1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
|
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40285824): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif
#include "chromeos/ash/components/chaps_util/chaps_util_impl.h"
#include <pkcs11t.h>
#include <secmodt.h>
#include <stdint.h>
#include <map>
#include <optional>
#include <utility>
#include <vector>
#include "base/base64.h"
#include "base/containers/span.h"
#include "base/files/file_util.h"
#include "base/memory/raw_ptr.h"
#include "chromeos/ash/components/chaps_util/chaps_slot_session.h"
#include "crypto/nss_key_util.h"
#include "crypto/scoped_nss_types.h"
#include "crypto/scoped_test_nss_db.h"
#include "net/cert/x509_util_nss.h"
#include "net/test/cert_test_util.h"
#include "net/test/test_data_directory.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/base.h"
#include "third_party/boringssl/src/include/openssl/bn.h"
#include "third_party/boringssl/src/include/openssl/stack.h"
#include "third_party/boringssl/src/include/openssl/x509.h"
namespace chromeos {
namespace {
const size_t kKeySizeBits = 2048;
// TODO(b/202374261): Move these into a shared header.
// Signals to chaps that a generated key should be software-backed.
constexpr CK_ATTRIBUTE_TYPE kForceSoftwareAttribute = CKA_VENDOR_DEFINED + 4;
// Chaps sets this for keys that are software-backed.
constexpr CK_ATTRIBUTE_TYPE kKeyInSoftware = CKA_VENDOR_DEFINED + 5;
enum AttrValueType { kNotDefined, kCkBool, kCkUlong, kCkBytes };
const std::optional<std::vector<CK_BYTE>> default_encoded_cert_label =
base::Base64Decode("dGVzdHVzZXJjZXJ0");
// python print(base64.b64encode("default nickname".encode('utf-8'))).
const std::optional<std::vector<CK_BYTE>> default_encoded_label =
base::Base64Decode("VW5rbm93biBvcmc=");
const std::optional<std::vector<CK_BYTE>> cka_id_for_ec_key =
base::Base64Decode("9kVFdOhn8yYso7a/wG2uC0wdHWo=");
const std::optional<std::vector<CK_BYTE>> cka_ex_point_ec_key =
base::Base64Decode(
"BP+"
"IQBEPm3e3ABQMhQaZlE0w8qIjn0tKH6jTEekQvtKoUhFo2nM4Q9VA3MLljVF7vabV8CuH9"
"/"
"UkKt2FMg2iHGM=");
const std::optional<std::vector<CK_BYTE>> cka_ec_params_ec_key =
base::Base64Decode("BggqhkjOPQMBBw==");
const std::optional<std::vector<CK_BYTE>> cka_value_ec_key =
base::Base64Decode("fvWtrgVAq5JApBuCPK92IUAQQnnEoLUrBgZ/KGFhz7E=");
// Class helper to keep relations between all possible attribute's types,
// attribute's names and attribute's value types.
class AttributesParsingOptions {
public:
AttributesParsingOptions() = default;
~AttributesParsingOptions() = default;
static std::string GetName(const CK_ATTRIBUTE& attribute) {
if (!GetPkcs12ObjectAttrMap().contains(attribute.type)) {
ADD_FAILURE() << "Attribute value's type is unknown hex:" << std::hex
<< attribute.type;
return "";
}
return std::get<std::string>(GetPkcs12ObjectAttrMap().at(attribute.type));
}
static AttrValueType GetValueType(const CK_ATTRIBUTE& attribute) {
if (!GetPkcs12ObjectAttrMap().contains(attribute.type)) {
ADD_FAILURE() << "Attribute value's type is unknown hex:" << std::hex
<< attribute.type;
return AttrValueType::kNotDefined;
}
return std::get<AttrValueType>(GetPkcs12ObjectAttrMap().at(attribute.type));
}
private:
static const std::map<CK_ATTRIBUTE_TYPE,
std::pair<AttrValueType, std::string>>&
GetPkcs12ObjectAttrMap() {
// Map which keeps relation between PKCS12 object attribute type, attribute
// name and attribute value's type.
