blob: 708f0f964682e806ef174b8552dd0e7a6004b11e [file] [log] [blame]
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "components/gcm_driver/crypto/gcm_key_store.h"
#include <string>
#include "base/base64url.h"
#include "base/bind.h"
#include "base/bind_helpers.h"
#include "base/files/scoped_temp_dir.h"
#include "base/logging.h"
#include "base/run_loop.h"
#include "base/strings/string_util.h"
#include "base/test/gtest_util.h"
#include "base/test/metrics/histogram_tester.h"
#include "base/test/scoped_task_environment.h"
#include "base/threading/thread_task_runner_handle.h"
#include "components/gcm_driver/crypto/p256_key_util.h"
#include "components/leveldb_proto/public/proto_database.h"
#include "crypto/random.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace gcm {
namespace {
using ECPrivateKeyUniquePtr = std::unique_ptr<crypto::ECPrivateKey>;
using EncryptDataVectorUniquePtr = std::unique_ptr<std::vector<EncryptionData>>;
using EntryVectorType =
leveldb_proto::ProtoDatabase<EncryptionData>::KeyEntryVector;
const char kFakeAppId[] = "my_app_id";
const char kSecondFakeAppId[] = "my_other_app_id";
const char kFakeAuthorizedEntity[] = "my_sender_id";
const char kSecondFakeAuthorizedEntity[] = "my_other_sender_id";
const char kPrivateEncrypted[] =
"MIGxMBwGCiqGSIb3DQEMAQMwDgQIh9aZ3UvuDloCAggABIGQZ-T8CJZe-no4mOTDgX1Gm986"
"Gsbe3mjJeABhA4KOmut_qJh5kt_DLqdNShiQr-afk3AdkX-fxLZdrcHiW9aWvBjnMAY65zg5"
"oHsuUaoEuG88Ksbku2u193OENWTQTsYaYE2O44qmRfsX773UNVcWXg_omwIbhbgf6tLZUZH_"
"dTC3YjzuxjbSP89HPEJ-eBXA";
const char kPrivateDecrypted[] =
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgnCScek-QpEjmOOlT-rQ38nZz"
"vdPlqa00Zy0i6m2OJvahRANCAATaEQ22_OCRpvIOWeQhcbq0qrF1iddSLX1xFmFSxPOWOwmJ"
"A417CBHOGqsWGkNRvAapFwiegz6Q61rXVo_5roB1";
const char kPublicKey[] =
"BNoRDbb84JGm8g5Z5CFxurSqsXWJ11ItfXEWYVLE85Y7CYkDjXsIEc4aqxYaQ1G8BqkXCJ6D"
"PpDrWtdWj_mugHU";
// Number of cryptographically secure random bytes to generate as a key pair's
// authentication secret. Must be at least 16 bytes.
const size_t kAuthSecretBytes = 16;
} // namespace
class GCMKeyStoreTest : public ::testing::Test {
public:
GCMKeyStoreTest() {}
~GCMKeyStoreTest() override {}
void SetUp() override {
ASSERT_TRUE(scoped_temp_dir_.CreateUniqueTempDir());
CreateKeyStore();
}
void TearDown() override {
gcm_key_store_.reset();
// |gcm_key_store_| owns a ProtoDatabase whose destructor deletes the
// underlying LevelDB database on the task runner.
base::RunLoop().RunUntilIdle();
}
// Creates the GCM Key Store instance. May be called from within a test's body
// to re-create the key store, causing the database to re-open.
void CreateKeyStore() {
gcm_key_store_.reset(
new GCMKeyStore(scoped_temp_dir_.GetPath(),
task_environment_.GetMainThreadTaskRunner()));
}
// Callback to use with GCMKeyStore::{GetKeys, CreateKeys} calls.
