1 files changed, 130 insertions, 0 deletions
diff --git a/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc
new file mode 100644
index 0000000000..f960e58c37
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc
@@ -0,0 +1,130 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "secerr.h"
+#include "sechash.h"
+
+#include "blapi.h"
+
+#include "gtest/gtest.h"
+#include "nss_scoped_ptrs.h"
+#include "testvectors/cmac-vectors.h"
+#include "util.h"
+
+namespace nss_test {
+
+class Pkcs11AesCmacTest : public ::testing::TestWithParam<AesCmacTestVector> {
+ protected:
+  ScopedPK11SymKey ImportKey(CK_MECHANISM_TYPE mech, SECItem *key_item) {
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    if (!slot) {
+      ADD_FAILURE() << "Can't get slot";
+      return nullptr;
+    }
+
+    ScopedPK11SymKey result(PK11_ImportSymKey(
+        slot.get(), mech, PK11_OriginUnwrap, CKA_SIGN, key_item, nullptr));
+
+    return result;
+  }
+
+  void RunTest(uint8_t *key, unsigned int key_len, uint8_t *data,
+               unsigned int data_len, uint8_t *expected,
+               unsigned int expected_len, CK_ULONG mechanism) {
+    // Create SECItems for everything...
+    std::vector<uint8_t> output(expected_len);
+    SECItem key_item = {siBuffer, key, key_len};
+    SECItem output_item = {siBuffer, output.data(), expected_len};
+    SECItem data_item = {siBuffer, data, data_len};
+    SECItem expected_item = {siBuffer, expected, expected_len};
+
+    // Do the PKCS #11 stuff...
+    ScopedPK11SymKey p11_key = ImportKey(mechanism, &key_item);
+    ASSERT_NE(nullptr, p11_key.get());
+
+    SECStatus ret = PK11_SignWithSymKey(p11_key.get(), CKM_AES_CMAC, NULL,
+                                        &output_item, &data_item);
+
+    // Verify the result...
+    ASSERT_EQ(SECSuccess, ret);
+    ASSERT_EQ(0, SECITEM_CompareItem(&output_item, &expected_item));
+  }
+
+  void RunTestVector(const AesCmacTestVector vec) {
+    bool valid = !vec.invalid;
+    std::string err = "Test #" + std::to_string(vec.id) + " failed";
+    std::vector<uint8_t> key = hex_string_to_bytes(vec.key);
+    std::vector<uint8_t> tag = hex_string_to_bytes(vec.tag);
+    std::vector<uint8_t> msg = hex_string_to_bytes(vec.msg);
+
+    std::vector<uint8_t> output(AES_BLOCK_SIZE);
+    // Don't provide a null pointer, even if the input is empty.
+    uint8_t tmp;
+    SECItem key_item = {siBuffer, key.data() ? key.data() : &tmp,
+                        static_cast<unsigned int>(key.size())};
+    SECItem tag_item = {siBuffer, tag.data() ? tag.data() : &tmp,
+                        static_cast<unsigned int>(tag.size())};
+    SECItem msg_item = {siBuffer, msg.data() ? msg.data() : &tmp,
+                        static_cast<unsigned int>(msg.size())};
+    SECItem out_item = {siBuffer, output.data() ? output.data() : &tmp,
+                        static_cast<unsigned int>(output.size())};
+
+    ScopedPK11SymKey p11_key = ImportKey(CKM_AES_CMAC_GENERAL, &key_item);
+    if (vec.comment == "invalid key size") {
+      ASSERT_EQ(nullptr, p11_key.get()) << err;
+      return;
+    }
+
+    ASSERT_NE(nullptr, p11_key.get()) << err;
+    SECStatus rv = PK11_SignWithSymKey(p11_key.get(), CKM_AES_CMAC, NULL,
+                                       &out_item, &msg_item);
+
+    EXPECT_EQ(SECSuccess, rv) << err;
+    EXPECT_EQ(valid, 0 == SECITEM_CompareItem(&out_item, &tag_item)) << err;
+  }
+};
+
+TEST_P(Pkcs11AesCmacTest, TestVectors) { RunTestVector(GetParam()); }
+
+INSTANTIATE_TEST_SUITE_P(WycheproofTestVector, Pkcs11AesCmacTest,
+                         ::testing::ValuesIn(kCmacWycheproofVectors));
+
+// Sanity check of the PKCS #11 API only. Extensive tests for correctness of
+// underling CMAC implementation conducted in the following file:
+//      gtests/freebl_gtest/cmac_unittests.cc
+
+TEST_F(Pkcs11AesCmacTest, Aes128NistExample1) {
+  uint8_t key[AES_128_KEY_LENGTH] = {0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE,
+                                     0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
+                                     0x09, 0xCF, 0x4F, 0x3C};
+  uint8_t known[AES_BLOCK_SIZE] = {0xBB, 0x1D, 0x69, 0x29, 0xE9, 0x59,
+                                   0x37, 0x28, 0x7F, 0xA3, 0x7D, 0x12,
+                                   0x9B, 0x75, 0x67, 0x46};
+
+  RunTest(key, AES_128_KEY_LENGTH, NULL, 0, known, AES_BLOCK_SIZE,
+          CKM_AES_CMAC);
+}
+
+TEST_F(Pkcs11AesCmacTest, General) {
+  uint8_t key[AES_128_KEY_LENGTH] = {0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE,
+                                     0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
+                                     0x09, 0xCF, 0x4F, 0x3C};
+  uint8_t known[4] = {0xBB, 0x1D, 0x69, 0x29};
+
+  RunTest(key, AES_128_KEY_LENGTH, NULL, 0, known, 4, CKM_AES_CMAC_GENERAL);
+}
+
+TEST_F(Pkcs11AesCmacTest, InvalidKeySize) {
+  uint8_t key[4] = {0x00, 0x00, 0x00, 0x00};
+  SECItem key_item = {siBuffer, key, 4};
+
+  ScopedPK11SymKey result = ImportKey(CKM_AES_CMAC, &key_item);
+  ASSERT_EQ(nullptr, result.get());
+}
+}  // namespace nss_test