Issue #1693 - Update NSS to 3.59.1.1

This updates to MoonchildProductions/NSS@bd49b2b88 in the repo created for our
consumption of the library.

1 files changed, 61 insertions, 10 deletions

diff --git a/security/nss/gtests/pk11_gtest/pk11_cbc_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_cbc_unittest.cc
index 1e4aa2faf2..7f950422f2 100644
--- a/security/nss/gtests/pk11_gtest/pk11_cbc_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_cbc_unittest.cc
@@ -1,4 +1,5 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
@@ -8,8 +9,10 @@
 #include "pk11pub.h"
 #include "secerr.h"
 
-#include "nss_scoped_ptrs.h"
 #include "gtest/gtest.h"
+#include "nss_scoped_ptrs.h"
+#include "testvectors/cbc-vectors.h"
+#include "util.h"
 
 namespace nss_test {
 
@@ -253,8 +256,8 @@ TEST_F(Pkcs11CbcPadTest, FailEncryptShortParam) {
   unsigned int encrypted_len = 0;
   size_t input_len = AES_BLOCK_SIZE;
 
-  // CK_GCM_PARAMS is the largest param struct used across AES modes
-  uint8_t param_buf[sizeof(CK_GCM_PARAMS)];
+  // CK_NSS_GCM_PARAMS is the largest param struct used across AES modes
+  uint8_t param_buf[sizeof(CK_NSS_GCM_PARAMS)];
   SECItem param = {siBuffer, param_buf, sizeof(param_buf)};
   SECItem key_item = {siBuffer, const_cast<uint8_t*>(kKeyData), 16};
 
@@ -278,18 +281,18 @@ TEST_F(Pkcs11CbcPadTest, FailEncryptShortParam) {
                     sizeof(encrypted), kInput, input_len);
   EXPECT_EQ(SECSuccess, rv);
 
-  // GCM should have a CK_GCM_PARAMS
-  param.len = sizeof(CK_GCM_PARAMS) - 1;
+  // GCM should have a CK_NSS_GCM_PARAMS
+  param.len = sizeof(CK_NSS_GCM_PARAMS) - 1;
   rv = PK11_Encrypt(key.get(), CKM_AES_GCM, &param, encrypted, &encrypted_len,
                     sizeof(encrypted), kInput, input_len);
   EXPECT_EQ(SECFailure, rv);
 
   param.len++;
-  reinterpret_cast<CK_GCM_PARAMS*>(param.data)->pIv = param_buf;
-  reinterpret_cast<CK_GCM_PARAMS*>(param.data)->ulIvLen = 12;
-  reinterpret_cast<CK_GCM_PARAMS*>(param.data)->pAAD = nullptr;
-  reinterpret_cast<CK_GCM_PARAMS*>(param.data)->ulAADLen = 0;
-  reinterpret_cast<CK_GCM_PARAMS*>(param.data)->ulTagBits = 128;
+  reinterpret_cast<CK_NSS_GCM_PARAMS*>(param.data)->pIv = param_buf;
+  reinterpret_cast<CK_NSS_GCM_PARAMS*>(param.data)->ulIvLen = 12;
+  reinterpret_cast<CK_NSS_GCM_PARAMS*>(param.data)->pAAD = nullptr;
+  reinterpret_cast<CK_NSS_GCM_PARAMS*>(param.data)->ulAADLen = 0;
+  reinterpret_cast<CK_NSS_GCM_PARAMS*>(param.data)->ulTagBits = 128;
   rv = PK11_Encrypt(key.get(), CKM_AES_GCM, &param, encrypted, &encrypted_len,
                     sizeof(encrypted), kInput, input_len);
   EXPECT_EQ(SECSuccess, rv);
@@ -554,4 +557,52 @@ INSTANTIATE_TEST_CASE_P(EncryptDecrypt, Pkcs11CbcPadTest,
                         ::testing::Values(CKM_AES_CBC_PAD, CKM_AES_CBC,
                                           CKM_DES3_CBC_PAD, CKM_DES3_CBC));
 
+class Pkcs11AesCbcWycheproofTest
+    : public ::testing::TestWithParam<AesCbcTestVector> {
+ protected:
+  void RunTest(const AesCbcTestVector vec) {
+    bool valid = vec.valid;
+    std::string err = "Test #" + std::to_string(vec.id) + " failed";
+    std::vector<uint8_t> key = hex_string_to_bytes(vec.key);
+    std::vector<uint8_t> iv = hex_string_to_bytes(vec.iv);
+    std::vector<uint8_t> ciphertext = hex_string_to_bytes(vec.ciphertext);
+    std::vector<uint8_t> msg = hex_string_to_bytes(vec.msg);
+    std::vector<uint8_t> decrypted(vec.ciphertext.size());
+    unsigned int decrypted_len = 0;
+
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    ASSERT_NE(nullptr, slot);
+
+    // Don't provide a null pointer, even if the length is 0. We don't want to
+    // fail on trivial checks.
+    uint8_t tmp;
+    SECItem iv_item = {siBuffer, iv.data() ? iv.data() : &tmp,
+                       static_cast<unsigned int>(iv.size())};
+    SECItem key_item = {siBuffer, key.data() ? key.data() : &tmp,
+                        static_cast<unsigned int>(key.size())};
+
+    PK11SymKey* pKey = PK11_ImportSymKey(slot.get(), kMech, PK11_OriginUnwrap,
+                                         CKA_ENCRYPT, &key_item, nullptr);
+    ASSERT_NE(nullptr, pKey);
+    ScopedPK11SymKey spKey = ScopedPK11SymKey(pKey);
+
+    SECStatus rv = PK11_Decrypt(spKey.get(), kMech, &iv_item, decrypted.data(),
+                                &decrypted_len, decrypted.size(),
+                                ciphertext.data(), ciphertext.size());
+
+    ASSERT_EQ(valid ? SECSuccess : SECFailure, rv) << err;
+    if (valid) {
+      EXPECT_EQ(msg.size(), static_cast<size_t>(decrypted_len)) << err;
+      EXPECT_EQ(0, memcmp(msg.data(), decrypted.data(), decrypted_len)) << err;
+    }
+  }
+
+  const CK_MECHANISM_TYPE kMech = CKM_AES_CBC_PAD;
+};
+
+TEST_P(Pkcs11AesCbcWycheproofTest, TestVectors) { RunTest(GetParam()); }
+
+INSTANTIATE_TEST_CASE_P(WycheproofTestVector, Pkcs11AesCbcWycheproofTest,
+                        ::testing::ValuesIn(kCbcWycheproofVectors));
+
 }  // namespace nss_test