void GotKeys(ECPrivateKeyUniquePtr* key_out,
std::string* auth_secret_out,
const base::Closure& quit_closure,
ECPrivateKeyUniquePtr key,
const std::string& auth_secret) {
*key_out = std::move(key);
*auth_secret_out = auth_secret;
if (quit_closure)
quit_closure.Run();
}
void AddOldFormatEncryptionDataToKeyStoreDatabase(
const std::string& app_id,
const std::string& authorized_entity) {
EncryptionData encryption_data;
encryption_data.set_app_id(app_id);
encryption_data.set_authorized_entity(authorized_entity);
// Create the authentication secret, which has to be a cryptographically
// secure random number of at least 128 bits (16 bytes).
std::string auth_secret;
crypto::RandBytes(base::WriteInto(&auth_secret, kAuthSecretBytes + 1),
kAuthSecretBytes);
encryption_data.set_auth_secret(auth_secret);
// Add keys.
KeyPair* pair = encryption_data.add_keys();
pair->set_type(KeyPair::ECDH_P256);
std::string private_key;
ASSERT_TRUE(base::Base64UrlDecode(
kPrivateEncrypted, base::Base64UrlDecodePolicy::IGNORE_PADDING,
&private_key));
pair->set_private_key(private_key);
std::string public_key;
ASSERT_TRUE(base::Base64UrlDecode(
kPublicKey, base::Base64UrlDecodePolicy::IGNORE_PADDING, &public_key));
pair->set_public_key(public_key);
// Add this to database.
std::unique_ptr<EntryVectorType> entries_to_save =
std::make_unique<EntryVectorType>();
std::unique_ptr<std::vector<std::string>> keys_to_remove =
std::make_unique<std::vector<std::string>>();
entries_to_save->push_back(std::make_pair(
encryption_data.app_id() + ',' + encryption_data.authorized_entity(),
encryption_data));
base::RunLoop run_loop;
gcm_key_store_->database_->UpdateEntries(
std::move(entries_to_save), std::move(keys_to_remove),
base::BindOnce(&GCMKeyStoreTest::UpdatedEntries, base::Unretained(this),
run_loop.QuitClosure()));
run_loop.Run();
}
protected:
GCMKeyStore* gcm_key_store() { return gcm_key_store_.get(); }
base::HistogramTester* histogram_tester() { return &histogram_tester_; }
void UpdatedEntries(const base::Closure& quit_closure, bool success) {
EXPECT_TRUE(success);
if (quit_closure)
quit_closure.Run();
}
private:
base::test::TaskEnvironment task_environment_;
base::ScopedTempDir scoped_temp_dir_;
base::HistogramTester histogram_tester_;
std::unique_ptr<GCMKeyStore> gcm_key_store_;
};
TEST_F(GCMKeyStoreTest, EmptyByDefault) {
// The key store is initialized lazily, so this histogram confirms that
// calling the constructor does not in fact cause initialization.
histogram_tester()->ExpectTotalCount(
"GCM.Crypto.InitKeyStoreSuccessRate", 0);
ECPrivateKeyUniquePtr key;
std::string auth_secret;
base::RunLoop run_loop;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, run_loop.QuitClosure()));
run_loop.Run();
ASSERT_FALSE(key);
EXPECT_EQ(0u, auth_secret.size());
histogram_tester()->ExpectBucketCount(
"GCM.Crypto.GetKeySuccessRate", 0, 1); // failure
}
TEST_F(GCMKeyStoreTest, CreateAndGetKeys) {
ECPrivateKeyUniquePtr key;
std::string auth_secret;
base::RunLoop run_loop;
gcm_key_store()->CreateKeys(
kFakeAppId, kFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, run_loop.QuitClosure()));
run_loop.Run();
ASSERT_TRUE(key);
std::string public_key, private_key;
ASSERT_TRUE(GetRawPrivateKey(*key, &private_key));
ASSERT_TRUE(GetRawPublicKey(*key, &public_key));
EXPECT_GT(public_key.size(), 0u);
EXPECT_GT(private_key.size(), 0u);
ASSERT_GT(auth_secret.size(), 0u);
histogram_tester()->ExpectBucketCount(
"GCM.Crypto.CreateKeySuccessRate", 1, 1); // success
ECPrivateKeyUniquePtr read_key;
std::string read_auth_secret;
base::RunLoop first_get_run_loop;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key, &read_auth_secret,
first_get_run_loop.QuitClosure()));
first_get_run_loop.Run();
ASSERT_TRUE(read_key);
std::string read_public_key, read_private_key;
ASSERT_TRUE(GetRawPrivateKey(*read_key, &read_private_key));
ASSERT_TRUE(GetRawPublicKey(*read_key, &read_public_key));
ASSERT_EQ(read_private_key, private_key);
ASSERT_EQ(read_public_key, public_key);
EXPECT_EQ(auth_secret, read_auth_secret);
histogram_tester()->ExpectBucketCount("GCM.Crypto.GetKeySuccessRate", 1,
1); // success
// GetKey should also succeed if fallback_to_empty_authorized_entity is true
// (fallback should not occur, since an exact match is found).