static std::map<CK_ATTRIBUTE_TYPE, std::pair<AttrValueType, std::string>>
attr_map;
if (attr_map.empty()) {
attr_map[CKA_TOKEN] = {kCkBool, "CKA_TOKEN"};
attr_map[CKA_PRIVATE] = {kCkBool, "CKA_PRIVATE"};
attr_map[CKA_VERIFY] = {kCkBool, "CKA_VERIFY"};
attr_map[CKA_MODULUS_BITS] = {kCkUlong, "CKA_MODULUS_BITS"};
attr_map[CKA_PUBLIC_EXPONENT] = {kCkBytes, "CKA_PUBLIC_EXPONENT"};
attr_map[CKA_SENSITIVE] = {kCkBool, "CKA_SENSITIVE"};
attr_map[CKA_EXTRACTABLE] = {kCkBool, "CKA_EXTRACTABLE"};
attr_map[CKA_SIGN] = {kCkBool, "CKA_SIGN"};
attr_map[kForceSoftwareAttribute] = {kCkBool, "kForceSoftwareAttribute"};
attr_map[CKA_CLASS] = {kCkUlong, "CKA_CLASS"};
attr_map[CKA_KEY_TYPE] = {kCkUlong, "CKA_KEY_TYPE"};
attr_map[CKA_UNWRAP] = {kCkBool, "CKA_UNWRAP"};
attr_map[CKA_DECRYPT] = {kCkBool, "CKA_DECRYPT"};
attr_map[CKA_MODULUS] = {kCkBytes, "CKA_MODULUS"};
attr_map[CKA_SIGN_RECOVER] = {kCkBool, "CKA_SIGN_RECOVER"};
attr_map[CKA_ID] = {kCkBytes, "CKA_ID"};
attr_map[CKA_PUBLIC_EXPONENT] = {kCkBytes, "CKA_PUBLIC_EXPONENT"};
attr_map[CKA_PRIVATE_EXPONENT] = {kCkBytes, "CKA_PRIVATE_EXPONENT"};
attr_map[CKA_PRIME_1] = {kCkBytes, "CKA_PRIME_1"};
attr_map[CKA_PRIME_2] = {kCkBytes, "CKA_PRIME_2"};
attr_map[CKA_EXPONENT_1] = {kCkBytes, "CKA_EXPONENT_1"};
attr_map[CKA_EXPONENT_2] = {kCkBytes, "CKA_EXPONENT_2"};
attr_map[CKA_COEFFICIENT] = {kCkBytes, "CKA_COEFFICIENT"};
attr_map[CKA_LABEL] = {kCkBytes, "CKA_LABEL"};
attr_map[CKA_VALUE] = {kCkBytes, "CKA_VALUE"};
attr_map[CKA_ISSUER] = {kCkBytes, "CKA_ISSUER"};
attr_map[CKA_SUBJECT] = {kCkBytes, "CKA_SUBJECT"};
attr_map[CKA_SERIAL_NUMBER] = {kCkBytes, "CKA_SERIAL_NUMBER"};
attr_map[CKA_NSS_EMAIL] = {kCkBytes, "CKA_NSS_EMAIL"};
attr_map[CKA_CERTIFICATE_TYPE] = {kCkBytes, "CKA_CERTIFICATE_TYPE"};
attr_map[CKA_EC_POINT] = {kCkBytes, "CKA_EC_POINT"};
attr_map[CKA_DERIVE] = {kCkBool, "CKA_DERIVE"};
attr_map[CKA_EC_PARAMS] = {kCkBytes, "CKA_EC_PARAMS"};
}
return attr_map;
}
};
// Generic holder for single parsed attribute with all parsing methods.
