diff -up ./gtests/freebl_gtest/rsa_unittest.cc.oldsoft ./gtests/freebl_gtest/rsa_unittest.cc
--- ./gtests/freebl_gtest/rsa_unittest.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000
+++ ./gtests/freebl_gtest/rsa_unittest.cc 2021-06-11 19:06:57.778552974 +0000
@@ -9,6 +9,7 @@
#include "blapi.h"
#include "secitem.h"
+#include "prenv.h"
template <class T>
struct ScopedDelete {
@@ -76,6 +77,13 @@ TEST_F(RSATest, DecryptBlockTestErrors)
in_small, sizeof(in_small));
EXPECT_EQ(SECFailure, rv);
+ char *env = PR_GetEnvSecure("NSS_OLD_SOFTOKEN");
+ if (env) {
+ std::cerr << "Skipping RSA blapi DecryptBlockTestErrors because of"
+ << " semantic differences between old and new softoken."
+ << std::endl;
+ }
+
uint8_t in[256] = {0};
// This should fail because the padding checks will fail,
// however, mitigations for Bleichenbacher attacks transform failures
diff -up ./gtests/pk11_gtest/pk11_ike_unittest.cc.oldsoft ./gtests/pk11_gtest/pk11_ike_unittest.cc
--- ./gtests/pk11_gtest/pk11_ike_unittest.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000
+++ ./gtests/pk11_gtest/pk11_ike_unittest.cc 2021-06-11 19:41:20.381137781 +0000
@@ -12,8 +12,10 @@
#include "pk11pub.h"
#include "secerr.h"
#include "sechash.h"
+#include "hasht.h"
#include "util.h"
#include "databuffer.h"
+#include "prenv.h"
#include "testvectors/ike-sha1-vectors.h"
#include "testvectors/ike-sha256-vectors.h"
@@ -23,6 +25,24 @@
namespace nss_test {
+unsigned mech_to_size(CK_MECHANISM_TYPE mech) {
+ switch (mech) {
+ case CKM_SHA_1_HMAC:
+ return SHA1_LENGTH;
+ case CKM_SHA256_HMAC:
+ return SHA256_LENGTH;
+ case CKM_SHA384_HMAC:
+ return SHA384_LENGTH;
+ case CKM_SHA512_HMAC:
+ return SHA512_LENGTH;
+ case CKM_AES_XCBC_MAC:
+ return AES_BLOCK_SIZE;
+ default:
+ break;
+ }
+ return 0;
+}
+
class Pkcs11IkeTest : public ::testing::TestWithParam<
std::tuple<IkeTestVector, CK_MECHANISM_TYPE>> {
protected:
@@ -59,6 +79,7 @@ class Pkcs11IkeTest : public ::testing::
ScopedPK11SymKey gxy_key = nullptr;
ScopedPK11SymKey prev_key = nullptr;
ScopedPK11SymKey ikm = ImportKey(ikm_item);
+ unsigned hashsize = mech_to_size(prf_mech);
// IKE_PRF structure (used in cases 1, 2 and 3)
CK_NSS_IKE_PRF_DERIVE_PARAMS nss_ike_prf_params = {
@@ -148,6 +169,14 @@ class Pkcs11IkeTest : public ::testing::
ScopedPK11SymKey okm = ScopedPK11SymKey(
PK11_Derive(ikm.get(), derive_mech, ¶ms_item,
CKM_GENERIC_SECRET_KEY_GEN, CKA_DERIVE, vec.size));
+ char *env = PR_GetEnvSecure("NSS_OLD_SOFTOKEN");
+ if (env && (derive_mech == CKM_NSS_IKE1_APP_B_PRF_DERIVE) &&
+ (vec.size <= hashsize)) {
+ std::cerr << "Skipping Test #" << std::to_string(vec.id)
+ << ". Old tokens process APP B Prf for small keys incorrectly"
+ << std::endl;
+ return;
+ }
if (vec.valid) {
ASSERT_NE(nullptr, okm.get()) << msg;
ASSERT_EQ(SECSuccess, PK11_ExtractKeyValue(okm.get())) << msg;
diff -up ./gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc.oldsoft ./gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc
--- ./gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000
+++ ./gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc 2021-06-11 19:06:57.779552981 +0000
@@ -14,6 +14,7 @@
#include "nss_scoped_ptrs.h"
#include "pk11pub.h"
#include "databuffer.h"
+#include "prenv.h"
#include "testvectors/rsa_pkcs1_2048_test-vectors.h"
#include "testvectors/rsa_pkcs1_3072_test-vectors.h"
@@ -45,6 +46,14 @@ class RsaDecryptWycheproofTest
rv = PK11_PrivDecryptPKCS1(priv_key.get(), decrypted.data(), &decrypted_len,
decrypted.size(), vec.ct.data(), vec.ct.size());
+ // semantics changed since the old softken
+ char *env = PR_GetEnvSecure("NSS_OLD_SOFTOKEN");
+ if (env && vec.valid && (rv == SECFailure)) {
+ std::cerr << "Skipping Decrypt test. Old softoken failed on bad data,"
+ << "New softoken generates fake data" << std::endl;
+ return;
+ }
+
if (vec.valid) {
EXPECT_EQ(SECSuccess, rv);
decrypted.resize(decrypted_len);
diff -up ./gtests/pk11_gtest/pk11_rsaoaep_unittest.cc.oldsoft ./gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
--- ./gtests/pk11_gtest/pk11_rsaoaep_unittest.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000
+++ ./gtests/pk11_gtest/pk11_rsaoaep_unittest.cc 2021-06-11 19:06:57.780552988 +0000
@@ -13,6 +13,7 @@
#include "nss.h"
#include "nss_scoped_ptrs.h"
#include "pk11pub.h"
+#include "prenv.h"
#include "testvectors/rsa_oaep_2048_sha1_mgf1sha1-vectors.h"
#include "testvectors/rsa_oaep_2048_sha256_mgf1sha1-vectors.h"
@@ -161,6 +162,12 @@ TEST(Pkcs11RsaOaepTest, TestOaepWrapUnwr
rv = PK11_ExtractKeyValue(to_wrap.get());
ASSERT_EQ(rv, SECSuccess);
+ char *env=PR_GetEnvSecure("NSS_OLD_SOFTOKEN");
+ if (env) {
+ std::cerr << "Skipping OAEP test, not supported in old softoken\n";
+ return;
+ }
+
// References owned by PKCS#11 layer; no need to scope and free.
