chromium/third_party/google-closure-library/closure/goog/storage/encryptedstorage_test.js

/**
 * @license
 * Copyright The Closure Library Authors.
 * SPDX-License-Identifier: Apache-2.0
 */

goog.module('goog.storage.EncryptedStorageTest');
goog.setTestOnly();

const EncryptedStorage = goog.require('goog.storage.EncryptedStorage');
const ErrorCode = goog.require('goog.storage.ErrorCode');
const FakeMechanism = goog.require('goog.testing.storage.FakeMechanism');
const MockClock = goog.require('goog.testing.MockClock');
const PseudoRandom = goog.require('goog.testing.PseudoRandom');
const RichStorage = goog.require('goog.storage.RichStorage');
const collectableStorageTester = goog.require('goog.storage.collectableStorageTester');
const googJson = goog.require('goog.json');
const storageTester = goog.require('goog.storage.storageTester');
const testSuite = goog.require('goog.testing.testSuite');

function getEncryptedWrapper(storage, key) {
  return JSON.parse(storage.mechanism.get(storage.hashKeyWithSecret_(key)));
}

/** @suppress {visibility} suppression added to enable type checking */
function getEncryptedData(storage, key) {
  return getEncryptedWrapper(storage, key)[RichStorage.DATA_KEY];
}

/** @suppress {visibility} suppression added to enable type checking */
function decryptWrapper(storage, key, wrapper) {
  return JSON.parse(storage.decryptValue_(
      wrapper[EncryptedStorage.SALT_KEY], key, wrapper[RichStorage.DATA_KEY]));
}

function hammingDistance(a, b) {
  if (a.length != b.length) {
    throw new Error('Lengths must be the same for Hamming distance');
  }
  let distance = 0;
  for (let i = 0; i < a.length; ++i) {
    if (a.charAt(i) != b.charAt(i)) {
      ++distance;
    }
  }
  return distance;
}

testSuite({
  testBasicOperations() {
    const mechanism = new FakeMechanism();
    const storage = new EncryptedStorage(mechanism, 'secret');
    storageTester.runBasicTests(storage);
  },

  testExpiredKeyCollection() {
    const mechanism = new FakeMechanism();
    const clock = new MockClock(true);
    const storage = new EncryptedStorage(mechanism, 'secret');

    collectableStorageTester.runBasicTests(mechanism, clock, storage);
  },

  /** @suppress {visibility} suppression added to enable type checking */
  testEncryption() {
    const mechanism = new FakeMechanism();
    const clock = new MockClock(true);
    const storage = new EncryptedStorage(mechanism, 'secret');
    const mallory = new EncryptedStorage(mechanism, 'guess');

    // Simple Objects.
    storage.set('first', 'Hello world!');
    storage.set('second', ['one', 'two', 'three'], 1000);
    storage.set('third', {'a': 97, 'b': 98});

    // Wrong secret can't find keys.
    assertNull(mechanism.get('first'));
    assertNull(mechanism.get('second'));
    assertNull(mechanism.get('third'));
    assertUndefined(mallory.get('first'));
    assertUndefined(mallory.get('second'));
    assertUndefined(mallory.get('third'));

    // Wrong secret can't overwrite keys.
    mallory.set('first', 'Ho ho ho!');
    assertObjectEquals('Ho ho ho!', mallory.get('first'));
    assertObjectEquals('Hello world!', storage.get('first'));
    mallory.remove('first');

    // Correct key decrypts properly.
    assertObjectEquals('Hello world!', storage.get('first'));
    assertObjectEquals(['one', 'two', 'three'], storage.get('second'));
    assertObjectEquals({'a': 97, 'b': 98}, storage.get('third'));

    // Wrong secret can't decode values even if the key is revealed.
    const encryptedWrapper = getEncryptedWrapper(storage, 'first');
    assertObjectEquals(
        'Hello world!', decryptWrapper(storage, 'first', encryptedWrapper));
    assertThrows(() => {
      decryptWrapper(mallory, 'first', encryptedWrapper);
    });

    // If the value is overwritten, it can't be decrypted.
    /** @suppress {visibility} suppression added to enable type checking */
    encryptedWrapper[RichStorage.DATA_KEY] = 'kaboom';
    mechanism.set(
        storage.hashKeyWithSecret_('first'),
        googJson.serialize(encryptedWrapper));
    assertEquals(ErrorCode.DECRYPTION_ERROR, assertThrows(() => {
                   storage.get('first');
                 }));

    // Test garbage collection.
    storage.collect();
    assertNotNull(getEncryptedWrapper(storage, 'first'));
    assertObjectEquals(['one', 'two', 'three'], storage.get('second'));
    assertObjectEquals({'a': 97, 'b': 98}, storage.get('third'));
    clock.tick(2000);
    storage.collect();
    assertNotNull(getEncryptedWrapper(storage, 'first'));
    assertUndefined(storage.get('second'));
    assertObjectEquals({'a': 97, 'b': 98}, storage.get('third'));
    mechanism.set(storage.hashKeyWithSecret_('first'), '"kaboom"');
    storage.collect();
    assertNotNull(getEncryptedWrapper(storage, 'first'));
    assertObjectEquals({'a': 97, 'b': 98}, storage.get('third'));
    storage.collect(true);
    assertUndefined(storage.get('first'));
    assertObjectEquals({'a': 97, 'b': 98}, storage.get('third'));

    // Clean up.
    storage.remove('third');
    assertUndefined(storage.get('third'));
    clock.uninstall();
  },

  testSalting() {
    const mechanism = new FakeMechanism();
    const randomMock = new PseudoRandom(0, true);
    const storage = new EncryptedStorage(mechanism, 'secret');

    // Same value under two different keys should appear very different,
    // even with the same salt.
    storage.set('one', 'Hello world!');
    randomMock.seed(0);  // Reset the generator so we get the same salt.
    storage.set('two', 'Hello world!');
    const golden = getEncryptedData(storage, 'one');
    assertRoughlyEquals(
        'Ciphertext did not change with keys', golden.length,
        hammingDistance(golden, getEncryptedData(storage, 'two')), 2);

    // Same key-value pair written second time should appear very different.
    storage.set('one', 'Hello world!');
    assertRoughlyEquals(
        'Salting seems to have failed', golden.length,
        hammingDistance(golden, getEncryptedData(storage, 'one')), 2);

    // Clean up.
    storage.remove('1');
    storage.remove('2');
    randomMock.uninstall();
  },
});