components/gcm_driver/crypto/gcm_encryption_provider_unittest.cc - Issue 2114703002: Ignore Crypto-Key header values that do not have "dh" values

Side by Side Diff: components/gcm_driver/crypto/gcm_encryption_provider_unittest.cc

Issue 2114703002: Ignore Crypto-Key header values that do not have "dh" values (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "components/gcm_driver/crypto/gcm_encryption_provider.h"	5 #include "components/gcm_driver/crypto/gcm_encryption_provider.h"

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8	8

9 #include <sstream>	9 #include <sstream>

10 #include <string>	10 #include <string>

(...skipping 22 matching lines...) Expand all Loading...
33 const char kExampleAuthorizedEntity[] = "my-sender-id";	33 const char kExampleAuthorizedEntity[] = "my-sender-id";

34 const char kExampleMessage[] = "Hello, world, this is the GCM Driver!";	34 const char kExampleMessage[] = "Hello, world, this is the GCM Driver!";

35	35

36 const char kValidEncryptionHeader[] =	36 const char kValidEncryptionHeader[] =

37 "keyid=foo;salt=MTIzNDU2Nzg5MDEyMzQ1Ng;rs=1024";	37 "keyid=foo;salt=MTIzNDU2Nzg5MDEyMzQ1Ng;rs=1024";

38 const char kInvalidEncryptionHeader[] = "keyid";	38 const char kInvalidEncryptionHeader[] = "keyid";

39	39

40 const char kValidCryptoKeyHeader[] =	40 const char kValidCryptoKeyHeader[] =

41 "keyid=foo;dh=BL_UGhfudEkXMUd4U4-D4nP5KHxKjQHsW6j88ybbehXM7fqi1OMFefDUEi0eJ"	41 "keyid=foo;dh=BL_UGhfudEkXMUd4U4-D4nP5KHxKjQHsW6j88ybbehXM7fqi1OMFefDUEi0eJ"

42 "vsKfyVBWYkQjH-lSPJKxjAyslg";	42 "vsKfyVBWYkQjH-lSPJKxjAyslg";

	43 const char kValidThreeValueCryptoKeyHeader[] =

	44 "keyid=foo,keyid=bar,keyid=baz;dh=BL_UGhfudEkXMUd4U4-D4nP5KHxKjQHsW6j88ybbe"

	45 "hXM7fqi1OMFefDUEi0eJvsKfyVBWYkQjH-lSPJKxjAyslg";

43 const char kInvalidCryptoKeyHeader[] = "keyid";	46 const char kInvalidCryptoKeyHeader[] = "keyid";

44	47

45 } // namespace	48 } // namespace

46	49

47 class GCMEncryptionProviderTest : public ::testing::Test {	50 class GCMEncryptionProviderTest : public ::testing::Test {

48 public:	51 public:

49 void SetUp() override {	52 void SetUp() override {

50 ASSERT_TRUE(scoped_temp_dir_.CreateUniqueTempDir());	53 ASSERT_TRUE(scoped_temp_dir_.CreateUniqueTempDir());

51	54

52 encryption_provider_.reset(new GCMEncryptionProvider);	55 encryption_provider_.reset(new GCMEncryptionProvider);

(...skipping 144 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
197 valid_message.data["encryption"] = kValidEncryptionHeader;	200 valid_message.data["encryption"] = kValidEncryptionHeader;

198 valid_message.data["crypto-key"] = kInvalidCryptoKeyHeader;	201 valid_message.data["crypto-key"] = kInvalidCryptoKeyHeader;

199 valid_message.raw_data = "foo";	202 valid_message.raw_data = "foo";

200	203

201 ASSERT_NO_FATAL_FAILURE(Decrypt(valid_message));	204 ASSERT_NO_FATAL_FAILURE(Decrypt(valid_message));

202 EXPECT_NE(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_ENCRYPTION_HEADER,	205 EXPECT_NE(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_ENCRYPTION_HEADER,

203 decryption_result());	206 decryption_result());

204 }	207 }

205	208

206 TEST_F(GCMEncryptionProviderTest, VerifiesCryptoKeyHeaderParsing) {	209 TEST_F(GCMEncryptionProviderTest, VerifiesCryptoKeyHeaderParsing) {

207 // The Encryption-Key header must be parsable and contain valid values.	210 // The Crypto-Key header must be parsable and contain valid values.

208 // Note that this is more extensively tested in EncryptionHeaderParsersTest.	211 // Note that this is more extensively tested in EncryptionHeaderParsersTest.

