// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/os_crypt/sync/os_crypt.h" #include <string> #include <vector> #include "base/compiler_specific.h" #include "base/containers/span.h" #include "base/functional/bind.h" #include "base/strings/utf_string_conversions.h" #include "base/task/single_thread_task_runner.h" #include "base/threading/thread.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "components/os_crypt/sync/os_crypt_mocker.h" #include "testing/gtest/include/gtest/gtest.h" // TODO(crbug.com/40118868): Revisit the macro expression once build flag switch // of lacros-chrome is complete. #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_LACROS) #include "components/os_crypt/sync/os_crypt_mocker_linux.h" #endif #if BUILDFLAG(IS_WIN) #include "components/prefs/testing_pref_service.h" #include "crypto/random.h" #endif namespace { class OSCryptTest : public testing::Test { … }; TEST_F(OSCryptTest, String16EncryptionDecryption) { … } TEST_F(OSCryptTest, EncryptionDecryption) { … } TEST_F(OSCryptTest, CypherTextDiffers) { … } TEST_F(OSCryptTest, DecryptError) { … } class OSCryptConcurrencyTest : public testing::Test { … }; // Flaky on Win 7 (dbg) and win-asan, see https://crbug.com/1066699 #if BUILDFLAG(IS_WIN) #define MAYBE_ConcurrentInitialization … #else #define MAYBE_ConcurrentInitialization … #endif TEST_F(OSCryptConcurrencyTest, MAYBE_ConcurrentInitialization) { … } #if BUILDFLAG(IS_WIN) class OSCryptTestWin : public testing::Test { public: OSCryptTestWin() {} OSCryptTestWin(const OSCryptTestWin&) = delete; OSCryptTestWin& operator=(const OSCryptTestWin&) = delete; ~OSCryptTestWin() override { OSCryptMocker::ResetState(); } }; // This test verifies that the header of the data returned from CryptProtectData // never collides with the kEncryptionVersionPrefix ("v10") used in // os_crypt_win.cc. If this ever happened, we would not be able to distinguish // between data encrypted using the legacy DPAPI interface, and data that's been // encrypted with the new session key. // If this test ever breaks do not ignore it as it might result in data loss for // users. TEST_F(OSCryptTestWin, DPAPIHeader) { OSCryptMocker::SetLegacyEncryption(true); std::string plaintext(10, '\0'); crypto::RandBytes(base::as_writable_byte_span(plaintext)); std::string ciphertext; ASSERT_TRUE(OSCrypt::EncryptString(plaintext, &ciphertext)); using std::string_literals::operator""s; const std::string expected_header("\x01\x00\x00\x00"s); ASSERT_EQ(4U, expected_header.length()); ASSERT_TRUE(ciphertext.length() >= expected_header.length()); std::string dpapi_header = ciphertext.substr(0, expected_header.length()); EXPECT_EQ(expected_header, dpapi_header); } TEST_F(OSCryptTestWin, ReadOldData) { OSCryptMocker::SetLegacyEncryption(true); std::string plaintext = "secrets"; std::string legacy_ciphertext; ASSERT_TRUE(OSCrypt::EncryptString(plaintext, &legacy_ciphertext)); OSCryptMocker::SetLegacyEncryption(false); TestingPrefServiceSimple pref_service_simple; OSCrypt::RegisterLocalPrefs(pref_service_simple.registry()); ASSERT_TRUE(OSCrypt::Init(&pref_service_simple)); std::string decrypted; // Should be able to decrypt data encrypted with DPAPI. ASSERT_TRUE(OSCrypt::DecryptString(legacy_ciphertext, &decrypted)); EXPECT_EQ(plaintext, decrypted); // Should now encrypt same plaintext to get different ciphertext. std::string new_ciphertext; ASSERT_TRUE(OSCrypt::EncryptString(plaintext, &new_ciphertext)); // Should be different from DPAPI