File: nss_key_util_unittest.cc

package info (click to toggle)
chromium 138.0.7204.183-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,908 kB
  • sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (91 lines) | stat: -rw-r--r-- 3,046 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/351564777): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif

#include "crypto/nss_key_util.h"

#include <keyhi.h>
#include <pk11pub.h>
#include <stdint.h>

#include <vector>

#include "crypto/nss_util.h"
#include "crypto/scoped_nss_types.h"
#include "testing/gtest/include/gtest/gtest.h"

namespace crypto {

class NSSKeyUtilTest : public testing::Test {
 public:
  void SetUp() override {
    EnsureNSSInit();

    internal_slot_.reset(PK11_GetInternalSlot());
    ASSERT_TRUE(internal_slot_);
  }

  PK11SlotInfo* internal_slot() { return internal_slot_.get(); }

 private:
  ScopedPK11Slot internal_slot_;
};

TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) {
  const int kKeySizeBits = 1024;

  ScopedSECKEYPublicKey public_key;
  ScopedSECKEYPrivateKey private_key;
  ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits,
                                    false /* not permanent */, &public_key,
                                    &private_key));

  EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get()));
  EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get()));
  EXPECT_EQ((kKeySizeBits + 7) / 8,
            PK11_GetPrivateModulusLen(private_key.get()));
}

TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) {
  // Create an NSS keypair, which will put the keys in the user's NSSDB.
  ScopedSECKEYPublicKey public_key;
  ScopedSECKEYPrivateKey private_key;
  ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
                                    false /* not permanent */, &public_key,
                                    &private_key));

  ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
  ASSERT_TRUE(item);
  std::vector<uint8_t> public_key_der(item->data, item->data + item->len);

  ScopedSECKEYPrivateKey private_key2 =
      FindNSSKeyFromPublicKeyInfo(public_key_der);
  ASSERT_TRUE(private_key2);
  EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID);
}

TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) {
  // Create an NSS keypair, which will put the keys in the user's NSSDB.
  ScopedSECKEYPublicKey public_key;
  ScopedSECKEYPrivateKey private_key;
  ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
                                    false /* not permanent */, &public_key,
                                    &private_key));

  ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
  ASSERT_TRUE(item);
  std::vector<uint8_t> public_key_der(item->data, item->data + item->len);

  // Remove the keys from the DB, and make sure we can't find them again.
  PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID);
  PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID);

  EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der));
}

}  // namespace crypto