class AttributeData {
public:
AttributeData() = default;
explicit AttributeData(const CK_ATTRIBUTE& attribute) {
AttrValueType attr_value_type =
AttributesParsingOptions::GetValueType(attribute);
name_ = AttributesParsingOptions::GetName(attribute);
switch (attr_value_type) {
case kCkBool:
ck_bool_value_ = ParseCkBBool(attribute, name_);
break;
case kCkUlong:
ck_ulong_value_ = ParseCkULong(attribute, name_);
break;
case kCkBytes:
ck_bytes_value_ = ParseCkBytes(attribute);
break;
case kNotDefined:
ADD_FAILURE() << "Parser is not defined for attribute type:" << std::hex
<< attribute.type;
break;
}
}
~AttributeData() = default;
std::optional<CK_BBOOL> CkBool() { return ck_bool_value_; }
std::optional<CK_ULONG> CkULong() { return ck_ulong_value_; }
std::optional<std::vector<CK_BYTE>> CkByte() { return ck_bytes_value_; }
private:
std::string name_;
std::optional<CK_BBOOL> ck_bool_value_;
std::optional<CK_ULONG> ck_ulong_value_;
std::optional<std::vector<CK_BYTE>> ck_bytes_value_;
static std::optional<CK_BBOOL> ParseCkBBool(
const CK_ATTRIBUTE& attribute,
const std::string& attribute_name) {
if (attribute.ulValueLen < sizeof(CK_BBOOL)) {
ADD_FAILURE() << "Size to small for CK_BBOOL for attribute "
<< attribute_name << ": " << attribute.ulValueLen;
return std::nullopt;
}
CK_BBOOL value;
memcpy(&value, attribute.pValue, sizeof(CK_BBOOL));
return value;
}
static std::optional<CK_ULONG> ParseCkULong(
const CK_ATTRIBUTE& attribute,
const std::string& attribute_name) {
if (attribute.ulValueLen < sizeof(CK_ULONG)) {
ADD_FAILURE() << "Size to small for CK_ULONG for attribute "
<< attribute_name << ": " << attribute.ulValueLen;
return std::nullopt;
}
CK_ULONG value;
memcpy(&value, attribute.pValue, sizeof(CK_ULONG));
return value;
}
static std::optional<std::vector<CK_BYTE>> ParseCkBytes(
const CK_ATTRIBUTE& attribute) {
std::vector<CK_BYTE> result(attribute.ulValueLen);
memcpy(result.data(), attribute.pValue, result.size());
return result;
}
};
// Holds PKCS#11 attributes passed by the code under test.
struct ObjectAttributes {
ObjectAttributes() = default;
~ObjectAttributes() = default;
static ObjectAttributes ParseFrom(CK_ATTRIBUTE_PTR attributes,
CK_ULONG attributes_count) {
ObjectAttributes result;
for (CK_ULONG i = 0; i < attributes_count; ++i) {
const CK_ATTRIBUTE& attr = attributes[i];
if (result.parsed_attributes_map.contains(attr.type)) {
ADD_FAILURE() << "Already stored attribute type:" << attr.type;
}
result.parsed_attributes_map[attr.type] = AttributeData(attr);
}
return result;
}
std::optional<CK_BBOOL> GetCkBool(const CK_ATTRIBUTE_TYPE attribute_type) {
return parsed_attributes_map[attribute_type].CkBool();
}
std::optional<CK_ULONG> GetCkULong(const CK_ATTRIBUTE_TYPE attribute_type) {
return parsed_attributes_map[attribute_type].CkULong();
}
std::optional<std::vector<CK_BYTE>> GetCkByte(
const CK_ATTRIBUTE_TYPE attribute_type) {
return parsed_attributes_map[attribute_type].CkByte();
}
int Size() { return parsed_attributes_map.size(); }
std::map<CK_ATTRIBUTE_TYPE, AttributeData> parsed_attributes_map;
};
// Holds
// - flags triggering how FakeChapsSlotSession should behave.
// - data passed by the code under test to FakeChapsSlotSessionFactory and
// FakeChapsSlotSession.
struct PassedData {
// Controls whether ChapsSlotSessionFactory::CreateChapsSlotSession succeeds.
bool factory_success = true;
// Assigns results to operations. The key is the operation index, i.e. the
// sequence number of an operation performed on the ChapsSlotSession.
