• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2024 The Chromium Authors
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "crypto/unexportable_key.h"
6
7#include "crypto/fake_apple_keychain_v2.h"
8#include "crypto/scoped_fake_apple_keychain_v2.h"
9#include "crypto/signature_verifier.h"
10#include "testing/gtest/include/gtest/gtest.h"
11
12namespace crypto {
13
14namespace {
15
16constexpr char kTestKeychainAccessGroup[] = "test-keychain-access-group";
17constexpr SignatureVerifier::SignatureAlgorithm kAcceptableAlgos[] = {
18    SignatureVerifier::ECDSA_SHA256};
19
20const UnexportableKeyProvider::Config config = {
21    .keychain_access_group = kTestKeychainAccessGroup,
22};
23
24// Tests behaviour that is unique to the macOS implementation of unexportable
25// keys.
26class UnexportableKeyMacTest : public testing::Test {
27 protected:
28  ScopedFakeAppleKeychainV2 scoped_fake_apple_keychain_{
29      kTestKeychainAccessGroup};
30};
31
32TEST_F(UnexportableKeyMacTest, SecureEnclaveAvailability) {
33  for (bool available : {true, false}) {
34    scoped_fake_apple_keychain_.keychain()->set_secure_enclave_available(
35        available);
36    EXPECT_EQ(GetUnexportableKeyProvider(config) != nullptr, available);
37  }
38}
39
40TEST_F(UnexportableKeyMacTest, DeleteSigningKey) {
41  std::unique_ptr<UnexportableKeyProvider> provider =
42      GetUnexportableKeyProvider(config);
43  std::unique_ptr<UnexportableSigningKey> key =
44      provider->GenerateSigningKeySlowly(kAcceptableAlgos);
45  ASSERT_TRUE(key);
46  ASSERT_TRUE(provider->FromWrappedSigningKeySlowly(key->GetWrappedKey()));
47  EXPECT_TRUE(provider->DeleteSigningKeySlowly(key->GetWrappedKey()));
48  EXPECT_FALSE(provider->FromWrappedSigningKeySlowly(key->GetWrappedKey()));
49  EXPECT_TRUE(scoped_fake_apple_keychain_.keychain()->items().empty());
50}
51
52TEST_F(UnexportableKeyMacTest, DeleteUnknownSigningKey) {
53  std::unique_ptr<UnexportableKeyProvider> provider =
54      GetUnexportableKeyProvider(config);
55  EXPECT_FALSE(provider->DeleteSigningKeySlowly(std::vector<uint8_t>{1, 2, 3}));
56}
57
58TEST_F(UnexportableKeyMacTest, GetSecKeyRef) {
59  auto provider = GetUnexportableKeyProvider(config);
60  ASSERT_TRUE(provider);
61  auto key = provider->GenerateSigningKeySlowly(kAcceptableAlgos);
62  ASSERT_TRUE(key);
63  EXPECT_TRUE(key->GetSecKeyRef());
64}
65
66}  // namespace
67
68}  // namespace crypto
69