nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity

Bug 1851092 - land NSS NSS_3_94_RTM UPGRADE_NSS_RELEASE, r=nss-reviewers,jschanck

Browse source 
2023-10-02  Natalia Kulatova  <nkulatova@mozilla.com>

	* doc/rst/releases/nss_3_94.rst:
	Documentation: Release notes for NSS 3.94
	[8c67d6c2d718] [NSS_3_94_RTM] <NSS_3_94_BRANCH>

	* .hgtags:
	Added tag NSS_3_94_RTM for changeset a4d8f6ff9c3b
	[18307440cfb0] <NSS_3_94_BRANCH>

	* doc/rst/releases/index.rst:
	Release notes for NSS 3.94
	[a4d8f6ff9c3b] <NSS_3_94_BRANCH>

	* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
	Set version numbers to 3.94 final
	[0af23c222caf] <NSS_3_94_BRANCH>

2023-09-21  Benjamin Beurdouche  <beurdouche@mozilla.com>

	* .hgtags:
	Removed tag NSS_3_94_BETA1
	[1a3ea35e31a2]

2023-09-20  Karthikeyan Bhargavan  <karthik.bhargavan@gmail.com>

	* automation/taskcluster/scripts/run_hacl.sh,
	lib/freebl/verified/Hacl_Hash_SHA3.c,
	lib/freebl/verified/Hacl_IntTypes_Intrinsics.h,
	lib/freebl/verified/Hacl_IntTypes_Intrinsics_128.h,
	lib/freebl/verified/Hacl_Krmllib.h, lib/freebl/verified/Hacl_P256.c,
	lib/freebl/verified/internal/Hacl_Bignum_Base.h,
	lib/freebl/verified/internal/Hacl_Hash_SHA1.h,
	lib/freebl/verified/internal/Hacl_Hash_SHA2.h,
	lib/freebl/verified/internal/Hacl_IntTypes_Intrinsics.h,
	lib/freebl/verified/internal/Hacl_IntTypes_Intrinsics_128.h,
	lib/freebl/verified/internal/Hacl_Krmllib.h,
	lib/freebl/verified/internal/Hacl_P256.h,
	lib/freebl/verified/internal/lib_intrinsics.h,
	lib/freebl/verified/karamel/include/krml/internal/target.h, lib/free
	bl/verified/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h,
	lib/freebl/verified/karamel/krmllib/dist/minimal/Makefile.basic,
	lib/freebl/verified/lib_intrinsics.h:
	Bug 1853737 - Updated code and commit ID for HACL*. r=jschanck

	[3501ba1860c3]

2023-09-20  Iaroslav Gridin  <iaroslav.gridin@tuni.fi>

	* tests/acvp/fuzzed/ecdsa.json:
	Bug 1840510: update ACVP fuzzed test vector: refuzzed with current
	NSS r=jschanck

	[da1cde22e844]

2023-09-15  Robert Relyea  <rrelyea@redhat.com>

	* automation/abi-check/expected-report-libnssutil3.so.txt,
	lib/freebl/nsslowhash.c, lib/freebl/stubs.c, lib/freebl/stubs.h,
	lib/pk11wrap/pk11util.c, lib/softoken/pkcs11.c,
	lib/util/nssutil.def, lib/util/secport.c, lib/util/secport.h:
	Bug 1827303 Softoken C_ calls should use system FIPS setting to
	select NSC_ or FC_ variants.

	NSS softoken presents a PKCS #11 API to the NSS low level crypto.
	This allows NSS to have native support for replacement PKCS #11
	libraries, and is also the FIPS boundary, allowing the rest of NSS
	to change without affecting any FIPS validations.

	Some applications that need crypto, but have their own higher level
	implementations of SSL or S/MIME use NSS softoken. Softoken has 2
	general APIs: NSC_xxxx calls which implement the normal NSS
	interface, but does not include any FIPS restrictions, The FC_xxx
	interfaces which implements FIPS restrictions on the semantics of
	the calls and additional FIPS requirements (like self-tests and
	software integrity checks). The official PKCS #11 APIs are C_xxx
	interfaces, and NSS exports those as aliases for NSC_xxxx calls.

	Right now applications that use softoken have to know the NSS names
	if they want to access the FIPS api. This bugs removes this
	restriction and causes calls to C_xxxx to alias to FC_xxxxx if the
	system is in FIPS mode. If the system has no system FIPS indicator,
	or the that indicator is off, the C_xxxx will continue to call
	NSC_xxxxx. NSS itself will continue to use NSC_xxxx or FC_xxxx
	according to the NSS internal FIPS settings.

	---------------- Currently there are 3 layers in NSS with code that
	identifies the whether the system is in NSS: nss proper (which is
	also exported to applications), and freebl for the Freebl hash
	direct case. This code would add a 3rd (in softoken). Rather than
	adding a third, this patch relocates the main function to nssutil
	where softoken, nss, and freebl can all access it. The exception is
	when building freebl with 'NODEPEND' (freebl can provide hashing
	without dependencies on NSPR or NSSUTIL), there needs to be a stub
	implementation. In most platforms and cases this stub is never
	compiled.

	[762cb673ca8c]

	* .hgignore, automation/taskcluster/scripts/split.sh, cmd/Makefile,
	cmd/dbtool/Makefile, cmd/dbtool/dbtool.c, cmd/dbtool/dbtool.gyp,
	cmd/dbtool/manifest.mn, cmd/manifest.mn, lib/softoken/sdb.h,
	nss.gyp:
	Bug 1774659 NSS needs a database tool that can dump the low level
	representation of the database. r=jschanck

	When debugging the database, it would be helpful to know what is in
	the database is a nicely formated way. certutil dumps a high level
	view of the certs and keys, sqlite3 can dump the low level tables
	and raw entries. It would be useful to dump the database as softoken
	sees the database.

	This code grabs a copy of the latest sdb.c from softoken and uses it
	to fetch the database entries, then parses them as necessary. It
	uses the pkcs11 table in libsec to format the result data into human
	readable strings.

	[e52240a4bc62]

2023-09-08  John Schanck  <jschanck@mozilla.com>

	* gtests/mozpkix_gtest/pkixnames_tests.cpp:
	Bug 1852179 - declare string literals using char in
	pkixnames_tests.cpp. r=nss-reviewers,nkulatova

	[dbed9fc0522a]

Differential Revision: https://phabricator.services.mozilla.com/D189815
This commit is contained in:
Natalia Kulatova 2023-10-02 20:43:59 +00:00
parent f955aa7555
commit d3619cd7e8
43 changed files with 3120 additions and 2126 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

5
security/moz.build
View file

@ -149,7 +149,10 @@ sandbox_vars = {
}
if CONFIG["OS_TARGET"] == "WINNT":
# We want to remove XP_WIN32 eventually. See bug 1535219 for details.
sandbox_vars["CFLAGS"] = ["-DXP_WIN32"]
sandbox_vars["CFLAGS"] = [
"-DXP_WIN32",
"-Wno-error=unused-function", # bug 1856445
]
if CONFIG["CPU_ARCH"] == "x86":
# This should really be the default.
sandbox_vars["ASFLAGS"] = ["-safeseh"]

2
security/nss/TAG-INFO
View file

@ -1 +1 @@
ffcd992581
NSS_3_94_RTM

5
security/nss/automation/abi-check/expected-report-libnssutil3.so.txt
View file

@ -0,0 +1,5 @@
1 Added function:
'function PRBool NSS_GetSystemFIPSEnabled()' {NSS_GetSystemFIPSEnabled@@NSSUTIL_3.94}

2
security/nss/automation/taskcluster/scripts/run_hacl.sh
View file

@ -12,7 +12,7 @@ set -e -x -v
# Get the HACL* source, containing a snapshot of the C code, extracted on the
# HACL CI.
git clone -q "https://github.com/hacl-star/hacl-star" ~/hacl-star
git -C ~/hacl-star checkout -q 5f6051d2134cda490c890e57bb16da0110744646
git -C ~/hacl-star checkout -q 72f9d0c783cb716add714344604d591106dfbf7f
# Format the C snapshot.
cd ~/hacl-star/dist/mozilla

1
security/nss/automation/taskcluster/scripts/split.sh
View file

@ -84,6 +84,7 @@ split_softoken() {
copy_top $nssdir/cmd $dstdir/cmd
cp -R $nssdir/cmd/bltest $dstdir/cmd/bltest
cp -R $nssdir/cmd/ecperf $dstdir/cmd/ecperf
cp -R $nssdir/cmd/dbtool $dstdir/cmd/dbtool
cp -R $nssdir/cmd/fbectest $dstdir/cmd/fbectest
cp -R $nssdir/cmd/fipstest $dstdir/cmd/fipstest
cp -R $nssdir/cmd/lib $dstdir/cmd/lib

4
security/nss/cmd/Makefile
View file

@ -1,5 +1,5 @@
#! gmake
#
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
@ -16,12 +16,14 @@ endif
ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
BLTEST_SRCDIR =
DBTOOL_SRCDIR =
ECPERF_SRCDIR =
FREEBL_ECTEST_SRCDIR =
FIPSTEST_SRCDIR =
SHLIBSIGN_SRCDIR =
else
BLTEST_SRCDIR = bltest
DBTOOL_SRCDIR = dbtool
ECPERF_SRCDIR = ecperf
FREEBL_ECTEST_SRCDIR = fbectest
FIPSTEST_SRCDIR = fipstest

50
security/nss/cmd/dbtool/Makefile Normal file
View file

@ -0,0 +1,50 @@
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#include ../platlibs.mk
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include ../platrules.mk
sdb.c: $(CORE_DEPTH)/lib/softoken/sdb.c
cp $< $@

