tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pk11_export_unittest.cc (2125B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
      5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #include <memory>
      8 #include "nss.h"
      9 #include "pk11pub.h"
     10 
     11 #include "gtest/gtest.h"
     12 #include "nss_scoped_ptrs.h"
     13 
     14 namespace nss_test {
     15 
     16 class Pkcs11ExportTest : public ::testing::Test {
     17 public:
     18  void Derive(bool is_export) {
     19    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
     20    EXPECT_TRUE(slot.get());
     21 
     22    uint8_t keyData[48] = {0};
     23    SECItem keyItem = {siBuffer, (unsigned char*)keyData, sizeof(keyData)};
     24 
     25    CK_MECHANISM_TYPE mechanism = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
     26    ScopedPK11SymKey baseKey(PK11_ImportSymKey(
     27        slot.get(), mechanism, PK11_OriginUnwrap, CKA_WRAP, &keyItem, nullptr));
     28    EXPECT_TRUE(baseKey.get());
     29 
     30    CK_SSL3_KEY_MAT_OUT kmo;
     31    kmo.hClientMacSecret = CK_INVALID_HANDLE;
     32    kmo.hServerMacSecret = CK_INVALID_HANDLE;
     33    kmo.hClientKey = CK_INVALID_HANDLE;
     34    kmo.hServerKey = CK_INVALID_HANDLE;
     35 
     36    CK_BYTE iv[8];
     37    kmo.pIVClient = iv;
     38    kmo.pIVServer = iv;
     39 
     40    CK_SSL3_KEY_MAT_PARAMS kmp;
     41    kmp.ulMacSizeInBits = 256;
     42    kmp.ulKeySizeInBits = 128;
     43    kmp.ulIVSizeInBits = 64;
     44    kmp.pReturnedKeyMaterial = &kmo;
     45    kmp.bIsExport = is_export;
     46 
     47    unsigned char random[32] = {0};
     48    kmp.RandomInfo.pClientRandom = random;
     49    kmp.RandomInfo.ulClientRandomLen = sizeof(random);
     50    kmp.RandomInfo.pServerRandom = random;
     51    kmp.RandomInfo.ulServerRandomLen = sizeof(random);
     52 
     53    SECItem params = {siBuffer, (unsigned char*)&kmp, sizeof(kmp)};
     54    ScopedPK11SymKey symKey(PK11_Derive(baseKey.get(), mechanism, &params,
     55                                        CKM_SHA512_HMAC, CKA_SIGN, 16));
     56 
     57    // Deriving must fail when is_export=true.
     58    EXPECT_EQ(!symKey.get(), is_export);
     59  }
     60 };
     61 
     62 TEST_F(Pkcs11ExportTest, DeriveNonExport) { Derive(false); }
     63 
     64 TEST_F(Pkcs11ExportTest, DeriveExport) { Derive(true); }
     65 
     66 }  // namespace nss_test