Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/gcm_driver/crypto/gcm_encryption_provider.h" | 5 #include "components/gcm_driver/crypto/gcm_encryption_provider.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <sstream> | 9 #include <sstream> |
| 10 #include <string> | 10 #include <string> |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 33 const char kExampleAuthorizedEntity[] = "my-sender-id"; | 33 const char kExampleAuthorizedEntity[] = "my-sender-id"; |
| 34 const char kExampleMessage[] = "Hello, world, this is the GCM Driver!"; | 34 const char kExampleMessage[] = "Hello, world, this is the GCM Driver!"; |
| 35 | 35 |
| 36 const char kValidEncryptionHeader[] = | 36 const char kValidEncryptionHeader[] = |
| 37 "keyid=foo;salt=MTIzNDU2Nzg5MDEyMzQ1Ng;rs=1024"; | 37 "keyid=foo;salt=MTIzNDU2Nzg5MDEyMzQ1Ng;rs=1024"; |
| 38 const char kInvalidEncryptionHeader[] = "keyid"; | 38 const char kInvalidEncryptionHeader[] = "keyid"; |
| 39 | 39 |
| 40 const char kValidCryptoKeyHeader[] = | 40 const char kValidCryptoKeyHeader[] = |
| 41 "keyid=foo;dh=BL_UGhfudEkXMUd4U4-D4nP5KHxKjQHsW6j88ybbehXM7fqi1OMFefDUEi0eJ" | 41 "keyid=foo;dh=BL_UGhfudEkXMUd4U4-D4nP5KHxKjQHsW6j88ybbehXM7fqi1OMFefDUEi0eJ" |
| 42 "vsKfyVBWYkQjH-lSPJKxjAyslg"; | 42 "vsKfyVBWYkQjH-lSPJKxjAyslg"; |
| 43 const char kValidThreeValueCryptoKeyHeader[] = | |
| 44 "keyid=foo,keyid=bar,keyid=baz;dh=BL_UGhfudEkXMUd4U4-D4nP5KHxKjQHsW6j88ybbe" | |
| 45 "hXM7fqi1OMFefDUEi0eJvsKfyVBWYkQjH-lSPJKxjAyslg"; | |
| 43 const char kInvalidCryptoKeyHeader[] = "keyid"; | 46 const char kInvalidCryptoKeyHeader[] = "keyid"; |
| 44 | 47 |
| 45 } // namespace | 48 } // namespace |
| 46 | 49 |
| 47 class GCMEncryptionProviderTest : public ::testing::Test { | 50 class GCMEncryptionProviderTest : public ::testing::Test { |
| 48 public: | 51 public: |
| 49 void SetUp() override { | 52 void SetUp() override { |
| 50 ASSERT_TRUE(scoped_temp_dir_.CreateUniqueTempDir()); | 53 ASSERT_TRUE(scoped_temp_dir_.CreateUniqueTempDir()); |
| 51 | 54 |
| 52 encryption_provider_.reset(new GCMEncryptionProvider); | 55 encryption_provider_.reset(new GCMEncryptionProvider); |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 197 valid_message.data["encryption"] = kValidEncryptionHeader; | 200 valid_message.data["encryption"] = kValidEncryptionHeader; |
| 198 valid_message.data["crypto-key"] = kInvalidCryptoKeyHeader; | 201 valid_message.data["crypto-key"] = kInvalidCryptoKeyHeader; |
| 199 valid_message.raw_data = "foo"; | 202 valid_message.raw_data = "foo"; |
| 200 | 203 |
| 201 ASSERT_NO_FATAL_FAILURE(Decrypt(valid_message)); | 204 ASSERT_NO_FATAL_FAILURE(Decrypt(valid_message)); |
| 202 EXPECT_NE(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_ENCRYPTION_HEADER, | 205 EXPECT_NE(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_ENCRYPTION_HEADER, |
| 203 decryption_result()); | 206 decryption_result()); |
| 204 } | 207 } |
| 205 | 208 |
| 206 TEST_F(GCMEncryptionProviderTest, VerifiesCryptoKeyHeaderParsing) { | 209 TEST_F(GCMEncryptionProviderTest, VerifiesCryptoKeyHeaderParsing) { |
| 207 // The Encryption-Key header must be parsable and contain valid values. | 210 // The Crypto-Key header must be parsable and contain valid values. |
| 208 // Note that this is more extensively tested in EncryptionHeaderParsersTest. | 211 // Note that this is more extensively tested in EncryptionHeaderParsersTest. |
| 209 | 212 |
| 210 IncomingMessage invalid_message; | 213 IncomingMessage invalid_message; |
| 211 invalid_message.data["encryption"] = kValidEncryptionHeader; | 214 invalid_message.data["encryption"] = kValidEncryptionHeader; |
| 212 invalid_message.data["crypto-key"] = kInvalidCryptoKeyHeader; | 215 invalid_message.data["crypto-key"] = kInvalidCryptoKeyHeader; |
