new file mode 100644
--- /dev/null
+++ b/gtests/common/gcm-vectors.h
@@ -0,0 +1,172 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef gcm_vectors_h__
+#define gcm_vectors_h__
+
+#include <string>
+
+typedef struct gcm_kat_str {
+ std::string key;
+ std::string plaintext;
+ std::string additional_data;
+ std::string iv;
+ std::string hash_key;
+ std::string ghash;
+ std::string result;
+} gcm_kat_value;
+
+/*
+ * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
+ */
+const gcm_kat_value kGcmKatValues[] = {
+ {"00000000000000000000000000000000", "", "", "000000000000000000000000",
+ "66e94bd4ef8a2c3b884cfa59ca342b2e", "00000000000000000000000000000000",
+ "58e2fccefa7e3061367f1d57a4e7455a"},
+
+ {"00000000000000000000000000000000", "00000000000000000000000000000000", "",
+ "000000000000000000000000", "66e94bd4ef8a2c3b884cfa59ca342b2e",
+ "f38cbb1ad69223dcc3457ae5b6b0f885",
+ "0388dace60b6a392f328c2b971b2fe78ab6e47d42cec13bdf53a67b21257bddf"},
+
+ {"feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+ "", "cafebabefacedbaddecaf888", "b83b533708bf535d0aa6e52980d53b78",
+ "7f1b32b81b820d02614f8895ac1d4eac",
+ "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
+ "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62c"
+ "f35abd2ba6fab4"},
+
+ {"feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
+ "b83b533708bf535d0aa6e52980d53b78", "698e57f70e6ecc7fd9463b7260a9ae5f",
+ "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
+ "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e0915bc94fbc3221a5db94fae95ae7"
+ "121a47"},
+
+ {"feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
+ "b83b533708bf535d0aa6e52980d53b78", "df586bb4c249b92cb6922877e444d37b",
+ "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e"
+ "49f24b22b097544d4896b424989b5e1ebac0f07c23f45983612d2e79e3b0785561be14aac"
+ "a2fccb"},
+
+ {"feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
+ "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+ "b83b533708bf535d0aa6e52980d53b78", "1c5afe9760d3932f3c9a878aac3dc3de",
+ "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4f"
+ "ba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5619cc5aefffe0bfa462af43c16"
+ "99d050"},
+
+ {"000000000000000000000000000000000000000000000000", "", "",
+ "000000000000000000000000", "aae06992acbf52a3e8f4a96ec9300bd7",
+ "00000000000000000000000000000000", "cd33b28ac773f74ba00ed1f312572435"},
+
+ {"000000000000000000000000000000000000000000000000",
+ "00000000000000000000000000000000", "", "000000000000000000000000",
+ "aae06992acbf52a3e8f4a96ec9300bd7", "e2c63f0ac44ad0e02efa05ab6743d4ce",
+ "98e7247c07f0fe411c267e4384b0f6002ff58d80033927ab8ef4d4587514f0fb"},
+
+ {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+ "", "cafebabefacedbaddecaf888", "466923ec9ae682214f2c082badb39249",
+ "51110d40f6c8fff0eb1ae33445a889f0",
+ "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
+ "144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade2569924a7c8587336bfb1"
+ "18024db8674a14"},
+
+ {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
+ "466923ec9ae682214f2c082badb39249", "ed2ce3062e4a8ec06db8b4c490e8a268",
+ "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
+ "144c525ac619d18c84a3f4718e2448b2fe324d9ccda27102519498e80f1478f37ba55bd6d"
+ "27618c"},
+
+ {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
+ "466923ec9ae682214f2c082badb39249", "1e6a133806607858ee80eaf237064089",
+ "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9"
+ "a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f765dcc57fcf623a24094fcca40d"
+ "3533f8"},
+
+ {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
+ "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+ "466923ec9ae682214f2c082badb39249", "82567fb0b4cc371801eadec005968e94",
+ "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012a"
+ "f34ddd9e2f037589b292db3e67c036745fa22e7e9b7373bdcf566ff291c25bbb8568fc3d3"
+ "76a6d9"},
+
+ {"0000000000000000000000000000000000000000000000000000000000000000", "", "",
