首页 发现 帮助
登录
khronosschoty
/
palemoon-dev
关注 2
点赞 1
派生 0
文件 工单管理 0 合并请求 0 Wiki
分支: master
分支列表 标签列表
palemoon-dev
/
platform
/
security
/
nss
/
gtests
/
pk11_gtest
/
pk11_cipherop_unittest.cc

pk11_cipherop_unittest.cc 2.3 KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. // This Source Code Form is subject to the terms of the Mozilla Public
    2. 

  2. // License, v. 2.0. If a copy of the MPL was not distributed with this file,
    3. 

  3. // You can obtain one at http://mozilla.org/MPL/2.0/.
    4. 

  4. 

  5. #include "gtest/gtest.h"
    6. 

  6. 

  7. #include <assert.h>
    8. 

  8. #include <limits.h>
    9. 

  9. #include <prinit.h>
    10. 

  10. #include <nss.h>
    11. 

  11. #include <pk11pub.h>
    12. 

  12. 

  13. static const size_t kKeyLen = 128 / 8;
    14. 

  14. 

  15. namespace nss_test {
    16. 

  16. 

  17. //
    18. 

  18. // The ciper tests using the bltest command cover a great deal of testing.
    19. 

  19. // However, Bug 1489691 revealed a corner case which is covered here.
    20. 

  20. // This test will make multiple calls to PK11_CipherOp using the same
    21. 

  21. // cipher context with data that is not cipher block aligned.
    22. 

  22. //
    23. 

  23. 

  24. static SECStatus GetBytes(PK11Context* ctx, uint8_t* bytes, size_t len) {
    25. 

  25.   std::vector<uint8_t> in(len, 0);
    26. 

  26. 

  27.   int outlen;
    28. 

  28.   SECStatus rv = PK11_CipherOp(ctx, bytes, &outlen, len, &in[0], len);
    29. 

  29.   if (static_cast<size_t>(outlen) != len) {
    30. 

  30.     return SECFailure;
    31. 

  31.   }
    32. 

  32.   return rv;
    33. 

  33. }
    34. 

  34. 

  35. TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
    36. 

  36.   PK11SlotInfo* slot;
    37. 

  37.   PK11SymKey* key;
    38. 

  38.   PK11Context* ctx;
    39. 

  39. 

  40.   NSSInitContext* globalctx =
    41. 

  41.       NSS_InitContext("", "", "", "", NULL,
    42. 

  42.                       NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
    43. 

  43.                           NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
    44. 

  44. 

  45.   const CK_MECHANISM_TYPE cipher = CKM_AES_CTR;
    46. 

  46. 

  47.   slot = PK11_GetInternalSlot();
    48. 

  48.   ASSERT_TRUE(slot);
    49. 

  49. 

  50.   // Use arbitrary bytes for the AES key
    51. 

  51.   uint8_t key_bytes[kKeyLen];
    52. 

  52.   for (size_t i = 0; i < kKeyLen; i++) {
    53. 

  53.     key_bytes[i] = i;
    54. 

  54.   }
    55. 

  55. 

  56.   SECItem keyItem = {siBuffer, key_bytes, kKeyLen};
    57. 

  57. 

  58.   // The IV can be all zeros since we only encrypt once with
    59. 

  59.   // each AES key.
    60. 

  60.   CK_AES_CTR_PARAMS param = {128, {}};
    61. 

  61.   SECItem paramItem = {siBuffer, reinterpret_cast<unsigned char*>(&param),
    62. 

  62.                        sizeof(CK_AES_CTR_PARAMS)};
    63. 

  63. 

  64.   key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
    65. 

  65.                           &keyItem, NULL);
    66. 

  66.   ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, &paramItem);
    67. 

  67.   ASSERT_TRUE(key);
    68. 

  68.   ASSERT_TRUE(ctx);
    69. 

  69. 

  70.   uint8_t outbuf[128];
    71. 

  71.   ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECSuccess);
    72. 

  72.   ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess);
    73. 

  73. 

  74.   PK11_FreeSymKey(key);
    75. 

  75.   PK11_FreeSlot(slot);
    76. 

  76.   PK11_DestroyContext(ctx, PR_TRUE);
    77. 

  77.   NSS_ShutdownContext(globalctx);
    78. 

  78. }
    79. 

  79. 

  80. }  // namespace nss_test
    81. 

  81.