// The value is the operation result. CKR_INVALID_SESSION_HANDLE and
// CKR_SESSION_CLOSED have special meaning.
std::map<int, CK_RV> operation_results;
// If set to false, calls to ChapsSlotSession::ReopenSession will fail.
bool reopen_session_success = true;
// Counts how often the code under test called
// ChapsSlotSession::ReopenSession.
int reopen_session_call_count = 0;
// The slot_id passed into FakeChapsSlotSessionFactory.
std::optional<CK_SLOT_ID> slot_id;
// Attributes passed for the public key template to GenerateKeyPair.
ObjectAttributes public_key_gen_attributes;
// Attributes passed for the private key template to GenerateKeyPair.
ObjectAttributes private_key_gen_attributes;
// The data passed into FakeChapsSlotSession::SetAttributeValue for the
// CKA_ID attribute of the public key. Empty if SetAttributeValue was never
// called for that attribute.
std::vector<uint8_t> public_key_cka_id;
// The data passed into FakeChapsSlotSession::SetAttributeValue for the
// CKA_ID attribute of the private key. Empty if SetAttributeValue was never
// called for that attribute.
std::vector<uint8_t> private_key_cka_id;
// The data passed into FakeChapsSlotSession::SetAttributeValue for creation
// of key object from PKCS12 container.
ObjectAttributes pkcs12_key_attributes;
// The data passed into FakeChapsSlotSession::SetAttributeValue for creation
// of certificates objects from PKCS12 container. PKCS12 container can hold
// multiple certificates.
std::vector<ObjectAttributes> pkcs12_cert_attributes;
};
// FakeChapsSlotSession actually generates a key pair on a NSS slot. This is
// useful so it's possible to test whether the CKA_ID that the code under test
// would assign matches the CKA_ID that NSS computed for the key.
class FakeChapsSlotSession : public ChapsSlotSession {
public:
explicit FakeChapsSlotSession(PK11SlotInfo* slot, PassedData* passed_data)
: slot_(slot), passed_data_(passed_data) {}
~FakeChapsSlotSession() override = default;
bool ReopenSession() override {
++passed_data_->reopen_session_call_count;
// The code under test should only call this if it was given an indication
// that the session handle it uses is not valid anymore.
EXPECT_FALSE(session_ok_);
if (passed_data_->reopen_session_success) {
session_ok_ = true;
return true;
}
return false;
}
CK_RV CreateObject(CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phObject) override {
EXPECT_TRUE(session_ok_);
CK_RV configured_result = ApplyConfiguredResult();
if (configured_result != CKR_OK) {
return configured_result;
}
ObjectAttributes parsing_result =
ObjectAttributes::ParseFrom(pTemplate, ulCount);
AttributeData parsed_object_type =
parsing_result.parsed_attributes_map[CKA_CLASS];
if (parsed_object_type.CkULong() == CKO_PRIVATE_KEY) {
passed_data_->pkcs12_key_attributes = parsing_result;
}
if (parsed_object_type.CkULong() == CKO_CERTIFICATE) {
passed_data_->pkcs12_cert_attributes.push_back(parsing_result);
}
return CKR_OK;
}
CK_RV GenerateKeyPair(CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
CK_ULONG ulPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
CK_ULONG ulPrivateKeyAttributeCount,
CK_OBJECT_HANDLE_PTR phPublicKey,
CK_OBJECT_HANDLE_PTR phPrivateKey) override {
EXPECT_TRUE(session_ok_);
CK_RV configured_result = ApplyConfiguredResult();
if (configured_result != CKR_OK) {
return configured_result;
}
passed_data_->public_key_gen_attributes = ObjectAttributes::ParseFrom(
pPublicKeyTemplate, ulPublicKeyAttributeCount);
passed_data_->private_key_gen_attributes = ObjectAttributes::ParseFrom(
pPrivateKeyTemplate, ulPrivateKeyAttributeCount);
crypto::ScopedSECKEYPublicKey public_key;
crypto::ScopedSECKEYPrivateKey private_key;
EXPECT_TRUE(crypto::GenerateRSAKeyPairNSS(slot_, kKeySizeBits,
/*permanent=*/true, &public_key,
&private_key));
*phPublicKey = public_key->pkcs11ID;
public_key_handle_ = public_key->pkcs11ID;
*phPrivateKey = private_key->pkcs11ID;
private_key_handle_ = private_key->pkcs11ID;
// Remember the modulus.
