Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-10 03:45:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ECC code landing.

Browse Source 
Contributed by Sheuling Chang, Stephen Fung, Vipul Gupta, Nils Gura,
and Douglas Stebila of Sun Labs
This commit is contained in:
ian.mcgreer%sun.com 2003-10-17 13:45:42 +00:00
parent 7931dd2ce8
commit 5c2c5888f9
180 changed files with 16881 additions and 1993 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

549
security/nss/cmd/bltest/blapitest.c
View File

@ -17,6 +17,7 @@
* Rights Reserved.
*
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
@ -47,6 +48,15 @@
#include "softoken.h"
#include "nss.h"
#ifdef NSS_ENABLE_ECC
#include "ecl-curve.h"
SECStatus EC_DecodeParams(const SECItem *encodedParams,
ECParams **ecparams);
SECStatus EC_CopyParams(PRArenaPool *arena, ECParams *dstParams,
const ECParams *srcParams);
SECStatus secoid_Init(void);
#endif
/* Temporary - add debugging ouput on windows for RSA to track QA failure */
#ifdef _WIN32
#define TRACK_BLTEST_BUG
@ -123,11 +133,34 @@ static void Usage()
PRINTUSAGE(progName, "-S -m mode", "Sign a buffer");
PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]");
PRINTUSAGE("", "", "[-b bufsize]");
#ifdef NSS_ENABLE_ECC
PRINTUSAGE("", "", "[-n curvename]");
#endif
PRINTUSAGE("", "", "[-p repetitions]");
PRINTUSAGE("", "-m", "cipher mode to use");
PRINTUSAGE("", "-i", "file which contains input buffer");
PRINTUSAGE("", "-o", "file for signature");
PRINTUSAGE("", "-k", "file which contains key");
#ifdef NSS_ENABLE_ECC
PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,");
PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
PRINTUSAGE("", "", " sect233r1, nistb233, sect239k1, sect283k1, nistk283,");
PRINTUSAGE("", "", " sect283r1, nistb283, sect409k1, nistk409, sect409r1,");
PRINTUSAGE("", "", " nistb409, sect571k1, nistk571, sect571r1, nistb571,");
PRINTUSAGE("", "", " secp169k1, secp160r1, secp160r2, secp192k1, secp192r1,");
PRINTUSAGE("", "", " nistp192, secp224k1, secp224r1, nistp224, secp256k1,");
PRINTUSAGE("", "", " secp256r1, nistp256, secp384r1, nistp384, secp521r1,");
PRINTUSAGE("", "", " nistp521, prime192v1, prime192v2, prime192v3,");
PRINTUSAGE("", "", " prime239v1, prime239v2, prime239v3, c2pnb163v1,");
PRINTUSAGE("", "", " c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,");
PRINTUSAGE("", "", " c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,");
PRINTUSAGE("", "", " c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,");
PRINTUSAGE("", "", " c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,");
PRINTUSAGE("", "", " c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,");
PRINTUSAGE("", "", " secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,");
PRINTUSAGE("", "", " sect131r1, sect131r2");
#endif
PRINTUSAGE("", "-p", "do performance test");
fprintf(stderr, "\n");
PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer");
@ -291,23 +324,28 @@ serialize_key(SECItem *it, int ni, PRFileDesc *file)
}
void
key_from_filedata(PRArenaPool *arena, SECItem *it, int ni, SECItem *filedata)
key_from_filedata(PRArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata)
{
int fpos = 0;
int i;
int i, len;
unsigned char *buf = filedata->data;
for (i=0; i<ni; i++, it++) {
it->len = (buf[fpos++] & 0xff) << 24;
it->len |= (buf[fpos++] & 0xff) << 16;
it->len |= (buf[fpos++] & 0xff) << 8;
it->len |= (buf[fpos++] & 0xff);
if (it->len > 0) {
it->data = PORT_ArenaAlloc(arena, it->len);
PORT_Memcpy(it->data, &buf[fpos], it->len);
} else {
it->data = NULL;
for (i=0; i<ni; i++) {
len = (buf[fpos++] & 0xff) << 24;
len |= (buf[fpos++] & 0xff) << 16;
len |= (buf[fpos++] & 0xff) << 8;
len |= (buf[fpos++] & 0xff);
if (ns <= i) {
if (len > 0) {
it->len = len;
it->data = PORT_ArenaAlloc(arena, it->len);
PORT_Memcpy(it->data, &buf[fpos], it->len);
} else {
it->len = 0;
it->data = NULL;
}
it++;
}
fpos += it->len;
fpos += len;
}
}
@ -319,7 +357,7 @@ rsakey_from_filedata(SECItem *filedata)
arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey));
key->arena = arena;
key_from_filedata(arena, &key->version, 9, filedata);
key_from_filedata(arena, &key->version, 0, 9, filedata);
return key;
}
@ -331,7 +369,7 @@ pqg_from_filedata(SECItem *filedata)
arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
pqg = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
pqg->arena = arena;
key_from_filedata(arena, &pqg->prime, 3, filedata);
key_from_filedata(arena, &pqg->prime, 0, 3, filedata);
return pqg;
}
@ -343,10 +381,166 @@ dsakey_from_filedata(SECItem *filedata)
arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey));
key->params.arena = arena;
key_from_filedata(arena, &key->params.prime, 5, filedata);
key_from_filedata(arena, &key->params.prime, 0, 5, filedata);
return key;
}
#ifdef NSS_ENABLE_ECC
static ECPrivateKey *
eckey_from_filedata(SECItem *filedata)
{
ECPrivateKey *key;
PRArenaPool *arena;
SECStatus rv;
ECParams *tmpECParams = NULL;
arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey));
/* read and convert params */
key->ecParams.arena = arena;
key_from_filedata(arena, &key->ecParams.DEREncoding, 0, 1, filedata);
rv = secoid_Init();
CHECKERROR(rv, __LINE__);
rv = EC_DecodeParams(&key->ecParams.DEREncoding, &tmpECParams);
CHECKERROR(rv, __LINE__);
rv = EC_CopyParams(key->ecParams.arena, &key->ecParams, tmpECParams);
CHECKERROR(rv, __LINE__);
rv = SECOID_Shutdown();
CHECKERROR(rv, __LINE__);
PORT_FreeArena(tmpECParams->arena, PR_TRUE);
/* read key */
key_from_filedata(arena, &key->publicValue, 1, 3, filedata);
return key;
}
typedef struct curveNameTagPairStr {
char *curveName;
SECOidTag curveOidTag;
} CurveNameTagPair;
#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */
static CurveNameTagPair nameTagPair[] =
{
{ "sect163k1", SEC_OID_SECG_EC_SECT163K1},
{ "nistk163", SEC_OID_SECG_EC_SECT163K1},
{ "sect163r1", SEC_OID_SECG_EC_SECT163R1},
{ "sect163r2", SEC_OID_SECG_EC_SECT163R2},
{ "nistb163", SEC_OID_SECG_EC_SECT163R2},
{ "sect193r1", SEC_OID_SECG_EC_SECT193R1},
{ "sect193r2", SEC_OID_SECG_EC_SECT193R2},
{ "sect233k1", SEC_OID_SECG_EC_SECT233K1},
{ "nistk233", SEC_OID_SECG_EC_SECT233K1},
{ "sect233r1", SEC_OID_SECG_EC_SECT233R1},
{ "nistb233", SEC_OID_SECG_EC_SECT233R1},
{ "sect239k1", SEC_OID_SECG_EC_SECT239K1},
{ "sect283k1", SEC_OID_SECG_EC_SECT283K1},
{ "nistk283", SEC_OID_SECG_EC_SECT283K1},
{ "sect283r1", SEC_OID_SECG_EC_SECT283R1},
{ "nistb283", SEC_OID_SECG_EC_SECT283R1},
{ "sect409k1", SEC_OID_SECG_EC_SECT409K1},
{ "nistk409", SEC_OID_SECG_EC_SECT409K1},
{ "sect409r1", SEC_OID_SECG_EC_SECT409R1},
{ "nistb409", SEC_OID_SECG_EC_SECT409R1},
{ "sect571k1", SEC_OID_SECG_EC_SECT571K1},
{ "nistk571", SEC_OID_SECG_EC_SECT571K1},
{ "sect571r1", SEC_OID_SECG_EC_SECT571R1},
{ "nistb571", SEC_OID_SECG_EC_SECT571R1},
{ "secp160k1", SEC_OID_SECG_EC_SECP160K1},
{ "secp160r1", SEC_OID_SECG_EC_SECP160R1},
{ "secp160r2", SEC_OID_SECG_EC_SECP160R2},
{ "secp192k1", SEC_OID_SECG_EC_SECP192K1},
{ "secp192r1", SEC_OID_SECG_EC_SECP192R1},
{ "nistp192", SEC_OID_SECG_EC_SECP192R1},
{ "secp224k1", SEC_OID_SECG_EC_SECP224K1},
{ "secp224r1", SEC_OID_SECG_EC_SECP224R1},
{ "nistp224", SEC_OID_SECG_EC_SECP224R1},
{ "secp256k1", SEC_OID_SECG_EC_SECP256K1},
{ "secp256r1", SEC_OID_SECG_EC_SECP256R1},
{ "nistp256", SEC_OID_SECG_EC_SECP256R1},
{ "secp384r1", SEC_OID_SECG_EC_SECP384R1},
{ "nistp384", SEC_OID_SECG_EC_SECP384R1},
{ "secp521r1", SEC_OID_SECG_EC_SECP521R1},
{ "nistp521", SEC_OID_SECG_EC_SECP521R1},
{ "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
{ "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
{ "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
{ "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
{ "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
{ "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
{ "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
{ "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
{ "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
{ "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
{ "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
{ "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
{ "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
{ "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
{ "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
{ "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
{ "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
{ "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
{ "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
{ "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
