Declarations for go/chrome-reporting-encryption.

Fake implementation and unittests are provided, real implementation will
follow.

Bug: b:153649905
Change-Id: I00972b8a5e15b98ff21f6cc70ab4a6c31e6d9848
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2302881
Commit-Queue: Leonid Baraz <lbaraz@chromium.org>
Reviewed-by: Zach Trudo <zatrudo@google.com>
Cr-Commit-Position: refs/heads/master@{#797055}

chrome/browser/BUILD.gn

@@ -1160,8 +1160,16 @@ static_library("browser") {
     "policy/homepage_location_policy_handler.h",
     "policy/javascript_policy_handler.cc",
     "policy/javascript_policy_handler.h",
+    "policy/messaging_layer/encryption/decryption.cc",
+    "policy/messaging_layer/encryption/decryption.h",
+    "policy/messaging_layer/encryption/encryption.cc",
+    "policy/messaging_layer/encryption/encryption.h",
     "policy/messaging_layer/encryption/encryption_module.cc",
     "policy/messaging_layer/encryption/encryption_module.h",
+    "policy/messaging_layer/encryption/fake_decryption.cc",
+    "policy/messaging_layer/encryption/fake_decryption.h",
+    "policy/messaging_layer/encryption/fake_encryption.cc",
+    "policy/messaging_layer/encryption/fake_encryption.h",
     "policy/messaging_layer/public/report_client.cc",
     "policy/messaging_layer/public/report_client.h",
     "policy/messaging_layer/public/report_queue.cc",

chrome/browser/policy/messaging_layer/encryption/decryption.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <string>
+
+#include "base/hash/hash.h"
+#include "base/strings/strcat.h"
+#include "base/task/post_task.h"
+#include "base/task_runner.h"
+#include "chrome/browser/policy/messaging_layer/encryption/decryption.h"
+
+namespace reporting {
+
+DecryptorBase::Handle::Handle(scoped_refptr<DecryptorBase> decryptor)
+    : decryptor_(decryptor) {}
+
+DecryptorBase::Handle::~Handle() = default;
+
+DecryptorBase::DecryptorBase()
+    : keys_sequenced_task_runner_(base::ThreadPool::CreateSequencedTaskRunner(
+          {base::TaskPriority::BEST_EFFORT, base::MayBlock()})) {
+  DETACH_FROM_SEQUENCE(keys_sequence_checker_);
+}
+
+DecryptorBase::~DecryptorBase() = default;
+
+void DecryptorBase::RecordKeyPair(base::StringPiece private_key,
+                                  base::StringPiece public_key,
+                                  base::OnceCallback<void(Status)> cb) {
+  // Schedule key recording on the sequenced task runner.
+  keys_sequenced_task_runner_->PostTask(
+      FROM_HERE,
+      base::BindOnce(
+          [](std::string public_key, KeyInfo key_info,
+             base::OnceCallback<void(Status)> cb,
+             scoped_refptr<DecryptorBase> decryptor) {
+            DCHECK_CALLED_ON_VALID_SEQUENCE(decryptor->keys_sequence_checker_);
+            Status result;
+            if (!decryptor->keys_
+                     .emplace(base::PersistentHash(public_key.data(),
+                                                   public_key.size()),
+                              key_info)
+                     .second) {
+              result = Status(error::ALREADY_EXISTS,
+                              base::StrCat({"Public key='", public_key,
+                                            "' already recorded"}));
+            }
+            // Schedule response on a generic thread pool.
+            base::ThreadPool::PostTask(
+                FROM_HERE,
+                base::BindOnce([](base::OnceCallback<void(Status)> cb,
+                                  Status result) { std::move(cb).Run(result); },
+                               std::move(cb), result));
+          },
+          std::string(public_key),
+          KeyInfo{.private_key = std::string(private_key),
+                  .time_stamp = base::Time::Now()},
+          std::move(cb), base::WrapRefCounted(this)));
+}
+
+void DecryptorBase::RetrieveMatchingPrivateKey(
+    uint32_t public_key_id,
+    base::OnceCallback<void(StatusOr<std::string>)> cb) {
+  // Schedule key retrieval on the sequenced task runner.
+  keys_sequenced_task_runner_->PostTask(
+      FROM_HERE,
+      base::BindOnce(
+          [](uint32_t public_key_id,
+             base::OnceCallback<void(StatusOr<std::string>)> cb,
+             scoped_refptr<DecryptorBase> decryptor) {
+            DCHECK_CALLED_ON_VALID_SEQUENCE(decryptor->keys_sequence_checker_);
+            auto key_info_it = decryptor->keys_.find(public_key_id);
+            // Schedule response on a generic thread pool.
+            base::ThreadPool::PostTask(
+                FROM_HERE,
+                base::BindOnce(
+                    [](base::OnceCallback<void(StatusOr<std::string>)> cb,
+                       StatusOr<std::string> result) {
+                      std::move(cb).Run(result);
+                    },
+                    std::move(cb),
+                    key_info_it == decryptor->keys_.end()
+                        ? StatusOr<std::string>(Status(
+                              error::NOT_FOUND, "Matching key not found"))
+                        : key_info_it->second.private_key));
+          },
+          public_key_id, std::move(cb), base::WrapRefCounted(this)));
+}
+
+}  // namespace reporting

