PSM: Integrate PSM and Hash dance unit tests set

This CL add unit tests that tests all different scenarios for PSM + Hash dance. See go/cros-psm-client-unittests-coverage for an overview of the test cases for the different cases. BUG=chromium:1136866 Change-Id: Ia6a90617d33fdbc50cc8c1a9c06d214cb89f37e4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2529155Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Roland Bock <rbock@google.com> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Commit-Queue: Amr Aboelkher <amraboelkher@google.com> Cr-Commit-Position: refs/heads/master@{#826735}

PSM: Integrate PSM and Hash dance unit tests set
This CL add unit tests that tests all different scenarios for PSM + Hash dance. See go/cros-psm-client-unittests-coverage for an overview of the test cases for the different cases. BUG=chromium:1136866 Change-Id: Ia6a90617d33fdbc50cc8c1a9c06d214cb89f37e4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2529155Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Roland Bock <rbock@google.com> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Commit-Queue: Amr Aboelkher <amraboelkher@google.com> Cr-Commit-Position: refs/heads/master@{#826735}
b0e7c4e5 · Amr Aboelkher · Commit Bot · 00441b22 · b0e7c4e5
Commit b0e7c4e5 authored Nov 12, 2020 by Amr Aboelkher Committed by Commit Bot Nov 12, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 295 additions and 0 deletions

chrome/browser/chromeos/policy/auto_enrollment_client_impl_unittest.cc ...r/chromeos/policy/auto_enrollment_client_impl_unittest.cc +295 -0

No files found.
--- a/chrome/browser/chromeos/policy/auto_enrollment_client_impl_unittest.cc
+++ b/chrome/browser/chromeos/policy/auto_enrollment_client_impl_unittest.cc
@@ -1645,5 +1645,300 @@ INSTANTIATE_TEST_SUITE_P(
                         PrivateSetMembershipStatus::kEnabled)),
                     ::testing::Range(0,
                                      kNumberOfPrivateSetMembershipTestCases)));
+
+using PrivateSetMembershipHelperAndHashDanceTest =
+    PrivateSetMembershipHelperTest;
+
+TEST_P(PrivateSetMembershipHelperAndHashDanceTest,
+       PrivateSetMembershipRlweQueryFailedAndHashDanceSucceeded) {
+  InSequence sequence;
+
+  // Fail for private set membership RLWE query request.
+  ServerWillReplyWithPrivateSetMembershipOprfResponse();
+  ServerWillFailForPrivateSetMembership(net::OK, net::ERR_CONNECTION_CLOSED);
+
+  // Succeed for both DeviceAutoEnrollmentRequest and
+  // DeviceStateRetrievalRequest. And the result of DeviceAutoEnrollmentRequest
+  // is positive.
+  ServerWillReply(/*modulus=*/-1, /*with_hashes=*/true, /*with_id_hash=*/true);
+  ServerWillSendState(
+      "example.com",
+      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
+      kDisabledMessage, kWithLicense);
+
+  client()->Start();
+  base::RunLoop().RunUntilIdle();
+
+  // Verify failure of private set membership protocol.
+  EXPECT_EQ(GetStateDiscoveryResult(), StateDiscoveryResult::kFailure);
+  VerifyPrivateSetMembershipRlweQueryRequest();
+  VerifyPrivateSetMembershipLastRequestJobType();
+
+  // Verify Hash dance result.
+  VerifyCachedResult(true, kPowerLimit);
+
+  // Verify device state result.
+  EXPECT_EQ(auto_enrollment_job_type_,
+            DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT);
+  EXPECT_EQ(state_retrieval_job_type_, GetExpectedStateRetrievalJobType());
+  EXPECT_EQ(state_, AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT);
+  VerifyServerBackedState("example.com",
+                          kDeviceStateRestoreModeReEnrollmentEnforced,
+                          kDisabledMessage, kWithLicense);
+}
+
+TEST_P(PrivateSetMembershipHelperAndHashDanceTest,
+       PrivateSetMembershipRlweOprfFailedAndHashDanceSucceeded) {
+  InSequence sequence;
+
+  // Fail for private set membership RLWE OPRF request.
