlg != SEC_OID_UNKNOWN && srcHashAlg != SEC_OID_UNKNOWN &&
hashAlg != srcHashAlg) {
EXPECT_EQ(nullptr, params);
return;
}
EXPECT_NE(nullptr, params);
SECKEYRSAPSSParams pssParams;
PORT_Memset(&pssParams, 0, sizeof(pssParams));
SECStatus rv =
SEC_QuickDERDecodeItem(arena_.get(), &pssParams,
SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate), params);
ASSERT_EQ(SECSuccess, rv);
if (hashAlg == SEC_OID_UNKNOWN) {
if (!pssParams.hashAlg) {
hashAlg = SEC_OID_SHA1;
} else {
hashAlg = SECOID_GetAlgorithmTag(pssParams.hashAlg);
}
if (srcHashAlg == SEC_OID_UNKNOWN) {
// If both hashAlg and srcHashAlg is unset, NSS will decide the hash
// algorithm based on the key length; in this case it's SHA256
EXPECT_EQ(SEC_OID_SHA256, hashAlg);
} else {
EXPECT_EQ(srcHashAlg, hashAlg);
}
}
ASSERT_NO_FATAL_FAILURE(CheckHashAlg(&pssParams, hashAlg));
ASSERT_NO_FATAL_FAILURE(CheckMaskAlg(&pssParams, hashAlg));
ASSERT_NO_FATAL_FAILURE(CheckSaltLength(&pssParams, hashAlg));
// The default trailer field (1) must be omitted
EXPECT_EQ(nullptr, pssParams.trailerField.data);
}
TEST_P(SignParamsTest, CreateRsaPssWithECPrivateKey) {
SECOidTag hashAlg = std::get<0>(GetParam());
SECOidTag srcHashAlg = std::get<1>(GetParam());
SECItem *srcParams;
if (srcHashAlg != SEC_OID_UNKNOWN) {
SECKEYRSAPSSParams pssParams;
ASSERT_NO_FATAL_FAILURE(
CreatePssParams(&pssParams, srcHashAlg, srcHashAlg));
srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
ASSERT_NE(nullptr, srcParams);
} else {
srcParams = NULL;
}
SECItem *params = SEC_CreateSignatureAlgorithmParameters(
arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg,
srcParams, ecPrivk_.get());
EXPECT_EQ(nullptr, params);
}
TEST_P(SignParamsTest, CreateRsaPssWithInvalidHashAlg) {
SECOidTag srcHashAlg = std::get<1>(GetParam());
SECItem *srcParams;
if (srcHashAlg != SEC_OID_UNKNOWN) {
SECKEYRSAPSSParams pssParams;
ASSERT_NO_FATAL_FAILURE(
CreatePssParams(&pssParams, srcHashAlg, srcHashAlg));
srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
ASSERT_NE(nullptr, srcParams);
} else {
srcParams = NULL;
}
SECItem *params = SEC_CreateSignatureAlgorithmParameters(
arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, SEC_OID_MD5,
srcParams, privk_.get());
EXPECT_EQ(nullptr, params);
}
TEST_P(SignParamsSourceTest, CreateRsaPssWithInvalidHashAlg) {
SECOidTag hashAlg = GetParam();
SECItem *srcParams;
SECKEYRSAPSSParams pssParams;
ASSERT_NO_FATAL_FAILURE(
CreatePssParams(&pssParams, SEC_OID_MD5, SEC_OID_MD5));
srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
ASSERT_NE(nullptr, srcParams);
SECItem *params = SEC_CreateSignatureAlgorithmParameters(
arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg,
srcParams, privk_.get());
EXPECT_EQ(nullptr, params);
}
TEST_P(SignParamsSourceTest, CreateRsaPssWithInvalidSaltLength) {
SECOidTag hashAlg = GetParam();
SECItem *srcParams;
SECKEYRSAPSSParams pssParams;
ASSERT_NO_FATAL_FAILURE(
CreatePssParams(&pssParams, SEC_OID_SHA512, SEC_OID_SHA512, 100));
srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
ASSERT_NE(nullptr, srcParams);
SECItem *params = SEC_CreateSignatureAlgorithmParameters(
arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg,
srcParams, privk_.get());
EXPECT_EQ(nullptr, params);
}
TEST_P(SignParamsSourceTest, CreateRsaPssWithHashMismatch) {
SECOidTag hashAlg = GetParam();
SECItem *srcParams;
SECKEYRSAPSSParams pssParams;
ASSERT_NO_FATAL_FAILURE(
CreatePssParams(&pssParams, SEC_OID_SHA256, SEC_OID_SHA512));
srcParams = SEC_ASN1EncodeItem(arena_.get(), nullptr, &pssParams,
SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate));
ASSERT_NE(nullptr, srcParams);
SECItem *params = SEC_CreateSignatureAlgorithmParameters(
arena_.get(), nullptr, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, hashAlg,
srcParams, privk_.get());
EXPECT_EQ(nullptr, params);
}
INSTANTIATE_TEST_CASE_P(
SignParamsTestCases, SignParamsTest,
::testing::Combine(::testing::Values(SEC_OID_UNKNOWN, SEC_OID_SHA1,
SEC_OID_SHA224, SEC_OID_SHA256,
SEC_OID_SHA384, SEC_OID_SHA512),
::testing::Values(SEC_OID_UNKNOWN, SEC_OID_SHA1,
SEC_OID_SHA224, SEC_OID_SHA256,
SEC_OID_SHA384, SEC_OID_SHA512)));
INSTANTIATE_TEST_CASE_P(SignParamsSourceTestCases, SignParamsSourceTest,
::testing::Values(SEC_OID_UNKNOWN, SEC_OID_SHA1,
SEC_OID_SHA224, SEC_OID_SHA256,
SEC_OID_SHA384, SEC_OID_SHA512));
} // namespace nss_test

22
security/nss/gtests/cryptohi_gtest/manifest.mn Normal file
View File

@ -0,0 +1,22 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ../..
DEPTH = ../..
MODULE = nss
CPPSRCS = \
cryptohi_unittest.cc \
$(NULL)
INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
-I$(CORE_DEPTH)/gtests/common \
-I$(CORE_DEPTH)/cpputil
REQUIRES = nspr gtest
PROGRAM = cryptohi_gtest
EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
$(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX)

1
security/nss/gtests/manifest.mn
View File

@ -21,6 +21,7 @@ ifneq ($(NSS_BUILD_UTIL_ONLY),1)
NSS_SRCDIRS = \
certdb_gtest \
certhigh_gtest \
cryptohi_gtest \
der_gtest \
pk11_gtest \
softoken_gtest \

8
security/nss/gtests/pk11_gtest/manifest.mn
View File

@ -23,10 +23,12 @@ INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
-I$(CORE_DEPTH)/gtests/common \
-I$(CORE_DEPTH)/cpputil
REQUIRES = nspr nss libdbm gtest
REQUIRES = nspr nss libdbm gtest cpputil
PROGRAM = pk11_gtest
EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
$(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX)
EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \
$(NULL)

1
security/nss/gtests/pk11_gtest/pk11_gtest.gyp
View File

@ -26,6 +26,7 @@
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/cpputil/cpputil.gyp:cpputil',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
],
'conditions': [

20
security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
View File

@ -29,7 +29,25 @@ TEST_P(TlsConnectGeneric, ServerAuthBigRsa) {
}
TEST_P(TlsConnectGeneric, ServerAuthRsaChain) {
Reset(TlsAgent::kServerRsaChain);
Reset("rsa_chain");
Connect();
CheckKeys();
size_t chain_length;
EXPECT_TRUE(client_->GetPeerChainLength(&chain_length));
EXPECT_EQ(2UL, chain_length);
}
TEST_P(TlsConnectGeneric, ServerAuthRsaPssChain) {
Reset("rsa_pss_chain");
Connect();
CheckKeys();
size_t chain_length;
EXPECT_TRUE(client_->GetPeerChainLength(&chain_length));
EXPECT_EQ(2UL, chain_length);
}
TEST_P(TlsConnectGeneric, ServerAuthRsaCARsaPssChain) {
Reset("rsa_ca_rsa_pss_chain");
Connect();
CheckKeys();
size_t chain_length;

2
security/nss/gtests/ssl_gtest/ssl_gtest.cc
View File

@ -6,6 +6,7 @@
#include <cstdlib>
#include "test_io.h"
#include "databuffer.h"
#define GTEST_HAS_RTTI 0
#include "gtest/gtest.h"
@ -28,6 +29,7 @@ int main(int argc, char** argv) {
++i;
} else if (!strcmp(argv[i], "-v")) {
g_ssl_gtest_verbose = true;
nss_test::DataBuffer::SetLogLimit(16384);
}
}

3
security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc
View File

@ -19,7 +19,8 @@ class KeyLogFileTest : public TlsConnectGeneric {
public:
void SetUp() {
TlsConnectTestBase::SetUp();
remove(keylog_file_path.c_str());
// Remove previous results (if any).
(void)remove(keylog_file_path.c_str());
std::ostringstream sstr;
sstr << "SSLKEYLOGFILE=" << keylog_file_path;
PR_SetEnv(sstr.str().c_str());

