Add ability to pass decryption key id to CreateSecureMessage method

This should enable the message receiver to identify a key to be used for message decryption. BUG=409099 (depends on https://codereview.chromium.org/513013003/) Review URL: https://codereview.chromium.org/518643002 Cr-Commit-Position: refs/heads/master@{#293006}

Add ability to pass decryption key id to CreateSecureMessage method
This should enable the message receiver to identify a key to be used for message decryption. BUG=409099 (depends on https://codereview.chromium.org/513013003/) Review URL: https://codereview.chromium.org/518643002 Cr-Commit-Position: refs/heads/master@{#293006}
042e34f6 · tbarzic · Commit bot · dad38738 · 042e34f6 · 042e34f6
Commit 042e34f6 authored Sep 02, 2014 by tbarzic Committed by Commit bot Sep 02, 2014
11 changed files
--- a/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_api.cc
+++ b/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_api.cc
@@ -324,6 +324,8 @@ bool EasyUnlockPrivateCreateSecureMessageFunction::RunAsync() {
          *params->options.public_metadata : std::string(),
      params->options.verification_key_id ?
          *params->options.verification_key_id : std::string(),
+      params->options.decryption_key_id ?
+          *params->options.decryption_key_id : std::string(),
      params->options.encrypt_type,
      params->options.sign_type,
      base::Bind(&EasyUnlockPrivateCreateSecureMessageFunction::OnData,

--- a/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_api_chromeos_unittest.cc
+++ b/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_api_chromeos_unittest.cc
@@ -173,6 +173,7 @@ TEST_F(EasyUnlockPrivateApiTest, CreateSecureMessage) {
      "ASSOCIATED_DATA",
      "PUBLIC_METADATA",
      "VERIFICATION_KEY_ID",
+      "DECRYPTION_KEY_ID",
      easy_unlock::kEncryptionTypeAES256CBC,
      easy_unlock::kSignatureTypeHMACSHA256,
      base::Bind(&CopyData, &expected_result));
@@ -187,6 +188,8 @@ TEST_F(EasyUnlockPrivateApiTest, CreateSecureMessage) {
  options->Set("publicMetadata", StringToBinaryValue("PUBLIC_METADATA"));
  options->Set("verificationKeyId",
               StringToBinaryValue("VERIFICATION_KEY_ID"));
+  options->Set("decryptionKeyId",
+               StringToBinaryValue("DECRYPTION_KEY_ID"));
  options->SetString(
      "encryptType",
      api::ToString(api::ENCRYPTION_TYPE_AES_256_CBC));
@@ -212,9 +215,10 @@ TEST_F(EasyUnlockPrivateApiTest, CreateSecureMessage_EmptyOptions) {
  client_->CreateSecureMessage(
      "PAYLOAD",
      "KEY",
-      "",
-      "",
-      "",
+      "",  // associated data
+      "",  // public metadata
+      "",  // verification key id
+      "",  // decryption key id
      easy_unlock::kEncryptionTypeNone,
      easy_unlock::kSignatureTypeHMACSHA256,
      base::Bind(&CopyData, &expected_result));
@@ -245,8 +249,9 @@ TEST_F(EasyUnlockPrivateApiTest, CreateSecureMessage_AsymmetricSign) {
      "PAYLOAD",
      "KEY",
      "ASSOCIATED_DATA",
-      "",
+      "",  // public metadata
      "VERIFICATION_KEY_ID",
+      "",  // decryption key id
      easy_unlock::kEncryptionTypeNone,
      easy_unlock::kSignatureTypeECDSAP256SHA256,
      base::Bind(&CopyData, &expected_result));
@@ -320,7 +325,7 @@ TEST_F(EasyUnlockPrivateApiTest, UnwrapSecureMessage_EmptyOptions) {
  client_->UnwrapSecureMessage(
      "MESSAGE",
      "KEY",
-      "",
+      "",  // associated data
      easy_unlock::kEncryptionTypeNone,
      easy_unlock::kSignatureTypeHMACSHA256,
      base::Bind(&CopyData, &expected_result));

--- a/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate.h
+++ b/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate.h
@@ -41,6 +41,7 @@ class EasyUnlockPrivateCryptoDelegate {
      const std::string& associated_data,
      const std::string& public_metadata,
      const std::string& verification_key_id,
+      const std::string& decryption_key_id,
      easy_unlock_private::EncryptionType encryption_type,
      easy_unlock_private::SignatureType signature_type,
      const DataCallback& callback) = 0;

--- a/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate_chromeos.cc
+++ b/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate_chromeos.cc
@@ -64,6 +64,7 @@ class EasyUnlockPrivateCryptoDelegateChromeOS
      const std::string& associated_data,
      const std::string& public_metadata,
      const std::string& verification_key_id,
+      const std::string& decryption_key_id,
      easy_unlock_private::EncryptionType encryption_type,
      easy_unlock_private::SignatureType signature_type,
      const DataCallback& callback) OVERRIDE {
@@ -72,6 +73,7 @@ class EasyUnlockPrivateCryptoDelegateChromeOS
                                      associated_data,
                                      public_metadata,
                                      verification_key_id,
+                                      decryption_key_id,
                                      EncryptionTypeToString(encryption_type),
                                      SignatureTypeToString(signature_type),
                                      callback);

--- a/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate_stub.cc
+++ b/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate_stub.cc
@@ -33,6 +33,7 @@ class EasyUnlockPrivateCryptoDelegateStub
      const std::string& associated_data,
      const std::string& public_metadata,
      const std::string& verification_key_id,
+      const std::string& decryption_key_id,
      easy_unlock_private::EncryptionType encryption_type,
      easy_unlock_private::SignatureType signature_type,
      const DataCallback& callback) OVERRIDE {