{ "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
{ "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
{ "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
{ "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
{ "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
{ "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
{ "secp112r1", SEC_OID_SECG_EC_SECP112R1},
{ "secp112r2", SEC_OID_SECG_EC_SECP112R2},
{ "secp128r1", SEC_OID_SECG_EC_SECP128R1},
{ "secp128r2", SEC_OID_SECG_EC_SECP128R2},
{ "sect113r1", SEC_OID_SECG_EC_SECT113R1},
{ "sect113r2", SEC_OID_SECG_EC_SECT113R2},
{ "sect131r1", SEC_OID_SECG_EC_SECT131R1},
{ "sect131r2", SEC_OID_SECG_EC_SECT131R2},
};
static SECKEYECParams *
getECParams(char *curve)
{
SECKEYECParams *ecparams;
SECOidData *oidData = NULL;
SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
int i, numCurves;
if (curve != NULL) {
numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
i++) {
if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
curveOidTag = nameTagPair[i].curveOidTag;
}
}
/* Return NULL if curve name is not recognized */
if ((curveOidTag == SEC_OID_UNKNOWN) ||
(oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
return NULL;
}
ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
/*
* ecparams->data needs to contain the ASN encoding of an object ID (OID)
* representing the named curve. The actual OID is in
* oidData->oid.data so we simply prepend 0x06 and OID length
*/
ecparams->data[0] = SEC_ASN1_OBJECT_ID;
ecparams->data[1] = oidData->oid.len;
memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len);
return ecparams;
}
#endif /* NSS_ENABLE_ECC */
static void
dump_pqg(PQGParams *pqg)
{
@ -363,6 +557,23 @@ dump_dsakey(DSAPrivateKey *key)
SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
}
#ifdef NSS_ENABLE_ECC
static void
dump_ecp(ECParams *ecp)
{
/* TODO other fields */
SECU_PrintInteger(stdout, &ecp->base, "BASE POINT:", 0);
}
static void
dump_eckey(ECPrivateKey *key)
{
dump_ecp(&key->ecParams);
SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0);
SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
}
#endif
static void
dump_rsakey(RSAPrivateKey *key)
{
@ -421,7 +632,10 @@ typedef enum {
bltestAES_ECB, /* . */
bltestAES_CBC, /* . */
bltestRSA, /* Public Key Ciphers */
bltestDSA, /* . (Public Key Sig.) */
#ifdef NSS_ENABLE_ECC
bltestECDSA, /* . (Public Key Sig.) */
#endif
bltestDSA, /* . */
bltestMD2, /* Hash algorithms */
bltestMD5, /* . */
bltestSHA1, /* . */
@ -445,6 +659,9 @@ static char *mode_strings[] =
"aes_ecb",
"aes_cbc",
"rsa",
#ifdef NSS_ENABLE_ECC
"ecdsa",
#endif
/*"pqg",*/
"dsa",
"md2",
@ -488,6 +705,17 @@ typedef struct
DSAPrivateKey *dsakey;
} bltestDSAParams;
#ifdef NSS_ENABLE_ECC
typedef struct
{
bltestIO key;
char *curveName;
bltestIO sigseed;
bltestIO sig; /* if doing verify, have additional input */
ECPrivateKey *eckey;
} bltestECDSAParams;
#endif
typedef struct
{
bltestIO key; /* unused */
@ -501,6 +729,9 @@ typedef union
bltestRC5Params rc5;
bltestRSAParams rsa;
bltestDSAParams dsa;
#ifdef NSS_ENABLE_ECC
bltestECDSAParams ecdsa;
#endif
bltestHashParams hash;
} bltestParams;
@ -560,7 +791,11 @@ PRBool
is_sigCipher(bltestCipherMode mode)
{
/* change as needed! */
#ifdef NSS_ENABLE_ECC
if (mode >= bltestECDSA && mode <= bltestDSA)
#else
if (mode >= bltestDSA && mode <= bltestDSA)
#endif
return PR_TRUE;
return PR_FALSE;
}
@ -829,6 +1064,20 @@ dsa_verifyDigest(void *key, SECItem *output, const SECItem *input)
return DSA_VerifyDigest((DSAPublicKey *)key, output, input);
}
#ifdef NSS_ENABLE_ECC
SECStatus
ecdsa_signDigest(void *key, SECItem *output, const SECItem *input)
{
return ECDSA_SignDigest((ECPrivateKey *)key, output, input);
}
SECStatus
ecdsa_verifyDigest(void *key, SECItem *output, const SECItem *input)
{
return ECDSA_VerifyDigest((ECPublicKey *)key, output, input);
}
#endif
SECStatus
bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
@ -1125,6 +1374,74 @@ bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
return SECSuccess;
}
#ifdef NSS_ENABLE_ECC
SECStatus
bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
int i;
ECPrivateKey **dummyKey;
PRIntervalTime time1, time2;
bltestECDSAParams *ecdsap = &cipherInfo->params.ecdsa;
/* ECDSA key gen was done during parameter setup */
cipherInfo->cx = cipherInfo->params.ecdsa.eckey;
/* For performance testing */
if (cipherInfo->cxreps > 0) {
/* Create space for n private key objects */
dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
sizeof(ECPrivateKey *));
/* Time n keygens, storing in the array */
TIMESTART();
for (i=0; i<cipherInfo->cxreps; i++) {
EC_NewKey(&ecdsap->eckey->ecParams, &dummyKey[i]);
}
TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
/* Free the n key objects */
for (i=0; i<cipherInfo->cxreps; i++)
PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE);
PORT_Free(dummyKey);
}
if (!cipherInfo->cx && ecdsap->key.buf.len > 0) {
cipherInfo->cx = eckey_from_filedata(&ecdsap->key.buf);
}
if (encrypt) {
cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
} else {
/* Have to convert private key to public key. Memory
* is freed with private key's arena */
ECPublicKey *pubkey;
ECPrivateKey *key = (ECPrivateKey *)cipherInfo->cx;
pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,
sizeof(ECPublicKey));
pubkey->ecParams.type = key->ecParams.type;
pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size;
pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type;
pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len;
pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data;
pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1;
pubkey->ecParams.fieldID.k2 = key->ecParams.fieldID.k2;
pubkey->ecParams.fieldID.k3 = key->ecParams.fieldID.k3;
pubkey->ecParams.curve.a.len = key->ecParams.curve.a.len;
pubkey->ecParams.curve.a.data = key->ecParams.curve.a.data;
pubkey->ecParams.curve.b.len = key->ecParams.curve.b.len;
pubkey->ecParams.curve.b.data = key->ecParams.curve.b.data;
pubkey->ecParams.curve.seed.len = key->ecParams.curve.seed.len;
pubkey->ecParams.curve.seed.data = key->ecParams.curve.seed.data;
pubkey->ecParams.base.len = key->ecParams.base.len;
pubkey->ecParams.base.data = key->ecParams.base.data;
pubkey->ecParams.order.len = key->ecParams.order.len;
pubkey->ecParams.order.data = key->ecParams.order.data;
pubkey->ecParams.cofactor = key->ecParams.cofactor;
pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len;
pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data;
pubkey->ecParams.name= key->ecParams.name;
pubkey->publicValue.len = key->publicValue.len;
pubkey->publicValue.data = key->publicValue.data;
cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
}
return SECSuccess;
}
#endif
/* XXX unfortunately, this is not defined in blapi.h */
SECStatus
md2_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
@ -1374,12 +1691,22 @@ finish:
SECStatus
pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
#ifdef NSS_ENABLE_ECC
int keysize, int exponent, char *curveName)
#else
int keysize, int exponent)
#endif
{
int i;
SECStatus rv = SECSuccess;
bltestRSAParams *rsap;
bltestDSAParams *dsap;
#ifdef NSS_ENABLE_ECC
bltestECDSAParams *ecdsap;
SECItem *tmpECParamsDER;
ECParams *tmpECParams = NULL;
SECItem ecSerialize[3];
#endif
switch (cipherInfo->mode) {
case bltestRSA:
rsap = &cipherInfo->params.rsa;
@ -1412,6 +1739,37 @@ pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
dsap->j = PQG_PBITS_TO_INDEX(8*dsap->dsakey->params.prime.len);
}
break;
#ifdef NSS_ENABLE_ECC
case bltestECDSA:
ecdsap = &cipherInfo->params.ecdsa;
if (curveName != NULL) {
tmpECParamsDER = getECParams(curveName);
rv = secoid_Init();
CHECKERROR(rv, __LINE__);
rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure;
CHECKERROR(rv, __LINE__);
rv = EC_NewKey(tmpECParams, &ecdsap->eckey);
CHECKERROR(rv, __LINE__);
ecSerialize[0].type = tmpECParamsDER->type;
ecSerialize[0].data = tmpECParamsDER->data;
ecSerialize[0].len = tmpECParamsDER->len;
ecSerialize[1].type = ecdsap->eckey->publicValue.type;
ecSerialize[1].data = ecdsap->eckey->publicValue.data;
ecSerialize[1].len = ecdsap->eckey->publicValue.len;
ecSerialize[2].type = ecdsap->eckey->privateValue.type;
ecSerialize[2].data = ecdsap->eckey->privateValue.data;
ecSerialize[2].len = ecdsap->eckey->privateValue.len;
serialize_key(&(ecSerialize[0]), 3, file);
free(tmpECParamsDER);
PORT_FreeArena(tmpECParams->arena, PR_TRUE);
rv = SECOID_Shutdown();
CHECKERROR(rv, __LINE__);
} else {
setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0);
ecdsap->eckey = eckey_from_filedata(&cipherInfo->params.key.buf);
