diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/gtests/pk11_gtest/pk11_prf_unittest.cc | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/gtests/pk11_gtest/pk11_prf_unittest.cc')
-rw-r--r-- | security/nss/gtests/pk11_gtest/pk11_prf_unittest.cc | 227 |
1 files changed, 227 insertions, 0 deletions
diff --git a/security/nss/gtests/pk11_gtest/pk11_prf_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_prf_unittest.cc new file mode 100644 index 0000000000..3580b10a2f --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_prf_unittest.cc @@ -0,0 +1,227 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <memory> +#include "nss.h" +#include "pk11pub.h" + +#include "cpputil.h" + +#include "gtest/gtest.h" + +namespace nss_test { + +const size_t kPmsSize = 48; +const size_t kMasterSecretSize = 48; +const size_t kPrfSeedSizeSha256 = 32; +const size_t kPrfSeedSizeTlsPrf = 36; + +// This is not the right size for anything +const size_t kIncorrectSize = 17; + +const uint8_t kPmsData[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, + 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}; + +const uint8_t kPrfSeed[] = { + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, + 0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xd0, 0xd1, 0xd2, 0xd3}; + +const uint8_t kExpectedOutputEmsSha256[] = { + 0x75, 0xa7, 0xa5, 0x98, 0xef, 0xab, 0x90, 0xe7, 0x7c, 0x67, 0x80, 0xde, + 0xab, 0x3a, 0x11, 0xf3, 0x5d, 0xb2, 0xf8, 0x47, 0xff, 0x09, 0x01, 0xec, + 0xf8, 0x93, 0x89, 0xfc, 0x98, 0x2e, 0x6e, 0xf9, 0x2c, 0xf5, 0x9b, 0x04, + 0x04, 0x6f, 0xd7, 0x28, 0x6e, 0xea, 0xe3, 0x83, 0xc4, 0x4a, 0xff, 0x03}; + +const uint8_t kExpectedOutputEmsTlsPrf[] = { + 0x06, 0xbf, 0x29, 0x86, 0x5d, 0xf3, 0x3e, 0x38, 0xfd, 0xfa, 0x91, 0x10, + 0x2a, 0x20, 0xff, 0xd6, 0xb9, 0xd5, 0x72, 0x5a, 0x6d, 0x42, 0x20, 0x16, + 0xde, 0xa4, 0xa0, 0x51, 0xe5, 0x53, 0xc1, 0x28, 0x04, 0x99, 0xbc, 0xb1, + 0x2c, 0x9d, 0xe8, 0x0b, 0x18, 0xa2, 0x0e, 0x48, 0x52, 0x8d, 0x61, 0x13}; + +class TlsPrfTest : public ::testing::Test { + public: + TlsPrfTest() + : params_({siBuffer, nullptr, 0}), + pms_item_({siBuffer, toUcharPtr(kPmsData), kPmsSize}), + key_mech_(0), + slot_(nullptr), + pms_(nullptr), + ms_(nullptr), + pms_version_({0, 0}) {} + + ~TlsPrfTest() { + if (slot_) { + PK11_FreeSlot(slot_); + } + ClearTempVars(); + } + + void ClearTempVars() { + if (pms_) { + PK11_FreeSymKey(pms_); + } + if (ms_) { + PK11_FreeSymKey(ms_); + } + } + + void Init() { + params_.type = siBuffer; + + pms_item_.type = siBuffer; + pms_item_.data = + const_cast<unsigned char*>(static_cast<const unsigned char*>(kPmsData)); + + slot_ = PK11_GetInternalSlot(); + ASSERT_NE(nullptr, slot_); + } + + void CheckForError(CK_MECHANISM_TYPE hash_mech, size_t seed_len, + size_t pms_len, size_t output_len) { + // Error tests don't depend on the derivation mechansim + Inner(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, hash_mech, seed_len, pms_len, + output_len, nullptr, nullptr); + } + + void ComputeAndVerifyMs(CK_MECHANISM_TYPE derive_mech, + CK_MECHANISM_TYPE hash_mech, CK_VERSION* version, + const uint8_t* expected) { + // Infer seed length from mechanism + int seed_len = 0; + switch (hash_mech) { + case CKM_TLS_PRF: + seed_len = kPrfSeedSizeTlsPrf; + break; + case CKM_SHA256: + seed_len = kPrfSeedSizeSha256; + break; + default: + ASSERT_TRUE(false); + } + + Inner(derive_mech, hash_mech, seed_len, kPmsSize, 