Add parsers for the Encryption and Encryption-Key HTTP headers.

components/gcm_driver/crypto/encryption_header_parsers_unittest.cc

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/gcm_driver/crypto/encryption_header_parsers.h"
+
+#include <vector>
+
+#include "base/macros.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace gcm {
+
+namespace {
+
+// URL-safe base64 encoded (and plaintext representation of -) salt, key and dh.
+// Included as preprocessor string literals for more convenient concatenation.
+#define ENCODED_SALT "c2l4dGVlbmNvb2xieXRlcw"
+#define ENCODED_KEY "c2V2ZW50ZWVuYnl0ZXN5YXk"
+#define ENCODED_DH "bXlkaWZmaWVoZWxsbWFu"
+
+const char kDecodedSalt[] = "sixteencoolbytes";
+const char kDecodedKey[] = "seventeenbytesyay";
+const char kDecodedDh[] = "mydiffiehellman";
+
+EncryptionHeaderValue CreateEncryptionHeaderValue(
+    const std::string& keyid, const std::string& salt, int64_t rs) {
+  EncryptionHeaderValue parsed;
+  parsed.keyid = keyid;
+  parsed.salt = salt;
+  parsed.rs = rs;
+
+  return parsed;
+}
+
+EncryptionKeyHeaderValue CreateEncryptionKeyHeaderValue(
+    const std::string& keyid, const std::string& key, const std::string& dh) {
+  EncryptionKeyHeaderValue header;
+  header.keyid = keyid;
+  header.key = key;
+  header.dh = dh;
+
+  return header;
+}
+
+TEST(EncryptionHeaderParsersTest, ParseSingleEncryptionHeaders) {
+  struct {
+    const char* const header;
+    EncryptionHeaderValue parsed;
+  } expected_results[] = {
+    { "keyid=foo; salt=" ENCODED_SALT "; rs=1024",

[johnme, 2015/07/20 19:15:19]

Are you sure "; " is allowed?
https://tools.ietf.org/html/draft-thomson-http-encryption-01#section-3 seems to
imply that no whitespace should be used, though I'm not an expert at ABNF.

[Peter Beverloo, 2015/07/20 22:44:33]

The examples in the same draft use spaces, and this seems common for HTTP
headers (e.g. Content-Type). I agree that the syntax is confusing, I'll poke
Martin on Thursday.

+      CreateEncryptionHeaderValue("foo", kDecodedSalt, 1024) },
+    { "keyid='foo'; salt='" ENCODED_SALT "'; rs='1024'",

[johnme, 2015/07/20 19:15:19]

It seems according to https://tools.ietf.org/html/rfc7231 that "parameter name
tokens are case-insensitive" (though it's unclear if that applies in all cases).
If that applies, can you add tests for mixed case and uppercase parameter names?

Also, "Parameter values might or might not be case-sensitive, depending on the
semantics of the parameter name."; clearly base64 needs to be case-sensitive,
but are there e.g. any hex parameters?

[Peter Beverloo, 2015/07/20 22:44:33]

Good point. Will do.
|keyid| would be case sensitive, but we're not using it right now.

[Peter Beverloo, 2015/07/21 17:51:30]

Done.

+      CreateEncryptionHeaderValue("foo", kDecodedSalt, 1024) },
+    { "keyid=\"foo\"; salt=\"" ENCODED_SALT "\"; rs=\"1024\"",
+      CreateEncryptionHeaderValue("foo", kDecodedSalt, 1024) },
+    { "keyid=foo;salt=" ENCODED_SALT ";rs=1024",
+      CreateEncryptionHeaderValue("foo", kDecodedSalt, 1024) },
+    { "keyid=foo;salt=" ENCODED_SALT ";rs=1024;random=yes",
+      CreateEncryptionHeaderValue("foo", kDecodedSalt, 1024) },
+    { "rs=1024; salt=" ENCODED_SALT "; keyid=foo",
+      CreateEncryptionHeaderValue("foo", kDecodedSalt, 1024) },
+    { "salt=" ENCODED_SALT "; keyid='foo; rs=1024'",
+      CreateEncryptionHeaderValue("foo; rs=1024", kDecodedSalt, 4096) },
+    { "salt=" ENCODED_SALT "; rs=1024",
+      CreateEncryptionHeaderValue("", kDecodedSalt, 1024) },
+    { "salt=" ENCODED_SALT,
+      CreateEncryptionHeaderValue("", kDecodedSalt, 4096) }
+  };
+
+  for (size_t i = 0; i < arraysize(expected_results); i++) {
+    SCOPED_TRACE(i);