base::RunLoop second_get_run_loop;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
true /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key, &read_auth_secret,
second_get_run_loop.QuitClosure()));
second_get_run_loop.Run();
ASSERT_TRUE(read_key);
ASSERT_TRUE(GetRawPrivateKey(*read_key, &read_private_key));
ASSERT_TRUE(GetRawPublicKey(*read_key, &read_public_key));
ASSERT_EQ(read_private_key, private_key);
ASSERT_EQ(read_public_key, public_key);
EXPECT_EQ(auth_secret, read_auth_secret);
histogram_tester()->ExpectBucketCount("GCM.Crypto.GetKeySuccessRate", 1,
2); // another success
}
TEST_F(GCMKeyStoreTest, GetKeysFallback) {
ECPrivateKeyUniquePtr key;
std::string auth_secret;
{
base::RunLoop run_loop;
gcm_key_store()->CreateKeys(
kFakeAppId, "" /* empty authorized entity for non-InstanceID */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_TRUE(key);
std::string public_key, private_key;
ASSERT_TRUE(GetRawPrivateKey(*key, &private_key));
ASSERT_TRUE(GetRawPublicKey(*key, &public_key));
EXPECT_GT(public_key.size(), 0u);
EXPECT_GT(private_key.size(), 0u);
ASSERT_GT(auth_secret.size(), 0u);
histogram_tester()->ExpectBucketCount("GCM.Crypto.CreateKeySuccessRate", 1,
1); // success
// GetKeys should fail when fallback_to_empty_authorized_entity is false, as
// there is not an exact match for kFakeAuthorizedEntity.
ECPrivateKeyUniquePtr read_key;
std::string read_auth_secret;
{
base::RunLoop run_loop;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key, &read_auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_FALSE(read_key);
EXPECT_EQ(0u, read_auth_secret.size());
histogram_tester()->ExpectBucketCount("GCM.Crypto.GetKeySuccessRate", 0,
1); // failure
// GetKey should succeed when fallback_to_empty_authorized_entity is true, as
// falling back to empty authorized entity will match the created key.
{
base::RunLoop run_loop;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
true /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key, &read_auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_TRUE(read_key);
std::string read_public_key, read_private_key;
ASSERT_TRUE(GetRawPrivateKey(*key, &read_private_key));
ASSERT_TRUE(GetRawPublicKey(*key, &read_public_key));
EXPECT_EQ(private_key, read_private_key);
EXPECT_EQ(public_key, read_public_key);
EXPECT_EQ(auth_secret, read_auth_secret);
histogram_tester()->ExpectBucketCount("GCM.Crypto.GetKeySuccessRate", 1,
1); // success
}
TEST_F(GCMKeyStoreTest, KeysPersistenceBetweenInstances) {
ECPrivateKeyUniquePtr key;
std::string auth_secret;
{
base::RunLoop run_loop;
gcm_key_store()->CreateKeys(
kFakeAppId, kFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_TRUE(key);
histogram_tester()->ExpectBucketCount(
"GCM.Crypto.InitKeyStoreSuccessRate", 1, 1); // success
histogram_tester()->ExpectBucketCount(
"GCM.Crypto.LoadKeyStoreSuccessRate", 1, 1); // success
// Create a new GCM Key Store instance.
