1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "crypto/nss_key_util.h"
6 
7 #include <keyhi.h>
8 #include <pk11pub.h>
9 #include <stdint.h>
10 
11 #include <vector>
12 
13 #include "crypto/nss_util.h"
14 #include "crypto/scoped_nss_types.h"
15 #include "testing/gtest/include/gtest/gtest.h"
16 
17 namespace crypto {
18 
19 class NSSKeyUtilTest : public testing::Test {
20  public:
SetUp()21   void SetUp() override {
22     EnsureNSSInit();
23 
24     internal_slot_.reset(PK11_GetInternalSlot());
25     ASSERT_TRUE(internal_slot_);
26   }
27 
internal_slot()28   PK11SlotInfo* internal_slot() { return internal_slot_.get(); }
29 
30  private:
31   ScopedPK11Slot internal_slot_;
32 };
33 
TEST_F(NSSKeyUtilTest,GenerateRSAKeyPairNSS)34 TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) {
35   const int kKeySizeBits = 1024;
36 
37   ScopedSECKEYPublicKey public_key;
38   ScopedSECKEYPrivateKey private_key;
39   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits,
40                                     false /* not permanent */, &public_key,
41                                     &private_key));
42 
43   EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get()));
44   EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get()));
45   EXPECT_EQ((kKeySizeBits + 7) / 8,
46             PK11_GetPrivateModulusLen(private_key.get()));
47 }
48 
TEST_F(NSSKeyUtilTest,FindNSSKeyFromPublicKeyInfo)49 TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) {
50   // Create an NSS keypair, which will put the keys in the user's NSSDB.
51   ScopedSECKEYPublicKey public_key;
52   ScopedSECKEYPrivateKey private_key;
53   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
54                                     false /* not permanent */, &public_key,
55                                     &private_key));
56 
57   ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
58   ASSERT_TRUE(item);
59   std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
60 
61   ScopedSECKEYPrivateKey private_key2 =
62       FindNSSKeyFromPublicKeyInfo(public_key_der);
63   ASSERT_TRUE(private_key2);
64   EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID);
65 }
66 
TEST_F(NSSKeyUtilTest,FailedFindNSSKeyFromPublicKeyInfo)67 TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) {
68   // Create an NSS keypair, which will put the keys in the user's NSSDB.
69   ScopedSECKEYPublicKey public_key;
70   ScopedSECKEYPrivateKey private_key;
71   ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512,
72                                     false /* not permanent */, &public_key,
73                                     &private_key));
74 
75   ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
76   ASSERT_TRUE(item);
77   std::vector<uint8_t> public_key_der(item->data, item->data + item->len);
78 
79   // Remove the keys from the DB, and make sure we can't find them again.
80   PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID);
81   PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID);
82 
83   EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der));
84 }
85 
86 }  // namespace crypto
87