830
security/nss/cmd/dbtool/dbtool.c Normal file
View file

@ -0,0 +1,830 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
** dbtool.c
**
** tool to dump the underlying encoding of a database. This tool duplicates
** some private functions in softoken. It uses libsec and libutil, but no
** other portions of NSS. It currently only works on sqlite databases. For
** an even more primitive dump, use sqlite3 on the individual files.
**
** TODO: dump the meta data for the databases.
** optionally dump more PKCS5 information (KDF/salt/iterations)
** take a password and decode encrypted attributes/verify signed
** attributes.
*/
#include <stdio.h>
#include <string.h>
#if defined(WIN32)
#include "fcntl.h"
#include "io.h"
#endif
/*#include "secutil.h" */
/*#include "pk11pub.h" */
#if defined(XP_UNIX)
#include <unistd.h>
#endif
#include "nspr.h"
#include "prtypes.h"
#include "nss.h"
#include "secasn1.h"
#include "secder.h"
#include "pk11table.h"
#include "sftkdbt.h"
#include "sdb.h"
#include "secoid.h"
#include "plgetopt.h"
static char *progName;
char *dbDir = NULL;
static void
Usage()
{
printf("Usage: %s [-c certprefix] [-k keyprefix] "
"[-V certversion] [-v keyversion]\n"
" [-d dbdir]\n",
progName);
printf("%-20s Directory with cert database (default is .)\n",
"-d certdir");
printf("%-20s prefix for the cert database (default is \"\")\n",
"-c certprefix");
printf("%-20s prefix for the key database (default is \"\")\n",
"-k keyprefix");
printf("%-20s version of the cert database (default is 9)\n",
"-V certversion");
printf("%-20s version of the key database (default is 4)\n",
"-v keyversion");
exit(1);
}
#define SFTK_KEYDB_TYPE 0x40000000
#define SFTK_TOKEN_TYPE 0x80000000
/*
* known attributes
*/
static const CK_ATTRIBUTE_TYPE known_attributes[] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_LABEL, CKA_APPLICATION,
CKA_VALUE, CKA_OBJECT_ID, CKA_CERTIFICATE_TYPE, CKA_ISSUER,
CKA_SERIAL_NUMBER, CKA_AC_ISSUER, CKA_OWNER, CKA_ATTR_TYPES, CKA_TRUSTED,
CKA_CERTIFICATE_CATEGORY, CKA_JAVA_MIDP_SECURITY_DOMAIN, CKA_URL,
CKA_HASH_OF_SUBJECT_PUBLIC_KEY, CKA_HASH_OF_ISSUER_PUBLIC_KEY,
CKA_CHECK_VALUE, CKA_KEY_TYPE, CKA_SUBJECT, CKA_ID, CKA_SENSITIVE,
CKA_ENCRYPT, CKA_DECRYPT, CKA_WRAP, CKA_UNWRAP, CKA_SIGN, CKA_SIGN_RECOVER,
CKA_VERIFY, CKA_VERIFY_RECOVER, CKA_DERIVE, CKA_START_DATE, CKA_END_DATE,
CKA_MODULUS, CKA_MODULUS_BITS, CKA_PUBLIC_EXPONENT, CKA_PRIVATE_EXPONENT,
CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT,
CKA_PRIME, CKA_SUBPRIME, CKA_BASE, CKA_PRIME_BITS,
CKA_SUB_PRIME_BITS, CKA_VALUE_BITS, CKA_VALUE_LEN, CKA_EXTRACTABLE,
CKA_LOCAL, CKA_NEVER_EXTRACTABLE, CKA_ALWAYS_SENSITIVE,
CKA_KEY_GEN_MECHANISM, CKA_MODIFIABLE, CKA_EC_PARAMS,
CKA_EC_POINT, CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
CKA_ALWAYS_AUTHENTICATE, CKA_WRAP_WITH_TRUSTED, CKA_WRAP_TEMPLATE,
CKA_UNWRAP_TEMPLATE, CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT,
CKA_HAS_RESET, CKA_PIXEL_X, CKA_PIXEL_Y, CKA_RESOLUTION, CKA_CHAR_ROWS,
CKA_CHAR_COLUMNS, CKA_COLOR, CKA_BITS_PER_PIXEL, CKA_CHAR_SETS,
CKA_ENCODING_METHODS, CKA_MIME_TYPES, CKA_MECHANISM_TYPE,
CKA_REQUIRED_CMS_ATTRIBUTES, CKA_DEFAULT_CMS_ATTRIBUTES,
CKA_SUPPORTED_CMS_ATTRIBUTES, CKA_NSS_URL, CKA_NSS_EMAIL,
CKA_NSS_SMIME_INFO, CKA_NSS_SMIME_TIMESTAMP,
CKA_NSS_PKCS8_SALT, CKA_NSS_PASSWORD_CHECK, CKA_NSS_EXPIRES,
CKA_NSS_KRL, CKA_NSS_PQG_COUNTER, CKA_NSS_PQG_SEED,
CKA_NSS_PQG_H, CKA_NSS_PQG_SEED_BITS, CKA_NSS_MODULE_SPEC,
CKA_TRUST_DIGITAL_SIGNATURE, CKA_TRUST_NON_REPUDIATION,
CKA_TRUST_KEY_ENCIPHERMENT, CKA_TRUST_DATA_ENCIPHERMENT,
CKA_TRUST_KEY_AGREEMENT, CKA_TRUST_KEY_CERT_SIGN, CKA_TRUST_CRL_SIGN,
CKA_TRUST_SERVER_AUTH, CKA_TRUST_CLIENT_AUTH, CKA_TRUST_CODE_SIGNING,
CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_IPSEC_END_SYSTEM,
CKA_TRUST_IPSEC_TUNNEL, CKA_TRUST_IPSEC_USER, CKA_TRUST_TIME_STAMPING,
CKA_TRUST_STEP_UP_APPROVED, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH,
CKA_NSS_DB, CKA_NSS_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS,
CKA_PUBLIC_KEY_INFO
};
static unsigned int known_attributes_size = sizeof(known_attributes) /
sizeof(known_attributes[0]);
PRBool
isULONGAttribute(CK_ATTRIBUTE_TYPE type)
{
switch (type) {
case CKA_CERTIFICATE_CATEGORY:
case CKA_CERTIFICATE_TYPE:
case CKA_CLASS:
case CKA_JAVA_MIDP_SECURITY_DOMAIN:
case CKA_KEY_GEN_MECHANISM:
case CKA_KEY_TYPE:
case CKA_MECHANISM_TYPE:
case CKA_MODULUS_BITS:
case CKA_PRIME_BITS:
case CKA_SUBPRIME_BITS:
case CKA_VALUE_BITS:
case CKA_VALUE_LEN:
case CKA_TRUST_DIGITAL_SIGNATURE:
case CKA_TRUST_NON_REPUDIATION:
case CKA_TRUST_KEY_ENCIPHERMENT:
case CKA_TRUST_DATA_ENCIPHERMENT:
case CKA_TRUST_KEY_AGREEMENT:
case CKA_TRUST_KEY_CERT_SIGN:
case CKA_TRUST_CRL_SIGN:
case CKA_TRUST_SERVER_AUTH:
case CKA_TRUST_CLIENT_AUTH:
case CKA_TRUST_CODE_SIGNING:
case CKA_TRUST_EMAIL_PROTECTION:
case CKA_TRUST_IPSEC_END_SYSTEM:
case CKA_TRUST_IPSEC_TUNNEL:
case CKA_TRUST_IPSEC_USER:
case CKA_TRUST_TIME_STAMPING:
case CKA_TRUST_STEP_UP_APPROVED:
return PR_TRUE;
default:
break;
}
return PR_FALSE;
}
/* are the attributes private? */
static PRBool
isPrivateAttribute(CK_ATTRIBUTE_TYPE type)
{
switch (type) {
case CKA_VALUE:
case CKA_PRIVATE_EXPONENT:
case CKA_PRIME_1:
case CKA_PRIME_2:
case CKA_EXPONENT_1:
case CKA_EXPONENT_2:
case CKA_COEFFICIENT:
return PR_TRUE;
default:
break;
}
return PR_FALSE;
}
/* These attributes must be authenticated with an hmac. */
static PRBool
isAuthenticatedAttribute(CK_ATTRIBUTE_TYPE type)
{
switch (type) {
case CKA_MODULUS:
case CKA_PUBLIC_EXPONENT:
case CKA_CERT_SHA1_HASH:
case CKA_CERT_MD5_HASH:
case CKA_TRUST_SERVER_AUTH:
case CKA_TRUST_CLIENT_AUTH:
case CKA_TRUST_EMAIL_PROTECTION:
case CKA_TRUST_CODE_SIGNING:
case CKA_TRUST_STEP_UP_APPROVED:
case CKA_NSS_OVERRIDE_EXTENSIONS:
return PR_TRUE;
default:
break;
}
return PR_FALSE;
}
/*
* convert a database ulong back to a native ULONG. (reverse of the above
* function.
*/
static CK_ULONG
sdbULong2ULong(unsigned char *data)
{
int i;
CK_ULONG value = 0;
for (i = 0; i < SDB_ULONG_SIZE; i++) {
value |= (((CK_ULONG)data[i]) << (SDB_ULONG_SIZE - 1 - i) * PR_BITS_PER_BYTE);
}
return value;
}
/* PBE defines and functions */
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
typedef struct EncryptedDataInfoStr {
SECAlgorithmID algorithm;
SECItem encryptedData;
} EncryptedDataInfo;
static const SEC_ASN1Template encryptedDataInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(EncryptedDataInfo) },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
offsetof(EncryptedDataInfo, algorithm),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ SEC_ASN1_OCTET_STRING,
offsetof(EncryptedDataInfo, encryptedData) },
{ 0 }
};
typedef struct PBEParameterStr {
SECAlgorithmID prfAlg;
SECItem salt;
SECItem iteration;
SECItem keyLength;
} PBEParameter;
static const SEC_ASN1Template pkcs5V1PBEParameterTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(PBEParameter) },
{ SEC_ASN1_OCTET_STRING,
offsetof(PBEParameter, salt) },
{ SEC_ASN1_INTEGER,
offsetof(PBEParameter, iteration) },
{ 0 }
};
static const SEC_ASN1Template pkcs12V2PBEParameterTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PBEParameter) },
{ SEC_ASN1_OCTET_STRING, offsetof(PBEParameter, salt) },
{ SEC_ASN1_INTEGER, offsetof(PBEParameter, iteration) },
{ 0 }
};
static const SEC_ASN1Template pkcs5V2PBEParameterTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PBEParameter) },
/* this is really a choice, but since we don't understand any other
* choice, just inline it. */
{ SEC_ASN1_OCTET_STRING, offsetof(PBEParameter, salt) },
{ SEC_ASN1_INTEGER, offsetof(PBEParameter, iteration) },
{ SEC_ASN1_INTEGER, offsetof(PBEParameter, keyLength) },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
offsetof(PBEParameter, prfAlg),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ 0 }
};
typedef struct Pkcs5v2PBEParameterStr {
SECAlgorithmID keyParams; /* parameters of the key generation */
SECAlgorithmID algParams; /* parameters for the encryption or mac op */
} Pkcs5v2PBEParameter;
static const SEC_ASN1Template pkcs5v2PBES2ParameterTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(Pkcs5v2PBEParameter) },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
offsetof(Pkcs5v2PBEParameter, keyParams),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN,
offsetof(Pkcs5v2PBEParameter, algParams),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ 0 }
};
static inline PRBool
isPKCS12PBE(SECOidTag alg)
{
switch (alg) {
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
return PR_TRUE;
default:
break;
}
return PR_FALSE;
}
/* helper functions */
/* output an NSS specific attribute or name that wasn't found in our
* pkcs #11 table */
const char *
makeNSSVendorName(CK_ATTRIBUTE_TYPE attribute, const char *nameType)
{
static char nss_name[256];
const char *name = NULL;
if ((attribute >= CKA_NSS) && (attribute < 0xffffffffUL)) {
sprintf(nss_name, "%s+%d", nameType, (int)(attribute - CKA_NSS));
name = nss_name;
}
return name;
}
/* turn and attribute into a name */
const char *
AttributeName(CK_ATTRIBUTE_TYPE attribute)
{
const char *name = getNameFromAttribute(attribute);
if (!name) {
name = makeNSSVendorName(attribute, "CKA_NSS");
}
return name ? name : "UNKNOWN_ATTRIBUTE_TYPE";
}
/* turn and error code into a name */
const char *
ErrorName(CK_RV crv)
{
const char *error = getName(crv, ConstResult);
if (!error) {
error = makeNSSVendorName(crv, "CKR_NSS");
}
return error ? error : "UNKNOWN_ERROR";
}
/* turn an oud tag into a string */
const char *
oid2string(SECOidTag alg)
{
const char *oidstring = SECOID_FindOIDTagDescription(alg);
const char *def = "Invalid oid tag"; /* future build a dotted oid string value here */
return oidstring ? oidstring : def;
}
/* dump an arbitary data blob. Dump it has hex with ascii on the side */
#define ASCCHAR(val) ((val) >= ' ' && (val) <= 0x7e ? (val) : '.')
#define LINE_LENGTH 16
void
dumpValue(const unsigned char *v, int len)
{
int i, next = 0;
char string[LINE_LENGTH + 1];
char space[LINE_LENGTH * 2 + 1];
char *nl = "";
char *sp = "";
PORT_Memset(string, 0, sizeof(string));
for (i = 0; i < len; i++) {
if ((i % LINE_LENGTH) == 0) {
printf("%s%s%s ", sp, string, nl);
PORT_Memset(string, 0, sizeof(string));
next = 0;
nl = "\n";
sp = " ";
}
printf("%02x", v[i]);
string[next++] = ASCCHAR(v[i]);
}
PORT_Memset(space, 0, sizeof(space));
i = LINE_LENGTH - (len % LINE_LENGTH);
if (i != LINE_LENGTH) {
int j;
for (j = 0; j < i; j++) {
space[j * 2] = ' ';
space[j * 2 + 1] = ' ';
}
}
printf("%s%s%s%s", space, sp, string, nl);
}
/* dump a PKCS5/12 PBE blob */
void
dumpPKCS(unsigned char *val, CK_ULONG len, PRBool *hasSig)
