OSCrypt for POSIX uses libsecret to store a randomised encryption key.

components/os_crypt/os_crypt_util_linux_unittest.cc

Index: components/os_crypt/os_crypt_util_linux_unittest.cc
diff --git a/components/os_crypt/os_crypt_util_linux_unittest.cc b/components/os_crypt/os_crypt_util_linux_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..91a107338f53b237ed6f0a7ecbffa1dc5e59ef69
--- /dev/null
+++ b/components/os_crypt/os_crypt_util_linux_unittest.cc
@@ -0,0 +1,242 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <dlfcn.h>

[Lei Zhang, 2016/05/18 22:38:16]

Is this needed?

[cfroussios, 2016/05/19 21:18:19]

Done.

+#include <memory>
+#include <string>
+#include <utility>
+
+#include "base/lazy_instance.h"

[Lei Zhang, 2016/05/18 22:38:16]

Not needed?

[cfroussios, 2016/05/19 21:18:19]

Done.

+#include "base/logging.h"
+#include "base/macros.h"
+#include "components/os_crypt/key_storage_libsecret.h"
+#include "components/os_crypt/key_storage_linux.h"
+#include "components/os_crypt/libsecret_util_linux.h"
+#include "components/os_crypt/os_crypt.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace {
+
+struct MockSecretValue {

[Lei Zhang, 2016/05/18 22:38:16]

Structs with a single value seem unnecessary.

[cfroussios, 2016/05/19 21:18:19]

Done.

It was struct to keep some symmetry between the declarations of the functions
and their mocks. I made it a typedef instead.

+ public:
+  std::unique_ptr<std::string> password;

[Lei Zhang, 2016/05/18 22:38:16]

Can this just be std::string password?

[cfroussios, 2016/05/19 21:18:19]

Done.

+
+  explicit MockSecretValue(const gchar* password);
+
+  ~MockSecretValue();
+};
+
+// Replaces some of LibsecretLoader's methods with mocked ones.
+class MockLibsecretLoader : public LibsecretLoader {
+ public:
+  // Sets up the minimum mock implementation necessary for |Libsecret| to work.
+  // Also resets the state to mock a clean database.
+  static bool ResetForOSCrypt();
+
+  // Shorthand for setting OSCrypt's password in the libsecret mock to a
+  // specific value
+  static void SetOSCryptPassword(const char*);
+
+  // Release memory. Does not restore functions
+  static void TearDown();
+
+  static MockSecretValue* stored_password_mock_ptr_;
+
+ private:
+  // These methods are used to redirect calls through LibsecretLoader
+  static const gchar* mock_secret_value_get_text(MockSecretValue* value);
+
+  static gboolean mock_secret_password_store_sync(const SecretSchema* schema,
+                                                  const gchar* collection,
+                                                  const gchar* label,
+                                                  const gchar* password,
+                                                  GCancellable* cancellable,
+                                                  GError** error,
+                                                  ...);
+
+  static MockSecretValue* mock_secret_service_lookup_sync(
+      SecretService* service,
+      const SecretSchema* schema,
+      GHashTable* attributes,
+      GCancellable* cancellable,
+      GError** error);
+
+  static void mock_secret_value_unref(gpointer value);
+
+  static GList* mock_secret_service_search_sync(SecretService* service,
+                                                const SecretSchema* schema,
+                                                GHashTable* attributes,
+                                                SecretSearchFlags flags,
+                                                GCancellable* cancellable,
+                                                GError** error);
+};
+
+MockSecretValue* MockLibsecretLoader::stored_password_mock_ptr_ = nullptr;
+
+MockSecretValue::MockSecretValue(const gchar* password)
+    : password(new std::string(password)) {}
+
+MockSecretValue::~MockSecretValue() = default;
+
+const gchar* MockLibsecretLoader::mock_secret_value_get_text(
+    MockSecretValue* value) {
+  return value->password->c_str();
+}
+
+gboolean MockLibsecretLoader::mock_secret_password_store_sync(
+    const SecretSchema* schema,
+    const gchar* collection,
+    const gchar* label,
+    const gchar* password,
+    GCancellable* cancellable,
+    GError** error,
+    ...) {
+  if (stored_password_mock_ptr_ != nullptr)
+    delete stored_password_mock_ptr_;

[Lei Zhang, 2016/05/18 22:38:16]

There's no need to check a value against nullptr before deleting it.

[cfroussios, 2016/05/19 21:18:19]

Done.