1
security/nss/gtests/ssl_gtest/tls_agent.cc
View File

@ -36,7 +36,6 @@ const std::string TlsAgent::kServerRsa = "rsa"; // both sign and encrypt
const std::string TlsAgent::kServerRsaSign = "rsa_sign";
const std::string TlsAgent::kServerRsaPss = "rsa_pss";
const std::string TlsAgent::kServerRsaDecrypt = "rsa_decrypt";
const std::string TlsAgent::kServerRsaChain = "rsa_chain";
const std::string TlsAgent::kServerEcdsa256 = "ecdsa256";
const std::string TlsAgent::kServerEcdsa384 = "ecdsa384";
const std::string TlsAgent::kServerEcdsa521 = "ecdsa521";

1
security/nss/gtests/ssl_gtest/tls_agent.h
View File

@ -66,7 +66,6 @@ class TlsAgent : public PollTarget {
static const std::string kServerRsaSign;
static const std::string kServerRsaPss;
static const std::string kServerRsaDecrypt;
static const std::string kServerRsaChain; // A cert that requires a chain.
static const std::string kServerEcdsa256;
static const std::string kServerEcdsa384;
static const std::string kServerEcdsa521;

1
security/nss/lib/certdb/certdb.c
View File

@ -1192,6 +1192,7 @@ CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage)
case rsaKey:
requiredUsage |= KU_KEY_ENCIPHERMENT;
break;
case rsaPssKey:
case dsaKey:
requiredUsage |= KU_DIGITAL_SIGNATURE;
break;

3503
security/nss/lib/ckfw/builtins/certdata.txt
View File

File diff suppressed because it is too large Load Diff

4
security/nss/lib/ckfw/builtins/nssckbi.h
View File

@ -46,8 +46,8 @@
* It's recommend to switch back to 0 after having reached version 98/99.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 16
#define NSS_BUILTINS_LIBRARY_VERSION "2.16"
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 18
#define NSS_BUILTINS_LIBRARY_VERSION "2.18"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1

61
security/nss/lib/cryptohi/cryptohi.h
View File

@ -59,6 +59,14 @@ extern SECItem *DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len);
*/
extern SGNContext *SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *privKey);
/*
** Create a new signature context from an algorithmID.
** "alg" the signature algorithm to use
** "privKey" the private key to use
*/
extern SGNContext *SGN_NewContextWithAlgorithmID(SECAlgorithmID *alg,
SECKEYPrivateKey *privKey);
/*
** Destroy a signature-context object
** "cx" the object
@ -105,6 +113,21 @@ extern SECStatus SEC_SignData(SECItem *result,
const unsigned char *buf, int len,
SECKEYPrivateKey *pk, SECOidTag algid);
/*
** Sign a single block of data using private key encryption and given
** signature/hash algorithm with parameters from an algorithmID.
** "result" the final signature data (memory is allocated)
** "buf" the input data to sign
** "len" the amount of data to sign
** "pk" the private key to encrypt with
** "algid" the signature/hash algorithm to sign with
** (must be compatible with the key type).
*/
extern SECStatus SEC_SignDataWithAlgorithmID(SECItem *result,
const unsigned char *buf, int len,
SECKEYPrivateKey *pk,
SECAlgorithmID *algid);
/*
** Sign a pre-digested block of data using private key encryption, encoding
** The given signature/hash algorithm.
@ -131,6 +154,27 @@ extern SECStatus SEC_DerSignData(PLArenaPool *arena, SECItem *result,
const unsigned char *buf, int len,
SECKEYPrivateKey *pk, SECOidTag algid);
/*
** DER sign a single block of data using private key encryption and
** the given signature/hash algorithm with parameters from an
** algorithmID. This routine first computes a digital signature using
** SEC_SignData, then wraps it with an CERTSignedData and then der
** encodes the result.
** "arena" is the memory arena to use to allocate data from
** "result" the final der encoded data (memory is allocated)
** "buf" the input data to sign
** "len" the amount of data to sign
** "pk" the private key to encrypt with
** "algid" the signature/hash algorithm to sign with
** (must be compatible with the key type).
*/
extern SECStatus SEC_DerSignDataWithAlgorithmID(PLArenaPool *arena,
SECItem *result,
const unsigned char *buf,
int len,
SECKEYPrivateKey *pk,
SECAlgorithmID *algid);
/*
** Destroy a signed-data object.
** "sd" the object
@ -146,6 +190,23 @@ extern void SEC_DestroySignedData(CERTSignedData *sd, PRBool freeit);
extern SECOidTag SEC_GetSignatureAlgorithmOidTag(KeyType keyType,
SECOidTag hashAlgTag);
/*
** Create algorithm parameters for signing. Return a new item
** allocated from arena, or NULL on failure.
** "arena" is the memory arena to use to allocate data from
** "result" the encoded parameters (memory is allocated)
** "signAlgTag" is the signing algorithm
** "hashAlgTag" is the preferred hash algorithm
** "params" is the default parameters
** "key" is the private key
*/
extern SECItem *SEC_CreateSignatureAlgorithmParameters(PLArenaPool *arena,
SECItem *result,
SECOidTag signAlgTag,
SECOidTag hashAlgTag,
const SECItem *params,
const SECKEYPrivateKey *key);
/****************************************/
/*
** Signature verification operations

3
security/nss/lib/cryptohi/keyi.h
View File

@ -17,6 +17,9 @@ KeyType seckey_GetKeyType(SECOidTag pubKeyOid);
SECStatus sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg);
SECStatus sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_PSS_PARAMS *mech,
const SECKEYRSAPSSParams *params);
SEC_END_PROTOS
#endif /* _KEYHI_H_ */

90
security/nss/lib/cryptohi/seckey.c
View File

@ -1048,6 +1048,7 @@ SECKEY_SignatureLen(const SECKEYPublicKey *pubk)
switch (pubk->keyType) {
case rsaKey:
case rsaPssKey:
b0 = pubk->u.rsa.modulus.data[0];
return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
case dsaKey:
@ -1974,3 +1975,92 @@ SECKEY_GetECCOid(const SECKEYECParams *params)
return oidData->offset;
}
static CK_MECHANISM_TYPE
sec_GetHashMechanismByOidTag(SECOidTag tag)
{
switch (tag) {
case SEC_OID_SHA512:
return CKM_SHA512;
case SEC_OID_SHA384:
return CKM_SHA384;
case SEC_OID_SHA256:
return CKM_SHA256;
default:
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
/* fallthrough */
case SEC_OID_SHA1:
break;
}
return CKM_SHA_1;
}
static CK_RSA_PKCS_MGF_TYPE
sec_GetMgfTypeByOidTag(SECOidTag tag)
{
switch (tag) {
case SEC_OID_SHA512:
return CKG_MGF1_SHA512;
case SEC_OID_SHA384:
return CKG_MGF1_SHA384;
case SEC_OID_SHA256:
return CKG_MGF1_SHA256;
default:
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
/* fallthrough */
case SEC_OID_SHA1:
break;
}
return CKG_MGF1_SHA1;
}
SECStatus
sec_RSAPSSParamsToMechanism(CK_RSA_PKCS_PSS_PARAMS *mech,
const SECKEYRSAPSSParams *params)
{
SECStatus rv = SECSuccess;
SECOidTag hashAlgTag;
unsigned long saltLength;
PORT_Memset(mech, 0, sizeof(CK_RSA_PKCS_PSS_PARAMS));
if (params->hashAlg) {
hashAlgTag = SECOID_GetAlgorithmTag(params->hashAlg);
} else {
hashAlgTag = SEC_OID_SHA1; /* default, SHA-1 */
}
mech->hashAlg = sec_GetHashMechanismByOidTag(hashAlgTag);
if (params->maskAlg) {
SECAlgorithmID maskHashAlg;
SECOidTag maskHashAlgTag;
PORTCheapArenaPool tmpArena;
if (SECOID_GetAlgorithmTag(params->maskAlg) != SEC_OID_PKCS1_MGF1) {
/* only MGF1 is known to PKCS#11 */
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return SECFailure;
}
PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
rv = SEC_QuickDERDecodeItem(&tmpArena.arena, &maskHashAlg,
SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
&params->maskAlg->parameters);
PORT_DestroyCheapArena(&tmpArena);
if (rv != SECSuccess) {
return rv;
}
maskHashAlgTag = SECOID_GetAlgorithmTag(&maskHashAlg);
mech->mgf = sec_GetMgfTypeByOidTag(maskHashAlgTag);
} else {
mech->mgf = CKG_MGF1_SHA1; /* default, MGF1 with SHA-1 */
}
rv = SEC_ASN1DecodeInteger((SECItem *)&params->saltLength, &saltLength);
if (rv != SECSuccess) {
return rv;
}
mech->sLen = saltLength;
return rv;
}