209	212

210 IncomingMessage invalid_message;	213 IncomingMessage invalid_message;

211 invalid_message.data["encryption"] = kValidEncryptionHeader;	214 invalid_message.data["encryption"] = kValidEncryptionHeader;

212 invalid_message.data["crypto-key"] = kInvalidCryptoKeyHeader;	215 invalid_message.data["crypto-key"] = kInvalidCryptoKeyHeader;

213 invalid_message.raw_data = "foo";	216 invalid_message.raw_data = "foo";

214	217

215 ASSERT_NO_FATAL_FAILURE(Decrypt(invalid_message));	218 ASSERT_NO_FATAL_FAILURE(Decrypt(invalid_message));

216 EXPECT_EQ(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER,	219 EXPECT_EQ(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER,

217 decryption_result());	220 decryption_result());

218	221

219 IncomingMessage valid_message;	222 IncomingMessage valid_message;

220 valid_message.data["encryption"] = kInvalidEncryptionHeader;	223 valid_message.data["encryption"] = kInvalidEncryptionHeader;

221 valid_message.data["crypto-key"] = kValidCryptoKeyHeader;	224 valid_message.data["crypto-key"] = kValidCryptoKeyHeader;

222 valid_message.raw_data = "foo";	225 valid_message.raw_data = "foo";

223	226

224 ASSERT_NO_FATAL_FAILURE(Decrypt(valid_message));	227 ASSERT_NO_FATAL_FAILURE(Decrypt(valid_message));

225 EXPECT_NE(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER,	228 EXPECT_NE(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER,

226 decryption_result());	229 decryption_result());

227 }	230 }

228	231

	232 TEST_F(GCMEncryptionProviderTest, VerifiesCryptoKeyHeaderParsingThirdValue) {

	233 // The Crypto-Key header must be parsable and contain valid values, in which

	234 // values will be ignored unless they contain a "dh" property.

	235

	236 IncomingMessage valid_message;

	237 valid_message.data["encryption"] = kInvalidEncryptionHeader;
	johnme 2016/06/30 16:55:58 Shouldn't this be kValidEncryptionHeader? Ditto in Shouldn't this be kValidEncryptionHeader? Ditto in VerifiesCryptoKeyHeaderParsing, where you presumably copied this from? Peter Beverloo 2016/06/30 18:00:43 Done. Show quoted text On 2016/06/30 16:55:58, johnme wrote: > Shouldn't this be kValidEncryptionHeader? Ditto in > VerifiesCryptoKeyHeaderParsing, where you presumably copied this from? Done.
	238 valid_message.data["crypto-key"] = kValidThreeValueCryptoKeyHeader;

	239 valid_message.raw_data = "foo";

	240

	241 ASSERT_NO_FATAL_FAILURE(Decrypt(valid_message));

	242 EXPECT_NE(GCMEncryptionProvider::DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER,

	243 decryption_result());

	244 }

	245

229 TEST_F(GCMEncryptionProviderTest, VerifiesExistingKeys) {	246 TEST_F(GCMEncryptionProviderTest, VerifiesExistingKeys) {

230 // When both headers are valid, the encryption keys still must be known to	247 // When both headers are valid, the encryption keys still must be known to

231 // the GCM key store before the message can be decrypted.	248 // the GCM key store before the message can be decrypted.

232	249

233 IncomingMessage message;	250 IncomingMessage message;

234 message.data["encryption"] = kValidEncryptionHeader;	251 message.data["encryption"] = kValidEncryptionHeader;

235 message.data["crypto-key"] = kValidCryptoKeyHeader;	252 message.data["crypto-key"] = kValidCryptoKeyHeader;

236 message.raw_data = "foo";	253 message.raw_data = "foo";

237	254

238 ASSERT_NO_FATAL_FAILURE(Decrypt(message));	255 ASSERT_NO_FATAL_FAILURE(Decrypt(message));

(...skipping 262 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
501 }	518 }

502	519

503 TEST_F(GCMEncryptionProviderTest, EncryptionRoundTripInstanceIDToken) {	520 TEST_F(GCMEncryptionProviderTest, EncryptionRoundTripInstanceIDToken) {

504 // GCMEncryptionProvider::DecryptMessage should succeed when the message was	521 // GCMEncryptionProvider::DecryptMessage should succeed when the message was

505 // sent to an InstanceID token (non-empty authorized_entity).	522 // sent to an InstanceID token (non-empty authorized_entity).

506 ASSERT_NO_FATAL_FAILURE(	523 ASSERT_NO_FATAL_FAILURE(

507 TestEncryptionRoundTrip(kExampleAppId, kExampleAuthorizedEntity));	524 TestEncryptionRoundTrip(kExampleAppId, kExampleAuthorizedEntity));

508 }	525 }

509	526

510 } // namespace gcm	527 } // namespace gcm

OLD	NEW

« components/gcm_driver/crypto/gcm_encryption_provider.cc ('K') | « components/gcm_driver/crypto/gcm_encryption_provider.cc ('k') | no next file » | no next file with comments »