diff options
author | spang <spang@chromium.org> | 2015-05-01 14:01:57 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-05-01 21:02:38 +0000 |
commit | 9ce3458d9a03b38ca717291d08d564e12fd8254a (patch) | |
tree | b0f4570294cfb11e72f16cf0e424f40313ff2fdb /crypto/nss_key_util_unittest.cc | |
parent | c10dfc7c662c078a7310e6c7d6041763150ce494 (diff) | |
download | chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.zip chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.tar.gz chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.tar.bz2 |
Revert of Don't use RSAPrivateKey in NSS integration code. (patchset #6 id:100001 of https://codereview.chromium.org/1106103003/)
Reason for revert:
Causes SEGV during login on Chrome OS
BUG=483606
Original issue's description:
> Don't use RSAPrivateKey in NSS integration code.
>
> Currently some NSS platform integration logic transits private keys through
> RSAPrivateKey on CrOS. This prevents incrementally switching RSAPrivateKey to
> BoringSSL while keeping platform integrations on NSS.
>
> The intent of this change is to clarify RSAPrivateKey as a BoringSSL vs NSS
> internal crypto library (use_openssl=0 vs use_openssl=1) abstraction. It's
> primarily to be used with SignatureCreator. Code which uses NSS based on
> use_nss_certs rather than use_openssl because the underlying platform is NSS
> should call NSS routines directly, or introduce different abstractions.
>
> Remove the problematic RSAPrivateKey methods and instead add
> crypto/nss_key_util.h which contains some helper functions for manipulating NSS
> keys. This is sufficient to allow consumers of the removed methods to use NSS
> directly with about as much code. (This should not set back migrating that
> logic to NSS as that code was already very NSS-specific; those APIs assumed
> PK11SlotInfo.)
>
> nss_key_util.h, like nss_util.h, is built whenever NSS is used either
> internally or for platform integrations. This is so rsa_private_key_nss.cc can
> continue to use the helper functions to implement the NSS-agnostic interface.
>
> With this, the chimera CrOS configuration should build. The RSAPrivateKey logic
> is functional with the exception of some logic in components/ownership. That
> will be resolved in a future CL.
>
> BUG=478777
>
> Committed: https://crrev.com/a46a990b2ccae2b66e87b5f76d2866044dc3182e
> Cr-Commit-Position: refs/heads/master@{#327909}
TBR=rsleevi@chromium.org,pneubeck@chromium.org,dpolukhin@chromium.org,caitkp@chromium.org,davidben@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=483606
Review URL: https://codereview.chromium.org/1118263003
Cr-Commit-Position: refs/heads/master@{#327978}
Diffstat (limited to 'crypto/nss_key_util_unittest.cc')
-rw-r--r-- | crypto/nss_key_util_unittest.cc | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/crypto/nss_key_util_unittest.cc b/crypto/nss_key_util_unittest.cc deleted file mode 100644 index f8de8e2..0000000 --- a/crypto/nss_key_util_unittest.cc +++ /dev/null @@ -1,87 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "crypto/nss_key_util.h" - -#include <keyhi.h> -#include <pk11pub.h> - -#include <vector> - -#include "crypto/nss_util.h" -#include "crypto/scoped_nss_types.h" -#include "testing/gtest/include/gtest/gtest.h" - -namespace crypto { - -class NSSKeyUtilTest : public testing::Test { - public: - void SetUp() override { - EnsureNSSInit(); - - internal_slot_.reset(PK11_GetInternalSlot()); - ASSERT_TRUE(internal_slot_); - } - - PK11SlotInfo* internal_slot() { return internal_slot_.get(); } - - private: - ScopedPK11Slot internal_slot_; -}; - -TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) { - const int kKeySizeBits = 1024; - - ScopedSECKEYPublicKey public_key; - ScopedSECKEYPrivateKey private_key; - ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), kKeySizeBits, - false /* not permanent */, &public_key, - &private_key)); - - EXPECT_EQ(rsaKey, SECKEY_GetPublicKeyType(public_key.get())); - EXPECT_EQ(rsaKey, SECKEY_GetPrivateKeyType(private_key.get())); - EXPECT_EQ((kKeySizeBits + 7) / 8, - PK11_GetPrivateModulusLen(private_key.get())); -} - -#if defined(USE_NSS_CERTS) -TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) { - // Create an NSS keypair, which will put the keys in the user's NSSDB. - ScopedSECKEYPublicKey public_key; - ScopedSECKEYPrivateKey private_key; - ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 256, - false /* not permanent */, &public_key, - &private_key)); - - ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get())); - ASSERT_TRUE(item); - std::vector<uint8_t> public_key_der(item->data, item->data + item->len); - - ScopedSECKEYPrivateKey private_key2 = - FindNSSKeyFromPublicKeyInfo(public_key_der); - ASSERT_TRUE(private_key2); - EXPECT_EQ(private_key->pkcs11ID, private_key2->pkcs11ID); -} - -TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) { - // Create an NSS keypair, which will put the keys in the user's NSSDB. - ScopedSECKEYPublicKey public_key; - ScopedSECKEYPrivateKey private_key; - ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 256, - false /* not permanent */, &public_key, - &private_key)); - - ScopedSECItem item(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get())); - ASSERT_TRUE(item); - std::vector<uint8_t> public_key_der(item->data, item->data + item->len); - - // Remove the keys from the DB, and make sure we can't find them again. - PK11_DestroyTokenObject(private_key->pkcs11Slot, private_key->pkcs11ID); - PK11_DestroyTokenObject(public_key->pkcs11Slot, public_key->pkcs11ID); - - EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der)); -} -#endif // defined(USE_NSS_CERTS) - -} // namespace crypto |