From 146e03e3ffdda4f45ec362bb39ac2db6e1ea81d1 Mon Sep 17 00:00:00 2001 From: Kevin Jacobs Date: Mon, 13 May 2019 23:48:42 +0000 Subject: [PATCH] Bug 1515011 - Update Chacha20poly1305 tests to not pass NULL pBuf to PK11_Decrypt when the plaintext message is empty. r=mt Differential Revision: https://phabricator.services.mozilla.com/D29249 --HG-- extra : moz-landing-system : lando --- .../common/testvectors/chachapoly-vectors.h | 318 +++++++++++++++++- .../chachapoly-vectors_base.h | 10 +- .../pk11_chacha20poly1305_unittest.cc | 159 ++++----- 3 files changed, 400 insertions(+), 87 deletions(-) diff --git a/gtests/common/testvectors/chachapoly-vectors.h b/gtests/common/testvectors/chachapoly-vectors.h index 64d0e69fd1..2e2683bda7 100644 --- a/gtests/common/testvectors/chachapoly-vectors.h +++ b/gtests/common/testvectors/chachapoly-vectors.h @@ -13,22 +13,22 @@ #include #include -typedef struct chacha_testvector_str { +typedef struct chaChaTestVectorStr { uint32_t id; std::vector Data; std::vector AAD; std::vector Key; std::vector IV; std::vector CT; - bool invalid_tag; - bool invalid_iv; -} chacha_testvector; + bool invalidTag; + bool invalidIV; +} chaChaTestVector; // ChaCha20/Poly1305 Test Vector 1, RFC 7539 // // ChaCha20/Poly1305 Test Vector 2, RFC 7539 // -const chacha_testvector kChaCha20Vectors[] = { +const chaChaTestVector kChaCha20Vectors[] = { {0, {0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, @@ -116,7 +116,7 @@ const chacha_testvector kChaCha20Vectors[] = { // Testvectors from project wycheproof // -const chacha_testvector kChaCha20WycheproofVectors[] = { +const chaChaTestVector kChaCha20WycheproofVectors[] = { // Comment: rfc7539 {0, @@ -149,6 +149,32 @@ const chacha_testvector kChaCha20WycheproofVectors[] = { false, false}, + // Comment: + {1, + {}, + {}, + {0x80, 0xba, 0x31, 0x92, 0xc8, 0x03, 0xce, 0x96, 0x5e, 0xa3, 0x71, + 0xd5, 0xff, 0x07, 0x3c, 0xf0, 0xf4, 0x3b, 0x6a, 0x2a, 0xb5, 0x76, + 0xb2, 0x08, 0x42, 0x6e, 0x11, 0x40, 0x9c, 0x09, 0xb9, 0xb0}, + {0x4d, 0xa5, 0xbf, 0x8d, 0xfd, 0x58, 0x52, 0xc1, 0xea, 0x12, 0x37, 0x9d}, + {0x76, 0xac, 0xb3, 0x42, 0xcf, 0x31, 0x66, 0xa5, 0xb6, 0x3c, 0x0c, 0x0e, + 0xa1, 0x38, 0x3c, 0x8d}, + false, + false}, + + // Comment: + {2, + {}, + {0xbd, 0x50, 0x67, 0x64, 0xf2, 0xd2, 0xc4, 0x10}, + {0x7a, 0x4c, 0xd7, 0x59, 0x17, 0x2e, 0x02, 0xeb, 0x20, 0x4d, 0xb2, + 0xc3, 0xf5, 0xc7, 0x46, 0x22, 0x7d, 0xf5, 0x84, 0xfc, 0x13, 0x45, + 0x19, 0x63, 0x91, 0xdb, 0xb9, 0x57, 0x7a, 0x25, 0x07, 0x42}, + {0xa9, 0x2e, 0xf0, 0xac, 0x99, 0x1d, 0xd5, 0x16, 0xa3, 0xc6, 0xf6, 0x89}, + {0x90, 0x6f, 0xa6, 0x28, 0x4b, 0x52, 0xf8, 0x7b, 0x73, 0x59, 0xcb, 0xaa, + 0x75, 0x63, 0xc7, 0x09}, + false, + false}, + // Comment: {3, {0x2a}, @@ -1294,6 +1320,286 @@ const chacha_testvector kChaCha20WycheproofVectors[] = { false, false}, + // Comment: Flipped bit 0 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {61, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa2, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 1 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {62, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa1, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 7 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {63, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x23, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 8 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {64, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe2, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 31 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {65, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0x79, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 32 