{
EncryptedDataInfo edi;
SECStatus rv;
SECItem data;
PLArenaPool *arena;
SECOidTag alg, prfAlg;
PBEParameter pbeParam;
unsigned char zero = 0;
const SEC_ASN1Template *template = pkcs5V1PBEParameterTemplate;
int iter, keyLen, i;
if (hasSig) {
*hasSig = PR_FALSE;
}
data.data = val;
data.len = len;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
printf("Couldn't allocate arena\n");
return;
}
/* initialize default values */
PORT_Memset(&pbeParam, 0, sizeof(pbeParam));
pbeParam.keyLength.data = &zero;
pbeParam.keyLength.len = sizeof(zero);
SECOID_SetAlgorithmID(arena, &pbeParam.prfAlg, SEC_OID_SHA1, NULL);
/* first crack the encrypted data from the PBE algorithm ID */
rv = SEC_QuickDERDecodeItem(arena, &edi, encryptedDataInfoTemplate, &data);
if (rv != SECSuccess) {
printf("Encrypted Data, failed to decode\n");
dumpValue(val, len);
PORT_FreeArena(arena, PR_FALSE);
return;
}
/* now use the pbe secalg to dump info on the pbe */
alg = SECOID_GetAlgorithmTag(&edi.algorithm);
if ((alg == SEC_OID_PKCS5_PBES2) || (alg == SEC_OID_PKCS5_PBMAC1)) {
Pkcs5v2PBEParameter param;
SECOidTag palg;
const char *typeName = (alg == SEC_OID_PKCS5_PBES2) ? "Encrypted Data PBES2" : "Mac Data PBMAC1";
rv = SEC_QuickDERDecodeItem(arena, &param,
pkcs5v2PBES2ParameterTemplate,
&edi.algorithm.parameters);
if (rv != SECSuccess) {
printf("%s, failed to decode\n", typeName);
dumpValue(val, len);
PORT_FreeArena(arena, PR_FALSE);
return;
}
palg = SECOID_GetAlgorithmTag(&param.algParams);
printf("%s alg=%s ", typeName, oid2string(palg));
if (hasSig && palg == SEC_OID_AES_256_CBC) {
*hasSig = PR_TRUE;
}
template = pkcs5V2PBEParameterTemplate;
edi.algorithm.parameters = param.keyParams.parameters;
} else {
printf("Encrypted Data alg=%s ", oid2string(alg));
if (alg == SEC_OID_PKCS5_PBKDF2) {
template = pkcs5V2PBEParameterTemplate;
} else if (isPKCS12PBE(alg)) {
template = pkcs12V2PBEParameterTemplate;
} else {
template = pkcs5V1PBEParameterTemplate;
}
}
rv = SEC_QuickDERDecodeItem(arena, &pbeParam,
template,
&edi.algorithm.parameters);
if (rv != SECSuccess) {
printf("( failed to decode params)\n");
PORT_FreeArena(arena, PR_FALSE);
return;
}
/* dump the pbe parmeters */
iter = DER_GetInteger(&pbeParam.iteration);
keyLen = DER_GetInteger(&pbeParam.keyLength);
prfAlg = SECOID_GetAlgorithmTag(&pbeParam.prfAlg);
printf("(prf=%s iter=%d keyLen=%d salt=0x",
oid2string(prfAlg), iter, keyLen);
for (i = 0; i < pbeParam.salt.len; i++)
printf("%02x", pbeParam.salt.data[i]);
printf(")\n");
/* finally dump the raw encrypted data */
dumpValue(edi.encryptedData.data, edi.encryptedData.len);
PORT_FreeArena(arena, PR_FALSE);
}
/* dump a long attribute, convert to an unsigned long. PKCS #11 Longs are
* limited to 32 bits by the spec, even if the CK_ULONG is longer */
void
dumpLongAttribute(CK_ATTRIBUTE_TYPE type, CK_ULONG value)
{
const char *nameType = "CK_NSS";
ConstType constType = ConstNone;
const char *valueName = NULL;
switch (type) {
case CKA_CLASS:
nameType = "CKO_NSS";
constType = ConstObject;
break;
case CKA_CERTIFICATE_TYPE:
nameType = "CKC_NSS";
constType = ConstCertType;
break;
case CKA_KEY_TYPE:
nameType = "CKK_NSS";
constType = ConstKeyType;
break;
case CKA_MECHANISM_TYPE:
nameType = "CKM_NSS";
constType = ConstMechanism;
break;
case CKA_TRUST_SERVER_AUTH:
case CKA_TRUST_CLIENT_AUTH:
case CKA_TRUST_CODE_SIGNING:
case CKA_TRUST_EMAIL_PROTECTION:
case CKA_TRUST_IPSEC_END_SYSTEM:
case CKA_TRUST_IPSEC_TUNNEL:
case CKA_TRUST_IPSEC_USER:
case CKA_TRUST_TIME_STAMPING:
nameType = "CKT_NSS";
constType = ConstTrust;
break;
default:
break;
}
/* if value has a symbolic name, use it */
if (constType != ConstNone) {
valueName = getName(value, constType);
}
if (!valueName) {
valueName = makeNSSVendorName(value, nameType);
}
if (!valueName) {
printf("%d (0x%08x)\n", (int)value, (int)value);
} else {
printf("%s (0x%08x)\n", valueName, (int)value);
}
}
/* dump a signature for an object */
static const char META_SIG_TEMPLATE[] = "sig_%s_%08x_%08x";
void
dumpSignature(CK_ATTRIBUTE_TYPE attribute, SDB *keydb, PRBool isKey,
CK_OBJECT_HANDLE objectID, PRBool force)
{
char id[30];
CK_RV crv;
SECItem signText;
unsigned char signData[SDB_MAX_META_DATA_LEN];
if (!force && !isAuthenticatedAttribute(attribute)) {
return;
}
sprintf(id, META_SIG_TEMPLATE,
isKey ? "key" : "cert",
(unsigned int)objectID, (unsigned int)attribute);
printf(" Signature %s:", id);
signText.data = signData;
signText.len = sizeof(signData);
crv = (*keydb->sdb_GetMetaData)(keydb, id, &signText, NULL);
if ((crv != CKR_OK) && isKey) {
sprintf(id, META_SIG_TEMPLATE,
isKey ? "key" : "cert", (unsigned int)(objectID | SFTK_KEYDB_TYPE | SFTK_TOKEN_TYPE),
(unsigned int)attribute);
crv = (*keydb->sdb_GetMetaData)(keydb, id, &signText, NULL);
}
if (crv != CKR_OK) {
printf(" FAILED %s with %s (0x%08x)\n", id, ErrorName(crv), (int)crv);
return;
}
dumpPKCS(signText.data, signText.len, NULL);
return;
}
/* dump an attribute. use the helper functions above */
void
dumpAttribute(CK_ATTRIBUTE *template, SDB *keydb, PRBool isKey,
CK_OBJECT_HANDLE id)
{
CK_ATTRIBUTE_TYPE attribute = template->type;
printf(" %s(0x%08x): ", AttributeName(attribute), (int)attribute);
if (template->pValue == NULL) {
printf("NULL (%d)\n", (int)template->ulValueLen);
return;
}
if (template->ulValueLen == SDB_ULONG_SIZE && isULONGAttribute(attribute)) {
CK_ULONG value = sdbULong2ULong(template->pValue);
dumpLongAttribute(attribute, value);
return;
}
if (template->ulValueLen == 1) {
unsigned char val = *(unsigned char *)template->pValue;
switch (val) {
case 0:
printf("CK_FALSE\n");
break;
case 1:
printf("CK_TRUE\n");
break;
default:
printf("%d 0x%02x %c\n", val, val, ASCCHAR(val));
break;
}
return;
}
if (isKey && isPrivateAttribute(attribute)) {
PRBool hasSig = PR_FALSE;
dumpPKCS(template->pValue, template->ulValueLen, &hasSig);
if (hasSig) {
dumpSignature(attribute, keydb, isKey, id, PR_TRUE);
}
return;
}
if (template->ulValueLen == 0) {
printf("empty");
}
printf("\n");
dumpValue(template->pValue, template->ulValueLen);
}
/* dump all the attributes in an object */
void
dumpObject(CK_OBJECT_HANDLE id, SDB *db, SDB *keydb, PRBool isKey)
{
CK_RV crv;
int i;
CK_ATTRIBUTE template;
char buffer[2048];
char *alloc = NULL;
printf(" Object 0x%08x:\n", (int)id);
for (i = 0; i < known_attributes_size; i++) {
CK_ATTRIBUTE_TYPE attribute = known_attributes[i];
template.type = attribute;
template.pValue = NULL;
template.ulValueLen = 0;
crv = (*db->sdb_GetAttributeValue)(db, id, &template, 1);
if (crv != CKR_OK) {
if (crv != CKR_ATTRIBUTE_TYPE_INVALID) {
PR_fprintf(PR_STDERR, " "
"Get Attribute %s (0x%08x):FAILED\"%s\"(0x%08x)\n",
AttributeName(attribute), (int)attribute,
ErrorName(crv), (int)crv);
}
continue;
}
if (template.ulValueLen < sizeof(buffer)) {
template.pValue = buffer;
} else {
alloc = PORT_Alloc(template.ulValueLen);
template.pValue = alloc;
}
if (template.pValue == NULL) {
PR_fprintf(PR_STDERR, " "
"Could allocate %d bytes for Attribute %s (0x%08x)\n",
(int)template.ulValueLen,
AttributeName(attribute), (int)attribute);
continue;
}
crv = (*db->sdb_GetAttributeValue)(db, id, &template, 1);
if (crv != CKR_OK) {
if (crv != CKR_ATTRIBUTE_TYPE_INVALID) {
PR_fprintf(PR_STDERR, " "
"Get Attribute %s (0x%08x):FAILED\"%s\"(0x%08x)\n",
AttributeName(attribute), (int)attribute,
ErrorName(crv), (int)crv);
}
if (alloc) {
PORT_Free(alloc);
alloc = NULL;
}
continue;
}
dumpAttribute(&template, keydb, isKey, id);
dumpSignature(template.type, keydb, isKey, id, PR_FALSE);
if (alloc) {
PORT_Free(alloc);
alloc = NULL;
}
}
}
/* dump all the objects in a database */
void
dumpDB(SDB *db, const char *name, SDB *keydb, PRBool isKey)
{
SDBFind *findHandle = NULL;
CK_BBOOL isTrue = 1;
CK_ATTRIBUTE allObjectTemplate = { CKA_TOKEN, NULL, 1 };
CK_ULONG allObjectTemplateCount = 1;
PRBool recordFound = PR_FALSE;
CK_RV crv = CKR_OK;
CK_ULONG objectCount = 0;
printf("%s:\n", name);
allObjectTemplate.pValue = &isTrue;
crv = (*db->sdb_FindObjectsInit)(db, &allObjectTemplate,
allObjectTemplateCount, &findHandle);
do {
CK_OBJECT_HANDLE id;
recordFound = PR_FALSE;
crv = (*db->sdb_FindObjects)(db, findHandle, &id, 1, &objectCount);
if ((crv == CKR_OK) && (objectCount == 1)) {
recordFound = PR_TRUE;
dumpObject(id, db, keydb, isKey);
}
} while (recordFound);
if (crv != CKR_OK) {
PR_fprintf(PR_STDERR,
"Last record return PKCS #11 error = %s (0x%08x)\n",
ErrorName(crv), (int)crv);
}
(*db->sdb_FindObjectsFinal)(db, findHandle);
}
static char *
secu_ConfigDirectory(const char *base)
{
static PRBool initted = PR_FALSE;
const char *dir = ".netscape";
char *home;
static char buf[1000];
if (initted)
return buf;
if (base == NULL || *base == 0) {
home = PR_GetEnvSecure("HOME");
if (!home)
home = "";
if (*home && home[strlen(home) - 1] == '/')
sprintf(buf, "%.900s%s", home, dir);
else
sprintf(buf, "%.900s/%s", home, dir);
} else {
sprintf(buf, "%.900s", base);
if (buf[strlen(buf) - 1] == '/')
buf[strlen(buf) - 1] = 0;
}
initted = PR_TRUE;
return buf;
}
int
main(int argc, char **argv)
{
PLOptState *optstate;
PLOptStatus optstatus;
char *certPrefix = "", *keyPrefix = "";
int cert_version = 9;
int key_version = 4;
SDB *certdb = NULL;
SDB *keydb = NULL;
PRBool isNew = PR_FALSE;
CK_RV crv;
progName = strrchr(argv[0], '/');
if (!progName)
progName = strrchr(argv[0], '\\');
progName = progName ? progName + 1 : argv[0];
optstate = PL_CreateOptState(argc, argv, "d:c:k:v:V:h");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case 'h':
default:
Usage();
break;
case 'd':
dbDir = PORT_Strdup(optstate->value);
break;
case 'c':
certPrefix = PORT_Strdup(optstate->value);
break;
case 'k':
keyPrefix = PORT_Strdup(optstate->value);
break;
case 'v':
key_version = atoi(optstate->value);
break;
case 'V':
cert_version = atoi(optstate->value);
break;
}
}
PL_DestroyOptState(optstate);
if (optstatus == PL_OPT_BAD)
Usage();
if (dbDir) {
char *tmp = dbDir;
dbDir = secu_ConfigDirectory(tmp);
PORT_Free(tmp);
} else {
dbDir = secu_ConfigDirectory(NULL);
}
PR_fprintf(PR_STDERR, "dbdir selected is %s\n\n", dbDir);
if (dbDir[0] == '\0') {
PR_fprintf(PR_STDERR,
"ERROR: Directory \"%s\" does not exist.\n", dbDir);
return 1;
}
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
SECOID_Init();
crv = s_open(dbDir, certPrefix, keyPrefix, cert_version, key_version,
SDB_RDONLY, &certdb, &keydb, &isNew);
if (crv != CKR_OK) {
PR_fprintf(PR_STDERR,
"Couldn't open databased in %s, error=%s (0x%08x)\n",
dbDir, ErrorName(crv), (int)crv);
return 1;
}
/* now dump the objects in the cert database */
dumpDB(certdb, "CertDB", keydb, PR_FALSE);
dumpDB(keydb, "KeyDB", keydb, PR_TRUE);
return 0;
}