361
security/nss/lib/cryptohi/secsign.c
View File

@ -22,10 +22,11 @@ struct SGNContextStr {
void *hashcx;
const SECHashObject *hashobj;
SECKEYPrivateKey *key;
SECItem *params;
};
SGNContext *
SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
static SGNContext *
sgn_NewContext(SECOidTag alg, SECItem *params, SECKEYPrivateKey *key)
{
SGNContext *cx;
SECOidTag hashalg, signalg;
@ -40,7 +41,7 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
* it may just support CKM_SHA1_RSA_PKCS and/or CKM_MD5_RSA_PKCS.
*/
/* we have a private key, not a public key, so don't pass it in */
rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg);
rv = sec_DecodeSigAlg(NULL, alg, params, &signalg, &hashalg);
if (rv != SECSuccess) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return 0;
@ -49,7 +50,8 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
/* verify our key type */
if (key->keyType != keyType &&
!((key->keyType == dsaKey) && (keyType == fortezzaKey))) {
!((key->keyType == dsaKey) && (keyType == fortezzaKey)) &&
!((key->keyType == rsaKey) && (keyType == rsaPssKey))) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return 0;
}
@ -59,10 +61,24 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
cx->hashalg = hashalg;
cx->signalg = signalg;
cx->key = key;
cx->params = params;
}
return cx;
}
SGNContext *
SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
{
return sgn_NewContext(alg, NULL, key);
}
SGNContext *
SGN_NewContextWithAlgorithmID(SECAlgorithmID *alg, SECKEYPrivateKey *key)
{
SECOidTag tag = SECOID_GetAlgorithmTag(alg);
return sgn_NewContext(tag, &alg->parameters, key);
}
void
SGN_DestroyContext(SGNContext *cx, PRBool freeit)
{
@ -148,6 +164,7 @@ SGN_End(SGNContext *cx, SECItem *result)
result->data = 0;
digder.data = 0;
sigitem.data = 0;
/* Finish up digest function */
if (cx->hashcx == NULL) {
@ -156,7 +173,8 @@ SGN_End(SGNContext *cx, SECItem *result)
}
(*cx->hashobj->end)(cx->hashcx, digest, &part1, sizeof(digest));
if (privKey->keyType == rsaKey) {
if (privKey->keyType == rsaKey &&
cx->signalg != SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) {
@ -200,26 +218,65 @@ SGN_End(SGNContext *cx, SECItem *result)
goto loser;
}
rv = PK11_Sign(privKey, &sigitem, &digder);
if (rv != SECSuccess) {
PORT_Free(sigitem.data);
sigitem.data = NULL;
goto loser;
if (cx->signalg == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
CK_RSA_PKCS_PSS_PARAMS mech;
SECItem mechItem = { siBuffer, (unsigned char *)&mech, sizeof(mech) };
PORT_Memset(&mech, 0, sizeof(mech));
if (cx->params && cx->params->data) {
SECKEYRSAPSSParams params;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) {
rv = SECFailure;
goto loser;
}
PORT_Memset(&params, 0, sizeof(params));
rv = SEC_QuickDERDecodeItem(arena, &params,
SECKEY_RSAPSSParamsTemplate,
cx->params);
if (rv != SECSuccess) {
goto loser;
}
rv = sec_RSAPSSParamsToMechanism(&mech, &params);
if (rv != SECSuccess) {
goto loser;
}
} else {
mech.hashAlg = CKM_SHA_1;
mech.mgf = CKG_MGF1_SHA1;
mech.sLen = digder.len;
}
rv = PK11_SignWithMechanism(privKey, CKM_RSA_PKCS_PSS, &mechItem,
&sigitem, &digder);
if (rv != SECSuccess) {
goto loser;
}
} else {
rv = PK11_Sign(privKey, &sigitem, &digder);
if (rv != SECSuccess) {
goto loser;
}
}
if ((cx->signalg == SEC_OID_ANSIX9_DSA_SIGNATURE) ||
(cx->signalg == SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
/* DSAU_EncodeDerSigWithLen works for DSA and ECDSA */
rv = DSAU_EncodeDerSigWithLen(result, &sigitem, sigitem.len);
PORT_Free(sigitem.data);
if (rv != SECSuccess)
goto loser;
SECITEM_FreeItem(&sigitem, PR_FALSE);
} else {
result->len = sigitem.len;
result->data = sigitem.data;
}
loser:
if (rv != SECSuccess) {
SECITEM_FreeItem(&sigitem, PR_FALSE);
}
SGN_DestroyDigestInfo(di);
if (arena != NULL) {
PORT_FreeArena(arena, PR_FALSE);
@ -229,18 +286,14 @@ loser:
/************************************************************************/
/*
** Sign a block of data returning in result a bunch of bytes that are the
** signature. Returns zero on success, an error code on failure.
*/
SECStatus
SEC_SignData(SECItem *res, const unsigned char *buf, int len,
SECKEYPrivateKey *pk, SECOidTag algid)
static SECStatus
sec_SignData(SECItem *res, const unsigned char *buf, int len,
SECKEYPrivateKey *pk, SECOidTag algid, SECItem *params)
{
SECStatus rv;
SGNContext *sgn;
sgn = SGN_NewContext(algid, pk);
sgn = sgn_NewContext(algid, params, pk);
if (sgn == NULL)
return SECFailure;
@ -260,6 +313,25 @@ loser:
return rv;
}
/*
** Sign a block of data returning in result a bunch of bytes that are the
** signature. Returns zero on success, an error code on failure.
*/
SECStatus
SEC_SignData(SECItem *res, const unsigned char *buf, int len,
SECKEYPrivateKey *pk, SECOidTag algid)
{
return sec_SignData(res, buf, len, pk, algid, NULL);
}
SECStatus
SEC_SignDataWithAlgorithmID(SECItem *res, const unsigned char *buf, int len,
SECKEYPrivateKey *pk, SECAlgorithmID *algid)
{
SECOidTag tag = SECOID_GetAlgorithmTag(algid);
return sec_SignData(res, buf, len, pk, tag, &algid->parameters);
}
/************************************************************************/
DERTemplate CERTSignedDataTemplate[] =
@ -294,10 +366,10 @@ const SEC_ASN1Template CERT_SignedDataTemplate[] =
SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SignedDataTemplate)
SECStatus
SEC_DerSignData(PLArenaPool *arena, SECItem *result,
static SECStatus
sec_DerSignData(PLArenaPool *arena, SECItem *result,
const unsigned char *buf, int len, SECKEYPrivateKey *pk,
SECOidTag algID)
SECOidTag algID, SECItem *params)
{
SECItem it;
CERTSignedData sd;
@ -339,7 +411,7 @@ SEC_DerSignData(PLArenaPool *arena, SECItem *result,
}
/* Sign input buffer */
rv = SEC_SignData(&it, buf, len, pk, algID);
rv = sec_SignData(&it, buf, len, pk, algID, params);
if (rv)
goto loser;
@ -349,7 +421,7 @@ SEC_DerSignData(PLArenaPool *arena, SECItem *result,
sd.data.len = len;
sd.signature.data = it.data;
sd.signature.len = it.len << 3; /* convert to bit string */
rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, 0);
rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, params);
if (rv)
goto loser;
@ -362,6 +434,24 @@ loser:
return rv;
}
SECStatus
SEC_DerSignData(PLArenaPool *arena, SECItem *result,
const unsigned char *buf, int len, SECKEYPrivateKey *pk,
SECOidTag algID)
{
return sec_DerSignData(arena, result, buf, len, pk, algID, NULL);
}
SECStatus
SEC_DerSignDataWithAlgorithmID(PLArenaPool *arena, SECItem *result,
const unsigned char *buf, int len,
SECKEYPrivateKey *pk,
SECAlgorithmID *algID)
{
SECOidTag tag = SECOID_GetAlgorithmTag(algID);
return sec_DerSignData(arena, result, buf, len, pk, tag, &algID->parameters);
}
SECStatus
SGN_Digest(SECKEYPrivateKey *privKey,
SECOidTag algtag, SECItem *result, SECItem *digest)
@ -509,3 +599,226 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag)
}
return sigTag;
}
static SECItem *
sec_CreateRSAPSSParameters(PLArenaPool *arena,
SECItem *result,
SECOidTag hashAlgTag,
const SECItem *params,
const SECKEYPrivateKey *key)
{
SECKEYRSAPSSParams pssParams;
int modBytes, hashLength;
unsigned long saltLength;
SECStatus rv;
if (key->keyType != rsaKey && key->keyType != rsaPssKey) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return NULL;
}
PORT_Memset(&pssParams, 0, sizeof(pssParams));
if (params && params->data) {
/* The parameters field should either be empty or contain
* valid RSA-PSS parameters */
PORT_Assert(!(params->len == 2 &&
params->data[0] == SEC_ASN1_NULL &&
params->data[1] == 0));
rv = SEC_QuickDERDecodeItem(arena, &pssParams,
SECKEY_RSAPSSParamsTemplate,
params);
if (rv != SECSuccess) {
return NULL;
}
}
if (pssParams.trailerField.data) {
unsigned long trailerField;
rv = SEC_ASN1DecodeInteger((SECItem *)&pssParams.trailerField,
&trailerField);
if (rv != SECSuccess) {
return NULL;
}
if (trailerField != 1) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
}
modBytes = PK11_GetPrivateModulusLen((SECKEYPrivateKey *)key);
/* Determine the hash algorithm to use, based on hashAlgTag and
* pssParams.hashAlg; there are four cases */
if (hashAlgTag != SEC_OID_UNKNOWN) {
if (pssParams.hashAlg) {
if (SECOID_GetAlgorithmTag(pssParams.hashAlg) != hashAlgTag) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
}
} else if (hashAlgTag == SEC_OID_UNKNOWN) {
if (pssParams.hashAlg) {
hashAlgTag = SECOID_GetAlgorithmTag(pssParams.hashAlg);
} else {
/* Find a suitable hash algorithm based on the NIST recommendation */
if (modBytes <= 384) { /* 128, in NIST 800-57, Part 1 */
hashAlgTag = SEC_OID_SHA256;
} else if (modBytes <= 960) { /* 192, NIST 800-57, Part 1 */
hashAlgTag = SEC_OID_SHA384;
} else {
hashAlgTag = SEC_OID_SHA512;
}
}
}
if (hashAlgTag != SEC_OID_SHA1 && hashAlgTag != SEC_OID_SHA224 &&
hashAlgTag != SEC_OID_SHA256 && hashAlgTag != SEC_OID_SHA384 &&
hashAlgTag != SEC_OID_SHA512) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return NULL;
}
/* Now that the hash algorithm is decided, check if it matches the
* existing parameters if any */
if (pssParams.maskAlg) {
SECAlgorithmID maskHashAlg;
if (SECOID_GetAlgorithmTag(pssParams.maskAlg) != SEC_OID_PKCS1_MGF1) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return NULL;
}
if (pssParams.maskAlg->parameters.data == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return NULL;
}
PORT_Memset(&maskHashAlg, 0, sizeof(maskHashAlg));
rv = SEC_QuickDERDecodeItem(arena, &maskHashAlg,
SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
&pssParams.maskAlg->parameters);
if (rv != SECSuccess) {
return NULL;
}
/* Following the recommendation in RFC 4055, assume the hash
* algorithm identical to pssParam.hashAlg */
if (SECOID_GetAlgorithmTag(&maskHashAlg) != hashAlgTag) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
return NULL;
}
}
hashLength = HASH_ResultLenByOidTag(hashAlgTag);
if (pssParams.saltLength.data) {
rv = SEC_ASN1DecodeInteger((SECItem *)&pssParams.saltLength,
&saltLength);
if (rv != SECSuccess) {
return NULL;
}
/* The specified salt length is too long */
if (saltLength > modBytes - hashLength - 2) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
}
/* Fill in the parameters */
if (pssParams.hashAlg) {
if (hashAlgTag == SEC_OID_SHA1) {
/* Omit hashAlg if the the algorithm is SHA-1 (default) */
pssParams.hashAlg = NULL;
}
} else {
if (hashAlgTag != SEC_OID_SHA1) {
pssParams.hashAlg = PORT_ArenaZAlloc(arena, sizeof(SECAlgorithmID));
if (!pssParams.hashAlg) {
return NULL;
}
rv = SECOID_SetAlgorithmID(arena, pssParams.hashAlg, hashAlgTag,
NULL);
if (rv != SECSuccess) {
return NULL;
}
}
}
if (pssParams.maskAlg) {
if (hashAlgTag == SEC_OID_SHA1) {
/* Omit maskAlg if the the algorithm is SHA-1 (default) */
pssParams.maskAlg = NULL;
}
} else {
if (hashAlgTag != SEC_OID_SHA1) {
SECItem *hashAlgItem;
PORT_Assert(pssParams.hashAlg != NULL);
hashAlgItem = SEC_ASN1EncodeItem(arena, NULL, pssParams.hashAlg,
SEC_ASN1_GET(SECOID_AlgorithmIDTemplate));
if (!hashAlgItem) {
return NULL;
}
pssParams.maskAlg = PORT_ArenaZAlloc(arena, sizeof(SECAlgorithmID));
if (!pssParams.maskAlg) {
return NULL;
}
rv = SECOID_SetAlgorithmID(arena, pssParams.maskAlg,
SEC_OID_PKCS1_MGF1, hashAlgItem);
if (rv != SECSuccess) {
return NULL;
}
}
}
if (pssParams.saltLength.data) {
if (saltLength == 20) {
/* Omit the salt length if it is the default */
pssParams.saltLength.data = NULL;
}
} else {
/* Find a suitable length from the hash algorithm and modulus bits */
saltLength = PR_MIN(hashLength, modBytes - hashLength - 2);
if (saltLength != 20 &&
!SEC_ASN1EncodeInteger(arena, &pssParams.saltLength, saltLength)) {
return NULL;
}
}
if (pssParams.trailerField.data) {
/* Omit trailerField if the value is 1 (default) */
pssParams.trailerField.data = NULL;
}
return SEC_ASN1EncodeItem(arena, result,
&pssParams, SECKEY_RSAPSSParamsTemplate);
}
SECItem *
SEC_CreateSignatureAlgorithmParameters(PLArenaPool *arena,
SECItem *result,
SECOidTag signAlgTag,
SECOidTag hashAlgTag,
const SECItem *params,
const SECKEYPrivateKey *key)
{
switch (signAlgTag) {
case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
return sec_CreateRSAPSSParameters(arena, result,
hashAlgTag, params, key);
default:
if (params == NULL)
return NULL;
if (result == NULL)
result = SECITEM_AllocItem(arena, NULL, 0);
if (SECITEM_CopyItem(arena, result, params) != SECSuccess)
return NULL;
return result;
}
}

