diff options
Diffstat (limited to 'security/nss/gtests/pk11_gtest/pk11_signature_test.h')
-rw-r--r-- | security/nss/gtests/pk11_gtest/pk11_signature_test.h | 140 |
1 files changed, 71 insertions, 69 deletions
diff --git a/security/nss/gtests/pk11_gtest/pk11_signature_test.h b/security/nss/gtests/pk11_gtest/pk11_signature_test.h index b14104371..e6a0a9c57 100644 --- a/security/nss/gtests/pk11_gtest/pk11_signature_test.h +++ b/security/nss/gtests/pk11_gtest/pk11_signature_test.h @@ -9,37 +9,26 @@ #include "cpputil.h" #include "scoped_ptrs.h" -#include "databuffer.h" #include "gtest/gtest.h" namespace nss_test { -// For test vectors. -struct Pkcs11SignatureTestParams { - const DataBuffer pkcs8_; - const DataBuffer spki_; - const DataBuffer data_; - const DataBuffer signature_; -}; - class Pk11SignatureTest : public ::testing::Test { protected: - Pk11SignatureTest(CK_MECHANISM_TYPE mechanism, SECOidTag hash_oid) - : mechanism_(mechanism), hash_oid_(hash_oid) {} + virtual CK_MECHANISM_TYPE mechanism() = 0; + virtual SECItem* parameters() = 0; + virtual SECOidTag hashOID() = 0; - virtual const SECItem* parameters() const { return nullptr; } - CK_MECHANISM_TYPE mechanism() const { return mechanism_; } - - ScopedSECKEYPrivateKey ImportPrivateKey(const DataBuffer& pkcs8) { + ScopedSECKEYPrivateKey ImportPrivateKey(const uint8_t* pkcs8, + size_t pkcs8_len) { ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); if (!slot) { - ADD_FAILURE() << "No slot"; return nullptr; } - SECItem pkcs8Item = {siBuffer, toUcharPtr(pkcs8.data()), - static_cast<unsigned int>(pkcs8.len())}; + SECItem pkcs8Item = {siBuffer, toUcharPtr(pkcs8), + static_cast<unsigned int>(pkcs8_len)}; SECKEYPrivateKey* key = nullptr; SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( @@ -53,9 +42,9 @@ class Pk11SignatureTest : public ::testing::Test { return ScopedSECKEYPrivateKey(key); } - ScopedSECKEYPublicKey ImportPublicKey(const DataBuffer& spki) { - SECItem spkiItem = {siBuffer, toUcharPtr(spki.data()), - static_cast<unsigned int>(spki.len())}; + ScopedSECKEYPublicKey ImportPublicKey(const uint8_t* spki, size_t spki_len) { + SECItem spkiItem = {siBuffer, toUcharPtr(spki), + static_cast<unsigned int>(spki_len)}; ScopedCERTSubjectPublicKeyInfo certSpki( SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem)); @@ -63,74 +52,87 @@ class Pk11SignatureTest : public ::testing::Test { return ScopedSECKEYPublicKey(SECKEY_ExtractPublicKey(certSpki.get())); } - bool ComputeHash(const DataBuffer& data, DataBuffer* hash) { - hash->Allocate(static_cast<size_t>(HASH_ResultLenByOidTag(hash_oid_))); - SECStatus rv = - PK11_HashBuf(hash_oid_, hash->data(), data.data(), data.len()); - return rv == SECSuccess; + ScopedSECItem ComputeHash(const uint8_t* data, size_t len) { + unsigned int hLen = HASH_ResultLenByOidTag(hashOID()); + ScopedSECItem hash(SECITEM_AllocItem(nullptr, nullptr, hLen)); + if (!hash) { + return nullptr; + } + + SECStatus rv = PK11_HashBuf(hashOID(), hash->data, data, len); + if (rv != SECSuccess) { + return nullptr; + } + + return hash; } - bool SignHashedData(ScopedSECKEYPrivateKey& privKey, const DataBuffer& hash, - DataBuffer* sig) { - SECItem hashItem = {siBuffer, toUcharPtr(hash.data()), - static_cast<unsigned int>(hash.len())}; - int sigLen = PK11_SignatureLen(privKey.get()); - EXPECT_LT(0, sigLen); - sig->Allocate(static_cast<size_t>(sigLen)); - SECItem