36
security/nss/cmd/dbtool/dbtool.gyp Normal file
View file

@ -0,0 +1,36 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../../cmd/platlibs.gypi'
],
'targets': [
{
'target_name': 'dbtool',
'type': 'executable',
'sources': [
'dbtool.c',
'../../lib/softoken/sdb.c'
],
'dependencies': [
'<(DEPTH)/exports.gyp:dbm_exports',
'<(DEPTH)/exports.gyp:nss_exports'
],
'conditions': [
[ 'use_system_sqlite==1', {
'dependencies': [
'<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
],
}, {
'dependencies': [
'<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite',
],
}],
] }
],
'variables': {
'module': 'nss'
}
}

21
security/nss/cmd/dbtool/manifest.mn Normal file
View file

@ -0,0 +1,21 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ../..
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = nss
USE_STATIC_LIBS = 1
# DIRS =
CSRCS = dbtool.c sdb.c
# sdb.c is copied for softoken, clean it up on make clean
GARBAGE = sdb.c
PROGRAM = dbtool

1
security/nss/cmd/manifest.mn
View file

@ -22,6 +22,7 @@ endif
ifndef NSS_BUILD_UTIL_ONLY
SOFTOKEN_SRCDIRS = \
$(BLTEST_SRCDIR) \
$(DBTOOL_SRCDIR) \
$(ECPERF_SRCDIR) \
$(FREEBL_ECTEST_SRCDIR) \
$(FIPSTEST_SRCDIR) \

1
security/nss/coreconf/coreconf.dep
View file

@ -10,4 +10,3 @@
*/
#error "Do not include this header file."

22
security/nss/doc/rst/releases/index.rst
View file

@ -8,6 +8,7 @@ Releases
:glob:
:hidden:
nss_3_94.rst
nss_3_93.rst
nss_3_92.rst
nss_3_91_0.rst
@ -57,16 +58,25 @@ Releases
.. note::
**NSS 3.93.0** is the latest version of NSS.
Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_91_0_release_notes`
**NSS 3.94.0** is the latest version of NSS.
Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_94_0_release_notes`
**NSS 3.90.0 (ESR)** is the latest version of NSS.
Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_90_0_release_notes`
.. container::
Changes in 3.93 included in this release:
Changes in 3.94 included in this release:
- Bug 1849471 - Update zlib in NSS to 1.3.
- Bug 1848183 - softoken: iterate hashUpdate calls for long inputs.
- Bug 1813401 - regenerate NameConstraints test certificates.
- Bug 1853737 - Updated code and commit ID for HACL*.
- Bug 1840510 - update ACVP fuzzed test vector: refuzzed with current NSS
- Bug 1827303 - Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants.
- Bug 1774659 - NSS needs a database tool that can dump the low level representation of the database.
- Bug 1852179 - declare string literals using char in pkixnames_tests.cpp.
- Bug 1852179 - avoid implicit conversion for ByteString.
- Bug 1818766 - update rust version for acvp docker.
- Bug 1852011 - Moving the init function of the mpi_ints before clean-up in ec.c
- Bug 1615555 - P-256 ECDH and ECDSA from HACL*.
- Bug 1840510 - Add ACVP test vectors to the repository
- Bug 1849077 - Stop relying on std::basic_string<uint8_t>.
- Bug 1847845 - Transpose the PPC_ABI check from Makefile to gyp.

68
security/nss/doc/rst/releases/nss_3_94.rst Normal file
View file

@ -0,0 +1,68 @@
.. _mozilla_projects_nss_nss_3_94_release_notes:
NSS 3.94 release notes
======================
`Introduction <#introduction>`__
--------------------------------
.. container::
Network Security Services (NSS) 3.94 was released on *2 October 2023**.
.. _distribution_information:
`Distribution Information <#distribution_information>`__
--------------------------------------------------------
.. container::
The HG tag is NSS_3_94_RTM. NSS 3.94 requires NSPR 4.35 or newer.
NSS 3.94 source distributions are available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_94_RTM/src/
Other releases are available :ref:`mozilla_projects_nss_releases`.
.. _changes_in_nss_3.94:
`Changes in NSS 3.94 <#changes_in_nss_3.94>`__
----------------------------------------------------
.. container::
- Bug 1853737 - Updated code and commit ID for HACL*.
- Bug 1840510 - update ACVP fuzzed test vector: refuzzed with current NSS
- Bug 1827303 - Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants.
- Bug 1774659 - NSS needs a database tool that can dump the low level representation of the database.
- Bug 1852179 - declare string literals using char in pkixnames_tests.cpp.
- Bug 1852179 - avoid implicit conversion for ByteString.
- Bug 1818766 - update rust version for acvp docker.
- Bug 1852011 - Moving the init function of the mpi_ints before clean-up in ec.c
- Bug 1615555 - P-256 ECDH and ECDSA from HACL*.
- Bug 1840510 - Add ACVP test vectors to the repository
- Bug 1849077 - Stop relying on std::basic_string<uint8_t>.
- Bug 1847845 - Transpose the PPC_ABI check from Makefile to gyp.
`Compatibility <#compatibility>`__
----------------------------------
.. container::
NSS 3.94 shared libraries are backwards-compatible with all older NSS 3.x shared
libraries. A program linked with older NSS 3.x shared libraries will work with
this new version of the shared libraries without recompiling or
relinking. Furthermore, applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible with future
versions of the NSS shared libraries.
`Feedback <#feedback>`__
------------------------
.. container::
Bugs discovered should be reported by filing a bug report on
`bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).

12
security/nss/gtests/mozpkix_gtest/pkixnames_tests.cpp
View file

@ -1135,8 +1135,8 @@ static const uint8_t example_com[] = {
static const uint8_t ipv4_addr_bytes[] = {
1, 2, 3, 4
};
static const uint8_t ipv4_addr_bytes_as_str[] = "\x01\x02\x03\x04";
static const uint8_t ipv4_addr_str[] = "1.2.3.4";
static const char ipv4_addr_bytes_as_str[] = "\x01\x02\x03\x04";
static const char ipv4_addr_str[] = "1.2.3.4";
static const uint8_t ipv4_addr_bytes_FFFFFFFF[8] = {
1, 2, 3, 4, 0xff, 0xff, 0xff, 0xff
};
@ -1147,7 +1147,7 @@ static const uint8_t ipv4_compatible_ipv6_addr_bytes[] = {
0, 0, 0, 0,
1, 2, 3, 4
};
static const uint8_t ipv4_compatible_ipv6_addr_str[] = "::1.2.3.4";
static const char ipv4_compatible_ipv6_addr_str[] = "::1.2.3.4";
static const uint8_t ipv4_mapped_ipv6_addr_bytes[] = {
0, 0, 0, 0,
@ -1155,7 +1155,7 @@ static const uint8_t ipv4_mapped_ipv6_addr_bytes[] = {
0, 0, 0xFF, 0xFF,
1, 2, 3, 4
};
static const uint8_t ipv4_mapped_ipv6_addr_str[] = "::FFFF:1.2.3.4";
static const char ipv4_mapped_ipv6_addr_str[] = "::FFFF:1.2.3.4";
static const uint8_t ipv6_addr_bytes[] = {
0x11, 0x22, 0x33, 0x44,
@ -1163,13 +1163,13 @@ static const uint8_t ipv6_addr_bytes[] = {
0x99, 0xaa, 0xbb, 0xcc,
0xdd, 0xee, 0xff, 0x11
};
static const uint8_t ipv6_addr_bytes_as_str[] =
static const char ipv6_addr_bytes_as_str[] =
"\x11\x22\x33\x44"
"\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc"
"\xdd\xee\xff\x11";
static const uint8_t ipv6_addr_str[] =
static const char ipv6_addr_str[] =
"1122:3344:5566:7788:99aa:bbcc:ddee:ff11";
static const uint8_t ipv6_other_addr_bytes[] = {

32
security/nss/lib/freebl/nsslowhash.c
View file

@ -23,36 +23,6 @@ struct NSSLOWHASHContextStr {
void *hashCtxt;
};
#ifndef NSS_FIPS_DISABLED
static int
nsslow_GetFIPSEnabled(void)
{
#ifdef LINUX
FILE *f;
char d;
size_t size;
const char *env;
env = PR_GetEnvSecure("NSS_FIPS");
if (env && (*env == 'y' || *env == 'f' || *env == '1' || *env == 't')) {
return 1;
}
f = fopen("/proc/sys/crypto/fips_enabled", "r");
if (!f)
return 0;
size = fread(&d, 1, 1, f);
fclose(f);
if (size != 1)
return 0;
if (d != '1')
return 0;
#endif /* LINUX */
return 1;
}
#endif /* NSS_FIPS_DISABLED */
static NSSLOWInitContext dummyContext = { 0 };
static PRBool post_failed = PR_TRUE;
@ -66,7 +36,7 @@ NSSLOW_Init(void)
#ifndef NSS_FIPS_DISABLED
/* make sure the FIPS product is installed if we are trying to
* go into FIPS mode */
if (nsslow_GetFIPSEnabled()) {
if (NSS_GetSystemFIPSEnabled()) {
if (BL_FIPSEntryOK(PR_TRUE, PR_FALSE) != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
post_failed = PR_TRUE;