149
security/nss/lib/cryptohi/secvfy.c
View File

@ -136,6 +136,8 @@ struct VFYContextStr {
unsigned char dsasig[DSA_MAX_SIGNATURE_LEN];
/* the full ECDSA signature */
unsigned char ecdsasig[2 * MAX_ECKEY_LEN];
/* the full RSA signature, only used in RSA-PSS */
unsigned char rsasig[(RSA_MAX_MODULUS_BITS + 7) / 8];
} u;
unsigned int pkcs1RSADigestInfoLen;
/* the encoded DigestInfo from a RSA PKCS#1 signature */
@ -148,6 +150,7 @@ struct VFYContextStr {
* VFY_CreateContext call. If false, the
* signature must be provided with a
* VFY_EndWithSignature call. */
SECItem *params;
};
static SECStatus
@ -250,9 +253,38 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
*hashalg = SEC_OID_SHA1;
break;
case SEC_OID_PKCS1_RSA_ENCRYPTION:
case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
*hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
break;
case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
if (param && param->data) {
SECKEYRSAPSSParams pssParam;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
return SECFailure;
}
PORT_Memset(&pssParam, 0, sizeof pssParam);
rv = SEC_QuickDERDecodeItem(arena, &pssParam,
SECKEY_RSAPSSParamsTemplate,
param);
if (rv != SECSuccess) {
PORT_FreeArena(arena, PR_FALSE);
return rv;
}
if (pssParam.hashAlg) {
*hashalg = SECOID_GetAlgorithmTag(pssParam.hashAlg);
} else {
*hashalg = SEC_OID_SHA1; /* default, SHA-1 */
}
PORT_FreeArena(arena, PR_FALSE);
/* only accept hash algorithms */
if (HASH_GetHashTypeByOidTag(*hashalg) == HASH_AlgNULL) {
/* error set by HASH_GetHashTypeByOidTag */
return SECFailure;
}
} else {
*hashalg = SEC_OID_SHA1; /* default, SHA-1 */
}
break;
case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
@ -434,6 +466,20 @@ vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig,
cx->key,
sig, wincx);
break;
case rsaPssKey:
sigLen = SECKEY_SignatureLen(key);
if (sigLen == 0) {
/* error set by SECKEY_SignatureLen */
rv = SECFailure;
break;
}
if (sig->len != sigLen) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
rv = SECFailure;
break;
}
PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
break;
case dsaKey:
case ecKey:
sigLen = SECKEY_SignatureLen(key);
@ -496,6 +542,7 @@ VFYContext *
VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key, const SECItem *sig,
const SECAlgorithmID *sigAlgorithm, SECOidTag *hash, void *wincx)
{
VFYContext *cx;
SECOidTag encAlg, hashAlg;
SECStatus rv = sec_DecodeSigAlg(key,
SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm),
@ -503,7 +550,13 @@ VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key, const SECItem *sig,
if (rv != SECSuccess) {
return NULL;
}
return vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
cx = vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
if (sigAlgorithm->parameters.data) {
cx->params = SECITEM_DupItem(&sigAlgorithm->parameters);
}
return cx;
}
void
@ -520,6 +573,9 @@ VFY_DestroyContext(VFYContext *cx, PRBool freeit)
if (cx->pkcs1RSADigestInfo) {
PORT_Free(cx->pkcs1RSADigestInfo);
}
if (cx->params) {
SECITEM_FreeItem(cx->params, PR_TRUE);
}
if (freeit) {
PORT_ZFree(cx, sizeof(VFYContext));
}
@ -562,7 +618,7 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
{
unsigned char final[HASH_LENGTH_MAX];
unsigned part;
SECItem hash, dsasig; /* dsasig is also used for ECDSA */
SECItem hash, rsasig, dsasig; /* dsasig is also used for ECDSA */
SECStatus rv;
if ((cx->hasSignature == PR_FALSE) && (sig == NULL)) {
@ -598,25 +654,70 @@ VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
return SECFailure;
}
break;
case rsaKey: {
SECItem digest;
digest.data = final;
digest.len = part;
if (sig) {
SECOidTag hashid;
PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN);
rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid,
&cx->pkcs1RSADigestInfo,
&cx->pkcs1RSADigestInfoLen,
cx->key,
sig, cx->wincx);
PORT_Assert(cx->hashAlg == hashid);
case rsaKey:
if (cx->encAlg == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
CK_RSA_PKCS_PSS_PARAMS mech;
SECItem mechItem = { siBuffer, (unsigned char *)&mech, sizeof(mech) };
SECKEYRSAPSSParams params;
PLArenaPool *arena;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
return SECFailure;
}
PORT_Memset(&params, 0, sizeof(params));
rv = SEC_QuickDERDecodeItem(arena, &params,
SECKEY_RSAPSSParamsTemplate,
cx->params);
if (rv != SECSuccess) {
PORT_FreeArena(arena, PR_FALSE);
return SECFailure;
}
rv = sec_RSAPSSParamsToMechanism(&mech, &params);
PORT_FreeArena(arena, PR_FALSE);
if (rv != SECSuccess) {
return SECFailure;
}
rsasig.data = cx->u.buffer;
rsasig.len = SECKEY_SignatureLen(cx->key);
if (rsasig.len == 0) {
return SECFailure;
}
if (sig) {
if (sig->len != rsasig.len) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
return SECFailure;
}
PORT_Memcpy(rsasig.data, sig->data, rsasig.len);
}
hash.data = final;
hash.len = part;
if (PK11_VerifyWithMechanism(cx->key, CKM_RSA_PKCS_PSS, &mechItem,
&rsasig, &hash, cx->wincx) != SECSuccess) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
return SECFailure;
}
} else {
SECItem digest;
digest.data = final;
digest.len = part;
if (sig) {
SECOidTag hashid;
PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN);
rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid,
&cx->pkcs1RSADigestInfo,
&cx->pkcs1RSADigestInfoLen,
cx->key,
sig, cx->wincx);
PORT_Assert(cx->hashAlg == hashid);
if (rv != SECSuccess) {
return SECFailure;
}
}
return verifyPKCS1DigestInfo(cx, &digest);
}
return verifyPKCS1DigestInfo(cx, &digest);
}
break;
default:
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
return SECFailure; /* shouldn't happen */
@ -722,7 +823,7 @@ VFY_VerifyDigestWithAlgorithmID(const SECItem *digest,
static SECStatus
vfy_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg,
SECOidTag *hash, void *wincx)
const SECItem *params, SECOidTag *hash, void *wincx)
{
SECStatus rv;
VFYContext *cx;
@ -730,6 +831,9 @@ vfy_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
cx = vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
if (cx == NULL)
return SECFailure;
if (params) {
cx->params = SECITEM_DupItem(params);
}
rv = VFY_Begin(cx);
if (rv == SECSuccess) {
@ -748,7 +852,7 @@ VFY_VerifyDataDirect(const unsigned char *buf, int len,
SECOidTag encAlg, SECOidTag hashAlg,
SECOidTag *hash, void *wincx)
{
return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx);
return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, hash, wincx);
}
SECStatus
@ -760,7 +864,7 @@ VFY_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
if (rv != SECSuccess) {
return rv;
}
return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, wincx);
return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, NULL, wincx);
}
SECStatus
@ -777,5 +881,6 @@ VFY_VerifyDataWithAlgorithmID(const unsigned char *buf, int len,
if (rv != SECSuccess) {
return rv;
}
return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx);
return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg,
&sigAlgorithm->parameters, hash, wincx);
}