sigItem = {siBuffer, toUcharPtr(sig->data()), - static_cast<unsigned int>(sig->len())}; - SECStatus rv = PK11_SignWithMechanism(privKey.get(), mechanism_, - parameters(), &sigItem, &hashItem); - return rv == SECSuccess; + ScopedSECItem SignHashedData(ScopedSECKEYPrivateKey& privKey, + ScopedSECItem& hash) { + unsigned int sLen = PK11_SignatureLen(privKey.get()); + ScopedSECItem sig(SECITEM_AllocItem(nullptr, nullptr, sLen)); + if (!sig) { + return nullptr; + } + + SECStatus rv = PK11_SignWithMechanism(privKey.get(), mechanism(), + parameters(), sig.get(), hash.get()); + if (rv != SECSuccess) { + return nullptr; + } + + return sig; } - bool ImportPrivateKeyAndSignHashedData(const DataBuffer& pkcs8, - const DataBuffer& data, - DataBuffer* sig) { - ScopedSECKEYPrivateKey privKey(ImportPrivateKey(pkcs8)); + ScopedSECItem ImportPrivateKeyAndSignHashedData(const uint8_t* pkcs8, + size_t pkcs8_len, + const uint8_t* data, + size_t data_len) { + ScopedSECKEYPrivateKey privKey(ImportPrivateKey(pkcs8, pkcs8_len)); if (!privKey) { - return false; + return nullptr; } - DataBuffer hash; - if (!ComputeHash(data, &hash)) { - ADD_FAILURE() << "Failed to compute hash"; - return false; + ScopedSECItem hash(ComputeHash(data, data_len)); + if (!hash) { + return nullptr; } - return SignHashedData(privKey, hash, sig); + + return ScopedSECItem(SignHashedData(privKey, hash)); } - void Verify(const Pkcs11SignatureTestParams& params, const DataBuffer& sig) { - ScopedSECKEYPublicKey pubKey(ImportPublicKey(params.spki_)); + void Verify(const uint8_t* spki, size_t spki_len, const uint8_t* data, + size_t data_len, const uint8_t* sig, size_t sig_len) { + ScopedSECKEYPublicKey pubKey(ImportPublicKey(spki, spki_len)); ASSERT_TRUE(pubKey); - DataBuffer hash; - ASSERT_TRUE(ComputeHash(params.data_, &hash)); + ScopedSECItem hash(ComputeHash(data, data_len)); + ASSERT_TRUE(hash); + + SECItem sigItem = {siBuffer, toUcharPtr(sig), + static_cast<unsigned int>(sig_len)}; // Verify. - SECItem hashItem = {siBuffer, toUcharPtr(hash.data()), - static_cast<unsigned int>(hash.len())}; - SECItem sigItem = {siBuffer, toUcharPtr(sig.data()), - static_cast<unsigned int>(sig.len())}; SECStatus rv = PK11_VerifyWithMechanism( - pubKey.get(), mechanism_, parameters(), &sigItem, &hashItem, nullptr); + pubKey.get(), mechanism(), parameters(), &sigItem, hash.get(), nullptr); EXPECT_EQ(rv, SECSuccess); } - void Verify(const Pkcs11SignatureTestParams& params) { - Verify(params, params.signature_); - } + void SignAndVerify(const uint8_t* pkcs8, size_t pkcs8_len, + const uint8_t* spki, size_t spki_len, const uint8_t* data, + size_t data_len) { + ScopedSECItem sig( + ImportPrivateKeyAndSignHashedData(pkcs8, pkcs8_len, data, data_len)); + ASSERT_TRUE(sig); - void SignAndVerify(const Pkcs11SignatureTestParams& params) { - DataBuffer sig; - ASSERT_TRUE( - ImportPrivateKeyAndSignHashedData(params.pkcs8_, params.data_, &sig)); - Verify(params, sig); + Verify(spki, spki_len, data, data_len, sig->data, sig->len); } - - private: - CK_MECHANISM_TYPE mechanism_; - SECOidTag hash_oid_; }; +#define SIG_TEST_VECTOR_VERIFY(spki, data, sig) \ + Verify(spki, sizeof(spki), data, sizeof(data), sig, sizeof(sig)); + +#define SIG_TEST_VECTOR_SIGN_VERIFY(pkcs8, spki, data) \ + SignAndVerify(pkcs8, sizeof(pkcs8), spki, sizeof(spki), data, sizeof(data)); + } // namespace nss_test |