| // Copyright 2015 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "crypto/nss_key_util.h" |
| |
| #include <keyhi.h> |
| #include <pk11pub.h> |
| #include <stdint.h> |
| |
| #include <vector> |
| |
| #include "crypto/nss_util.h" |
| #include "crypto/scoped_nss_types.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| namespace crypto { |
| |
| class NSSKeyUtilTest : public testing::Test { |
| public: |
| void SetUp() override { |
| EnsureNSSInit(); |
| |
| internal_slot_.reset(PK11_GetInternalSlot()); |
| ASSERT_TRUE(internal_slot_); |
| } |
| |
| PK11SlotInfo* internal_slot() { return internal_slot_.get(); } |
| |
| private: |
| ScopedPK11Slot internal_slot_; |
| }; |
| |
| TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) { |
| const int kKeySizeBits = 1024; |
| |
| ScopedSECKEYPublicKey public_key; |
| ScopedSECKEYPrivateKey private_key; |
| ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits, |
| false /* not permanent */, &public_key, |
| &private_key)); |
| |
| EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get())); |
| EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get())); |
| EXPECT_EQ((kKeySizeBits + 7) / 8, |
| PK11_GetPrivateModulusLen(private_key.get())); |
| } |
| |
| TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) { |
| // Create an NSS keypair, which will put the keys in the user's NSSDB. |
| ScopedSECKEYPublicKey public_key; |
| ScopedSECKEYPrivateKey private_key; |
| ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512, |
| false /* not permanent */, &public_key, |
| &private_key)); |
| |
| ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get())); |
| ASSERT_TRUE(item); |
| std::vector<uint8_t> public_key_der(item->data, item->data + item->len); |
| |
| ScopedSECKEYPrivateKey private_key2 = |
| FindNSSKeyFromPublicKeyInfo(public_key_der); |
| ASSERT_TRUE(private_key2); |
| EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID); |
| } |
| |
| TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) { |
| // Create an NSS keypair, which will put the keys in the user's NSSDB. |
| ScopedSECKEYPublicKey public_key; |
| ScopedSECKEYPrivateKey private_key; |
| ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512, |
| false /* not permanent */, &public_key, |
| &private_key)); |
| |
| ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get())); |
| ASSERT_TRUE(item); |
| std::vector<uint8_t> public_key_der(item->data, item->data + item->len); |
| |
| // Remove the keys from the DB, and make sure we can't find them again. |
| PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID); |
| PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID); |
| |
| EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der)); |
| } |
| |
| } // namespace crypto |