OLD | NEW |
1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "login_manager/owner_key.h" | 5 #include "login_manager/owner_key.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include <base/crypto/rsa_private_key.h> | 9 #include <base/crypto/rsa_private_key.h> |
10 #include <base/basictypes.h> | 10 #include <base/basictypes.h> |
11 #include <base/file_path.h> | 11 #include <base/file_path.h> |
(...skipping 19 matching lines...) Expand all Loading... |
31 file_util::Delete(tmpfile_, false); | 31 file_util::Delete(tmpfile_, false); |
32 } | 32 } |
33 | 33 |
34 FilePath tmpfile_; | 34 FilePath tmpfile_; |
35 | 35 |
36 private: | 36 private: |
37 ScopedTempDir tmpdir_; | 37 ScopedTempDir tmpdir_; |
38 DISALLOW_COPY_AND_ASSIGN(OwnerKeyTest); | 38 DISALLOW_COPY_AND_ASSIGN(OwnerKeyTest); |
39 }; | 39 }; |
40 | 40 |
| 41 TEST_F(OwnerKeyTest, Equals) { |
| 42 // Set up an empty key |
| 43 StartUnowned(); |
| 44 OwnerKey key(tmpfile_); |
| 45 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); |
| 46 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 47 ASSERT_FALSE(key.IsPopulated()); |
| 48 |
| 49 // Trivial case. |
| 50 EXPECT_TRUE(key.VEquals(std::vector<uint8>())); |
| 51 |
| 52 // Ensure that 0-length keys don't cause us to return true for everything. |
| 53 std::vector<uint8> fake(1, 1); |
| 54 EXPECT_FALSE(key.VEquals(fake)); |
| 55 |
| 56 // Populate the key. |
| 57 ASSERT_TRUE(key.PopulateFromBuffer(fake)); |
| 58 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 59 ASSERT_TRUE(key.IsPopulated()); |
| 60 |
| 61 // Real comparison. |
| 62 EXPECT_TRUE(key.VEquals(fake)); |
| 63 } |
| 64 |
41 TEST_F(OwnerKeyTest, LoadKey) { | 65 TEST_F(OwnerKeyTest, LoadKey) { |
42 OwnerKey key(tmpfile_); | 66 OwnerKey key(tmpfile_); |
43 ASSERT_FALSE(key.HaveCheckedDisk()); | 67 ASSERT_FALSE(key.HaveCheckedDisk()); |
44 ASSERT_FALSE(key.IsPopulated()); | 68 ASSERT_FALSE(key.IsPopulated()); |
45 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); | 69 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); |
46 ASSERT_TRUE(key.HaveCheckedDisk()); | 70 ASSERT_TRUE(key.HaveCheckedDisk()); |
47 ASSERT_TRUE(key.IsPopulated()); | 71 ASSERT_TRUE(key.IsPopulated()); |
48 } | 72 } |
49 | 73 |
50 TEST_F(OwnerKeyTest, NoKeyToLoad) { | 74 TEST_F(OwnerKeyTest, NoKeyToLoad) { |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
113 ASSERT_TRUE(key.IsPopulated()); | 137 ASSERT_TRUE(key.IsPopulated()); |
114 } | 138 } |
115 | 139 |
116 TEST_F(OwnerKeyTest, SignVerify) { | 140 TEST_F(OwnerKeyTest, SignVerify) { |
117 StartUnowned(); | 141 StartUnowned(); |
118 OwnerKey key(tmpfile_); | 142 OwnerKey key(tmpfile_); |
119 | 143 |
120 base::EnsureNSSInit(); | 144 base::EnsureNSSInit(); |
121 base::OpenPersistentNSSDB(); | 145 base::OpenPersistentNSSDB(); |
122 scoped_ptr<base::RSAPrivateKey> pair( | 146 scoped_ptr<base::RSAPrivateKey> pair( |
123 base::RSAPrivateKey::CreateSensitive(2048)); | 147 base::RSAPrivateKey::CreateSensitive(512)); |
124 ASSERT_NE(pair.get(), reinterpret_cast<base::RSAPrivateKey*>(NULL)); | 148 ASSERT_NE(pair.get(), reinterpret_cast<base::RSAPrivateKey*>(NULL)); |
125 | 149 |
126 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); | 150 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); |
