OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 // Unit tests for Mount. |
| 6 |
| 7 #include "cryptohome/mount.h" |
| 8 |
| 9 #include <openssl/sha.h> |
| 10 #include <pwd.h> |
| 11 #include <string.h> // For memset(), memcpy() |
| 12 #include <stdlib.h> |
| 13 #include <sys/types.h> |
| 14 |
| 15 #include "base/file_path.h" |
| 16 #include "base/file_util.h" |
| 17 #include "base/logging.h" |
| 18 #include "chromeos/utility.h" |
| 19 #include "cryptohome/username_passkey.h" |
| 20 #include "gtest/gtest.h" |
| 21 |
| 22 namespace cryptohome { |
| 23 using namespace chromeos; |
| 24 using namespace file_util; |
| 25 using std::string; |
| 26 |
| 27 const char kImageDir[] = "test_image_dir"; |
| 28 const char kSkelDir[] = "test_image_dir/skel"; |
| 29 const char kFakeUser[] = "testuser@invalid.domain"; |
| 30 const char kFakeUser2[] = "testuser2@invalid.domain"; |
| 31 const char kFakeUser3[] = "testuser3@invalid.domain"; |
| 32 |
| 33 class MountTest : public ::testing::Test { |
| 34 void SetUp() { |
| 35 FilePath image_dir(kImageDir); |
| 36 FilePath path = image_dir.Append("salt"); |
| 37 ASSERT_TRUE(PathExists(path)) << path.value() << " does not exist!"; |
| 38 |
| 39 int64 file_size; |
| 40 ASSERT_TRUE(GetFileSize(path, &file_size)) << "Could not get size of " |
| 41 << path.value(); |
| 42 |
| 43 char* buf = new char[file_size]; |
| 44 int data_read = ReadFile(path, buf, file_size); |
| 45 system_salt_.assign(buf, buf + data_read); |
| 46 delete buf; |
| 47 } |
| 48 |
| 49 public: |
| 50 |
| 51 protected: |
| 52 // Protected for trivial access |
| 53 Blob system_salt_; |
| 54 |
| 55 private: |
| 56 }; |
| 57 |
| 58 TEST_F(MountTest, BadInitTest) { |
| 59 // create a Mount instance that points to a bad shadow root |
| 60 Mount mount(cryptohome::kDefaultSharedUser, |
| 61 cryptohome::kDefaultEntropySource, |
| 62 cryptohome::kDefaultHomeDir, |
| 63 "/dev/null", |
| 64 kSkelDir); |
| 65 UsernamePasskey up = UsernamePasskey::FromUsernamePassword(kFakeUser, |
| 66 "zero", |
| 67 system_salt_); |
| 68 |
| 69 EXPECT_EQ(false, mount.Init()); |
| 70 EXPECT_EQ(false, mount.TestCredentials(up)); |
| 71 } |
| 72 |
| 73 TEST_F(MountTest, GoodDecryptTest0) { |
| 74 // create a Mount instance that points to a good shadow root, test that it |
| 75 // properly authenticates against the first key |
| 76 Mount mount(cryptohome::kDefaultSharedUser, |
| 77 cryptohome::kDefaultEntropySource, |
| 78 cryptohome::kDefaultHomeDir, |
| 79 kImageDir, |
| 80 kSkelDir); |
| 81 UsernamePasskey up = UsernamePasskey::FromUsernamePassword(kFakeUser, |
| 82 "zero", |
| 83 system_salt_); |
| 84 |
| 85 EXPECT_EQ(true, mount.Init()); |
| 86 EXPECT_EQ(true, mount.TestCredentials(up)); |
| 87 } |
| 88 |
| 89 TEST_F(MountTest, GoodDecryptTest1) { |
| 90 // create a Mount instance that points to a good shadow root, test that it |
| 91 // properly authenticates against the second key |
| 92 Mount mount(cryptohome::kDefaultSharedUser, |
| 93 cryptohome::kDefaultEntropySource, |
| 94 cryptohome::kDefaultHomeDir, |
| 95 kImageDir, |