+ "000000000000000000000000", "dc95c078a2408989ad48a21492842087",
+ "00000000000000000000000000000000", "530f8afbc74536b9a963b4f1c4cb738b"},
+
+ {"0000000000000000000000000000000000000000000000000000000000000000",
+ "00000000000000000000000000000000", "", "000000000000000000000000",
+ "dc95c078a2408989ad48a21492842087", "83de425c5edc5d498f382c441041ca92",
+ "cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919"},
+
+ {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+ "", "cafebabefacedbaddecaf888", "acbef20579b4b8ebce889bac8732dad7",
+ "4db870d37cb75fcb46097c36230d1612",
+ "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
+ "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015adb094dac5d93471bdec"
+ "1a502270e3cc6c"},
+
+ {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
+ "acbef20579b4b8ebce889bac8732dad7", "8bd0c4d8aacd391e67cca447e8c38f65",
+ "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
+ "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f66276fc6ece0f4e1768cddf8853bb"
+ "2d551b"},
+
+ {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
+ "acbef20579b4b8ebce889bac8732dad7", "75a34288b8c68f811c52b2e9a2f97f63",
+ "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33"
+ "934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f3a337dbf46a792c45e454913fe"
+ "2ea8f2"},
+
+ {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
+ "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+ "acbef20579b4b8ebce889bac8732dad7", "d5ffcf6fc5ac4d69722187421a7f170b",
+ "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b78"
+ "0f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3fa44a8266ee1c8eb0c8b5d4cf5a"
+ "e9f19a"},
+
+ /* Extra, non-NIST, test case to test 64-bit binary multiplication carry
+ * correctness. This is a GHASH-only test. */
+ {"", "", "", "", "0000000000000000fcefef64ffc4766c",
+ "3561e34e52d8b598f9937982512fff27",
+ "0000000000000000ffcef9ebbffdbd8b00000000000000000000000000000000"}};
+
+#endif // gcm_vectors_h__
new file mode 100644
--- /dev/null
+++ b/gtests/common/util.h
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef util_h__
+#define util_h__
+
+#include <cassert>
+#include <vector>
+
+std::vector<uint8_t> hex_string_to_bytes(std::string s) {
+ std::vector<uint8_t> bytes;
+ for (size_t i = 0; i < s.length(); i += 2) {
+ bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
+ }
+ return bytes;
+}
+
+#endif // util_h__
deleted file mode 100644
--- a/gtests/freebl_gtest/freebl_util.h
+++ /dev/null
@@ -1,16 +0,0 @@
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this file,
-// You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#include <stdint.h>
-#include <string>
-#include <vector>
-
-std::vector<uint8_t> hex_string_to_bytes(std::string s) {
- std::vector<uint8_t> bytes;
- assert(s.length() % 2 == 0);
- for (size_t i = 0; i < s.length(); i += 2) {
- bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
- }
- return bytes;
-}
--- a/gtests/freebl_gtest/ghash_unittest.cc
+++ b/gtests/freebl_gtest/ghash_unittest.cc
@@ -1,138 +1,31 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
// You can obtain one at http://mozilla.org/MPL/2.0/.
+#include "gcm-vectors.h"
#include "gtest/gtest.h"
+#include "util.h"
-#include "freebl_util.h"
#include "gcm.h"
namespace nss_test {
-typedef struct ghash_kat_str {
- std::string hash_key;
- std::string additional_data;
- std::string cipher_text;
- std::string result;
-} ghash_kat_value;
-
-/*
- * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
- */
-const ghash_kat_value kKatValues[] = {
- {"66e94bd4ef8a2c3b884cfa59ca342b2e", "", "",
- "00000000000000000000000000000000"},
-
- {"66e94bd4ef8a2c3b884cfa59ca342b2e", "", "0388dace60b6a392f328c2b971b2fe78",
- "f38cbb1ad69223dcc3457ae5b6b0f885"},
-
- {"b83b533708bf535d0aa6e52980d53b78", "",
- "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
- "4"
- "66931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
- "7f1b32b81b820d02614f8895ac1d4eac"},
-
- {"b83b533708bf535d0aa6e52980d53b78",
- "feedfacedeadbeeffeedfacedeadbeefabaddad2",
