tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pk11_seed_cbc_unittest.cc (2891B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
      5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #include <memory>
      8 #include "nss.h"
      9 #include "pk11pub.h"
     10 #include "secerr.h"
     11 
     12 #include "nss_scoped_ptrs.h"
     13 #include "gtest/gtest.h"
     14 #include "util.h"
     15 
     16 namespace nss_test {
     17 class Pkcs11SeedTest : public ::testing::Test {
     18 protected:
     19  void EncryptDecryptSeed(SECStatus expected, unsigned int input_size,
     20                          unsigned int output_size,
     21                          CK_MECHANISM_TYPE mech = CKM_SEED_CBC) {
     22    // Generate a random key.
     23    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
     24    ScopedPK11SymKey sym_key(
     25        PK11_KeyGen(slot.get(), mech, nullptr, 16, nullptr));
     26    EXPECT_TRUE(!!sym_key);
     27 
     28    std::vector<uint8_t> plaintext(input_size, 0xFF);
     29    std::vector<uint8_t> init_vector(16);
     30    std::vector<uint8_t> ciphertext(output_size, 0);
     31    SECItem iv_param = {siBuffer, init_vector.data(),
     32                        (unsigned int)init_vector.size()};
     33    std::vector<uint8_t> decrypted(output_size, 0);
     34 
     35    // Try to encrypt, decrypt if positive test.
     36    unsigned int output_len = 0;
     37    EXPECT_EQ(expected,
     38              PK11_Encrypt(sym_key.get(), mech, &iv_param, ciphertext.data(),
     39                           &output_len, output_size, plaintext.data(),
     40                           plaintext.size()));
     41 
     42    if (expected == SECSuccess) {
     43      EXPECT_EQ(expected,
     44                PK11_Decrypt(sym_key.get(), mech, &iv_param, decrypted.data(),
     45                             &output_len, output_size, ciphertext.data(),
     46                             output_len));
     47      decrypted.resize(output_len);
     48      EXPECT_EQ(plaintext, decrypted);
     49    }
     50  }
     51 };
     52 
     53 #ifndef NSS_DISABLE_DEPRECATED_SEED
     54 // The intention here is to test the arguments of these functions
     55 // The resulted content is already tested in EncryptDeriveTests.
     56 // SEED_CBC needs an IV of 16 bytes.
     57 // The input data size must be multiple of 16.
     58 // If not, some padding should be added.
     59 // The output size must be at least the size of input data.
     60 TEST_F(Pkcs11SeedTest, CBC_ValidArgs) {
     61  EncryptDecryptSeed(SECSuccess, 16, 16);
     62  // No problem if maxLen is bigger than input data.
     63  EncryptDecryptSeed(SECSuccess, 16, 32);
     64 }
     65 
     66 TEST_F(Pkcs11SeedTest, CBC_InvalidArgs) {
     67  // maxLen lower than input data.
     68  EncryptDecryptSeed(SECFailure, 16, 10);
     69  // input data not multiple of SEED_BLOCK_SIZE (16)
     70  EncryptDecryptSeed(SECFailure, 17, 32);
     71 }
     72 
     73 TEST_F(Pkcs11SeedTest, ECB_Singleblock) {
     74  EncryptDecryptSeed(SECSuccess, 16, 16, CKM_SEED_ECB);
     75 }
     76 
     77 TEST_F(Pkcs11SeedTest, ECB_Multiblock) {
     78  EncryptDecryptSeed(SECSuccess, 64, 64, CKM_SEED_ECB);
     79 }
     80 #endif
     81 
     82 }  // namespace nss_test