SECItem* modulus = &(public_key->u.rsa.modulus);
public_key_modulus_.assign(modulus->data, modulus->data + modulus->len);
return CKR_OK;
}
CK_RV GetAttributeValue(CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount) override {
EXPECT_TRUE(session_ok_);
CK_RV configured_result = ApplyConfiguredResult();
if (configured_result != CKR_OK) {
return configured_result;
}
if (hObject == public_key_handle_) {
const size_t kModulusBytes = kKeySizeBits / 8;
if (ulCount != 1 || pTemplate[0].type != CKA_MODULUS) {
return CKR_ATTRIBUTE_TYPE_INVALID;
}
if (pTemplate[0].ulValueLen < kModulusBytes) {
return CKR_BUFFER_TOO_SMALL;
}
memcpy(pTemplate[0].pValue, public_key_modulus_.data(), kModulusBytes);
return CKR_OK;
}
if (hObject == private_key_handle_) {
if (ulCount != 1 || pTemplate[0].type != kKeyInSoftware) {
return CKR_ATTRIBUTE_TYPE_INVALID;
}
const CK_BBOOL key_in_software_value = true;
if (pTemplate[0].ulValueLen < sizeof(key_in_software_value)) {
return CKR_BUFFER_TOO_SMALL;
}
memcpy(pTemplate[0].pValue, &key_in_software_value,
sizeof(key_in_software_value));
return CKR_OK;
}
return CKR_OBJECT_HANDLE_INVALID;
}
CK_RV SetAttributeValue(CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount) override {
EXPECT_TRUE(session_ok_);
CK_RV configured_result = ApplyConfiguredResult();
if (configured_result != CKR_OK) {
return configured_result;
}
if (ulCount != 1 || pTemplate[0].type != CKA_ID) {
return CKR_ATTRIBUTE_TYPE_INVALID;
}
uint8_t* data = reinterpret_cast<uint8_t*>(pTemplate[0].pValue);
size_t length = pTemplate[0].ulValueLen;
if (hObject == public_key_handle_) {
passed_data_->public_key_cka_id.assign(data, data + length);
return CKR_OK;
} else if (hObject == private_key_handle_) {
passed_data_->private_key_cka_id.assign(data, data + length);
return CKR_OK;
}
return CKR_OBJECT_HANDLE_INVALID;
}
private:
// Applies a result configured for the current operation, if any.
CK_RV ApplyConfiguredResult() {
int cur_operation = operation_count_;
++operation_count_;
auto operation_result = passed_data_->operation_results.find(cur_operation);
if (operation_result == passed_data_->operation_results.end()) {
return CKR_OK;
}
CK_RV result = operation_result->second;
// CKR_SESSION_HANDLE_INVALID and CKR_SESSION_CLOSED have a special meaning
// - also flag that the session handle is not usable (until the next call to
// ReopenSession).
if (result == CKR_SESSION_HANDLE_INVALID || result == CKR_SESSION_CLOSED) {
session_ok_ = false;
}
return result;
}
// Keeps track of how many operations were already performed. Used to keep
// track of the operation sequence number for PassedData::operation_results.
int operation_count_ = 0;
// If false, the session is not usable until ReopenSession has been called.
bool session_ok_ = true;
// Unowned.
const raw_ptr<PK11SlotInfo> slot_;
// Unowned.
const raw_ptr<PassedData> passed_data_;
// Cached modulus of the generated public key so GetAttributeValue with
// CKA_MODULUS is supported.