chrome/browser/policy/messaging_layer/encryption/decryption.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_DECRYPTION_H_
+#define CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_DECRYPTION_H_
+
+#include <string>
+
+#include "base/callback.h"
+#include "base/containers/flat_map.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_refptr.h"
+#include "base/strings/string_piece.h"
+#include "base/threading/thread.h"
+#include "base/threading/thread_task_runner_handle.h"
+#include "chrome/browser/policy/messaging_layer/util/status.h"
+#include "chrome/browser/policy/messaging_layer/util/statusor.h"
+
+namespace reporting {
+
+// Interface to the encryption.
+// Instantiated by an implementation-specific factory:
+//   StatusOr<scoped_refptr<DecryptorBase>> Create(
+//       implementation-specific parameters);
+// The implementation class should never be used directly by the server code.
+// Note: Production implementation should be written or enclosed in Java code
+// for the server to use.
+class DecryptorBase : public base::RefCountedThreadSafe<DecryptorBase> {
+ public:
+  // Decryption record handle, which is created by |OpenRecord| and can accept
+  // pieces of data to be decrypted as one record by calling |AddToRecord|
+  // multiple times. Resulting decrypted record is available once |CloseRecord|
+  // is called.
+  class Handle {
+   public:
+    // Adds piece of data to the record.
+    virtual void AddToRecord(base::StringPiece data,
+                             base::OnceCallback<void(Status)> cb) = 0;
+
+    // Closes and attempts to decrypt the record. Hands over the decrypted data
+    // to be processed by the server (or Status if unsuccessful). Accesses key
+    // store to attempt all private keys that are considered to be valid,
+    // starting with the one that matches the hash. Self-destructs after the
+    // callback.
+    virtual void CloseRecord(
+        base::OnceCallback<void(StatusOr<base::StringPiece>)> cb) = 0;
+
+   protected:
+    explicit Handle(scoped_refptr<DecryptorBase> decryptor);
+
+    // Destructor is non-public, because the object can only self-destruct by
+    // |CloseRecord|.
+    virtual ~Handle();
+
+    DecryptorBase* decryptor() const { return decryptor_.get(); }
+
+   private:
+    scoped_refptr<DecryptorBase> decryptor_;
+  };
+
+  // Factory method creates new record to collect data and decrypt them with the
+  // given encrypted key. Hands the handle raw pointer over to the callback, or
+  // error status (e.g., “decryption is not enabled yet”)
+  virtual void OpenRecord(base::StringPiece encrypted_key,
+                          base::OnceCallback<void(StatusOr<Handle*>)> cb) = 0;
+
+  // Decrypts symmetric key with asymmetric private key and returns unencrypted
+  // key or error status (e.g., “decryption is not enabled yet”)
+  virtual StatusOr<std::string> DecryptKey(base::StringPiece public_key,
+                                           base::StringPiece encrypted_key) = 0;
+
+  // Records a key pair (store only private key).
+  // Executes on a sequenced thread, returns with callback.
+  void RecordKeyPair(base::StringPiece private_key,
+                     base::StringPiece public_key,
+                     base::OnceCallback<void(Status)> cb);
+
+  // Retrieves private key matching the public key hash.
+  // Executes on a sequenced thread, returns with callback.
+  void RetrieveMatchingPrivateKey(
+      uint32_t public_key_id,
+      base::OnceCallback<void(StatusOr<std::string>)> cb);
+
+ protected:
+  DecryptorBase();
+  virtual ~DecryptorBase();
+
+ private:
+  friend base::RefCountedThreadSafe<DecryptorBase>;
+
+  // Map of hash(public_key)->{public key, private key, time stamp}
+  // Private key is located by the hash of a public key, sent together with the
+  // encrypted record. Keys older than pre-defined threshold are discarded.
+  struct KeyInfo {
+    std::string private_key;
+    base::Time time_stamp;
+  };
+  base::flat_map<uint32_t, KeyInfo> keys_;
+
+  // Sequential task runner for all keys_ activities: recording, lookup, purge.
+  scoped_refptr<base::SequencedTaskRunner> keys_sequenced_task_runner_;
+
+  SEQUENCE_CHECKER(keys_sequence_checker_);
+};
+
+}  // namespace reporting
+
+#endif  // CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_DECRYPTION_H_

