Re: PK11SymKey in FIPS mode from nothing

Tue, 12 May 2015 10:31:12 -0700 

On 05/12/2015 08:58 AM, Andrew Cagney wrote:

Hi,

I'm looking to clean up some test code (IKEv2, NISTs CAVP tests), so that
they "work" in FIPS mode (what ever that means).
So CAVS tests require hooking outside the FIPS mode boundary because CAVS tests access CSPs which aren't allowed outside the boundary in FIPS. When we run NSS CAVS, we run them through private interfaces that aren't available when the module is up and running in FIPS mode. 

The test inputs look like:

Ni = 3651fef5c9c35e93
Nr = c09a8b90a3f04d59
g^ir =
d084a30166a50fb7325c3960874a839449ef9741c2f4f947d0201dd8c1269273d79509f37e3ca3eb4fa2fe2a28254e289cd3f34dad4eb4df1a07685a4b8a94fa61e2491f7598b3ce65547ff133b3f63d1ac4175eaa695033f3cedb026a6873a36455172a8540b8a5d23a0143bed0390ee49b168269d75fffee9fb62be965993c
g^ir (new) =
52f00ab174c25d5b7139ae5ff4e8e9eddee5992d2e36adf8a559ffd90dab1442e4fbe429d320c0f33552a17d1557fa41ea70e8fb916c4fa27ed52b5f8ebd8461afa78f1159159a64055ac5f6319e29c28eae58cbc6847770f32c3fed1d04750484f854790f95e9ec01bc5bc461f24966462e359511329305038e94deb6dd42c2
SPIi = 8e5c3ae507221684
SPIr = b1f201bb155c3acd

The problem is with g^ir.(which is the DH exponentiation).  The
calculations rely on g^ir being in a PK11SymKey.

In the "real world" (as in the non-test code),  "i" is created as a
PK11SymKey, and hence a g^ir PK11SymKey can be derived from that.  Here,
though, I've no secure starting point - I'm just given the raw byte value
of g^ir.

So, in FIPS mode, in a standalone test program, what is the correct way to
turn g^ir into PK11SymKey.

Andrew

PS: The current code uses the hack (something like) from the NSS examples:

         PK11SymKey *sym_key = PK11_ImportSymKey(slot,
                                                CKM_DH_PKCS_DERIVE,
                                                 PK11_OriginUnwrap,
                                                 CKA_ENCRYPT, &key_item,
NULL);

which is of course not valid in FIPS mode.
This should be fine for CAVs testing, as long as it is running the same code as it would run if it's in FIPS mode (which it will). 

bob

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to