}
break;
#endif
default:
return SECFailure;
}
@ -1466,6 +1824,13 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
DSA_SIGNATURE_LEN);
return bltest_dsa_init(cipherInfo, encrypt);
break;
#ifdef NSS_ENABLE_ECC
case bltestECDSA:
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
2 * MAX_ECKEY_LEN);
return bltest_ecdsa_init(cipherInfo, encrypt);
break;
#endif
case bltestMD2:
restart = cipherInfo->params.hash.restart;
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
@ -1573,6 +1938,66 @@ dsaOp(bltestCipherInfo *cipherInfo)
return rv;
}
#ifdef NSS_ENABLE_ECC
SECStatus
ecdsaOp(bltestCipherInfo *cipherInfo)
{
PRIntervalTime time1, time2;
SECStatus rv = SECSuccess;
int i;
int maxLen = cipherInfo->output.pBuf.len;
SECItem dummyOut = { 0, 0, 0 };
SECITEM_AllocItem(NULL, &dummyOut, maxLen);
if (cipherInfo->cipher.pubkeyCipher == ecdsa_signDigest) {
if (cipherInfo->params.ecdsa.sigseed.buf.len > 0) {
rv = ECDSA_SignDigestWithSeed((ECPrivateKey *)cipherInfo->cx,
&cipherInfo->output.pBuf,
&cipherInfo->input.pBuf,
cipherInfo->params.ecdsa.sigseed.buf.data,
cipherInfo->params.ecdsa.sigseed.buf.len);
CHECKERROR(rv, __LINE__);
TIMESTART();
for (i=0; i<cipherInfo->repetitions; i++) {
rv |= ECDSA_SignDigestWithSeed((ECPrivateKey *)cipherInfo->cx,
&dummyOut,
&cipherInfo->input.pBuf,
cipherInfo->params.ecdsa.sigseed.buf.data,
cipherInfo->params.ecdsa.sigseed.buf.len);
}
TIMEFINISH(cipherInfo->optime, 1.0);
CHECKERROR(rv, __LINE__);
} else {
rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx,
&cipherInfo->output.pBuf,
&cipherInfo->input.pBuf);
CHECKERROR(rv, __LINE__);
TIMESTART();
for (i=0; i<cipherInfo->repetitions; i++) {
ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx, &dummyOut,
&cipherInfo->input.pBuf);
}
TIMEFINISH(cipherInfo->optime, 1.0);
}
bltestCopyIO(cipherInfo->arena, &cipherInfo->params.ecdsa.sig,
&cipherInfo->output);
} else {
rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx,
&cipherInfo->params.ecdsa.sig.buf,
&cipherInfo->input.pBuf);
CHECKERROR(rv, __LINE__);
TIMESTART();
for (i=0; i<cipherInfo->repetitions; i++) {
ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx,
&cipherInfo->params.ecdsa.sig.buf,
&cipherInfo->input.pBuf);
}
TIMEFINISH(cipherInfo->optime, 1.0);
}
SECITEM_FreeItem(&dummyOut, PR_FALSE);
return rv;
}
#endif
SECStatus
cipherDoOp(bltestCipherInfo *cipherInfo)
{
@ -1583,6 +2008,10 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
unsigned char *dummyOut;
if (cipherInfo->mode == bltestDSA)
return dsaOp(cipherInfo);
#ifdef NSS_ENABLE_ECC
else if (cipherInfo->mode == bltestECDSA)
return ecdsaOp(cipherInfo);
#endif
dummyOut = PORT_Alloc(maxLen);
if (is_symmkeyCipher(cipherInfo->mode)) {
rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx,
@ -1657,6 +2086,9 @@ cipherFinish(bltestCipherInfo *cipherInfo)
#endif
case bltestRSA: /* keys are alloc'ed within cipherInfo's arena, */
case bltestDSA: /* will be freed with it. */
#ifdef NSS_ENABLE_ECC
case bltestECDSA:
#endif
case bltestMD2: /* hash contexts are ephemeral */
case bltestMD5:
case bltestSHA1:
@ -1733,6 +2165,14 @@ print_td:
else
fprintf(stdout, "%8d", PQG_INDEX_TO_PBITS(info->params.dsa.j));
break;
#ifdef NSS_ENABLE_ECC
case bltestECDSA:
if (td)
fprintf(stdout, "%12s", "ec_curve");
else
fprintf(stdout, "%12s", ecCurve_map[info->params.ecdsa.eckey->ecParams.name]->text);
break;
#endif
case bltestMD2:
case bltestMD5:
case bltestSHA1:
@ -1877,6 +2317,18 @@ get_params(PRArenaPool *arena, bltestParams *params,
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
load_file_data(arena, &params->dsa.sig, filename, bltestBase64Encoded);
break;
#ifdef NSS_ENABLE_ECC
case bltestECDSA:
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
load_file_data(arena, &params->ecdsa.key, filename, bltestBase64Encoded);
params->ecdsa.eckey = eckey_from_filedata(&params->key.buf);
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
load_file_data(arena, &params->ecdsa.sigseed, filename,
bltestBase64Encoded);
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
load_file_data(arena, &params->ecdsa.sig, filename, bltestBase64Encoded);
break;
#endif
case bltestMD2:
case bltestMD5:
case bltestSHA1:
@ -1945,7 +2397,7 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
bltestIO pt, ct;
bltestCipherMode mode;
bltestParams *params;
int i, j, nummodes;
int i, j, nummodes, numtests;
char *modestr;
char filename[256];
PRFileDesc *file;
@ -1993,7 +2445,12 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
#endif
PR_Close(file);
/* loop over the tests in the directory */
for (j=0; j<(int)(item.data[0] - '0'); j++) { /* XXX bug when > 10 */
numtests = (int) (item.data[0] - '0');
for (j=1; j<item.len - 1; j++) {
numtests *= 10;
numtests += (int) (item.data[j] - '0');
}
for (j=0; j<numtests; j++) {
#ifdef TRACK_BLTEST_BUG
if (mode == bltestRSA) {
fprintf(stderr, "[%s] Executing self-test #%d\n", __bltDBG, j);
@ -2001,8 +2458,13 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
#endif
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
"plaintext", j);
load_file_data(arena, &pt, filename, (mode == bltestDSA) ?
bltestBase64Encoded : bltestBinary);
load_file_data(arena, &pt, filename,
#ifdef NSS_ENABLE_ECC
((mode == bltestDSA) || (mode == bltestECDSA))
#else
(mode == bltestDSA)
#endif
? bltestBase64Encoded : bltestBinary);
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
"ciphertext", j);
load_file_data(arena, &ct, filename, bltestBase64Encoded);
@ -2066,7 +2528,11 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
** Align the input buffer (ciphertext) according to request
** then perform operation and compare to plaintext
*/
#ifdef NSS_ENABLE_ECC
if ((mode != bltestDSA) && (mode != bltestECDSA))
#else
if (mode != bltestDSA)
#endif
bltestCopyIO(arena, &cipherInfo.input, &ct);
else
bltestCopyIO(arena, &cipherInfo.input, &pt);
@ -2127,6 +2593,13 @@ dump_file(bltestCipherMode mode, char *filename)
load_file_data(arena, &keydata, filename, bltestBase64Encoded);
key = dsakey_from_filedata(&keydata.buf);
dump_dsakey(key);
#ifdef NSS_ENABLE_ECC
} else if (mode == bltestECDSA) {
ECPrivateKey *key;
load_file_data(arena, &keydata, filename, bltestBase64Encoded);
key = eckey_from_filedata(&keydata.buf);
dump_eckey(key);
#endif
}
PORT_FreeArena(arena, PR_FALSE);
return SECFailure;
@ -2160,6 +2633,9 @@ enum {
opt_Key,
opt_HexWSpc,
opt_Mode,
#ifdef NSS_ENABLE_ECC
opt_CurveName,
#endif
opt_Output,
opt_Repetitions,
opt_ZeroBuf,
@ -2206,6 +2682,9 @@ static secuCommandFlag bltest_options[] =
{ /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE },
{ /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE },
{ /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE },
#ifdef NSS_ENABLE_ECC
{ /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE },
#endif
{ /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE },
{ /* opt_Repetitions */ 'p', PR_TRUE, 0, PR_FALSE },
{ /* opt_ZeroBuf */ 'q', PR_FALSE, 0, PR_FALSE },
@ -2236,6 +2715,9 @@ int main(int argc, char **argv)
PRArenaPool *arena;
bltestIOMode ioMode;
int keysize, bufsize, exponent;
#ifdef NSS_ENABLE_ECC
char *curveName = NULL;
#endif
int i, commandsEntered;
int inoff, outoff;
@ -2397,6 +2879,13 @@ int main(int argc, char **argv)
else
exponent = 65537;
#ifdef NSS_ENABLE_ECC
if (bltest.options[opt_CurveName].activated)
curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
else
curveName = NULL;
#endif
/* Set up an encryption key. */
keysize = 0;
file = NULL;
@ -2431,7 +2920,11 @@ int main(int argc, char **argv)
file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660);
}
params->key.mode = bltestBase64Encoded;
#ifdef NSS_ENABLE_ECC
pubkeyInitKey(&cipherInfo, file, keysize, exponent, curveName);
#else
pubkeyInitKey(&cipherInfo, file, keysize, exponent);
#endif
PR_Close(file);
}
@ -2468,9 +2961,17 @@ int main(int argc, char **argv)
exit(-1);
}
file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660);
memset(&cipherInfo.params.dsa.sig, 0, sizeof(bltestIO));
cipherInfo.params.dsa.sig.mode = ioMode;
setupIO(cipherInfo.arena, &cipherInfo.params.dsa.sig, file, NULL, 0);
if (cipherInfo.mode == bltestDSA) {
memset(&cipherInfo.params.dsa.sig, 0, sizeof(bltestIO));
cipherInfo.params.dsa.sig.mode = ioMode;
setupIO(cipherInfo.arena, &cipherInfo.params.dsa.sig, file, NULL, 0);
#ifdef NSS_ENABLE_ECC
} else if (cipherInfo.mode == bltestECDSA) {
memset(&cipherInfo.params.ecdsa.sig, 0, sizeof(bltestIO));
cipherInfo.params.ecdsa.sig.mode = ioMode;
setupIO(cipherInfo.arena, &cipherInfo.params.ecdsa.sig, file, NULL, 0);
#endif
}
}
if (bltest.options[opt_PQGFile].activated) {