std::vector<uint8_t> public_key_modulus_;
CK_OBJECT_HANDLE public_key_handle_ = CKR_OBJECT_HANDLE_INVALID;
CK_OBJECT_HANDLE private_key_handle_ = CKR_OBJECT_HANDLE_INVALID;
};
class FakeChapsSlotSessionFactory : public ChapsSlotSessionFactory {
public:
FakeChapsSlotSessionFactory(PK11SlotInfo* slot, PassedData* passed_data)
: slot_(slot), passed_data_(passed_data) {}
~FakeChapsSlotSessionFactory() override = default;
std::unique_ptr<ChapsSlotSession> CreateChapsSlotSession(
CK_SLOT_ID slot_id) override {
passed_data_->slot_id = slot_id;
if (!passed_data_->factory_success) {
return nullptr;
}
return std::make_unique<FakeChapsSlotSession>(slot_, passed_data_);
}
private:
// Unowned.
const raw_ptr<PK11SlotInfo> slot_;
// Unowned.
const raw_ptr<PassedData> passed_data_;
};
class ChapsUtilImplTest : public ::testing::Test {
public:
ChapsUtilImplTest() {
auto chaps_slot_session_factory =
std::make_unique<FakeChapsSlotSessionFactory>(nss_test_db_.slot(),
&passed_data_);
chaps_util_impl_ =
std::make_unique<ChapsUtilImpl>(std::move(chaps_slot_session_factory));
chaps_util_impl_->SetIsChapsProvidedSlotForTesting(true);
}
ChapsUtilImplTest(const ChapsUtilImplTest&) = delete;
ChapsUtilImplTest& operator=(const ChapsUtilImplTest&) = delete;
~ChapsUtilImplTest() override = default;
protected:
static std::vector<uint8_t> ReadTestFile(const std::string& file_name) {
base::FilePath file_path =
net::GetTestCertsDirectory().AppendASCII(file_name);
std::optional<std::vector<uint8_t>> file_data = ReadFileToBytes(file_path);
EXPECT_TRUE(file_data.has_value());
if (!file_data.has_value()) {
return {};
}
return file_data.value();
}
static std::vector<uint8_t>& GetPkcs12Data(std::string file_name) {
static std::vector<uint8_t> pkcs12_data_;
pkcs12_data_ = ReadTestFile(file_name);
return pkcs12_data_;
}
static std::vector<uint8_t>& GetPkcs12Data() {
return GetPkcs12Data("client.p12");
}
static std::vector<uint8_t>& GetPkcs12WithEcKeyData() {
return GetPkcs12Data("client_with_ec_key.p12");
}
bool KeyImportNeverDone() const {
ObjectAttributes data = passed_data_.pkcs12_key_attributes;
return data.Size() == 0;
}
bool CertImportNeverDone() const {
return passed_data_.pkcs12_cert_attributes.empty();
}
bool KeyImportDone() const {
ObjectAttributes data = passed_data_.pkcs12_key_attributes;
return data.Size() == 19; // valid only for ReadTestFile("client.p12").
}
bool CertImportDone() const {
ObjectAttributes data = passed_data_.pkcs12_cert_attributes[0];
return data.Size() == 10; // valid only for ReadTestFile("client.p12").
}
crypto::ScopedTestNSSDB nss_test_db_;
PassedData passed_data_;
std::unique_ptr<ChapsUtilImpl> chaps_util_impl_;
};
// Returns the CKA_ID of |private_key|. This is the CKA_ID that NSS assigned to
// the private key, and thus it should be the same CKA_ID that ChapsUtil
// attempts to assign to the private and public key.
std::vector<uint8_t> GetExpectedCkaId(SECKEYPrivateKey* private_key) {
crypto::ScopedSECItem cka_id_secitem(
PK11_GetLowLevelKeyIDForPrivateKey(private_key));
uint8_t* cka_id_data = reinterpret_cast<uint8_t*>(cka_id_secitem->data);
return {cka_id_data, cka_id_data + cka_id_secitem->len};
}
// Successfully generates a software-backed key pair. Also verifies CKA_ID
// assignment.