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {66, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfa, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 33 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {67, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xf9, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 63 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {68, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x9b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 64 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {69, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5b, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 77 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {70, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xf2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 80 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {71, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x61, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 96 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {72, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x41, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 97 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {73, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x42, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 120 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {74, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x46}, + true, + false}, + + // Comment: Flipped bit 121 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {75, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x45}, + true, + false}, + + // Comment: Flipped bit 126 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {76, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x07}, + true, + false}, + + // Comment: Flipped bit 127 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {77, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0xc7}, + true, + false}, + + // Comment: Flipped bit 63 and 127 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {78, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x9b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0xc7}, + true, + false}, + + // Comment: Tag changed to all zero expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {79, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + true, + false}, + + // Comment: tag change to all 1 expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {80, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff}, + true, + false}, + // Comment: Flipped bit 0 in tag expected // tag:27da374f17b7f1b23844a5490bfc4001 {81, diff --git a/gtests/common/testvectors_base/chachapoly-vectors_base.h b/gtests/common/testvectors_base/chachapoly-vectors_base.h index 3f700e1f82..5fa7d2de0e 100644 --- a/gtests/common/testvectors_base/chachapoly-vectors_base.h +++ b/gtests/common/testvectors_base/chachapoly-vectors_base.h @@ -13,22 +13,22 @@ #include #include -typedef struct chacha_testvector_str { +typedef struct chaChaTestVectorStr { uint32_t id; std::vector Data; std::vector AAD; std::vector Key; std::vector IV; std::vector CT; - bool invalid_tag; - bool invalid_iv; -} chacha_testvector; + bool invalidTag; + bool invalidIV; +} chaChaTestVector; // ChaCha20/Poly1305 Test Vector 1, RFC 7539 // // ChaCha20/Poly1305 Test Vector 2, RFC 7539 // -const chacha_testvector kChaCha20Vectors[] = { +const chaChaTestVector kChaCha20Vectors[] = { {0, {0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, diff --git a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc index a041947a97..6a50c31ff8 100644 --- a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc +++ b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc @@ -26,33 +26,33 @@ static const uint8_t kCtrNonce[16] = {'c', 0, 0, 0, 'n'}; static const uint8_t kData[16] = {'d'}; class Pkcs11ChaCha20Poly1305Test - : public ::testing::TestWithParam { + : public ::testing::TestWithParam { public: - void EncryptDecrypt(const ScopedPK11SymKey& key, const bool invalid_iv, - const bool invalid_tag, const uint8_t* data, - size_t data_len, const uint8_t* aad, size_t aad_len, - const uint8_t* iv, size_t iv_len, - const uint8_t* ct = nullptr, size_t ct_len = 0) { + void EncryptDecrypt(const ScopedPK11SymKey& key, const bool invalidIV, + const bool invalidTag, const uint8_t* pt, size_t ptLen, + const uint8_t* aad, size_t aadLen, const uint8_t* iv, + size_t ivLen, const uint8_t* ct = nullptr, + size_t ctLen = 0) { // Prepare AEAD params. - CK_NSS_AEAD_PARAMS aead_params; - aead_params.pNonce = toUcharPtr(iv); - aead_params.ulNonceLen = iv_len; - aead_params.pAAD = toUcharPtr(aad); - aead_params.ulAADLen = aad_len; - aead_params.ulTagLen = 16; + CK_NSS_AEAD_PARAMS aeadParams; + aeadParams.pNonce = toUcharPtr(iv); + aeadParams.ulNonceLen = ivLen; + aeadParams.pAAD = toUcharPtr(aad); + aeadParams.ulAADLen = aadLen; + aeadParams.ulTagLen = 16; - SECItem params = {siBuffer, reinterpret_cast(&aead_params), - sizeof(aead_params)}; + SECItem params = {siBuffer, reinterpret_cast(&aeadParams), + sizeof(aeadParams)}; // Encrypt. - unsigned int outputLen = 0; - std::vector output(data_len + aead_params.ulTagLen); - SECStatus rv = PK11_Encrypt(key.get(), kMech, ¶ms, output.data(), - &outputLen, output.size(), data, data_len); + unsigned int encryptedLen = 0; + std::vector encrypted(ptLen + aeadParams.ulTagLen); + SECStatus rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), + &encryptedLen, encrypted.size(), pt, ptLen); // Return if encryption failure was expected due to invalid IV. // Without valid ciphertext, all further tests can be skipped. - if (invalid_iv) { + if (invalidIV) { EXPECT_EQ(rv, SECFailure); return; } else { @@ -61,91 +61,101 @@ class Pkcs11ChaCha20Poly1305Test // Check ciphertext and tag. if (ct) { - ASSERT_EQ(ct_len, outputLen); - EXPECT_TRUE(!memcmp(ct, output.data(), outputLen) != invalid_tag); + ASSERT_EQ(ctLen, encryptedLen); + EXPECT_TRUE(!memcmp(ct, encrypted.data(), encryptedLen) != invalidTag); } - // Decrypt. + // Get the *estimated* plaintext length. This value should + // never be zero as it could lead to a NULL outPtr being + // passed to a subsequent decryption call (for AEAD we + // must authenticate even when the pt is zero-length). + unsigned int decryptBytesNeeded = 0; + rv = PK11_Decrypt(key.get(), kMech, ¶ms, nullptr, &decryptBytesNeeded, + 0, encrypted.data(), encryptedLen); + EXPECT_EQ(rv, SECSuccess); + EXPECT_GT(decryptBytesNeeded, ptLen); + + // Now decrypt it + std::vector decrypted(decryptBytesNeeded); unsigned int decryptedLen = 0; - std::vector decrypted(data_len); rv = PK11_Decrypt(key.get(), kMech, ¶ms, decrypted.data(), &decryptedLen, - decrypted.size(), output.data(), outputLen); + decrypted.size(), encrypted.data(), encryptedLen); EXPECT_EQ(rv, SECSuccess); // Check the plaintext. - ASSERT_EQ(data_len, decryptedLen); - EXPECT_TRUE(!memcmp(data, decrypted.data(), decryptedLen)); + ASSERT_EQ(ptLen, decryptedLen); + EXPECT_TRUE(!memcmp(pt, decrypted.data(), decryptedLen)); // Decrypt with bogus data. // Skip if there's no data to modify. - if (outputLen != 0) { - std::vector bogusCiphertext(output); + if (encryptedLen != 0) { + std::vector bogusCiphertext(encrypted); bogusCiphertext[0] ^= 0xff; rv = PK11_Decrypt(key.get(), kMech, ¶ms, decrypted.data(), &decryptedLen, decrypted.size(), bogusCiphertext.data(), - outputLen); + encryptedLen); EXPECT_NE(rv, SECSuccess); } // Decrypt