127 ASSERT_TRUE(key.HaveCheckedDisk()); | 151 ASSERT_TRUE(key.HaveCheckedDisk()); |
128 ASSERT_FALSE(key.IsPopulated()); | 152 ASSERT_FALSE(key.IsPopulated()); |
129 | 153 |
130 std::vector<uint8> to_export; | 154 std::vector<uint8> to_export; |
131 ASSERT_TRUE(pair->ExportPublicKey(&to_export)); | 155 ASSERT_TRUE(pair->ExportPublicKey(&to_export)); |
132 ASSERT_TRUE(key.PopulateFromBuffer(to_export)); | 156 ASSERT_TRUE(key.PopulateFromBuffer(to_export)); |
133 ASSERT_TRUE(key.HaveCheckedDisk()); | 157 ASSERT_TRUE(key.HaveCheckedDisk()); |
134 ASSERT_TRUE(key.IsPopulated()); | 158 ASSERT_TRUE(key.IsPopulated()); |
135 | 159 |
136 std::string data("whatever"); | 160 std::string data("whatever"); |
| 161 const uint8* data_p = reinterpret_cast<const uint8*>(data.c_str()); |
137 std::vector<uint8> signature; | 162 std::vector<uint8> signature; |
138 EXPECT_TRUE(key.Sign(data.c_str(), data.length(), &signature)); | 163 EXPECT_TRUE(key.Sign(data_p, data.length(), &signature)); |
139 EXPECT_TRUE(key.Verify(data.c_str(), | 164 EXPECT_TRUE(key.Verify(data_p, |
140 data.length(), | 165 data.length(), |
141 reinterpret_cast<const char*>(&signature[0]), | 166 &signature[0], |
142 signature.size())); | 167 signature.size())); |
143 } | 168 } |
| 169 |
| 170 TEST_F(OwnerKeyTest, RotateKey) { |
| 171 StartUnowned(); |
| 172 OwnerKey key(tmpfile_); |
| 173 |
| 174 base::EnsureNSSInit(); |
| 175 base::OpenPersistentNSSDB(); |
| 176 scoped_ptr<base::RSAPrivateKey> pair( |
| 177 base::RSAPrivateKey::CreateSensitive(512)); |
| 178 ASSERT_NE(pair.get(), reinterpret_cast<base::RSAPrivateKey*>(NULL)); |
| 179 |
| 180 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); |
| 181 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 182 ASSERT_FALSE(key.IsPopulated()); |
| 183 |
| 184 std::vector<uint8> to_export; |
| 185 ASSERT_TRUE(pair->ExportPublicKey(&to_export)); |
| 186 ASSERT_TRUE(key.PopulateFromBuffer(to_export)); |
| 187 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 188 ASSERT_TRUE(key.IsPopulated()); |
| 189 ASSERT_TRUE(key.Persist()); |
| 190 |
| 191 OwnerKey key2(tmpfile_); |
| 192 ASSERT_TRUE(key2.PopulateFromDiskIfPossible()); |
| 193 ASSERT_TRUE(key2.HaveCheckedDisk()); |
| 194 ASSERT_TRUE(key2.IsPopulated()); |
| 195 |
| 196 scoped_ptr<base::RSAPrivateKey> new_pair( |
| 197 base::RSAPrivateKey::CreateSensitive(512)); |
| 198 ASSERT_NE(new_pair.get(), reinterpret_cast<base::RSAPrivateKey*>(NULL)); |
| 199 std::vector<uint8> new_export; |
| 200 ASSERT_TRUE(new_pair->ExportPublicKey(&new_export)); |
| 201 |
| 202 std::vector<uint8> signature; |
| 203 ASSERT_TRUE(key2.Sign(&new_export[0], new_export.size(), &signature)); |
| 204 ASSERT_TRUE(key2.Rotate(new_export, signature)); |
| 205 ASSERT_TRUE(key2.Persist()); |
| 206 } |
| 207 |
| 208 TEST_F(OwnerKeyTest, ClobberKey) { |
| 209 OwnerKey key(tmpfile_); |
| 210 |
| 211 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); |
| 212 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 213 ASSERT_TRUE(key.IsPopulated()); |
| 214 |
| 215 std::vector<uint8> fake(1, 1); |
| 216 key.ClobberCompromisedKey(fake); |
| 217 ASSERT_TRUE(key.VEquals(fake)); |
| 218 ASSERT_TRUE(key.Persist()); |
| 219 } |
| 220 |
144 } // namespace login_manager | 221 } // namespace login_manager |
OLD | NEW |