0, version, expected); + } + + // Set output == nullptr to test when errors occur + void Inner(CK_MECHANISM_TYPE derive_mech, CK_MECHANISM_TYPE hash_mech, + size_t seed_len, size_t pms_len, size_t output_len, + CK_VERSION* version, const uint8_t* expected) { + ClearTempVars(); + + // Infer the key mechanism from the hash type + switch (hash_mech) { + case CKM_TLS_PRF: + key_mech_ = CKM_TLS_KEY_AND_MAC_DERIVE; + break; + case CKM_SHA256: + key_mech_ = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; + break; + default: + ASSERT_TRUE(false); + } + + // Import the params + CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS master_params = { + hash_mech, toUcharPtr(kPrfSeed), static_cast<CK_ULONG>(seed_len), + version}; + params_.data = reinterpret_cast<unsigned char*>(&master_params); + params_.len = sizeof(master_params); + + // Import the PMS + pms_item_.len = pms_len; + pms_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap, CKA_DERIVE, + &pms_item_, NULL); + ASSERT_NE(nullptr, pms_); + + // Compute the EMS + ms_ = PK11_DeriveWithFlags(pms_, derive_mech, ¶ms_, key_mech_, + CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY); + + // Verify the EMS has the expected value (null or otherwise) + if (!expected) { + EXPECT_EQ(nullptr, ms_); + } else { + ASSERT_NE(nullptr, ms_); + + SECStatus rv = PK11_ExtractKeyValue(ms_); + ASSERT_EQ(SECSuccess, rv); + + SECItem* msData = PK11_GetKeyData(ms_); + ASSERT_NE(nullptr, msData); + + ASSERT_EQ(kMasterSecretSize, msData->len); + EXPECT_EQ(0, memcmp(msData->data, expected, kMasterSecretSize)); + } + } + + protected: + SECItem params_; + SECItem pms_item_; + CK_MECHANISM_TYPE key_mech_; + PK11SlotInfo* slot_; + PK11SymKey* pms_; + PK11SymKey* ms_; + CK_VERSION pms_version_; +}; + +TEST_F(TlsPrfTest, ExtendedMsParamErr) { + Init(); + + // This should fail; it's the correct set from which the below are derived + // CheckForError(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF, + // kPrfSeedSizeTlsPrf, kPmsSize, 0); + + // Output key size != 0, SSL3_MASTER_SECRET_LENGTH + CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, kIncorrectSize); + + // not-DH && pms size != SSL3_PMS_LENGTH + CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kIncorrectSize, 0); + + // CKM_TLS_PRF && seed length != MD5_LENGTH + SHA1_LENGTH + CheckForError(CKM_TLS_PRF, kIncorrectSize, kPmsSize, 0); + + // !CKM_TLS_PRF && seed length != hash output length + CheckForError(CKM_SHA256, kIncorrectSize, kPmsSize, 0); +} + +// Test matrix: +// +// DH RSA +// TLS_PRF 1 2 +// SHA256 3 4 +TEST_F(TlsPrfTest, ExtendedMsDhTlsPrf) { + Init(); + ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, CKM_TLS_PRF, + nullptr, kExpectedOutputEmsTlsPrf); +} + +TEST_F(TlsPrfTest, ExtendedMsRsaTlsPrf) { + Init(); + ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF, + &pms_version_, kExpectedOutputEmsTlsPrf); + EXPECT_EQ(0, pms_version_.major); + EXPECT_EQ(1, pms_version_.minor); +} + +TEST_F(TlsPrfTest, ExtendedMsDhSha256) { + Init(); + ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, CKM_SHA256, + nullptr, kExpectedOutputEmsSha256); +} + +TEST_F(TlsPrfTest, ExtendedMsRsaSha256) { + Init(); + ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_SHA256, + &pms_version_, kExpectedOutputEmsSha256); + EXPECT_EQ(0, pms_version_.major); + EXPECT_EQ(1, pms_version_.minor); +} + +} // namespace nss_test |