// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "sync/util/cryptographer.h"
#include <string>
#include "base/memory/scoped_ptr.h"
#include "base/strings/string_util.h"
#include "sync/protocol/password_specifics.pb.h"
#include "sync/test/fake_encryptor.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace syncer {
namespace {
using ::testing::_;
} // namespace
class CryptographerTest : public ::testing::Test {
protected:
CryptographerTest() : cryptographer_(&encryptor_) {}
FakeEncryptor encryptor_;
Cryptographer cryptographer_;
};
TEST_F(CryptographerTest, EmptyCantDecrypt) {
EXPECT_FALSE(cryptographer_.is_ready());
sync_pb::EncryptedData encrypted;
encrypted.set_key_name("foo");
encrypted.set_blob("bar");
EXPECT_FALSE(cryptographer_.CanDecrypt(encrypted));
}
TEST_F(CryptographerTest, EmptyCantEncrypt) {
EXPECT_FALSE(cryptographer_.is_ready());
sync_pb::EncryptedData encrypted;
sync_pb::PasswordSpecificsData original;
EXPECT_FALSE(cryptographer_.Encrypt(original, &encrypted));
}
TEST_F(CryptographerTest, MissingCantDecrypt) {
KeyParams params = {"localhost", "dummy", "dummy"};
cryptographer_.AddKey(params);
EXPECT_TRUE(cryptographer_.is_ready());
sync_pb::EncryptedData encrypted;
encrypted.set_key_name("foo");
encrypted.set_blob("bar");
EXPECT_FALSE(cryptographer_.CanDecrypt(encrypted));
}
TEST_F(CryptographerTest, CanEncryptAndDecrypt) {
KeyParams params = {"localhost", "dummy", "dummy"};
EXPECT_TRUE(cryptographer_.AddKey(params));
EXPECT_TRUE(cryptographer_.is_ready());
sync_pb::PasswordSpecificsData original;
original.set_origin("http://example.com");
original.set_username_value("azure");
original.set_password_value("hunter2");
sync_pb::EncryptedData encrypted;
EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted));
sync_pb::PasswordSpecificsData decrypted;
EXPECT_TRUE(cryptographer_.Decrypt(encrypted, &decrypted));
EXPECT_EQ(original.SerializeAsString(), decrypted.SerializeAsString());
}
TEST_F(CryptographerTest, EncryptOnlyIfDifferent) {
KeyParams params = {"localhost", "dummy", "dummy"};
EXPECT_TRUE(cryptographer_.AddKey(params));
EXPECT_TRUE(cryptographer_.is_ready());
sync_pb::PasswordSpecificsData original;
original.set_origin("http://example.com");
original.set_username_value("azure");
original.set_password_value("hunter2");
sync_pb::EncryptedData encrypted;
EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted));
sync_pb::EncryptedData encrypted2, encrypted3;
encrypted2.CopyFrom(encrypted);
encrypted3.CopyFrom(encrypted);
EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted2));
// Now encrypt with a new default key. Should overwrite the old data.
KeyParams params_new = {"localhost", "dummy", "dummy2"};
cryptographer_.AddKey(params_new);
EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted3));
sync_pb::PasswordSpecificsData decrypted;
EXPECT_TRUE(cryptographer_.Decrypt(encrypted2, &decrypted));
// encrypted2 should match encrypted, encrypted3 should not (due to salting).
EXPECT_EQ(encrypted.SerializeAsString(), encrypted2.SerializeAsString());
EXPECT_NE(encrypted.SerializeAsString(), encrypted3.SerializeAsString());
EXPECT_EQ(original.SerializeAsString(), decrypted.SerializeAsString());
}
TEST_F(CryptographerTest, AddKeySetsDefault) {
KeyParams params1 = {"localhost", "dummy", "dummy1"};
EXPECT_TRUE(cryptographer_.AddKey(params1));
EXPECT_TRUE(cryptographer_.is_ready());
sync_pb::PasswordSpecificsData original;
original.set_origin("http://example.com");
original.set_username_value("azure");
original.set_password_value("hunter2");
sync_pb::EncryptedData encrypted1;
EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted1));
sync_pb::EncryptedData encrypted2;
EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted2));
KeyParams params2 = {"localhost", "dummy", "dummy2"};
EXPECT_TRUE(cryptographer_.AddKey(params2));
EXPECT_TRUE(cryptographer_.is_ready());
sync_pb::EncryptedData encrypted3;
EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted3));
sync_pb::EncryptedData encrypted4;
EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted4));
EXPECT_EQ(encrypted1.key_name(), encrypted2.key_name());
EXPECT_NE(encrypted1.key_name(), encrypted3.key_name());
EXPECT_EQ(encrypted3.key_name(), encrypted4.key_name());
}
// Crashes, Bug 55178.
#if defined(OS_WIN)
#define MAYBE_EncryptExportDecrypt DISABLED_EncryptExportDecrypt
#else
#define MAYBE_EncryptExportDecrypt EncryptExportDecrypt
#endif
TEST_F(CryptographerTest, MAYBE_EncryptExportDecrypt) {
sync_pb::EncryptedData nigori;
sync_pb::EncryptedData encrypted;
sync_pb::PasswordSpecificsData original;
original.set_origin("http://example.com");
original.set_username_value("azure");
original.set_password_value("hunter2");
{
Cryptographer cryptographer(&encryptor_);
KeyParams params = {"localhost", "dummy", "dummy"};
cryptographer.AddKey(params);
EXPECT_TRUE(cryptographer.is_ready());
EXPECT_TRUE(cryptographer.Encrypt(original, &encrypted));
EXPECT_TRUE(cryptographer.GetKeys(&nigori));
}
{
Cryptographer cryptographer(&encryptor_);
EXPECT_FALSE(cryptographer.CanDecrypt(nigori));
cryptographer.SetPendingKeys(nigori);
EXPECT_FALSE(cryptographer.is_ready());
EXPECT_TRUE(cryptographer.has_pending_keys());
KeyParams params = {"localhost", "dummy", "dummy"};
EXPECT_TRUE(cryptographer.DecryptPendingKeys(params));
EXPECT_TRUE(cryptographer.is_ready());
EXPECT_FALSE(cryptographer.has_pending_keys());
sync_pb::PasswordSpecificsData decrypted;
EXPECT_TRUE(cryptographer.Decrypt(encrypted, &decrypted));
EXPECT_EQ(original.SerializeAsString(), decrypted.SerializeAsString());
}
}
TEST_F(CryptographerTest, Bootstrap) {
KeyParams params = {"localhost", "dummy", "dummy"};
cryptographer_.AddKey(params);
std::string token;
EXPECT_TRUE(cryptographer_.GetBootstrapToken(&token));
EXPECT_TRUE(base::IsStringUTF8(token));
Cryptographer other_cryptographer(&encryptor_);
other_cryptographer.Bootstrap(token);
EXPECT_TRUE(other_cryptographer.is_ready());
const char secret[] = "secret";
sync_pb::EncryptedData encrypted;
EXPECT_TRUE(other_cryptographer.EncryptString(secret, &encrypted));
EXPECT_TRUE(cryptographer_.CanDecryptUsingDefaultKey(encrypted));
}
} // namespace syncer