7
security/nss/lib/freebl/rsa.c
View File

@ -318,6 +318,13 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
key->version.data[0] = 0;
/* 3. Set the public exponent */
SECITEM_TO_MPINT(*publicExponent, &e);
#ifndef NSS_FIPS_DISABLED
/* check the exponent size we */
if (mp_cmp_d(&e, 0x10001) < 0) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
goto cleanup;
}
#endif
kiter = 0;
max_attempts = 5 * (keySizeInBits / 2); /* FIPS 186-4 B.3.3 steps 4.7 and 5.8 */
do {

10
security/nss/lib/nss/nss.def
View File

@ -1123,3 +1123,13 @@ CERT_FindCertByNicknameOrEmailAddrForUsageCX;
;+ local:
;+ *;
;+};
;+NSS_3.34 { # NSS 3.34 release
;+ global:
PK11_CreateManagedGenericObject;
SGN_NewContextWithAlgorithmID;
SEC_SignDataWithAlgorithmID;
SEC_DerSignDataWithAlgorithmID;
SEC_CreateSignatureAlgorithmParameters;
;+ local:
;+ *;
;+};

1
security/nss/lib/pk11wrap/pk11merge.c
View File

@ -1258,6 +1258,7 @@ pk11_newMergeLogNode(PLArenaPool *arena,
/* initialize it */
obj->slot = slot;
obj->objectID = id;
obj->owner = PR_FALSE;
newLog->object = obj;
newLog->error = error;

38
security/nss/lib/pk11wrap/pk11obj.c
View File

@ -1505,6 +1505,7 @@ PK11_FindGenericObjects(PK11SlotInfo *slot, CK_OBJECT_CLASS objClass)
/* initialize it */
obj->slot = PK11_ReferenceSlot(slot);
obj->objectID = objectIDs[i];
obj->owner = PR_FALSE;
obj->next = NULL;
obj->prev = NULL;
@ -1585,6 +1586,9 @@ PK11_DestroyGenericObject(PK11GenericObject *object)
PK11_UnlinkGenericObject(object);
if (object->slot) {
if (object->owner) {
PK11_DestroyObject(object->slot, object->objectID);
}
PK11_FreeSlot(object->slot);
}
PORT_Free(object);
@ -1626,8 +1630,9 @@ PK11_DestroyGenericObjects(PK11GenericObject *objects)
* Hand Create a new object and return the Generic object for our new object.
*/
PK11GenericObject *
PK11_CreateGenericObject(PK11SlotInfo *slot, const CK_ATTRIBUTE *pTemplate,
int count, PRBool token)
pk11_CreateGenericObjectHelper(PK11SlotInfo *slot,
const CK_ATTRIBUTE *pTemplate,
int count, PRBool token, PRBool owner)
{
CK_OBJECT_HANDLE objectID;
PK11GenericObject *obj;
@ -1651,11 +1656,40 @@ PK11_CreateGenericObject(PK11SlotInfo *slot, const CK_ATTRIBUTE *pTemplate,
/* initialize it */
obj->slot = PK11_ReferenceSlot(slot);
obj->objectID = objectID;
obj->owner = owner;
obj->next = NULL;
obj->prev = NULL;
return obj;
}
/* This is the classic interface. Applications would call this function to
* create new object that would not be destroyed later. This lead to resource
* leaks (and thus memory leaks in the PKCS #11 module). To solve this we have
* a new interface that automatically marks objects created on the fly to be
* destroyed later.
* The old interface is preserved because applications like Mozilla purposefully
* leak the reference to be found later with PK11_FindGenericObjects. New
* applications should use the new interface PK11_CreateManagedGenericObject */
PK11GenericObject *
PK11_CreateGenericObject(PK11SlotInfo *slot, const CK_ATTRIBUTE *pTemplate,
int count, PRBool token)
{
return pk11_CreateGenericObjectHelper(slot, pTemplate, count, token,
PR_FALSE);
}
/* Use this interface. It will automatically destroy any temporary objects
* (token = PR_FALSE) when the PK11GenericObject is freed. Permanent objects still
* need to be destroyed by hand with PK11_DestroyTokenObject.
*/
PK11GenericObject *
PK11_CreateManagedGenericObject(PK11SlotInfo *slot,
const CK_ATTRIBUTE *pTemplate, int count, PRBool token)
{
return pk11_CreateGenericObjectHelper(slot, pTemplate, count, token,
!token);
}
/*
* Change an attribute on a raw object
*/

4
security/nss/lib/pk11wrap/pk11pub.h
View File

@ -831,6 +831,10 @@ SECStatus PK11_LinkGenericObject(PK11GenericObject *list,
PK11GenericObject *object);
SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object);
SECStatus PK11_DestroyGenericObject(PK11GenericObject *object);
PK11GenericObject *PK11_CreateManagedGenericObject(PK11SlotInfo *slot,
const CK_ATTRIBUTE *pTemplate,
int count, PRBool token);
/* deprecated */
PK11GenericObject *PK11_CreateGenericObject(PK11SlotInfo *slot,
const CK_ATTRIBUTE *pTemplate,
int count, PRBool token);

1
security/nss/lib/pk11wrap/secmodti.h
View File

@ -175,6 +175,7 @@ struct PK11GenericObjectStr {
PK11GenericObject *next;
PK11SlotInfo *slot;
CK_OBJECT_HANDLE objectID;
PRBool owner;
};
#define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */

2
security/nss/lib/pkcs7/p7create.c
View File

@ -18,7 +18,7 @@
#include "secder.h"
#include "secpkcs5.h"
const int NSS_PBE_DEFAULT_ITERATION_COUNT = 2000; /* used in p12e.c too */
const int NSS_PBE_DEFAULT_ITERATION_COUNT = 100000; /* used in p12e.c too */
static SECStatus
sec_pkcs7_init_content_info(SEC_PKCS7ContentInfo *cinfo, PLArenaPool *poolp,