6
security/nss/cmd/bltest/manifest.mn
View File

@ -34,7 +34,7 @@ CORE_DEPTH = ../../..
MODULE = nss
REQUIRES = seccmd dbm
REQUIRES = seccmd dbm softoken
INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken
@ -52,3 +52,7 @@ CSRCS = \
blapitest.c \
$(NULL)
ifdef NSS_ENABLE_ECC
DEFINES += -DNSS_ENABLE_ECC
endif

22
security/nss/cmd/bltest/tests/ecdsa/README Normal file
View File

@ -0,0 +1,22 @@
0 secp160k1
1 secp160r1
2 secp160r2
3 nistk163
4 sect163r1
5 nistb163
6 secp192k1
7 nistp192
8 secp224k1
9 nistp224
10 nistk233
11 nistb233
12 nistp256
13 nistk283
14 nistb283
15 nistp384
16 nistk409
17 nistb409
18 nistk571
19 nistb571
# the following tests are not yet implemented
#20 nistp521

1
security/nss/cmd/bltest/tests/ecdsa/ciphertext0 Normal file
View File

@ -0,0 +1 @@
GoWqve3YezF7HOABQjioFL/3oq32oM9pHsGTQTJE7aFE62nItVqAdg==

1
security/nss/cmd/bltest/tests/ecdsa/ciphertext1 Normal file
View File

@ -0,0 +1 @@
PM6xHbiwP6Xcb44mg7BHtaJvd8PkxgvHAB1sh2cF0so3naFf0Tj6vQ==

2
security/nss/cmd/bltest/tests/ecdsa/ciphertext10 Normal file
View File

@ -0,0 +1,2 @@
AF3bbyED08NTrUgKmag9HiuUbaW0skXA/Bp9RPjRAD6M0rp3nvLDKozI940jxPP1
nWpHF7VcyCVzJeV6

2
security/nss/cmd/bltest/tests/ecdsa/ciphertext11 Normal file
View File

@ -0,0 +1,2 @@
AOLrxy4FWd29ToUjOwLs6GyQ+dYZN6NkZ8oVO6dsAEXt55ePlCWZbOtmk6v9PrNG
JOsY/MHnGhDeAGRl

2
security/nss/cmd/bltest/tests/ecdsa/ciphertext12 Normal file
View File

@ -0,0 +1,2 @@
aQHMte9cFByD9Ff3rZOPOtPI75luPoxemmgjXIgh/9jEeoTdDk8xuAYQUkayCfs+
DpDaGnOLkfAyZ8GcuaCujg==

2
security/nss/cmd/bltest/tests/ecdsa/ciphertext13 Normal file
View File

@ -0,0 +1,2 @@
AaeVCRJQPbpTqa1+zLd/8xAbkz3KKTr0dlS4tuGC8hc9j5esAeEv+7IklbA3v5Jz
jC+nJy4p81iNO5E9H8nfGGckfQSiFzHG

2
security/nss/cmd/bltest/tests/ecdsa/ciphertext14 Normal file
View File

@ -0,0 +1,2 @@
AgU0N7zJPg/1UxmCWD5Z+DqDqkRKjy4heFgayCyopb/u4XErAZArgsjashAxzMKC
PSDJasPT90T5Va8sNtjXtSpHWxc2roV9

2
security/nss/cmd/bltest/tests/ecdsa/ciphertext15 Normal file
View File

@ -0,0 +1,2 @@
NXo8is+7lAoOwWGt7+GBbT/UX8LGs8TXEHBI+tX9311pJ4J3pfBYobgN0ZK6ZBtp
dS6PkrPaQp0S9nrfTOS5uAH95eD1eymRfCbOnjTUKzLuIn53V17vRjdcDtLzrhzX

3
security/nss/cmd/bltest/tests/ecdsa/ciphertext16 Normal file
View File

@ -0,0 +1,3 @@
ADhxjBz/ACTy4GJlL0tYZpyNpC4DsXND9lJuU7x9N7g6gkpJyBPw3vBYU1olw6PH
dnegpgAm4Gh6MCsZB4KBcLwl1wjt4B3p2eqEqDYn5fiie5f4XuRomvI92jR5Sb+I
nBLCHIppt/Q=

3
security/nss/cmd/bltest/tests/ecdsa/ciphertext17 Normal file
View File

@ -0,0 +1,3 @@
AGhHQ6kfdZRgu1svQTXEIewvFVglnUy6ANPumyUbM14AEfRkCUNa1uzvhV1sbWYj
qT3egQCA9MTjThDNJeDOvvL6hVVOryUv4+C3RtkpQGCtdml+CSsjVTej8h9JbMds
Dme40b2G6fE=

3
security/nss/cmd/bltest/tests/ecdsa/ciphertext18 Normal file
View File

@ -0,0 +1,3 @@
AGBuqk48tufy0bKEWpu+xEHsmi+6KCfdwOSRwLDnpVetGe9AWknHDzeTSwe0QxcE
RsEkUZGDpxfzUlCLSSSU+ErrYY/uyLV2AJTb3prB6A2YNwdmFGeRbDoxeOu7FuQA
3gxBQhR+TGMuskeM+BdHFmFrwvTTdHCGzjTBa5S8mbgEJTfeik/it28T/9i+duZ8

3
security/nss/cmd/bltest/tests/ecdsa/ciphertext19 Normal file
View File

@ -0,0 +1,3 @@
AaiotJfCiWU1d2LFe+t0CcWHDSF7EOlApWYJ+RNRSq8TbkXJIzi6abbb7BovtRwf
i/COYwjS7OnkFQ6x5Pdrb7OZ0dTAdDRXAKtXWSKR20Y4fhnx/HUxisFwKrsCEQ3O
uVtwDG8rh5V8zjBnCEcs5Iy9CsklucibR0PIyglVmW+ZuY42YNebuOC2VUKqHNF7

1
security/nss/cmd/bltest/tests/ecdsa/ciphertext2 Normal file
View File

@ -0,0 +1 @@
Vli8Hau3xL8oder6ZdM9Y3fMd92jbguiMq6F+9CUjlUQXy5EwAVGeg==

3
security/nss/cmd/bltest/tests/ecdsa/ciphertext20 Normal file
View File

@ -0,0 +1,3 @@
ALAM5hGnex7TvBbSEzDlfv+n5g7aWyRyZsBbl2Y6wW1plSovbq2GcV6w1ZV1Vlot
70zbqkKyNApvTi3xoD4Ens6pAeLMYDILwaQhnyJZWQv3etbWqUKJZNgfH1IDj03k
n9hbjYLX3y4bc4CnrhOiv5Ab34s7M8wUYcjC+DbHwhLl/S6N

1
security/nss/cmd/bltest/tests/ecdsa/ciphertext3 Normal file
View File

@ -0,0 +1 @@
AFohw5TN/dpmqbhp/T4z1Rl1boAUA6r9eEPJbYN0zf+eHZzyvezxqjxU

1
security/nss/cmd/bltest/tests/ecdsa/ciphertext4 Normal file
View File

@ -0,0 +1 @@
AtJdCPXn5yQW34jekhsnsNmaMOeeA3KIVl1d2+7pb6QycUAzYccgwSrp

1
security/nss/cmd/bltest/tests/ecdsa/ciphertext5 Normal file
View File

@ -0,0 +1 @@
AzEg0sOGHwxd0o3cv+o9dsRPOzXMAdpgtI6O0uUmVN2+a5qI5FYQlItz

1
security/nss/cmd/bltest/tests/ecdsa/ciphertext6 Normal file
View File

@ -0,0 +1 @@
5+HDXH/ieN8Bzxd3dfxKZoqbbhsm7jyeqWdemt6Xy0kx+7zwSYsh9Ng5KRdy6wtA

1
security/nss/cmd/bltest/tests/ecdsa/ciphertext7 Normal file
View File

@ -0,0 +1 @@
WcS9umnUASP0X6lHvkWJwPY37ZVvAMLBERHLjL3Vzg6QVjwcS8kDVortTFei3aTx

2
security/nss/cmd/bltest/tests/ecdsa/ciphertext8 Normal file
View File

@ -0,0 +1,2 @@
ItpmPaGAaoe2feXPbh5+EASLGnEzyYbEnwJ+JFNSOQcoY4a/cMV2rn8FYyBsEDiZ
LPDBU0i2uOg=

