1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifdef UNSAFE_BUFFERS_BUILD
6 // TODO(crbug.com/351564777): Remove this and convert code to safer constructs.
7 #pragma allow_unsafe_buffers
8 #endif
9
10 #include "crypto/nss_key_util.h"
11
12 #include <keyhi.h>
13 #include <pk11pub.h>
14 #include <stdint.h>
15
16 #include <vector>
17
18 #include "crypto/nss_util.h"
19 #include "crypto/scoped_nss_types.h"
20 #include "testing/gtest/include/gtest/gtest.h"
21
22 namespace crypto {
23
24 class NSSKeyUtilTest : public testing::Test {
25 public:
SetUp()26 void SetUp() override {
27 EnsureNSSInit();
28
29 internal_slot_.reset(PK11_GetInternalSlot());
30 ASSERT_TRUE(internal_slot_);
31 }
32
internal_slot()33 PK11SlotInfo* internal_slot() { return internal_slot_.get(); }
34
35 private:
36 ScopedPK11Slot internal_slot_;
37 };
38
TEST_F(NSSKeyUtilTest,GenerateRSAKeyPairNSS)39 TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) {
40 const int kKeySizeBits = 1024;
41
42 ScopedSECKEYPublicKey public_key;
43 ScopedSECKEYPrivateKey private_key;
44 ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits,
45 false /* not permanent */, &public_key,
46 &private_key));
47
48 EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get()));
49 EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get()));
50 EXPECT_EQ((kKeySizeBits + 7) / 8,
51 PK11_GetPrivateModulusLen(private_key.get()));
52 }
53
TEST_F(NSSKeyUtilTest,FindNSSKeyFromPublicKeyInfo)54 TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) {
55 // Create an NSS keypair, which will put the keys in the user's NSSDB.
56 ScopedSECKEYPublicKey public_key;
57 ScopedSECKEYPrivateKey private_key;
58 ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
59 false /* not permanent */, &public_key,
60 &private_key));
61
62 ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
63 ASSERT_TRUE(item);
64 std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
65
66 ScopedSECKEYPrivateKey private_key2 =
67 FindNSSKeyFromPublicKeyInfo(public_key_der);
68 ASSERT_TRUE(private_key2);
69 EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID);
70 }
71
TEST_F(NSSKeyUtilTest,FailedFindNSSKeyFromPublicKeyInfo)72 TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) {
73 // Create an NSS keypair, which will put the keys in the user's NSSDB.
74 ScopedSECKEYPublicKey public_key;
75 ScopedSECKEYPrivateKey private_key;
76 ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
77 false /* not permanent */, &public_key,
78 &private_key));
79
80 ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
81 ASSERT_TRUE(item);
82 std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
83
84 // Remove the keys from the DB, and make sure we can't find them again.
85 PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID);
86 PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID);
87
88 EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der));
89 }
90
91 } // namespace crypto
92