Skip to content
Permalink
Browse files
Bug 1253912 - drop more than suite b support, r=mt,rrelyea
--HG--
extra : rebase_source : 808051c276a0e39d7f49918c2359f45a752d6096
  • Loading branch information
franziskuskiefer committed Aug 3, 2016
1 parent 8e4303f commit 7203698649c6b87e56756b2f6ec3b10c4ec14574
Showing with 200 additions and 7,737 deletions.
  1. +2 −21 cmd/bltest/blapitest.c
  2. +3 −21 cmd/bltest/tests/ecdsa/README
  3. +3 −2 cmd/bltest/tests/ecdsa/key0
  4. +4 −2 cmd/bltest/tests/ecdsa/key1
  5. +0 −3 cmd/bltest/tests/ecdsa/key10
  6. +0 −3 cmd/bltest/tests/ecdsa/key11
  7. +0 −3 cmd/bltest/tests/ecdsa/key12
  8. +0 −3 cmd/bltest/tests/ecdsa/key13
  9. +0 −3 cmd/bltest/tests/ecdsa/key14
  10. +0 −4 cmd/bltest/tests/ecdsa/key15
  11. +0 −4 cmd/bltest/tests/ecdsa/key16
  12. +0 −4 cmd/bltest/tests/ecdsa/key17
  13. +0 −5 cmd/bltest/tests/ecdsa/key18
  14. +0 −5 cmd/bltest/tests/ecdsa/key19
  15. +5 −2 cmd/bltest/tests/ecdsa/key2
  16. +0 −5 cmd/bltest/tests/ecdsa/key20
  17. +0 −2 cmd/bltest/tests/ecdsa/key3
  18. +0 −2 cmd/bltest/tests/ecdsa/key4
  19. +0 −2 cmd/bltest/tests/ecdsa/key5
  20. +0 −2 cmd/bltest/tests/ecdsa/key6
  21. +0 −2 cmd/bltest/tests/ecdsa/key7
  22. +0 −3 cmd/bltest/tests/ecdsa/key8
  23. +0 −3 cmd/bltest/tests/ecdsa/key9
  24. +2 −3 cmd/certutil/certutil.c
  25. +0 −3 cmd/certutil/keystuff.c
  26. +0 −33 cmd/ecperf/ecperf.c
  27. +0 −4 coreconf/config.mk
  28. +19 −20 doc/certutil.xml
  29. +19 −20 doc/html/certutil.html
  30. +2 −2 doc/nroff/certutil.1
  31. +0 −6 external_tests/ssl_gtest/ssl_ecdh_unittest.cc
  32. +0 −5 lib/freebl/blapit.h
  33. +6 −341 lib/freebl/ecdecode.c
  34. +0 −3 lib/freebl/ecl/README
  35. +0 −284 lib/freebl/ecl/README.FP
  36. +0 −92 lib/freebl/ecl/ec2.h
  37. +0 −223 lib/freebl/ecl/ec2_163.c
  38. +0 −240 lib/freebl/ecl/ec2_193.c
  39. +0 −263 lib/freebl/ecl/ec2_233.c
  40. +0 −298 lib/freebl/ecl/ec2_aff.c
  41. +0 −230 lib/freebl/ecl/ec2_mont.c
  42. +0 −328 lib/freebl/ecl/ec2_proj.c
  43. +0 −4 lib/freebl/ecl/ecl-curve.h
  44. +75 −75 lib/freebl/ecl/ecl-exp.h
  45. +1 −2 lib/freebl/ecl/ecl-priv.h
  46. +0 −120 lib/freebl/ecl/ecl.c
  47. +0 −56 lib/freebl/ecl/ecl_gf.c
  48. +0 −493 lib/freebl/ecl/ecp_192.c
  49. +0 −351 lib/freebl/ecl/ecp_224.c
  50. +0 −531 lib/freebl/ecl/ecp_fp.c
  51. +0 −371 lib/freebl/ecl/ecp_fp.h
  52. +0 −145 lib/freebl/ecl/ecp_fp160.c
  53. +0 −143 lib/freebl/ecl/ecp_fp192.c
  54. +0 −156 lib/freebl/ecl/ecp_fp224.c
  55. +0 −1,077 lib/freebl/ecl/ecp_fpinc.c
  56. +0 −461 lib/freebl/ecl/tests/ec2_test.c
  57. +0 −1,075 lib/freebl/ecl/tests/ecp_fpt.c
  58. +0 −87 lib/freebl/fipsfreebl.c
  59. +1 −6 lib/freebl/manifest.mn
  60. +0 −4 lib/softoken/softkver.h
  61. +57 −55 lib/util/secoid.c
  62. 0 test.sh
  63. +0 −1 tests/all.sh
  64. +1 −19 tests/cert/cert.sh
  65. +0 −1 tests/remote/Makefile
@@ -145,23 +145,7 @@ Usage()
PRINTUSAGE("", "-k", "file which contains key");
#ifndef NSS_DISABLE_ECC
PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,");
PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,");
PRINTUSAGE("", "", " sect233r1, nistb233, sect239k1, sect283k1, nistk283,");
PRINTUSAGE("", "", " sect283r1, nistb283, sect409k1, nistk409, sect409r1,");
PRINTUSAGE("", "", " nistb409, sect571k1, nistk571, sect571r1, nistb571,");
PRINTUSAGE("", "", " secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,");
PRINTUSAGE("", "", " nistp192, secp224k1, secp224r1, nistp224, secp256k1,");
PRINTUSAGE("", "", " secp256r1, nistp256, secp384r1, nistp384, secp521r1,");
PRINTUSAGE("", "", " nistp521, prime192v1, prime192v2, prime192v3,");
PRINTUSAGE("", "", " prime239v1, prime239v2, prime239v3, c2pnb163v1,");
PRINTUSAGE("", "", " c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,");
PRINTUSAGE("", "", " c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,");
PRINTUSAGE("", "", " c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,");
PRINTUSAGE("", "", " c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,");
PRINTUSAGE("", "", " c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,");
PRINTUSAGE("", "", " secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,");
PRINTUSAGE("", "", " sect131r1, sect131r2, curve25519");
PRINTUSAGE("", "", " nistp256, nistp384, nistp521");
#endif
PRINTUSAGE("", "-p", "do performance test");
PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
@@ -415,9 +399,6 @@ typedef struct curveNameTagPairStr {
SECOidTag curveOidTag;
} CurveNameTagPair;

