diff options
author | Kevin Jacobs <kjacobs@mozilla.com> | 2020-11-03 03:59:34 +0000 |
---|---|---|
committer | Kevin Jacobs <kjacobs@mozilla.com> | 2020-11-03 03:59:34 +0000 |
commit | fa5a1acccdb384ea09adc7fe0ce1395b5417caae (patch) | |
tree | 53718763247b4752c6b3eb34da7a9e78073aee1a /gtests/pk11_gtest | |
parent | 0b6941ec0161474b236cb3664941fe0297a7f6d3 (diff) | |
download | nss-hg-fa5a1acccdb384ea09adc7fe0ce1395b5417caae.tar.gz |
Bug 1672823 - Add Wycheproof HKDF test cases. r=bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D94496
Diffstat (limited to 'gtests/pk11_gtest')
-rw-r--r-- | gtests/pk11_gtest/manifest.mn | 2 | ||||
-rw-r--r-- | gtests/pk11_gtest/pk11_hkdf_unittest.cc | 338 |
2 files changed, 145 insertions, 195 deletions
diff --git a/gtests/pk11_gtest/manifest.mn b/gtests/pk11_gtest/manifest.mn index 0df698cc1..3056891c0 100644 --- a/gtests/pk11_gtest/manifest.mn +++ b/gtests/pk11_gtest/manifest.mn @@ -22,8 +22,8 @@ CPPSRCS = \ pk11_encrypt_derive_unittest.cc \ pk11_export_unittest.cc \ pk11_find_certs_unittest.cc \ - pk11_hpke_unittest.cc \ pk11_hkdf_unittest.cc \ + pk11_hpke_unittest.cc \ pk11_import_unittest.cc \ pk11_kbkdf.cc \ pk11_keygen.cc \ diff --git a/gtests/pk11_gtest/pk11_hkdf_unittest.cc b/gtests/pk11_gtest/pk11_hkdf_unittest.cc index 229dbb6ca..c3fff235b 100644 --- a/gtests/pk11_gtest/pk11_hkdf_unittest.cc +++ b/gtests/pk11_gtest/pk11_hkdf_unittest.cc @@ -12,238 +12,188 @@ #include "pk11pub.h" #include "secerr.h" #include "sechash.h" -#include "testvectors/hkdf-vectors.h" #include "util.h" -namespace nss_test { +#include "testvectors/hkdf-sha1-vectors.h" +#include "testvectors/hkdf-sha256-vectors.h" +#include "testvectors/hkdf-sha384-vectors.h" +#include "testvectors/hkdf-sha512-vectors.h" -/* different mechanisms for the tests */ -typedef int HkdfTestType; -const int kNSSHkdfLegacy = 0; -const int kPkcs11HkdfDerive = 1; -const int kPkcs11HkdfDeriveDataKey = 2; -const int kPkcs11HkdfSaltDerive = 3; -const int kPkcs11HkdfData = 4; -const int kPKCS11NumTypes = 5; +namespace nss_test { -enum class Pk11ImportType { data = 0, key = 1 }; -static const Pk11ImportType kImportTypesAll[] = {Pk11ImportType::data, - Pk11ImportType::key}; +enum class HkdfTestType { + legacy, /* CKM_NSS_HKDF_SHA... */ + derive, /* CKM_HKDF_DERIVE, ikm as secret key, salt as data. */ + deriveDataKey, /* CKM_HKDF_DERIVE, ikm as data, salt as data. */ + saltDerive, /* CKM_HKDF_DERIVE, [ikm, salt] as secret key, salt as key. */ + saltDeriveDataKey, /* CKM_HKDF_DERIVE, [ikm, salt] as data, salt as key. */ + hkdfData /* CKM_HKDF_DATA, ikm as data, salt as data. */ +}; +static const HkdfTestType kHkdfTestTypesAll[] = { + HkdfTestType::legacy, + HkdfTestType::derive, + HkdfTestType::deriveDataKey, + HkdfTestType::saltDerive, + HkdfTestType::saltDeriveDataKey, + HkdfTestType::hkdfData, +}; class