CreateKeyStore();
ECPrivateKeyUniquePtr read_key;
std::string read_auth_secret;
{
base::RunLoop run_loop;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key, &read_auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_TRUE(read_key);
EXPECT_GT(read_auth_secret.size(), 0u);
histogram_tester()->ExpectBucketCount(
"GCM.Crypto.InitKeyStoreSuccessRate", 1, 2); // success
histogram_tester()->ExpectBucketCount(
"GCM.Crypto.LoadKeyStoreSuccessRate", 1, 2); // success
}
TEST_F(GCMKeyStoreTest, CreateAndRemoveKeys) {
ECPrivateKeyUniquePtr key;
std::string auth_secret;
{
base::RunLoop run_loop;
gcm_key_store()->CreateKeys(
kFakeAppId, kFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_TRUE(key);
ECPrivateKeyUniquePtr read_key;
std::string read_auth_secret;
{
base::RunLoop run_loop;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key, &read_auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_TRUE(read_key);
gcm_key_store()->RemoveKeys(kFakeAppId, kFakeAuthorizedEntity,
base::DoNothing());
base::RunLoop().RunUntilIdle();
histogram_tester()->ExpectBucketCount(
"GCM.Crypto.RemoveKeySuccessRate", 1, 1); // success
{
base::RunLoop run_loop;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key, &read_auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_FALSE(read_key);
}
TEST_F(GCMKeyStoreTest, CreateGetAndRemoveKeysSynchronously) {
ECPrivateKeyUniquePtr key;
std::string auth_secret;
gcm_key_store()->CreateKeys(
kFakeAppId, kFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, base::Closure()));
// Continue synchronously, without running RunUntilIdle first.
ECPrivateKeyUniquePtr key_after_create;
std::string auth_secret_after_create;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&key_after_create, &auth_secret_after_create,
base::Closure()));
// Continue synchronously, without running RunUntilIdle first.
gcm_key_store()->RemoveKeys(kFakeAppId, kFakeAuthorizedEntity,
base::DoNothing());
// Continue synchronously, without running RunUntilIdle first.
ECPrivateKeyUniquePtr key_after_remove;
std::string auth_secret_after_remove;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&key_after_remove, &auth_secret_after_remove,
base::Closure()));
base::RunLoop().RunUntilIdle();
histogram_tester()->ExpectBucketCount("GCM.Crypto.RemoveKeySuccessRate", 1,
1); // success
ECPrivateKeyUniquePtr key_after_idle;
std::string auth_secret_after_idle;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&key_after_idle, &auth_secret_after_idle,
base::Closure()));
base::RunLoop().RunUntilIdle();
ASSERT_TRUE(key);
ASSERT_TRUE(key_after_create);
EXPECT_FALSE(key_after_remove);
EXPECT_FALSE(key_after_idle);
std::string public_key, public_key_after_create;
ASSERT_TRUE(GetRawPublicKey(*key, &public_key));
ASSERT_TRUE(GetRawPublicKey(*key, &public_key_after_create));
EXPECT_EQ(public_key, public_key_after_create);
EXPECT_GT(auth_secret.size(), 0u);
EXPECT_EQ(auth_secret, auth_secret_after_create);
EXPECT_EQ("", auth_secret_after_remove);
EXPECT_EQ("", auth_secret_after_idle);
}
TEST_F(GCMKeyStoreTest, RemoveKeysWildcardAuthorizedEntity) {
ECPrivateKeyUniquePtr key1, key2, key3;
std::string auth_secret1, auth_secret2, auth_secret3;