#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */

static CurveNameTagPair nameTagPair[] =
{
{ "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
@@ -1863,7 +1844,7 @@ bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
} else {
/* Have to convert private key to public key. Memory
* is freed with private key's arena */
* is freed with private key's arena */
ECPublicKey *pubkey;
ECPrivateKey *key = (ECPrivateKey *)asymk->privKey;
pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,
@@ -1,22 +1,4 @@
0 secp160k1
1 secp160r1
2 secp160r2
3 nistk163
4 sect163r1
5 nistb163
6 secp192k1
7 nistp192
8 secp224k1
9 nistp224
10 nistk233
11 nistb233
12 nistp256
13 nistk283
14 nistb283
15 nistp384
16 nistk409
17 nistb409
18 nistk571
19 nistb571
0 nistp256
1 nistp384
# the following tests are not yet implemented
#20 nistp521
2 nistp521
@@ -1,2 +1,3 @@
AAAABwYFK4EEAAkAAAApBPiF0ntSFtn41JULxlA1l/lHE/zUPGJWkCqtdOryS6yD
WFCoF/IHwHsAAAAUcw+b2b1AJUlmezgu5EjmAGPC0YQ=
AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX
NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a
7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ=
@@ -1,2 +1,4 @@
AAAABwYFK4EEAAgAAAApBI80VWK9xatmkFRiDTcdeFQ0T9h3h6iVOinMURyWZw0T
5vZqd8/gvwwAAAAUYOQMjDdtNSL5zY0nVWPWY+UJoqQ=
AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
yALMCiXJqRVXwbq42WMuaELMW+g=

