From 1a5850c1fb21e64ad07dc0ddd5321b34d74f00ad Mon Sep 17 00:00:00 2001 From: Tim Taubert Date: Fri, 9 Jun 2017 15:00:41 +0200 Subject: [PATCH] Bug 1369353 - Reject zero-length GCM IVs r=franziskus Differential Revision: https://nss-review.dev.mozaws.net/D340 --- gtests/common/gcm-vectors.h | 172 +++++++++++++++++++++ gtests/common/util.h | 21 +++ gtests/freebl_gtest/freebl_util.h | 16 -- gtests/freebl_gtest/ghash_unittest.cc | 123 +-------------- gtests/freebl_gtest/prng_kat_unittest.cc | 2 +- gtests/pk11_gtest/pk11_aes_gcm_unittest.cc | 135 ++++++++++++++++ gtests/pk11_gtest/pk11_gtest.gyp | 1 + lib/freebl/gcm.c | 5 +- lib/freebl/intel-gcm-wrap.c | 5 +- 9 files changed, 346 insertions(+), 134 deletions(-) create mode 100644 gtests/common/gcm-vectors.h create mode 100644 gtests/common/util.h delete mode 100644 gtests/freebl_gtest/freebl_util.h create mode 100644 gtests/pk11_gtest/pk11_aes_gcm_unittest.cc diff --git a/gtests/common/gcm-vectors.h b/gtests/common/gcm-vectors.h new file mode 100644 index 0000000000..b0646c9644 --- /dev/null +++ b/gtests/common/gcm-vectors.h @@ -0,0 +1,172 @@ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef gcm_vectors_h__ +#define gcm_vectors_h__ + +#include + +typedef struct gcm_kat_str { + std::string key; + std::string plaintext; + std::string additional_data; + std::string iv; + std::string hash_key; + std::string ghash; + std::string result; +} gcm_kat_value; + +/* + * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf + */ +const gcm_kat_value kGcmKatValues[] = { + {"00000000000000000000000000000000", "", "", "000000000000000000000000", + "66e94bd4ef8a2c3b884cfa59ca342b2e", "00000000000000000000000000000000", + "58e2fccefa7e3061367f1d57a4e7455a"}, + + {"00000000000000000000000000000000", "00000000000000000000000000000000", "", + "000000000000000000000000", "66e94bd4ef8a2c3b884cfa59ca342b2e", + "f38cbb1ad69223dcc3457ae5b6b0f885", + "0388dace60b6a392f328c2b971b2fe78ab6e47d42cec13bdf53a67b21257bddf"}, + + {"feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", + "", "cafebabefacedbaddecaf888", "b83b533708bf535d0aa6e52980d53b78", + "7f1b32b81b820d02614f8895ac1d4eac", + "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25" + "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62c" + "f35abd2ba6fab4"}, + + {"feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888", + "b83b533708bf535d0aa6e52980d53b78", "698e57f70e6ecc7fd9463b7260a9ae5f", + "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25" + "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e0915bc94fbc3221a5db94fae95ae7" + "121a47"}, + + {"feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad", + "b83b533708bf535d0aa6e52980d53b78", "df586bb4c249b92cb6922877e444d37b", + "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e" + "49f24b22b097544d4896b424989b5e1ebac0f07c23f45983612d2e79e3b0785561be14aac" + "a2fccb"}, + + {"feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515" + "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", + "b83b533708bf535d0aa6e52980d53b78", "1c5afe9760d3932f3c9a878aac3dc3de", + "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4f" + "ba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5619cc5aefffe0bfa462af43c16" + "99d050"}, + + {"000000000000000000000000000000000000000000000000", "", "", + "000000000000000000000000", "aae06992acbf52a3e8f4a96ec9300bd7", + "00000000000000000000000000000000", "cd33b28ac773f74ba00ed1f312572435"}, + + {"000000000000000000000000000000000000000000000000", + "00000000000000000000000000000000", "", "000000000000000000000000", + "aae06992acbf52a3e8f4a96ec9300bd7", "e2c63f0ac44ad0e02efa05ab6743d4ce", + "98e7247c07f0fe411c267e4384b0f6002ff58d80033927ab8ef4d4587514f0fb"}, + + {"feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