Home | History | Annotate | Download | only in crypto 
      1 // Copyright 2015 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "crypto/nss_key_util.h"
      6 
      7 #include <keyhi.h>
      8 #include <pk11pub.h>
      9 #include <stdint.h>
     10 
     11 #include <vector>
     12 
     13 #include "crypto/nss_util.h"
     14 #include "crypto/scoped_nss_types.h"
     15 #include "testing/gtest/include/gtest/gtest.h"
     16 
     17 namespace crypto {
     18 
     19 class NSSKeyUtilTest : public testing::Test {
     20  public:
     21   void SetUp() override {
     22     EnsureNSSInit();
     23 
     24     internal_slot_.reset(PK11_GetInternalSlot());
     25     ASSERT_TRUE(internal_slot_);
     26   }
     27 
     28   PK11SlotInfo* internal_slot() { return internal_slot_.get(); }
     29 
     30  private:
     31   ScopedPK11Slot internal_slot_;
     32 };
     33 
     34 TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) {
     35   const int kKeySizeBits = 1024;
     36 
     37   ScopedSECKEYPublicKey public_key;
     38   ScopedSECKEYPrivateKey private_key;
     39   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits,
     40                                     false /* not permanent */, &public_key,
     41                                     &private_key));
     42 
     43   EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get()));
     44   EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get()));
     45   EXPECT_EQ((kKeySizeBits + 7) / 8,
     46             PK11_GetPrivateModulusLen(private_key.get()));
     47 }
     48 
     49 #if defined(USE_NSS_CERTS)
     50 TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) {
     51   // Create an NSS keypair, which will put the keys in the user's NSSDB.
     52   ScopedSECKEYPublicKey public_key;
     53   ScopedSECKEYPrivateKey private_key;
     54   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
     55                                     false /* not permanent */, &public_key,
     56                                     &private_key));
     57 
     58   ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
     59   ASSERT_TRUE(item);
     60   std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
     61 
     62   ScopedSECKEYPrivateKey private_key2 =
     63       FindNSSKeyFromPublicKeyInfo(public_key_der);
     64   ASSERT_TRUE(private_key2);
     65   EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID);
     66 }
     67 
     68 TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) {
     69   // Create an NSS keypair, which will put the keys in the user's NSSDB.
     70   ScopedSECKEYPublicKey public_key;
     71   ScopedSECKEYPrivateKey private_key;
     72   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
     73                                     false /* not permanent */, &public_key,
     74                                     &private_key));
     75 
     76   ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
     77   ASSERT_TRUE(item);
     78   std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
     79 
     80   // Remove the keys from the DB, and make sure we can't find them again.
     81   PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID);
     82   PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID);
     83 
     84   EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der));
     85 }
     86 #endif  // defined(USE_NSS_CERTS)
     87 
     88 }  // namespace crypto
     89