gcm_key_store()->CreateKeys(
kFakeAppId, kFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key1,
&auth_secret1, base::Closure()));
gcm_key_store()->CreateKeys(
kFakeAppId, kSecondFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key2,
&auth_secret2, base::Closure()));
gcm_key_store()->CreateKeys(
kSecondFakeAppId, kFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key3,
&auth_secret3, base::Closure()));
base::RunLoop().RunUntilIdle();
ASSERT_TRUE(key1);
ASSERT_TRUE(key2);
ASSERT_TRUE(key3);
ECPrivateKeyUniquePtr read_key1, read_key2, read_key3;
std::string read_auth_secret1, read_auth_secret2, read_auth_secret3;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key1, &read_auth_secret1, base::Closure()));
gcm_key_store()->GetKeys(
kFakeAppId, kSecondFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key2, &read_auth_secret2, base::Closure()));
gcm_key_store()->GetKeys(
kSecondFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key3, &read_auth_secret3, base::Closure()));
base::RunLoop().RunUntilIdle();
ASSERT_TRUE(read_key1);
ASSERT_TRUE(read_key2);
ASSERT_TRUE(read_key3);
gcm_key_store()->RemoveKeys(kFakeAppId, "*" /* authorized_entity */,
base::DoNothing());
base::RunLoop().RunUntilIdle();
histogram_tester()->ExpectBucketCount("GCM.Crypto.RemoveKeySuccessRate", 1,
1); // success
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key1, &read_auth_secret1, base::Closure()));
gcm_key_store()->GetKeys(
kFakeAppId, kSecondFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key2, &read_auth_secret2, base::Closure()));
gcm_key_store()->GetKeys(
kSecondFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key3, &read_auth_secret3, base::Closure()));
base::RunLoop().RunUntilIdle();
EXPECT_FALSE(read_key1);
EXPECT_FALSE(read_key2);
ASSERT_TRUE(read_key3);
}
TEST_F(GCMKeyStoreTest, GetKeysMultipleAppIds) {
ECPrivateKeyUniquePtr key;
std::string auth_secret;
{
base::RunLoop run_loop;
gcm_key_store()->CreateKeys(
kFakeAppId, kFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_TRUE(key);
{
base::RunLoop run_loop;
gcm_key_store()->CreateKeys(
kSecondFakeAppId, kSecondFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_TRUE(key);
ECPrivateKeyUniquePtr read_key;
std::string read_auth_secret;
{
base::RunLoop run_loop;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key, &read_auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_TRUE(read_key);
}
TEST_F(GCMKeyStoreTest, SuccessiveCallsBeforeInitialization) {
ECPrivateKeyUniquePtr key;
std::string auth_secret;
gcm_key_store()->CreateKeys(
kFakeAppId, kFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, base::Closure()));
// Deliberately do not run the message loop, so that the callback has not
// been resolved yet. The following EXPECT() ensures this.
EXPECT_FALSE(key);
ECPrivateKeyUniquePtr read_key;
std::string read_auth_secret;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&read_key, &read_auth_secret, base::Closure()));
EXPECT_FALSE(read_key);
// Now run the message loop. Both tasks should have finished executing. Due
// to the asynchronous nature of operations, however, we can't rely on the
// write to have finished before the read begins.