", + "", "cafebabefacedbaddecaf888", "466923ec9ae682214f2c082badb39249", + "51110d40f6c8fff0eb1ae33445a889f0", + "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c" + "144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade2569924a7c8587336bfb1" + "18024db8674a14"}, + + {"feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888", + "466923ec9ae682214f2c082badb39249", "ed2ce3062e4a8ec06db8b4c490e8a268", + "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c" + "144c525ac619d18c84a3f4718e2448b2fe324d9ccda27102519498e80f1478f37ba55bd6d" + "27618c"}, + + {"feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad", + "466923ec9ae682214f2c082badb39249", "1e6a133806607858ee80eaf237064089", + "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9" + "a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f765dcc57fcf623a24094fcca40d" + "3533f8"}, + + {"feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515" + "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", + "466923ec9ae682214f2c082badb39249", "82567fb0b4cc371801eadec005968e94", + "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012a" + "f34ddd9e2f037589b292db3e67c036745fa22e7e9b7373bdcf566ff291c25bbb8568fc3d3" + "76a6d9"}, + + {"0000000000000000000000000000000000000000000000000000000000000000", "", "", + "000000000000000000000000", "dc95c078a2408989ad48a21492842087", + "00000000000000000000000000000000", "530f8afbc74536b9a963b4f1c4cb738b"}, + + {"0000000000000000000000000000000000000000000000000000000000000000", + "00000000000000000000000000000000", "", "000000000000000000000000", + "dc95c078a2408989ad48a21492842087", "83de425c5edc5d498f382c441041ca92", + "cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919"}, + + {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", + "", "cafebabefacedbaddecaf888", "acbef20579b4b8ebce889bac8732dad7", + "4db870d37cb75fcb46097c36230d1612", + "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485" + "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015adb094dac5d93471bdec" + "1a502270e3cc6c"}, + + {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888", + "acbef20579b4b8ebce889bac8732dad7", "8bd0c4d8aacd391e67cca447e8c38f65", + "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485" + "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f66276fc6ece0f4e1768cddf8853bb" + "2d551b"}, + + {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad", + "acbef20579b4b8ebce889bac8732dad7", "75a34288b8c68f811c52b2e9a2f97f63", + "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33" + "934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f3a337dbf46a792c45e454913fe" + "2ea8f2"}, + + {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515" + "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", + "acbef20579b4b8ebce889bac8732dad7", "d5ffcf6fc5ac4d69722187421a7f170b", + "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b78" + "0f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3fa44a8266ee1c8eb0c8b5d4cf5a" + "e9f19a"}, + + /* Extra, non-NIST, test case to test 64-bit binary multiplication carry + * correctness. This is a GHASH-only test. */ + {"", "", "", "", "0000000000000000fcefef64ffc4766c", + "3561e34e52d8b598f9937982512fff27", + "0000000000000000ffcef9ebbffdbd8b00000000000000000000000000000000"}}; + +#endif // gcm_vectors_h__ diff --git a/gtests/common/util.h b/gtests/common/util.h new file mode 100644 index 0000000000..ccab5604e1 --- /dev/null +++ b/gtests/common/util.h @@ -0,0 +1,21 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef util_h__ +#define util_h__ + +#include +#include + +std::vector hex_string_to_bytes(std::string s) { + std::vector bytes; + for (size_t i = 0; i < s.length(); i += 2) { + bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16)); + } + return bytes; +} + +#endif // util_h__ diff --git a/gtests/freebl_gtest/freebl_util.h b/gtests/freebl_gtest/freebl_util.h deleted file mode 100644 index c992b9c4ea..0000000000 --- a/gtests/freebl_gtest/freebl_util.h +++ /dev/null @@ -1,16 +0,0 @@ -// This Source Code Form is subject to the terms of the Mozilla Public -// License, v. 2.0. If a copy of the MPL was not distributed with this file, -// You can obtain one at http://mozilla.org/MPL/2.0/. - -#include -#include -#include - -std::vector hex_string_to_bytes(std::string s) { - std::vector bytes; - assert(s.length() % 2 == 0); - for (size_t i = 0; i < s.length(); i += 2) { - bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16)); - } - return bytes; -} diff --git a/gtests/freebl_gtest/ghash_unittest.cc b/gtests/freebl_gtest/ghash_unittest.cc index 1866bda029..3c9045bec2 100644 --- a/gtests/freebl_gtest/ghash_unittest.cc +++ b/gtests/freebl_gtest/ghash_unittest.cc @@ -2,132 +2,25 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this file, // You can obtain one at http://mozilla.org/MPL/2.0/. +#include "gcm-vectors.h" #include "gtest/gtest.h" +#include "util.h" -#include "freebl_util.h" #include "gcm.h" namespace nss_test { -typedef struct ghash_kat_str { - std::string hash_key; - std::string additional_data; - std::string cipher_text; - std::string result; -} ghash_kat_value; - -/* - * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf - */ -const ghash_kat_value kKatValues[] = { - {"66e94bd4ef8a2c3b884cfa59ca342b2e", "", "", - "00000000000000000000000000000000"}, - - {"66e94bd4ef8a2c3b884cfa59ca342b2e", "", "0388dace60b6a392f328c2b971b2fe78", - "f38cbb1ad69223dcc3457ae5b6b0f885"}, - - {"b83b533708bf535d0aa6e52980d53b78", "", - "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25" - "4" - "66931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985", - "7f1b32b81b820d02614f8895ac1d4eac"}, - - {"b83b533708bf535d0aa6e52980d53b78", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25" - "4" - "66931c7d8f6a5aac84aa051ba30b396a0aac973d58e091", - "698e57f70e6ecc7fd9463b7260a9ae5f"}, - - {"b83b533708bf535d0aa6e52980d53b78", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e" - "4" - "9f24b22b097544d4896b424989b5e1ebac0f07c23f4598", - "df586bb4c249b92cb6922877e444d37b"}, - - {"b83b533708bf535d0aa6e52980d53b78", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4f" - "b" - "a43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5", - "1c5afe9760d3932f3c9a878aac3dc3de"}, - - {"aae06992acbf52a3e8f4a96ec9300bd7", "", "98e7247c07f0fe411c267e4384b0f600", - "e2c63f0ac44ad0e02efa05ab6743d4ce"}, - - {"466923ec9ae682214f2c082badb39249", "", - "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c" - "1" - "44c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256", - "51110d40f6c8fff0eb1ae33445a889f0"}, - - {"466923ec9ae682214f2c082badb39249", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c" - "1" - "44c525ac619d18c84a3f4718e2448b2fe324d9ccda2710", - "ed2ce3062e4a8ec06db8b4c490e8a268"}, - - {"466923ec9ae682214f2c082badb39249", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9" - "a" - "471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7", - "1e6a133806607858ee80eaf237064089"}, - - {"466923ec9ae682214f2c082badb39249", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012a" - "f" - "34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b", - "82567fb0b4cc371801eadec005968e94"}, - - {"dc95c078a2408989ad48a21492842087", "", "cea7403d4d606b6e074ec5d3baf39d18", - "83de425c5edc5d498f382c441041ca92"}, - - {"acbef20579b4b8ebce889bac8732dad7", "", - "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485" - "9" - "0dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad", - "4db870d37cb75fcb46097c36230d1612"}, - - {"acbef20579b4b8ebce889bac8732dad7", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485" - "9" - "0dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662", - "8bd0c4d8aacd391e67cca447e8c38f65"}, - - {"acbef20579b4b8ebce889bac8732dad7", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33" - "9" - "34a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f", - "75a34288b8c68f811c52b2e9a2f97f63"}, - - {"acbef20579b4b8ebce889bac8732dad7", - "feedfacedeadbeeffeedfacedeadbeefabaddad2", - "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b78" - "0" - "f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f", - "d5ffcf6fc5ac4d69722187421a7f170b"}, - - /* Extra, non-nist, test case to test 64-bit binary multiplication carry - * correctness. */ - {"0000000000000000fcefef64ffc4766c", "", "0000000000000000ffcef9ebbffdbd8b", - "3561e34e52d8b598f9937982512fff27"}}; - -class GHashTest : public ::testing::TestWithParam { +class GHashTest : public ::testing::TestWithParam { protected: - void TestGHash(const ghash_kat_value val, bool sw) { + void TestGHash(const gcm_kat_value val, bool sw) { // Read test data. std::vector hash_key = hex_string_to_bytes(val.hash_key); ASSERT_EQ(16UL, hash_key.size()); std::vector additional_data = hex_string_to_bytes(val.additional_data); - std::vector cipher_text = hex_string_to_bytes(val.cipher_text); - std::vector expected = hex_string_to_bytes(val.result); + std::vector result = hex_string_to_bytes(val.result); + std::vector cipher_text(result.begin(), result.end() - 16); + std::vector expected = hex_string_to_bytes(val.ghash); ASSERT_EQ(16UL, expected.size()); // Prepare context. @@ -157,6 +50,6 @@ TEST_P(GHashTest, KAT_X86_HW) { TestGHash(GetParam(), false); } TEST_P(GHashTest, KAT_Sftw) { TestGHash(GetParam(), true); } INSTANTIATE_TEST_CASE_P(NISTTestVector, GHashTest, - ::testing::ValuesIn(kKatValues)); + ::testing::ValuesIn(kGcmKatValues)); } // nss_test diff --git a/gtests/freebl_gtest/prng_kat_unittest.cc b/gtests/freebl_gtest/prng_kat_unittest.cc index 257da8c1b5..6537685a28 100644 --- a/gtests/freebl_gtest/prng_kat_unittest.cc +++ b/gtests/freebl_gtest/prng_kat_unittest.cc @@ -11,9 +11,9 @@ #define GTEST_HAS_RTTI 0 #include "gtest/gtest.h" +#include "util.h" #include "blapi.h" -#include "freebl_util.h" namespace nss_test { diff --git a/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc b/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc new file mode 100644 index 0000000000..a4e8bedba1 --- /dev/null +++ b/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc @@ -0,0 +1,135 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include +#include "nss.h" +#include "pk11pub.h" +#include "secerr.h" +#include "sechash.h" + +#include "scoped_ptrs.h" + +#include "gcm-vectors.h" +#include "gtest/gtest.h" +#include "util.h" + +namespace nss_test { + +class Pkcs11AesGcmTest : public ::testing::TestWithParam { + protected: + void RunTest(const gcm_kat_value val) { + std::vector key = hex_string_to_bytes(val.key); + std::vector iv = hex_string_to_bytes(val.iv); + std::vector plaintext = hex_string_to_bytes(val.plaintext); + std::vector aad = hex_string_to_bytes(val.additional_data); + std::vector result = hex_string_to_bytes(val.result); + + // Ignore GHASH-only vectors. + if (key.empty()) { + return; + } + + // Prepare AEAD params. + CK_GCM_PARAMS gcmParams; + gcmParams.pIv = iv.data(); + gcmParams.ulIvLen = iv.size(); + gcmParams.pAAD = aad.data(); + gcmParams.ulAADLen = aad.size(); + gcmParams.ulTagBits = 128; + + SECItem params = {siBuffer, reinterpret_cast(&gcmParams), + sizeof(gcmParams)}; + + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + SECItem keyItem = {siBuffer, key.data(), + static_cast(key.size())}; + + // Import