| 96 kSkelDir); |
| 97 UsernamePasskey up = UsernamePasskey::FromUsernamePassword(kFakeUser, |
| 98 "one", |
| 99 system_salt_); |
| 100 |
| 101 EXPECT_EQ(true, mount.Init()); |
| 102 EXPECT_EQ(true, mount.TestCredentials(up)); |
| 103 } |
| 104 |
| 105 TEST_F(MountTest, GoodDecryptTest2) { |
| 106 // create a Mount instance that points to a good shadow root, test that it |
| 107 // properly authenticates against the third key |
| 108 Mount mount(cryptohome::kDefaultSharedUser, |
| 109 cryptohome::kDefaultEntropySource, |
| 110 cryptohome::kDefaultHomeDir, |
| 111 kImageDir, |
| 112 kSkelDir); |
| 113 UsernamePasskey up = UsernamePasskey::FromUsernamePassword(kFakeUser, |
| 114 "two", |
| 115 system_salt_); |
| 116 |
| 117 EXPECT_EQ(true, mount.Init()); |
| 118 EXPECT_EQ(true, mount.TestCredentials(up)); |
| 119 } |
| 120 |
| 121 TEST_F(MountTest, BadDecryptTest) { |
| 122 // create a Mount instance that points to a good shadow root, test that it |
| 123 // properly denies access with a bad passkey |
| 124 Mount mount(cryptohome::kDefaultSharedUser, |
| 125 cryptohome::kDefaultEntropySource, |
| 126 cryptohome::kDefaultHomeDir, |
| 127 kImageDir, |
| 128 kSkelDir); |
| 129 UsernamePasskey up = UsernamePasskey::FromUsernamePassword(kFakeUser, |
| 130 "bogus", |
| 131 system_salt_); |
| 132 |
| 133 EXPECT_EQ(true, mount.Init()); |
| 134 EXPECT_EQ(false, mount.TestCredentials(up)); |
| 135 } |
| 136 |
| 137 TEST_F(MountTest, CreateCryptohomeTest) { |
| 138 // creates a cryptohome |
| 139 Mount mount(cryptohome::kDefaultSharedUser, |
| 140 cryptohome::kDefaultEntropySource, |
| 141 cryptohome::kDefaultHomeDir, |
| 142 kImageDir, |
| 143 kSkelDir); |
| 144 // Don't set the vault ownership--this will fail |
| 145 mount.set_set_vault_ownership(false); |
| 146 UsernamePasskey up = UsernamePasskey::FromUsernamePassword(kFakeUser2, |
| 147 "one", |
| 148 system_salt_); |
| 149 |
| 150 EXPECT_EQ(true, mount.Init()); |
| 151 EXPECT_EQ(true, mount.CreateCryptohome(up, 0)); |
| 152 |
| 153 FilePath image_dir(kImageDir); |
| 154 FilePath user_path = image_dir.Append(up.GetObfuscatedUsername(system_salt_)); |
| 155 FilePath key_path = user_path.Append("master.0"); |
| 156 FilePath vault_path = user_path.Append("vault"); |
| 157 FilePath skel_testfile_path = user_path.Append("sub_path/.testfile"); |
| 158 |
| 159 EXPECT_EQ(true, file_util::PathExists(key_path)); |
| 160 EXPECT_EQ(true, file_util::PathExists(vault_path)); |
| 161 } |
| 162 |
| 163 TEST_F(MountTest, SystemSaltTest) { |
| 164 // checks that cryptohome reads the system salt |
| 165 Mount mount(cryptohome::kDefaultSharedUser, |
| 166 cryptohome::kDefaultEntropySource, |
| 167 cryptohome::kDefaultHomeDir, |
| 168 kImageDir, |
| 169 kSkelDir); |
| 170 |
| 171 EXPECT_EQ(true, mount.Init()); |
| 172 chromeos::Blob system_salt = mount.GetSystemSalt(); |
| 173 EXPECT_EQ(true, (system_salt.size() == system_salt_.size())); |
| 174 EXPECT_EQ(0, memcmp(&system_salt[0], &system_salt_[0], |
| 175 system_salt.size())); |
| 176 } |
| 177 |
| 178 } // namespace cryptohome |
OLD | NEW |