2
security/nss/cmd/bltest/tests/ecdsa/ciphertext9 Normal file
View File

@ -0,0 +1,2 @@
QjzCVGRUjulOLqeBqC5xpY0GWomOrmQUCtImY0czn98a/jHrdgsSRKiMHukBUxM1
TIRGjkV2L+A=

2
security/nss/cmd/bltest/tests/ecdsa/key0 Normal file
View File

@ -0,0 +1,2 @@
AAAABwYFK4EEAAkAAAApBPiF0ntSFtn41JULxlA1l/lHE/zUPGJWkCqtdOryS6yD
WFCoF/IHwHsAAAAUcw+b2b1AJUlmezgu5EjmAGPC0YQ=

2
security/nss/cmd/bltest/tests/ecdsa/key1 Normal file
View File

@ -0,0 +1,2 @@
AAAABwYFK4EEAAgAAAApBI80VWK9xatmkFRiDTcdeFQ0T9h3h6iVOinMURyWZw0T
5vZqd8/gvwwAAAAUYOQMjDdtNSL5zY0nVWPWY+UJoqQ=

3
security/nss/cmd/bltest/tests/ecdsa/key10 Normal file
View File

@ -0,0 +1,3 @@
AAAABwYFK4EEABoAAAA9BACmzalMQJBOWV2FoyV0tXSpT07Xajq4bB1SUwSY7QGn
dgGC3GBqjPs9vEpqfMMQ2M9k3+5oubWnexNFhQAAAB4BRha/6sE7VSHl92ZqCj5p
LYtBpK23jzfdVWO8SAY=

3
security/nss/cmd/bltest/tests/ecdsa/key11 Normal file
View File

@ -0,0 +1,3 @@
AAAABwYFK4EEABsAAAA9BAD2/x9HSYYVEQ9AU4MivlIKPypJjsm0sTrp8BftlQGv
KaYrKpZCg/CEw3C2kqvke7HAu+10hafK9asRxQAAAB4AXyFCurtsXhahkyJpkb5J
LUg3xVL00vviR0KyFZY=

3
security/nss/cmd/bltest/tests/ecdsa/key12 Normal file
View File

@ -0,0 +1,3 @@
AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX
NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a
7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ=

3
security/nss/cmd/bltest/tests/ecdsa/key13 Normal file
View File

@ -0,0 +1,3 @@
AAAABwYFK4EEABAAAABJBAT3klWkt7+1Pr6QGEcvEIZplopwt1alrsJUThDOxvUF
7KvBpQLVjB+DQTwYQnEREb/WFyRgUBuIbII0+zd/g0fLHE4PQ8SNlAAAACQFPsMX
mqSVRreUVasUOIZQFB2jnpwCUyoq+xa9SRril5LeOCY=

3
security/nss/cmd/bltest/tests/ecdsa/key14 Normal file
View File

@ -0,0 +1,3 @@
AAAABwYFK4EEABEAAABJBAf/ei/XCrFrMZLBp5BFkKZ3Odn+ZJu7QIAK32Ubuxmi
xgWTewf2vv+KY5kHwsBYuBXmmnKe9Ak9zGP4Lykvgk5n5J6iUz5ycQAAACQAQHXa
d29OqGxoDNCl9xETW3tAL/2hfZzstNuOPLm5kj4j1Dc=

4
security/nss/cmd/bltest/tests/ecdsa/key15 Normal file
View File

@ -0,0 +1,4 @@
AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
yALMCiXJqRVXwbq42WMuaELMW+g=

4
security/nss/cmd/bltest/tests/ecdsa/key16 Normal file
View File

@ -0,0 +1,4 @@
AAAABwYFK4EEACQAAABpBADkgknFgTPuirxQxFlqIK+vcARWzlpJR+qmyRyQsBiz
Nh6Ws036xUKY9M8LxMIWXFNM6aIA2wxKsBF+HHD6oy27EAJSJOGbke/9F9Kv5AiW
2RXA4mllUaxCNsuQ36PqUdqv4FeXxWTpAAAANAHTZloqhR0V4bfyaeo2hojcvY3T
NO04ewNryBpsHZ0bhID0EfewYuwQmX00GYNfuV3mJ2w=

4
security/nss/cmd/bltest/tests/ecdsa/key17 Normal file
View File

@ -0,0 +1,4 @@
AAAABwYFK4EEACUAAABpBAAEE/bAmqCjO3FLvN93Q/UjDyDp2sj+F//buuf1hZ0K
1rSOGXMLcBrqVa8R6UJ57F9/Yc0BCTylpJMXjfCr4eDczG4WOQk+5x8kpKQs5Q9U
V3IolHDiQY/Nhn7o4UFn5/mF71T3qUqwAAAANAH/o7jEl9Bw+Arj9uQ7ZHkoPGgx
t92UJg1r/lxa7UUd66iJfRI8n8yQH/sw56D1+CweeII=

5
security/nss/cmd/bltest/tests/ecdsa/key18 Normal file
View File

@ -0,0 +1,5 @@
AAAABwYFK4EEACYAAACRBAffZTrfwIl0dciO2fui3UhZw6r+jnFh7gyER92gXL7+
LzPgTHagd1vdQiIX4K8Dv76KN0BldiFuX5odP7qC26MUaiURDdWT0AWcPmumSSBH
NXZYLLx5hQjW3BTNwV7v5bmUjezfgtuOCC30dQGs2GMgExAmiWRjTkiPrHg1SFKF
3RklauOyMWauaVpEzh3c+wAAAEgAZvLs4/Rx7tS+QGH92fGGIxPWPbVYOpDKwabY
poV2i1BD5Fxvw+eHlvxVOLmRPqRCPTfOLwAeNbHyt17U/BVZ8+svTChlzuA=

5
security/nss/cmd/bltest/tests/ecdsa/key19 Normal file
View File

@ -0,0 +1,5 @@
AAAABwYFK4EEACcAAACRBASpPvOfQVqiMD+cBL/nulFit5pk/5beJ6/KpeIltg4s
6/s7PPggJA59BP7RJwak6rgY3PsRqXVPjyM/1UkUfRUR2BJgOfNTkQe9WF7Y5zXy
TM76cWhOP+sLSoUcscy/HTLCpHqRLLvWZPDzgjrfJqSlydMEDZjWsJRVPk9IfeQ/
amGiWOhJIQd/bSrAazZn6AAAAEgFz1qZzjHuhuP1boJ7gzndJhQslx1efbESxHSc
wbOpeBpw2MsCAwjtgo3Y8pviFIC8+5MStkFjE8uHQ0ngXc02wm3G0xj8XGQ=

2
security/nss/cmd/bltest/tests/ecdsa/key2 Normal file
View File

@ -0,0 +1,2 @@
AAAABwYFK4EEAB4AAAApBGouC+vgvmItzsLO4hXn+AXi3skEE+M19o/QHLfjibbA
p7av8F4tcGgAAAAUmpQDUgnIkiXPBs0moD4jEmJHato=

5
security/nss/cmd/bltest/tests/ecdsa/key20 Normal file
View File

@ -0,0 +1,5 @@
AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=

2
security/nss/cmd/bltest/tests/ecdsa/key3 Normal file
View File

@ -0,0 +1,2 @@
AAAABwYFK4EEAAEAAAArBAe4qW9DTVGRVIYYznwJZbn8mWXLugA2A+Mv112Bu+y7
gxI8E4/fEdLTsQAAABUGEQDNcbxi0JhwALA8FCCxvmWYM3E=

2
security/nss/cmd/bltest/tests/ecdsa/key4 Normal file
View File

@ -0,0 +1,2 @@
AAAABwYFK4EEAAIAAAArBAXw45Pc59l1QWmAB1W6M30lyFzQmAH/0FIFKYgEOYIa
dnEXMwKNwaRdsQAAABUCErj052f+Rth5OxAm376LOAQyvBY=

2
security/nss/cmd/bltest/tests/ecdsa/key5 Normal file
View File

@ -0,0 +1,2 @@
AAAABwYFK4EEAA8AAAArBAFhm71N2wsUOYCwDNr/6rFvNX1okAbki1SNlHq2TQDO
Bktd1M0jlApWVQAAABUCILsraWg3Qi5nBsXQ1pGmZk0YuSA=

2
security/nss/cmd/bltest/tests/ecdsa/key6 Normal file
View File

@ -0,0 +1,2 @@
AAAABwYFK4EEAB8AAAAxBHOYACoc9XsLk5n8NZZKV2U9CDoMj/VRDvqbf+myloR7
uBfVNm+uVN33Sa65phAfXQAAABitxs6KZtkqU4tglcdQ1Rmk2U74vjYP0JM=

2
security/nss/cmd/bltest/tests/ecdsa/key7 Normal file
View File

@ -0,0 +1,2 @@
AAAACgYIKoZIzj0DAQEAAAAxBOyOI+rIs3x+jsChxQqSVblnoZGqhIM1WX0FMfw+
D8Dz6Y25iPcAQFpIAWh29FxnrgAAABh+uEQYXwMB783sULxE6PEd1t/MNZ9HSHI=

3
security/nss/cmd/bltest/tests/ecdsa/key8 Normal file
View File

@ -0,0 +1,3 @@
AAAABwYFK4EEACAAAAA5BKQnZoj4VtlPqrJ5dekM4haG+7PjfgO4wNNIqD7JnrKI
gTUd+oUQ41d517xCObyBaHNzdVPty9DvAAAAHIrG9+FE+OJV5UV2l/op7PCDPI4G
qkpgzPIwe7U=

