Add unit tests for easyUnlockPrivate API - crypto methods

Also, adds some logic to FakeEasyUnlockClient.

BUG=407996

(note that these would have caught the crashes in bugs 404798 and 405976 :/)

Review URL: https://codereview.chromium.org/513013003

Cr-Commit-Position: refs/heads/master@{#292692}

chrome/chrome_tests_unit.gypi

@@ -858,6 +858,7 @@
         'browser/extensions/api/dial/dial_device_data_unittest.cc',
         'browser/extensions/api/dial/dial_registry_unittest.cc',
         'browser/extensions/api/dial/dial_service_unittest.cc',
+        'browser/extensions/api/easy_unlock_private/easy_unlock_private_api_chromeos_unittest.cc',
         'browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc',
         'browser/extensions/api/experience_sampling_private/experience_sampling_private_api_unittest.cc',
         'browser/extensions/api/extension_action/extension_action_prefs_unittest.cc',

chromeos/chromeos.gyp

@@ -552,6 +552,7 @@
         'dbus/blocking_method_caller_unittest.cc',
         'dbus/cros_disks_client_unittest.cc',
         'dbus/dbus_client_bundle_unittest.cc',
+        'dbus/fake_easy_unlock_client_unittest.cc',
         'dbus/gsm_sms_client_unittest.cc',
         'dbus/introspectable_client_unittest.cc',
         'dbus/modem_messaging_client_unittest.cc',

chromeos/dbus/fake_easy_unlock_client.cc

@@ -2,11 +2,55 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "base/json/json_string_value_serializer.h"
+#include "base/strings/stringprintf.h"
 #include "chromeos/dbus/fake_easy_unlock_client.h"
 
+namespace {
+
+// Keys generated using |GenerateEcP256KeyPair| are in the following format:
+// "{<key_type>: <key_pair_index>}".
+// <key_pair_index> is an integer identifying
+// the key pair.
+// <key_type> specifies whether the key is public or private. It can have one
+// of the following valies:
+const char kEc256PrivateKeyKey[] = "ec_p256_private_key";
+const char kEc256PublicKeyKey[] = "ec_p256_public_key";
+
+// Extracts key pair index from a key in format "<key_type>: <key_pair_index>}".
+int ExtractKeyPairIndexFromKey(const std::string& key,
+                               const std::string& key_type) {
+  JSONStringValueSerializer serializer(key);
+  scoped_ptr<base::Value> json_value(serializer.Deserialize(NULL, NULL));
+  if (!json_value)
+    return -1;
+
+  base::DictionaryValue* json_dictionary = NULL;
+  if (!json_value->GetAsDictionary(&json_dictionary))
+    return -1;
+
+  int key_pair_index = -1;
+  if (!json_dictionary->GetInteger(key_type, &key_pair_index))
+    return -1;
+  return key_pair_index;
+}
+
+}  // namespace
+
 namespace chromeos {
 
-FakeEasyUnlockClient::FakeEasyUnlockClient() {}
+// static
+bool FakeEasyUnlockClient::IsEcP256KeyPair(const std::string& private_key,
+                                           const std::string& public_key) {
+  int private_key_index =
+      ExtractKeyPairIndexFromKey(private_key, kEc256PrivateKeyKey);
+  int public_key_index =
+      ExtractKeyPairIndexFromKey(public_key, kEc256PublicKeyKey);
+
+  return private_key_index > 0  && public_key_index == private_key_index;
+}
+
+FakeEasyUnlockClient::FakeEasyUnlockClient() : generated_keys_count_(0) {}
 