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

@@ -1,2 +1,5 @@
AAAABwYFK4EEAB4AAAApBGouC+vgvmItzsLO4hXn+AXi3skEE+M19o/QHLfjibbA
p7av8F4tcGgAAAAUmpQDUgnIkiXPBs0moD4jEmJHato=
AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

@@ -1262,8 +1262,8 @@ luG(enum usage_level ul, const char *command)
#ifndef NSS_DISABLE_ECC
FPS "%-20s Elliptic curve name (ec only)\n",
" -q curve-name");
FPS "%-20s One of nistp256, nistp384, nistp521, curve25519\n", "");
#ifdef NSS_ECC_MORE_THAN_SUITE_B
FPS "%-20s One of nistp256, nistp384, nistp521, curve25519.\n", "");
FPS "%-20s If a custom token is present, the following curves are also supported:\n", "");
FPS "%-20s sect163k1, nistk163, sect163r1, sect163r2,\n", "");
FPS "%-20s nistb163, sect193r1, sect193r2, sect233k1, nistk233,\n", "");
FPS "%-20s sect233r1, nistb233, sect239k1, sect283k1, nistk283,\n", "");
@@ -1281,7 +1281,6 @@ luG(enum usage_level ul, const char *command)
FPS "%-20s c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, \n", "");
FPS "%-20s secp112r2, secp128r1, secp128r2, sect113r1, sect113r2\n", "");
FPS "%-20s sect131r1, sect131r2\n", "");
#endif /* NSS_ECC_MORE_THAN_SUITE_B */
#endif
FPS "%-20s Key database directory (default is ~/.netscape)\n",
" -d keydir");
@@ -393,9 +393,6 @@ typedef struct curveNameTagPairStr {
SECOidTag curveOidTag;
} CurveNameTagPair;

#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */

static CurveNameTagPair nameTagPair[] =
{
{ "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
@@ -765,44 +765,11 @@ main(int argv, char **argc)

/* specific arithmetic tests */
if (nist) {
#ifdef NSS_ECC_MORE_THAN_SUITE_B
ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
ECTEST_NAMED_GFP("NIST-P192", ECCurve_NIST_P192);
ECTEST_NAMED_GFP("NIST-P224", ECCurve_NIST_P224);
#endif
ECTEST_NAMED_GFP("NIST-P256", ECCurve_NIST_P256);
ECTEST_NAMED_GFP("NIST-P384", ECCurve_NIST_P384);
ECTEST_NAMED_GFP("NIST-P521", ECCurve_NIST_P521);
ECTEST_NAMED_CUSTOM("Curve25519", ECCurve25519);
}
#ifdef NSS_ECC_MORE_THAN_SUITE_B
if (ansi) {
ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v1", ECCurve_X9_62_PRIME_192V1);
ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v2", ECCurve_X9_62_PRIME_192V2);
ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v3", ECCurve_X9_62_PRIME_192V3);
ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v1", ECCurve_X9_62_PRIME_239V1);
ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v2", ECCurve_X9_62_PRIME_239V2);
ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v3", ECCurve_X9_62_PRIME_239V3);
ECTEST_NAMED_GFP("ANSI X9.62 PRIME256v1", ECCurve_X9_62_PRIME_256V1);
}
if (secp) {
ECTEST_NAMED_GFP("SECP-112R1", ECCurve_SECG_PRIME_112R1);
ECTEST_NAMED_GFP("SECP-112R2", ECCurve_SECG_PRIME_112R2);
ECTEST_NAMED_GFP("SECP-128R1", ECCurve_SECG_PRIME_128R1);
ECTEST_NAMED_GFP("SECP-128R2", ECCurve_SECG_PRIME_128R2);
ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
ECTEST_NAMED_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
ECTEST_NAMED_GFP("SECP-160R2", ECCurve_SECG_PRIME_160R2);
ECTEST_NAMED_GFP("SECP-192K1", ECCurve_SECG_PRIME_192K1);
ECTEST_NAMED_GFP("SECP-192R1", ECCurve_SECG_PRIME_192R1);
ECTEST_NAMED_GFP("SECP-224K1", ECCurve_SECG_PRIME_224K1);
ECTEST_NAMED_GFP("SECP-224R1", ECCurve_SECG_PRIME_224R1);
ECTEST_NAMED_GFP("SECP-256K1", ECCurve_SECG_PRIME_256K1);
ECTEST_NAMED_GFP("SECP-256R1", ECCurve_SECG_PRIME_256R1);
ECTEST_NAMED_GFP("SECP-384R1", ECCurve_SECG_PRIME_384R1);
ECTEST_NAMED_GFP("SECP-521R1", ECCurve_SECG_PRIME_521R1);
}
#endif

