From a17a62ab89a227166c665a4da0391c02111152ae Mon Sep 17 00:00:00 2001 From: malets Date: Thu, 19 Feb 2015 00:23:29 -0800 Subject: Add one test for Cryptographer::InstallKeys Add a test which covers the case of exporting all the keys and installing them back to fully bootstrap another cryptographer. Review URL: https://codereview.chromium.org/896313002 Cr-Commit-Position: refs/heads/master@{#317008} --- sync/util/cryptographer_unittest.cc | 46 +++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'sync/util') diff --git a/sync/util/cryptographer_unittest.cc b/sync/util/cryptographer_unittest.cc index b1f7e6e..49d149c 100644 --- a/sync/util/cryptographer_unittest.cc +++ b/sync/util/cryptographer_unittest.cc @@ -258,4 +258,50 @@ TEST_F(CryptographerTest, CopyConstructor) { EXPECT_EQ(encrypted_c.key_name(), encrypted_k2.key_name()); } +// Test verifies that GetBootstrapToken/Bootstrap only transfers default +// key. Additional call to GetKeys/InstallKeys is needed to transfer keybag +// to decrypt messages encrypted with old keys. +TEST_F(CryptographerTest, GetKeysThenInstall) { + sync_pb::PasswordSpecificsData original; + original.set_origin("http://example.com"); + original.set_username_value("luser"); + original.set_password_value("p4ssw0rd"); + + // First, encrypt the same value using two different keys. + KeyParams params1 = {"localhost", "dummy", "dummy"}; + EXPECT_TRUE(cryptographer_.AddKey(params1)); + EXPECT_TRUE(cryptographer_.is_ready()); + + sync_pb::EncryptedData encrypted_k1; + EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted_k1)); + + KeyParams params2 = {"localhost", "dummy2", "dummy2"}; + EXPECT_TRUE(cryptographer_.AddKey(params2)); + EXPECT_TRUE(cryptographer_.is_ready()); + + sync_pb::EncryptedData encrypted_k2; + EXPECT_TRUE(cryptographer_.Encrypt(original, &encrypted_k2)); + + // Then construct second cryptographer and bootstrap it from the first one. + Cryptographer another_cryptographer(cryptographer_.encryptor()); + std::string bootstrap_token; + EXPECT_TRUE(cryptographer_.GetBootstrapToken(&bootstrap_token)); + another_cryptographer.Bootstrap(bootstrap_token); + + // Before key installation, the second cryptographer should only be able + // to decrypt using the last key. + EXPECT_FALSE(another_cryptographer.CanDecrypt(encrypted_k1)); + EXPECT_TRUE(another_cryptographer.CanDecrypt(encrypted_k2)); + + sync_pb::EncryptedData keys; + EXPECT_TRUE(cryptographer_.GetKeys(&keys)); + ASSERT_TRUE(another_cryptographer.CanDecrypt(keys)); + another_cryptographer.InstallKeys(keys); + + // Verify that bootstrapped cryptographer decrypts succesfully using + // all the keys after key installation. + EXPECT_TRUE(another_cryptographer.CanDecrypt(encrypted_k1)); + EXPECT_TRUE(another_cryptographer.CanDecrypt(encrypted_k2)); +} + } // namespace syncer -- cgit v1.1