| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "login_manager/owner_key.h" | 5 #include "login_manager/owner_key.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include <base/crypto/rsa_private_key.h> | 9 #include <base/crypto/rsa_private_key.h> |
| 10 #include <base/basictypes.h> | 10 #include <base/basictypes.h> |
| 11 #include <base/file_path.h> | 11 #include <base/file_path.h> |
| (...skipping 19 matching lines...) Expand all Loading... |
| 31 file_util::Delete(tmpfile_, false); | 31 file_util::Delete(tmpfile_, false); |
| 32 } | 32 } |
| 33 | 33 |
| 34 FilePath tmpfile_; | 34 FilePath tmpfile_; |
| 35 | 35 |
| 36 private: | 36 private: |
| 37 ScopedTempDir tmpdir_; | 37 ScopedTempDir tmpdir_; |
| 38 DISALLOW_COPY_AND_ASSIGN(OwnerKeyTest); | 38 DISALLOW_COPY_AND_ASSIGN(OwnerKeyTest); |
| 39 }; | 39 }; |
| 40 | 40 |
| 41 TEST_F(OwnerKeyTest, Equals) { |
| 42 // Set up an empty key |
| 43 StartUnowned(); |
| 44 OwnerKey key(tmpfile_); |
| 45 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); |
| 46 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 47 ASSERT_FALSE(key.IsPopulated()); |
| 48 |
| 49 // Trivial case. |
| 50 EXPECT_TRUE(key.VEquals(std::vector<uint8>())); |
| 51 |
| 52 // Ensure that 0-length keys don't cause us to return true for everything. |
| 53 std::vector<uint8> fake(1, 1); |
| 54 EXPECT_FALSE(key.VEquals(fake)); |
| 55 |
| 56 // Populate the key. |
| 57 ASSERT_TRUE(key.PopulateFromBuffer(fake)); |
| 58 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 59 ASSERT_TRUE(key.IsPopulated()); |
| 60 |
| 61 // Real comparison. |
| 62 EXPECT_TRUE(key.VEquals(fake)); |
| 63 } |
| 64 |
| 41 TEST_F(OwnerKeyTest, LoadKey) { | 65 TEST_F(OwnerKeyTest, LoadKey) { |
| 42 OwnerKey key(tmpfile_); | 66 OwnerKey key(tmpfile_); |
| 43 ASSERT_FALSE(key.HaveCheckedDisk()); | 67 ASSERT_FALSE(key.HaveCheckedDisk()); |
| 44 ASSERT_FALSE(key.IsPopulated()); | 68 ASSERT_FALSE(key.IsPopulated()); |
| 45 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); | 69 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); |
| 46 ASSERT_TRUE(key.HaveCheckedDisk()); | 70 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 47 ASSERT_TRUE(key.IsPopulated()); | 71 ASSERT_TRUE(key.IsPopulated()); |
| 48 } | 72 } |
| 49 | 73 |
| 50 TEST_F(OwnerKeyTest, NoKeyToLoad) { | 74 TEST_F(OwnerKeyTest, NoKeyToLoad) { |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 113 ASSERT_TRUE(key.IsPopulated()); | 137 ASSERT_TRUE(key.IsPopulated()); |
| 114 } | 138 } |
| 115 | 139 |
| 116 TEST_F(OwnerKeyTest, SignVerify) { | 140 TEST_F(OwnerKeyTest, SignVerify) { |
| 117 StartUnowned(); | 141 StartUnowned(); |
| 118 OwnerKey key(tmpfile_); | 142 OwnerKey key(tmpfile_); |
| 119 | 143 |
| 120 base::EnsureNSSInit(); | 144 base::EnsureNSSInit(); |
| 121 base::OpenPersistentNSSDB(); | 145 base::OpenPersistentNSSDB(); |
| 122 scoped_ptr<base::RSAPrivateKey> pair( | 146 scoped_ptr<base::RSAPrivateKey> pair( |
| 123 base::RSAPrivateKey::CreateSensitive(2048)); | 147 base::RSAPrivateKey::CreateSensitive(512)); |
| 124 ASSERT_NE(pair.get(), reinterpret_cast<base::RSAPrivateKey*>(NULL)); | 148 ASSERT_NE(pair.get(), reinterpret_cast<base::RSAPrivateKey*>(NULL)); |
| 125 | 149 |
| 126 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); | 150 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); |