chrome/browser/policy/messaging_layer/encryption/encryption.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <string>
+#include <utility>
+
+#include "base/hash/hash.h"
+#include "base/task/post_task.h"
+#include "base/task_runner.h"
+#include "chrome/browser/policy/messaging_layer/encryption/encryption.h"
+
+namespace reporting {
+
+EncryptorBase::Handle::Handle(scoped_refptr<EncryptorBase> encryptor)
+    : encryptor_(encryptor) {}
+
+EncryptorBase::Handle::~Handle() = default;
+
+EncryptorBase::EncryptorBase()
+    : asymmetric_key_sequenced_task_runner_(
+          base::ThreadPool::CreateSequencedTaskRunner(
+              {base::TaskPriority::BEST_EFFORT, base::MayBlock()})) {
+  DETACH_FROM_SEQUENCE(asymmetric_key_sequence_checker_);
+}
+
+EncryptorBase::~EncryptorBase() = default;
+
+void EncryptorBase::UpdateAsymmetricKey(
+    base::StringPiece new_key,
+    base::OnceCallback<void(Status)> response_cb) {
+  if (new_key.empty()) {
+    std::move(response_cb)
+        .Run(Status(error::INVALID_ARGUMENT, "Provided key is empty"));
+    return;
+  }
+
+  // Schedule key update on the sequenced task runner.
+  asymmetric_key_sequenced_task_runner_->PostTask(
+      FROM_HERE, base::BindOnce(
+                     [](base::StringPiece new_key,
+                        scoped_refptr<EncryptorBase> encryptor) {
+                       encryptor->asymmetric_key_ = std::string(new_key);
+                     },
+                     new_key, base::WrapRefCounted(this)));
+
+  // Response OK not waiting for the update.
+  std::move(response_cb).Run(Status::StatusOK());
+}
+
+void EncryptorBase::RetrieveAsymmetricKey(
+    base::OnceCallback<void(StatusOr<std::string>)> cb) {
+  // Schedule key retrueval on the sequenced task runner.
+  asymmetric_key_sequenced_task_runner_->PostTask(
+      FROM_HERE,
+      base::BindOnce(
+          [](base::OnceCallback<void(StatusOr<std::string>)> cb,
+             scoped_refptr<EncryptorBase> encryptor) {
+            DCHECK_CALLED_ON_VALID_SEQUENCE(
+                encryptor->asymmetric_key_sequence_checker_);
+            StatusOr<std::string> response;
+            // Schedule response on regular thread pool.
+            base::ThreadPool::PostTask(
+                FROM_HERE,
+                base::BindOnce(
+                    [](base::OnceCallback<void(StatusOr<std::string>)> cb,
+                       StatusOr<std::string> response) {
+                      std::move(cb).Run(response);
+                    },
+                    std::move(cb),
+                    !encryptor->asymmetric_key_.has_value()
+                        ? StatusOr<std::string>(Status(
+                              error::NOT_FOUND, "Asymmetric key not set"))
+                        : encryptor->asymmetric_key_.value()));
+          },
+          std::move(cb), base::WrapRefCounted(this)));
+}
+
+void EncryptorBase::EncryptKey(
+    base::StringPiece symmetric_key,
+    base::OnceCallback<void(StatusOr<std::pair<uint32_t, std::string>>)> cb) {
+  RetrieveAsymmetricKey(base::BindOnce(
+      [](base::StringPiece symmetric_key,
+         scoped_refptr<EncryptorBase> encryptor,
+         base::OnceCallback<void(StatusOr<std::pair<uint32_t, std::string>>)>
+             cb,
+         StatusOr<std::string> asymmetric_key_result) {
+        if (!asymmetric_key_result.ok()) {
+          std::move(cb).Run(asymmetric_key_result.status());
+          return;
+        }
+        const auto& asymmetric_key = asymmetric_key_result.ValueOrDie();
+        std::move(cb).Run(std::make_pair(
+            base::PersistentHash(asymmetric_key),
+            encryptor->EncryptSymmetricKey(symmetric_key, asymmetric_key)));
+      },
+      std::string(symmetric_key), base::WrapRefCounted(this), std::move(cb)));
+}
+
+}  // namespace reporting

