From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- .../nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc | 184 +++++++++++++++++++++ 1 file changed, 184 insertions(+) create mode 100644 security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc (limited to 'security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc') diff --git a/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc new file mode 100644 index 0000000000..5036540612 --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc @@ -0,0 +1,184 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include +#include "nss.h" +#include "pk11pub.h" + +#include "gtest/gtest.h" +#include "nss_scoped_ptrs.h" + +namespace nss_test { + +static unsigned char* ToUcharPtr(std::string& str) { + return const_cast( + reinterpret_cast(str.c_str())); +} + +class Pkcs11Pbkdf2Test : public ::testing::Test { + public: + void Derive(std::vector& derived, SECOidTag hash_alg) { + // Shared between test vectors. + const unsigned int kIterations = 4096; + std::string pass("passwordPASSWORDpassword"); + std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt"); + + // Derivation must succeed with the right values. + EXPECT_TRUE(DeriveBytes(pass, salt, derived, hash_alg, kIterations)); + + // Derivation must fail when the password is bogus. + std::string bogus_pass("PasswordPASSWORDpassword"); + EXPECT_FALSE(DeriveBytes(bogus_pass, salt, derived, hash_alg, kIterations)); + + // Derivation must fail when the salt is bogus. + std::string bogus_salt("SaltSALTsaltSALTsaltSALTsaltSALTsalt"); + EXPECT_FALSE(DeriveBytes(pass, bogus_salt, derived, hash_alg, kIterations)); + + // Derivation must fail when using the wrong hash function. + SECOidTag next_hash_alg = static_cast(hash_alg + 1); + EXPECT_FALSE(DeriveBytes(pass, salt, derived, next_hash_alg, kIterations)); + + // Derivation must fail when using the wrong number of kIterations. + EXPECT_FALSE(DeriveBytes(pass, salt, derived, hash_alg, kIterations + 1)); + } + + void KeySizes(SECOidTag hash_alg) { + // These tests will only validate the controls around the key sizes. + // The resulting key is tested above, with valid key sizes. + const unsigned int kIterations = 10; + std::string pass("passwordPASSWORDpassword"); + std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt"); + std::string salt_empty(""); + + // Derivation must fail when using key sizes bigger than MAX_KEY_LEN. + const int big_key_size = 768; + EXPECT_FALSE(KeySizeParam(pass, salt, big_key_size, hash_alg, kIterations)); + + // Zero is acceptable as key size and will be managed internally. + const int zero_key_size = 0; + EXPECT_TRUE(KeySizeParam(pass, salt, zero_key_size, hash_alg, kIterations)); + + // Zero is acceptable as salt size and will be managed internally. + EXPECT_TRUE( + KeySizeParam(pass, salt_empty, zero_key_size, hash_alg, kIterations)); + + // -1 will be set to 0 internally and this means that the key size will be + // obtained from the template. If the template doesn't have this defined, + // it must fail. + const int minus_key_size = -1; + EXPECT_FALSE( + KeySizeParam(pass, salt, minus_key_size, hash_alg, kIterations)); + + // Lower than -1 is not allowed, as -1 means no keyLen defined. + const int negative_key_size = -10; + EXPECT_FALSE( + KeySizeParam(pass, salt, negative_key_size, hash_alg, kIterations)); + + // Malformed inputs are handled without crashing + EXPECT_FALSE( + MalformedPass(pass, salt, big_key_size, hash_alg, kIterations)); + EXPECT_FALSE( + MalformedSalt(pass, salt, big_key_size, hash_alg, kIterations)); + } + + private: + bool DeriveBytes(std::string& pass, std::string& salt, + std::vector& derived, SECOidTag hash_alg, + unsigned int kIterations) { + SECItem pass_item = {siBuffer, ToUcharPtr(pass), + static_cast(pass.length())}; + SECItem salt_item = {siBuffer, ToUcharPtr(salt), + static_cast(salt.length())}; + + // Set up PBKDF2 params. + ScopedSECAlgorithmID alg_id( + PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg, + derived.size(), kIterations, &salt_item)); + + // Derive. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ScopedPK11SymKey sym_key( + PK11_PBEKeyGen(slot.get(), alg_id.get(), &pass_item, false, nullptr)); + + SECStatus rv = PK11_ExtractKeyValue(sym_key.get()); + EXPECT_EQ(rv, SECSuccess); + + SECItem* key_data = PK11_GetKeyData(sym_key.get()); + return !memcmp(&derived[0], key_data->data, key_data->len); + } + + bool GenerateKey(SECItem pass_item, SECItem salt_item, const int key_size, + SECOidTag hash_alg, unsigned int kIterations) { + // Set up PBKDF2 params. + ScopedSECAlgorithmID alg_id( + PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg, + key_size, kIterations, &salt_item)); + + // Try to generate a key with the defined params. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ScopedPK11SymKey sym_key( + PK11_PBEKeyGen(slot.get(), alg_id.get(), &pass_item, false, nullptr)); + + // Should be nullptr if fail. + return sym_key.get(); + } + + bool KeySizeParam(std::string& pass, std::string& salt, const int key_size, + SECOidTag hash_alg, unsigned int kIterations) { + SECItem pass_item = {siBuffer, ToUcharPtr(pass), + static_cast(pass.length())}; + SECItem salt_item = {siBuffer, ToUcharPtr(salt), + static_cast(salt.length())}; + + return GenerateKey(pass_item, salt_item, key_size, hash_alg, kIterations); + } + + bool MalformedSalt(std::string& pass, std::string& salt, const int key_size, + SECOidTag hash_alg, unsigned int kIterations) { + SECItem pass_item = {siBuffer, ToUcharPtr(pass), + static_cast(pass.length())}; + SECItem salt_item = {siBuffer, nullptr, 0}; + + return GenerateKey(pass_item, salt_item, key_size, hash_alg, kIterations); + } + + bool MalformedPass(std::string& pass, std::string& salt, const int key_size, + SECOidTag hash_alg, unsigned int kIterations) { + SECItem pass_item = {siBuffer, nullptr, 0}; + SECItem salt_item = {siBuffer, ToUcharPtr(salt), + static_cast(salt.length())}; + + return GenerateKey(pass_item, salt_item, key_size, hash_alg, kIterations); + } +}; + +// RFC 6070 +TEST_F(Pkcs11Pbkdf2Test, DeriveKnown1) { + std::vector derived = {0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, + 0x9b, 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, + 0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c, + 0xf2, 0xf0, 0x70, 0x38}; + + Derive(derived, SEC_OID_HMAC_SHA1); +} + +// https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors +TEST_F(Pkcs11Pbkdf2Test, DeriveKnown2) { + std::vector derived = { + 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, + 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e, + 0xbc, 0x18, 0x00, 0x18, 0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd, + 0x53, 0xe1, 0xc6, 0x35, 0x51, 0x8c, 0x7d, 0xac, 0x47, 0xe9}; + + Derive(derived, SEC_OID_HMAC_SHA256); +} + +TEST_F(Pkcs11Pbkdf2Test, KeyLenSizes) { + // The size controls are regardless of the algorithms. + KeySizes(SEC_OID_HMAC_SHA256); +} + +} // namespace nss_test -- cgit v1.2.3