1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <memory>
#include "nss.h"
#include "pk11pub.h"
#include "secerr.h"
#include "nss_scoped_ptrs.h"
#include "gtest/gtest.h"
#include "util.h"
namespace nss_test {
class Pkcs11SeedTest : public ::testing::Test {
protected:
void EncryptDecryptSeed(SECStatus expected, unsigned int input_size,
unsigned int output_size,
CK_MECHANISM_TYPE mech = CKM_SEED_CBC) {
// Generate a random key.
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
ScopedPK11SymKey sym_key(
PK11_KeyGen(slot.get(), mech, nullptr, 16, nullptr));
EXPECT_TRUE(!!sym_key);
std::vector<uint8_t> plaintext(input_size, 0xFF);
std::vector<uint8_t> init_vector(16);
std::vector<uint8_t> ciphertext(output_size, 0);
SECItem iv_param = {siBuffer, init_vector.data(),
(unsigned int)init_vector.size()};
std::vector<uint8_t> decrypted(output_size, 0);
// Try to encrypt, decrypt if positive test.
unsigned int output_len = 0;
EXPECT_EQ(expected,
PK11_Encrypt(sym_key.get(), mech, &iv_param, ciphertext.data(),
&output_len, output_size, plaintext.data(),
plaintext.size()));
if (expected == SECSuccess) {
EXPECT_EQ(expected,
PK11_Decrypt(sym_key.get(), mech, &iv_param, decrypted.data(),
&output_len, output_size, ciphertext.data(),
output_len));
decrypted.resize(output_len);
EXPECT_EQ(plaintext, decrypted);
}
}
};
#ifndef NSS_DISABLE_DEPRECATED_SEED
// The intention here is to test the arguments of these functions
// The resulted content is already tested in EncryptDeriveTests.
// SEED_CBC needs an IV of 16 bytes.
// The input data size must be multiple of 16.
// If not, some padding should be added.
// The output size must be at least the size of input data.
TEST_F(Pkcs11SeedTest, CBC_ValidArgs) {
EncryptDecryptSeed(SECSuccess, 16, 16);
// No problem if maxLen is bigger than input data.
EncryptDecryptSeed(SECSuccess, 16, 32);
}
TEST_F(Pkcs11SeedTest, CBC_InvalidArgs) {
// maxLen lower than input data.
EncryptDecryptSeed(SECFailure, 16, 10);
// input data not multiple of SEED_BLOCK_SIZE (16)
EncryptDecryptSeed(SECFailure, 17, 32);
}
TEST_F(Pkcs11SeedTest, ECB_Singleblock) {
EncryptDecryptSeed(SECSuccess, 16, 16, CKM_SEED_ECB);
}
TEST_F(Pkcs11SeedTest, ECB_Multiblock) {
EncryptDecryptSeed(SECSuccess, 64, 64, CKM_SEED_ECB);
}
#endif
} // namespace nss_test
|