3
security/nss/cmd/bltest/tests/ecdsa/key9 Normal file
View File

@ -0,0 +1,3 @@
AAAABwYFK4EEACEAAAA5BGCNDWldzQCbI83PMR96tqR6JnIUpvfIO8l6hIf/QfMc
rx2BbrSLoy6EJmP++Jyw5yNyaoVaNYl6AAAAHDnjgcUSIshTSLuejnSsvtvU363b
1NJv4ULUbIs=

1
security/nss/cmd/bltest/tests/ecdsa/numtests Normal file
View File

@ -0,0 +1 @@
21

1
security/nss/cmd/bltest/tests/ecdsa/plaintext0 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext1 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext10 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext11 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext12 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext13 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext14 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext15 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext16 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext17 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext18 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext19 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext2 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext20 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext3 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext4 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext5 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext6 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext7 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext8 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/plaintext9 Normal file
View File

@ -0,0 +1 @@
qZk+NkcGgWq6PiVxeFDCbJzQ2J0=

1
security/nss/cmd/bltest/tests/ecdsa/sigseed0 Normal file
View File

@ -0,0 +1 @@
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=

1
security/nss/cmd/bltest/tests/ecdsa/sigseed1 Normal file
View File

@ -0,0 +1 @@
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=

1
security/nss/cmd/bltest/tests/ecdsa/sigseed10 Normal file
View File

@ -0,0 +1 @@
fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=

1
security/nss/cmd/bltest/tests/ecdsa/sigseed11 Normal file
View File

@ -0,0 +1 @@
fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=

1
security/nss/cmd/bltest/tests/ecdsa/sigseed12 Normal file
View File

@ -0,0 +1 @@
/jI1NmJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDk=

1
security/nss/cmd/bltest/tests/ecdsa/sigseed13 Normal file
View File

@ -0,0 +1 @@
ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi

1
security/nss/cmd/bltest/tests/ecdsa/sigseed14 Normal file
View File

@ -0,0 +1 @@
ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi

1
security/nss/cmd/bltest/tests/ecdsa/sigseed15 Normal file
View File

@ -0,0 +1 @@
/jM4NGJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDEx

1
security/nss/cmd/bltest/tests/ecdsa/sigseed16 Normal file
View File

@ -0,0 +1 @@
fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx

1
security/nss/cmd/bltest/tests/ecdsa/sigseed17 Normal file
View File

@ -0,0 +1 @@
fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx

2
security/nss/cmd/bltest/tests/ecdsa/sigseed18 Normal file
View File

@ -0,0 +1,2 @@
PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
MTQxNTE2MTcxODE5MWExYjE=

2
security/nss/cmd/bltest/tests/ecdsa/sigseed19 Normal file
View File

@ -0,0 +1,2 @@
PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
MTQxNTE2MTcxODE5MWExYjE=

1
security/nss/cmd/bltest/tests/ecdsa/sigseed2 Normal file
View File

@ -0,0 +1 @@
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=

2
security/nss/cmd/bltest/tests/ecdsa/sigseed20 Normal file
View File

@ -0,0 +1,2 @@
/jUyMGJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
MTQxNTE2MTcxODE=

1
security/nss/cmd/bltest/tests/ecdsa/sigseed3 Normal file
View File

@ -0,0 +1 @@
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=

1
security/nss/cmd/bltest/tests/ecdsa/sigseed4 Normal file
View File

@ -0,0 +1 @@
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=

1
security/nss/cmd/bltest/tests/ecdsa/sigseed5 Normal file
View File

@ -0,0 +1 @@
aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=

1
security/nss/cmd/bltest/tests/ecdsa/sigseed6 Normal file
View File

@ -0,0 +1 @@
/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw

1
security/nss/cmd/bltest/tests/ecdsa/sigseed7 Normal file
View File

@ -0,0 +1 @@
/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw

1
security/nss/cmd/bltest/tests/ecdsa/sigseed8 Normal file
View File

@ -0,0 +1 @@
/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==

1
security/nss/cmd/bltest/tests/ecdsa/sigseed9 Normal file
View File

@ -0,0 +1 @@
/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==

102
security/nss/cmd/certutil/certutil.c
View File

@ -16,7 +16,11 @@
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
* Sun Microsystems, Inc. All Rights Reserved.
*
* Contributor(s):
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
@ -281,7 +285,7 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
PRFileDesc *inFile, PRBool ascii, PRBool emailcert, void *pwdata)
{
CERTCertTrust *trust = NULL;
CERTCertificate *cert = NULL, *tempCert = NULL;
CERTCertificate *cert = NULL;
SECItem certDER;
SECStatus rv;
@ -382,6 +386,12 @@ getSignatureOidTag(KeyType keyType, SECOidTag hashAlgTag)
break;
}
break;
#ifdef NSS_ENABLE_ECC
case ecKey:
/* XXX For now only ECDSA with SHA1 is supported */
sigTag = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
break;
#endif /* NSS_ENABLE_ECC */
default:
break;
}
@ -975,8 +985,15 @@ Usage(char *progName)
"\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n"
"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
#ifdef NSS_ENABLE_ECC
FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n"
"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n",
progName);
#else
FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n",
progName);
#endif /* NSS_ENABLE_ECC */
FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n");
FPS "\t%s -L [-n cert-name] [-X] [-d certdir] [-P dbprefix] [-r] [-a]\n", progName);
FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n",
@ -989,7 +1006,7 @@ Usage(char *progName)
"\t\t[-X] [-d certdir] [-P dbprefix]\n",
progName);
FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x] -t trustargs\n"
"\t\t [-k key-type] [-h token-name] [-g key-size]\n"
"\t\t [-k key-type] [-q key-params] [-h token-name] [-g key-size]\n"
"\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n"
"\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n"
"\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n"
@ -1076,10 +1093,17 @@ static void LongUsage(char *progName)
"-G");
FPS "%-20s Name of token in which to generate key (default is internal)\n",
" -h token-name");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
" -k key-type");
FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
#else
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
" -k key-type");
FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
#endif /* NSS_ENABLE_ECC */
FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n",
" -y exp");
FPS "%-20s Specify the password file\n",
@ -1088,6 +1112,27 @@ static void LongUsage(char *progName)
" -z noisefile");
FPS "%-20s read PQG value from pqgfile (dsa only)\n",
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
FPS "%-20s One of sect163k1, nistk163, sect163r1, sect163r2,\n", "");
FPS "%-20s nistb163, sect193r1, sect193r2, sect233k1, nistk233,\n", "");
FPS "%-20s sect233r1, nistb233, sect239k1, sect283k1, nistk283,\n", "");
FPS "%-20s sect283r1, nistb283, sect409k1, nistk409, sect409r1,\n", "");
FPS "%-20s nistb409, sect571k1, nistk571, sect571r1, nistb571,\n", "");
FPS "%-20s secp169k1, secp160r1, secp160r2, secp192k1, secp192r1,\n", "");
FPS "%-20s nistp192, secp224k1, secp224r1, nistp224, secp256k1,\n", "");
FPS "%-20s secp256r1, nistp256, secp384r1, nistp384, secp521r1,\n", "");
FPS "%-20s nistp521, prime192v1, prime192v2, prime192v3, \n", "");
FPS "%-20s prime239v1, prime239v2, prime239v3, c2pnb163v1, \n", "");
FPS "%-20s c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, \n", "");
FPS "%-20s c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5, \n", "");
FPS "%-20s c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, \n", "");
FPS "%-20s c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1, \n", "");
FPS "%-20s c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, \n", "");
FPS "%-20s secp112r2, secp128r1, secp128r2, sect113r1, sect113r2\n", "");
FPS "%-20s sect131r1, sect131r2\n", "");
#endif
FPS "%-20s Key database directory (default is ~/.netscape)\n",
" -d keydir");
FPS "%-20s Cert & Key database prefix\n",
@ -1119,8 +1164,13 @@ static void LongUsage(char *progName)
FPS "%-20s Name of token in which to look for keys (default is internal,"
" use \"all\" to list keys on all tokens)\n",
" -h token-name ");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Type of key pair to list (\"all\", \"dsa\", \"ec\", \"rsa\" (default))\n",
" -k key-type");
#else
FPS "%-20s Type of key pair to list (\"all\", \"dsa\", \"rsa\" (default))\n",
" -k key-type");
#endif
FPS "%-20s Specify the password file\n",
" -f password-file");
FPS "%-20s Key database directory (default is ~/.netscape)\n",
@ -1195,12 +1245,25 @@ static void LongUsage(char *progName)
" -s subject");
FPS "%-20s Output the cert request to this file\n",
" -o output-req");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
" -k key-type");
#else
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
" -k key-type");
#endif /* NSS_ENABLE_ECC */
FPS "%-20s Name of token in which to generate key (default is internal)\n",
" -h token-name");
FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
"");
#endif /* NSS_ENABLE_ECC */
FPS "%-20s Specify the password file\n",
" -f pwfile");
FPS "%-20s Key database directory (default is ~/.netscape)\n",
@ -1244,12 +1307,25 @@ static void LongUsage(char *progName)
" -c issuer-name");
FPS "%-20s Set the certificate trust attributes (see -A above)\n",
" -t trustargs");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
" -k key-type");
#else
FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
" -k key-type");
#endif /* NSS_ENABLE_ECC */
FPS "%-20s Name of token in which to generate key (default is internal)\n",
" -h token-name");
FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
" -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
" -q pqgfile");
#ifdef NSS_ENABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
"");
#endif /* NSS_ENABLE_ECC */
FPS "%-20s Self sign\n",
" -x");
FPS "%-20s Cert serial number\n",
@ -2335,9 +2411,16 @@ secuCommandFlag certutil_options[] =
if ((keysize < MIN_KEY_BITS) || (keysize > MAX_KEY_BITS)) {
PR_fprintf(PR_STDERR,
"%s -g: Keysize must be between %d and %d.\n",
MIN_KEY_BITS, MAX_KEY_BITS);
progName, MIN_KEY_BITS, MAX_KEY_BITS);
return 255;
}
#ifdef NSS_ENABLE_ECC
if (keytype == ecKey) {
PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName);
return 255;
}
#endif /* NSS_ENABLE_ECC */
}
/* -h specify token name */
@ -2379,6 +2462,10 @@ secuCommandFlag certutil_options[] =
keytype = rsaKey;
} else if (PL_strcmp(arg, "dsa") == 0) {
keytype = dsaKey;
#ifdef NSS_ENABLE_ECC
} else if (PL_strcmp(arg, "ec") == 0) {
keytype = ecKey;
#endif /* NSS_ENABLE_ECC */
} else if (PL_strcmp(arg, "all") == 0) {
keytype = nullKey;
} else {
@ -2403,11 +2490,18 @@ secuCommandFlag certutil_options[] =
if (certutil.options[opt_DBPrefix].activated)
certPrefix = strdup(certutil.options[opt_DBPrefix].arg);
/* -q PQG file */
/* -q PQG file or curve name */
if (certutil.options[opt_PQGFile].activated) {
#ifdef NSS_ENABLE_ECC
if ((keytype != dsaKey) && (keytype != ecKey)) {
PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \
" (-k dsa) or a named curve for EC keys (-k ec)\n)",
progName);
#else
if (keytype != dsaKey) {
PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
progName);
#endif /* NSS_ENABLE_ECC */
return 255;
}
}