[johnme, 2015/07/21 14:34:43]

Nice :)

+
+    std::vector<EncryptionHeaderValue> result;
+    ASSERT_TRUE(ParseEncryptionHeader(expected_results[i].header, &result));
+    ASSERT_EQ(1u, result.size());
+
+    EXPECT_EQ(expected_results[i].parsed.keyid, result[0].keyid);
+    EXPECT_EQ(expected_results[i].parsed.salt, result[0].salt);
+    EXPECT_EQ(expected_results[i].parsed.rs, result[0].rs);
+  }
+}
+
+TEST(EncryptionHeaderParsersTest, ParseInvalidSingleEncryptionHeaders) {
+  const char* const expected_failures[] = {
+    // The "salt" attribute is required.
+    "keyid=foo",
+    // The "salt" attribute must be exactly 16-bytes, base64 URL encoded.
+    "salt=foobar",
+    "salt='c2l4dGVlbmNvb2xieXRlcw=='",
+    // Non-decimal record sizes are not supported.
+    "salt=" ENCODED_SALT ";rs=bar",
+    // Record sizes smaller than 2 are not supported.

[johnme, 2015/07/21 14:34:43]

Please also check that a record size of 9,223,372,036,854,775,808 (i.e. one
greater than the largest 64-bit signed value) fails to parse (or set a smaller
limit).

[Peter Beverloo, 2015/07/21 17:51:30]

Done.

+    "salt=" ENCODED_SALT ";rs=0"
+  };
+
+  for (size_t i = 0; i < arraysize(expected_failures); i++) {
+    SCOPED_TRACE(i);
+
+    std::vector<EncryptionHeaderValue> result;
+    ASSERT_FALSE(ParseEncryptionHeader(expected_failures[i], &result));
+    EXPECT_EQ(0u, result.size());
+  }
+}
+
+TEST(EncryptionHeaderParsersTest, ParseMultipleEncryptionHeaders) {

[johnme, 2015/07/20 19:15:19]

Please add a test that you support the freaky empty list elements that
https://tools.ietf.org/html/rfc7230#section-7 requires you to support, e.g.:

"foo,bar"
"foo ,bar,"
"foo , ,bar,charlie   "

where foo/bar/charlie are valid keyid;salt;rs tuples.

[Peter Beverloo, 2015/07/21 17:51:30]

Added a comma.

+  const char* const header =
+      "keyid=foo1; salt=" ENCODED_SALT "; rs=1024,"
+      "keyid='foo2, '; salt=" ENCODED_SALT "; rs=2048";
+
+  std::vector<EncryptionHeaderValue> results;
+  ASSERT_TRUE(ParseEncryptionHeader(header, &results));
+  ASSERT_EQ(2u, results.size());
+
+  EXPECT_EQ("foo1", results[0].keyid);
+  EXPECT_EQ(kDecodedSalt, results[0].salt);
+  EXPECT_EQ(1024, results[0].rs);
+
+  EXPECT_EQ("foo2, ", results[1].keyid);
+  EXPECT_EQ(kDecodedSalt, results[1].salt);
+  EXPECT_EQ(2048, results[1].rs);
+}
+
+TEST(EncryptionHeaderParsersTest, ParseSingleEncryptionKeyHeader) {
+  struct {
+    const char* const header;
+    EncryptionKeyHeaderValue parsed;
+  } expected_results[] = {
+    { "keyid=foo; key=" ENCODED_KEY "; dh=" ENCODED_DH,

[johnme, 2015/07/20 19:15:19]

Similarly are you sure "; " is allowed?

[Peter Beverloo, 2015/07/20 22:44:33]

See earlier comment.

