Skip to content

Commit

Permalink
Bug 1459141 - A few more CBC padding tests. r=jcj
Browse files Browse the repository at this point in the history 
This patch adds more test vectors for AES-CBC and 3DES-CBC padding.

Differential Revision: https://phabricator.services.mozilla.com/D49700

--HG--
extra : moz-landing-system : lando
  • Loading branch information
@deian
deian committed Oct 22, 2019
1 parent c71b801 commit fd40154
Showing 1 changed file with 74 additions and 7 deletions.
81 changes: 74 additions & 7 deletions gtests/pk11_gtest/pk11_cbc_unittest.cc
View file
Expand Up @@ -41,7 +41,8 @@ class Pkcs11CbcPadTest : public ::testing::TestWithParam<CK_MECHANISM_TYPE> {
}
return false;
}
uint32_t GetUnpaddedParam() const {

uint32_t GetUnpaddedMechanism() const {
switch (GetParam()) {
case CKM_AES_CBC_PAD:
return CKM_AES_CBC;
Expand Down Expand Up @@ -368,7 +369,7 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_PaddingTooLong) {
uint32_t encrypted_len = 0;

ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedParam(), GetIv(),
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
encrypted.data(), &encrypted_len,
encrypted.size(), input.data(), input.size());
ASSERT_EQ(SECSuccess, rv);
Expand All @@ -384,7 +385,7 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_PaddingTooLong) {
EXPECT_EQ(0U, decrypted_len);
}

TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_BadPadding1) {
TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortPadding1) {
if (!is_padded()) {
return;
}
Expand All @@ -401,7 +402,7 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_BadPadding1) {
uint32_t encrypted_len = 0;

ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedParam(), GetIv(),
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
encrypted.data(), &encrypted_len,
encrypted.size(), input.data(), input.size());
ASSERT_EQ(SECSuccess, rv);
Expand All @@ -417,7 +418,7 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_BadPadding1) {
EXPECT_EQ(0U, decrypted_len);
}

TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_BadPadding2) {
TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortPadding2) {
if (!is_padded()) {
return;
}
Expand All @@ -434,7 +435,73 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_BadPadding2) {
uint32_t encrypted_len = 0;

ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedParam(), GetIv(),
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
encrypted.data(), &encrypted_len,
encrypted.size(), input.data(), input.size());
ASSERT_EQ(SECSuccess, rv);
EXPECT_EQ(input.size(), encrypted_len);

std::vector<uint8_t> decrypted(input.size());
uint32_t decrypted_len = 0;
ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(),
&decrypted_len, decrypted.size(), encrypted.data(),
encrypted_len);
EXPECT_EQ(SECFailure, rv);
EXPECT_EQ(0U, decrypted_len);
}

TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ZeroLengthPadding) {
if (!is_padded()) {
return;
}

// Padding of length zero
const std::vector<uint8_t> input = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
std::vector<uint8_t> encrypted(input.size());
uint32_t encrypted_len = 0;

ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
encrypted.data(), &encrypted_len,
encrypted.size(), input.data(), input.size());
ASSERT_EQ(SECSuccess, rv);
EXPECT_EQ(input.size(), encrypted_len);

std::vector<uint8_t> decrypted(input.size());
uint32_t decrypted_len = 0;
ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(),
&decrypted_len, decrypted.size(), encrypted.data(),
encrypted_len);
EXPECT_EQ(SECFailure, rv);
EXPECT_EQ(0U, decrypted_len);
}

TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_OverflowPadding) {
if (!is_padded()) {
return;
}

// Padding that's much longer than block size
const std::vector<uint8_t> input = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
std::vector<uint8_t> encrypted(input.size());
uint32_t encrypted_len = 0;

ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
encrypted.data(), &encrypted_len,
encrypted.size(), input.data(), input.size());
ASSERT_EQ(SECSuccess, rv);
Expand Down Expand Up @@ -467,7 +534,7 @@ TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortValidPadding) {
uint32_t encrypted_len = 0;

ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedParam(), GetIv(),
SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
encrypted.data(), &encrypted_len,
encrypted.size(), input.data(), input.size());
ASSERT_EQ(SECSuccess, rv);
Expand Down

0 comments on commit fd40154

Please sign in to comment.