Hi,
I'm looking to clean up some test code (IKEv2, NISTs CAVP tests), so that
they "work" in FIPS mode (what ever that means).
The test inputs look like:
Ni = 3651fef5c9c35e93
Nr = c09a8b90a3f04d59
g^ir =
d084a30166a50fb7325c3960874a839449ef9741c2f4f947d0201dd8c1269273d79509f37e3ca3eb4fa2fe2a28254e289cd3f34dad4eb4df1a07685a4b8a94fa61e2491f7598b3ce65547ff133b3f63d1ac4175eaa695033f3cedb026a6873a36455172a8540b8a5d23a0143bed0390ee49b168269d75fffee9fb62be965993c
g^ir (new) =
52f00ab174c25d5b7139ae5ff4e8e9eddee5992d2e36adf8a559ffd90dab1442e4fbe429d320c0f33552a17d1557fa41ea70e8fb916c4fa27ed52b5f8ebd8461afa78f1159159a64055ac5f6319e29c28eae58cbc6847770f32c3fed1d04750484f854790f95e9ec01bc5bc461f24966462e359511329305038e94deb6dd42c2
SPIi = 8e5c3ae507221684
SPIr = b1f201bb155c3acd
The problem is with g^ir.(which is the DH exponentiation). The
calculations rely on g^ir being in a PK11SymKey.
In the "real world" (as in the non-test code), "i" is created as a
PK11SymKey, and hence a g^ir PK11SymKey can be derived from that. Here,
though, I've no secure starting point - I'm just given the raw byte value
of g^ir.
So, in FIPS mode, in a standalone test program, what is the correct way to
turn g^ir into PK11SymKey.
Andrew
PS: The current code uses the hack (something like) from the NSS examples:
PK11SymKey *sym_key = PK11_ImportSymKey(slot,
CKM_DH_PKCS_DERIVE,
PK11_OriginUnwrap,
CKA_ENCRYPT, &key_item,
NULL);
which is of course not valid in FIPS mode.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
