Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(463)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sync/util/cryptographer_unittest.cc

Issue 2130453004: [Sync] Move //sync to //components/sync. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sync/util/cryptographer.cc ('k') | sync/util/data_type_histogram.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "sync/util/cryptographer.h"
6
7 #include <string>
8
9 #include "base/strings/string_util.h"
10 #include "sync/protocol/password_specifics.pb.h"
11 #include "sync/test/fake_encryptor.h"
12 #include "testing/gmock/include/gmock/gmock.h"
13 #include "testing/gtest/include/gtest/gtest.h"
14
15 namespace syncer {
16
17 namespace {
18
19 using ::testing::_;
20
21 } // namespace
22
23 class CryptographerTest : public ::testing::Test {
24 protected:
25 CryptographerTest() : cryptographer_(&encryptor_) {}
26
27 FakeEncryptor encryptor_;
28 Cryptographer cryptographer_;
29 };
30
31 TEST_F(CryptographerTest, EmptyCantDecrypt) {
32 EXPECT_FALSE(cryptographer_.is_ready());
33
34 sync_pb::EncryptedData encrypted;
35 encrypted.set_key_name("foo");
36 encrypted.set_blob("bar");
37
38 EXPECT_FALSE(cryptographer_.CanDecrypt(encrypted));
39 }
40
41 TEST_F(CryptographerTest, EmptyCantEncrypt) {
42 EXPECT_FALSE(cryptographer_.is_ready());
43
44 sync_pb::EncryptedData encrypted;
45 sync_pb::PasswordSpecificsData original;
46 EXPECT_FALSE(cryptographer_.Encrypt(original, &encrypted));
47 }
48
49 TEST_F(CryptographerTest, MissingCantDecrypt) {
50 KeyParams params = {"localhost", "dummy", "dummy"};
51 cryptographer_.AddKey(params);
52 EXPECT_TRUE(cryptographer_.is_ready());
53
54 sync_pb::EncryptedData encrypted;
55 encrypted.set_key_name("foo");
56 encrypted.set_blob("bar");
57
58 EXPECT_FALSE(cryptographer_.CanDecrypt(encrypted));
59 }
60
61 TEST_F(CryptographerTest, CanEncryptAndDecrypt) {
62 KeyParams params = {"localhost", "dummy", "dummy"};
63 EXPECT_TRUE(cryptographer_.AddKey(params));
64 EXPECT_TRUE(cryptographer_.is_ready());
65
66 sync_pb::PasswordSpecificsData original;
67 original.set_origin("http://example.com");
68 original.set_username_value("azure");
69 original.set_password_value("hunter2");
70
71 sync_pb::EncryptedData encrypted;
72 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted));
73
74 sync_pb::PasswordSpecificsData decrypted;
75 EXPECT_TRUE(cryptographer_.Decrypt(encrypted, &decrypted));
76
77 EXPECT_EQ(original.SerializeAsString(), decrypted.SerializeAsString());
78 }
79
80 TEST_F(CryptographerTest, EncryptOnlyIfDifferent) {
81 KeyParams params = {"localhost", "dummy", "dummy"};
82 EXPECT_TRUE(cryptographer_.AddKey(params));
83 EXPECT_TRUE(cryptographer_.is_ready());
84
85 sync_pb::PasswordSpecificsData original;
86 original.set_origin("http://example.com");
87 original.set_username_value("azure");
88 original.set_password_value("hunter2");
89
90 sync_pb::EncryptedData encrypted;
91 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted));
92
93 sync_pb::EncryptedData encrypted2, encrypted3;
94 encrypted2.CopyFrom(encrypted);
95 encrypted3.CopyFrom(encrypted);
96 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted2));
97
98 // Now encrypt with a new default key. Should overwrite the old data.
99 KeyParams params_new = {"localhost", "dummy", "dummy2"};
100 cryptographer_.AddKey(params_new);
101 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted3));
102
103 sync_pb::PasswordSpecificsData decrypted;
104 EXPECT_TRUE(cryptographer_.Decrypt(encrypted2, &decrypted));
105 // encrypted2 should match encrypted, encrypted3 should not (due to salting).
