1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/nss_key_util.h"
6
7 #include <keyhi.h>
8 #include <pk11pub.h>
9 #include <stdint.h>
10
11 #include <vector>
12
13 #include "crypto/nss_util.h"
14 #include "crypto/scoped_nss_types.h"
15 #include "testing/gtest/include/gtest/gtest.h"
16
17 namespace crypto {
18
19 class NSSKeyUtilTest : public testing::Test {
20 public:
SetUp()21 void SetUp() override {
22 EnsureNSSInit();
23
24 internal_slot_.reset(PK11_GetInternalSlot());
25 ASSERT_TRUE(internal_slot_);
26 }
27
internal_slot()28 PK11SlotInfo* internal_slot() { return internal_slot_.get(); }
29
30 private:
31 ScopedPK11Slot internal_slot_;
32 };
33
TEST_F(NSSKeyUtilTest,GenerateRSAKeyPairNSS)34 TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) {
35 const int kKeySizeBits = 1024;
36
37 ScopedSECKEYPublicKey public_key;
38 ScopedSECKEYPrivateKey private_key;
39 ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits,
40 false /* not permanent */, &public_key,
41 &private_key));
42
43 EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get()));
44 EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get()));
45 EXPECT_EQ((kKeySizeBits + 7) / 8,
46 PK11_GetPrivateModulusLen(private_key.get()));
47 }
48
49 #if defined(USE_NSS_CERTS)
TEST_F(NSSKeyUtilTest,FindNSSKeyFromPublicKeyInfo)50 TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) {
51 // Create an NSS keypair, which will put the keys in the user's NSSDB.
52 ScopedSECKEYPublicKey public_key;
53 ScopedSECKEYPrivateKey private_key;
54 ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
55 false /* not permanent */, &public_key,
56 &private_key));
57
58 ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
59 ASSERT_TRUE(item);
60 std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
61
62 ScopedSECKEYPrivateKey private_key2 =
63 FindNSSKeyFromPublicKeyInfo(public_key_der);
64 ASSERT_TRUE(private_key2);
65 EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID);
66 }
67
TEST_F(NSSKeyUtilTest,FailedFindNSSKeyFromPublicKeyInfo)68 TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) {
69 // Create an NSS keypair, which will put the keys in the user's NSSDB.
70 ScopedSECKEYPublicKey public_key;
71 ScopedSECKEYPrivateKey private_key;
72 ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
73 false /* not permanent */, &public_key,
74 &private_key));
75
76 ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
77 ASSERT_TRUE(item);
78 std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
79
80 // Remove the keys from the DB, and make sure we can't find them again.
81 PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID);
82 PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID);
83
84 EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der));
85 }
86 #endif // defined(USE_NSS_CERTS)
87
88 } // namespace crypto
89