1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <memory>
#include "nss.h"
#include "pk11pub.h"
#include "sechash.h"
#include "nss_scoped_ptrs.h"
#include "databuffer.h"
#include "gtest/gtest.h"
namespace nss_test {
// For test vectors.
struct Pkcs11SignatureTestParams {
const DataBuffer pkcs8_;
const DataBuffer spki_;
const DataBuffer data_;
const DataBuffer signature_;
};
class Pk11SignatureTest : public ::testing::Test {
protected:
Pk11SignatureTest(CK_MECHANISM_TYPE mech, SECOidTag hash_oid,
CK_MECHANISM_TYPE combo)
: mechanism_(mech), hash_oid_(hash_oid), combo_(combo) {
skip_raw_ = false;
skip_digest_ = false;
}
Pk11SignatureTest(CK_MECHANISM_TYPE mech) : mechanism_(mech) {
skip_digest_ = true;
}
virtual const SECItem* parameters() const { return nullptr; }
CK_MECHANISM_TYPE mechanism() const { return mechanism_; }
void setSkipRaw(bool skip_raw) { skip_raw_ = true; }
bool ExportPrivateKey(ScopedSECKEYPrivateKey* key, DataBuffer& pkcs8) {
SECItem* pkcs8Item = PK11_ExportDERPrivateKeyInfo(key->get(), nullptr);
if (!pkcs8Item) {
return false;
}
pkcs8.Assign(pkcs8Item->data, pkcs8Item->len);
SECITEM_ZfreeItem(pkcs8Item, PR_TRUE);
return true;
}
ScopedSECKEYPrivateKey ImportPrivateKey(const DataBuffer& pkcs8);
ScopedSECKEYPublicKey ImportPublicKey(const DataBuffer& spki);
bool ComputeHash(const DataBuffer& data, DataBuffer* hash) {
hash->Allocate(static_cast<size_t>(HASH_ResultLenByOidTag(hash_oid_)));
SECStatus rv =
PK11_HashBuf(hash_oid_, hash->data(), data.data(), data.len());
return rv == SECSuccess;
}
bool SignRaw(ScopedSECKEYPrivateKey& privKey, const DataBuffer& hash,
DataBuffer* sig);
bool DigestAndSign(ScopedSECKEYPrivateKey& privKey, const DataBuffer& data,
DataBuffer* sig);
bool ImportPrivateKeyAndSignHashedData(const DataBuffer& pkcs8,
const DataBuffer& data,
DataBuffer* sig, DataBuffer* sig2);
/* most primitive verify implemented in pk11_signature_test.cpp */
void Verify(ScopedSECKEYPublicKey& pubKey, const DataBuffer& data,
const DataBuffer& sig, bool valid);
/* quick helper functions that use the primitive verify */
void Verify(ScopedSECKEYPublicKey& pubKey, const DataBuffer& data,
const DataBuffer& sig) {
Verify(pubKey, data, sig, true);
}
void Verify(const Pkcs11SignatureTestParams& params, const DataBuffer& sig,
bool valid) {
ScopedSECKEYPublicKey pubKey(ImportPublicKey(params.spki_));
ASSERT_TRUE(pubKey);
Verify(pubKey, params.data_, sig, valid);
}
void Verify(const Pkcs11SignatureTestParams& params, bool valid) {
Verify(params, params.signature_, valid);
}
void Verify(const Pkcs11SignatureTestParams& params) {
Verify(params, params.signature_, true);
}
void SignAndVerify(const Pkcs11SignatureTestParams& params) {
DataBuffer sig;
DataBuffer sig2;
ASSERT_TRUE(ImportPrivateKeyAndSignHashedData(params.pkcs8_, params.data_,
&sig, &sig2));
Verify(params, sig, true);
Verify(params, sig2, true);
}
void SignAndVerifyRaw(const Pkcs11SignatureTestParams& params) {
ScopedSECKEYPrivateKey privKey(ImportPrivateKey(params.pkcs8_));
ASSERT_NE(privKey, nullptr);
DataBuffer sig;
SignRaw(privKey, params.data_, &sig);
EXPECT_EQ(sig, params.signature_);
Verify(params, sig, true);
}
// Importing a private key in PKCS#8 format and reexporting it should
// result in the same binary representation.
void ImportExport(const DataBuffer& k) {
DataBuffer exported;
ScopedSECKEYPrivateKey key = ImportPrivateKey(k);
ExportPrivateKey(&key, exported);
EXPECT_EQ(k, exported);
}
private:
CK_MECHANISM_TYPE mechanism_;
SECOidTag hash_oid_;
CK_MECHANISM_TYPE combo_;
bool skip_raw_;
bool skip_digest_;
};
} // namespace nss_test
|
