1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "gtest/gtest.h"
#include "nss_scoped_ptrs.h"
#include "pk11_keygen.h"
#include "pk11pub.h"
#include "blapi.h"
#include "secport.h"
namespace nss_test {
class Pkcs11KEMTest : public ::testing::Test {
protected:
PK11SymKey *Encapsulate(const ScopedSECKEYPublicKey &pub,
CK_MECHANISM_TYPE target, PK11AttrFlags attrFlags,
CK_FLAGS opFlags, ScopedSECItem *ciphertext) {
PK11SymKey *sharedSecretRawPtr;
SECItem *ciphertextRawPtr;
EXPECT_EQ(SECSuccess,
PK11_Encapsulate(pub.get(), target, attrFlags, opFlags,
&sharedSecretRawPtr, &ciphertextRawPtr));
ciphertext->reset(ciphertextRawPtr);
return sharedSecretRawPtr;
}
PK11SymKey *Decapsulate(const ScopedSECKEYPrivateKey &priv,
const ScopedSECItem &ciphertext,
CK_MECHANISM_TYPE target, PK11AttrFlags attrFlags,
CK_FLAGS opFlags) {
PK11SymKey *sharedSecretRawPtr;
EXPECT_EQ(SECSuccess,
PK11_Decapsulate(priv.get(), ciphertext.get(), target, attrFlags,
opFlags, &sharedSecretRawPtr));
return sharedSecretRawPtr;
}
SECItem *getRawKeyData(const ScopedPK11SymKey &key) {
SECStatus rv = PK11_ExtractKeyValue(key.get());
EXPECT_EQ(SECSuccess, rv);
SECItem *keyData = PK11_GetKeyData(key.get());
EXPECT_NE(nullptr, keyData);
EXPECT_NE(nullptr, keyData->data);
return keyData;
}
void checkSymKeyAttributeValue(const ScopedPK11SymKey &key,
CK_ATTRIBUTE_TYPE attr,
uint8_t *expectedValue) {
SECItem attrValue;
EXPECT_EQ(SECSuccess, PK11_ReadRawAttribute(PK11_TypeSymKey, key.get(),
attr, &attrValue));
EXPECT_EQ(0, memcmp(expectedValue, attrValue.data, attrValue.len));
SECITEM_FreeItem(&attrValue, PR_FALSE);
}
};
TEST_F(Pkcs11KEMTest, KemConsistencyTest) {
Pkcs11KeyPairGenerator generator(CKM_NSS_KYBER_KEY_PAIR_GEN);
ScopedSECKEYPrivateKey priv;
ScopedSECKEYPublicKey pub;
generator.GenerateKey(&priv, &pub, false);
ASSERT_EQ((unsigned int)KYBER768_PUBLIC_KEY_BYTES,
(unsigned int)pub->u.kyber.publicValue.len);
// Copy the public key to simulate receiving the key as an octet string
ScopedSECKEYPublicKey pubCopy(SECKEY_CopyPublicKey(pub.get()));
ASSERT_NE(nullptr, pubCopy);
ScopedPK11SlotInfo slot(PK11_GetBestSlot(CKM_NSS_KYBER, nullptr));
ASSERT_NE(nullptr, slot);
ASSERT_NE((unsigned int)CK_INVALID_HANDLE,
PK11_ImportPublicKey(slot.get(), pubCopy.get(), PR_FALSE));
ScopedSECItem ciphertext;
ScopedPK11SymKey sharedSecret(Encapsulate(
pubCopy, CKM_SALSA20_POLY1305, PK11_ATTR_PRIVATE | PK11_ATTR_UNMODIFIABLE,
CKF_ENCRYPT, &ciphertext));
ASSERT_EQ((unsigned int)KYBER768_CIPHERTEXT_BYTES,
(unsigned int)ciphertext->len);
ASSERT_EQ(CKM_SALSA20_POLY1305, PK11_GetMechanism(sharedSecret.get()));
CK_BBOOL ckTrue = CK_TRUE;
CK_BBOOL ckFalse = CK_FALSE;
checkSymKeyAttributeValue(sharedSecret, CKA_PRIVATE, &ckTrue);
checkSymKeyAttributeValue(sharedSecret, CKA_MODIFIABLE, &ckFalse);
checkSymKeyAttributeValue(sharedSecret, CKA_ENCRYPT, &ckTrue);
ScopedPK11SymKey sharedSecret2(
Decapsulate(priv, ciphertext, CKM_SALSA20_POLY1305,
PK11_ATTR_PRIVATE | PK11_ATTR_UNMODIFIABLE, CKF_ENCRYPT));
ASSERT_EQ(CKM_SALSA20_POLY1305, PK11_GetMechanism(sharedSecret2.get()));
checkSymKeyAttributeValue(sharedSecret2, CKA_PRIVATE, &ckTrue);
checkSymKeyAttributeValue(sharedSecret2, CKA_MODIFIABLE, &ckFalse);
checkSymKeyAttributeValue(sharedSecret2, CKA_ENCRYPT, &ckTrue);
SECItem *item1 = getRawKeyData(sharedSecret);
SECItem *item2 = getRawKeyData(sharedSecret2);
NSS_DECLASSIFY(item1->data, item1->len);
NSS_DECLASSIFY(item2->data, item2->len);
EXPECT_EQ(0, SECITEM_CompareItem(item1, item2));
}
} // namespace nss_test
|
