Bug 1747957 - RSA OAEP Wycheproof JSON, r=jschanck

Depends on D134922

Differential Revision: https://phabricator.services.mozilla.com/D134923

2 files changed, 138 insertions, 69 deletions

diff --git a/gtests/pk11_gtest/pk11_ecdsa_unittest.cc b/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
index 814c8a1a5..cf35958d9 100644
--- a/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
+++ b/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
@@ -227,20 +227,7 @@ class Pkcs11EcdsaWycheproofTest : public ::testing::Test {
       } else if (n == "keyDer") {
         public_key = r.ReadHex();
       } else if (n == "sha") {
-        std::string s = r.ReadString();
-        if (s == "SHA-1") {
-          hash_oid = SEC_OID_SHA1;
-        } else if (s == "SHA-224") {
-          hash_oid = SEC_OID_SHA224;
-        } else if (s == "SHA-256") {
-          hash_oid = SEC_OID_SHA256;
-        } else if (s == "SHA-384") {
-          hash_oid = SEC_OID_SHA384;
-        } else if (s == "SHA-512") {
-          hash_oid = SEC_OID_SHA512;
-        } else {
-          FAIL() << "unsupported hash";
-        }
+        hash_oid = r.ReadHash();
       } else if (n == "type") {
         ASSERT_EQ("EcdsaVerify", r.ReadString());
       } else if (n == "tests") {
diff --git a/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc b/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
index 82f3f9fb8..f00fc3d36 100644
--- a/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
+++ b/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
@@ -8,56 +8,50 @@
 
 #include "cpputil.h"
 #include "cryptohi.h"
+#include "json_reader.h"
 #include "gtest/gtest.h"
 #include "limits.h"
 #include "nss.h"
 #include "nss_scoped_ptrs.h"
 #include "pk11pub.h"
-
-#include "testvectors/rsa_oaep_2048_sha1_mgf1sha1-vectors.h"
-#include "testvectors/rsa_oaep_2048_sha256_mgf1sha1-vectors.h"
-#include "testvectors/rsa_oaep_2048_sha256_mgf1sha256-vectors.h"
-#include "testvectors/rsa_oaep_2048_sha384_mgf1sha1-vectors.h"
-#include "testvectors/rsa_oaep_2048_sha384_mgf1sha384-vectors.h"
-#include "testvectors/rsa_oaep_2048_sha512_mgf1sha1-vectors.h"
-#include "testvectors/rsa_oaep_2048_sha512_mgf1sha512-vectors.h"
+#include "testvectors_base/test-structs.h"
 
 namespace nss_test {
 
-class RsaOaepWycheproofTest
-    : public ::testing::TestWithParam<RsaOaepTestVectorStr> {
- protected:
-  void TestDecrypt(const RsaOaepTestVectorStr vec) {
-    SECItem pkcs8_item = {siBuffer, toUcharPtr(vec.priv_key.data()),
-                          static_cast<unsigned int>(vec.priv_key.size())};
-
-    ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-    EXPECT_NE(nullptr, slot);
+struct RsaOaepTestVector {
+  uint32_t id;
+  std::vector<uint8_t> msg;
+  std::vector<uint8_t> ct;
+  std::vector<uint8_t> label;
+  bool valid;
+};
 
-    SECKEYPrivateKey* key = nullptr;
-    SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
-        slot.get(), &pkcs8_item, nullptr, nullptr, false, false, KU_ALL, &key,
-        nullptr);
-    ASSERT_EQ(SECSuccess, rv);
-    ASSERT_NE(nullptr, key);
-    ScopedSECKEYPrivateKey priv_key(key);
+class RsaOaepWycheproofTest : public ::testing::Test {
+ protected:
+  void Run(const std::string& file) {
+    WycheproofHeader(file, "RSAES-OAEP", "rsaes_oaep_decrypt_schema.json",
+                     [this](JsonReader& r) { RunGroup(r); });
+  }
 