2
security/nss/nss.gyp
View File

@ -148,6 +148,7 @@
'cmd/pk1sign/pk1sign.gyp:pk1sign',
'cmd/pp/pp.gyp:pp',
'cmd/rsaperf/rsaperf.gyp:rsaperf',
'cmd/rsapoptst/rsapoptst.gyp:rsapoptst',
'cmd/sdrtest/sdrtest.gyp:sdrtest',
'cmd/selfserv/selfserv.gyp:selfserv',
'cmd/shlibsign/mangle/mangle.gyp:mangle',
@ -163,6 +164,7 @@
'cmd/vfychain/vfychain.gyp:vfychain',
'cmd/vfyserv/vfyserv.gyp:vfyserv',
'gtests/certhigh_gtest/certhigh_gtest.gyp:certhigh_gtest',
'gtests/cryptohi_gtest/cryptohi_gtest.gyp:cryptohi_gtest',
'gtests/der_gtest/der_gtest.gyp:der_gtest',
'gtests/certdb_gtest/certdb_gtest.gyp:certdb_gtest',
'gtests/freebl_gtest/freebl_gtest.gyp:prng_gtest',

21
security/nss/tests/all.sh
View File

@ -130,14 +130,20 @@ run_tests()
}
########################## run_cycle_standard ##########################
# run test suites with defaults settings (no PKIX, no sharedb)
# run test suites with dbm database (no PKIX, no sharedb)
########################################################################
run_cycle_standard()
{
TEST_MODE=STANDARD
TESTS="${ALL_TESTS}"
TESTS_SKIP=
TESTS_SKIP="cipher libpkix sdr ocsp pkits"
NSS_DEFAULT_DB_TYPE="dbm"
export NSS_DEFAULT_DB_TYPE
NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
run_tests
}
@ -162,7 +168,12 @@ run_cycle_pkix()
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit"
NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
export -n NSS_SSL_RUN
# use the default format
export -n NSS_DEFAULT_DB_TYPE
run_tests
}
@ -231,10 +242,10 @@ run_cycle_shared_db()
# run the tests for native sharedb support
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits"
TESTS_SKIP="dbupgrade"
NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
export -n NSS_SSL_TESTS
export -n NSS_SSL_RUN
run_tests
}