44
security/nss/lib/freebl/stubs.c
View file

@ -182,6 +182,9 @@ STUB_DECLARE(SECOidTag, SECOID_FindOIDTag_Util, (const SECItem *oid));
STUB_DECLARE(int, NSS_SecureMemcmp, (const void *a, const void *b, size_t n));
STUB_DECLARE(unsigned int, NSS_SecureMemcmpZero, (const void *mem, size_t n));
STUB_DECLARE(void, NSS_SecureSelect, (void *dest, const void *src0, const void *src1, size_t n, unsigned char b));
#ifndef NSS_FIPS_DISABLED
STUB_DECLARE(PRBool, NSS_GetSystemFIPSEnabled, (void));
#endif
#define PORT_ZNew_stub(type) (type *)PORT_ZAlloc_stub(sizeof(type))
#define PORT_New_stub(type) (type *)PORT_Alloc_stub(sizeof(type))
@ -712,6 +715,47 @@ NSS_SecureSelect_stub(void *dest, const void *src0, const void *src1, size_t n,
abort();
}
#ifndef NSS_FIPS_DISABLED
PRBool
NSS_GetSystemFIPSEnabled_stub(void)
{
STUB_SAFE_CALL0(NSS_GetSystemFIPSEnabled);
const char *env;
/* The environment variable is active for all platforms */
env = PR_GetEnvSecure_stub("NSS_FIPS");
/* we generally accept y, Y, 1, FIPS, TRUE, and ON as turning on FIPS
* mode. Anything else is considered 'off' */
if (env && (*env == 'y' || *env == '1' || *env == 'Y' ||
(strcasecmp(env, "fips") == 0) ||
(strcasecmp(env, "true") == 0) ||
(strcasecmp(env, "on") == 0))) {
return PR_TRUE;
}
/* currently only Linux has a system FIPS indicator. Add others here
* as they become available/known */
#ifdef LINUX
{
FILE *f;
char d;
size_t size;
f = fopen("/proc/sys/crypto/fips_enabled", "r");
if (!f)
return PR_FALSE;
size = fread(&d, 1, 1, f);
fclose(f);
if (size != 1)
return PR_FALSE;
if (d == '1')
return PR_TRUE;
}
#endif /* LINUX */
return PR_FALSE;
}
#endif /* NSS_FIPS_DISABLED = 0 */
#ifdef FREEBL_NO_WEAK
static const char *nsprLibName = SHLIB_PREFIX "nspr4." SHLIB_SUFFIX;

1
security/nss/lib/freebl/stubs.h
View file

@ -43,6 +43,7 @@
#define NSS_SecureMemcmp NSS_SecureMemcmp_stub
#define NSS_SecureMemcmpZero NSS_SecureMemcmpZero_stub
#define NSS_SecureSelect NSS_SecureSelect_stub
#define NSS_GetSystemFIPSEnabled NSS_GetSystemFIPSEnabled_stub
#define PR_Assert PR_Assert_stub
#define PR_Access PR_Access_stub

18
security/nss/lib/freebl/verified/Hacl_Hash_SHA3.c
View file

@ -209,6 +209,8 @@ Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s)
Hacl_Streaming_Keccak_state scrut = *s;
uint8_t *buf = scrut.buf;
Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
Spec_Hash_Definitions_hash_alg i = block_state.fst;
KRML_HOST_IGNORE(i);
uint64_t *s1 = block_state.snd;
memset(s1, 0U, (uint32_t)25U * sizeof(uint64_t));
Hacl_Streaming_Keccak_state
@ -375,13 +377,13 @@ finish_(
uint64_t *s_dst = scrut.snd.snd;
uint64_t *s_src = scrut.fst.snd;
memcpy(s_dst, s_src, (uint32_t)25U * sizeof(uint64_t));
uint32_t ite0;
uint32_t ite;
if (r % block_len(a) == (uint32_t)0U && r > (uint32_t)0U) {
ite0 = block_len(a);
ite = block_len(a);
} else {
ite0 = r % block_len(a);
ite = r % block_len(a);
}
uint8_t *buf_last = buf_1 + r - ite0;
uint8_t *buf_last = buf_1 + r - ite;
uint8_t *buf_multi = buf_1;
Spec_Hash_Definitions_hash_alg a1 = tmp_block_state.fst;
uint64_t *s0 = tmp_block_state.snd;
@ -392,13 +394,7 @@ finish_(
Spec_Hash_Definitions_hash_alg a11 = tmp_block_state.fst;
uint64_t *s = tmp_block_state.snd;
if (a11 == Spec_Hash_Definitions_Shake128 || a11 == Spec_Hash_Definitions_Shake256) {
uint32_t ite;
if (a11 == Spec_Hash_Definitions_Shake128 || a11 == Spec_Hash_Definitions_Shake256) {
ite = l;
} else {
ite = hash_len(a11);
}
Hacl_Impl_SHA3_squeeze(s, block_len(a11), ite, dst);
Hacl_Impl_SHA3_squeeze(s, block_len(a11), l, dst);
return;
}
Hacl_Impl_SHA3_squeeze(s, block_len(a11), hash_len(a11), dst);

0
security/nss/lib/freebl/verified/internal/Hacl_IntTypes_Intrinsics.h → security/nss/lib/freebl/verified/Hacl_IntTypes_Intrinsics.h
View file

0
security/nss/lib/freebl/verified/internal/Hacl_IntTypes_Intrinsics_128.h → security/nss/lib/freebl/verified/Hacl_IntTypes_Intrinsics_128.h
View file

4
security/nss/lib/freebl/verified/Hacl_Krmllib.h
View file

@ -34,9 +34,9 @@ extern "C" {
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
static inline uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
static inline FStar_UInt128_uint128
FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);

70
security/nss/lib/freebl/verified/Hacl_P256.c
View file

@ -211,8 +211,7 @@ bn_sub_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t *y)
c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
}
uint64_t c1 = c;
// TODO: remove unused variable
(void)c1;
KRML_HOST_IGNORE(c1);
uint64_t c2 = (uint64_t)0U - c00;
KRML_MAYBE_FOR4(i,
(uint32_t)0U,
@ -285,8 +284,7 @@ bn_sqr4(uint64_t *res, uint64_t *x)
} uint64_t r = c;
res[i0 + i0] = r;);
uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
// TODO: remove unused variable
(void)c0;
KRML_HOST_IGNORE(c0);
uint64_t tmp[8U] = { 0U };
KRML_MAYBE_FOR4(i,
(uint32_t)0U,
@ -298,13 +296,14 @@ bn_sqr4(uint64_t *res, uint64_t *x)
tmp[(uint32_t)2U * i] = lo;
tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
// TODO: remove unused variable
(void)c1;
KRML_HOST_IGNORE(c1);
}
static inline void
bn_to_bytes_be4(uint8_t *res, uint64_t *f)
{
uint8_t tmp[32U] = { 0U };
KRML_HOST_IGNORE(tmp);
KRML_MAYBE_FOR4(i,
(uint32_t)0U,
(uint32_t)4U,
@ -1040,38 +1039,33 @@ point_mul_g(uint64_t *res, uint64_t *scalar)
{
uint64_t q1[12U] = { 0U };
make_base_point(q1);
/*
uint64_t
q2[12U] =
{
(uint64_t)1499621593102562565U, (uint64_t)16692369783039433128U,
(uint64_t)15337520135922861848U, (uint64_t)5455737214495366228U,
(uint64_t)17827017231032529600U, (uint64_t)12413621606240782649U,
(uint64_t)2290483008028286132U, (uint64_t)15752017553340844820U,
(uint64_t)4846430910634234874U, (uint64_t)10861682798464583253U,
(uint64_t)15404737222404363049U, (uint64_t)363586619281562022U
};
q2[12U] = {
(uint64_t)1499621593102562565U, (uint64_t)16692369783039433128U,
(uint64_t)15337520135922861848U, (uint64_t)5455737214495366228U,
(uint64_t)17827017231032529600U, (uint64_t)12413621606240782649U,
(uint64_t)2290483008028286132U, (uint64_t)15752017553340844820U,
(uint64_t)4846430910634234874U, (uint64_t)10861682798464583253U,
(uint64_t)15404737222404363049U, (uint64_t)363586619281562022U
};
uint64_t
q3[12U] =
{
(uint64_t)14619254753077084366U, (uint64_t)13913835116514008593U,
(uint64_t)15060744674088488145U, (uint64_t)17668414598203068685U,
(uint64_t)10761169236902342334U, (uint64_t)15467027479157446221U,
(uint64_t)14989185522423469618U, (uint64_t)14354539272510107003U,
(uint64_t)14298211796392133693U, (uint64_t)13270323784253711450U,
(uint64_t)13380964971965046957U, (uint64_t)8686204248456909699U
};
q3[12U] = {
(uint64_t)14619254753077084366U, (uint64_t)13913835116514008593U,
(uint64_t)15060744674088488145U, (uint64_t)17668414598203068685U,
(uint64_t)10761169236902342334U, (uint64_t)15467027479157446221U,
(uint64_t)14989185522423469618U, (uint64_t)14354539272510107003U,
(uint64_t)14298211796392133693U, (uint64_t)13270323784253711450U,
(uint64_t)13380964971965046957U, (uint64_t)8686204248456909699U
};
uint64_t
q4[12U] =
{
(uint64_t)7870395003430845958U, (uint64_t)18001862936410067720U,
(uint64_t)8006461232116967215U, (uint64_t)5921313779532424762U,
(uint64_t)10702113371959864307U, (uint64_t)8070517410642379879U,
(uint64_t)7139806720777708306U, (uint64_t)8253938546650739833U,
(uint64_t)17490482834545705718U, (uint64_t)1065249776797037500U,
(uint64_t)5018258455937968775U, (uint64_t)14100621120178668337U
};
*/
q4[12U] = {
(uint64_t)7870395003430845958U, (uint64_t)18001862936410067720U,
(uint64_t)8006461232116967215U, (uint64_t)5921313779532424762U,
(uint64_t)10702113371959864307U, (uint64_t)8070517410642379879U,
(uint64_t)7139806720777708306U, (uint64_t)8253938546650739833U,
(uint64_t)17490482834545705718U, (uint64_t)1065249776797037500U,
(uint64_t)5018258455937968775U, (uint64_t)14100621120178668337U
};
uint64_t *r1 = scalar;
uint64_t *r2 = scalar + (uint32_t)1U;
uint64_t *r3 = scalar + (uint32_t)2U;
@ -1099,6 +1093,10 @@ point_mul_g(uint64_t *res, uint64_t *scalar)
uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
precomp_get_consttime(Hacl_P256_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
point_add(res, res, tmp););
KRML_HOST_IGNORE(q1);
KRML_HOST_IGNORE(q2);
KRML_HOST_IGNORE(q3);
KRML_HOST_IGNORE(q4);
}
static inline void
@ -1607,6 +1605,7 @@ Hacl_P256_ecdsa_sign_p256_without_hash(
uint64_t m_q[4U] = { 0U };
uint8_t mHash[32U] = { 0U };
memcpy(mHash, msg, (uint32_t)32U * sizeof(uint8_t));
KRML_HOST_IGNORE(msg_len);
uint8_t *mHash32 = mHash;
bn_from_bytes_be4(m_q, mHash32);
qmod_short(m_q, m_q);
@ -1645,6 +1644,7 @@ Hacl_P256_ecdsa_verif_without_hash(
uint64_t m_q[4U] = { 0U };
uint8_t mHash[32U] = { 0U };
memcpy(mHash, msg, (uint32_t)32U * sizeof(uint8_t));
KRML_HOST_IGNORE(msg_len);
uint8_t *mHash32 = mHash;
bn_from_bytes_be4(m_q, mHash32);
qmod_short(m_q, m_q);