with bogus tag. // Skip if there's no tag to modify. - if (outputLen != 0) { - std::vector bogusTag(output); - bogusTag[outputLen - 1] ^= 0xff; + if (encryptedLen != 0) { + std::vector bogusTag(encrypted); + bogusTag[encryptedLen - 1] ^= 0xff; rv = PK11_Decrypt(key.get(), kMech, ¶ms, decrypted.data(), &decryptedLen, decrypted.size(), bogusTag.data(), - outputLen); + encryptedLen); EXPECT_NE(rv, SECSuccess); } // Decrypt with bogus IV. - // iv_len == 0 is invalid and should be caught earlier. + // ivLen == 0 is invalid and should be caught earlier. // Still skip, if there's no IV to modify. - if (iv_len != 0) { + if (ivLen != 0) { SECItem bogusParams(params); - CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params); + CK_NSS_AEAD_PARAMS bogusAeadParams(aeadParams); bogusParams.data = reinterpret_cast(&bogusAeadParams); - std::vector bogusIV(iv, iv + iv_len); + std::vector bogusIV(iv, iv + ivLen); bogusAeadParams.pNonce = toUcharPtr(bogusIV.data()); bogusIV[0] ^= 0xff; rv = PK11_Decrypt(key.get(), kMech, &bogusParams, decrypted.data(), - &decryptedLen, data_len, output.data(), outputLen); + &decryptedLen, ptLen, encrypted.data(), encryptedLen); EXPECT_NE(rv, SECSuccess); } // Decrypt with bogus additional data. // Skip when AAD was empty and can't be modified. // Alternatively we could generate random aad. - if (aad_len != 0) { + if (aadLen != 0) { SECItem bogusParams(params); - CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params); + CK_NSS_AEAD_PARAMS bogusAeadParams(aeadParams); bogusParams.data = reinterpret_cast(&bogusAeadParams); - std::vector bogusAAD(aad, aad + aad_len); + std::vector bogusAAD(aad, aad + aadLen); bogusAeadParams.pAAD = toUcharPtr(bogusAAD.data()); bogusAAD[0] ^= 0xff; rv = PK11_Decrypt(key.get(), kMech, &bogusParams, decrypted.data(), - &decryptedLen, data_len, output.data(), outputLen); + &decryptedLen, ptLen, encrypted.data(), encryptedLen); EXPECT_NE(rv, SECSuccess); } } - void EncryptDecrypt(const chacha_testvector testvector) { + void EncryptDecrypt(const chaChaTestVector testvector) { ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); - SECItem key_item = {siBuffer, toUcharPtr(testvector.Key.data()), - static_cast(testvector.Key.size())}; + SECItem keyItem = {siBuffer, toUcharPtr(testvector.Key.data()), + static_cast(testvector.Key.size())}; // Import key. ScopedPK11SymKey key(PK11_ImportSymKey(slot.get(), kMech, PK11_OriginUnwrap, - CKA_ENCRYPT, &key_item, nullptr)); + CKA_ENCRYPT, &keyItem, nullptr)); EXPECT_TRUE(!!key); // Check. - EncryptDecrypt(key, testvector.invalid_iv, testvector.invalid_tag, + EncryptDecrypt(key, testvector.invalidIV, testvector.invalidTag, testvector.Data.data(), testvector.Data.size(), testvector.AAD.data(), testvector.AAD.size(), testvector.IV.data(), testvector.IV.size(), @@ -162,9 +172,9 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateEncryptDecrypt) { EXPECT_TRUE(!!key); // Generate random data. - std::vector data(512); + std::vector input(512); SECStatus rv = - PK11_GenerateRandomOnSlot(slot.get(), data.data(), data.size()); + PK11_GenerateRandomOnSlot(slot.get(), input.data(), input.size()); EXPECT_EQ(rv, SECSuccess); // Generate random AAD. @@ -178,7 +188,7 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateEncryptDecrypt) { EXPECT_EQ(rv, SECSuccess); // Check. - EncryptDecrypt(key, false, false, data.data(), data.size(), aad.data(), + EncryptDecrypt(key, false, false, input.data(), input.size(), aad.data(), aad.size(), iv.data(), iv.size()); } @@ -194,29 +204,28 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, Xor) { slot.get(), kMechXor, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr)); EXPECT_TRUE(!!key); - SECItem