1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "kyber.h"
#include "pk11_keygen.h"
#include "pk11pub.h"
#include "pk11pqg.h"
#include "prerror.h"
#include "gtest/gtest.h"
namespace nss_test {
class ParamHolder {
public:
virtual void* get() = 0;
virtual ~ParamHolder() = default;
protected:
ParamHolder() = default;
};
void Pkcs11KeyPairGenerator::GenerateKey(ScopedSECKEYPrivateKey* priv_key,
ScopedSECKEYPublicKey* pub_key,
bool sensitive) const {
// This function returns if an assertion fails, so don't leak anything.
priv_key->reset(nullptr);
pub_key->reset(nullptr);
auto params = MakeParams();
ASSERT_NE(nullptr, params);
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
ASSERT_TRUE(slot);
SECKEYPublicKey* pub_tmp;
ScopedSECKEYPrivateKey priv_tmp(
PK11_GenerateKeyPair(slot.get(), mech_, params->get(), &pub_tmp, PR_FALSE,
sensitive ? PR_TRUE : PR_FALSE, nullptr));
ASSERT_NE(nullptr, priv_tmp)
<< "PK11_GenerateKeyPair failed: " << PORT_ErrorToName(PORT_GetError());
ASSERT_NE(nullptr, pub_tmp);
priv_key->swap(priv_tmp);
pub_key->reset(pub_tmp);
}
class RsaParamHolder : public ParamHolder {
public:
RsaParamHolder() : params_({1024, 0x010001}) {}
~RsaParamHolder() = default;
void* get() override { return ¶ms_; }
private:
PK11RSAGenParams params_;
};
class PqgParamHolder : public ParamHolder {
public:
PqgParamHolder(PQGParams* params) : params_(params) {}
~PqgParamHolder() = default;
void* get() override { return params_.get(); }
private:
ScopedPQGParams params_;
};
class DhParamHolder : public PqgParamHolder {
public:
DhParamHolder(PQGParams* params)
: PqgParamHolder(params),
params_({nullptr, params->prime, params->base}) {}
~DhParamHolder() = default;
void* get() override { return ¶ms_; }
private:
SECKEYDHParams params_;
};
/* Also used for EdDSA. */
class EcParamHolder : public ParamHolder {
public:
EcParamHolder(SECOidTag curve_oid) {
/* For the case of ED curve_oid contains a EdDSA OID. */
SECOidData* curve = SECOID_FindOIDByTag(curve_oid);
EXPECT_NE(nullptr, curve);
size_t plen = curve->oid.len + 2;
extra_.reset(new uint8_t[plen]);
extra_[0] = SEC_ASN1_OBJECT_ID;
extra_[1] = static_cast<uint8_t>(curve->oid.len);
memcpy(&extra_[2], curve->oid.data, curve->oid.len);
ec_params_ = {siBuffer, extra_.get(), static_cast<unsigned int>(plen)};
}
~EcParamHolder() = default;
void* get() override { return &ec_params_; }
private:
SECKEYECParams ec_params_;
std::unique_ptr<uint8_t[]> extra_;
};
class KyberParamHolder : public ParamHolder {
public:
KyberParamHolder(CK_NSS_KEM_PARAMETER_SET_TYPE aParams) : mParams(aParams) {}
void* get() override { return &mParams; }
private:
CK_NSS_KEM_PARAMETER_SET_TYPE mParams;
};
std::unique_ptr<ParamHolder> Pkcs11KeyPairGenerator::MakeParams() const {
switch (mech_) {
case CKM_RSA_PKCS_KEY_PAIR_GEN:
std::cerr << "Generate RSA pair" << std::endl;
return std::unique_ptr<ParamHolder>(new RsaParamHolder());
case CKM_DSA_KEY_PAIR_GEN:
case CKM_DH_PKCS_KEY_PAIR_GEN: {
PQGParams* pqg_params = nullptr;
PQGVerify* pqg_verify = nullptr;
const unsigned int key_size = 1024;
SECStatus rv = PK11_PQG_ParamGenV2(key_size, 0, key_size / 16,
&pqg_params, &pqg_verify);
if (rv != SECSuccess) {
ADD_FAILURE() << "PK11_PQG_ParamGenV2 failed";
return nullptr;
}
EXPECT_NE(nullptr, pqg_verify);
EXPECT_NE(nullptr, pqg_params);
PK11_PQG_DestroyVerify(pqg_verify);
if (mech_ == CKM_DSA_KEY_PAIR_GEN) {
std::cerr << "Generate DSA pair" << std::endl;
return std::unique_ptr<ParamHolder>(new PqgParamHolder(pqg_params));
}
std::cerr << "Generate DH pair" << std::endl;
return std::unique_ptr<ParamHolder>(new DhParamHolder(pqg_params));
}
case CKM_EC_EDWARDS_KEY_PAIR_GEN:
std::cerr << "Generate ED pair on " << curve_ << std::endl;
return std::unique_ptr<ParamHolder>(
new EcParamHolder(SEC_OID_ED25519_PUBLIC_KEY));
case CKM_EC_KEY_PAIR_GEN:
std::cerr << "Generate EC pair on " << curve_ << std::endl;
return std::unique_ptr<ParamHolder>(new EcParamHolder(curve_));
case CKM_NSS_KYBER_KEY_PAIR_GEN:
std::cerr << "Generate Kyber768 pair" << std::endl;
return std::unique_ptr<ParamHolder>(
new KyberParamHolder(CKP_NSS_KYBER_768_ROUND3));
default:
ADD_FAILURE() << "unknown OID " << mech_;
}
return nullptr;
}
} // namespace nss_test
|