332
security/nss/lib/freebl/verified/internal/Hacl_Bignum_Base.h
View file

@ -31,12 +31,13 @@ extern "C" {
#include <string.h>
#include "krml/internal/types.h"
#include "krml/internal/builtin.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "internal/Hacl_Krmllib.h"
#include "Hacl_Krmllib.h"
#include "internal/lib_intrinsics.h"
#include "lib_intrinsics.h"
static inline uint32_t
Hacl_Bignum_Base_mul_wide_add2_u32(uint32_t a, uint32_t b, uint32_t c_in, uint32_t *out)
@ -60,6 +61,74 @@ Hacl_Bignum_Base_mul_wide_add2_u64(uint64_t a, uint64_t b, uint64_t c_in, uint64
return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U));
}
static inline void
Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t *res)
{
uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
uint32_t tmpLen = (uint32_t)8U * bnLen;
KRML_CHECK_SIZE(sizeof(uint8_t), tmpLen);
uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof(uint8_t));
memset(tmp, 0U, tmpLen * sizeof(uint8_t));
memcpy(tmp + tmpLen - len, b, len * sizeof(uint8_t));
for (uint32_t i = (uint32_t)0U; i < bnLen; i++) {
uint64_t *os = res;
uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U);
uint64_t x = u;
os[i] = x;
}
}
static inline void
Hacl_Bignum_Convert_bn_to_bytes_be_uint64(uint32_t len, uint64_t *b, uint8_t *res)
{
uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U;
uint32_t tmpLen = (uint32_t)8U * bnLen;
KRML_CHECK_SIZE(sizeof(uint8_t), tmpLen);
uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof(uint8_t));
memset(tmp, 0U, tmpLen * sizeof(uint8_t));
for (uint32_t i = (uint32_t)0U; i < bnLen; i++) {
store64_be(tmp + i * (uint32_t)8U, b[bnLen - i - (uint32_t)1U]);
}
memcpy(res, tmp + tmpLen - len, len * sizeof(uint8_t));
}
static inline uint32_t
Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32_t *b)
{
uint32_t priv = (uint32_t)0U;
for (uint32_t i = (uint32_t)0U; i < len; i++) {
uint32_t mask = FStar_UInt32_eq_mask(b[i], (uint32_t)0U);
priv = (mask & priv) | (~mask & i);
}
return priv;
}
static inline uint64_t
Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64_t *b)
{
uint64_t priv = (uint64_t)0U;
for (uint32_t i = (uint32_t)0U; i < len; i++) {
uint64_t mask = FStar_UInt64_eq_mask(b[i], (uint64_t)0U);
priv = (mask & priv) | (~mask & (uint64_t)i);
}
return priv;
}
static inline uint32_t
Hacl_Bignum_Lib_bn_get_bits_u32(uint32_t len, uint32_t *b, uint32_t i, uint32_t l)
{
uint32_t i1 = i / (uint32_t)32U;
uint32_t j = i % (uint32_t)32U;
uint32_t p1 = b[i1] >> j;
uint32_t ite;
if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) {
ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)32U - j);
} else {
ite = p1;
}
return ite & (((uint32_t)1U << l) - (uint32_t)1U);
}
static inline uint64_t
Hacl_Bignum_Lib_bn_get_bits_u64(uint32_t len, uint64_t *b, uint32_t i, uint32_t l)
{
@ -75,6 +144,99 @@ Hacl_Bignum_Lib_bn_get_bits_u64(uint32_t len, uint64_t *b, uint32_t i, uint32_t
return ite & (((uint64_t)1U << l) - (uint64_t)1U);
}
static inline uint32_t
Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res)
{
uint32_t c = (uint32_t)0U;
for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) {
uint32_t t1 = a[(uint32_t)4U * i];
uint32_t t20 = b[(uint32_t)4U * i];
uint32_t *res_i0 = res + (uint32_t)4U * i;
c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0);
uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1);
uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2);
uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i);
}
for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) {
uint32_t t1 = a[i];
uint32_t t2 = b[i];
uint32_t *res_i = res + i;
c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t2, res_i);
}
return c;
}
static inline uint64_t
Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res)
{
uint64_t c = (uint64_t)0U;
for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) {
uint64_t t1 = a[(uint32_t)4U * i];
uint64_t t20 = b[(uint32_t)4U * i];
uint64_t *res_i0 = res + (uint32_t)4U * i;
c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0);
uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1);
uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2);
uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i);
}
for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) {
uint64_t t1 = a[i];
uint64_t t2 = b[i];
uint64_t *res_i = res + i;
c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t2, res_i);
}
return c;
}
static inline uint32_t
Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res)
{
uint32_t c = (uint32_t)0U;
for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) {
uint32_t t1 = a[(uint32_t)4U * i];
uint32_t t20 = b[(uint32_t)4U * i];
uint32_t *res_i0 = res + (uint32_t)4U * i;
c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0);
uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U];
uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U];
uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U;
c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1);
uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U];
uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U];
uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U;
c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2);
uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U];
uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U];
uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U;
c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
}
for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) {
uint32_t t1 = a[i];
uint32_t t2 = b[i];
uint32_t *res_i = res + i;
c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t2, res_i);
}
return c;
}
static inline uint64_t
Hacl_Bignum_Addition_bn_add_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res)
{
@ -106,6 +268,174 @@ Hacl_Bignum_Addition_bn_add_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b,
return c;
}
static inline void
Hacl_Bignum_Multiplication_bn_mul_u32(
uint32_t aLen,
uint32_t *a,
uint32_t bLen,
uint32_t *b,
uint32_t *res)
{
memset(res, 0U, (aLen + bLen) * sizeof(uint32_t));
for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++) {
uint32_t bj = b[i0];
uint32_t *res_j = res + i0;
uint32_t c = (uint32_t)0U;
for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) {
uint32_t a_i = a[(uint32_t)4U * i];
uint32_t *res_i0 = res_j + (uint32_t)4U * i;
c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c, res_i0);
uint32_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U];
uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, bj, c, res_i1);
uint32_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U];
uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, bj, c, res_i2);
uint32_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U];
uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, bj, c, res_i);
}
for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) {
uint32_t a_i = a[i];
uint32_t *res_i = res_j + i;
c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c, res_i);
}
uint32_t r = c;
res[aLen + i0] = r;
}
}
static inline void
Hacl_Bignum_Multiplication_bn_mul_u64(
uint32_t aLen,
uint64_t *a,
uint32_t bLen,
uint64_t *b,
uint64_t *res)
{
memset(res, 0U, (aLen + bLen) * sizeof(uint64_t));
for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++) {
uint64_t bj = b[i0];
uint64_t *res_j = res + i0;
uint64_t c = (uint64_t)0U;
for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) {
uint64_t a_i = a[(uint32_t)4U * i];
uint64_t *res_i0 = res_j + (uint32_t)4U * i;
c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0);
uint64_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U];
uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1);
uint64_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U];
uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2);
uint64_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U];
uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i);
}
for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) {
uint64_t a_i = a[i];
uint64_t *res_i = res_j + i;
c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i);
}
uint64_t r = c;
res[aLen + i0] = r;
}
}
static inline void
Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
{
memset(res, 0U, (aLen + aLen) * sizeof(uint32_t));
for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++) {
uint32_t *ab = a;
uint32_t a_j = a[i0];
uint32_t *res_j = res + i0;
uint32_t c = (uint32_t)0U;
for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) {
uint32_t a_i = ab[(uint32_t)4U * i];
uint32_t *res_i0 = res_j + (uint32_t)4U * i;
c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c, res_i0);
uint32_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, a_j, c, res_i1);
uint32_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, a_j, c, res_i2);
uint32_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, a_j, c, res_i);
}
for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++) {
uint32_t a_i = ab[i];
uint32_t *res_i = res_j + i;
c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c, res_i);
}
uint32_t r = c;
res[i0 + i0] = r;
}
uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, res, res);
KRML_HOST_IGNORE(c0);
KRML_CHECK_SIZE(sizeof(uint32_t), aLen + aLen);
uint32_t *tmp = (uint32_t *)alloca((aLen + aLen) * sizeof(uint32_t));
memset(tmp, 0U, (aLen + aLen) * sizeof(uint32_t));
for (uint32_t i = (uint32_t)0U; i < aLen; i++) {
uint64_t res1 = (uint64_t)a[i] * (uint64_t)a[i];
uint32_t hi = (uint32_t)(res1 >> (uint32_t)32U);
uint32_t lo = (uint32_t)res1;
tmp[(uint32_t)2U * i] = lo;
tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
}
uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, tmp, res);
KRML_HOST_IGNORE(c1);
}
static inline void
Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
{
memset(res, 0U, (aLen + aLen) * sizeof(uint64_t));
for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++) {
uint64_t *ab = a;
uint64_t a_j = a[i0];
uint64_t *res_j = res + i0;
uint64_t c = (uint64_t)0U;
for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) {
uint64_t a_i = ab[(uint32_t)4U * i];
uint64_t *res_i0 = res_j + (uint32_t)4U * i;
c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0);
uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U];
uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U;
c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1);
uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U];
uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U;
c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2);
uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U];
uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U;
c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i);
}
for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++) {
uint64_t a_i = ab[i];
uint64_t *res_i = res_j + i;
c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i);
}
uint64_t r = c;
res[i0 + i0] = r;
}
uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, res, res);
KRML_HOST_IGNORE(c0);
KRML_CHECK_SIZE(sizeof(uint64_t), aLen + aLen);
uint64_t *tmp = (uint64_t *)alloca((aLen + aLen) * sizeof(uint64_t));
memset(tmp, 0U, (aLen + aLen) * sizeof(uint64_t));
for (uint32_t i = (uint32_t)0U; i < aLen; i++) {
FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(a[i], a[i]);
uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U));
uint64_t lo = FStar_UInt128_uint128_to_uint64(res1);
tmp[(uint32_t)2U * i] = lo;
tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
}
uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, tmp, res);
KRML_HOST_IGNORE(c1);
}
#if defined(__cplusplus)
}
#endif

59
security/nss/lib/freebl/verified/internal/Hacl_Hash_SHA1.h
View file

@ -1,59 +0,0 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef __internal_Hacl_Hash_SHA1_H
#define __internal_Hacl_Hash_SHA1_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <string.h>
#include "krml/internal/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "../Hacl_Hash_SHA1.h"
void Hacl_Hash_Core_SHA1_legacy_init(uint32_t *s);
void Hacl_Hash_Core_SHA1_legacy_finish(uint32_t *s, uint8_t *dst);
void Hacl_Hash_SHA1_legacy_update_multi(uint32_t *s, uint8_t *blocks, uint32_t n_blocks);
void
Hacl_Hash_SHA1_legacy_update_last(
uint32_t *s,
uint64_t prev_len,
uint8_t *input,
uint32_t input_len);
void Hacl_Hash_SHA1_legacy_hash(uint8_t *input, uint32_t input_len, uint8_t *dst);
#if defined(__cplusplus)
}
#endif
#define __internal_Hacl_Hash_SHA1_H_DEFINED
#endif