143
security/nss/cmd/certutil/keystuff.c
View File

@ -16,7 +16,11 @@
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
* Sun Microsystems, Inc. All Rights Reserved.
*
* Contributor(s):
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
@ -335,6 +339,136 @@ void CERTUTIL_FileForRNG(char *noise)
}
#ifdef NSS_ENABLE_ECC
typedef struct curveNameTagPairStr {
char *curveName;
SECOidTag curveOidTag;
} CurveNameTagPair;
#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */
static CurveNameTagPair nameTagPair[] =
{
{ "sect163k1", SEC_OID_SECG_EC_SECT163K1},
{ "nistk163", SEC_OID_SECG_EC_SECT163K1},
{ "sect163r1", SEC_OID_SECG_EC_SECT163R1},
{ "sect163r2", SEC_OID_SECG_EC_SECT163R2},
{ "nistb163", SEC_OID_SECG_EC_SECT163R2},
{ "sect193r1", SEC_OID_SECG_EC_SECT193R1},
{ "sect193r2", SEC_OID_SECG_EC_SECT193R2},
{ "sect233k1", SEC_OID_SECG_EC_SECT233K1},
{ "nistk233", SEC_OID_SECG_EC_SECT233K1},
{ "sect233r1", SEC_OID_SECG_EC_SECT233R1},
{ "nistb233", SEC_OID_SECG_EC_SECT233R1},
{ "sect239k1", SEC_OID_SECG_EC_SECT239K1},
{ "sect283k1", SEC_OID_SECG_EC_SECT283K1},
{ "nistk283", SEC_OID_SECG_EC_SECT283K1},
{ "sect283r1", SEC_OID_SECG_EC_SECT283R1},
{ "nistb283", SEC_OID_SECG_EC_SECT283R1},
{ "sect409k1", SEC_OID_SECG_EC_SECT409K1},
{ "nistk409", SEC_OID_SECG_EC_SECT409K1},
{ "sect409r1", SEC_OID_SECG_EC_SECT409R1},
{ "nistb409", SEC_OID_SECG_EC_SECT409R1},
{ "sect571k1", SEC_OID_SECG_EC_SECT571K1},
{ "nistk571", SEC_OID_SECG_EC_SECT571K1},
{ "sect571r1", SEC_OID_SECG_EC_SECT571R1},
{ "nistb571", SEC_OID_SECG_EC_SECT571R1},
{ "secp160k1", SEC_OID_SECG_EC_SECP160K1},
{ "secp160r1", SEC_OID_SECG_EC_SECP160R1},
{ "secp160r2", SEC_OID_SECG_EC_SECP160R2},
{ "secp192k1", SEC_OID_SECG_EC_SECP192K1},
{ "secp192r1", SEC_OID_SECG_EC_SECP192R1},
{ "nistp192", SEC_OID_SECG_EC_SECP192R1},
{ "secp224k1", SEC_OID_SECG_EC_SECP224K1},
{ "secp224r1", SEC_OID_SECG_EC_SECP224R1},
{ "nistp224", SEC_OID_SECG_EC_SECP224R1},
{ "secp256k1", SEC_OID_SECG_EC_SECP256K1},
{ "secp256r1", SEC_OID_SECG_EC_SECP256R1},
{ "nistp256", SEC_OID_SECG_EC_SECP256R1},
{ "secp384r1", SEC_OID_SECG_EC_SECP384R1},
{ "nistp384", SEC_OID_SECG_EC_SECP384R1},
{ "secp521r1", SEC_OID_SECG_EC_SECP521R1},
{ "nistp521", SEC_OID_SECG_EC_SECP521R1},
{ "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
{ "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
{ "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
{ "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
{ "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
{ "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
{ "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
{ "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
{ "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
{ "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
{ "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
{ "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
{ "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
{ "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
{ "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
{ "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
{ "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
{ "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
{ "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
{ "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
{ "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
{ "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
{ "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
{ "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
{ "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
{ "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
{ "secp112r1", SEC_OID_SECG_EC_SECP112R1},
{ "secp112r2", SEC_OID_SECG_EC_SECP112R2},
{ "secp128r1", SEC_OID_SECG_EC_SECP128R1},
{ "secp128r2", SEC_OID_SECG_EC_SECP128R2},
{ "sect113r1", SEC_OID_SECG_EC_SECT113R1},
{ "sect113r2", SEC_OID_SECG_EC_SECT113R2},
{ "sect131r1", SEC_OID_SECG_EC_SECT131R1},
{ "sect131r2", SEC_OID_SECG_EC_SECT131R2},
};
static SECKEYECParams *
getECParams(char *curve)
{
SECKEYECParams *ecparams;
SECOidData *oidData = NULL;
SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
int i, numCurves;
if (curve != NULL) {
numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
i++) {
if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
curveOidTag = nameTagPair[i].curveOidTag;
}
}
/* Return NULL if curve name is not recognized */
if ((curveOidTag == SEC_OID_UNKNOWN) ||
(oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
return NULL;
}
ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
/*
* ecparams->data needs to contain the ASN encoding of an object ID (OID)
* representing the named curve. The actual OID is in
* oidData->oid.data so we simply prepend 0x06 and OID length
*/
ecparams->data[0] = SEC_ASN1_OBJECT_ID;
ecparams->data[1] = oidData->oid.len;
memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len);
return ecparams;
}
#endif /* NSS_ENABLE_ECC */
SECKEYPrivateKey *
CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
int publicExponent, char *noise,
@ -390,13 +524,20 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
}
params = dsaparams;
break;
#ifdef NSS_ENABLE_ECC
case ecKey:
mechanism = CKM_EC_KEY_PAIR_GEN;
/* For EC keys, PQGFile determines EC parameters */
if ((params = (void *) getECParams(pqgFile)) == NULL)
return NULL;
break;
#endif /* NSS_ENABLE_ECC */
default:
return NULL;
}
if (slot == NULL)
return NULL;
if (PK11_Authenticate(slot, PR_TRUE, pwdata) != SECSuccess)
return NULL;

4
security/nss/cmd/certutil/manifest.mn
View File

@ -49,4 +49,8 @@ REQUIRES = dbm seccmd
PROGRAM = certutil
ifdef NSS_ENABLE_ECC
DEFINES += -DNSS_ENABLE_ECC
endif
#USE_STATIC_LIBS = 1

4
security/nss/cmd/lib/manifest.mn
View File

@ -51,3 +51,7 @@ CSRCS = secutil.c \
REQUIRES = nss nspr dbm
ifdef NSS_ENABLE_ECC
DEFINES += -DNSS_ENABLE_ECC
endif

31
security/nss/cmd/lib/secutil.c
View File

@ -16,7 +16,11 @@
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
* Sun Microsystems, Inc. All Rights Reserved.
*
* Contributor(s):
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
@ -1235,6 +1239,26 @@ secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
}
#ifdef NSS_ENABLE_ECC
static void
secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
{
SECItem curveOID = { siBuffer, NULL, 0};
SECU_Indent(out, level); fprintf(out, "%s:\n", m);
SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
/* For named curves, the DEREncodedParams field contains an
* ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
*/
if ((pk->u.ec.DEREncodedParams.len > 2) &&
(pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
curveOID.len = pk->u.ec.DEREncodedParams.data[1];
curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
}
}
#endif /* NSS_ENABLE_ECC */
static int
secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
CERTSubjectPublicKeyInfo *i, char *msg, int level)
@ -1255,10 +1279,15 @@ secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
secu_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
break;
#ifdef NSS_ENABLE_ECC
case ecKey:
secu_PrintECPublicKey(out, pk, "EC Public Key", level +1);
break;
#endif
case dhKey:
case fortezzaKey:
case keaKey:
case ecKey:
fprintf(out, "unable to format this SPKI algorithm type\n");
break;
default:

