Home | History | Annotate | Download | only in crypto 
      1 // Copyright 2015 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "crypto/nss_key_util.h"
      6 
      7 #include <keyhi.h>
      8 #include <pk11pub.h>
      9 #include <stdint.h>
     10 
     11 #include <vector>
     12 
     13 #include "crypto/nss_util.h"
     14 #include "crypto/scoped_nss_types.h"
     15 #include "testing/gtest/include/gtest/gtest.h"
     16 
     17 namespace crypto {
     18 
     19 class NSSKeyUtilTest : public testing::Test {
     20  public:
     21   void SetUp() override {
     22     EnsureNSSInit();
     23 
     24     internal_slot_.reset(PK11_GetInternalSlot());
     25     ASSERT_TRUE(internal_slot_);
     26   }
     27 
     28   PK11SlotInfo* internal_slot() { return internal_slot_.get(); }
     29 
     30  private:
     31   ScopedPK11Slot internal_slot_;
     32 };
     33 
     34 TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) {
     35   const int kKeySizeBits = 1024;
     36 
     37   ScopedSECKEYPublicKey public_key;
     38   ScopedSECKEYPrivateKey private_key;
     39   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits,
     40                                     false /* not permanent */, &public_key,
     41                                     &private_key));
     42 
     43   EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get()));
     44   EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get()));
     45   EXPECT_EQ((kKeySizeBits + 7) / 8,
     46             PK11_GetPrivateModulusLen(private_key.get()));
     47 }
     48 
     49 TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) {
     50   // Create an NSS keypair, which will put the keys in the user's NSSDB.
     51   ScopedSECKEYPublicKey public_key;
     52   ScopedSECKEYPrivateKey private_key;
     53   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
     54                                     false /* not permanent */, &public_key,
     55                                     &private_key));
     56 
     57   ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
     58   ASSERT_TRUE(item);
     59   std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
     60 
     61   ScopedSECKEYPrivateKey private_key2 =
     62       FindNSSKeyFromPublicKeyInfo(public_key_der);
     63   ASSERT_TRUE(private_key2);
     64   EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID);
     65 }
     66 
     67 TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) {
     68   // Create an NSS keypair, which will put the keys in the user's NSSDB.
     69   ScopedSECKEYPublicKey public_key;
     70   ScopedSECKEYPrivateKey private_key;
     71   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
     72                                     false /* not permanent */, &public_key,
     73                                     &private_key));
     74 
     75   ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
     76   ASSERT_TRUE(item);
     77   std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
     78 
     79   // Remove the keys from the DB, and make sure we can't find them again.
     80   PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID);
     81   PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID);
     82 
     83   EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der));
     84 }
     85 
     86 }  // namespace crypto
     87