diff options
Diffstat (limited to 'security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc')
-rw-r--r-- | security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc index 962423406..45e4cac1a 100644 --- a/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc +++ b/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc @@ -1,4 +1,5 @@ /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ @@ -13,11 +14,12 @@ #include "gtest/gtest.h" #include "nss_scoped_ptrs.h" +#include "testvectors/cmac-vectors.h" #include "util.h" namespace nss_test { -class Pkcs11AesCmacTest : public ::testing::Test { +class Pkcs11AesCmacTest : public ::testing::TestWithParam<AesCmacTestVector> { protected: ScopedPK11SymKey ImportKey(CK_MECHANISM_TYPE mech, SECItem *key_item) { ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); @@ -53,8 +55,46 @@ class Pkcs11AesCmacTest : public ::testing::Test { ASSERT_EQ(SECSuccess, ret); ASSERT_EQ(0, SECITEM_CompareItem(&output_item, &expected_item)); } + + void RunTestVector(const AesCmacTestVector vec) { + bool valid = !vec.invalid; + std::string err = "Test #" + std::to_string(vec.id) + " failed"; + std::vector<uint8_t> key = hex_string_to_bytes(vec.key); + std::vector<uint8_t> tag = hex_string_to_bytes(vec.tag); + std::vector<uint8_t> msg = hex_string_to_bytes(vec.msg); + + std::vector<uint8_t> output(AES_BLOCK_SIZE); + // Don't provide a null pointer, even if the input is empty. + uint8_t tmp; + SECItem key_item = {siBuffer, key.data() ? key.data() : &tmp, + static_cast<unsigned int>(key.size())}; + SECItem tag_item = {siBuffer, tag.data() ? tag.data() : &tmp, + static_cast<unsigned int>(tag.size())}; + SECItem msg_item = {siBuffer, msg.data() ? msg.data() : &tmp, + static_cast<unsigned int>(msg.size())}; + SECItem out_item = {siBuffer, output.data() ? output.data() : &tmp, + static_cast<unsigned int>(output.size())}; + + ScopedPK11SymKey p11_key = ImportKey(CKM_AES_CMAC_GENERAL, &key_item); + if (vec.comment == "invalid key size") { + ASSERT_EQ(nullptr, p11_key.get()) << err; + return; + } + + ASSERT_NE(nullptr, p11_key.get()) << err; + SECStatus rv = PK11_SignWithSymKey(p11_key.get(), CKM_AES_CMAC, NULL, + &out_item, &msg_item); + + EXPECT_EQ(SECSuccess, rv) << err; + EXPECT_EQ(valid, 0 == SECITEM_CompareItem(&out_item, &tag_item)) << err; + } }; +TEST_P(Pkcs11AesCmacTest, TestVectors) { RunTestVector(GetParam()); } + +INSTANTIATE_TEST_CASE_P(WycheproofTestVector, Pkcs11AesCmacTest, + ::testing::ValuesIn(kCmacWycheproofVectors)); + // Sanity check of the PKCS #11 API only. Extensive tests for correctness of // underling CMAC implementation conducted in the following file: // gtests/freebl_gtest/cmac_unittests.cc @@ -87,4 +127,4 @@ TEST_F(Pkcs11AesCmacTest, InvalidKeySize) { ScopedPK11SymKey result = ImportKey(CKM_AES_CMAC, &key_item); ASSERT_EQ(nullptr, result.get()); } -} +} // namespace nss_test |