| 213 invalid_message.raw_data = "foo"; | 216 invalid_message.raw_data = "foo"; |
| 214 | 217 |
| 215 ASSERT_NO_FATAL_FAILURE(Decrypt(invalid_message)); | 218 ASSERT_NO_FATAL_FAILURE(Decrypt(invalid_message)); |
| 216 EXPECT_EQ(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, | 219 EXPECT_EQ(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, |
| 217 decryption_result()); | 220 decryption_result()); |
| 218 | 221 |
| 219 IncomingMessage valid_message; | 222 IncomingMessage valid_message; |
| 220 valid_message.data["encryption"] = kInvalidEncryptionHeader; | 223 valid_message.data["encryption"] = kInvalidEncryptionHeader; |
| 221 valid_message.data["crypto-key"] = kValidCryptoKeyHeader; | 224 valid_message.data["crypto-key"] = kValidCryptoKeyHeader; |
| 222 valid_message.raw_data = "foo"; | 225 valid_message.raw_data = "foo"; |
| 223 | 226 |
| 224 ASSERT_NO_FATAL_FAILURE(Decrypt(valid_message)); | 227 ASSERT_NO_FATAL_FAILURE(Decrypt(valid_message)); |
| 225 EXPECT_NE(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, | 228 EXPECT_NE(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, |
| 226 decryption_result()); | 229 decryption_result()); |
| 227 } | 230 } |
| 228 | 231 |
| 232 TEST_F(GCMEncryptionProviderTest, VerifiesCryptoKeyHeaderParsingThirdValue) { | |
| 233 // The Crypto-Key header must be parsable and contain valid values, in which | |
| 234 // values will be ignored unless they contain a "dh" property. | |
| 235 | |
| 236 IncomingMessage valid_message; | |
| 237 valid_message.data["encryption"] = kInvalidEncryptionHeader; | |
|
johnme
2016/06/30 16:55:58
Shouldn't this be kValidEncryptionHeader? Ditto in
Peter Beverloo
2016/06/30 18:00:43
Done.
| |
| 238 valid_message.data["crypto-key"] = kValidThreeValueCryptoKeyHeader; | |
| 239 valid_message.raw_data = "foo"; | |
| 240 | |
| 241 ASSERT_NO_FATAL_FAILURE(Decrypt(valid_message)); | |
| 242 EXPECT_NE(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, | |
| 243 decryption_result()); | |
| 244 } | |
| 245 | |
| 229 TEST_F(GCMEncryptionProviderTest, VerifiesExistingKeys) { | 246 TEST_F(GCMEncryptionProviderTest, VerifiesExistingKeys) { |
| 230 // When both headers are valid, the encryption keys still must be known to | 247 // When both headers are valid, the encryption keys still must be known to |
| 231 // the GCM key store before the message can be decrypted. | 248 // the GCM key store before the message can be decrypted. |
| 232 | 249 |
| 233 IncomingMessage message; | 250 IncomingMessage message; |
| 234 message.data["encryption"] = kValidEncryptionHeader; | 251 message.data["encryption"] = kValidEncryptionHeader; |
| 235 message.data["crypto-key"] = kValidCryptoKeyHeader; | 252 message.data["crypto-key"] = kValidCryptoKeyHeader; |
| 236 message.raw_data = "foo"; | 253 message.raw_data = "foo"; |
| 237 | 254 |
| 238 ASSERT_NO_FATAL_FAILURE(Decrypt(message)); | 255 ASSERT_NO_FATAL_FAILURE(Decrypt(message)); |
| (...skipping 262 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 501 } | 518 } |
| 502 | 519 |
| 503 TEST_F(GCMEncryptionProviderTest, EncryptionRoundTripInstanceIDToken) { | 520 TEST_F(GCMEncryptionProviderTest, EncryptionRoundTripInstanceIDToken) { |
| 504 // GCMEncryptionProvider::DecryptMessage should succeed when the message was | 521 // GCMEncryptionProvider::DecryptMessage should succeed when the message was |
| 505 // sent to an InstanceID token (non-empty authorized_entity). | 522 // sent to an InstanceID token (non-empty authorized_entity). |
| 506 ASSERT_NO_FATAL_FAILURE( | 523 ASSERT_NO_FATAL_FAILURE( |
| 507 TestEncryptionRoundTrip(kExampleAppId, kExampleAuthorizedEntity)); | 524 TestEncryptionRoundTrip(kExampleAppId, kExampleAuthorizedEntity)); |
| 508 } | 525 } |
| 509 | 526 |
| 510 } // namespace gcm | 527 } // namespace gcm |
| OLD | NEW |