| 127 ASSERT_TRUE(key.HaveCheckedDisk()); | 151 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 128 ASSERT_FALSE(key.IsPopulated()); | 152 ASSERT_FALSE(key.IsPopulated()); |
| 129 | 153 |
| 130 std::vector<uint8> to_export; | 154 std::vector<uint8> to_export; |
| 131 ASSERT_TRUE(pair->ExportPublicKey(&to_export)); | 155 ASSERT_TRUE(pair->ExportPublicKey(&to_export)); |
| 132 ASSERT_TRUE(key.PopulateFromBuffer(to_export)); | 156 ASSERT_TRUE(key.PopulateFromBuffer(to_export)); |
| 133 ASSERT_TRUE(key.HaveCheckedDisk()); | 157 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 134 ASSERT_TRUE(key.IsPopulated()); | 158 ASSERT_TRUE(key.IsPopulated()); |
| 135 | 159 |
| 136 std::string data("whatever"); | 160 std::string data("whatever"); |
| 161 const uint8* data_p = reinterpret_cast<const uint8*>(data.c_str()); |
| 137 std::vector<uint8> signature; | 162 std::vector<uint8> signature; |
| 138 EXPECT_TRUE(key.Sign(data.c_str(), data.length(), &signature)); | 163 EXPECT_TRUE(key.Sign(data_p, data.length(), &signature)); |
| 139 EXPECT_TRUE(key.Verify(data.c_str(), | 164 EXPECT_TRUE(key.Verify(data_p, |
| 140 data.length(), | 165 data.length(), |
| 141 reinterpret_cast<const char*>(&signature[0]), | 166 &signature[0], |
| 142 signature.size())); | 167 signature.size())); |
| 143 } | 168 } |
| 169 |
| 170 TEST_F(OwnerKeyTest, RotateKey) { |
| 171 StartUnowned(); |
| 172 OwnerKey key(tmpfile_); |
| 173 |
| 174 base::EnsureNSSInit(); |
| 175 base::OpenPersistentNSSDB(); |
| 176 scoped_ptr<base::RSAPrivateKey> pair( |
| 177 base::RSAPrivateKey::CreateSensitive(512)); |
| 178 ASSERT_NE(pair.get(), reinterpret_cast<base::RSAPrivateKey*>(NULL)); |
| 179 |
| 180 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); |
| 181 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 182 ASSERT_FALSE(key.IsPopulated()); |
| 183 |
| 184 std::vector<uint8> to_export; |
| 185 ASSERT_TRUE(pair->ExportPublicKey(&to_export)); |
| 186 ASSERT_TRUE(key.PopulateFromBuffer(to_export)); |
| 187 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 188 ASSERT_TRUE(key.IsPopulated()); |
| 189 ASSERT_TRUE(key.Persist()); |
| 190 |
| 191 OwnerKey key2(tmpfile_); |
| 192 ASSERT_TRUE(key2.PopulateFromDiskIfPossible()); |
| 193 ASSERT_TRUE(key2.HaveCheckedDisk()); |
| 194 ASSERT_TRUE(key2.IsPopulated()); |
| 195 |
| 196 scoped_ptr<base::RSAPrivateKey> new_pair( |
| 197 base::RSAPrivateKey::CreateSensitive(512)); |
| 198 ASSERT_NE(new_pair.get(), reinterpret_cast<base::RSAPrivateKey*>(NULL)); |
| 199 std::vector<uint8> new_export; |
| 200 ASSERT_TRUE(new_pair->ExportPublicKey(&new_export)); |
| 201 |
| 202 std::vector<uint8> signature; |
| 203 ASSERT_TRUE(key2.Sign(&new_export[0], new_export.size(), &signature)); |
| 204 ASSERT_TRUE(key2.Rotate(new_export, signature)); |
| 205 ASSERT_TRUE(key2.Persist()); |
| 206 } |
| 207 |
| 208 TEST_F(OwnerKeyTest, ClobberKey) { |
| 209 OwnerKey key(tmpfile_); |
| 210 |
| 211 ASSERT_TRUE(key.PopulateFromDiskIfPossible()); |
| 212 ASSERT_TRUE(key.HaveCheckedDisk()); |
| 213 ASSERT_TRUE(key.IsPopulated()); |
| 214 |
| 215 std::vector<uint8> fake(1, 1); |
| 216 key.ClobberCompromisedKey(fake); |
| 217 ASSERT_TRUE(key.VEquals(fake)); |
| 218 ASSERT_TRUE(key.Persist()); |
| 219 } |
| 220 |
| 144 } // namespace login_manager | 221 } // namespace login_manager |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6793055:
[login_manager] Allow new owner keys to be pushed with StorePolicy (Closed)
Base URL: http://git.chromium.org/git/login_manager.git@master