- "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
- "4"
- "66931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
- "698e57f70e6ecc7fd9463b7260a9ae5f"},
-
- {"b83b533708bf535d0aa6e52980d53b78",
- "feedfacedeadbeeffeedfacedeadbeefabaddad2",
- "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e"
- "4"
- "9f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
- "df586bb4c249b92cb6922877e444d37b"},
-
- {"b83b533708bf535d0aa6e52980d53b78",
- "feedfacedeadbeeffeedfacedeadbeefabaddad2",
- "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4f"
- "b"
- "a43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
- "1c5afe9760d3932f3c9a878aac3dc3de"},
-
- {"aae06992acbf52a3e8f4a96ec9300bd7", "", "98e7247c07f0fe411c267e4384b0f600",
- "e2c63f0ac44ad0e02efa05ab6743d4ce"},
-
- {"466923ec9ae682214f2c082badb39249", "",
- "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
- "1"
- "44c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
- "51110d40f6c8fff0eb1ae33445a889f0"},
-
- {"466923ec9ae682214f2c082badb39249",
- "feedfacedeadbeeffeedfacedeadbeefabaddad2",
- "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
- "1"
- "44c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
- "ed2ce3062e4a8ec06db8b4c490e8a268"},
-
- {"466923ec9ae682214f2c082badb39249",
- "feedfacedeadbeeffeedfacedeadbeefabaddad2",
- "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9"
- "a"
- "471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
- "1e6a133806607858ee80eaf237064089"},
-
- {"466923ec9ae682214f2c082badb39249",
- "feedfacedeadbeeffeedfacedeadbeefabaddad2",
- "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012a"
- "f"
- "34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
- "82567fb0b4cc371801eadec005968e94"},
-
- {"dc95c078a2408989ad48a21492842087", "", "cea7403d4d606b6e074ec5d3baf39d18",
- "83de425c5edc5d498f382c441041ca92"},
-
- {"acbef20579b4b8ebce889bac8732dad7", "",
- "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
- "9"
- "0dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
- "4db870d37cb75fcb46097c36230d1612"},
-
- {"acbef20579b4b8ebce889bac8732dad7",
- "feedfacedeadbeeffeedfacedeadbeefabaddad2",
- "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
- "9"
- "0dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
- "8bd0c4d8aacd391e67cca447e8c38f65"},
-
- {"acbef20579b4b8ebce889bac8732dad7",
- "feedfacedeadbeeffeedfacedeadbeefabaddad2",
- "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33"
- "9"
- "34a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
- "75a34288b8c68f811c52b2e9a2f97f63"},
-
- {"acbef20579b4b8ebce889bac8732dad7",
- "feedfacedeadbeeffeedfacedeadbeefabaddad2",
- "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b78"
- "0"
- "f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
- "d5ffcf6fc5ac4d69722187421a7f170b"},
-
- /* Extra, non-nist, test case to test 64-bit binary multiplication carry
- * correctness. */
- {"0000000000000000fcefef64ffc4766c", "", "0000000000000000ffcef9ebbffdbd8b",
- "3561e34e52d8b598f9937982512fff27"}};
-
-class GHashTest : public ::testing::TestWithParam<ghash_kat_value> {
+class GHashTest : public ::testing::TestWithParam<gcm_kat_value> {
protected:
- void TestGHash(const ghash_kat_value val, bool sw) {
+ void TestGHash(const gcm_kat_value val, bool sw) {
// Read test data.
std::vector<uint8_t> hash_key = hex_string_to_bytes(val.hash_key);
ASSERT_EQ(16UL, hash_key.size());
std::vector<uint8_t> additional_data =
hex_string_to_bytes(val.additional_data);
- std::vector<uint8_t> cipher_text = hex_string_to_bytes(val.cipher_text);
- std::vector<uint8_t> expected = hex_string_to_bytes(val.result);
+ std::vector<uint8_t> result = hex_string_to_bytes(val.result);
+ std::vector<uint8_t> cipher_text(result.begin(), result.end() - 16);
+ std::vector<uint8_t> expected = hex_string_to_bytes(val.ghash);
ASSERT_EQ(16UL, expected.size());
// Prepare context.
gcmHashContext ghashCtx;
ASSERT_EQ(SECSuccess, gcmHash_InitContext(&ghashCtx, hash_key.data(), sw));
// Hash additional_data, cipher_text.
gcmHash_Reset(&ghashCtx,
@@ -152,11 +45,11 @@ class GHashTest : public ::testing::Test
};
#ifdef NSS_X86_OR_X64
TEST_P(GHashTest, KAT_X86_HW) { TestGHash(GetParam(), false); }
#endif
TEST_P(GHashTest, KAT_Sftw) { TestGHash(GetParam(), true); }
INSTANTIATE_TEST_CASE_P(NISTTestVector, GHashTest,
- ::testing::ValuesIn(kKatValues));
+ ::testing::ValuesIn(kGcmKatValues));
} // nss_test
--- a/gtests/freebl_gtest/prng_kat_unittest.cc
+++ b/gtests/freebl_gtest/prng_kat_unittest.cc
@@ -6,19 +6,19 @@
#include "nss.h"
#include "ssl.h"
#include <cstdlib>
#include <fstream>
#define GTEST_HAS_RTTI 0
#include "gtest/gtest.h"
+#include "util.h"
#include "blapi.h"
-#include "freebl_util.h"
namespace nss_test {
typedef struct PRNGTestValuesStr {
std::vector<uint8_t> entropy;
std::vector<uint8_t> nonce;
std::vector<uint8_t> personal;
std::vector<uint8_t> expected_result;
new file mode 100644
--- /dev/null
+++ b/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
@@ -0,0 +1,135 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "secerr.h"
+#include "sechash.h"
+
+#include "scoped_ptrs.h"
+
+#include "gcm-vectors.h"
+#include "gtest/gtest.h"
+#include "util.h"
+
+namespace nss_test {
+
+class Pkcs11AesGcmTest : public ::testing::TestWithParam<gcm_kat_value> {
+ protected:
+ void RunTest(const gcm_kat_value val) {
+ std::vector<uint8_t> key = hex_string_to_bytes(val.key);
+ std::vector<uint8_t> iv = hex_string_to_bytes(val.iv);
+ std::vector<uint8_t> plaintext = hex_string_to_bytes(val.plaintext);
+ std::vector<uint8_t> aad = hex_string_to_bytes(val.additional_data);
+ std::vector<uint8_t> result = hex_string_to_bytes(val.result);
+
+ // Ignore GHASH-only vectors.
+ if (key.empty()) {
+ return;
+ }
+
+ // Prepare AEAD params.
+ CK_GCM_PARAMS gcmParams;
+ gcmParams.pIv = iv.data();
+ gcmParams.ulIvLen = iv.size();
+ gcmParams.pAAD = aad.data();
+ gcmParams.ulAADLen = aad.size();
+ gcmParams.ulTagBits = 128;
+
+ SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcmParams),
+ sizeof(gcmParams)};
+
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ SECItem keyItem = {siBuffer, key.data(),
+ static_cast<unsigned int>(key.size())};
+
+ // Import key.
+ ScopedPK11SymKey symKey(PK11_ImportSymKey(
+ slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
+ EXPECT_TRUE(!!symKey);
+
+ // Encrypt.
+ unsigned int outputLen = 0;
+ std::vector<uint8_t> output(plaintext.size() + gcmParams.ulTagBits / 8);
+ SECStatus rv =
+ PK11_Encrypt(symKey.get(), mech, ¶ms, output.data(), &outputLen,
+ output.size(), plaintext.data(), plaintext.size());
+ EXPECT_EQ(rv, SECSuccess);
+ ASSERT_EQ(outputLen, output.size());
+
+ // Check ciphertext and tag.
+ EXPECT_EQ(result, output);
+
+ // Decrypt.
+ unsigned int decryptedLen = 0;
+ // The PK11 AES API is stupid, it expects an explicit IV and thus wants
+ // a block more of available output memory.
+ std::vector<uint8_t> decrypted(output.size());
+ rv =
+ PK11_Decrypt(symKey.get(), mech, ¶ms, decrypted.data(),
+ &decryptedLen, decrypted.size(), output.data(), outputLen);
+ EXPECT_EQ(rv, SECSuccess);
+ ASSERT_EQ(decryptedLen, plaintext.size());
+
+ // Check the plaintext.
+ EXPECT_EQ(plaintext,
+ std::vector<uint8_t>(decrypted.begin(),
+ decrypted.begin() + decryptedLen));
+ }
+
+ SECStatus EncryptWithIV(std::vector<uint8_t>& iv) {
+ // Generate a random key.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ScopedPK11SymKey symKey(
+ PK11_KeyGen(slot.get(), mech, nullptr, 16, nullptr));
+ EXPECT_TRUE(!!symKey);
+
+ std::vector<uint8_t> data(17);
+ std::vector<uint8_t> output(33);
+ std::vector<uint8_t> aad(0);
+
+ // Prepare AEAD params.