+  ServerWillFailForPrivateSetMembership(
+      net::OK, DeviceManagementService::kServiceUnavailable);
+
+  // Succeed for both DeviceAutoEnrollmentRequest and
+  // DeviceStateRetrievalRequest. And the result of DeviceAutoEnrollmentRequest
+  // is positive.
+  ServerWillReply(/*modulus=*/-1, /*with_hashes=*/true, /*with_id_hash=*/true);
+  ServerWillSendState(
+      "example.com",
+      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
+      kDisabledMessage, kWithLicense);
+
+  client()->Start();
+  base::RunLoop().RunUntilIdle();
+
+  // Verify failure of private set membership protocol.
+  EXPECT_EQ(GetStateDiscoveryResult(), StateDiscoveryResult::kFailure);
+  VerifyPrivateSetMembershipLastRequestJobType();
+
+  // Verify Hash dance result.
+  VerifyCachedResult(true, kPowerLimit);
+
+  // Verify device state result.
+  EXPECT_EQ(auto_enrollment_job_type_,
+            DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT);
+  EXPECT_EQ(state_retrieval_job_type_, GetExpectedStateRetrievalJobType());
+  EXPECT_EQ(state_, AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT);
+  VerifyServerBackedState("example.com",
+                          kDeviceStateRestoreModeReEnrollmentEnforced,
+                          kDisabledMessage, kWithLicense);
+}
+
+TEST_P(PrivateSetMembershipHelperAndHashDanceTest,
+       PrivateSetMembershipSucceedAndHashDanceSucceed) {
+  InSequence sequence;
+
+  // Succeed for both private set membership RLWE requests.
+  ServerWillReplyWithPrivateSetMembershipOprfResponse();
+  ServerWillReplyWithPrivateSetMembershipQueryResponse();
+
+  // Succeed for both DeviceAutoEnrollmentRequest and
+  // DeviceStateRetrievalRequest. And the result of DeviceAutoEnrollmentRequest
+  // is positive.
+  ServerWillReply(/*modulus=*/-1, /*with_hashes=*/true, /*with_id_hash=*/true);
+  ServerWillSendState(
+      "example.com",
+      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
+      kDisabledMessage, kWithLicense);
+
+  client()->Start();
+  base::RunLoop().RunUntilIdle();
+
+  // Verify private set membership result.
+  EXPECT_EQ(GetStateDiscoveryResult(),
+            GetExpectedMembershipResult()
+                ? StateDiscoveryResult::kSuccessHasServerSideState
+                : StateDiscoveryResult::kSuccessNoServerSideState);
+  VerifyPrivateSetMembershipRlweQueryRequest();
+  VerifyPrivateSetMembershipLastRequestJobType();
+
+  // Verify Hash dance result.
+  VerifyCachedResult(true, kPowerLimit);
+
+  // Verify device state result.
+  EXPECT_EQ(auto_enrollment_job_type_,
+            DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT);
+  EXPECT_EQ(state_retrieval_job_type_, GetExpectedStateRetrievalJobType());
+  EXPECT_EQ(state_, AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT);
+  VerifyServerBackedState("example.com",
+                          kDeviceStateRestoreModeReEnrollmentEnforced,
+                          kDisabledMessage, kWithLicense);
+}
+
+TEST_P(PrivateSetMembershipHelperAndHashDanceTest,
+       PrivateSetMembershipSucceedAndHashDanceSucceedForNoEnrollment) {
+  InSequence sequence;
+
+  // Succeed for both private set membership RLWE requests.
+  ServerWillReplyWithPrivateSetMembershipOprfResponse();
+  ServerWillReplyWithPrivateSetMembershipQueryResponse();
+
+  // Succeed with a negative result for DeviceAutoEnrollmentRequest i.e. Hash
+  // dance request.
