| // Copyright 2015 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifdef UNSAFE_BUFFERS_BUILD |
| // TODO(crbug.com/351564777): Remove this and convert code to safer constructs. |
| #pragma allow_unsafe_buffers |
| #endif |
| |
| #include"crypto/nss_key_util.h" |
| |
| #include<keyhi.h> |
| #include<pk11pub.h> |
| #include<stdint.h> |
| |
| #include<vector> |
| |
| #include"crypto/nss_util.h" |
| #include"crypto/scoped_nss_types.h" |
| #include"testing/gtest/include/gtest/gtest.h" |
| |
| namespace crypto{ |
| |
| classNSSKeyUtilTest:public testing::Test{ |
| public: |
| voidSetUp() override{ |
| EnsureNSSInit(); |
| |
| internal_slot_.reset(PK11_GetInternalSlot()); |
| ASSERT_TRUE(internal_slot_); |
| } |
| |
| PK11SlotInfo* internal_slot(){return internal_slot_.get();} |
| |
| private: |
| ScopedPK11Slot internal_slot_; |
| }; |
| |
| TEST_F(NSSKeyUtilTest,GenerateRSAKeyPairNSS){ |
| constint kKeySizeBits=1024; |
| |
| ScopedSECKEYPublicKey public_key; |
| ScopedSECKEYPrivateKey private_key; |
| ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits, |
| false/* not permanent */,&public_key, |
| &private_key)); |
| |
| EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get())); |
| EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get())); |
| EXPECT_EQ((kKeySizeBits+7)/8, |
| PK11_GetPrivateModulusLen(private_key.get())); |
| } |
| |
| TEST_F(NSSKeyUtilTest,FindNSSKeyFromPublicKeyInfo){ |
| // Create an NSS keypair, which will put the keys in the user's NSSDB. |
| ScopedSECKEYPublicKey public_key; |
| ScopedSECKEYPrivateKey private_key; |
| ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(),512, |
| false/* not permanent */,&public_key, |
| &private_key)); |
| |
| ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get())); |
| ASSERT_TRUE(item); |
| std::vector<uint8_t> public_key_der(item->data, item->data+ item->len); |
| |
| ScopedSECKEYPrivateKey private_key2= |
| FindNSSKeyFromPublicKeyInfo(public_key_der); |
| ASSERT_TRUE(private_key2); |
| EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID); |
| } |
| |
| TEST_F(NSSKeyUtilTest,FailedFindNSSKeyFromPublicKeyInfo){ |
| // Create an NSS keypair, which will put the keys in the user's NSSDB. |
| ScopedSECKEYPublicKey public_key; |
| ScopedSECKEYPrivateKey private_key; |
| ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(),512, |
| false/* not permanent */,&public_key, |
| &private_key)); |
| |
| ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get())); |
| ASSERT_TRUE(item); |
| std::vector<uint8_t> public_key_der(item->data, item->data+ item->len); |
| |
| // Remove the keys from the DB, and make sure we can't find them again. |
| PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID); |
| PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID); |
| |
| EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der)); |
| } |
| |
| }// namespace crypto |