cleanup:
rv |= SECOID_Shutdown();
@@ -150,10 +150,6 @@ ifdef NSS_DISABLE_ECC
DEFINES += -DNSS_DISABLE_ECC
endif

ifdef NSS_ECC_MORE_THAN_SUITE_B
DEFINES += -DNSS_ECC_MORE_THAN_SUITE_B
endif

ifdef NSS_ALLOW_UNSUPPORTED_CRITICAL
DEFINES += -DNSS_ALLOW_UNSUPPORTED_CRITICAL
endif
@@ -314,28 +314,27 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their
<term>-q pqgfile or curve-name</term>
<listitem>
<para>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <command>certutil</command> generates its own PQG value. PQG files are created with a separate DSA utility.</para>
<para>Elliptic curve name is one of the ones from SUITE B: nistp256, nistp384, nistp521</para>
<para>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</para>
<para>
If NSS has been compiled with support curves outside of SUITE B:
sect163k1, nistk163, sect163r1, sect163r2,
nistb163, sect193r1, sect193r2, sect233k1, nistk233,
sect233r1, nistb233, sect239k1, sect283k1, nistk283,
sect283r1, nistb283, sect409k1, nistk409, sect409r1,
nistb409, sect571k1, nistk571, sect571r1, nistb571,
secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
nistp192, secp224k1, secp224r1, nistp224, secp256k1,
secp256r1, secp384r1, secp521r1,
prime192v1, prime192v2, prime192v3,
prime239v1, prime239v2, prime239v3, c2pnb163v1,
c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,
c2tnb191v2, c2tnb191v3,
c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,
c2pnb272w1, c2pnb304w1,
c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,
secp112r2, secp128r1, secp128r2, sect113r1, sect113r2
sect131r1, sect131r2
If a token is available that supports more curves, the foolowing curves are supported as well:
sect163k1, nistk163, sect163r1, sect163r2,
nistb163, sect193r1, sect193r2, sect233k1, nistk233,
sect233r1, nistb233, sect239k1, sect283k1, nistk283,
sect283r1, nistb283, sect409k1, nistk409, sect409r1,
nistb409, sect571k1, nistk571, sect571r1, nistb571,
secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
nistp192, secp224k1, secp224r1, nistp224, secp256k1,
secp256r1, secp384r1, secp521r1,
prime192v1, prime192v2, prime192v3,
prime239v1, prime239v2, prime239v3, c2pnb163v1,
c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,
c2tnb191v2, c2tnb191v3,
c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,
c2pnb272w1, c2pnb304w1,
c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,
secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,
sect131r1, sect131r2
</para>

</listitem>

</varlistentry>

0 comments on commit 7203698

Please sign in to comment.