368
security/nss/tests/cert/cert.sh
View File

@ -510,7 +510,11 @@ cert_all_CA()
# dsaroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last
# in the chain
#
# Create RSA-PSS version of TestCA
ALL_CU_SUBJECT="CN=NSS Test CA (RSA-PSS), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
cert_rsa_pss_CA $CADIR TestCA-rsa-pss -x "CTu,CTu,CTu" ${D_CA} "1" SHA256
rm $CLIENT_CADIR/rsapssroot.cert $SERVER_CADIR/rsapssroot.cert
#
@ -627,7 +631,7 @@ CERTSCRIPT
################################ cert_dsa_CA #############################
# local shell function to build the Temp. Certificate Authority (CA)
# used for testing purposes, creating a CA Certificate and a root cert
# This is the ECC version of cert_CA.
# This is the DSA version of cert_CA.
##########################################################################
cert_dsa_CA()
{
@ -638,7 +642,7 @@ cert_dsa_CA()
DOMAIN=$5
CERTSERIAL=$6
echo "$SCRIPTNAME: Creating an DSA CA Certificate $NICKNAME =========================="
echo "$SCRIPTNAME: Creating a DSA CA Certificate $NICKNAME =========================="
if [ ! -d "${CUR_CADIR}" ]; then
mkdir -p "${CUR_CADIR}"
@ -651,7 +655,7 @@ cert_dsa_CA()
LPROFILE="multiaccess:${DOMAIN}"
fi
################# Creating an DSA CA Cert ###############################
################# Creating a DSA CA Cert ###############################
#
CU_ACTION="Creating DSA CA Cert $NICKNAME "
CU_SUBJECT=$ALL_CU_SUBJECT
@ -690,6 +694,79 @@ CERTSCRIPT
################################ cert_rsa_pss_CA #############################
# local shell function to build the Temp. Certificate Authority (CA)
# used for testing purposes, creating a CA Certificate and a root cert
# This is the RSA-PSS version of cert_CA.
##########################################################################
cert_rsa_pss_CA()
{
CUR_CADIR=$1
NICKNAME=$2
SIGNER=$3
TRUSTARG=$4
DOMAIN=$5
CERTSERIAL=$6
HASHALG=$7
echo "$SCRIPTNAME: Creating an RSA-PSS CA Certificate $NICKNAME =========================="
if [ ! -d "${CUR_CADIR}" ]; then
mkdir -p "${CUR_CADIR}"
fi
cd ${CUR_CADIR}
pwd
LPROFILE=.
if [ -n "${MULTIACCESS_DBM}" ]; then
LPROFILE="multiaccess:${DOMAIN}"
fi
HASHOPT=
if [ -n "$HASHALG" ]; then
HASHOPT="-Z $HASHALG"
fi
################# Creating an RSA-PSS CA Cert ###############################
#
CU_ACTION="Creating RSA-PSS CA Cert $NICKNAME "
CU_SUBJECT=$ALL_CU_SUBJECT
certu -S -n $NICKNAME -k rsa --pss $HASHOPT -t $TRUSTARG -v 600 $SIGNER \
-d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \
-m $CERTSERIAL 2>&1 <<CERTSCRIPT
5
6
9
n
y
-1
n
5
6
7
9
n
CERTSCRIPT
if [ "$RET" -ne 0 ]; then
echo "return value is $RET"
Exit 6 "Fatal - failed to create RSA-PSS CA cert"
fi
################# Exporting RSA-PSS Root Cert ###############################
#
CU_ACTION="Exporting RSA-PSS Root Cert"
certu -L -n $NICKNAME -r -d ${LPROFILE} -o rsapssroot.cert
if [ "$RET" -ne 0 ]; then
Exit 7 "Fatal - failed to export RSA-PSS root cert"
fi
cp rsapssroot.cert ${NICKNAME}.ca.cert
}
################################ cert_ec_CA ##############################
# local shell function to build the Temp. Certificate Authority (CA)
# used for testing purposes, creating a CA Certificate and a root cert
@ -1260,6 +1337,10 @@ MODSCRIPT
CU_ACTION="Setting invalid database password in FIPS mode"
RETEXPECTED=255
certu -W -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -@ "${R_FIPSBADPWFILE}" 2>&1
CU_ACTION="Attempt to generate a key with exponent of 3 (too small)"
certu -G -k rsa -g 2048 -y 3 -d "${PROFILEDIR}" -z ${R_NOISE_FILE} -f "${R_FIPSPWFILE}"
CU_ACTION="Attempt to generate a key with exponent of 17 (too small)"
certu -G -k rsa -g 2048 -y 17 -d "${PROFILEDIR}" -z ${R_NOISE_FILE} -f "${R_FIPSPWFILE}"
RETEXPECTED=0
CU_ACTION="Generate Certificate for ${CERTNAME}"
@ -1268,6 +1349,20 @@ MODSCRIPT
if [ "$RET" -eq 0 ]; then
cert_log "SUCCESS: FIPS passed"
fi
}
########################## cert_rsa_exponent #################################
# local shell function to verify small rsa exponent can be used (only
# run if FIPS has not been turned on in the build).
##############################################################################
cert_rsa_exponent()
{
echo "$SCRIPTNAME: Verify that small RSA exponents still work =============="
CU_ACTION="Attempt to generate a key with exponent of 3"
certu -G -k rsa -g 2048 -y 3 -d "${CLIENTDIR}" -z ${R_NOISE_FILE} -f "${R_PWFILE}"
CU_ACTION="Attempt to generate a key with exponent of 17"
certu -G -k rsa -g 2048 -y 17 -d "${CLIENTDIR}" -z ${R_NOISE_FILE} -f "${R_PWFILE}"
}
############################## cert_eccurves ###########################
@ -1955,6 +2050,263 @@ cert_test_implicit_db_init()
certu -A -n ca -t 'C,C,C' -d ${P_R_IMPLICIT_INIT_DIR} -i "${SERVER_CADIR}/serverCA.ca.cert"
}
check_sign_algo()
{
certu -L -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}" | \
sed -n '/^ *Data:/,/^$/{
/^ Signature Algorithm/,/^ *Salt Length/s/^ //p
}' > ${TMP}/signalgo.txt
diff ${TMP}/signalgo.exp ${TMP}/signalgo.txt
RET=$?
if [ "$RET" -ne 0 ]; then
CERTFAILED=$RET
html_failed "${CU_ACTION} ($RET) "
cert_log "ERROR: ${CU_ACTION} failed $RET"
else
html_passed "${CU_ACTION}"
fi
}
cert_test_rsapss()
{
TEMPFILES="$TEMPFILES ${TMP}/signalgo.exp ${TMP}/signalgo.txt"
cert_init_cert "${RSAPSSDIR}" "RSA-PSS Test Cert" 1000 "${D_RSAPSS}"
CU_ACTION="Initialize Cert DB"
certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
CU_ACTION="Import RSA CA Cert"
certu -A -n "TestCA" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-i "${R_CADIR}/TestCA.ca.cert" 2>&1
CU_ACTION="Import RSA-PSS CA Cert"
certu -A -n "TestCA-rsa-pss" -t "C,," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-i "${R_CADIR}/TestCA-rsa-pss.ca.cert" 2>&1
CU_ACTION="Verify RSA-PSS CA Cert"
certu -V -u L -e -n "TestCA-rsa-pss" -d "${PROFILEDIR}" -f "${R_PWFILE}"
# Subject certificate: RSA
# Issuer certificate: RSA
# Signature: RSA-PSS (explicit, with --pss-sign)
CERTNAME="TestUser-rsa-pss1"
CU_ACTION="Generate Cert Request for $CERTNAME"
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
CU_ACTION="Sign ${CERTNAME}'s Request"
certu -C -c "TestCA" --pss-sign -m 200 -v 60 -d "${P_R_CADIR}" \
-i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
CU_ACTION="Import $CERTNAME's Cert"
certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-i "${CERTNAME}.cert" 2>&1
CU_ACTION="Verify $CERTNAME's Cert"
certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
cat > ${TMP}/signalgo.exp <<EOF
Signature Algorithm: PKCS #1 RSA-PSS Signature
Parameters:
Hash algorithm: SHA-256
Mask algorithm: PKCS #1 MGF1 Mask Generation Function
Mask hash algorithm: SHA-256
Salt Length: 32 (0x20)
EOF
check_sign_algo
# Subject certificate: RSA
# Issuer certificate: RSA
# Signature: RSA-PSS (explict, with --pss-sign -Z SHA512)
CERTNAME="TestUser-rsa-pss2"
CU_ACTION="Generate Cert Request for $CERTNAME"
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
CU_ACTION="Sign ${CERTNAME}'s Request"
certu -C -c "TestCA" --pss-sign -Z SHA512 -m 201 -v 60 -d "${P_R_CADIR}" \
-i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
CU_ACTION="Import $CERTNAME's Cert"
certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-i "${CERTNAME}.cert" 2>&1
CU_ACTION="Verify $CERTNAME's Cert"
certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
cat > ${TMP}/signalgo.exp <<EOF
Signature Algorithm: PKCS #1 RSA-PSS Signature
Parameters:
Hash algorithm: SHA-512
Mask algorithm: PKCS #1 MGF1 Mask Generation Function
Mask hash algorithm: SHA-512
Salt Length: 64 (0x40)
EOF
check_sign_algo
# Subject certificate: RSA
# Issuer certificate: RSA-PSS
# Signature: RSA-PSS
CERTNAME="TestUser-rsa-pss3"
CU_ACTION="Generate Cert Request for $CERTNAME"
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
CU_ACTION="Sign ${CERTNAME}'s Request"
certu -C -c "TestCA-rsa-pss" -m 202 -v 60 -d "${P_R_CADIR}" \
-i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
CU_ACTION="Import $CERTNAME's Cert"
certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-i "${CERTNAME}.cert" 2>&1
CU_ACTION="Verify $CERTNAME's Cert"
certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
cat > ${TMP}/signalgo.exp <<EOF
Signature Algorithm: PKCS #1 RSA-PSS Signature
Parameters:
Hash algorithm: SHA-256
Mask algorithm: PKCS #1 MGF1 Mask Generation Function
Mask hash algorithm: SHA-256
Salt Length: 32 (0x20)
EOF
check_sign_algo
# Subject certificate: RSA-PSS
# Issuer certificate: RSA
# Signature: RSA-PSS (explicit, with --pss-sign)
CERTNAME="TestUser-rsa-pss4"
CU_ACTION="Generate Cert Request for $CERTNAME"
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1
CU_ACTION="Sign ${CERTNAME}'s Request"
certu -C -c "TestCA" --pss-sign -m 203 -v 60 -d "${P_R_CADIR}" \
-i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
CU_ACTION="Import $CERTNAME's Cert"
certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-i "${CERTNAME}.cert" 2>&1
CU_ACTION="Verify $CERTNAME's Cert"
certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
cat > ${TMP}/signalgo.exp <<EOF
Signature Algorithm: PKCS #1 RSA-PSS Signature
Parameters:
Hash algorithm: SHA-256
Mask algorithm: PKCS #1 MGF1 Mask Generation Function
Mask hash algorithm: SHA-256
Salt Length: 32 (0x20)
EOF
check_sign_algo
# Subject certificate: RSA-PSS
# Issuer certificate: RSA-PSS
# Signature: RSA-PSS (explicit, with --pss-sign)
CERTNAME="TestUser-rsa-pss5"
CU_ACTION="Generate Cert Request for $CERTNAME"
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1
CU_ACTION="Sign ${CERTNAME}'s Request"
certu -C -c "TestCA-rsa-pss" --pss-sign -m 204 -v 60 -d "${P_R_CADIR}" \
-i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
CU_ACTION="Import $CERTNAME's Cert"
certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-i "${CERTNAME}.cert" 2>&1
CU_ACTION="Verify $CERTNAME's Cert"
certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
cat > ${TMP}/signalgo.exp <<EOF
Signature Algorithm: PKCS #1 RSA-PSS Signature
Parameters:
Hash algorithm: SHA-256
Mask algorithm: PKCS #1 MGF1 Mask Generation Function
Mask hash algorithm: SHA-256
Salt Length: 32 (0x20)
EOF
check_sign_algo
# Subject certificate: RSA-PSS
# Issuer certificate: RSA-PSS
# Signature: RSA-PSS (implicit, without --pss-sign)
CERTNAME="TestUser-rsa-pss6"
CU_ACTION="Generate Cert Request for $CERTNAME"
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1
CU_ACTION="Sign ${CERTNAME}'s Request"
certu -C -c "TestCA-rsa-pss" -m 205 -v 60 -d "${P_R_CADIR}" \
-i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
CU_ACTION="Import $CERTNAME's Cert"
certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-i "${CERTNAME}.cert" 2>&1
CU_ACTION="Verify $CERTNAME's Cert"
certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
cat > ${TMP}/signalgo.exp <<EOF
Signature Algorithm: PKCS #1 RSA-PSS Signature
Parameters:
Hash algorithm: SHA-256
Mask algorithm: PKCS #1 MGF1 Mask Generation Function
Mask hash algorithm: SHA-256
Salt Length: 32 (0x20)
EOF
check_sign_algo
# Subject certificate: RSA-PSS
# Issuer certificate: RSA-PSS
# Signature: RSA-PSS (with conflicting hash algorithm)
CERTNAME="TestUser-rsa-pss7"
CU_ACTION="Generate Cert Request for $CERTNAME"
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1
CU_ACTION="Sign ${CERTNAME}'s Request"
RETEXPECTED=255
certu -C -c "TestCA-rsa-pss" --pss-sign -Z SHA512 -m 206 -v 60 -d "${P_R_CADIR}" \
-i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
RETEXPECTED=0
# Subject certificate: RSA-PSS
# Issuer certificate: RSA-PSS
# Signature: RSA-PSS (with compatible hash algorithm)
CERTNAME="TestUser-rsa-pss8"
CU_ACTION="Generate Cert Request for $CERTNAME"
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1
CU_ACTION="Sign ${CERTNAME}'s Request"
certu -C -c "TestCA-rsa-pss" --pss-sign -Z SHA256 -m 207 -v 60 -d "${P_R_CADIR}" \
-i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
CU_ACTION="Import $CERTNAME's Cert"
certu -A -n "$CERTNAME" -t ",," -d "${PROFILEDIR}" -f "${R_PWFILE}" \
-i "${CERTNAME}.cert" 2>&1
CU_ACTION="Verify $CERTNAME's Cert"
certu -V -u V -e -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}"
cat > ${TMP}/signalgo.exp <<EOF
Signature Algorithm: PKCS #1 RSA-PSS Signature
Parameters:
Hash algorithm: SHA-256
Mask algorithm: PKCS #1 MGF1 Mask Generation Function
Mask hash algorithm: SHA-256
Salt Length: 32 (0x20)
EOF
check_sign_algo
}
############################## cert_cleanup ############################
# local shell function to finish this script (no exit since it might be
# sourced)
@ -1978,12 +2330,20 @@ cert_smime_client
if [[ -n "$NSS_TEST_ENABLE_FIPS" ]]; then
cert_fips
fi
# We currently have difficulties to know if the build is a non-FIPS build,
# because of differences between the "make" and "gyp" build systems.
# As soon as we have a reliable way to detect that based on a variable,
# we should enable the following test call. See bug 1409516.
# if SYMBOL_THAT_TELLS_US_FIPS_IS_DISABLED
# cert_rsa_exponent
# fi
cert_eccurves
cert_extensions
cert_san_and_generic_extensions
cert_test_password
cert_test_distrust
cert_test_ocspresp
cert_test_rsapss
if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then
cert_crl_ssl

