components/proximity_auth/device_to_device_secure_context_unittest.cc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "components/proximity_auth/device_to_device_secure_context.h"

#include "base/bind.h"
#include "base/memory/scoped_ptr.h"
#include "components/proximity_auth/cryptauth/fake_secure_message_delegate.h"
#include "components/proximity_auth/cryptauth/proto/cryptauth_api.pb.h"
#include "components/proximity_auth/cryptauth/proto/securemessage.pb.h"
#include "testing/gtest/include/gtest/gtest.h"

namespace proximity_auth {

namespace {

const char kSymmetricKey[] = "symmetric key";
const char kResponderAuthMessage[] = "responder_auth_message";
const SecureContext::ProtocolVersion kProtocolVersion =
    SecureContext::PROTOCOL_VERSION_THREE_ONE;

// Callback saving |result| to |result_out|.
void SaveResult(std::string* result_out, const std::string& result) {
  *result_out = result;
}

}  // namespace

class ProximityAuthDeviceToDeviceSecureContextTest : public testing::Test {
 protected:
  ProximityAuthDeviceToDeviceSecureContextTest()
      : secure_context_(make_scoped_ptr(new FakeSecureMessageDelegate()),
                        kSymmetricKey,
                        kResponderAuthMessage,
                        kProtocolVersion) {}

  DeviceToDeviceSecureContext secure_context_;
};

TEST_F(ProximityAuthDeviceToDeviceSecureContextTest, GetProperties) {
  EXPECT_EQ(kResponderAuthMessage, secure_context_.GetChannelBindingData());
  EXPECT_EQ(kProtocolVersion, secure_context_.GetProtocolVersion());
}

TEST_F(ProximityAuthDeviceToDeviceSecureContextTest, CheckEncodedHeader) {
  std::string message = "encrypt this message";
  std::string encoded_message;
  secure_context_.Encode(message, base::Bind(&SaveResult, &encoded_message));

  securemessage::SecureMessage secure_message;
  ASSERT_TRUE(secure_message.ParseFromString(encoded_message));
  securemessage::HeaderAndBody header_and_body;
  ASSERT_TRUE(
      header_and_body.ParseFromString(secure_message.header_and_body()));

  cryptauth::GcmMetadata gcm_metadata;
  ASSERT_TRUE(
      gcm_metadata.ParseFromString(header_and_body.header().public_metadata()));
  EXPECT_EQ(1, gcm_metadata.version());
  EXPECT_EQ(cryptauth::DEVICE_TO_DEVICE_MESSAGE, gcm_metadata.type());
}

TEST_F(ProximityAuthDeviceToDeviceSecureContextTest, DecodeInvalidMessage) {
  std::string encoded_message = "invalidly encoded message";
  std::string decoded_message = "not empty";
  secure_context_.Decode(encoded_message,
                         base::Bind(&SaveResult, &decoded_message));
  EXPECT_TRUE(decoded_message.empty());
}

TEST_F(ProximityAuthDeviceToDeviceSecureContextTest, EncodeAndDecode) {
  // Initialize second secure channel with the same parameters as the first.
  DeviceToDeviceSecureContext secure_context2(
      make_scoped_ptr(new FakeSecureMessageDelegate()), kSymmetricKey,
      kResponderAuthMessage, kProtocolVersion);
  std::string message = "encrypt this message";

  // Pass some messages between the two secure contexts.
  for (int i = 0; i < 3; ++i) {
    std::string encoded_message;
    secure_context_.Encode(message, base::Bind(&SaveResult, &encoded_message));
    EXPECT_NE(message, encoded_message);

    std::string decoded_message;
    secure_context2.Decode(encoded_message,
                           base::Bind(&SaveResult, &decoded_message));
    EXPECT_EQ(message, decoded_message);
  }
}

TEST_F(ProximityAuthDeviceToDeviceSecureContextTest,
       DecodeInvalidSequenceNumber) {
  // Initialize second secure channel with the same parameters as the first.
  DeviceToDeviceSecureContext secure_context2(
      make_scoped_ptr(new FakeSecureMessageDelegate()), kSymmetricKey,
      kResponderAuthMessage, kProtocolVersion);

  // Send a few messages over the first secure context.
  std::string message = "encrypt this message";
  std::string encoded1;
  for (int i = 0; i < 3; ++i) {
    secure_context_.Encode(message, base::Bind(&SaveResult, &encoded1));
  }

  // Second secure channel should not decode the message with an invalid
  // sequence number.
  std::string decoded_message = "not empty";
  secure_context_.Decode(encoded1, base::Bind(&SaveResult, &decoded_message));
  EXPECT_TRUE(decoded_message.empty());
}

}  // proximity_auth