168
security/nss/lib/freebl/verified/internal/Hacl_Hash_SHA2.h
View file

@ -1,168 +0,0 @@
/* MIT License
*
* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
* Copyright (c) 2022-2023 HACL* Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef __internal_Hacl_Hash_SHA2_H
#define __internal_Hacl_Hash_SHA2_H
#if defined(__cplusplus)
extern "C" {
#endif
#include <string.h>
#include "krml/internal/types.h"
#include "krml/lowstar_endianness.h"
#include "krml/internal/target.h"
#include "internal/Hacl_Krmllib.h"
#include "../Hacl_Hash_SHA2.h"
static const uint32_t
Hacl_Impl_SHA2_Generic_h224[8U] = {
(uint32_t)0xc1059ed8U, (uint32_t)0x367cd507U, (uint32_t)0x3070dd17U, (uint32_t)0xf70e5939U,
(uint32_t)0xffc00b31U, (uint32_t)0x68581511U, (uint32_t)0x64f98fa7U, (uint32_t)0xbefa4fa4U
};
static const uint32_t
Hacl_Impl_SHA2_Generic_h256[8U] = {
(uint32_t)0x6a09e667U, (uint32_t)0xbb67ae85U, (uint32_t)0x3c6ef372U, (uint32_t)0xa54ff53aU,
(uint32_t)0x510e527fU, (uint32_t)0x9b05688cU, (uint32_t)0x1f83d9abU, (uint32_t)0x5be0cd19U
};
static const uint64_t
Hacl_Impl_SHA2_Generic_h384[8U] = {
(uint64_t)0xcbbb9d5dc1059ed8U, (uint64_t)0x629a292a367cd507U, (uint64_t)0x9159015a3070dd17U,
(uint64_t)0x152fecd8f70e5939U, (uint64_t)0x67332667ffc00b31U, (uint64_t)0x8eb44a8768581511U,
(uint64_t)0xdb0c2e0d64f98fa7U, (uint64_t)0x47b5481dbefa4fa4U
};
static const uint64_t
Hacl_Impl_SHA2_Generic_h512[8U] = {
(uint64_t)0x6a09e667f3bcc908U, (uint64_t)0xbb67ae8584caa73bU, (uint64_t)0x3c6ef372fe94f82bU,
(uint64_t)0xa54ff53a5f1d36f1U, (uint64_t)0x510e527fade682d1U, (uint64_t)0x9b05688c2b3e6c1fU,
(uint64_t)0x1f83d9abfb41bd6bU, (uint64_t)0x5be0cd19137e2179U
};
static const uint32_t
Hacl_Impl_SHA2_Generic_k224_256[64U] = {
(uint32_t)0x428a2f98U, (uint32_t)0x71374491U, (uint32_t)0xb5c0fbcfU, (uint32_t)0xe9b5dba5U,
(uint32_t)0x3956c25bU, (uint32_t)0x59f111f1U, (uint32_t)0x923f82a4U, (uint32_t)0xab1c5ed5U,
(uint32_t)0xd807aa98U, (uint32_t)0x12835b01U, (uint32_t)0x243185beU, (uint32_t)0x550c7dc3U,
(uint32_t)0x72be5d74U, (uint32_t)0x80deb1feU, (uint32_t)0x9bdc06a7U, (uint32_t)0xc19bf174U,
(uint32_t)0xe49b69c1U, (uint32_t)0xefbe4786U, (uint32_t)0x0fc19dc6U, (uint32_t)0x240ca1ccU,
(uint32_t)0x2de92c6fU, (uint32_t)0x4a7484aaU, (uint32_t)0x5cb0a9dcU, (uint32_t)0x76f988daU,
(uint32_t)0x983e5152U, (uint32_t)0xa831c66dU, (uint32_t)0xb00327c8U, (uint32_t)0xbf597fc7U,
(uint32_t)0xc6e00bf3U, (uint32_t)0xd5a79147U, (uint32_t)0x06ca6351U, (uint32_t)0x14292967U,
(uint32_t)0x27b70a85U, (uint32_t)0x2e1b2138U, (uint32_t)0x4d2c6dfcU, (uint32_t)0x53380d13U,
(uint32_t)0x650a7354U, (uint32_t)0x766a0abbU, (uint32_t)0x81c2c92eU, (uint32_t)0x92722c85U,
(uint32_t)0xa2bfe8a1U, (uint32_t)0xa81a664bU, (uint32_t)0xc24b8b70U, (uint32_t)0xc76c51a3U,
(uint32_t)0xd192e819U, (uint32_t)0xd6990624U, (uint32_t)0xf40e3585U, (uint32_t)0x106aa070U,
(uint32_t)0x19a4c116U, (uint32_t)0x1e376c08U, (uint32_t)0x2748774cU, (uint32_t)0x34b0bcb5U,
(uint32_t)0x391c0cb3U, (uint32_t)0x4ed8aa4aU, (uint32_t)0x5b9cca4fU, (uint32_t)0x682e6ff3U,
(uint32_t)0x748f82eeU, (uint32_t)0x78a5636fU, (uint32_t)0x84c87814U, (uint32_t)0x8cc70208U,
(uint32_t)0x90befffaU, (uint32_t)0xa4506cebU, (uint32_t)0xbef9a3f7U, (uint32_t)0xc67178f2U
};
static const uint64_t
Hacl_Impl_SHA2_Generic_k384_512[80U] = {
(uint64_t)0x428a2f98d728ae22U, (uint64_t)0x7137449123ef65cdU, (uint64_t)0xb5c0fbcfec4d3b2fU,
(uint64_t)0xe9b5dba58189dbbcU, (uint64_t)0x3956c25bf348b538U, (uint64_t)0x59f111f1b605d019U,
(uint64_t)0x923f82a4af194f9bU, (uint64_t)0xab1c5ed5da6d8118U, (uint64_t)0xd807aa98a3030242U,
(uint64_t)0x12835b0145706fbeU, (uint64_t)0x243185be4ee4b28cU, (uint64_t)0x550c7dc3d5ffb4e2U,
(uint64_t)0x72be5d74f27b896fU, (uint64_t)0x80deb1fe3b1696b1U, (uint64_t)0x9bdc06a725c71235U,
(uint64_t)0xc19bf174cf692694U, (uint64_t)0xe49b69c19ef14ad2U, (uint64_t)0xefbe4786384f25e3U,
(uint64_t)0x0fc19dc68b8cd5b5U, (uint64_t)0x240ca1cc77ac9c65U, (uint64_t)0x2de92c6f592b0275U,
(uint64_t)0x4a7484aa6ea6e483U, (uint64_t)0x5cb0a9dcbd41fbd4U, (uint64_t)0x76f988da831153b5U,
(uint64_t)0x983e5152ee66dfabU, (uint64_t)0xa831c66d2db43210U, (uint64_t)0xb00327c898fb213fU,
(uint64_t)0xbf597fc7beef0ee4U, (uint64_t)0xc6e00bf33da88fc2U, (uint64_t)0xd5a79147930aa725U,
(uint64_t)0x06ca6351e003826fU, (uint64_t)0x142929670a0e6e70U, (uint64_t)0x27b70a8546d22ffcU,
(uint64_t)0x2e1b21385c26c926U, (uint64_t)0x4d2c6dfc5ac42aedU, (uint64_t)0x53380d139d95b3dfU,
(uint64_t)0x650a73548baf63deU, (uint64_t)0x766a0abb3c77b2a8U, (uint64_t)0x81c2c92e47edaee6U,
(uint64_t)0x92722c851482353bU, (uint64_t)0xa2bfe8a14cf10364U, (uint64_t)0xa81a664bbc423001U,
(uint64_t)0xc24b8b70d0f89791U, (uint64_t)0xc76c51a30654be30U, (uint64_t)0xd192e819d6ef5218U,
(uint64_t)0xd69906245565a910U, (uint64_t)0xf40e35855771202aU, (uint64_t)0x106aa07032bbd1b8U,
(uint64_t)0x19a4c116b8d2d0c8U, (uint64_t)0x1e376c085141ab53U, (uint64_t)0x2748774cdf8eeb99U,
(uint64_t)0x34b0bcb5e19b48a8U, (uint64_t)0x391c0cb3c5c95a63U, (uint64_t)0x4ed8aa4ae3418acbU,
(uint64_t)0x5b9cca4f7763e373U, (uint64_t)0x682e6ff3d6b2b8a3U, (uint64_t)0x748f82ee5defb2fcU,
(uint64_t)0x78a5636f43172f60U, (uint64_t)0x84c87814a1f0ab72U, (uint64_t)0x8cc702081a6439ecU,
(uint64_t)0x90befffa23631e28U, (uint64_t)0xa4506cebde82bde9U, (uint64_t)0xbef9a3f7b2c67915U,
(uint64_t)0xc67178f2e372532bU, (uint64_t)0xca273eceea26619cU, (uint64_t)0xd186b8c721c0c207U,
(uint64_t)0xeada7dd6cde0eb1eU, (uint64_t)0xf57d4f7fee6ed178U, (uint64_t)0x06f067aa72176fbaU,
(uint64_t)0x0a637dc5a2c898a6U, (uint64_t)0x113f9804bef90daeU, (uint64_t)0x1b710b35131c471bU,
(uint64_t)0x28db77f523047d84U, (uint64_t)0x32caab7b40c72493U, (uint64_t)0x3c9ebe0a15c9bebcU,
(uint64_t)0x431d67c49c100d4cU, (uint64_t)0x4cc5d4becb3e42b6U, (uint64_t)0x597f299cfc657e2aU,
(uint64_t)0x5fcb6fab3ad6faecU, (uint64_t)0x6c44198c4a475817U
};
void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash);
void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st);
void
Hacl_SHA2_Scalar32_sha256_update_last(
uint64_t totlen,
uint32_t len,
uint8_t *b,
uint32_t *hash);
void Hacl_SHA2_Scalar32_sha256_finish(uint32_t *st, uint8_t *h);
void Hacl_SHA2_Scalar32_sha224_init(uint32_t *hash);
void
Hacl_SHA2_Scalar32_sha224_update_last(uint64_t totlen, uint32_t len, uint8_t *b, uint32_t *st);
void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h);
void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash);
void Hacl_SHA2_Scalar32_sha512_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
void
Hacl_SHA2_Scalar32_sha512_update_last(
FStar_UInt128_uint128 totlen,
uint32_t len,
uint8_t *b,
uint64_t *hash);
void Hacl_SHA2_Scalar32_sha512_finish(uint64_t *st, uint8_t *h);
void Hacl_SHA2_Scalar32_sha384_init(uint64_t *hash);
void Hacl_SHA2_Scalar32_sha384_update_nblocks(uint32_t len, uint8_t *b, uint64_t *st);
void
Hacl_SHA2_Scalar32_sha384_update_last(
FStar_UInt128_uint128 totlen,
uint32_t len,
uint8_t *b,
uint64_t *st);
void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h);
#if defined(__cplusplus)
}
#endif
#define __internal_Hacl_Hash_SHA2_H_DEFINED
#endif

8
security/nss/lib/freebl/verified/internal/Hacl_Krmllib.h
View file

@ -36,13 +36,13 @@ extern "C" {
#include "../Hacl_Krmllib.h"
static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
static inline uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
static inline FStar_UInt128_uint128
FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);

2
security/nss/lib/freebl/verified/internal/Hacl_P256.h
View file

@ -38,7 +38,7 @@ extern "C" {
#include "internal/Hacl_Krmllib.h"
#include "internal/Hacl_Bignum_Base.h"
#include "../Hacl_P256.h"
//#include "lib_intrinsics.h"
#include "lib_intrinsics.h"
bool Hacl_Impl_P256_DH_ecp256dh_i(uint8_t *public_key, uint8_t *private_key);

2
security/nss/lib/freebl/verified/karamel/include/krml/internal/target.h
View file

@ -61,7 +61,7 @@
#if defined(_MSC_VER)
#define KRML_NOINLINE __declspec(noinline)
#elif defined(__GNUC__)
#define KRML_NOINLINE __attribute__((noinline))
#define KRML_NOINLINE __attribute__((noinline, unused))
#else
#define KRML_NOINLINE
#warning "The KRML_NOINLINE macro is not defined for this toolchain!"

