gtests/pk11_gtest/pk11_ecdh_unittest.cc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

#include <memory>
#include "nss.h"
#include "pk11pub.h"

#include "cpputil.h"
#include "nss_scoped_ptrs.h"

#include "testvectors/p256ecdh-vectors.h"
#include "testvectors/p384ecdh-vectors.h"
#include "testvectors/p521ecdh-vectors.h"
#include "gtest/gtest.h"

namespace nss_test {

class Pkcs11EcdhTest : public ::testing::TestWithParam<EcdhTestVector> {
 protected:
  void Derive(const EcdhTestVector vec) {
    std::string err = "Test #" + std::to_string(vec.id) + " failed";

    SECItem expect_item = {siBuffer, toUcharPtr(vec.secret.data()),
                           static_cast<unsigned int>(vec.secret.size())};

    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
    ASSERT_TRUE(slot);

    SECItem priv_item = {siBuffer, toUcharPtr(vec.private_key.data()),
                         static_cast<unsigned int>(vec.private_key.size())};
    SECKEYPrivateKey* key = nullptr;
    SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
        slot.get(), &priv_item, nullptr, nullptr, false, false, KU_ALL, &key,
        nullptr);
    EXPECT_EQ(SECSuccess, rv) << err;

    ScopedSECKEYPrivateKey priv_key(key);
    ASSERT_TRUE(priv_key) << err;

    SECItem spki_item = {siBuffer, toUcharPtr(vec.public_key.data()),
                         static_cast<unsigned int>(vec.public_key.size())};

    ScopedCERTSubjectPublicKeyInfo cert_spki(
        SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
    if (vec.valid) {
      ASSERT_TRUE(!!cert_spki) << err;
    } else if (!cert_spki) {
      ASSERT_TRUE(vec.invalid_asn) << err;
      return;
    }

    ScopedSECKEYPublicKey pub_key(SECKEY_ExtractPublicKey(cert_spki.get()));
    if (vec.valid) {
      ASSERT_TRUE(!!pub_key) << err;
    } else if (!pub_key) {
      ASSERT_FALSE(vec.valid) << err;
      return;
    }

    ScopedPK11SymKey sym_key(
        PK11_PubDeriveWithKDF(priv_key.get(), pub_key.get(), false, nullptr,
                              nullptr, CKM_ECDH1_DERIVE, CKM_SHA512_HMAC,
                              CKA_DERIVE, 0, CKD_NULL, nullptr, nullptr));
    ASSERT_EQ(vec.valid, !!sym_key) << err;

    if (vec.valid) {
      rv = PK11_ExtractKeyValue(sym_key.get());
      EXPECT_EQ(SECSuccess, rv) << err;

      SECItem* derived_key = PK11_GetKeyData(sym_key.get());
      EXPECT_EQ(0, SECITEM_CompareItem(derived_key, &expect_item)) << err;
    }
  };
};

TEST_P(Pkcs11EcdhTest, TestVectors) { Derive(GetParam()); }

INSTANTIATE_TEST_SUITE_P(WycheproofP256EcdhTest, Pkcs11EcdhTest,
                         ::testing::ValuesIn(kP256EcdhWycheproofVectors));
INSTANTIATE_TEST_SUITE_P(WycheproofP384EcdhTest, Pkcs11EcdhTest,
                         ::testing::ValuesIn(kP384EcdhWycheproofVectors));
INSTANTIATE_TEST_SUITE_P(WycheproofP521EcdhTest, Pkcs11EcdhTest,
                         ::testing::ValuesIn(kP521EcdhWycheproofVectors));

}  // namespace nss_test