16
security/nss/tests/cipher/cipher.sh
View File

@ -107,6 +107,21 @@ cipher_gcm()
done < ${GCM_TXT}
}
###################### cipher_rsa_populate ############################
# Test the ability to reconstruct rsa private key reconstruction
# also test the PK11GenericObject interface
###################################################################
cipher_rsa_populate()
{
TESTNAME="RSA Reconstruct Private Keys Test"
echo "$SCRIPTNAME: $TESTNAME --------------------------------"
echo "rsapoptst -t all -r 10"
# skip e_d_q. It isn't reliable, and can return incorrect data. e_d_q should
# be turned off.
${PROFTOOL} ${BINDIR}/rsapoptst -t e_n_p,d_n_q,d_p_q,e_d_n -r 10
html_msg $? 0 "$TESTNAME"
}
############################## cipher_cleanup ############################
# local shell function to finish this script (no exit since it might be
# sourced)
@ -136,5 +151,6 @@ fi
# Skip cipher_gcm if this is a softoken only build.
if [ "${NSS_BUILD_SOFTOKEN_ONLY}" != "1" ]; then
cipher_gcm
cipher_rsa_populate
fi
cipher_cleanup

2
security/nss/tests/common/init.sh
View File

@ -63,6 +63,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
DBPASSDIR=${HOSTDIR}/dbpass
ECCURVES_DIR=${HOSTDIR}/eccurves
DISTRUSTDIR=${HOSTDIR}/distrust
RSAPSSDIR=${HOSTDIR}/rsapss
SERVER_CADIR=${HOSTDIR}/serverCA
CLIENT_CADIR=${HOSTDIR}/clientCA
@ -540,6 +541,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
D_IMPLICIT_INIT="ImplicitInit.$version"
D_CERT_EXTENSTIONS="CertExtensions.$version"
D_DISTRUST="Distrust.$version"
D_RSAPSS="RSAPSS.$version"
# we need relative pathnames of these files abd directories, since our
# tools can't handle the unix style absolut pathnames on cygnus

2
security/nss/tests/pkits/pkits.sh
View File

@ -93,7 +93,7 @@ pkits_init()
${BINDIR}/certutil -N -d ${PKITSdb} -f ${PKITSdb}/pw
${BINDIR}/certutil -A -n TrustAnchorRootCertificate -t "C,C,C" -i \
$certs/TrustAnchorRootCertificate.crt -d $PKITSdb
$certs/TrustAnchorRootCertificate.crt -d $PKITSdb -f ${PKITSdb}/pw
if [ -z "$NSS_NO_PKITS_CRLS" ]; then
${BINDIR}/crlutil -I -i $crls/TrustAnchorRootCRL.crl -d ${PKITSdb} -f ${PKITSdb}/pw
else

104
security/nss/tests/ssl/ssl.sh
View File

@ -676,7 +676,33 @@ ssl_crl_ssl()
html "</TABLE><BR>"
}
############################## ssl_cov #################################
############################# setup_policy #############################
# local shell function to create policy configuration
########################################################################
setup_policy()
{
policy="$1"
OUTFILE=${P_R_CLIENTDIR}/pkcs11.txt
cat > "$OUTFILE" << ++EOF++
library=
name=NSS Internal PKCS #11 Module
parameters=configdir='./client' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
++EOF++
echo "config=${policy}" >> "$OUTFILE"
echo "" >> "$OUTFILE"
echo "library=${DIST}/${OBJDIR}/lib/libnssckbi.so" >> "$OUTFILE"
cat >> "$OUTFILE" << ++EOF++
name=RootCerts
NSS=trustOrder=100
++EOF++
echo "******************************Testing with: "
cat ${P_R_CLIENTDIR}/pkcs11.txt
echo "******************************"
}
############################## ssl_policy ##############################
# local shell function to perform SSL Policy tests
########################################################################
ssl_policy()
@ -688,7 +714,8 @@ ssl_policy()
sparam="$CIPHER_SUITES"
if [ ! -f "${P_R_CLIENTDIR}/pkcs11.txt" ] ; then
return;
html_failed "${SCRIPTNAME}: ${P_R_CLIENTDIR} is not initialized"
return 1;
fi
echo "Saving pkcs11.txt"
@ -696,9 +723,6 @@ ssl_policy()
start_selfserv # Launch the server
VMIN="ssl3"
VMAX="tls1.2"
ignore_blank_lines ${SSLPOLICY} | \
while read value ectype testmax param policy testname
do
@ -721,24 +745,7 @@ ssl_policy()
# load the policy
policy=`echo ${policy} | sed -e 's;_; ;g'`
cat > ${P_R_CLIENTDIR}/pkcs11.txt << ++EOF++
library=
name=NSS Internal PKCS #11 Module
parameters=configdir='./client' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
++EOF++
echo "config=${policy}" >> ${P_R_CLIENTDIR}/pkcs11.txt
echo "" >> ${P_R_CLIENTDIR}/pkcs11.txt
echo "library=${DIST}/${OBJDIR}/lib/libnssckbi.so" >> ${P_R_CLIENTDIR}/pkcs11.txt >> ${P_R_CLIENTDIR}/pkcs11.txt
cat >> ${P_R_CLIENTDIR}/pkcs11.txt << ++EOF++
name=RootCerts
NSS=trustOrder=100
++EOF++
echo "******************************Testing with: "
cat ${P_R_CLIENTDIR}/pkcs11.txt
echo "******************************"
setup_policy "$policy"
echo "tstclnt -4 -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
echo " -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
@ -764,6 +771,54 @@ NSS=trustOrder=100
kill_selfserv
html "</TABLE><BR>"
}
list_enabled_suites()
{
echo "SSL_DIR=${P_R_CLIENTDIR} ${BINDIR}/listsuites"
SSL_DIR="${P_R_CLIENTDIR}" ${BINDIR}/listsuites | tail -n+3 | \
sed -n -e '/^TLS_/h' -e '/^ .*Enabled.*/{g;p}' | sed 's/:$//'
}
############################## ssl_policy_listsuites ###################
# local shell function to perform SSL Policy tests, using listsuites
########################################################################
ssl_policy_listsuites()
{
#verbose="-v"
html_head "SSL POLICY LISTSUITES $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE"
testname=""
sparam="$CIPHER_SUITES"
if [ ! -f "${P_R_CLIENTDIR}/pkcs11.txt" ] ; then
html_failed "${SCRIPTNAME}: ${P_R_CLIENTDIR} is not initialized"
return 1;
fi
echo "Saving pkcs11.txt"
cp ${P_R_CLIENTDIR}/pkcs11.txt ${P_R_CLIENTDIR}/pkcs11.txt.sav
# Disallow all explicitly
setup_policy "disallow=all"
RET_EXP=1
list_enabled_suites | grep '^TLS_'
RET=$?
html_msg $RET $RET_EXP "${testname}" \
"produced a returncode of $RET, expected is $RET_EXP"
# Disallow RSA in key exchange explicitly
setup_policy "disallow=rsa/ssl-key-exchange"
RET_EXP=1
list_enabled_suites | grep '^TLS_RSA_'
RET=$?
html_msg $RET $RET_EXP "${testname}" \
"produced a returncode of $RET, expected is $RET_EXP"
cp ${P_R_CLIENTDIR}/pkcs11.txt.sav ${P_R_CLIENTDIR}/pkcs11.txt
html "</TABLE><BR>"
}
############################# is_revoked ###############################
# local shell function to check if certificate is revoked
########################################################################
@ -1150,7 +1205,8 @@ ssl_run_tests()
case "${SSL_TEST}" in
"policy")
if [ "${TEST_MODE}" = "SHARED_DB" ] ; then
ssl_policy
ssl_policy_listsuites
ssl_policy
fi
;;
"crl")

7
security/nss/tests/ssl_gtests/ssl_gtests.sh
View File

@ -41,6 +41,7 @@ certscript() {
make_cert() {
name=$1
type=$2
unset type_args trust sign
case $type in
dsa) type_args='-g 1024' ;;
rsa) type_args='-g 1024' ;;
@ -51,6 +52,9 @@ make_cert() {
p521) type_args='-q secp521r1';type=ec ;;
rsa_ca) type_args='-g 1024';trust='CT,CT,CT';ca=y;type=rsa ;;
rsa_chain) type_args='-g 1024';sign='-c rsa_ca';type=rsa;;
rsapss_ca) type_args='-g 1024 --pss';trust='CT,CT,CT';ca=y;type=rsa ;;
rsapss_chain) type_args='-g 1024';sign='-c rsa_pss_ca';type=rsa;;
rsa_ca_rsapss_chain) type_args='-g 1024 --pss-sign';sign='-c rsa_ca';type=rsa;;
ecdh_rsa) type_args='-q nistp256';sign='-c rsa_ca';type=ec ;;
esac
shift 2
@ -87,6 +91,9 @@ ssl_gtest_certs() {
make_cert ecdh_ecdsa p256 kex
make_cert rsa_ca rsa_ca ca
make_cert rsa_chain rsa_chain sign
make_cert rsa_pss_ca rsapss_ca ca
make_cert rsa_pss_chain rsapss_chain sign
make_cert rsa_ca_rsa_pss_chain rsa_ca_rsapss_chain sign
make_cert ecdh_rsa ecdh_rsa kex
make_cert dsa dsa sign
}