chrome/browser/policy/messaging_layer/encryption/encryption.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_ENCRYPTION_H_
+#define CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_ENCRYPTION_H_
+
+#include <string>
+#include <utility>
+
+#include "base/callback.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_refptr.h"
+#include "base/optional.h"
+#include "base/strings/string_piece.h"
+#include "chrome/browser/policy/messaging_layer/util/status.h"
+#include "chrome/browser/policy/messaging_layer/util/statusor.h"
+#include "components/policy/proto/record.pb.h"
+
+namespace reporting {
+
+// Interface to the encryption.
+// Instantiated by an implementation-specific factory:
+//   StatusOr<scoped_refptr<EncryptorBase>> Create(
+//       implementation-specific parameters);
+// The implementation class should never be used directly by the client code.
+class EncryptorBase : public base::RefCountedThreadSafe<EncryptorBase> {
+ public:
+  // Encryption record handle, which is created by |OpenRecord| and can accept
+  // pieces of data to be encrypted as one record by calling |AddToRecord|
+  // multiple times. Resulting encrypted record is available once |CloseRecord|
+  // is called.
+  class Handle {
+   public:
+    // Adds piece of data to the record.
+    virtual void AddToRecord(base::StringPiece data,
+                             base::OnceCallback<void(Status)> cb) = 0;
+
+    // Closes and encrypts the record, hands over the data (encrypted with
+    // symmetric key) and the key (encrypted with asymmetric key) to be recorded
+    // by the client (or Status if unsuccessful). Self-destructs after the
+    // callback.
+    virtual void CloseRecord(
+        base::OnceCallback<void(StatusOr<EncryptedRecord>)> cb) = 0;
+
+   protected:
+    explicit Handle(scoped_refptr<EncryptorBase> encryptor);
+
+    // Destructor is non-public, because the object can only self-destruct by
+    // |CloseRecord|.
+    virtual ~Handle();
+
+    EncryptorBase* encryptor() const { return encryptor_.get(); }
+
+   private:
+    scoped_refptr<EncryptorBase> encryptor_;
+  };
+
+  // Delivers public asymmetric key to the implementation.
+  // To affect specific record, must happen before Handle::CloseRecord
+  // (it is OK to do it after OpenRecord and Handle::AddToRecord).
+  // Executes on a sequenced thread, returns with callback.
+  void UpdateAsymmetricKey(base::StringPiece new_key,
+                           base::OnceCallback<void(Status)> response_cb);
+
+  // Factory method creates new record to collect data and encrypt them.
+  // Hands the Handle raw pointer over to the callback, or error status
+  // (e.g., “encryption is not enabled yet”).
+  virtual void OpenRecord(base::OnceCallback<void(StatusOr<Handle*>)> cb) = 0;
+
+  // Encrypts symmetric key with asymmetric public key, returns encrypted key
+  // and the hash of the public key used or error status (e.g., “decryption is
+  // not enabled yet”)
+  void EncryptKey(
+      base::StringPiece key,
+      base::OnceCallback<void(StatusOr<std::pair<uint32_t, std::string>>)> cb);
+
+ protected:
+  EncryptorBase();
+  virtual ~EncryptorBase();
+
+ private:
+  friend class base::RefCountedThreadSafe<EncryptorBase>;
+
+  // Synchronously encrypts symmetric key with asymmetric.
+  // Called by |EncryptKey|.
+  virtual std::string EncryptSymmetricKey(base::StringPiece symmetric_key,
+                                          base::StringPiece asymmetric_key) = 0;
+
+  // Retrieves the current public key.
+  // Executes on a sequenced thread, returns with callback.
+  void RetrieveAsymmetricKey(
+      base::OnceCallback<void(StatusOr<std::string>)> cb);
+
+  // Public key used for asymmetric encryption of symmetric key.
+  base::Optional<std::string> asymmetric_key_;
+
+  // Sequential task runner for all asymmetric_key_ activities: update, read.
+  scoped_refptr<base::SequencedTaskRunner>
+      asymmetric_key_sequenced_task_runner_;
+
+  SEQUENCE_CHECKER(asymmetric_key_sequence_checker_);
+};
+
+}  // namespace reporting
+
+#endif  // CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_ENCRYPTION_H_

