You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
87 lines
2.9 KiB
87 lines
2.9 KiB
// Copyright 2015 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "crypto/nss_key_util.h"
|
|
|
|
#include <keyhi.h>
|
|
#include <pk11pub.h>
|
|
#include <stdint.h>
|
|
|
|
#include <vector>
|
|
|
|
#include "crypto/nss_util.h"
|
|
#include "crypto/scoped_nss_types.h"
|
|
#include "testing/gtest/include/gtest/gtest.h"
|
|
|
|
namespace crypto {
|
|
|
|
class NSSKeyUtilTest : public testing::Test {
|
|
public:
|
|
void SetUp() override {
|
|
EnsureNSSInit();
|
|
|
|
internal_slot_.reset(PK11_GetInternalSlot());
|
|
ASSERT_TRUE(internal_slot_);
|
|
}
|
|
|
|
PK11SlotInfo* internal_slot() { return internal_slot_.get(); }
|
|
|
|
private:
|
|
ScopedPK11Slot internal_slot_;
|
|
};
|
|
|
|
TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) {
|
|
const int kKeySizeBits = 1024;
|
|
|
|
ScopedSECKEYPublicKey public_key;
|
|
ScopedSECKEYPrivateKey private_key;
|
|
ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits,
|
|
false /* not permanent */, &public_key,
|
|
&private_key));
|
|
|
|
EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get()));
|
|
EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get()));
|
|
EXPECT_EQ((kKeySizeBits + 7) / 8,
|
|
PK11_GetPrivateModulusLen(private_key.get()));
|
|
}
|
|
|
|
TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) {
|
|
// Create an NSS keypair, which will put the keys in the user's NSSDB.
|
|
ScopedSECKEYPublicKey public_key;
|
|
ScopedSECKEYPrivateKey private_key;
|
|
ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
|
|
false /* not permanent */, &public_key,
|
|
&private_key));
|
|
|
|
ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
|
|
ASSERT_TRUE(item);
|
|
std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
|
|
|
|
ScopedSECKEYPrivateKey private_key2 =
|
|
FindNSSKeyFromPublicKeyInfo(public_key_der);
|
|
ASSERT_TRUE(private_key2);
|
|
EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID);
|
|
}
|
|
|
|
TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) {
|
|
// Create an NSS keypair, which will put the keys in the user's NSSDB.
|
|
ScopedSECKEYPublicKey public_key;
|
|
ScopedSECKEYPrivateKey private_key;
|
|
ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
|
|
false /* not permanent */, &public_key,
|
|
&private_key));
|
|
|
|
ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
|
|
ASSERT_TRUE(item);
|
|
std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
|
|
|
|
// Remove the keys from the DB, and make sure we can't find them again.
|
|
PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID);
|
|
PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID);
|
|
|
|
EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der));
|
|
}
|
|
|
|
} // namespace crypto
|