106 EXPECT_EQ(encrypted.SerializeAsString(), encrypted2.SerializeAsString());
107 EXPECT_NE(encrypted.SerializeAsString(), encrypted3.SerializeAsString());
108 EXPECT_EQ(original.SerializeAsString(), decrypted.SerializeAsString());
109 }
110
111 TEST_F(CryptographerTest, AddKeySetsDefault) {
112 KeyParams params1 = {"localhost", "dummy", "dummy1"};
113 EXPECT_TRUE(cryptographer_.AddKey(params1));
114 EXPECT_TRUE(cryptographer_.is_ready());
115
116 sync_pb::PasswordSpecificsData original;
117 original.set_origin("http://example.com");
118 original.set_username_value("azure");
119 original.set_password_value("hunter2");
120
121 sync_pb::EncryptedData encrypted1;
122 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted1));
123 sync_pb::EncryptedData encrypted2;
124 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted2));
125
126 KeyParams params2 = {"localhost", "dummy", "dummy2"};
127 EXPECT_TRUE(cryptographer_.AddKey(params2));
128 EXPECT_TRUE(cryptographer_.is_ready());
129
130 sync_pb::EncryptedData encrypted3;
131 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted3));
132 sync_pb::EncryptedData encrypted4;
133 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted4));
134
135 EXPECT_EQ(encrypted1.key_name(), encrypted2.key_name());
136 EXPECT_NE(encrypted1.key_name(), encrypted3.key_name());
137 EXPECT_EQ(encrypted3.key_name(), encrypted4.key_name());
138 }
139
140 TEST_F(CryptographerTest, EncryptExportDecrypt) {
141 sync_pb::EncryptedData nigori;
142 sync_pb::EncryptedData encrypted;
143
144 sync_pb::PasswordSpecificsData original;
145 original.set_origin("http://example.com");
146 original.set_username_value("azure");
147 original.set_password_value("hunter2");
148
149 {
150 Cryptographer cryptographer(&encryptor_);
151
152 KeyParams params = {"localhost", "dummy", "dummy"};
153 cryptographer.AddKey(params);
154 EXPECT_TRUE(cryptographer.is_ready());
155
156 EXPECT_TRUE(cryptographer.Encrypt(original, &encrypted));
157 EXPECT_TRUE(cryptographer.GetKeys(&nigori));
158 }
159
160 {
161 Cryptographer cryptographer(&encryptor_);
162 EXPECT_FALSE(cryptographer.CanDecrypt(nigori));
163
164 cryptographer.SetPendingKeys(nigori);
165 EXPECT_FALSE(cryptographer.is_ready());
166 EXPECT_TRUE(cryptographer.has_pending_keys());
167
168 KeyParams params = {"localhost", "dummy", "dummy"};
169 EXPECT_TRUE(cryptographer.DecryptPendingKeys(params));
170 EXPECT_TRUE(cryptographer.is_ready());
171 EXPECT_FALSE(cryptographer.has_pending_keys());
172
173 sync_pb::PasswordSpecificsData decrypted;
174 EXPECT_TRUE(cryptographer.Decrypt(encrypted, &decrypted));
175 EXPECT_EQ(original.SerializeAsString(), decrypted.SerializeAsString());
176 }
177 }
178
179 TEST_F(CryptographerTest, Bootstrap) {
180 KeyParams params = {"localhost", "dummy", "dummy"};
181 cryptographer_.AddKey(params);
182
183 std::string token;
184 EXPECT_TRUE(cryptographer_.GetBootstrapToken(&token));
185 EXPECT_TRUE(base::IsStringUTF8(token));
186
187 Cryptographer other_cryptographer(&encryptor_);
188 other_cryptographer.Bootstrap(token);
189 EXPECT_TRUE(other_cryptographer.is_ready());
190
191 const char secret[] = "secret";
192 sync_pb::EncryptedData encrypted;
193 EXPECT_TRUE(other_cryptographer.EncryptString(secret, &encrypted));
194 EXPECT_TRUE(cryptographer_.CanDecryptUsingDefaultKey(encrypted));
195 }
196
197 // Verifies that copied cryptographers are just as good as the original.
198 //
199 // Encrypt an item using the original cryptographer and two different sets of
200 // keys. Verify that it can decrypt them.
201 //
202 // Then copy the original cryptographer and ensure it can also decrypt these
203 // items and encrypt them with the most recent key.
204 TEST_F(CryptographerTest, CopyConstructor) {
205 sync_pb::PasswordSpecificsData original;
206 original.set_origin("http://example.com");
207 original.set_username_value("luser");
208 original.set_password_value("p4ssw0rd");
209
210 // Start by testing the original cryptogprapher.
