/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <memory>
#include "nss.h"
#include "pk11pub.h"
#include "secerr.h"
#include "sechash.h"
#include "stdio.h"
#include "blapi.h"
#include "gtest/gtest.h"
#include "nss_scoped_ptrs.h"
#include "util.h"
namespace nss_test {
class Pkcs11KbkdfTest :
public ::testing::Test {
protected:
ScopedPK11SymKey ImportKey(CK_MECHANISM_TYPE mech, SECItem *key_item) {
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
if (!slot) {
ADD_FAILURE() <<
"Can't get slot";
return nullptr;
}
ScopedPK11SymKey result(PK11_ImportSymKey(
slot.get(), mech, PK11_OriginUnwrap, CKA_SIGN, key_item, nullptr));
return result;
}
void RunKDF(CK_MECHANISM_TYPE kdfMech, CK_SP800_108_KDF_PARAMS_PTR kdfParams,
CK_BYTE_PTR inputKey,
unsigned int inputKeyLen,
CK_BYTE_PTR expectedKey,
unsigned int expectedKeyLen,
CK_BYTE_PTR expectedAdditional,
unsigned int expectedAdditionalLen) {
SECItem keyItem = {siBuffer, inputKey, inputKeyLen};
ScopedPK11SymKey p11Key = ImportKey(kdfParams->prfType, &keyItem);
ASSERT_NE(kdfParams, nullptr);
SECItem paramsItem = {siBuffer, (
unsigned char *)kdfParams,
sizeof(*kdfParams)};
ScopedPK11SymKey result(PK11_Derive(p11Key.get(), kdfMech, ¶msItem,
CKM_SHA512_HMAC, CKA_SIGN,
expectedKeyLen));
ASSERT_NE(result, nullptr);
ASSERT_EQ(PK11_ExtractKeyValue(result.get()), SECSuccess);
/* We don't need to free this -- it is just a reference... */
SECItem *actualItem = PK11_GetKeyData(result.get());
ASSERT_NE(actualItem, nullptr);
SECItem expectedItem = {siBuffer, expectedKey, expectedKeyLen};
ASSERT_EQ(SECITEM_CompareItem(actualItem, &expectedItem), 0);
/* Extract the additional key. */
if (expectedAdditional == NULL || kdfParams->ulAdditionalDerivedKeys != 1) {
return;
}
ScopedPK11SlotInfo slot(PK11_GetSlotFromKey(result.get()));
CK_OBJECT_HANDLE_PTR keyHandle = kdfParams->pAdditionalDerivedKeys[0].phKey;
ScopedPK11SymKey additionalKey(
PK11_SymKeyFromHandle(slot.get(), result.get(), PK11_OriginDerive,
CKM_SHA512_HMAC, *keyHandle, PR_FALSE, NULL));
ASSERT_EQ(PK11_ExtractKeyValue(additionalKey.get()), SECSuccess);
/* We don't need to free this -- it is just a reference... */
actualItem = PK11_GetKeyData(additionalKey.get());
ASSERT_NE(actualItem, nullptr);
expectedItem = {siBuffer, expectedAdditional, expectedAdditionalLen};
ASSERT_EQ(SECITEM_CompareItem(actualItem, &expectedItem), 0);
}
};
TEST_F(Pkcs11KbkdfTest, TestAdditionalKey) {
/* Test number 11 of NIST CAVP vectors for Counter mode KDF, with counter
* after a fixed input (AES/128 CMAC). Resulting key (of size 256 bits)
* split into two 128-bit chunks since that aligns with a PRF invocation
* boundary. */
CK_BYTE inputKey[] = {0x23, 0xeb, 0x06, 0x5b, 0xe1, 0x27, 0xa8, 0x81,
0xe3, 0x5a, 0x65, 0x14, 0xd4, 0x35, 0x67, 0x9f};
CK_BYTE expectedKey[] = {0xea, 0x4e, 0xbb, 0xb4, 0xef, 0xff, 0x4b, 0x01,
0x68, 0x40, 0x12, 0xed, 0x8f, 0xf9, 0xc6, 0x4e};
CK_BYTE expectedAdditional[] = {0x70, 0xae, 0x38, 0x19, 0x7c, 0x36,
0x44, 0x5a, 0x6c, 0x80, 0x4a, 0x0e,
0x44, 0x81, 0x9a, 0xc3};
CK_SP800_108_COUNTER_FORMAT iterator = {CK_FALSE, 8};
CK_BYTE fixedData[] = {
0xe6, 0x79, 0x86, 0x1a, 0x61, 0x34, 0x65, 0xa6, 0x73, 0x85, 0x37, 0x26,
0x71, 0xb1, 0x07, 0xe6, 0xb8, 0x95, 0xa2, 0xf6, 0x40, 0x43, 0xc9, 0x34,
0xff, 0x42, 0x56, 0xa7, 0xe6, 0x3c, 0xfb, 0x8b, 0xfa, 0xcc, 0x21, 0x24,
0x25, 0x1c, 0x90, 0xfa, 0x67, 0x0d, 0x45, 0x74, 0x5c, 0x1c, 0x35, 0xda,
