firefox-main/security/nss/gtests/pk11_gtest/pk11sdr_unittest.cc

Source code

Revision control

Copy as Markdown

Other Tools

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* vim: set ts=4 et sw=4 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "gtest/gtest.h"
#include "nss.h"
#include "nss_scoped_ptrs.h"
#include "pk11sdr.h"
#include "prerror.h"
namespace nss_test {
class PK11SDRTest : public ::testing::Test {
public:
void SetUp() override {
// Ensure there exists an AES key in the default key slot.
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
ASSERT_NE(slot.get(), nullptr);
SECItem keyid = {siBuffer, nullptr, 0};
unsigned char plaintextBytes[] = {'a', 'b', 'c'};
SECItem plaintext = {siBuffer, &plaintextBytes[0], sizeof(plaintextBytes)};
StackSECItem ciphertext;
SECStatus rv = PK11SDR_EncryptWithMechanism(
slot.get(), &keyid, CKM_AES_CBC, &plaintext, &ciphertext, nullptr);
ASSERT_EQ(rv, SECSuccess);
}
};
const std::vector<uint8_t> kUnsupportedAlgorithmDER = {
0x30, 0x5B, 0x04, 0x10, 0xF8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x30, 0x35, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x06, 0x04, 0x28, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0C, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x10,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x04, 0x10, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
TEST_F(PK11SDRTest, RejectUnsupportedAlgorithmDecrypt) {
SECItem data = {siBuffer,
const_cast<unsigned char*>(kUnsupportedAlgorithmDER.data()),
(unsigned int)kUnsupportedAlgorithmDER.size()};
SECItem result = {siBuffer, nullptr, 0};
EXPECT_EQ(PK11SDR_Decrypt(&data, &result, nullptr), SECFailure);
EXPECT_EQ(PR_GetError(), SEC_ERROR_INVALID_ARGS);
}
TEST_F(PK11SDRTest, RejectUnsupportedAlgorithmEncrypt) {
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
ASSERT_NE(slot.get(), nullptr);
SECItem keyid = {siBuffer, nullptr, 0};
unsigned char plaintextBytes[] = {'a', 'b', 'c'};
SECItem plaintext = {siBuffer, &plaintextBytes[0], sizeof(plaintextBytes)};
StackSECItem ciphertext;
SECStatus rv = PK11SDR_EncryptWithMechanism(slot.get(), &keyid, CKM_AES_GCM,
&plaintext, &ciphertext, nullptr);
EXPECT_EQ(rv, SECFailure);
EXPECT_EQ(PR_GetError(), SEC_ERROR_INVALID_ARGS);
}
} // namespace nss_test