summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/pk11_gtest/pk11_dsa_unittest.cc
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/gtests/pk11_gtest/pk11_dsa_unittest.cc')
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_dsa_unittest.cc81
1 files changed, 81 insertions, 0 deletions
diff --git a/security/nss/gtests/pk11_gtest/pk11_dsa_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_dsa_unittest.cc
new file mode 100644
index 0000000000..634d496bf0
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_dsa_unittest.cc
@@ -0,0 +1,81 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "prerror.h"
+#include "pk11pub.h"
+#include "sechash.h"
+#include "cryptohi.h"
+
+#include "cpputil.h"
+#include "databuffer.h"
+#include "pk11_signature_test.h"
+
+#include "gtest/gtest.h"
+#include "nss_scoped_ptrs.h"
+
+#include "testvectors/dsa-vectors.h"
+
+namespace nss_test {
+CK_MECHANISM_TYPE
+DsaHashToComboMech(SECOidTag hash) {
+ switch (hash) {
+ case SEC_OID_SHA1:
+ return CKM_DSA_SHA1;
+ case SEC_OID_SHA224:
+ return CKM_DSA_SHA224;
+ case SEC_OID_SHA256:
+ return CKM_DSA_SHA256;
+ case SEC_OID_SHA384:
+ return CKM_DSA_SHA384;
+ case SEC_OID_SHA512:
+ return CKM_DSA_SHA512;
+ default:
+ break;
+ }
+ return CKM_INVALID_MECHANISM;
+}
+
+class Pkcs11DsaTestBase : public Pk11SignatureTest {
+ protected:
+ Pkcs11DsaTestBase(SECOidTag hashOid)
+ : Pk11SignatureTest(CKM_DSA, hashOid, DsaHashToComboMech(hashOid)) {}
+
+ void Verify(const DsaTestVector vec) {
+ /* DSA vectors encode the signature in DER, we need to unwrap it before
+ * we can send the raw signatures to PKCS #11. */
+ DataBuffer pubKeyBuffer(vec.public_key.data(), vec.public_key.size());
+ ScopedSECKEYPublicKey nssPubKey(ImportPublicKey(pubKeyBuffer));
+ SECItem sigItem = {siBuffer, toUcharPtr(vec.sig.data()),
+ static_cast<unsigned int>(vec.sig.size())};
+ ScopedSECItem decodedSigItem(
+ DSAU_DecodeDerSigToLen(&sigItem, SECKEY_SignatureLen(nssPubKey.get())));
+ if (!decodedSigItem) {
+ ASSERT_FALSE(vec.valid) << "Failed to decode DSA signature Error: "
+ << PORT_ErrorToString(PORT_GetError()) << "\n";
+ return;
+ }
+
+ Pkcs11SignatureTestParams params = {
+ DataBuffer(), pubKeyBuffer, DataBuffer(vec.msg.data(), vec.msg.size()),
+ DataBuffer(decodedSigItem.get()->data, decodedSigItem.get()->len)};
+ Pk11SignatureTest::Verify(params, (bool)vec.valid);
+ }
+};
+
+class Pkcs11DsaTest : public Pkcs11DsaTestBase,
+ public ::testing::WithParamInterface<DsaTestVector> {
+ public:
+ Pkcs11DsaTest() : Pkcs11DsaTestBase(GetParam().hash_oid) {}
+};
+
+TEST_P(Pkcs11DsaTest, WycheproofVectors) { Verify(GetParam()); }
+
+INSTANTIATE_TEST_SUITE_P(DsaTest, Pkcs11DsaTest,
+ ::testing::ValuesIn(kDsaWycheproofVectors));
+
+} // namespace nss_test