chrome/browser/policy/messaging_layer/encryption/fake_decryption.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/policy/messaging_layer/encryption/fake_decryption.h"
+
+#include "base/memory/ptr_util.h"
+#include "chrome/browser/policy/messaging_layer/util/status.h"
+#include "chrome/browser/policy/messaging_layer/util/statusor.h"
+
+namespace reporting {
+namespace test {
+
+namespace {
+// Decryption record handle for FakeDecryptor.
+class MockRecordHandle : public DecryptorBase::Handle {
+ public:
+  explicit MockRecordHandle(base::StringPiece symmetric_key,
+                            scoped_refptr<DecryptorBase> decryptor)
+      : Handle(decryptor), symmetric_key_(symmetric_key) {}
+
+  MockRecordHandle(const MockRecordHandle& other) = delete;
+  MockRecordHandle& operator=(const MockRecordHandle& other) = delete;
+
+  void AddToRecord(base::StringPiece data,
+                   base::OnceCallback<void(Status)> cb) override {
+    // Decrypt data by XORing every byte with the bytes of symmetric key and add
+    // to the record.
+    record_.reserve(record_.size() + data.size());
+    size_t key_i = 0;
+    for (const auto& data_byte : data) {
+      record_.push_back(data_byte ^ symmetric_key_[key_i++]);
+      if (key_i >= symmetric_key_.size()) {
+        key_i = 0;
+      }
+    }
+    std::move(cb).Run(Status::StatusOK());
+  }
+
+  void CloseRecord(
+      base::OnceCallback<void(StatusOr<base::StringPiece>)> cb) override {
+    std::move(cb).Run(record_);
+    delete this;
+  }
+
+ private:
+  // Symmetric key.
+  const std::string symmetric_key_;
+
+  // Accumulated decrypted data.
+  std::string record_;
+};
+
+}  // namespace
+
+StatusOr<scoped_refptr<DecryptorBase>> FakeDecryptor::Create() {
+  return base::WrapRefCounted(new FakeDecryptor());
+}
+
+FakeDecryptor::FakeDecryptor() = default;
+FakeDecryptor::~FakeDecryptor() = default;
+
+void FakeDecryptor::OpenRecord(base::StringPiece encrypted_key,
+                               base::OnceCallback<void(StatusOr<Handle*>)> cb) {
+  std::move(cb).Run(new MockRecordHandle(encrypted_key, this));
+}
+
+StatusOr<std::string> FakeDecryptor::DecryptKey(
+    base::StringPiece private_key,
+    base::StringPiece encrypted_key) {
+  if (private_key.empty()) {
+    return Status{error::FAILED_PRECONDITION, "Private key not provided"};
+  }
+  // Decrypt symmetric key.
+  // Private key is assumed to be a reverse string to the public key.
+  // If symmetric key was encrypted XORing bytes with a public key "012",
+  // decryption will use private key "210" and XOR will be from the last to the
+  // first bytes.
+  std::string unencrypted_key;
+  unencrypted_key.reserve(encrypted_key.size());
+  size_t key_i = 0;
+  for (const auto& key_byte : encrypted_key) {
+    unencrypted_key.push_back(key_byte ^
+                              private_key[private_key.size() - ++key_i]);
+    if (key_i >= private_key.size()) {
+      key_i = 0;
+    }
+  }
+  return unencrypted_key;
+}
+
+}  // namespace test
+}  // namespace reporting