Pkcs11HkdfTest - : public ::testing::TestWithParam<std::tuple<hkdf_vector, Pk11ImportType>> { + : public ::testing::TestWithParam< + std::tuple<HkdfTestVector, HkdfTestType, CK_MECHANISM_TYPE>> { protected: - CK_MECHANISM_TYPE Pk11HkdfToHash(CK_MECHANISM_TYPE nssHkdfMech) { - switch (nssHkdfMech) { - case CKM_NSS_HKDF_SHA1: - return CKM_SHA_1; - case CKM_NSS_HKDF_SHA256: - return CKM_SHA256; - case CKM_NSS_HKDF_SHA384: - return CKM_SHA384; - case CKM_NSS_HKDF_SHA512: - return CKM_SHA512; + CK_MECHANISM_TYPE Pk11MechToVendorMech(CK_MECHANISM_TYPE pk11_mech) { + switch (pk11_mech) { + case CKM_SHA_1: + return CKM_NSS_HKDF_SHA1; + case CKM_SHA256: + return CKM_NSS_HKDF_SHA256; + case CKM_SHA384: + return CKM_NSS_HKDF_SHA384; + case CKM_SHA512: + return CKM_NSS_HKDF_SHA512; default: - break; + ADD_FAILURE() << "Unknown hash mech"; + return CKM_INVALID_MECHANISM; } - - return CKM_INVALID_MECHANISM; } - ScopedPK11SymKey ImportKey(CK_KEY_TYPE key_type, SECItem *ikm_item, - Pk11ImportType import_type) { + ScopedPK11SymKey ImportKey(SECItem &ikm_item, bool import_as_data) { ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); - CK_MECHANISM_TYPE mech = CKM_HKDF_KEY_GEN; if (!slot) { ADD_FAILURE() << "Can't get slot"; return nullptr; } - switch (key_type) { - case CKK_GENERIC_SECRET: - mech = CKM_GENERIC_SECRET_KEY_GEN; - break; - case CKK_HKDF: - mech = CKM_HKDF_KEY_GEN; - break; - } ScopedPK11SymKey ikm; - - if (import_type == Pk11ImportType::key) { - ikm.reset(PK11_ImportSymKey(slot.get(), mech, PK11_OriginUnwrap, CKA_SIGN, - ikm_item, nullptr)); + if (import_as_data) { + ikm.reset(PK11_ImportDataKey(slot.get(), CKM_HKDF_KEY_GEN, + PK11_OriginUnwrap, CKA_SIGN, &ikm_item, + nullptr)); } else { - ikm.reset(PK11_ImportDataKey(slot.get(), mech, PK11_OriginUnwrap, - CKA_SIGN, ikm_item, nullptr)); + ikm.reset(PK11_ImportSymKey(slot.get(), CKM_GENERIC_SECRET_KEY_GEN, + PK11_OriginUnwrap, CKA_SIGN, &ikm_item, + nullptr)); } - return ikm; } - void RunTest(hkdf_vector vec, HkdfTestType test_type, CK_KEY_TYPE key_type, - Pk11ImportType import_type) { - SECItem ikm_item = {siBuffer, vec.ikm.data(), - static_cast<unsigned int>(vec.ikm.size())}; - SECItem salt_item = {siBuffer, vec.salt.data(), - static_cast<unsigned int>(vec.salt.size())}; - CK_MECHANISM_TYPE derive_mech = vec.mech; + void RunWycheproofTest(const HkdfTestVector &vec, HkdfTestType test_type, + CK_MECHANISM_TYPE hash_mech) { + std::string msg = "Test #" + std::to_string(vec.id) + " failed"; + std::vector<uint8_t> vec_ikm = hex_string_to_bytes(vec.ikm); + std::vector<uint8_t> vec_okm = hex_string_to_bytes(vec.okm); + std::vector<uint8_t> vec_info = hex_string_to_bytes(vec.info); + std::vector<uint8_t> vec_salt = hex_string_to_bytes(vec.salt); + SECItem ikm_item = {siBuffer, vec_ikm.data(), + static_cast<unsigned int>(vec_ikm.size())}; + SECItem okm_item = {siBuffer, vec_okm.data(), + static_cast<unsigned int>(vec_okm.size())}; + SECItem salt_item = {siBuffer, vec_salt.data(), + static_cast<unsigned int>(vec_salt.size())}; + CK_MECHANISM_TYPE derive_mech = CKM_HKDF_DERIVE; + ScopedPK11SymKey salt_key = nullptr; + ScopedPK11SymKey ikm = nullptr; + + // Legacy vendor mech params CK_NSS_HKDFParams nss_hkdf_params = { - true, vec.salt.data(), static_cast<unsigned int>(vec.salt.size()), - true, vec.info.data(), static_cast<unsigned int>(vec.info.size())}; - CK_HKDF_PARAMS hkdf_params = {true, - true, - vec.mech, - CKF_HKDF_SALT_DATA, - vec.salt.data(), - static_cast<unsigned int>(vec.salt.size()), - CK_INVALID_HANDLE, - vec.info.data(), - static_cast<unsigned int>(vec.info.size())}; - SECItem params_item = {siBuffer, (unsigned char *)&nss_hkdf_params, - sizeof(nss_hkdf_params)}; - - ScopedPK11SymKey ikm = ImportKey(key_type, &ikm_item, import_type); - ScopedPK11SymKey salt_key = NULL; - ASSERT_NE(nullptr, ikm.get()); + true, vec_salt.data(), static_cast<unsigned int>(vec_salt.size()), + true, vec_info.data(), static_cast<unsigned int>(vec_info.size())}; + + // PKCS #11 v3.0 + CK_HKDF_PARAMS hkdf_params = { + true, + true, + hash_mech, + vec_salt.size() ? CKF_HKDF_SALT_DATA : CKF_HKDF_SALT_NULL, + vec_salt.size() ? vec_salt.data() : nullptr, + static_cast<unsigned int>(vec_salt.size()), + CK_INVALID_HANDLE, + vec_info.data(), + static_cast<unsigned int>(vec_info.size())}; + SECItem params_item = {siBuffer, (unsigned char *)&hkdf_params, + sizeof(hkdf_params)}; switch (test_type) { - case kNSSHkdfLegacy: - printf("kNSSHkdfLegacy\n"); - break; /* already set up */ - case kPkcs11HkdfDeriveDataKey: { - ScopedPK11SlotInfo slot(PK11_GetSlotFromKey(ikm.get())); - /* replaces old key with our new data key */ - SECItem data_item = {siBuffer, vec.ikm.data(), - static_cast<unsigned int>(vec.ikm.size())}; - ikm = ScopedPK11SymKey(PK11_ImportDataKey(slot.get(), CKM_HKDF_DERIVE, - PK11_OriginUnwrap, CKA_DERIVE, - &data_item, NULL)); - ASSERT_NE(nullptr, ikm.get()); - } - /* fall through */ - case kPkcs11HkdfSaltDerive: - case kPkcs11HkdfDerive: - if (hkdf_params.ulSaltLen == 0) { - hkdf_params.ulSaltType = CKF_HKDF_SALT_NULL; - printf("kPkcs11HkdfNullSaltDerive\n"); - } else if (test_type == kPkcs11HkdfSaltDerive) { - salt_key = ImportKey(key_type, &salt_item, import_type); - hkdf_params.ulSaltType = CKF_HKDF_SALT_KEY; - hkdf_params.ulSaltLen = 0; - hkdf_params.pSalt = NULL; - hkdf_params.hSaltKey = PK11_GetSymKeyHandle(salt_key.get()); - printf("kPkcs11HkdfSaltDerive\n"); - } else { - printf("kPkcs11HkdfDerive%s\n", - (test_type == kPkcs11HkdfDeriveDataKey) ? "DataKey" : ""); - } - hkdf_params.prfHashMechanism = Pk11HkdfToHash(vec.mech); - params_item.data = (unsigned char *)&hkdf_params; - params_item.len = sizeof(hkdf_params); - derive_mech = CKM_HKDF_DERIVE; + case HkdfTestType::legacy: + derive_mech = Pk11MechToVendorMech(hash_mech); + params_item.data = (uint8_t *)&nss_hkdf_params; + params_item.len = sizeof(nss_hkdf_params); + ikm = ImportKey(ikm_item, false); + break; + case HkdfTestType::derive: + ikm = ImportKey(ikm_item, false); + break; + case HkdfTestType::deriveDataKey: + ikm = ImportKey(ikm_item, true); + break; + case HkdfTestType::saltDerive: + ikm = ImportKey(ikm_item, false); + salt_key = ImportKey(salt_item, false); break; - case kPkcs11HkdfData: - printf("kPkcs11HkdfData\n"); - if (hkdf_params.ulSaltLen == 0) { - hkdf_params.ulSaltType = CKF_HKDF_SALT_NULL; - } - hkdf_params.prfHashMechanism = Pk11HkdfToHash(vec.mech); - params_item.data = (unsigned char *)&hkdf_params; - params_item.len = sizeof(hkdf_params); + case HkdfTestType::saltDeriveDataKey: + ikm = ImportKey(ikm_item, true); + salt_key = ImportKey(salt_item, true); + break; + case HkdfTestType::hkdfData: derive_mech = CKM_HKDF_DATA; + ikm = ImportKey(ikm_item, true); break; + default: + ADD_FAILURE() << msg; + return; } - ASSERT_NE(derive_mech, CKM_INVALID_MECHANISM); + ASSERT_NE(nullptr, ikm) << msg; + + if (test_type == HkdfTestType::saltDerive || + test_type == HkdfTestType::saltDeriveDataKey) { + ASSERT_NE(nullptr, salt_key) << msg; + hkdf_params.ulSaltType = CKF_HKDF_SALT_KEY; + hkdf_params.ulSaltLen = 0; + hkdf_params.pSalt = NULL; + hkdf_params.hSaltKey = PK11_GetSymKeyHandle(salt_key.get()); + } + ScopedPK11SymKey okm = ScopedPK11SymKey( PK11_Derive(ikm.get(), derive_mech, ¶ms_item, - CKM_GENERIC_SECRET_KEY_GEN, CKA_DERIVE, vec.l)); - if (vec.res.expect_rv == SECSuccess) { - ASSERT_NE(nullptr, okm.get()); - if (vec.res.output_match) { - ASSERT_EQ(SECSuccess, PK11_ExtractKeyValue(okm.get())); - SECItem *act_okm_item = PK11_GetKeyData(okm.get()); - SECItem vec_okm_item = {siBuffer, vec.okm.data(), - static_cast<unsigned int>(vec.okm.size())}; - ASSERT_EQ(0, SECITEM_CompareItem(&vec_okm_item, act_okm_item)); - } + CKM_GENERIC_SECRET_KEY_GEN, CKA_DERIVE, vec.size)); + if (vec.valid) { + ASSERT_NE(nullptr, okm.get()) << msg; + ASSERT_EQ(SECSuccess, PK11_ExtractKeyValue(okm.get())) << msg; + ASSERT_EQ(0, SECITEM_CompareItem(&okm_item, PK11_GetKeyData(okm.get()))) + << msg; } else { - ASSERT_EQ(nullptr, okm.get()); - } - } - void RunTest(hkdf_vector vec, Pk11ImportType import_type) { - HkdfTestType test_type; - - for (test_type = kNSSHkdfLegacy; test_type < kPKCS11NumTypes; test_type++) { - RunTest(vec, test_type, CKK_GENERIC_SECRET, import_type); - if (test_type == kPkcs11HkdfDeriveDataKey) { - continue; - } - RunTest(vec, test_type, CKK_HKDF, import_type); + ASSERT_EQ(nullptr, okm.get()) << msg; } } }; -TEST_P(Pkcs11HkdfTest, TestVectors) { - RunTest(std::get<0>(GetParam()), std::get<1>(GetParam())); +TEST_P(Pkcs11HkdfTest, WycheproofVectors) { + RunWycheproofTest(std::get<0>(GetParam()), std::get<1>(GetParam()), + std::get<2>(GetParam())); } INSTANTIATE_TEST_CASE_P( - Pkcs11HkdfTests, Pkcs11HkdfTest, - ::testing::Combine(::testing::ValuesIn(kHkdfTestVectors), - ::testing::ValuesIn(kImportTypesAll))); - -TEST_F(Pkcs11HkdfTest, OkmLimits) { - hkdf_vector vector{ - 0, - CKM_NSS_HKDF_SHA1, - 255 * SHA1_LENGTH /* per rfc5869 */, - {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, - {}, - {}, - {}, - {SECSuccess, false} /* Only looking at return value */ - }; - - // SHA1 limit - RunTest(vector, Pk11ImportType::key); - - // SHA1 limit + 1 - vector.l += 1; - vector.res.expect_rv = SECFailure; - RunTest(vector, Pk11ImportType::key); - - // SHA256 limit - vector.mech = CKM_NSS_HKDF_SHA256; - vector.l = 255 * SHA256_LENGTH; /* per rfc5869 */ - vector.res.expect_rv = SECSuccess; - RunTest(vector, Pk11ImportType::data); - - // SHA256 limit + 1 - vector.l += 1; - vector.res.expect_rv = SECFailure; - RunTest(vector, Pk11ImportType::data); - - // SHA384 limit - vector.mech = CKM_NSS_HKDF_SHA384; - vector.l = 255 * SHA384_LENGTH; /* per rfc5869 */ - vector.res.expect_rv = SECSuccess; - RunTest(vector, Pk11ImportType::key); - - // SHA384 limit + 1 - vector.l += 1; - vector.res.expect_rv = SECFailure; - RunTest(vector, Pk11ImportType::key); - - // SHA512 limit - vector.mech = CKM_NSS_HKDF_SHA512; - vector.l = 255 * SHA512_LENGTH; /* per rfc5869 */ - vector.res.expect_rv = SECSuccess; - RunTest(vector, Pk11ImportType::data); - - // SHA512 limit + 1 - vector.l += 1; - vector.res.expect_rv = SECFailure; - RunTest(vector, Pk11ImportType::data); -} + HkdfSha1, Pkcs11HkdfTest, + ::testing::Combine(::testing::ValuesIn(kHkdfSha1WycheproofVectors), + ::testing::ValuesIn(kHkdfTestTypesAll), + ::testing::Values(CKM_SHA_1))); + +INSTANTIATE_TEST_CASE_P( + HkdfSha256, Pkcs11HkdfTest, + ::testing::Combine(::testing::ValuesIn(kHkdfSha256WycheproofVectors), + ::testing::ValuesIn(kHkdfTestTypesAll), + ::testing::Values(CKM_SHA256))); + +INSTANTIATE_TEST_CASE_P( + HkdfSha384, Pkcs11HkdfTest, + ::testing::Combine(::testing::ValuesIn(kHkdfSha384WycheproofVectors), + ::testing::ValuesIn(kHkdfTestTypesAll), + ::testing::Values(CKM_SHA384))); + +INSTANTIATE_TEST_CASE_P( + HkdfSha512, Pkcs11HkdfTest, + ::testing::Combine(::testing::ValuesIn(kHkdfSha512WycheproofVectors), + ::testing::ValuesIn(kHkdfTestTypesAll), + ::testing::Values(CKM_SHA512))); } // namespace nss_test |