--- a/chrome/common/extensions/api/easy_unlock_private.idl
+++ b/chrome/common/extensions/api/easy_unlock_private.idl
@@ -77,11 +77,15 @@
    ArrayBuffer? publicMetadata;

    // Verification key id added to the message header. Should be set if the
-    // message is signed using |ECDSA_P256_SHA256|. It's used by the message
+    // message is signed using |ECDSA_P256_SHA256|. Used by the message
    // recepient to determine which key should be used to verify the message
    // signature.
    ArrayBuffer? verificationKeyId;

+    // Decryption key id added to the message header. Used by the message
+    // recepient to determine which key should be used to decrypt the message.
+    ArrayBuffer? decryptionKeyId;
+
    // The encryption algorithm that should be used to encrypt the message.
    // Should not be set for a cleartext message.
    EncryptionType? encryptType;

--- a/chromeos/dbus/easy_unlock_client.cc
+++ b/chromeos/dbus/easy_unlock_client.cc
@@ -78,6 +78,7 @@ class EasyUnlockClientImpl : public EasyUnlockClient {
                                   const std::string& associated_data,
                                   const std::string& public_metadata,
                                   const std::string& verification_key_id,
+                                   const std::string& decryption_key_id,
                                   const std::string& encryption_type,
                                   const std::string& signature_type,
                                   const DataCallback& callback) OVERRIDE {
@@ -92,6 +93,7 @@ class EasyUnlockClientImpl : public EasyUnlockClient {
    AppendStringAsByteArray(associated_data, &writer);
    AppendStringAsByteArray(public_metadata, &writer);
    AppendStringAsByteArray(verification_key_id, &writer);
+    AppendStringAsByteArray(decryption_key_id, &writer);
    writer.AppendString(encryption_type);
    writer.AppendString(signature_type);
    proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT,

--- a/chromeos/dbus/easy_unlock_client.h
+++ b/chromeos/dbus/easy_unlock_client.h
@@ -62,6 +62,9 @@ class CHROMEOS_EXPORT EasyUnlockClient : public DBusClient {
  //     set if the message is signed with private asymetric key. This value
  //     is used by the receiver to identify the public key that should be used
  //     to verify the signature.
+  // |decryption_key_id|: Key id added to the message header. Used by the
+  //     message receiver to identify the key that should be used to decrypt
+  //     the message.
  // |encryption_type|: The encryption algorithm to use for encrypting the
  //     message. (May be set to none).
  // |signature_type|: The algorithm to use to sign the message.
@@ -72,6 +75,7 @@ class CHROMEOS_EXPORT EasyUnlockClient : public DBusClient {
                                   const std::string& associated_data,
                                   const std::string& public_metadata,
                                   const std::string& verification_key_id,
+                                   const std::string& decryption_key_id,
                                   const std::string& encryption_type,
                                   const std::string& signature_type,
                                   const DataCallback& callback) = 0;

--- a/chromeos/dbus/fake_easy_unlock_client.cc
+++ b/chromeos/dbus/fake_easy_unlock_client.cc
@@ -99,6 +99,7 @@ void FakeEasyUnlockClient::CreateSecureMessage(
    const std::string& associated_data,
    const std::string& public_metadata,
    const std::string& verification_key_id,
+    const std::string& decryption_key_id,
    const std::string& encryption_type,
    const std::string& signature_type,
    const DataCallback& callback) {
@@ -109,6 +110,7 @@ void FakeEasyUnlockClient::CreateSecureMessage(
          "\"associated_data\": \"%s\","
          "\"public_metadata\": \"%s\","
          "\"verification_key_id\": \"%s\","
+          "\"decryption_key_id\": \"%s\","
          "\"encryption_type\": \"%s\","
          "\"signature_type\": \"%s\""
      "}}",
@@ -117,6 +119,7 @@ void FakeEasyUnlockClient::CreateSecureMessage(
      associated_data.c_str(),
      public_metadata.c_str(),
      verification_key_id.c_str(),
+      decryption_key_id.c_str(),
      encryption_type.c_str(),
      signature_type.c_str()));
 }

--- a/chromeos/dbus/fake_easy_unlock_client.h
+++ b/chromeos/dbus/fake_easy_unlock_client.h
@@ -33,6 +33,7 @@ class CHROMEOS_EXPORT FakeEasyUnlockClient : public EasyUnlockClient {
                                   const std::string& associated_data,
                                   const std::string& public_metadata,
                                   const std::string& verification_key_id,
+                                   const std::string& decryption_key_id,
                                   const std::string& encryption_type,
                                   const std::string& signature_type,
                                   const DataCallback& callback) OVERRIDE;

--- a/chromeos/dbus/fake_easy_unlock_client_unittest.cc
+++ b/chromeos/dbus/fake_easy_unlock_client_unittest.cc
@@ -209,6 +209,7 @@ TEST(FakeEasyUnlockClientTest, CreateSecureMessage) {
      "ASSOCIATED_DATA",
      "PUBLIC_METADATA",
      "VERIFICATION_KEY_ID",
+      "DECRYPTION_KEY_ID",
      "ENCRYPTION_TYPE",
      "SIGNATURE_TYPE",
      base::Bind(&RecordData, &message));
@@ -220,6 +221,7 @@ TEST(FakeEasyUnlockClientTest, CreateSecureMessage) {
          "\"associated_data\": \"ASSOCIATED_DATA\","
          "\"public_metadata\": \"PUBLIC_METADATA\","
          "\"verification_key_id\": \"VERIFICATION_KEY_ID\","
+          "\"decryption_key_id\": \"DECRYPTION_KEY_ID\","
          "\"encryption_type\": \"ENCRYPTION_TYPE\","
          "\"signature_type\": \"SIGNATURE_TYPE\"}"
      "}");