34
security/nss/lib/freebl/verified/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h vendored
View file

@ -13,16 +13,6 @@
#include "krml/internal/types.h"
#include "krml/internal/target.h"
#if defined(__clang__)
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wunused-function"
#endif
#if defined(__GNUC__)
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-function"
#endif
extern krml_checked_int_t FStar_UInt64_n;
extern bool FStar_UInt64_uu___is_Mk(uint64_t projectee);
@ -41,7 +31,7 @@ extern uint64_t FStar_UInt64_minus(uint64_t a);
extern uint32_t FStar_UInt64_n_minus_one;
static inline uint64_t
static KRML_NOINLINE uint64_t
FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
{
uint64_t x = a ^ b;
@ -51,7 +41,7 @@ FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
return xnx - (uint64_t)1U;
}
static inline uint64_t
static KRML_NOINLINE uint64_t
FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
{
uint64_t x = a;
@ -91,7 +81,7 @@ extern uint32_t FStar_UInt32_minus(uint32_t a);
extern uint32_t FStar_UInt32_n_minus_one;
static inline uint32_t
static KRML_NOINLINE uint32_t
FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
{
uint32_t x = a ^ b;
@ -101,7 +91,7 @@ FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
return xnx - (uint32_t)1U;
}
static inline uint32_t
static KRML_NOINLINE uint32_t
FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
{
uint32_t x = a;
@ -141,7 +131,7 @@ extern uint16_t FStar_UInt16_minus(uint16_t a);
extern uint32_t FStar_UInt16_n_minus_one;
static inline uint16_t
static KRML_NOINLINE uint16_t
FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
{
uint16_t x = a ^ b;
@ -151,7 +141,7 @@ FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
return xnx - (uint16_t)1U;
}
static inline uint16_t
static KRML_NOINLINE uint16_t
FStar_UInt16_gte_mask(uint16_t a, uint16_t b)
{
uint16_t x = a;
@ -191,7 +181,7 @@ extern uint8_t FStar_UInt8_minus(uint8_t a);
extern uint32_t FStar_UInt8_n_minus_one;
static inline uint8_t
static KRML_NOINLINE uint8_t
FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
{
uint8_t x = a ^ b;
@ -201,7 +191,7 @@ FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
return xnx - (uint8_t)1U;
}
static inline uint8_t
static KRML_NOINLINE uint8_t
FStar_UInt8_gte_mask(uint8_t a, uint8_t b)
{
uint8_t x = a;
@ -225,13 +215,5 @@ extern uint8_t FStar_UInt8_of_string(Prims_string uu___);
typedef uint8_t FStar_UInt8_byte;
#if defined(__clang__)
#pragma clang diagnostic pop
#endif
#if defined(__GNUC__)
#pragma GCC diagnostic pop
#endif
#define __FStar_UInt_8_16_32_64_H_DEFINED
#endif

2
security/nss/lib/freebl/verified/karamel/krmllib/dist/minimal/Makefile.basic vendored
View file

@ -46,7 +46,7 @@ AR ?= ar
%.d: %.c
@set -e; rm -f $@; \
$(CC) -MM $(CFLAGS) $< > $@.$$$$; \
$(CC) -MM -MG $(CFLAGS) $< > $@.$$$$; \
sed 's,\($(notdir $*)\)\.o[ :]*,$(dir $@)\1.o $@ : ,g' < $@.$$$$ > $@; \
rm -f $@.$$$$

16
security/nss/lib/freebl/verified/internal/lib_intrinsics.h → security/nss/lib/freebl/verified/lib_intrinsics.h
View file

@ -8,8 +8,20 @@
#endif
#endif
#if !defined(HACL_CAN_COMPILE_INTRINSICS) || \
(defined(__clang__) && (__clang_major__ < 5))
/*
GCC versions prior to 5.5 incorrectly optimize certain intrinsics.
See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81300
CLANG versions prior to 5 crash on certain intrinsics.
See https://bugs.llvm.org/show_bug.cgi?id=24943
*/
#if !defined(HACL_CAN_COMPILE_INTRINSICS) || \
(defined(__clang__) && (__clang_major__ < 5)) || \
(defined(__GNUC__) && !defined(__clang__) && \
(__GNUC__ < 5 || (__GNUC__ == 5 && (__GNUC_MINOR__ < 5))))
#include "Hacl_IntTypes_Intrinsics.h"

4
security/nss/lib/nss/nss.h
View file

@ -22,12 +22,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.94" _NSS_CUSTOMIZED " Beta"
#define NSS_VERSION "3.94" _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 94
#define NSS_VPATCH 0
#define NSS_VBUILD 0
#define NSS_BETA PR_TRUE
#define NSS_BETA PR_FALSE
#ifndef RC_INVOKED

23
security/nss/lib/pk11wrap/pk11util.c
View file

@ -99,28 +99,7 @@ SECMOD_Shutdown()
PRBool
SECMOD_GetSystemFIPSEnabled(void)
{
#ifdef LINUX
#ifndef NSS_FIPS_DISABLED
FILE *f;
char d;
size_t size;
f = fopen("/proc/sys/crypto/fips_enabled", "r");
if (!f) {
return PR_FALSE;
}
size = fread(&d, 1, sizeof(d), f);
fclose(f);
if (size != sizeof(d)) {
return PR_FALSE;
}
if (d == '1') {
return PR_TRUE;
}
#endif
#endif
return PR_FALSE;
return NSS_GetSystemFIPSEnabled();
}
/*

35
security/nss/lib/softoken/pkcs11.c
View file

@ -93,6 +93,17 @@ static PRIntervalTime loginWaitTime;
#include "pkcs11f.h"
#ifndef NSS_FIPS_DISABLE
/* ------------- forward declare all the FIPS functions ------------- */
#undef CK_NEED_ARG_LIST
#undef CK_PKCS11_FUNCTION_INFO
#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(F, name)
#define CK_NEED_ARG_LIST 1
#include "pkcs11f.h"
#endif
/* build the crypto module table */
static CK_FUNCTION_LIST_3_0 sftk_funcList = {
{ CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },
@ -2497,7 +2508,15 @@ NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList)
CK_RV
C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList)
{
#ifdef NSS_FIPS_DISABLED
return NSC_GetFunctionList(pFunctionList);
#else
if (NSS_GetSystemFIPSEnabled()) {
return FC_GetFunctionList(pFunctionList);
} else {
return NSC_GetFunctionList(pFunctionList);
}
#endif
}
CK_RV
@ -2518,7 +2537,15 @@ NSC_GetInterfaceList(CK_INTERFACE_PTR interfaces, CK_ULONG_PTR pulCount)
CK_RV
C_GetInterfaceList(CK_INTERFACE_PTR interfaces, CK_ULONG_PTR pulCount)
{
#ifdef NSS_FIPS_DISABLED
return NSC_GetInterfaceList(interfaces, pulCount);
#else
if (NSS_GetSystemFIPSEnabled()) {
return FC_GetInterfaceList(interfaces, pulCount);
} else {
return NSC_GetInterfaceList(interfaces, pulCount);
}
#endif
}
/*
@ -2551,7 +2578,15 @@ CK_RV
C_GetInterface(CK_UTF8CHAR_PTR pInterfaceName, CK_VERSION_PTR pVersion,
CK_INTERFACE_PTR_PTR ppInterface, CK_FLAGS flags)
{
#ifdef NSS_FIPS_DISABLED
return NSC_GetInterface(pInterfaceName, pVersion, ppInterface, flags);
#else
if (NSS_GetSystemFIPSEnabled()) {
return FC_GetInterface(pInterfaceName, pVersion, ppInterface, flags);
} else {
return NSC_GetInterface(pInterfaceName, pVersion, ppInterface, flags);
}
#endif
}
static PLHashNumber

1
security/nss/lib/softoken/sdb.h
View file

@ -86,6 +86,7 @@ CK_RV s_open(const char *directory, const char *certPrefix,
int cert_version, int key_version,
int flags, SDB **certdb, SDB **keydb, int *newInit);
CK_RV s_shutdown();
CK_RV sdb_Close(SDB *sdb);
#if defined(_WIN32)
wchar_t *sdb_UTF8ToWide(const char *buf);

4
security/nss/lib/softoken/softkver.h
View file

@ -17,11 +17,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define SOFTOKEN_VERSION "3.94" SOFTOKEN_ECC_STRING " Beta"
#define SOFTOKEN_VERSION "3.94" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 94
#define SOFTOKEN_VPATCH 0
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_TRUE
#define SOFTOKEN_BETA PR_FALSE
#endif /* _SOFTKVER_H_ */

6
security/nss/lib/util/nssutil.def
View file

@ -354,3 +354,9 @@ NSS_SecureSelect;
;+ local:
;+ *;
;+};
;+NSSUTIL_3.94 { # NSS Utilities 3.94 release
;+ global:
NSS_GetSystemFIPSEnabled;
;+ local:
;+ *;
;+};

4
security/nss/lib/util/nssutil.h
View file

@ -19,12 +19,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
#define NSSUTIL_VERSION "3.94 Beta"
#define NSSUTIL_VERSION "3.94"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 94
#define NSSUTIL_VPATCH 0
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_TRUE
#define NSSUTIL_BETA PR_FALSE
SEC_BEGIN_PROTOS

46
security/nss/lib/util/secport.c
View file

@ -877,3 +877,49 @@ NSS_SecureSelect(void *dest, const void *src0, const void *src1, size_t n, unsig
((unsigned char *)dest)[i] = s0i ^ (mask & (s0i ^ s1i));
}
}
/*
* consolidate all the calls to get the system FIPS status in one spot.
* This function allows an environment variable to override what is returned.
*/
PRBool
NSS_GetSystemFIPSEnabled(void)
{
/* if FIPS is disabled in NSS, always return FALSE, even if the environment
* variable is set, or the system is in FIPS mode */
#ifndef NSS_FIPS_DISABLED
const char *env;
/* The environment variable is active for all platforms */
env = PR_GetEnvSecure("NSS_FIPS");
/* we generally accept y, Y, 1, FIPS, TRUE, and ON as turning on FIPS
* mode. Anything else is considered 'off' */
if (env && (*env == 'y' || *env == '1' || *env == 'Y' ||
(PORT_Strcasecmp(env, "fips") == 0) ||
(PORT_Strcasecmp(env, "true") == 0) ||
(PORT_Strcasecmp(env, "on") == 0))) {
return PR_TRUE;
}
/* currently only Linux has a system FIPS indicator. Add others here
* as they become available/known */
#ifdef LINUX
{
FILE *f;
char d;
size_t size;
f = fopen("/proc/sys/crypto/fips_enabled", "r");
if (!f)
return PR_FALSE;
size = fread(&d, 1, 1, f);
fclose(f);
if (size != 1)
return PR_FALSE;
if (d == '1')
return PR_TRUE;
}
#endif /* LINUX */
#endif /* NSS_FIPS_DISABLED == 0 */
return PR_FALSE;
}

1
security/nss/lib/util/secport.h
View file

@ -262,6 +262,7 @@ extern int NSS_PutEnv(const char *envVarName, const char *envValue);
extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
extern unsigned int NSS_SecureMemcmpZero(const void *mem, size_t n);
extern void NSS_SecureSelect(void *dest, const void *src0, const void *src1, size_t n, unsigned char b);
extern PRBool NSS_GetSystemFIPSEnabled(void);
/*
* Load a shared library called "newShLibName" in the same directory as

1
security/nss/nss.gyp
View file

@ -127,6 +127,7 @@
[ 'mozilla_client==0', {
'dependencies': [
'cmd/crlutil/crlutil.gyp:crlutil',
'cmd/dbtool/dbtool.gyp:dbtool',
'cmd/modutil/modutil.gyp:modutil',
'cmd/pwdecrypt/pwdecrypt.gyp:pwdecrypt',
'cmd/shlibsign/shlibsign.gyp:shlibsign',

3269
security/nss/tests/acvp/fuzzed/ecdsa.json
View file

File diff suppressed because it is too large Load diff