211 KeyParams params1 = {"localhost", "dummy", "dummy"};
212 EXPECT_TRUE(cryptographer_.AddKey(params1));
213 EXPECT_TRUE(cryptographer_.is_ready());
214
215 sync_pb::EncryptedData encrypted_k1;
216 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted_k1));
217
218 KeyParams params2 = {"localhost", "fatuous", "fatuous"};
219 EXPECT_TRUE(cryptographer_.AddKey(params2));
220 EXPECT_TRUE(cryptographer_.is_ready());
221
222 sync_pb::EncryptedData encrypted_k2;
223 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted_k2));
224
225 sync_pb::PasswordSpecificsData decrypted_k1;
226 sync_pb::PasswordSpecificsData decrypted_k2;
227 EXPECT_TRUE(cryptographer_.Decrypt(encrypted_k1, &decrypted_k1));
228 EXPECT_TRUE(cryptographer_.Decrypt(encrypted_k2, &decrypted_k2));
229
230 EXPECT_EQ(original.SerializeAsString(), decrypted_k1.SerializeAsString());
231 EXPECT_EQ(original.SerializeAsString(), decrypted_k2.SerializeAsString());
232
233 // Clone the cryptographer and test that it behaves the same.
234 Cryptographer cryptographer_clone(cryptographer_);
235
236 // The clone should be able to decrypt with old and new keys.
237 sync_pb::PasswordSpecificsData decrypted_k1_clone;
238 sync_pb::PasswordSpecificsData decrypted_k2_clone;
239 EXPECT_TRUE(cryptographer_clone.Decrypt(encrypted_k1, &decrypted_k1_clone));
240 EXPECT_TRUE(cryptographer_clone.Decrypt(encrypted_k2, &decrypted_k2_clone));
241
242 EXPECT_EQ(original.SerializeAsString(),
243 decrypted_k1_clone.SerializeAsString());
244 EXPECT_EQ(original.SerializeAsString(),
245 decrypted_k2_clone.SerializeAsString());
246
247 // The old cryptographer should be able to decrypt things encrypted by the
248 // new.
249 sync_pb::EncryptedData encrypted_c;
250 EXPECT_TRUE(cryptographer_clone.Encrypt(original, &encrypted_c));
251
252 sync_pb::PasswordSpecificsData decrypted_c;
253 EXPECT_TRUE(cryptographer_.Decrypt(encrypted_c, &decrypted_c));
254 EXPECT_EQ(original.SerializeAsString(), decrypted_c.SerializeAsString());
255
256 // The cloned cryptographer should be using the latest key.
257 EXPECT_EQ(encrypted_c.key_name(), encrypted_k2.key_name());
258 }
259
260 // Test verifies that GetBootstrapToken/Bootstrap only transfers default
261 // key. Additional call to GetKeys/InstallKeys is needed to transfer keybag
262 // to decrypt messages encrypted with old keys.
263 TEST_F(CryptographerTest, GetKeysThenInstall) {
264 sync_pb::PasswordSpecificsData original;
265 original.set_origin("http://example.com");
266 original.set_username_value("luser");
267 original.set_password_value("p4ssw0rd");
268
269 // First, encrypt the same value using two different keys.
270 KeyParams params1 = {"localhost", "dummy", "dummy"};
271 EXPECT_TRUE(cryptographer_.AddKey(params1));
272 EXPECT_TRUE(cryptographer_.is_ready());
273
274 sync_pb::EncryptedData encrypted_k1;
275 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted_k1));
276
277 KeyParams params2 = {"localhost", "dummy2", "dummy2"};
278 EXPECT_TRUE(cryptographer_.AddKey(params2));
279 EXPECT_TRUE(cryptographer_.is_ready());
280
281 sync_pb::EncryptedData encrypted_k2;
282 EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted_k2));
283
284 // Then construct second cryptographer and bootstrap it from the first one.
285 Cryptographer another_cryptographer(cryptographer_.encryptor());
286 std::string bootstrap_token;
287 EXPECT_TRUE(cryptographer_.GetBootstrapToken(&bootstrap_token));
288 another_cryptographer.Bootstrap(bootstrap_token);
289
290 // Before key installation, the second cryptographer should only be able
291 // to decrypt using the last key.
292 EXPECT_FALSE(another_cryptographer.CanDecrypt(encrypted_k1));
293 EXPECT_TRUE(another_cryptographer.CanDecrypt(encrypted_k2));
294
295 sync_pb::EncryptedData keys;
296 EXPECT_TRUE(cryptographer_.GetKeys(&keys));
297 ASSERT_TRUE(another_cryptographer.CanDecrypt(keys));
298 another_cryptographer.InstallKeys(keys);
299
300 // Verify that bootstrapped cryptographer decrypts succesfully using
301 // all the keys after key installation.
302 EXPECT_TRUE(another_cryptographer.CanDecrypt(encrypted_k1));
303 EXPECT_TRUE(another_cryptographer.CanDecrypt(encrypted_k2));
304 }
305
306 } // namespace syncer
OLDNEW
« no previous file with comments | « sync/util/cryptographer.cc ('k') | sync/util/data_type_histogram.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698