1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
// You can obtain one at http://mozilla.org/MPL/2.0/.
#include "gtest/gtest.h"
#include <assert.h>
#include <limits.h>
#include <prinit.h>
#include <nss.h>
#include <pk11pub.h>
static const size_t kKeyLen = 128 / 8;
namespace nss_test {
//
// The ciper tests using the bltest command cover a great deal of testing.
// However, Bug 1489691 revealed a corner case which is covered here.
// This test will make multiple calls to PK11_CipherOp using the same
// cipher context with data that is not cipher block aligned.
//
static SECStatus GetBytes(PK11Context* ctx, uint8_t* bytes, size_t len) {
std::vector<uint8_t> in(len, 0);
int outlen;
SECStatus rv = PK11_CipherOp(ctx, bytes, &outlen, len, &in[0], len);
if (static_cast<size_t>(outlen) != len) {
return SECFailure;
}
return rv;
}
TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
PK11SlotInfo* slot;
PK11SymKey* key;
PK11Context* ctx;
NSSInitContext* globalctx =
NSS_InitContext("", "", "", "", NULL,
NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
const CK_MECHANISM_TYPE cipher = CKM_AES_CTR;
slot = PK11_GetInternalSlot();
ASSERT_TRUE(slot);
// Use arbitrary bytes for the AES key
uint8_t key_bytes[kKeyLen];
for (size_t i = 0; i < kKeyLen; i++) {
key_bytes[i] = i;
}
SECItem keyItem = {siBuffer, key_bytes, kKeyLen};
// The IV can be all zeros since we only encrypt once with
// each AES key.
CK_AES_CTR_PARAMS param = {128, {}};
SECItem paramItem = {siBuffer, reinterpret_cast<unsigned char*>(¶m),
sizeof(CK_AES_CTR_PARAMS)};
key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
&keyItem, NULL);
ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, ¶mItem);
ASSERT_TRUE(key);
ASSERT_TRUE(ctx);
uint8_t outbuf[128];
ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECSuccess);
ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess);
PK11_FreeSymKey(key);
PK11_FreeSlot(slot);
PK11_DestroyContext(ctx, PR_TRUE);
NSS_ShutdownContext(globalctx);
}
} // namespace nss_test
|