+  ServerWillReply(/*modulus=*/-1, /*with_hashes=*/true, /*with_id_hash=*/false);
+
+  client()->Start();
+  base::RunLoop().RunUntilIdle();
+
+  // Verify private set membership result.
+  EXPECT_EQ(GetStateDiscoveryResult(),
+            GetExpectedMembershipResult()
+                ? StateDiscoveryResult::kSuccessHasServerSideState
+                : StateDiscoveryResult::kSuccessNoServerSideState);
+  VerifyPrivateSetMembershipRlweQueryRequest();
+  VerifyPrivateSetMembershipLastRequestJobType();
+
+  // Verify Hash dance result.
+  VerifyCachedResult(false, kPowerLimit);
+
+  // Verify that no enrollment has been done, and no state has been retrieved.
+  EXPECT_EQ(auto_enrollment_job_type_,
+            DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT);
+  EXPECT_EQ(state_, AUTO_ENROLLMENT_STATE_NO_ENROLLMENT);
+  EXPECT_FALSE(HasServerBackedState());
+}
+
+TEST_P(PrivateSetMembershipHelperAndHashDanceTest,
+       PrivateSetMembershipRlweOprfFailedAndHashDanceFailed) {
+  InSequence sequence;
+
+  // Fail for private set membership RLWE OPRF request.
+  ServerWillFailForPrivateSetMembership(
+      net::OK, DeviceManagementService::kServiceUnavailable);
+
+  // Fail for DeviceAutoEnrollmentRequest i.e. hash dance request.
+  ServerWillFail(net::OK, DeviceManagementService::kServiceUnavailable);
+
+  client()->Start();
+  base::RunLoop().RunUntilIdle();
+
+  // Verify failure of private set membership protocol.
+  EXPECT_EQ(GetStateDiscoveryResult(), StateDiscoveryResult::kFailure);
+  VerifyPrivateSetMembershipLastRequestJobType();
+
+  // Verify failure of Hash dance by inexistence of its cached decision.
+  EXPECT_FALSE(HasCachedDecision());
+
+  // Verify that no enrollment has been done, and no state has been retrieved.
+  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
+            failed_job_type_);
+  EXPECT_EQ(state_, AUTO_ENROLLMENT_STATE_SERVER_ERROR);
+  EXPECT_FALSE(HasServerBackedState());
+}
+
+TEST_P(PrivateSetMembershipHelperAndHashDanceTest,
+       RetryLogicAfterPrivateSetMembershipSucceededAndHashDanceSucceeded) {
+  InSequence sequence;
+
+  // Succeed for both private set membership RLWE requests.
+  ServerWillReplyWithPrivateSetMembershipOprfResponse();
+  ServerWillReplyWithPrivateSetMembershipQueryResponse();
+
+  // Succeed for both DeviceAutoEnrollmentRequest and
+  // DeviceStateRetrievalRequest. And the result of DeviceAutoEnrollmentRequest
+  // is positive.
+  ServerWillReply(/*modulus=*/-1, /*with_hashes=*/true, /*with_id_hash=*/true);
+  ServerWillSendState(
+      "example.com",
+      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
+      kDisabledMessage, kWithLicense);
+
+  client()->Start();
+  base::RunLoop().RunUntilIdle();
+
+  // Verify private set membership result.
+  const StateDiscoveryResult expected_psm_state_result =
+      GetExpectedMembershipResult()
+          ? StateDiscoveryResult::kSuccessHasServerSideState
+          : StateDiscoveryResult::kSuccessNoServerSideState;
+  EXPECT_EQ(GetStateDiscoveryResult(), expected_psm_state_result);
+
+  // Verify Hash dance result.
+  VerifyCachedResult(true, kPowerLimit);
+
+  // Verify device state result.
+  EXPECT_EQ(auto_enrollment_job_type_,
+            DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT);
+  EXPECT_EQ(state_retrieval_job_type_, GetExpectedStateRetrievalJobType());
+  EXPECT_EQ(state_, AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT);
+  VerifyServerBackedState("example.com",
+                          kDeviceStateRestoreModeReEnrollmentEnforced,
+                          kDisabledMessage, kWithLicense);
+
+  // Trigger AutoEnrollmentClientImpl retry.
+  client()->Retry();
+  base::RunLoop().RunUntilIdle();
+
+  // Verify that private set membership cached decision hasn't changed, and no
+  // new requests have been sent.
+  EXPECT_EQ(GetStateDiscoveryResult(), expected_psm_state_result);
+  VerifyPrivateSetMembershipRlweQueryRequest();
+  VerifyPrivateSetMembershipLastRequestJobType();
+
+  // Verify that Hash dance cached decision hasn't changed, and no new request
+  // has been sent.
+  VerifyCachedResult(true, kPowerLimit);
+  EXPECT_EQ(auto_enrollment_job_type_,
+            DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT);
+}
+
+TEST_P(PrivateSetMembershipHelperAndHashDanceTest,
+       RetryLogicAfterPrivateSetMembershipRlweOprfFailedAndHashDanceFailed) {
+  InSequence sequence;
+
+  // Fail for private set membership RLWE OPRF request.
+  ServerWillFailForPrivateSetMembership(
+      net::OK, DeviceManagementService::kServiceUnavailable);
+
+  // Fail for DeviceAutoEnrollmentRequest i.e. hash dance request.
+  ServerWillFail(net::OK, DeviceManagementService::kServiceUnavailable);
+
+  client()->Start();
+  base::RunLoop().RunUntilIdle();
+
+  // Verify failure of private set membership protocol.
+  const StateDiscoveryResult expected_psm_state_result =
+      StateDiscoveryResult::kFailure;
+  EXPECT_EQ(GetStateDiscoveryResult(), expected_psm_state_result);
+
+  // Verify failure of Hash dance by inexistence of its cached decision.
+  EXPECT_FALSE(HasCachedDecision());
+
+  // Verify that no enrollment has been done, and no state has been retrieved.
+  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
+            failed_job_type_);
+  EXPECT_EQ(state_, AUTO_ENROLLMENT_STATE_SERVER_ERROR);
+  EXPECT_FALSE(HasServerBackedState());
+
+  // Fail for DeviceAutoEnrollmentRequest i.e. hash dance request.
+  ServerWillFail(net::OK, DeviceManagementService::kServiceUnavailable);
+
+  // Trigger AutoEnrollmentClientImpl retry.
+  client()->Retry();
+  base::RunLoop().RunUntilIdle();
+
+  // Verify that private set membership cached decision hasn't changed, and no
+  // new requests have been sent.
+  EXPECT_EQ(GetStateDiscoveryResult(), expected_psm_state_result);
+  VerifyPrivateSetMembershipRlweOprfRequest();
+  VerifyPrivateSetMembershipLastRequestJobType();
+
+  // Verify inexistence of Hash dance cached decision, and its new request
+  // has failed again.
+  EXPECT_FALSE(HasCachedDecision());
+  EXPECT_EQ(auto_enrollment_job_type_,
+            DeviceManagementService::JobConfiguration::TYPE_INVALID);
+  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
+            failed_job_type_);
+}
+
+INSTANTIATE_TEST_SUITE_P(
+    PrivateSetMembershipAndHashDance,
+    PrivateSetMembershipHelperAndHashDanceTest,
+    testing::Combine(testing::Values(AutoEnrollmentClientImplTestState(
+                         AutoEnrollmentProtocol::kInitialEnrollment,
+                         PrivateSetMembershipStatus::kEnabled)),
+                     ::testing::Range(0,
+                                      kNumberOfPrivateSetMembershipTestCases)));
 }  // namespace
 }  // namespace policy