+  void TestDecrypt(ScopedSECKEYPrivateKey& priv_key, SECOidTag hash_oid,
+                   CK_RSA_PKCS_MGF_TYPE mgf_hash,
+                   const RsaOaepTestVector& vec) {
     // Set up the OAEP parameters.
     CK_RSA_PKCS_OAEP_PARAMS oaepParams;
     oaepParams.source = CKZ_DATA_SPECIFIED;
     oaepParams.pSourceData = const_cast<unsigned char*>(vec.label.data());
     oaepParams.ulSourceDataLen = vec.label.size();
-    oaepParams.mgf = vec.mgf_hash;
-    oaepParams.hashAlg = HashOidToHashMech(vec.hash_oid);
+    oaepParams.mgf = mgf_hash;
+    oaepParams.hashAlg = HashOidToHashMech(hash_oid);
     SECItem params_item = {siBuffer,
                            toUcharPtr(reinterpret_cast<uint8_t*>(&oaepParams)),
                            static_cast<unsigned int>(sizeof(oaepParams))};
     // Decrypt.
     std::vector<uint8_t> decrypted(PR_MAX(1, vec.ct.size()));
     unsigned int decrypted_len = 0;
-    rv = PK11_PrivDecrypt(priv_key.get(), CKM_RSA_PKCS_OAEP, &params_item,
-                          decrypted.data(), &decrypted_len, decrypted.size(),
-                          vec.ct.data(), vec.ct.size());
+    SECStatus rv = PK11_PrivDecrypt(
+        priv_key.get(), CKM_RSA_PKCS_OAEP, &params_item, decrypted.data(),
+        &decrypted_len, decrypted.size(), vec.ct.data(), vec.ct.size());
 
     if (vec.valid) {
       EXPECT_EQ(SECSuccess, rv);
@@ -69,6 +63,74 @@ class RsaOaepWycheproofTest
   };
 
  private:
+  void RunGroup(JsonReader& r) {
+    std::vector<RsaOaepTestVector> tests;
+    ScopedSECKEYPrivateKey private_key;
+    CK_MECHANISM_TYPE mgf_hash = CKM_INVALID_MECHANISM;
+    SECOidTag hash_oid = SEC_OID_UNKNOWN;
+
+    while (r.NextItem()) {
+      std::string n = r.ReadLabel();
+      if (n == "") {
+        break;
+      }
+
+      if (n == "d" || n == "e" || n == "keysize" || n == "n" ||
+          n == "privateKeyJwk" || n == "privateKeyPem") {
+        r.SkipValue();
+      } else if (n == "privateKeyPkcs8") {
+        std::vector<uint8_t> priv_key = r.ReadHex();
+        private_key = LoadPrivateKey(priv_key);
+      } else if (n == "mgf") {
+        ASSERT_EQ("MGF1", r.ReadString());
+      } else if (n == "mgfSha") {
+        mgf_hash = HashOidToHashMech(r.ReadHash());
+      } else if (n == "sha") {
+        hash_oid = r.ReadHash();
+      } else if (n == "type") {
+        ASSERT_EQ("RsaesOaepDecrypt", r.ReadString());
+      } else if (n == "tests") {
+        WycheproofReadTests(r, &tests, ReadTestAttr);
+      } else {
+        FAIL() << "unknown label in group: " << n;
+      }
+    }
+
+    for (auto& t : tests) {
+      TestDecrypt(private_key, hash_oid, mgf_hash, t);
+    }
+  }
+
+  ScopedSECKEYPrivateKey LoadPrivateKey(const std::vector<uint8_t>& priv_key) {
+    SECItem pkcs8_item = {siBuffer, toUcharPtr(priv_key.data()),
+                          static_cast<unsigned int>(priv_key.size())};
+
+    ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+    EXPECT_NE(nullptr, slot);
+
+    SECKEYPrivateKey* key = nullptr;
+    SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+        slot.get(), &pkcs8_item, nullptr, nullptr, false, false, KU_ALL, &key,
+        nullptr);
+    EXPECT_EQ(SECSuccess, rv);
+    EXPECT_NE(nullptr, key);
+
+    return ScopedSECKEYPrivateKey(key);
+  }
+
+  static void ReadTestAttr(RsaOaepTestVector& t, const std::string& n,
+                           JsonReader& r) {
+    if (n == "msg") {
+      t.msg = r.ReadHex();
+    } else if (n == "ct") {
+      t.ct = r.ReadHex();
+    } else if (n == "label") {
+      t.label = r.ReadHex();
+    } else {
+      FAIL() << "unsupported test case field: " << n;
+    }
+  }
+
   inline CK_MECHANISM_TYPE HashOidToHashMech(SECOidTag hash_oid) {
     switch (hash_oid) {
       case SEC_OID_SHA1:
@@ -88,35 +150,55 @@ class RsaOaepWycheproofTest
   }
 };
 