 FakeEasyUnlockClient::~FakeEasyUnlockClient() {}
 
@@ -14,32 +58,92 @@ void FakeEasyUnlockClient::Init(dbus::Bus* bus) {}
 
 void FakeEasyUnlockClient::GenerateEcP256KeyPair(
     const KeyPairCallback& callback) {
+  ++generated_keys_count_;
+
+  callback.Run(
+      base::StringPrintf("{\"%s\": %d}",
+                         kEc256PrivateKeyKey,
+                         generated_keys_count_),
+      base::StringPrintf("{\"%s\": %d}",
+                         kEc256PublicKeyKey,
+                         generated_keys_count_));
 }
 
 void FakeEasyUnlockClient::PerformECDHKeyAgreement(
     const std::string& private_key,
     const std::string& public_key,
     const DataCallback& callback) {
+  int private_key_index =
+      ExtractKeyPairIndexFromKey(private_key, kEc256PrivateKeyKey);
+  int public_key_index =
+      ExtractKeyPairIndexFromKey(public_key, kEc256PublicKeyKey);
+  if (private_key_index < 0 || public_key_index < 0) {
+    callback.Run("");
+    return;
+  }
+
+  // ECDH key agreement should be commutative in respect to key pairs to which
+  // used keys belong, i.e. (key_pair[1].private_key, key_pair[2].public_key)
+  // and (key_pair[2].private_key, key_pair[1].public_key) should produce the
+  // same shared key. To achieve this, identify the created key by sum and
+  // product of the used key pairs.
+  callback.Run(base::StringPrintf(
+      "{\"secret_key\": [%d, %d]}",
+      private_key_index + public_key_index,
+      private_key_index * public_key_index));
 }
 
 void FakeEasyUnlockClient::CreateSecureMessage(
     const std::string& payload,
-    const std::string& secret_key,
+    const std::string& key,
     const std::string& associated_data,
     const std::string& public_metadata,
     const std::string& verification_key_id,
     const std::string& encryption_type,
     const std::string& signature_type,
     const DataCallback& callback) {
+  callback.Run(base::StringPrintf(
+      "{\"securemessage\": {"
+          "\"payload\": \"%s\","
+          "\"key\": \"%s\","
+          "\"associated_data\": \"%s\","
+          "\"public_metadata\": \"%s\","
+          "\"verification_key_id\": \"%s\","
+          "\"encryption_type\": \"%s\","
+          "\"signature_type\": \"%s\""
+      "}}",
+      payload.c_str(),
+      key.c_str(),
+      associated_data.c_str(),
+      public_metadata.c_str(),
+      verification_key_id.c_str(),
+      encryption_type.c_str(),
+      signature_type.c_str()));
 }
 
 void FakeEasyUnlockClient::UnwrapSecureMessage(
     const std::string& message,
-    const std::string& secret_key,
+    const std::string& key,
     const std::string& associated_data,
     const std::string& encryption_type,
     const std::string& signature_type,
     const DataCallback& callback) {
+  // TODO(tbarzic): Verify that |message| is in the format returned by
+  // |CreateSecureMessage| and extract payload, metadata and
+  // verification_key_id from there.
+  callback.Run(base::StringPrintf(
+      "{\"unwrapped_securemessage\": {"
+          "\"message\": \"%s\","
+          "\"key\": \"%s\","
+          "\"associated_data\": \"%s\","
+          "\"encryption_type\": \"%s\","
+          "\"signature_type\": \"%s\""
+      "}}",
+      message.c_str(),
+      key.c_str(),
+      associated_data.c_str(),
+      encryption_type.c_str(),
+      signature_type.c_str()));
 }
 
 }  // namespace chromeos

chromeos/dbus/fake_easy_unlock_client.h

@@ -14,6 +14,11 @@ namespace chromeos {
 // A fake implemetation of EasyUnlockClient.
 class CHROMEOS_EXPORT FakeEasyUnlockClient : public EasyUnlockClient {
  public:
+  // Tests if the provided keys belong to the same (fake) EC P256 key pair
+  // generated by |this|.
+  static bool IsEcP256KeyPair(const std::string& private_key,
+                              const std::string& public_key);
+
   FakeEasyUnlockClient();
   virtual ~FakeEasyUnlockClient();
 