ciphertext. EXPECT_NE(legacy_ciphertext, new_ciphertext); // Decrypt new ciphertext to give original string. ASSERT_TRUE(OSCrypt::DecryptString(new_ciphertext, &decrypted)); EXPECT_EQ(plaintext, decrypted); } TEST_F(OSCryptTestWin, PrefsKeyTest) { TestingPrefServiceSimple first_prefs; OSCrypt::RegisterLocalPrefs(first_prefs.registry()); // Verify new random key can be generated. ASSERT_TRUE(OSCrypt::Init(&first_prefs)); std::string first_key = OSCrypt::GetRawEncryptionKey(); std::string plaintext = "secrets"; std::string ciphertext; ASSERT_TRUE(OSCrypt::EncryptString(plaintext, &ciphertext)); TestingPrefServiceSimple second_prefs; OSCrypt::RegisterLocalPrefs(second_prefs.registry()); OSCryptMocker::ResetState(); ASSERT_TRUE(OSCrypt::Init(&second_prefs)); std::string second_key = OSCrypt::GetRawEncryptionKey(); // Keys should be different since they are random. EXPECT_NE(first_key, second_key); std::string decrypted; // Cannot decrypt with the wrong key. EXPECT_FALSE(OSCrypt::DecryptString(ciphertext, &decrypted)); // Initialize OSCrypt from existing key. OSCryptMocker::ResetState(); OSCrypt::SetRawEncryptionKey(first_key); // Verify decryption works with first key. ASSERT_TRUE(OSCrypt::DecryptString(ciphertext, &decrypted)); EXPECT_EQ(plaintext, decrypted); // Initialize OSCrypt from existing prefs. OSCryptMocker::ResetState(); ASSERT_TRUE(OSCrypt::Init(&first_prefs)); // Verify decryption works with key from first prefs. ASSERT_TRUE(OSCrypt::DecryptString(ciphertext, &decrypted)); EXPECT_EQ(plaintext, decrypted); } // This test verifies that an existing key is re-encrypted if the pref // `os_crypt.audit_enabled` is not set, enabling the audit flag and setting the // data description `szDataDescr` on the data. TEST_F(OSCryptTestWin, AuditMigrationTest) { // Taken from os_crypt_win.cc. constexpr char kOsCryptEncryptedKeyPrefName[] = "os_crypt.encrypted_key"; constexpr char kOsCryptAuditEnabledPrefName[] = "os_crypt.audit_enabled"; TestingPrefServiceSimple prefs; OSCrypt::RegisterLocalPrefs(prefs.registry()); // Verify new random key can be generated. ASSERT_TRUE(OSCrypt::Init(&prefs)); EXPECT_TRUE(prefs.GetBoolean(kOsCryptAuditEnabledPrefName)); auto encrypted_key = prefs.GetString(kOsCryptEncryptedKeyPrefName); EXPECT_TRUE(!encrypted_key.empty()); // Clear state, and fake that the key does not have audit enabled for testing // by clearing the pref. OSCrypt::ResetStateForTesting(); prefs.ClearPref(kOsCryptAuditEnabledPrefName); // Init again with same pref store, this should cause the raw key to be // re-encrypted with audit enabled. ASSERT_TRUE(OSCrypt::Init(&prefs)); EXPECT_TRUE(prefs.GetBoolean(kOsCryptAuditEnabledPrefName)); auto encrypted_key2 = prefs.GetString(kOsCryptEncryptedKeyPrefName); EXPECT_TRUE(!encrypted_key2.empty()); // DPAPI guarantees that two identical data will encrypt to different values // since it uses a random 16-byte salt internally, so this check is used to // show that the re-encryption has occurred. EXPECT_NE(encrypted_key, encrypted_key2); // Clear state again, this time to test that the data only gets re-encrypted // once. OSCrypt::ResetStateForTesting(); ASSERT_TRUE(OSCrypt::Init(&prefs)); auto encrypted_key3 = prefs.GetString(kOsCryptEncryptedKeyPrefName); // This time, since the key has already been re-encrypted and re-encryption // only happens once, it will be left alone and the encrypted key data should // be identical. EXPECT_EQ(encrypted_key2, encrypted_key3); } #endif // BUILDFLAG(IS_WIN) } // namespace
Codebase Browser
chromium