+      CreateEncryptionKeyHeaderValue("foo", kDecodedKey, kDecodedDh) },
+    { "keyid='foo'; key='" ENCODED_KEY "'; dh='" ENCODED_DH "'",
+      CreateEncryptionKeyHeaderValue("foo", kDecodedKey, kDecodedDh) },
+    { "keyid=\"foo\"; key=\"" ENCODED_KEY "\"; dh=\"" ENCODED_DH "\"",
+      CreateEncryptionKeyHeaderValue("foo", kDecodedKey, kDecodedDh) },
+    { "keyid=foo;key=" ENCODED_KEY ";dh=" ENCODED_DH "",
+      CreateEncryptionKeyHeaderValue("foo", kDecodedKey, kDecodedDh) },
+    { "keyid=foo;key=" ENCODED_KEY ";dh=" ENCODED_DH ";random=yes",
+      CreateEncryptionKeyHeaderValue("foo", kDecodedKey, kDecodedDh) },
+    { "dh=" ENCODED_DH "; key=" ENCODED_KEY "; keyid=foo",
+      CreateEncryptionKeyHeaderValue("foo", kDecodedKey, kDecodedDh) },
+    { "keyid=foo",
+      CreateEncryptionKeyHeaderValue("foo", "", "") },
+    { "key=" ENCODED_KEY "",
+      CreateEncryptionKeyHeaderValue("", kDecodedKey, "") },
+    { "dh=" ENCODED_DH "",
+      CreateEncryptionKeyHeaderValue("", "", kDecodedDh) }
+  };
+
+  for (size_t i = 0; i < arraysize(expected_results); i++) {
+    SCOPED_TRACE(i);
+
+    std::vector<EncryptionKeyHeaderValue> result;
+    ASSERT_TRUE(ParseEncryptionKeyHeader(expected_results[i].header, &result));
+    ASSERT_EQ(1u, result.size());
+
+    EXPECT_EQ(expected_results[i].parsed.keyid, result[0].keyid);
+    EXPECT_EQ(expected_results[i].parsed.key, result[0].key);
+    EXPECT_EQ(expected_results[i].parsed.dh, result[0].dh);
+  }
+}
+
+TEST(EncryptionHeaderParsersTest, ParseInvalidSingleEncryptionKeyHeaders) {
+  const char* const expected_failures[] = {
+    // The "key" attribute must be at least 16-bytes, base64 URL encoded.
+    "key=foo/bar",
+    "key=c2hvcnRrZXk",
+    "key='c2l4dGVlbmNvb2xieXRlcw=='",
+    // The "dh" attribute must contain a base64 URL encoded-value.
+    "dh=foo/bar",
+    "dh='ZGg='"
+  };
+
+  for (size_t i = 0; i < arraysize(expected_failures); i++) {
+    SCOPED_TRACE(i);
+
+    std::vector<EncryptionKeyHeaderValue> result;
+    ASSERT_FALSE(ParseEncryptionKeyHeader(expected_failures[i], &result));
+    EXPECT_EQ(0u, result.size());
+  }
+}
+
+TEST(EncryptionHeaderParsersTest, ParseMultipleEncryptionKeyHeaders) {
+  const char* const header =
+      "keyid=foo1; key=" ENCODED_KEY "; dh=" ENCODED_DH ","
+      "keyid='foo2, '; key=c29tZW90aGVybG9uZ2tleQ; dh=ZGhmb29iYXI";
+
+  std::vector<EncryptionKeyHeaderValue> results;
+  ASSERT_TRUE(ParseEncryptionKeyHeader(header, &results));
+  ASSERT_EQ(2u, results.size());
+
+  EXPECT_EQ("foo1", results[0].keyid);
+  EXPECT_EQ(kDecodedKey, results[0].key);
+  EXPECT_EQ(kDecodedDh, results[0].dh);
+
+  EXPECT_EQ("foo2, ", results[1].keyid);
+  EXPECT_EQ("someotherlongkey", results[1].key);
+  EXPECT_EQ("dhfoobar", results[1].dh);
+}
+
+}  // namespace
+
+}  // namespace gcm