ctr_nonce_item = {siBuffer, toUcharPtr(kCtrNonce), - static_cast(sizeof(kCtrNonce))}; + SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce), + static_cast(sizeof(kCtrNonce))}; uint8_t output[sizeof(kData)]; - unsigned int output_len = 88; // This should be overwritten. - SECStatus rv = - PK11_Encrypt(key.get(), kMechXor, &ctr_nonce_item, output, &output_len, - sizeof(output), kData, sizeof(kData)); + unsigned int outputLen = 88; // This should be overwritten. + SECStatus rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, output, + &outputLen, sizeof(output), kData, sizeof(kData)); ASSERT_EQ(SECSuccess, rv); - ASSERT_EQ(sizeof(kExpected), static_cast(output_len)); + ASSERT_EQ(sizeof(kExpected), static_cast(outputLen)); EXPECT_EQ(0, memcmp(kExpected, output, sizeof(kExpected))); // Decrypting has the same effect. - rv = PK11_Decrypt(key.get(), kMechXor, &ctr_nonce_item, output, &output_len, + rv = PK11_Decrypt(key.get(), kMechXor, &ctrNonceItem, output, &outputLen, sizeof(output), kData, sizeof(kData)); ASSERT_EQ(SECSuccess, rv); - ASSERT_EQ(sizeof(kData), static_cast(output_len)); + ASSERT_EQ(sizeof(kData), static_cast(outputLen)); EXPECT_EQ(0, memcmp(kExpected, output, sizeof(kExpected))); // Operating in reverse too. - rv = PK11_Encrypt(key.get(), kMechXor, &ctr_nonce_item, output, &output_len, + rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, output, &outputLen, sizeof(output), kExpected, sizeof(kExpected)); ASSERT_EQ(SECSuccess, rv); - ASSERT_EQ(sizeof(kExpected), static_cast(output_len)); + ASSERT_EQ(sizeof(kExpected), static_cast(outputLen)); EXPECT_EQ(0, memcmp(kData, output, sizeof(kData))); } @@ -227,15 +236,14 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateXor) { ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr)); EXPECT_TRUE(!!key); - SECItem ctr_nonce_item = {siBuffer, toUcharPtr(kCtrNonce), - static_cast(sizeof(kCtrNonce))}; + SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce), + static_cast(sizeof(kCtrNonce))}; uint8_t output[sizeof(kData)]; - unsigned int output_len = 88; // This should be overwritten. - SECStatus rv = - PK11_Encrypt(key.get(), kMechXor, &ctr_nonce_item, output, &output_len, - sizeof(output), kData, sizeof(kData)); + unsigned int outputLen = 88; // This should be overwritten. + SECStatus rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, output, + &outputLen, sizeof(output), kData, sizeof(kData)); ASSERT_EQ(SECSuccess, rv); - ASSERT_EQ(sizeof(kData), static_cast(output_len)); + ASSERT_EQ(sizeof(kData), static_cast(outputLen)); } TEST_F(Pkcs11ChaCha20Poly1305Test, XorInvalidParams) { @@ -243,17 +251,16 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, XorInvalidParams) { ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr)); EXPECT_TRUE(!!key); - SECItem ctr_nonce_item = {siBuffer, toUcharPtr(kCtrNonce), - static_cast(sizeof(kCtrNonce)) - 1}; + SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce), + static_cast(sizeof(kCtrNonce)) - 1}; uint8_t output[sizeof(kData)]; - unsigned int output_len = 88; - SECStatus rv = - PK11_Encrypt(key.get(), kMechXor, &ctr_nonce_item, output, &output_len, - sizeof(output), kData, sizeof(kData)); + unsigned int outputLen = 88; + SECStatus rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, output, + &outputLen, sizeof(output), kData, sizeof(kData)); EXPECT_EQ(SECFailure, rv); - ctr_nonce_item.data = nullptr; - rv = PK11_Encrypt(key.get(), kMechXor, &ctr_nonce_item, output, &output_len, + ctrNonceItem.data = nullptr; + rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, output, &outputLen, sizeof(output), kData, sizeof(kData)); EXPECT_EQ(SECFailure, rv); EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError());