diff options
Diffstat (limited to 'nss/gtests/pk11_gtest/pk11_export_unittest.cc')
-rw-r--r-- | nss/gtests/pk11_gtest/pk11_export_unittest.cc | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/nss/gtests/pk11_gtest/pk11_export_unittest.cc b/nss/gtests/pk11_gtest/pk11_export_unittest.cc new file mode 100644 index 0000000..e5d5ae8 --- /dev/null +++ b/nss/gtests/pk11_gtest/pk11_export_unittest.cc @@ -0,0 +1,66 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <memory> +#include "nss.h" +#include "pk11pub.h" + +#include "gtest/gtest.h" +#include "scoped_ptrs.h" + +namespace nss_test { + +class Pkcs11ExportTest : public ::testing::Test { + public: + void Derive(bool is_export) { + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + EXPECT_TRUE(slot.get()); + + uint8_t keyData[48] = {0}; + SECItem keyItem = {siBuffer, (unsigned char*)keyData, sizeof(keyData)}; + + CK_MECHANISM_TYPE mechanism = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; + ScopedPK11SymKey baseKey(PK11_ImportSymKey( + slot.get(), mechanism, PK11_OriginUnwrap, CKA_WRAP, &keyItem, nullptr)); + EXPECT_TRUE(baseKey.get()); + + CK_SSL3_KEY_MAT_OUT kmo; + kmo.hClientMacSecret = CK_INVALID_HANDLE; + kmo.hServerMacSecret = CK_INVALID_HANDLE; + kmo.hClientKey = CK_INVALID_HANDLE; + kmo.hServerKey = CK_INVALID_HANDLE; + + CK_BYTE iv[8]; + kmo.pIVClient = iv; + kmo.pIVServer = iv; + + CK_SSL3_KEY_MAT_PARAMS kmp; + kmp.ulMacSizeInBits = 256; + kmp.ulKeySizeInBits = 128; + kmp.ulIVSizeInBits = 64; + kmp.pReturnedKeyMaterial = &kmo; + kmp.bIsExport = is_export; + + unsigned char random[32] = {0}; + kmp.RandomInfo.pClientRandom = random; + kmp.RandomInfo.ulClientRandomLen = sizeof(random); + kmp.RandomInfo.pServerRandom = random; + kmp.RandomInfo.ulServerRandomLen = sizeof(random); + + SECItem params = {siBuffer, (unsigned char*)&kmp, sizeof(kmp)}; + ScopedPK11SymKey symKey(PK11_Derive(baseKey.get(), mechanism, ¶ms, + CKM_SHA512_HMAC, CKA_SIGN, 16)); + + // Deriving must fail when is_export=true. + EXPECT_EQ(!symKey.get(), is_export); + } +}; + +TEST_F(Pkcs11ExportTest, DeriveNonExport) { Derive(false); } + +TEST_F(Pkcs11ExportTest, DeriveExport) { Derive(true); } + +} // namespace nss_test |