TEST_F(ChapsUtilImplTest, GenerateSoftwareKeyPairSuccess) {
crypto::ScopedSECKEYPublicKey public_key;
crypto::ScopedSECKEYPrivateKey private_key;
ASSERT_TRUE(chaps_util_impl_->GenerateSoftwareBackedRSAKey(
nss_test_db_.slot(), kKeySizeBits, &public_key, &private_key));
// Verify that ChapsUtil passed the correct slot id to the factory.
EXPECT_EQ(passed_data_.slot_id, PK11_GetSlotID(nss_test_db_.slot()));
// Verify that ChapsUtil passed the expected attributes.
// Check attributes for public key.
ObjectAttributes public_key_data = passed_data_.public_key_gen_attributes;
const int expected_public_key_attributes = 5;
EXPECT_EQ(public_key_data.Size(), expected_public_key_attributes);
EXPECT_EQ(public_key_data.GetCkBool(CKA_TOKEN), CK_TRUE);
EXPECT_EQ(public_key_data.GetCkBool(CKA_PRIVATE), CK_FALSE);
EXPECT_EQ(public_key_data.GetCkBool(CKA_VERIFY), CK_TRUE);
EXPECT_EQ(public_key_data.GetCkULong(CKA_MODULUS_BITS), (CK_ULONG)2048);
EXPECT_EQ(public_key_data.GetCkByte(CKA_PUBLIC_EXPONENT),
(std::vector<CK_BYTE>{0x01, 0x00, 0x01}));
// Check attributes for private key.
ObjectAttributes private_key_data = passed_data_.private_key_gen_attributes;
const int expected_private_key_attributes = 6;
EXPECT_EQ(private_key_data.Size(), expected_private_key_attributes);
EXPECT_EQ(private_key_data.GetCkBool(CKA_TOKEN), CK_TRUE);
EXPECT_EQ(private_key_data.GetCkBool(CKA_PRIVATE), CK_TRUE);
EXPECT_EQ(private_key_data.GetCkBool(CKA_SENSITIVE), CK_TRUE);
EXPECT_EQ(private_key_data.GetCkBool(CKA_EXTRACTABLE), CK_FALSE);
EXPECT_EQ(private_key_data.GetCkBool(kForceSoftwareAttribute), CK_TRUE);
EXPECT_EQ(private_key_data.GetCkBool(CKA_SIGN), CK_TRUE);
// Verify that ChapsUtil attempted to assign the correct CKA_ID to the public
// and private key objects.
std::vector<uint8_t> expected_cka_id = GetExpectedCkaId(private_key.get());
EXPECT_EQ(passed_data_.public_key_cka_id, expected_cka_id);
EXPECT_EQ(passed_data_.private_key_cka_id, expected_cka_id);
}
// The passed slot is not provided by chaps. The operation fails.
TEST_F(ChapsUtilImplTest, NotChapsProvidedSlot) {
chaps_util_impl_->SetIsChapsProvidedSlotForTesting(false);
crypto::ScopedSECKEYPublicKey public_key;
crypto::ScopedSECKEYPrivateKey private_key;
EXPECT_FALSE(chaps_util_impl_->GenerateSoftwareBackedRSAKey(
nss_test_db_.slot(), kKeySizeBits, &public_key, &private_key));
}
// A ChapsSlotSession can not be created, so the operation fails.
TEST_F(ChapsUtilImplTest, ChapsSlotSessionFactoryFailure) {
passed_data_.factory_success = false;
crypto::ScopedSECKEYPublicKey public_key;
crypto::ScopedSECKEYPrivateKey private_key;
EXPECT_FALSE(chaps_util_impl_->GenerateSoftwareBackedRSAKey(
nss_test_db_.slot(), kKeySizeBits, &public_key, &private_key));
// Verify that ChapsUtil passed the correct slot id to the factory.
EXPECT_EQ(passed_data_.slot_id, PK11_GetSlotID(nss_test_db_.slot()));
}
// A PKCS11 operation fails with a generic failure. The operation fails.
