1 // Copyright 2015 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "crypto/nss_key_util.h" 6 7 #include <keyhi.h> 8 #include <pk11pub.h> 9 #include <stdint.h> 10 11 #include <vector> 12 13 #include "crypto/nss_util.h" 14 #include "crypto/scoped_nss_types.h" 15 #include "testing/gtest/include/gtest/gtest.h" 16 17 namespace crypto { 18 19 class NSSKeyUtilTest : public testing::Test { 20 public: 21 void SetUp() override { 22 EnsureNSSInit(); 23 24 internal_slot_.reset(PK11_GetInternalSlot()); 25 ASSERT_TRUE(internal_slot_); 26 } 27 28 PK11SlotInfo* internal_slot() { return internal_slot_.get(); } 29 30 private: 31 ScopedPK11Slot internal_slot_; 32 }; 33 34 TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) { 35 const int kKeySizeBits = 1024; 36 37 ScopedSECKEYPublicKey public_key; 38 ScopedSECKEYPrivateKey private_key; 39 ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits, 40 false /* not permanent */, &public_key, 41 &private_key)); 42 43 EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get())); 44 EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get())); 45 EXPECT_EQ((kKeySizeBits + 7) / 8, 46 PK11_GetPrivateModulusLen(private_key.get())); 47 } 48 49 #if defined(USE_NSS_CERTS) 50 TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) { 51 // Create an NSS keypair, which will put the keys in the user's NSSDB. 52 ScopedSECKEYPublicKey public_key; 53 ScopedSECKEYPrivateKey private_key; 54 ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512, 55 false /* not permanent */, &public_key, 56 &private_key)); 57 58 ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get())); 59 ASSERT_TRUE(item); 60 std::vector<uint8_t> public_key_der(item->data, item->data + item->len); 61 62 ScopedSECKEYPrivateKey private_key2 = 63 FindNSSKeyFromPublicKeyInfo(public_key_der); 64 ASSERT_TRUE(private_key2); 65 EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID); 66 } 67 68 TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) { 69 // Create an NSS keypair, which will put the keys in the user's NSSDB. 70 ScopedSECKEYPublicKey public_key; 71 ScopedSECKEYPrivateKey private_key; 72 ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512, 73 false /* not permanent */, &public_key, 74 &private_key)); 75 76 ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get())); 77 ASSERT_TRUE(item); 78 std::vector<uint8_t> public_key_der(item->data, item->data + item->len); 79 80 // Remove the keys from the DB, and make sure we can't find them again. 81 PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID); 82 PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID); 83 84 EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der)); 85 } 86 #endif // defined(USE_NSS_CERTS) 87 88 } // namespace crypto 89