@@ -24,7 +29,7 @@ class CHROMEOS_EXPORT FakeEasyUnlockClient : public EasyUnlockClient {
                                        const std::string& public_key,
                                        const DataCallback& callback) OVERRIDE;
   virtual void CreateSecureMessage(const std::string& payload,
-                                   const std::string& secret_key,
+                                   const std::string& key,
                                    const std::string& associated_data,
                                    const std::string& public_metadata,
                                    const std::string& verification_key_id,
@@ -32,13 +37,15 @@ class CHROMEOS_EXPORT FakeEasyUnlockClient : public EasyUnlockClient {
                                    const std::string& signature_type,
                                    const DataCallback& callback) OVERRIDE;
   virtual void UnwrapSecureMessage(const std::string& message,
-                                   const std::string& secret_key,
+                                   const std::string& key,
                                    const std::string& associated_data,
                                    const std::string& encryption_type,
                                    const std::string& signature_type,
                                    const DataCallback& callback) OVERRIDE;
 
  private:
+  int generated_keys_count_;
+
   DISALLOW_COPY_AND_ASSIGN(FakeEasyUnlockClient);
 };
 

chromeos/dbus/fake_easy_unlock_client_unittest.cc

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chromeos/dbus/fake_easy_unlock_client.h"
+
+#include <string>
+
+#include "base/bind.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace {
+
+// Callback for |GenerateEcP256KeyPair| method. Saves keys returned by the
+// method in |private_key_target| and |public_key_target|.
+void RecordKeyPair(std::string* private_key_target,
+                   std::string* public_key_target,
+                   const std::string& private_key_source,
+                   const std::string& public_key_source) {
+  *private_key_target = private_key_source;
+  *public_key_target = public_key_source;
+}
+
+// Callback for |EasyUnlockClient| methods that return a single piece of data.
+// It saves the returned data in |data_target|.
+void RecordData(std::string* data_target,
+                const std::string& data_source) {
+  *data_target = data_source;
+}
+
+TEST(FakeEasyUnlockClientTest, GenerateEcP256KeyPair) {
+  chromeos::FakeEasyUnlockClient client;
+
+  std::string private_key_1;
+  std::string public_key_1;
+  client.GenerateEcP256KeyPair(
+      base::Bind(&RecordKeyPair, &private_key_1, &public_key_1));
+  ASSERT_EQ("{\"ec_p256_private_key\": 1}", private_key_1);
+  ASSERT_EQ("{\"ec_p256_public_key\": 1}", public_key_1);
+
+  std::string private_key_2;
+  std::string public_key_2;
+  client.GenerateEcP256KeyPair(
+      base::Bind(&RecordKeyPair, &private_key_2, &public_key_2));
+  ASSERT_EQ("{\"ec_p256_private_key\": 2}", private_key_2);
+  ASSERT_EQ("{\"ec_p256_public_key\": 2}", public_key_2);
+
+  EXPECT_NE(private_key_1, private_key_2);
+  EXPECT_NE(public_key_1, public_key_2);
+}
+
+TEST(FakeEasyUnlockClientTest, IsEcP256KeyPair) {
+  ASSERT_TRUE(chromeos::FakeEasyUnlockClient::IsEcP256KeyPair(
+      "{\"ec_p256_private_key\": 12}",
+      "{\"ec_p256_public_key\": 12}"));
+}
+
+TEST(FakeEasyUnlockClientTest, IsEcP256KeyPair_KeysFromDiffrentPairs) {
+  ASSERT_FALSE(chromeos::FakeEasyUnlockClient::IsEcP256KeyPair(
+      "{\"ec_p256_private_key\": 12}",
