From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- .../nss/gtests/pk11_gtest/pk11_signature_test.h | 115 +++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 security/nss/gtests/pk11_gtest/pk11_signature_test.h (limited to 'security/nss/gtests/pk11_gtest/pk11_signature_test.h') diff --git a/security/nss/gtests/pk11_gtest/pk11_signature_test.h b/security/nss/gtests/pk11_gtest/pk11_signature_test.h new file mode 100644 index 0000000000..c4a8c52c38 --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_signature_test.h @@ -0,0 +1,115 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include +#include "nss.h" +#include "pk11pub.h" +#include "sechash.h" + +#include "nss_scoped_ptrs.h" +#include "databuffer.h" + +#include "gtest/gtest.h" + +namespace nss_test { + +// For test vectors. +struct Pkcs11SignatureTestParams { + const DataBuffer pkcs8_; + const DataBuffer spki_; + const DataBuffer data_; + const DataBuffer signature_; +}; + +class Pk11SignatureTest : public ::testing::Test { + protected: + Pk11SignatureTest(CK_MECHANISM_TYPE mech, SECOidTag hash_oid, + CK_MECHANISM_TYPE combo) + : mechanism_(mech), hash_oid_(hash_oid), combo_(combo) { + skip_raw_ = false; + } + + virtual const SECItem* parameters() const { return nullptr; } + CK_MECHANISM_TYPE mechanism() const { return mechanism_; } + void setSkipRaw(bool skip_raw) { skip_raw_ = true; } + + bool ExportPrivateKey(ScopedSECKEYPrivateKey* key, DataBuffer& pkcs8) { + SECItem* pkcs8Item = PK11_ExportDERPrivateKeyInfo(key->get(), nullptr); + if (!pkcs8Item) { + return false; + } + pkcs8.Assign(pkcs8Item->data, pkcs8Item->len); + SECITEM_ZfreeItem(pkcs8Item, PR_TRUE); + return true; + } + + ScopedSECKEYPrivateKey ImportPrivateKey(const DataBuffer& pkcs8); + ScopedSECKEYPublicKey ImportPublicKey(const DataBuffer& spki); + + bool ComputeHash(const DataBuffer& data, DataBuffer* hash) { + hash->Allocate(static_cast(HASH_ResultLenByOidTag(hash_oid_))); + SECStatus rv = + PK11_HashBuf(hash_oid_, hash->data(), data.data(), data.len()); + return rv == SECSuccess; + } + + bool SignHashedData(ScopedSECKEYPrivateKey& privKey, const DataBuffer& hash, + DataBuffer* sig); + bool SignData(ScopedSECKEYPrivateKey& privKey, const DataBuffer& data, + DataBuffer* sig); + bool ImportPrivateKeyAndSignHashedData(const DataBuffer& pkcs8, + const DataBuffer& data, + DataBuffer* sig, DataBuffer* sig2); + + /* most primitive verify implemented in pk11_signature_test.cpp */ + void Verify(ScopedSECKEYPublicKey& pubKey, const DataBuffer& data, + const DataBuffer& sig, bool valid); + + /* quick helper functions that use the primitive verify */ + void Verify(ScopedSECKEYPublicKey& pubKey, const DataBuffer& data, + const DataBuffer& sig) { + Verify(pubKey, data, sig, true); + } + + void Verify(const Pkcs11SignatureTestParams& params, const DataBuffer& sig, + bool valid) { + ScopedSECKEYPublicKey pubKey(ImportPublicKey(params.spki_)); + ASSERT_TRUE(pubKey); + Verify(pubKey, params.data_, sig, valid); + } + + void Verify(const Pkcs11SignatureTestParams& params, bool valid) { + Verify(params, params.signature_, valid); + } + + void Verify(const Pkcs11SignatureTestParams& params) { + Verify(params, params.signature_, true); + } + + void SignAndVerify(const Pkcs11SignatureTestParams& params) { + DataBuffer sig; + DataBuffer sig2; + ASSERT_TRUE(ImportPrivateKeyAndSignHashedData(params.pkcs8_, params.data_, + &sig, &sig2)); + Verify(params, sig, true); + Verify(params, sig2, true); + } + + // Importing a private key in PKCS#8 format and reexporting it should + // result in the same binary representation. + void ImportExport(const DataBuffer& k) { + DataBuffer exported; + ScopedSECKEYPrivateKey key = ImportPrivateKey(k); + ExportPrivateKey(&key, exported); + EXPECT_EQ(k, exported); + } + + private: + CK_MECHANISM_TYPE mechanism_; + SECOidTag hash_oid_; + CK_MECHANISM_TYPE combo_; + bool skip_raw_; +}; + +} // namespace nss_test -- cgit v1.2.3