TEST_F(ChapsUtilImplTest, OperationFails) {
passed_data_.operation_results[0] = CKR_FUNCTION_FAILED;
crypto::ScopedSECKEYPublicKey public_key;
crypto::ScopedSECKEYPrivateKey private_key;
EXPECT_FALSE(chaps_util_impl_->GenerateSoftwareBackedRSAKey(
nss_test_db_.slot(), kKeySizeBits, &public_key, &private_key));
}
// A PKCS11 operation fails with CKR_SESSION_HANDLE_INVALID. ChapsUtilImpl
// re-opens the session and retries the operation.
TEST_F(ChapsUtilImplTest, HandlesInvalidSessionHandle_ReopenOk) {
passed_data_.operation_results[0] = CKR_SESSION_HANDLE_INVALID;
passed_data_.reopen_session_success = true;
crypto::ScopedSECKEYPublicKey public_key;
crypto::ScopedSECKEYPrivateKey private_key;
EXPECT_TRUE(chaps_util_impl_->GenerateSoftwareBackedRSAKey(
nss_test_db_.slot(), kKeySizeBits, &public_key, &private_key));
EXPECT_EQ(passed_data_.reopen_session_call_count, 1);
}
// A PKCS11 operation fails with CKR_SESSION_HANDLE_INVALID twice. ChapsUtilImpl
// re-opens the session and retries the operation.
TEST_F(ChapsUtilImplTest, HandlesInvalidSessionHandle_ReopenTwiceOk) {
passed_data_.operation_results[0] = CKR_SESSION_HANDLE_INVALID;
passed_data_.operation_results[1] = CKR_SESSION_CLOSED;
passed_data_.reopen_session_success = true;
crypto::ScopedSECKEYPublicKey public_key;
crypto::ScopedSECKEYPrivateKey private_key;
EXPECT_TRUE(chaps_util_impl_->GenerateSoftwareBackedRSAKey(
nss_test_db_.slot(), kKeySizeBits, &public_key, &private_key));
EXPECT_EQ(passed_data_.reopen_session_call_count, 2);
}
// A PKCS11 operation fails with CKR_SESSION_HANDLE_INVALID many times.
// ChapsUtilImpl gives up attempts to retry after 5 times.
TEST_F(ChapsUtilImplTest, HandlesInvalidSessionHandle_ReopenGivesUp) {
passed_data_.operation_results[0] = CKR_SESSION_HANDLE_INVALID;
passed_data_.operation_results[1] = CKR_SESSION_HANDLE_INVALID;
passed_data_.operation_results[2] = CKR_SESSION_HANDLE_INVALID;
passed_data_.operation_results[3] = CKR_SESSION_HANDLE_INVALID;
passed_data_.operation_results[4] = CKR_SESSION_HANDLE_INVALID;
passed_data_.operation_results[5] = CKR_SESSION_HANDLE_INVALID;
passed_data_.reopen_session_success = true;
crypto::ScopedSECKEYPublicKey public_key;
crypto::ScopedSECKEYPrivateKey private_key;
EXPECT_FALSE(chaps_util_impl_->GenerateSoftwareBackedRSAKey(
nss_test_db_.slot(), kKeySizeBits, &public_key, &private_key));
EXPECT_EQ(passed_data_.reopen_session_call_count, 5);
}
// A PKCS11 operation fails with CKR_SESSION_HANDLE_INVALID and the session can
// not be re-opened. The operation fails.
TEST_F(ChapsUtilImplTest, HandlesInvalidSessionHandle_ReopenFails) {
passed_data_.operation_results[0] = CKR_SESSION_HANDLE_INVALID;
passed_data_.reopen_session_success = false;
crypto::ScopedSECKEYPublicKey public_key;
crypto::ScopedSECKEYPrivateKey private_key;
EXPECT_FALSE(chaps_util_impl_->GenerateSoftwareBackedRSAKey(
nss_test_db_.slot(), kKeySizeBits, &public_key, &private_key));
EXPECT_EQ(passed_data_.reopen_session_call_count, 1);
}
} // namespace
} // namespace chromeos
|
