From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- .../gtests/pk11_gtest/pk11_seed_cbc_unittest.cc | 82 ++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc (limited to 'security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc') diff --git a/security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc new file mode 100644 index 0000000000..7f389fef17 --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc @@ -0,0 +1,82 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include +#include "nss.h" +#include "pk11pub.h" +#include "secerr.h" + +#include "nss_scoped_ptrs.h" +#include "gtest/gtest.h" +#include "util.h" + +namespace nss_test { +class Pkcs11SeedTest : public ::testing::Test { + protected: + void EncryptDecryptSeed(SECStatus expected, unsigned int input_size, + unsigned int output_size, + CK_MECHANISM_TYPE mech = CKM_SEED_CBC) { + // Generate a random key. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ScopedPK11SymKey sym_key( + PK11_KeyGen(slot.get(), mech, nullptr, 16, nullptr)); + EXPECT_TRUE(!!sym_key); + + std::vector plaintext(input_size, 0xFF); + std::vector init_vector(16); + std::vector ciphertext(output_size, 0); + SECItem iv_param = {siBuffer, init_vector.data(), + (unsigned int)init_vector.size()}; + std::vector decrypted(output_size, 0); + + // Try to encrypt, decrypt if positive test. + unsigned int output_len = 0; + EXPECT_EQ(expected, + PK11_Encrypt(sym_key.get(), mech, &iv_param, ciphertext.data(), + &output_len, output_size, plaintext.data(), + plaintext.size())); + + if (expected == SECSuccess) { + EXPECT_EQ(expected, + PK11_Decrypt(sym_key.get(), mech, &iv_param, decrypted.data(), + &output_len, output_size, ciphertext.data(), + output_len)); + decrypted.resize(output_len); + EXPECT_EQ(plaintext, decrypted); + } + } +}; + +#ifndef NSS_DISABLE_DEPRECATED_SEED +// The intention here is to test the arguments of these functions +// The resulted content is already tested in EncryptDeriveTests. +// SEED_CBC needs an IV of 16 bytes. +// The input data size must be multiple of 16. +// If not, some padding should be added. +// The output size must be at least the size of input data. +TEST_F(Pkcs11SeedTest, CBC_ValidArgs) { + EncryptDecryptSeed(SECSuccess, 16, 16); + // No problem if maxLen is bigger than input data. + EncryptDecryptSeed(SECSuccess, 16, 32); +} + +TEST_F(Pkcs11SeedTest, CBC_InvalidArgs) { + // maxLen lower than input data. + EncryptDecryptSeed(SECFailure, 16, 10); + // input data not multiple of SEED_BLOCK_SIZE (16) + EncryptDecryptSeed(SECFailure, 17, 32); +} + +TEST_F(Pkcs11SeedTest, ECB_Singleblock) { + EncryptDecryptSeed(SECSuccess, 16, 16, CKM_SEED_ECB); +} + +TEST_F(Pkcs11SeedTest, ECB_Multiblock) { + EncryptDecryptSeed(SECSuccess, 64, 64, CKM_SEED_ECB); +} +#endif + +} // namespace nss_test -- cgit v1.2.3