chrome/browser/policy/messaging_layer/encryption/fake_decryption.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_FAKE_DECRYPTION_H_
+#define CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_FAKE_DECRYPTION_H_
+
+#include <string>
+
+#include "base/callback.h"
+#include "base/memory/scoped_refptr.h"
+#include "base/optional.h"
+#include "base/strings/string_piece.h"
+#include "chrome/browser/policy/messaging_layer/encryption/decryption.h"
+#include "chrome/browser/policy/messaging_layer/util/status.h"
+#include "chrome/browser/policy/messaging_layer/util/statusor.h"
+
+namespace reporting {
+namespace test {
+
+// Fake implementation of DecryptorBase, intended for use in tests of
+// reporting client.
+// Key decryption with asymmetric private key is done by per-byte XOR in reverse
+// order: public and private key are reverse, so if the encryption used XOR with
+// public key "012", decryption will use private key "210" and XOR will be from
+// the last to the first bytes.
+// Record decryption with symmetric key is done by per-byte XOR.
+class FakeDecryptor : public DecryptorBase {
+ public:
+  // Factory method
+  static StatusOr<scoped_refptr<DecryptorBase>> Create();
+
+  void OpenRecord(base::StringPiece encrypted_key,
+                  base::OnceCallback<void(StatusOr<Handle*>)> cb) override;
+
+  StatusOr<std::string> DecryptKey(base::StringPiece private_key,
+                                   base::StringPiece encrypted_key) override;
+
+ private:
+  FakeDecryptor();
+  ~FakeDecryptor() override;
+};
+
+}  // namespace test
+}  // namespace reporting
+
+#endif  // CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_FAKE_DECRYPTION_H_

chrome/browser/policy/messaging_layer/encryption/fake_encryption.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/policy/messaging_layer/encryption/fake_encryption.h"
+
+#include "base/bind.h"
+#include "base/callback.h"
+#include "base/hash/hash.h"
+#include "base/memory/ptr_util.h"
+#include "chrome/browser/policy/messaging_layer/util/status.h"
+#include "chrome/browser/policy/messaging_layer/util/statusor.h"
+#include "crypto/random.h"
+
+namespace reporting {
+namespace test {
+
+namespace {
+// Encryption record handle for FakeEncryptor.
+class MockRecordHandle : public EncryptorBase::Handle {
+ public:
+  explicit MockRecordHandle(base::StringPiece symmetric_key,
+                            scoped_refptr<EncryptorBase> encryptor)
+      : Handle(encryptor), symmetric_key_(symmetric_key) {}
+
+  MockRecordHandle(const MockRecordHandle& other) = delete;
+  MockRecordHandle& operator=(const MockRecordHandle& other) = delete;
+
+  void AddToRecord(base::StringPiece data,
+                   base::OnceCallback<void(Status)> cb) override {
+    // Encrypt new data by XORing every byte with the symmetric key and add to
+    // the encrypted record.
+    record_.reserve(record_.size() + data.size());
+    size_t key_i = 0;
+    for (const auto& data_byte : data) {
+      record_.push_back(data_byte ^ symmetric_key_[key_i++]);
+      if (key_i >= symmetric_key_.size()) {
+        key_i = 0;
+      }
+    }
+    std::move(cb).Run(Status::StatusOK());
+  }
+
+  void CloseRecord(
+      base::OnceCallback<void(StatusOr<EncryptedRecord>)> cb) override {
+    encryptor()->EncryptKey(
+        symmetric_key_,
+        base::BindOnce(
+            [](MockRecordHandle* handle,
+               base::OnceCallback<void(StatusOr<EncryptedRecord>)> cb,
+               StatusOr<std::pair<uint32_t, std::string>>
+                   encrypted_key_result) {
+              if (!encrypted_key_result.ok()) {
+                std::move(cb).Run(encrypted_key_result.status());
+              } else {
+                EncryptedRecord encrypted_record;
+                encrypted_record.mutable_encryption_info()->set_public_key_id(
+                    encrypted_key_result.ValueOrDie().first);
+                encrypted_record.mutable_encryption_info()->set_encryption_key(
+                    encrypted_key_result.ValueOrDie().second);
+                encrypted_record.set_encrypted_wrapped_record(handle->record_);
+                std::move(cb).Run(encrypted_record);
+              }
+              delete handle;
+            },
+            base::Unretained(this),  // will self-destruct.
+            std::move(cb)));
+  }
+
+ private:
+  // Symmetric key.
+  const std::string symmetric_key_;
+
+  // Accumulated encrypted data.
+  std::string record_;
+};
+
+}  // namespace
+
+StatusOr<scoped_refptr<EncryptorBase>> FakeEncryptor::Create() {
+  return base::WrapRefCounted(new FakeEncryptor());
+}
+
+FakeEncryptor::FakeEncryptor() = default;
+FakeEncryptor::~FakeEncryptor() = default;
+
+void FakeEncryptor::OpenRecord(base::OnceCallback<void(StatusOr<Handle*>)> cb) {
+  // For fake implementation just generate random byte string.
+  constexpr size_t symmetric_key_size = 8;
+  char symmetric_key[8];
+  crypto::RandBytes(symmetric_key, symmetric_key_size);
+  std::move(cb).Run(new MockRecordHandle(
+      std::string(symmetric_key, symmetric_key_size), this));
+}
+
+std::string FakeEncryptor::EncryptSymmetricKey(
+    base::StringPiece symmetric_key,
+    base::StringPiece asymmetric_key) {
+  // Encrypt symmetric key with public asymmetric one: XOR byte by byte.
+  std::string encrypted_key;
+  encrypted_key.reserve(symmetric_key.size());
+  size_t asymmetric_i = 0;
+  for (const auto& key_byte : symmetric_key) {
+    encrypted_key.push_back(key_byte ^ asymmetric_key[asymmetric_i++]);
+    if (asymmetric_i >= asymmetric_key.size()) {
+      asymmetric_i = 0;
+    }
+  }
+  return encrypted_key;
+}
+
+}  // namespace test
+}  // namespace reporting