+      "{\"ec_p256_public_key\": 34}"));
+}
+
+TEST(FakeEasyUnlockClientTest, IsEcP256KeyPair_KeyOrderSwitched) {
+  ASSERT_FALSE(chromeos::FakeEasyUnlockClient::IsEcP256KeyPair(
+      "{\"ec_p256_public_key\": 34}",
+      "{\"ec_p256_private_key\": 34}"));
+}
+
+TEST(FakeEasyUnlockClientTest, IsEcP256KeyPair_PrivateKeyInvalidFormat) {
+  ASSERT_FALSE(chromeos::FakeEasyUnlockClient::IsEcP256KeyPair(
+      "\"ec_p256_private_key\": 12",
+      "{\"ec_p256_public_key\": 12}"));
+}
+
+TEST(FakeEasyUnlockClientTest, IsEcP256KeyPair_PublicKeyInvalidFormat) {
+  ASSERT_FALSE(chromeos::FakeEasyUnlockClient::IsEcP256KeyPair(
+      "{\"ec_p256_private_key\": 12}",
+      "\"ec_p256_public_key\": 12"));
+}
+
+TEST(FakeEasyUnlockClientTest, IsEcP256KeyPair_PrivateKeyInvalidDictKey) {
+  ASSERT_FALSE(chromeos::FakeEasyUnlockClient::IsEcP256KeyPair(
+      "{\"invalid\": 12}",
+      "{\"ec_p256_public_key\": 12}"));
+}
+
+TEST(FakeEasyUnlockClientTest, IsEcP256KeyPair_PublicKeyInvalidDictKey) {
+  ASSERT_FALSE(chromeos::FakeEasyUnlockClient::IsEcP256KeyPair(
+      "{\"ec_p256_private_key\": 12}",
+      "{\"invalid\": 12}"));
+}
+
+TEST(FakeEasyUnlockClientTest, IsEcP256KeyPair_InvalidDictValues) {
+  ASSERT_FALSE(chromeos::FakeEasyUnlockClient::IsEcP256KeyPair(
+      "{\"ec_p256_private_key\": \"12\"}",
+      "{\"ec_p256_public_key\": \"12\"}"));
+}
+
+// Verifies the fake |PerformECDHKeyAgreement| method is symetric in respect to
+// key pairs from which private and public key used in the key agreement
+// originate.
+TEST(FakeEasyUnlockClientTest, ECDHKeyAgreementSuccess) {
+  chromeos::FakeEasyUnlockClient client;
+
+  // (Fake) key pairs used in the test to generate fake shared keys.
+  const std::string private_key_1 = "{\"ec_p256_private_key\": 32}";
+  const std::string public_key_1 = "{\"ec_p256_public_key\": 32}";
+
+  const std::string private_key_2 = "{\"ec_p256_private_key\": 352}";
+  const std::string public_key_2 = "{\"ec_p256_public_key\": 352}";
+
+  const std::string private_key_3 = "{\"ec_p256_private_key\": 432}";
+  const std::string public_key_3 = "{\"ec_p256_public_key\": 432}";
+
+  // Generate shared key for key pairs 1 and 2, using private key from the
+  // second key pair and public key from the first key pair.
+  std::string shared_key_1;
+  client.PerformECDHKeyAgreement(private_key_2,
+                                 public_key_1,
+                                 base::Bind(&RecordData, &shared_key_1));
+  EXPECT_FALSE(shared_key_1.empty());
+
+  // Generate shared key for key pairs 1 and 2, using private key from the
+  // first key pair and public key from the second key pair.
+  std::string shared_key_2;
+  client.PerformECDHKeyAgreement(private_key_1,
+                                 public_key_2,
+                                 base::Bind(&RecordData, &shared_key_2));
+  EXPECT_FALSE(shared_key_2.empty());
+
+  // The generated keys should be equal. They were generated using keys from
+  // the same key pairs, even though key pairs from which private and public key
+  // originate were switched.
+  EXPECT_EQ(shared_key_1, shared_key_2);
+
+  // Generate a key using key pairs 1 and 3.
+  std::string shared_key_3;
+  client.PerformECDHKeyAgreement(private_key_1,
+                                 public_key_3,
+                                 base::Bind(&RecordData, &shared_key_3));
+  EXPECT_FALSE(shared_key_3.empty());
+
+  // The new key should be different from the previously generated ones, since
+  // the used key pairs are different.
+  EXPECT_NE(shared_key_3, shared_key_1);