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(key);
}
TEST_F(GCMKeyStoreTest, CannotShareAppIdFromGCMToInstanceID) {
ECPrivateKeyUniquePtr key_unused;
std::string auth_secret_unused;
{
base::RunLoop run_loop;
gcm_key_store()->CreateKeys(
kFakeAppId, "" /* empty authorized entity for non-InstanceID */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&key_unused, &auth_secret_unused,
run_loop.QuitClosure()));
run_loop.Run();
}
EXPECT_DCHECK_DEATH({
base::RunLoop run_loop;
gcm_key_store()->CreateKeys(
kFakeAppId, kFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&key_unused, &auth_secret_unused,
run_loop.QuitClosure()));
run_loop.Run();
});
}
TEST_F(GCMKeyStoreTest, CannotShareAppIdFromInstanceIDToGCM) {
ECPrivateKeyUniquePtr key_unused;
std::string auth_secret_unused;
{
base::RunLoop run_loop;
gcm_key_store()->CreateKeys(
kFakeAppId, kFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&key_unused, &auth_secret_unused,
run_loop.QuitClosure()));
run_loop.Run();
}
{
base::RunLoop run_loop;
gcm_key_store()->CreateKeys(
kFakeAppId, kSecondFakeAuthorizedEntity,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&key_unused, &auth_secret_unused,
run_loop.QuitClosure()));
run_loop.Run();
}
EXPECT_DCHECK_DEATH({
base::RunLoop run_loop;
gcm_key_store()->CreateKeys(
kFakeAppId, "" /* empty authorized entity for non-InstanceID */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this),
&key_unused, &auth_secret_unused,
run_loop.QuitClosure()));
run_loop.Run();
});
}
TEST_F(GCMKeyStoreTest, TestUpgradePathForKeyStorageDeprecation) {
// Expect Upgrade count to be 0.
histogram_tester()->ExpectTotalCount("GCM.Crypto.GCMDatabaseUpgradeResult",
0);
// Initialize GCM store and the underlying levelDB database by trying
// to fetch keys.
ECPrivateKeyUniquePtr key;
std::string auth_secret;
{
base::RunLoop run_loop;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_FALSE(key);
histogram_tester()->ExpectTotalCount("GCM.Crypto.GCMDatabaseUpgradeResult",
0);
// Add old format Encryption Data.
ASSERT_NO_FATAL_FAILURE(AddOldFormatEncryptionDataToKeyStoreDatabase(
kFakeAppId, kFakeAuthorizedEntity));
// Create a new GCM Key Store instance, so we can initialize again.
CreateKeyStore();
// GetKeys again, verify private key is decrypted and we have upgraded
// database exactly once
{
base::RunLoop run_loop;
gcm_key_store()->GetKeys(
kFakeAppId, kFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
histogram_tester()->ExpectBucketCount("GCM.Crypto.GCMDatabaseUpgradeResult",
1, 1);
ASSERT_TRUE(key);
ASSERT_GT(auth_secret.size(), 0u);
// Verify also that the private key is decrypted.
std::string read_private_key;
ASSERT_TRUE(GetRawPrivateKey(*key, &read_private_key));
std::string decrypted_private_key;
ASSERT_TRUE(base::Base64UrlDecode(kPrivateDecrypted,
base::Base64UrlDecodePolicy::IGNORE_PADDING,
&decrypted_private_key));
ASSERT_EQ(decrypted_private_key, read_private_key);
// AddOldFormatEncryptionDataToKeyStoreDatabase() again, different keys
ASSERT_NO_FATAL_FAILURE(AddOldFormatEncryptionDataToKeyStoreDatabase(
kSecondFakeAppId, kSecondFakeAuthorizedEntity));
// GetKeys on this one, should return nullptr
{
base::RunLoop run_loop;
gcm_key_store()->GetKeys(
kSecondFakeAppId, kSecondFakeAuthorizedEntity,
false /* fallback_to_empty_authorized_entity */,
base::BindOnce(&GCMKeyStoreTest::GotKeys, base::Unretained(this), &key,
&auth_secret, run_loop.QuitClosure()));
run_loop.Run();
}
ASSERT_FALSE(key);
ASSERT_EQ(auth_secret.size(), 0u);
// GCMDatabaseUpgradeResult should not have increased.
histogram_tester()->ExpectBucketCount("GCM.Crypto.GCMDatabaseUpgradeResult",
1, 1);
}
} // namespace gcm