key. + ScopedPK11SymKey symKey(PK11_ImportSymKey( + slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr)); + EXPECT_TRUE(!!symKey); + + // Encrypt. + unsigned int outputLen = 0; + std::vector output(plaintext.size() + gcmParams.ulTagBits / 8); + SECStatus rv = + PK11_Encrypt(symKey.get(), mech, ¶ms, output.data(), &outputLen, + output.size(), plaintext.data(), plaintext.size()); + EXPECT_EQ(rv, SECSuccess); + ASSERT_EQ(outputLen, output.size()); + + // Check ciphertext and tag. + EXPECT_EQ(result, output); + + // Decrypt. + unsigned int decryptedLen = 0; + // The PK11 AES API is stupid, it expects an explicit IV and thus wants + // a block more of available output memory. + std::vector decrypted(output.size()); + rv = + PK11_Decrypt(symKey.get(), mech, ¶ms, decrypted.data(), + &decryptedLen, decrypted.size(), output.data(), outputLen); + EXPECT_EQ(rv, SECSuccess); + ASSERT_EQ(decryptedLen, plaintext.size()); + + // Check the plaintext. + EXPECT_EQ(plaintext, + std::vector(decrypted.begin(), + decrypted.begin() + decryptedLen)); + } + + SECStatus EncryptWithIV(std::vector& iv) { + // Generate a random key. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ScopedPK11SymKey symKey( + PK11_KeyGen(slot.get(), mech, nullptr, 16, nullptr)); + EXPECT_TRUE(!!symKey); + + std::vector data(17); + std::vector output(33); + std::vector aad(0); + + // Prepare AEAD params. + CK_GCM_PARAMS gcmParams; + gcmParams.pIv = iv.data(); + gcmParams.ulIvLen = iv.size(); + gcmParams.pAAD = aad.data(); + gcmParams.ulAADLen = aad.size(); + gcmParams.ulTagBits = 128; + + SECItem params = {siBuffer, reinterpret_cast(&gcmParams), + sizeof(gcmParams)}; + + // Try to encrypt. + unsigned int outputLen = 0; + return PK11_Encrypt(symKey.get(), mech, ¶ms, output.data(), &outputLen, + output.size(), data.data(), data.size()); + } + + const CK_MECHANISM_TYPE mech = CKM_AES_GCM; +}; + +TEST_P(Pkcs11AesGcmTest, TestVectors) { RunTest(GetParam()); } + +INSTANTIATE_TEST_CASE_P(NISTTestVector, Pkcs11AesGcmTest, + ::testing::ValuesIn(kGcmKatValues)); + +TEST_F(Pkcs11AesGcmTest, ZeroLengthIV) { + std::vector iv(0); + EXPECT_EQ(EncryptWithIV(iv), SECFailure); +} + +TEST_F(Pkcs11AesGcmTest, AllZeroIV) { + std::vector iv(16, 0); + EXPECT_EQ(EncryptWithIV(iv), SECSuccess); +} + +TEST_F(Pkcs11AesGcmTest, TwelveByteZeroIV) { + std::vector iv(12, 0); + EXPECT_EQ(EncryptWithIV(iv), SECSuccess); +} + +} // namespace nss_test diff --git a/gtests/pk11_gtest/pk11_gtest.gyp b/gtests/pk11_gtest/pk11_gtest.gyp index 41578e7ca8..012adab2cd 100644 --- a/gtests/pk11_gtest/pk11_gtest.gyp +++ b/gtests/pk11_gtest/pk11_gtest.gyp @@ -12,6 +12,7 @@ 'type': 'executable', 'sources': [ 'pk11_aeskeywrap_unittest.cc', + 'pk11_aes_gcm_unittest.cc', 'pk11_chacha20poly1305_unittest.cc', 'pk11_curve25519_unittest.cc', 'pk11_ecdsa_unittest.cc', diff --git a/lib/freebl/gcm.c b/lib/freebl/gcm.c index 4ac1e18ef1..0fdb0fd487 100644 --- a/lib/freebl/gcm.c +++ b/lib/freebl/gcm.c @@ -587,9 +587,12 @@ GCM_CreateContext(void *context, freeblCipherFunc cipher, const PRBool sw = PR_FALSE; #endif + if (gcmParams->ulIvLen == 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } gcm = PORT_ZNew(GCMContext); if (gcm == NULL) { - PORT_SetError(SEC_ERROR_NO_MEMORY); return NULL; } /* aligned_alloc is C11 so we have to do it the old way. */ diff --git a/lib/freebl/intel-gcm-wrap.c b/lib/freebl/intel-gcm-wrap.c index a9dc2e3edc..37a1af7652 100644 --- a/lib/freebl/intel-gcm-wrap.c +++ b/lib/freebl/intel-gcm-wrap.c @@ -58,8 +58,11 @@ intel_AES_GCM_CreateContext(void *context, unsigned int j; SECStatus rv; + if (gcmParams->ulIvLen == 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } gcm = PORT_ZNew(intel_AES_GCMContext); - if (gcm == NULL) { return NULL; }