SECItem* expectedItem = PK11_GetKeyData(to_wrap.get());
diff -up ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc.oldsoft ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc
--- ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000
+++ ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc 2021-06-11 19:06:57.781552995 +0000
@@ -16,6 +16,7 @@
#include "secerr.h"
#include "sechash.h"
#include "pk11_signature_test.h"
+#include "prenv.h"
#include "testvectors/rsa_signature_2048_sha224-vectors.h"
#include "testvectors/rsa_signature_2048_sha256-vectors.h"
@@ -175,6 +176,13 @@ TEST(RsaPkcs1Test, Pkcs1MinimumPadding)
SECItem hash_item = {siBuffer, toUcharPtr(hash.data()),
static_cast<unsigned int>(hash.len())};
SECItem sig_item = {siBuffer, toUcharPtr(sig.data()), sig_len};
+
+ char *env=PR_GetEnvSecure("NSS_OLD_SOFTOKEN");
+ if (env) {
+ std::cerr << "Skipping pkcs1 padding test, not supported in old softoken\n";
+ return;
+ }
+
rv = VFY_VerifyDigestDirect(&hash_item, short_pub.get(), &sig_item,
SEC_OID_PKCS1_RSA_ENCRYPTION, SEC_OID_SHA512,
nullptr);
diff -up ./gtests/pk11_gtest/pk11_signature_test.cc.oldsoft ./gtests/pk11_gtest/pk11_signature_test.cc
--- ./gtests/pk11_gtest/pk11_signature_test.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000
+++ ./gtests/pk11_gtest/pk11_signature_test.cc 2021-06-11 19:06:57.781552995 +0000
@@ -4,6 +4,7 @@
#include <memory>
#include "nss.h"
+#include "prenv.h"
#include "pk11pub.h"
#include "sechash.h"
#include "prerror.h"
@@ -77,6 +78,25 @@ bool Pk11SignatureTest::SignData(ScopedS
EXPECT_LT(0, (int)sigLen);
sig->Allocate(static_cast<size_t>(sigLen));
+ char *env=PR_GetEnvSecure("NSS_OLD_SOFTOKEN");
+ if (env != NULL) {
+ std::cerr << "Skipping combo mechanism 0x" << std::hex << combo_
+ << ", no token support.\n";
+ DataBuffer hash;
+ if (!ComputeHash(data, &hash)) {
+ ADD_FAILURE() << "Failed to compute hash";
+ return false;
+ }
+ if (!SignHashedData(privKey, hash, sig)) {
+ ADD_FAILURE() << "Failed to sign hashed data";
+ return false;
+ }
+
+ return true;
+ } else {
+ std::cerr << "PR_GetEnvSecure(\"NSS_OLD_SOFTOKEN\") return null!!!\n";
+ }
+
// test the hash and verify interface */
PK11Context* context = PK11_CreateContextByPrivKey(
combo_, CKA_SIGN, privKey.get(), parameters());
@@ -160,6 +180,17 @@ void Pk11SignatureTest::Verify(const Pkc
EXPECT_EQ(rv, valid ? SECSuccess : SECFailure);
}
+ /* old softokens don't understand all the new combo mechanism. */
+ /* skip it */
+ char *env=PR_GetEnvSecure("NSS_OLD_SOFTOKEN");
+ if (env != NULL) {
+ std::cerr << "Skipping combo mechanism 0x" << std::hex << combo_
+ << ", no token support.\n";
+ return;
+ } else {
+ std::cerr << "PR_GetEnvSecure(\"NSS_OLD_SOFTOKEN\") return null!!!\n";
+ }
+
// test the hash and verify interface */
PK11Context* context = PK11_CreateContextByPubKey(
combo_, CKA_VERIFY, pubKey.get(), parameters(), NULL);