• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifdef UNSAFE_BUFFERS_BUILD
6 // TODO(crbug.com/351564777): Remove this and convert code to safer constructs.
7 #pragma allow_unsafe_buffers
8 #endif
9 
10 #include "crypto/nss_key_util.h"
11 
12 #include <keyhi.h>
13 #include <pk11pub.h>
14 #include <stdint.h>
15 
16 #include <vector>
17 
18 #include "crypto/nss_util.h"
19 #include "crypto/scoped_nss_types.h"
20 #include "testing/gtest/include/gtest/gtest.h"
21 
22 namespace crypto {
23 
24 class NSSKeyUtilTest : public testing::Test {
25  public:
SetUp()26   void SetUp() override {
27     EnsureNSSInit();
28 
29     internal_slot_.reset(PK11_GetInternalSlot());
30     ASSERT_TRUE(internal_slot_);
31   }
32 
internal_slot()33   PK11SlotInfo* internal_slot() { return internal_slot_.get(); }
34 
35  private:
36   ScopedPK11Slot internal_slot_;
37 };
38 
TEST_F(NSSKeyUtilTest,GenerateRSAKeyPairNSS)39 TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) {
40   const int kKeySizeBits = 1024;
41 
42   ScopedSECKEYPublicKey public_key;
43   ScopedSECKEYPrivateKey private_key;
44   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits,
45                                     false /* not permanent */, &public_key,
46                                     &private_key));
47 
48   EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get()));
49   EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get()));
50   EXPECT_EQ((kKeySizeBits + 7) / 8,
51             PK11_GetPrivateModulusLen(private_key.get()));
52 }
53 
TEST_F(NSSKeyUtilTest,FindNSSKeyFromPublicKeyInfo)54 TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) {
55   // Create an NSS keypair, which will put the keys in the user's NSSDB.
56   ScopedSECKEYPublicKey public_key;
57   ScopedSECKEYPrivateKey private_key;
58   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
59                                     false /* not permanent */, &public_key,
60                                     &private_key));
61 
62   ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
63   ASSERT_TRUE(item);
64   std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
65 
66   ScopedSECKEYPrivateKey private_key2 =
67       FindNSSKeyFromPublicKeyInfo(public_key_der);
68   ASSERT_TRUE(private_key2);
69   EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID);
70 }
71 
TEST_F(NSSKeyUtilTest,FailedFindNSSKeyFromPublicKeyInfo)72 TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) {
73   // Create an NSS keypair, which will put the keys in the user's NSSDB.
74   ScopedSECKEYPublicKey public_key;
75   ScopedSECKEYPrivateKey private_key;
76   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
77                                     false /* not permanent */, &public_key,
78                                     &private_key));
79 
80   ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
81   ASSERT_TRUE(item);
82   std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
83 
84   // Remove the keys from the DB, and make sure we can't find them again.
85   PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID);
86   PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID);
87 
88   EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der));
89 }
90 
91 }  // namespace crypto
92