+  stored_password_mock_ptr_ = new MockSecretValue(password);
+  return true;
+}
+
+MockSecretValue* MockLibsecretLoader::mock_secret_service_lookup_sync(
+    SecretService* service,
+    const SecretSchema* schema,
+    GHashTable* attributes,
+    GCancellable* cancellable,
+    GError** error) {
+  return stored_password_mock_ptr_;
+}
+
+void MockLibsecretLoader::mock_secret_value_unref(gpointer value) {}
+
+GList* MockLibsecretLoader::mock_secret_service_search_sync(
+    SecretService* service,
+    const SecretSchema* schema,
+    GHashTable* attributes,
+    SecretSearchFlags flags,
+    GCancellable* cancellable,
+    GError** error) {
+  *error = nullptr;
+  return nullptr;
+}
+
+// static
+bool MockLibsecretLoader::ResetForOSCrypt() {
+  // 4 methods used by Libsecret.GetPassword();
+  secret_password_store_sync =
+      &MockLibsecretLoader::mock_secret_password_store_sync;
+  secret_value_get_text = (decltype(&::secret_value_get_text)) &
+                          MockLibsecretLoader::mock_secret_value_get_text;
+  secret_value_unref = &MockLibsecretLoader::mock_secret_value_unref;
+  secret_service_lookup_sync =
+      (decltype(&::secret_service_lookup_sync)) &
+      MockLibsecretLoader::mock_secret_service_lookup_sync;
+  // 1 method used by LibsecretLoader::EnsureLibsecretLoaded
+  secret_service_search_sync =
+      &MockLibsecretLoader::mock_secret_service_search_sync;
+
+  if (stored_password_mock_ptr_)
+    delete stored_password_mock_ptr_;
+  stored_password_mock_ptr_ = nullptr;
+  libsecret_loaded_ = true;
+
+  return true;
+}
+
+void MockLibsecretLoader::SetOSCryptPassword(const char* value) {
+  if (stored_password_mock_ptr_ != nullptr)
+    delete stored_password_mock_ptr_;
+  stored_password_mock_ptr_ = new MockSecretValue(value);
+}
+
+void MockLibsecretLoader::TearDown() {
+  if (stored_password_mock_ptr_)
+    delete stored_password_mock_ptr_;
+  stored_password_mock_ptr_ = nullptr;
+}
+
+class OSCryptLinuxTest : public testing::Test {
+ public:
+  OSCryptLinuxTest() = default;
+  ~OSCryptLinuxTest() override = default;
+
+  void SetUp() override { key_storage_ = OSCrypt::UseMockKeyStorage(true); }
+
+  void TearDown() override { OSCrypt::UseMockKeyStorage(false); }

[Lei Zhang, 2016/05/18 22:38:16]

Curious, how does OSCryptTest get away without doing this?

[cfroussios, 2016/05/19 21:18:19]

This allows calls to OSCrypt functions to reach all the way to (mocked)
libsecret/kwallet functions. It is not strictly necessary, since current tests
don't attempt to do that. However, keeping it there helps avoid flakiness in
future contributions to the tests. I have now added it to OSCryptTest too.

+
+ protected:
+  KeyStorageMock* key_storage_ = nullptr;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(OSCryptLinuxTest);
+};
+
+TEST_F(OSCryptLinuxTest, VerifyV0) {
+  const std::string originaltext = "hello";
+  std::string ciphertext;
+  std::string decipheredtext;
+
+  key_storage_->ResetTo(std::string());
+  ciphertext = originaltext;  // No encryption
+  ASSERT_TRUE(OSCrypt::DecryptString(ciphertext, &decipheredtext));
+  ASSERT_EQ(originaltext, decipheredtext);
+}
+
+TEST_F(OSCryptLinuxTest, VerifyV10) {
+  const std::string originaltext = "hello";
+  std::string ciphertext;
+  std::string decipheredtext;
+
+  key_storage_->ResetTo(std::string("peanuts"));
+  ASSERT_TRUE(OSCrypt::EncryptString(originaltext, &ciphertext));
+  key_storage_->ResetTo(std::string("not_peanuts"));
+  ciphertext = ciphertext.substr(3).insert(0, "v10");
+  ASSERT_TRUE(OSCrypt::DecryptString(ciphertext, &decipheredtext));
+  ASSERT_EQ(originaltext, decipheredtext);
+}
+
+TEST_F(OSCryptLinuxTest, VerifyV11) {
+  const std::string originaltext = "hello";
+  std::string ciphertext;
+  std::string decipheredtext;
+
+  key_storage_->ResetTo(std::string());
+  ASSERT_TRUE(OSCrypt::EncryptString(originaltext, &ciphertext));
+  ASSERT_EQ(ciphertext.substr(0, 3), "v11");
+  ASSERT_TRUE(OSCrypt::DecryptString(ciphertext, &decipheredtext));
+  ASSERT_EQ(originaltext, decipheredtext);
+}
+
+class LibsecretTest : public testing::Test {
+ public:
+  LibsecretTest() = default;
+  ~LibsecretTest() override = default;
+
+  void SetUp() override { MockLibsecretLoader::ResetForOSCrypt(); }
+
+  void TearDown() override { MockLibsecretLoader::TearDown(); }
+
+ protected:

[Lei Zhang, 2016/05/18 22:38:16]

Remove.

[cfroussios, 2016/05/19 21:18:19]

Done.

+ private:
+  DISALLOW_COPY_AND_ASSIGN(LibsecretTest);
+};
+
+TEST_F(LibsecretTest, LibsecretRepeats) {
+  KeyStorageLibsecret libsecret;
+  MockLibsecretLoader::ResetForOSCrypt();
+  std::string password = libsecret.GetKey();
+  EXPECT_FALSE(password.empty());
+  std::string password_repeat = libsecret.GetKey();
+  EXPECT_EQ(password, password_repeat);
+}
+
+TEST_F(LibsecretTest, LibsecretCreatesRandomised) {
+  KeyStorageLibsecret libsecret;
+  MockLibsecretLoader::ResetForOSCrypt();
+  std::string password = libsecret.GetKey();
+  MockLibsecretLoader::ResetForOSCrypt();
+  std::string password_new = libsecret.GetKey();
+  EXPECT_NE(password, password_new);
+}
+
+}  // namespace