Google Git
Sign in
nest-open-source / manifest_repos / nss / 4c27b2c95aa58cee220d6d993f969b63a7261e83 / . / nss-3.41 / nss / gtests / pk11_gtest / pk11_signature_test.h
blob: 0526fea55926571a66a2d2281fba2e178a7c679a [file] [log] [blame]
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <memory>
#include "nss.h"
#include "pk11pub.h"
#include "sechash.h"
#include "cpputil.h"
#include "nss_scoped_ptrs.h"
#include "databuffer.h"
#include "gtest/gtest.h"
namespace nss_test {
// For test vectors.
struct Pkcs11SignatureTestParams {
const DataBuffer pkcs8_;
const DataBuffer spki_;
const DataBuffer data_;
const DataBuffer signature_;
};
class Pk11SignatureTest : public ::testing::Test {
protected:
Pk11SignatureTest(CK_MECHANISM_TYPE mech, SECOidTag hash_oid)
: mechanism_(mech), hash_oid_(hash_oid) {}
virtual const SECItem* parameters() const { return nullptr; }
CK_MECHANISM_TYPE mechanism() const { return mechanism_; }
ScopedSECKEYPrivateKey ImportPrivateKey(const DataBuffer& pkcs8) {
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
if (!slot) {
ADD_FAILURE() << "No slot";
return nullptr;
}
SECItem pkcs8Item = {siBuffer, toUcharPtr(pkcs8.data()),
static_cast<unsigned int>(pkcs8.len())};
SECKEYPrivateKey* key = nullptr;
SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
slot.get(), &pkcs8Item, nullptr, nullptr, false, false, KU_ALL, &key,
nullptr);
if (rv != SECSuccess) {
return nullptr;
}
return ScopedSECKEYPrivateKey(key);
}
ScopedSECKEYPublicKey ImportPublicKey(const DataBuffer& spki) {
SECItem spkiItem = {siBuffer, toUcharPtr(spki.data()),
static_cast<unsigned int>(spki.len())};
ScopedCERTSubjectPublicKeyInfo certSpki(
SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
return ScopedSECKEYPublicKey(SECKEY_ExtractPublicKey(certSpki.get()));
}
bool ComputeHash(const DataBuffer& data, DataBuffer* hash) {
hash->Allocate(static_cast<size_t>(HASH_ResultLenByOidTag(hash_oid_)));
SECStatus rv =
PK11_HashBuf(hash_oid_, hash->data(), data.data(), data.len());
return rv == SECSuccess;
}
bool SignHashedData(ScopedSECKEYPrivateKey& privKey, const DataBuffer& hash,
DataBuffer* sig) {
SECItem hashItem = {siBuffer, toUcharPtr(hash.data()),
static_cast<unsigned int>(hash.len())};
int sigLen = PK11_SignatureLen(privKey.get());
EXPECT_LT(0, sigLen);
sig->Allocate(static_cast<size_t>(sigLen));
SECItem sigItem = {siBuffer, toUcharPtr(sig->data()),
static_cast<unsigned int>(sig->len())};
SECStatus rv = PK11_SignWithMechanism(privKey.get(), mechanism_,
parameters(), &sigItem, &hashItem);
return rv == SECSuccess;
}
bool ImportPrivateKeyAndSignHashedData(const DataBuffer& pkcs8,
const DataBuffer& data,
DataBuffer* sig) {
ScopedSECKEYPrivateKey privKey(ImportPrivateKey(pkcs8));
if (!privKey) {
return false;
}
DataBuffer hash;
if (!ComputeHash(data, &hash)) {
ADD_FAILURE() << "Failed to compute hash";
return false;
}
return SignHashedData(privKey, hash, sig);
}
void Verify(const Pkcs11SignatureTestParams& params, const DataBuffer& sig) {
ScopedSECKEYPublicKey pubKey(ImportPublicKey(params.spki_));
ASSERT_TRUE(pubKey);
DataBuffer hash;
ASSERT_TRUE(ComputeHash(params.data_, &hash));
// Verify.
SECItem hashItem = {siBuffer, toUcharPtr(hash.data()),
static_cast<unsigned int>(hash.len())};
SECItem sigItem = {siBuffer, toUcharPtr(sig.data()),
static_cast<unsigned int>(sig.len())};
SECStatus rv = PK11_VerifyWithMechanism(
pubKey.get(), mechanism_, parameters(), &sigItem, &hashItem, nullptr);
EXPECT_EQ(rv, SECSuccess);
}
void Verify(const Pkcs11SignatureTestParams& params) {
Verify(params, params.signature_);
}
void SignAndVerify(const Pkcs11SignatureTestParams& params) {
DataBuffer sig;
ASSERT_TRUE(
ImportPrivateKeyAndSignHashedData(params.pkcs8_, params.data_, &sig));
Verify(params, sig);
}
private:
CK_MECHANISM_TYPE mechanism_;
SECOidTag hash_oid_;
};
} // namespace nss_test