chrome/browser/policy/messaging_layer/encryption/fake_encryption.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_FAKE_ENCRYPTION_H_
+#define CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_FAKE_ENCRYPTION_H_
+
+#include <string>
+
+#include "base/callback.h"
+#include "base/hash/hash.h"
+#include "base/memory/ref_counted.h"
+#include "base/strings/string_piece.h"
+#include "chrome/browser/policy/messaging_layer/encryption/encryption.h"
+#include "chrome/browser/policy/messaging_layer/util/status.h"
+#include "chrome/browser/policy/messaging_layer/util/statusor.h"
+
+namespace reporting {
+namespace test {
+
+// Fake implementation of EncryptorBase, intended for use in tests of
+// reporting client.
+// Record encryption with symmetric key is done by per-byte XOR.
+// Key encryption with asymmetric public key is also done by per-byte XOR.
+class FakeEncryptor : public EncryptorBase {
+ public:
+  // Factory method
+  static StatusOr<scoped_refptr<EncryptorBase>> Create();
+
+  void OpenRecord(base::OnceCallback<void(StatusOr<Handle*>)> cb) override;
+
+ private:
+  FakeEncryptor();
+  ~FakeEncryptor() override;
+
+  std::string EncryptSymmetricKey(base::StringPiece symmetric_key,
+                                  base::StringPiece asymmetric_key) override;
+};
+
+}  // namespace test
+}  // namespace reporting
+
+#endif  // CHROME_BROWSER_POLICY_MESSAGING_LAYER_ENCRYPTION_FAKE_ENCRYPTION_H_

chrome/test/BUILD.gn

@@ -3399,6 +3399,7 @@ test("unit_tests") {
     "../browser/policy/file_selection_dialogs_policy_handler_unittest.cc",
     "../browser/policy/homepage_location_policy_handler_unittest.cc",
     "../browser/policy/javascript_policy_handler_unittest.cc",
+    "../browser/policy/messaging_layer/encryption/fake_encryption_unittest.cc",
     "../browser/policy/messaging_layer/encryption/test_encryption_module.cc",
     "../browser/policy/messaging_layer/encryption/test_encryption_module.h",
     "../browser/policy/messaging_layer/public/report_client_unittest.cc",