-TEST_P(RsaOaepWycheproofTest, OaepDecrypt) { TestDecrypt(GetParam()); }
-
-INSTANTIATE_TEST_SUITE_P(
-    WycheproofRsa2048Sha1OaepTest, RsaOaepWycheproofTest,
-    ::testing::ValuesIn(kRsaOaep2048Sha1WycheproofVectors));
-
-INSTANTIATE_TEST_SUITE_P(
-    WycheproofOaep2048Sha256Sha1Test, RsaOaepWycheproofTest,
-    ::testing::ValuesIn(kRsaOaep2048Sha256Mgf1Sha1WycheproofVectors));
-
-INSTANTIATE_TEST_SUITE_P(
-    WycheproofOaep2048Sha256Sha256Test, RsaOaepWycheproofTest,
-    ::testing::ValuesIn(kRsaOaep2048Sha256Mgf1Sha256WycheproofVectors));
-
-INSTANTIATE_TEST_SUITE_P(
-    WycheproofOaep2048Sha384Sha1Test, RsaOaepWycheproofTest,
-    ::testing::ValuesIn(kRsaOaep2048Sha384Mgf1Sha1WycheproofVectors));
+TEST_F(RsaOaepWycheproofTest, RsaOaep2048Sha1) {
+  Run("rsa_oaep_2048_sha1_mgf1sha1");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep2048Sha256MgfSha1) {
+  Run("rsa_oaep_2048_sha256_mgf1sha1");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep2048Sha256) {
+  Run("rsa_oaep_2048_sha256_mgf1sha256");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep2048Sha384MgfSha1) {
+  Run("rsa_oaep_2048_sha384_mgf1sha1");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep2048Sha384) {
+  Run("rsa_oaep_2048_sha384_mgf1sha384");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep2048Sha512MgfSha1) {
+  Run("rsa_oaep_2048_sha512_mgf1sha1");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep2048Sha512) {
+  Run("rsa_oaep_2048_sha512_mgf1sha512");
+}
 
-INSTANTIATE_TEST_SUITE_P(
-    WycheproofOaep2048Sha384Sha384Test, RsaOaepWycheproofTest,
-    ::testing::ValuesIn(kRsaOaep2048Sha384Mgf1Sha384WycheproofVectors));
+TEST_F(RsaOaepWycheproofTest, RsaOaep3072Sha256MgfSha1) {
+  Run("rsa_oaep_3072_sha256_mgf1sha1");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep3072Sha256) {
+  Run("rsa_oaep_3072_sha256_mgf1sha256");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep3072Sha512MgfSha1) {
+  Run("rsa_oaep_3072_sha512_mgf1sha1");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep3072Sha512) {
+  Run("rsa_oaep_3072_sha512_mgf1sha512");
+}
 
-INSTANTIATE_TEST_SUITE_P(
-    WycheproofOaep2048Sha512Sha1Test, RsaOaepWycheproofTest,
-    ::testing::ValuesIn(kRsaOaep2048Sha512Mgf1Sha1WycheproofVectors));
+TEST_F(RsaOaepWycheproofTest, RsaOaep4096Sha256MgfSha1) {
+  Run("rsa_oaep_4096_sha256_mgf1sha1");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep4096Sha256) {
+  Run("rsa_oaep_4096_sha256_mgf1sha256");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep4096Sha512MgfSha1) {
+  Run("rsa_oaep_4096_sha512_mgf1sha1");
+}
+TEST_F(RsaOaepWycheproofTest, RsaOaep4096Sha512) {
+  Run("rsa_oaep_4096_sha512_mgf1sha512");
+}
 
-INSTANTIATE_TEST_SUITE_P(
-    WycheproofOaep2048Sha512Sha512Test, RsaOaepWycheproofTest,
-    ::testing::ValuesIn(kRsaOaep2048Sha512Mgf1Sha512WycheproofVectors));
+TEST_F(RsaOaepWycheproofTest, RsaOaepMisc) { Run("rsa_oaep_misc"); }
 
 TEST(Pkcs11RsaOaepTest, TestOaepWrapUnwrap) {
   const size_t kRsaKeyBits = 2048;