+ CK_GCM_PARAMS gcmParams;
+ gcmParams.pIv = iv.data();
+ gcmParams.ulIvLen = iv.size();
+ gcmParams.pAAD = aad.data();
+ gcmParams.ulAADLen = aad.size();
+ gcmParams.ulTagBits = 128;
+
+ SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcmParams),
+ sizeof(gcmParams)};
+
+ // Try to encrypt.
+ unsigned int outputLen = 0;
+ return PK11_Encrypt(symKey.get(), mech, ¶ms, output.data(), &outputLen,
+ output.size(), data.data(), data.size());
+ }
+
+ const CK_MECHANISM_TYPE mech = CKM_AES_GCM;
+};
+
+TEST_P(Pkcs11AesGcmTest, TestVectors) { RunTest(GetParam()); }
+
+INSTANTIATE_TEST_CASE_P(NISTTestVector, Pkcs11AesGcmTest,
+ ::testing::ValuesIn(kGcmKatValues));
+
+TEST_F(Pkcs11AesGcmTest, ZeroLengthIV) {
+ std::vector<uint8_t> iv(0);
+ EXPECT_EQ(EncryptWithIV(iv), SECFailure);
+}
+
+TEST_F(Pkcs11AesGcmTest, AllZeroIV) {
+ std::vector<uint8_t> iv(16, 0);
+ EXPECT_EQ(EncryptWithIV(iv), SECSuccess);
+}
+
+TEST_F(Pkcs11AesGcmTest, TwelveByteZeroIV) {
+ std::vector<uint8_t> iv(12, 0);
+ EXPECT_EQ(EncryptWithIV(iv), SECSuccess);
+}
+
+} // namespace nss_test
--- a/gtests/pk11_gtest/pk11_gtest.gyp
+++ b/gtests/pk11_gtest/pk11_gtest.gyp
@@ -7,16 +7,17 @@
'../common/gtest.gypi',
],
'targets': [
{
'target_name': 'pk11_gtest',
'type': 'executable',
'sources': [
'pk11_aeskeywrap_unittest.cc',
+ 'pk11_aes_gcm_unittest.cc',
'pk11_chacha20poly1305_unittest.cc',
'pk11_curve25519_unittest.cc',
'pk11_ecdsa_unittest.cc',
'pk11_pbkdf2_unittest.cc',
'pk11_prf_unittest.cc',
'pk11_prng_unittest.cc',
'pk11_rsapss_unittest.cc',
'<(DEPTH)/gtests/common/gtests.cc'
--- a/lib/freebl/gcm.c
+++ b/lib/freebl/gcm.c
@@ -582,19 +582,22 @@ GCM_CreateContext(void *context, freeblC
CK_AES_CTR_PARAMS ctrParams;
SECStatus rv;
#ifdef DISABLE_HW_GCM
const PRBool sw = PR_TRUE;
#else
const PRBool sw = PR_FALSE;
#endif
+ if (gcmParams->ulIvLen == 0) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
gcm = PORT_ZNew(GCMContext);
if (gcm == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
return NULL;
}
/* aligned_alloc is C11 so we have to do it the old way. */
ghash = PORT_ZAlloc(sizeof(gcmHashContext) + 15);
if (ghash == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto loser;
}
--- a/lib/freebl/intel-gcm-wrap.c
+++ b/lib/freebl/intel-gcm-wrap.c
@@ -53,18 +53,21 @@ intel_AES_GCM_CreateContext(void *contex
unsigned long AAD_whole_len = gcmParams->ulAADLen & (~0xful);
unsigned int AAD_remainder_len = gcmParams->ulAADLen & 0xful;
__m128i BSWAP_MASK = _mm_setr_epi8(15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0);
__m128i ONE = _mm_set_epi32(0, 0, 0, 1);
unsigned int j;
SECStatus rv;
+ if (gcmParams->ulIvLen == 0) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
gcm = PORT_ZNew(intel_AES_GCMContext);
-
if (gcm == NULL) {
return NULL;
}
/* initialize context fields */
gcm->aes_context = aes;
gcm->tagBits = gcmParams->ulTagBits;
gcm->Alen = 0;