+  EXPECT_NE(shared_key_3, shared_key_1);
+}
+
+TEST(FakeEasyUnlockClientTest, ECDHKeyAgreementFailsIfKeyOrderSwitched) {
+  chromeos::FakeEasyUnlockClient client;
+
+  const std::string private_key = "{\"ec_p256_private_key\": 415}";
+  const std::string public_key = "{\"ec_p256_public_key\": 345}";
+
+  std::string shared_key;
+  client.PerformECDHKeyAgreement(public_key,
+                                 private_key,
+                                 base::Bind(&RecordData, &shared_key));
+  EXPECT_TRUE(shared_key.empty());
+}
+
+TEST(FakeEasyUnlockClientTest, ECDHKeyAgreementFailsIfKeyDictKeyInvalid) {
+  chromeos::FakeEasyUnlockClient client;
+
+  const std::string private_key = "{\"ec_p256_private_key_invalid\": 415}";
+  const std::string public_key = "{\"ec_p256_public_key_invalid\": 345}";
+
+  std::string shared_key;
+  client.PerformECDHKeyAgreement(private_key,
+                                 public_key,
+                                 base::Bind(&RecordData, &shared_key));
+  EXPECT_TRUE(shared_key.empty());
+}
+
+TEST(FakeEasyUnlockClientTest, ECDHKeyAgreementFailsIfKeyDictValueInvalid) {
+  chromeos::FakeEasyUnlockClient client;
+
+  const std::string private_key = "{\"ec_p256_private_key\": 415}";
+  const std::string public_key = "{\"ec_p256_public_key\": \"345__\"}";
+
+  std::string shared_key;
+  client.PerformECDHKeyAgreement(private_key,
+                                 public_key,
+                                 base::Bind(&RecordData, &shared_key));
+  EXPECT_TRUE(shared_key.empty());
+}
+
+TEST(FakeEasyUnlockClientTest, ECDHKeyAgreementFailsIfKeyFormatInvalid) {
+  chromeos::FakeEasyUnlockClient client;
+
+  const std::string private_key = "invalid";
+  const std::string public_key = "{\"ec_p256_public_key\": 345}";
+
+  std::string shared_key;
+  client.PerformECDHKeyAgreement(private_key,
+                                 public_key,
+                                 base::Bind(&RecordData, &shared_key));
+  EXPECT_TRUE(shared_key.empty());
+}
+
+TEST(FakeEasyUnlockClientTest, CreateSecureMessage) {
+  chromeos::FakeEasyUnlockClient client;
+
+  std::string message;
+  client.CreateSecureMessage(
+      "PAYLOAD",
+      "KEY",
+      "ASSOCIATED_DATA",
+      "PUBLIC_METADATA",
+      "VERIFICATION_KEY_ID",
+      "ENCRYPTION_TYPE",
+      "SIGNATURE_TYPE",
+      base::Bind(&RecordData, &message));
+
+  const std::string expected_message(
+      "{\"securemessage\": {"
+          "\"payload\": \"PAYLOAD\","
+          "\"key\": \"KEY\","
+          "\"associated_data\": \"ASSOCIATED_DATA\","
+          "\"public_metadata\": \"PUBLIC_METADATA\","
+          "\"verification_key_id\": \"VERIFICATION_KEY_ID\","
+          "\"encryption_type\": \"ENCRYPTION_TYPE\","
+          "\"signature_type\": \"SIGNATURE_TYPE\"}"
+      "}");
+  ASSERT_EQ(expected_message, message);
+}
+
+TEST(FakeEasyUnlockClientTest, UnwrapSecureMessage) {
+  chromeos::FakeEasyUnlockClient client;
+
+  std::string message;
+  client.UnwrapSecureMessage(
+      "MESSAGE",
+      "KEY",
+      "ASSOCIATED_DATA",
+      "ENCRYPTION_TYPE",
+      "SIGNATURE_TYPE",
+      base::Bind(&RecordData, &message));
+
+  const std::string expected_message(
+      "{\"unwrapped_securemessage\": {"
+          "\"message\": \"MESSAGE\","
+          "\"key\": \"KEY\","
+          "\"associated_data\": \"ASSOCIATED_DATA\","
+          "\"encryption_type\": \"ENCRYPTION_TYPE\","
+          "\"signature_type\": \"SIGNATURE_TYPE\"}"
+      "}");
+  ASSERT_EQ(expected_message, message);
+}
+
+}  // namespace
+