diff --git a/mozilla/security/nss/cmd/fipstest/fipstest.c b/mozilla/security/nss/cmd/fipstest/fipstest.c index a3bff1e3ae5..6823fe1e760 100644 --- a/mozilla/security/nss/cmd/fipstest/fipstest.c +++ b/mozilla/security/nss/cmd/fipstest/fipstest.c @@ -2556,17 +2556,253 @@ loser: } #endif /* NSS_ENABLE_ECC */ -void do_random() +/* + * Perform the RNG Variable Seed Test (VST) for the RNG algorithm + * "DSA - Generation of X", used both as specified and as a generic + * purpose RNG. The presence of "Q = ..." in the REQUEST file + * indicates we are using the algorithm as specified. + * + * reqfn is the pathname of the REQUEST file. + * + * The output RESPONSE file is written to stdout. + */ +void +rng_vst(char *reqfn) { - int i, j, k = 0; - unsigned char buf[500]; - for (i=0; i<5; i++) { - RNG_GenerateGlobalRandomBytes(buf, sizeof buf); - for (j=0; j\n". + */ + FILE *rngreq; /* input stream from the REQUEST file */ + FILE *rngresp; /* output stream to the RESPONSE file */ + unsigned int i, j; + unsigned char Q[DSA_SUBPRIME_LEN]; + PRBool hasQ = PR_FALSE; + unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned char XKey[512/8]; + unsigned char XSeed[512/8]; + unsigned char GENX[2*SHA1_LENGTH]; + unsigned char DSAX[DSA_SUBPRIME_LEN]; + SECStatus rv; + + rngreq = fopen(reqfn, "r"); + rngresp = stdout; + while (fgets(buf, sizeof buf, rngreq) != NULL) { + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, rngresp); + continue; + } + /* [Xchange - SHA1] */ + if (buf[0] == '[') { + fputs(buf, rngresp); + continue; + } + /* Q = ... */ + if (buf[0] == 'Q') { + i = 1; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; j\n". + */ + FILE *rngreq; /* input stream from the REQUEST file */ + FILE *rngresp; /* output stream to the RESPONSE file */ + unsigned int i, j; + unsigned char Q[DSA_SUBPRIME_LEN]; + PRBool hasQ = PR_FALSE; + unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned char XKey[512/8]; + unsigned char XSeed[512/8]; + unsigned char GENX[2*SHA1_LENGTH]; + unsigned char DSAX[DSA_SUBPRIME_LEN]; + SECStatus rv; + + rngreq = fopen(reqfn, "r"); + rngresp = stdout; + while (fgets(buf, sizeof buf, rngreq) != NULL) { + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, rngresp); + continue; + } + /* [Xchange - SHA1] */ + if (buf[0] == '[') { + fputs(buf, rngresp); + continue; + } + /* Q = ... */ + if (buf[0] == 'Q') { + i = 1; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; j.req */ + if ( strcmp(argv[2], "vst") == 0) { + /* Variable Seed Test */ + rng_vst(argv[3]); + } else if (strcmp(argv[2], "mct") == 0) { + /* Monte Carlo Test */ + rng_mct(argv[3]); + } } return 0; } diff --git a/mozilla/security/nss/cmd/fipstest/rng.sh b/mozilla/security/nss/cmd/fipstest/rng.sh new file mode 100644 index 00000000000..4b62a998da0 --- /dev/null +++ b/mozilla/security/nss/cmd/fipstest/rng.sh @@ -0,0 +1,29 @@ +#!/bin/sh +# +# A Bourne shell script for running the NIST RNG Validation Suite +# +# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment +# variables appropriately so that the fipstest command and the NSPR and NSS +# shared libraries/DLLs are on the search path. Then run this script in the +# directory where the REQUEST (.req) files reside. The script generates the +# RESPONSE (.rsp) files in the same directory. + +vst_requests=" +FIPS186_VST.req +FIPS186_VSTGEN.req +" +mct_requests=" +FIPS186_MCT.req +FIPS186_MCTGEN.req +" + +for request in $vst_requests; do + response=`echo $request | sed -e "s/req/rsp/"` + echo $request $response + fipstest rng vst $request > $response +done +for request in $mct_requests; do + response=`echo $request | sed -e "s/req/rsp/"` + echo $request $response + fipstest rng mct $request > $response +done