0x9b, 0x6e, 0x05, 0xaf, 0x77, 0xea, 0x9c, 0x4a, 0xd4, 0x86, 0xfd, 0x1a};
CK_PRF_DATA_PARAM dataParams[] = {
{CK_SP800_108_BYTE_ARRAY, fixedData,
sizeof(fixedData) /
sizeof(*fixedData)},
{CK_SP800_108_ITERATION_VARIABLE, &iterator,
sizeof(iterator)}};
CK_KEY_TYPE ckGeneric = CKK_GENERIC_SECRET;
CK_OBJECT_CLASS ckClass = CKO_SECRET_KEY;
CK_ULONG derivedLength = 16;
CK_ATTRIBUTE derivedTemplate[] = {
{CKA_CLASS, &ckClass,
sizeof(ckClass)},
{CKA_KEY_TYPE, &ckGeneric,
sizeof(ckGeneric)},
{CKA_VALUE_LEN, &derivedLength,
sizeof(derivedLength)}};
CK_OBJECT_HANDLE keyHandle;
CK_DERIVED_KEY derivedKey = {
derivedTemplate,
sizeof(derivedTemplate) /
sizeof(*derivedTemplate),
&keyHandle};
CK_SP800_108_KDF_PARAMS kdfParams = {CKM_AES_CMAC,
sizeof(dataParams) /
sizeof(*dataParams),
dataParams, 1, &derivedKey};
RunKDF(CKM_SP800_108_COUNTER_KDF, &kdfParams, inputKey,
sizeof(inputKey) /
sizeof(*inputKey), expectedKey,
sizeof(expectedKey) /
sizeof(*expectedKey), expectedAdditional,
sizeof(expectedAdditional) /
sizeof(*expectedAdditional));
}
TEST_F(Pkcs11KbkdfTest, TestPRFs) {
// Table 161 of PKCS#11 v3.0 / Table 192 of PKCS#11 v3.1.
CK_SP800_108_PRF_TYPE allowedPRFs[] = {
CKM_SHA_1_HMAC,
CKM_SHA224_HMAC,
CKM_SHA256_HMAC,
CKM_SHA384_HMAC,
CKM_SHA512_HMAC,
CKM_SHA3_224_HMAC,
CKM_SHA3_256_HMAC,
CKM_SHA3_384_HMAC,
CKM_SHA3_512_HMAC,
/* CKM_DES3_CMAC, */
CKM_AES_CMAC,
};
CK_SP800_108_PRF_TYPE disallowedPRFs[] = {
CKM_MD2_HMAC,
CKM_MD5_HMAC,
CKM_RIPEMD128_HMAC,
CKM_RIPEMD160_HMAC,
};
CK_BYTE inputKey[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
CK_SP800_108_COUNTER_FORMAT iterator = {CK_FALSE, 8};
CK_BYTE fixedData[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
CK_PRF_DATA_PARAM dataParams[] = {
{CK_SP800_108_BYTE_ARRAY, fixedData,
sizeof(fixedData) /
sizeof(*fixedData)},
{CK_SP800_108_ITERATION_VARIABLE, &iterator,
sizeof(iterator)}};
CK_KEY_TYPE ckGeneric = CKK_GENERIC_SECRET;
CK_OBJECT_CLASS ckClass = CKO_SECRET_KEY;
CK_ULONG derivedLength = 16;
CK_ATTRIBUTE derivedTemplate[] = {
{CKA_CLASS, &ckClass,
sizeof(ckClass)},
{CKA_KEY_TYPE, &ckGeneric,
sizeof(ckGeneric)},
{CKA_VALUE_LEN, &derivedLength,
sizeof(derivedLength)}};
CK_OBJECT_HANDLE keyHandle;
CK_DERIVED_KEY derivedKey = {
derivedTemplate,
sizeof(derivedTemplate) /
sizeof(*derivedTemplate),
&keyHandle};
SECItem keyItem = {siBuffer, inputKey,
sizeof(inputKey) /
sizeof(*inputKey)};
for (CK_SP800_108_PRF_TYPE prfType : allowedPRFs) {
ScopedPK11SymKey p11Key = ImportKey(prfType, &keyItem);
CK_SP800_108_KDF_PARAMS kdfParams = {
prfType,
sizeof(dataParams) /
sizeof(*dataParams), dataParams, 1,
&derivedKey};
SECItem paramsItem = {siBuffer, (
unsigned char *)&kdfParams,
sizeof(kdfParams)};
ScopedPK11SymKey result(PK11_Derive(p11Key.get(), CKM_SP800_108_COUNTER_KDF,
¶msItem, CKM_SHA512_HMAC, CKA_SIGN,
derivedLength));
ASSERT_NE(result, nullptr);
ASSERT_EQ(PK11_ExtractKeyValue(result.get()), SECSuccess);
}
for (CK_SP800_108_PRF_TYPE prfType : disallowedPRFs) {
ScopedPK11SymKey p11Key = ImportKey(prfType, &keyItem);
CK_SP800_108_KDF_PARAMS kdfParams = {
prfType,
sizeof(dataParams) /
sizeof(*dataParams), dataParams, 1,
&derivedKey};
SECItem paramsItem = {siBuffer, (
unsigned char *)&kdfParams,
sizeof(kdfParams)};
ScopedPK11SymKey result(PK11_Derive(p11Key.get(), CKM_SP800_108_COUNTER_KDF,
¶msItem, CKM_SHA512_HMAC, CKA_SIGN,
derivedLength));
ASSERT_EQ(result, nullptr);
}
}
// Close the namespace
}
// namespace nss_test