4
security/nss/cmd/pk12util/manifest.mn
View File

@ -48,4 +48,8 @@ REQUIRES = dbm seccmd
PROGRAM = pk12util
ifdef NSS_ENABLE_ECC
DEFINES += -DNSS_ENABLE_ECC
endif
# USE_STATIC_LIBS = 1

1
security/nss/cmd/pk12util/pk12util.c
View File

@ -470,6 +470,7 @@ P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
p12cxt->file = NULL;
/* PK11_FreeSlot(slot); */
fprintf(stdout, "%s: PKCS12 IMPORT SUCCESSFUL\n", progName);
rv = SECSuccess;
loser:

4
security/nss/cmd/selfserv/manifest.mn
View File

@ -46,3 +46,7 @@ REQUIRES = seccmd dbm
PROGRAM = selfserv
ifdef NSS_ENABLE_ECC
DEFINES += -DNSS_ENABLE_ECC
endif

64
security/nss/cmd/selfserv/selfserv.c
View File

@ -112,19 +112,19 @@ const int ssl2CipherSuites[] = {
* for new SSL3 ciphers. A -1 indicates the cipher
* is not currently implemented.
*/
-1, /* TLS_ECDH_ECDSA_WITH_NULL_SHA, * G */
-1, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA, * H */
-1, /* TLS_ECDH_ECDSA_WITH_DES_CBC_SHA, * I */
-1, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, * J */
-1, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, * K */
-1, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, * L */
-1, /* TLS_ECDH_RSA_WITH_NULL_SHA, * M */
-1, /* TLS_ECDH_RSA_WITH_RC4_128_SHA, * N */
-1, /* TLS_ECDH_RSA_WITH_DES_CBC_SHA, * O */
-1, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, * P */
-1, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, * Q */
-1, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, * R */
-1, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, * S */
TLS_ECDH_ECDSA_WITH_NULL_SHA, /* G */
TLS_ECDH_ECDSA_WITH_RC4_128_SHA, /* H */
TLS_ECDH_ECDSA_WITH_DES_CBC_SHA, /* I */
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* J */
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* K */
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* L */
TLS_ECDH_RSA_WITH_NULL_SHA, /* M */
TLS_ECDH_RSA_WITH_RC4_128_SHA, /* N */
TLS_ECDH_RSA_WITH_DES_CBC_SHA, /* O */
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* P */
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* Q */
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* R */
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* S */
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* T */
#endif /* NSS_ENABLE_ECC */
0
@ -199,8 +199,13 @@ Usage(const char *progName)
fprintf(stderr,
"Usage: %s -n rsa_nickname -p port [-3DRTbmrvx] [-w password] [-t threads]\n"
#ifdef NSS_ENABLE_ECC
" [-i pid_file] [-c ciphers] [-d dbdir] [-e ec_nickname] \n"
" [-f fortezza_nickname] [-L [seconds]] [-M maxProcs] [-l]\n"
#else
" [-i pid_file] [-c ciphers] [-d dbdir] [-f fortezza_nickname] \n"
" [-L [seconds]] [-M maxProcs] [-l]\n"
#endif /* NSS_ENABLE_ECC */
"-3 means disable SSL v3\n"
"-D means disable Nagle delays in TCP\n"
"-T means disable TLS\n"
@ -227,6 +232,19 @@ Usage(const char *progName)
"E SSL2 DES 64 CBC WITH MD5\n"
"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
#ifdef NSS_ENABLE_ECC
"G TLS ECDH ECDSA WITH NULL SHA\n"
"H TLS ECDH ECDSA WITH RC4 128 SHA\n"
"I TLS ECDH ECDSA WITH DES CBC SHA\n"
"J TLS ECDH ECDSA WITH 3DES EDE CBC SHA\n"
"K TLS ECDH ECDSA WITH AES 128 CBC SHA\n"
"L TLS ECDH ECDSA WITH AES 256 CBC SHA\n"
"M TLS ECDH RSA WITH NULL SHA\n"
"N TLS ECDH RSA WITH RC4 128 SHA\n"
"O TLS ECDH RSA WITH DES CBC SHA\n"
"P TLS ECDH RSA WITH 3DES EDE CBC SHA\n"
"Q TLS ECDH RSA WITH AES 128 CBC SHA\n"
"R TLS ECDH RSA WITH AES 256 CBC SHA\n"
"S TLS ECDHE ECDSA WITH AES 128 CBC SHA\n"
"T TLS ECDHE RSA WITH AES 128 CBC SHA\n"
#endif /* NSS_ENABLE_ECC */
"\n"
@ -1424,6 +1442,9 @@ main(int argc, char **argv)
{
char * progName = NULL;
char * nickName = NULL;
#ifdef NSS_ENABLE_ECC
char * ecNickName = NULL;
#endif
char * fNickName = NULL;
const char * fileName = NULL;
char * cipherString= NULL;
@ -1460,7 +1481,7 @@ main(int argc, char **argv)
** numbers, then capital letters, then lower case, alphabetical.
*/
optstate = PL_CreateOptState(argc, argv,
"2:3DL:M:RTbc:d:f:hi:lmn:op:rt:vw:xy");
"2:3DL:M:RTbc:d:e:f:hi:lmn:op:rt:vw:xy");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
++optionsFound;
switch(optstate->option) {
@ -1496,6 +1517,10 @@ main(int argc, char **argv)
case 'd': dir = optstate->value; break;
#ifdef NSS_ENABLE_ECC
case 'e': ecNickName = strdup(optstate->value); break;
#endif /* NSS_ENABLE_ECC */
case 'f': fNickName = strdup(optstate->value); break;
case 'h': Usage(progName); exit(0); break;
@ -1699,6 +1724,17 @@ main(int argc, char **argv)
}
privKey[kt_fortezza] = PK11_FindKeyByAnyCert(cert[kt_fortezza], NULL);
}
#ifdef NSS_ENABLE_ECC
if (ecNickName) {
cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, NULL);
if (cert[kt_ecdh] == NULL) {
fprintf(stderr, "selfserv: Can't find certificate %s\n",
ecNickName);
exit(13);
}
privKey[kt_ecdh] = PK11_FindKeyByAnyCert(cert[kt_ecdh], NULL);
}
#endif /* NSS_ENABLE_ECC */
/* allocate the array of thread slots, and launch the worker threads. */
rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads);

4
security/nss/cmd/tstclnt/manifest.mn
View File

@ -48,3 +48,7 @@ CSRCS = tstclnt.c
PROGRAM = tstclnt
ifdef NSS_ENABLE_ECC
DEFINES += -DNSS_ENABLE_ECC
endif

4
security/nss/cmd/tstclnt/tstclnt.c
View File

@ -242,13 +242,13 @@ static void Usage(const char *progName)
"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
#ifdef NSS_ENABLE_ECC
"G TLS ECDH ECDSA WITH NULL SHA\n"
"H TLS ECDH ECDSA WITH RC4 128 CBC SHA\n"
"H TLS ECDH ECDSA WITH RC4 128 SHA\n"
"I TLS ECDH ECDSA WITH DES CBC SHA\n"
"J TLS ECDH ECDSA WITH 3DES EDE CBC SHA\n"
"K TLS ECDH ECDSA WITH AES 128 CBC SHA\n"
"L TLS ECDH ECDSA WITH AES 256 CBC SHA\n"
"M TLS ECDH RSA WITH NULL SHA\n"
"N TLS ECDH RSA WITH RC4 128 CBC SHA\n"
"N TLS ECDH RSA WITH RC4 128 SHA\n"
"O TLS ECDH RSA WITH DES CBC SHA\n"
"P TLS ECDH RSA WITH 3DES EDE CBC SHA\n"
"Q TLS ECDH RSA WITH AES 128 CBC SHA\n"

24
security/nss/lib/cryptohi/cryptohi.h
View File

@ -18,7 +18,11 @@
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
* Sun Microsystems, Inc. All Rights Reserved.
*
* Contributor(s):
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
@ -32,7 +36,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: cryptohi.h,v 1.5 2003/05/24 03:34:48 wtc%netscape.com Exp $
* $Id: cryptohi.h,v 1.6 2003/10/17 13:45:32 ian.mcgreer%sun.com Exp $
*/
#ifndef _CRYPTOHI_H_
@ -53,7 +57,7 @@ SEC_BEGIN_PROTOS
/****************************************/
/*
** DER encode/decode DSA signatures
** DER encode/decode (EC)DSA signatures
*/
/* ANSI X9.57 defines DSA signatures as DER encoded data. Our DSA code (and
@ -63,7 +67,21 @@ SEC_BEGIN_PROTOS
extern SECStatus DSAU_EncodeDerSig(SECItem *dest, SECItem *src);
extern SECItem *DSAU_DecodeDerSig(SECItem *item);
/*
* Unlike DSA, raw ECDSA signatures do not have a fixed length.
* Rather they contain two integers r and s whose length depends
* on the size of the EC key used for signing.
*
* We can reuse the DSAU_EncodeDerSig interface to DER encode
* raw ECDSA signature keeping in mind that the length of r
* is the same as that of s and exactly half of src->len.
*
* For decoding, we need to pass the length of the desired
* raw signature (twice the key size) explicitly.
*/
extern SECStatus DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src,
unsigned int len);
extern SECItem *DSAU_DecodeDerSigToLen(SECItem *item, unsigned int len);
/****************************************/
/*

Some files were not shown because too many files have changed in this diff Show More