xref: /aosp_15_r20/external/cronet/crypto/unexportable_key_mac_unittest.mm (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1// Copyright 2024 The Chromium Authors
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "crypto/unexportable_key.h"
6
7#include "base/test/scoped_feature_list.h"
8#include "crypto/fake_apple_keychain_v2.h"
9#include "crypto/features.h"
10#include "crypto/scoped_fake_apple_keychain_v2.h"
11#include "crypto/signature_verifier.h"
12#include "testing/gtest/include/gtest/gtest.h"
13
14namespace crypto {
15
16namespace {
17
18constexpr char kTestKeychainAccessGroup[] = "test-keychain-access-group";
19constexpr SignatureVerifier::SignatureAlgorithm kAcceptableAlgos[] = {
20    SignatureVerifier::ECDSA_SHA256};
21
22const UnexportableKeyProvider::Config config = {
23    .keychain_access_group = kTestKeychainAccessGroup,
24};
25
26// Tests behaviour that is unique to the macOS implementation of unexportable
27// keys.
28class UnexportableKeyMacTest : public testing::Test {
29 protected:
30  ScopedFakeAppleKeychainV2 scoped_fake_apple_keychain_{
31      kTestKeychainAccessGroup};
32
33  base::test::ScopedFeatureList scoped_feature_list_{
34      kEnableMacUnexportableKeys};
35};
36
37TEST_F(UnexportableKeyMacTest, SecureEnclaveAvailability) {
38  for (bool available : {true, false}) {
39    scoped_fake_apple_keychain_.keychain()->set_secure_enclave_available(
40        available);
41    EXPECT_EQ(GetUnexportableKeyProvider(config) != nullptr, available);
42  }
43}
44
45TEST_F(UnexportableKeyMacTest, DeleteSigningKey) {
46  std::unique_ptr<UnexportableKeyProvider> provider =
47      GetUnexportableKeyProvider(config);
48  std::unique_ptr<UnexportableSigningKey> key =
49      provider->GenerateSigningKeySlowly(kAcceptableAlgos);
50  ASSERT_TRUE(key);
51  ASSERT_TRUE(provider->FromWrappedSigningKeySlowly(key->GetWrappedKey()));
52  EXPECT_TRUE(provider->DeleteSigningKey(key->GetWrappedKey()));
53  EXPECT_FALSE(provider->FromWrappedSigningKeySlowly(key->GetWrappedKey()));
54  EXPECT_TRUE(scoped_fake_apple_keychain_.keychain()->items().empty());
55}
56
57TEST_F(UnexportableKeyMacTest, DeleteUnknownSigningKey) {
58  std::unique_ptr<UnexportableKeyProvider> provider =
59      GetUnexportableKeyProvider(config);
60  EXPECT_FALSE(provider->DeleteSigningKey(std::vector<uint8_t>{1, 2, 3}));
61}
62
63TEST_F(UnexportableKeyMacTest, GetSecKeyRef) {
64  auto provider = GetUnexportableKeyProvider(config);
65  ASSERT_TRUE(provider);
66  auto key = provider->GenerateSigningKeySlowly(kAcceptableAlgos);
67  ASSERT_TRUE(key);
68  EXPECT_TRUE(key->GetSecKeyRef());
69}
70
71}  // namespace
72
73}  // namespace crypto
74