chromium/chrome/browser/webauthn/android/cable_module_android_unittest.cc

// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/webauthn/android/cable_module_android.h"

#include "base/ranges/algorithm.h"
#include "components/prefs/testing_pref_service.h"
#include "testing/gtest/include/gtest/gtest.h"

namespace {

constexpr uint8_t kCBOR[] = {
    0xa6, 0x01, 0x58, 0x98, 0x63, 0x5f, 0x31, 0x48, 0x4f, 0x56, 0x39, 0x47,
    0x45, 0x33, 0x55, 0x3a, 0x41, 0x50, 0x41, 0x39, 0x31, 0x62, 0x48, 0x67,
    0x55, 0x67, 0x74, 0x70, 0x62, 0x33, 0x66, 0x73, 0x34, 0x47, 0x7a, 0x5a,
    0x36, 0x79, 0x62, 0x77, 0x69, 0x36, 0x38, 0x77, 0x4b, 0x75, 0x4f, 0x4d,
    0x79, 0x4b, 0x64, 0x35, 0x6d, 0x47, 0x53, 0x58, 0x4d, 0x73, 0x49, 0x66,
    0x70, 0x63, 0x67, 0x6a, 0x61, 0x4e, 0x5f, 0x66, 0x6f, 0x57, 0x61, 0x4e,
    0x30, 0x4d, 0x6c, 0x42, 0x4e, 0x35, 0x7a, 0x34, 0x67, 0x45, 0x46, 0x43,
    0x2d, 0x52, 0x6a, 0x57, 0x70, 0x34, 0x72, 0x4b, 0x46, 0x5a, 0x35, 0x32,
    0x65, 0x59, 0x48, 0x37, 0x36, 0x73, 0x54, 0x33, 0x37, 0x41, 0x66, 0x61,
    0x43, 0x78, 0x68, 0x72, 0x6d, 0x71, 0x65, 0x53, 0x4c, 0x34, 0x6f, 0x30,
    0x6a, 0x72, 0x4d, 0x61, 0x30, 0x78, 0x68, 0x47, 0x4e, 0x37, 0x37, 0x77,
    0x41, 0x71, 0x74, 0x39, 0x56, 0x4e, 0x55, 0x6b, 0x67, 0x4c, 0x31, 0x4e,
    0x55, 0x7a, 0x68, 0x5f, 0x77, 0x44, 0x4e, 0x4e, 0x74, 0x4f, 0x6f, 0x56,
    0x02, 0x48, 0x34, 0x4c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x58,
    0x20, 0xa2, 0xe2, 0x5e, 0x25, 0xdf, 0x51, 0xd8, 0x60, 0x83, 0x15, 0xe1,
    0x7f, 0xbf, 0xf0, 0x18, 0xf5, 0x6b, 0x2a, 0xa4, 0x80, 0x1b, 0xb3, 0xad,
    0x5d, 0x45, 0x38, 0x6b, 0xb2, 0x0f, 0x9c, 0xea, 0x8c, 0x04, 0x58, 0x41,
    0x04, 0x5b, 0xe6, 0x5b, 0x65, 0x4a, 0xd5, 0x6d, 0x2e, 0x26, 0x63, 0xf3,
    0x69, 0x62, 0xd0, 0x81, 0xd8, 0x79, 0x17, 0x6f, 0x58, 0xf5, 0xe1, 0xe1,
    0x5e, 0x76, 0x41, 0xa4, 0x00, 0xa2, 0x00, 0xae, 0x94, 0x9e, 0x53, 0x20,
    0xaa, 0x26, 0x08, 0xe4, 0xa7, 0xfa, 0xc3, 0xb0, 0x11, 0x22, 0x23, 0x79,
    0x3b, 0xd7, 0xd1, 0x93, 0x78, 0xbb, 0x25, 0x60, 0x79, 0x8a, 0xce, 0xc8,
    0xa6, 0xa7, 0xfd, 0xa9, 0x79, 0x05, 0x68, 0x50, 0x69, 0x78, 0x65, 0x6c,
    0x20, 0x36, 0x61, 0x19, 0x03, 0xe7, 0xf5,
};

}

TEST(CableModuleAndroidTest, PaaskInfoFromCBOR) {
  // This CBOR was captured from Play Services.
  std::optional<syncer::DeviceInfo::PhoneAsASecurityKeyInfo> result =
      webauthn::authenticator::internal::PaaskInfoFromCBOR(kCBOR);
  CHECK(result);

  constexpr uint8_t kExpectedPublicKey[] = {
      0x04, 0x5b, 0xe6, 0x5b, 0x65, 0x4a, 0xd5, 0x6d, 0x2e, 0x26, 0x63,
      0xf3, 0x69, 0x62, 0xd0, 0x81, 0xd8, 0x79, 0x17, 0x6f, 0x58, 0xf5,
      0xe1, 0xe1, 0x5e, 0x76, 0x41, 0xa4, 0x00, 0xa2, 0x00, 0xae, 0x94,
      0x9e, 0x53, 0x20, 0xaa, 0x26, 0x08, 0xe4, 0xa7, 0xfa, 0xc3, 0xb0,
      0x11, 0x22, 0x23, 0x79, 0x3b, 0xd7, 0xd1, 0x93, 0x78, 0xbb, 0x25,
      0x60, 0x79, 0x8a, 0xce, 0xc8, 0xa6, 0xa7, 0xfd, 0xa9, 0x79,
  };
  constexpr uint8_t kExpectedSecret[] = {
      0xa2, 0xe2, 0x5e, 0x25, 0xdf, 0x51, 0xd8, 0x60, 0x83, 0x15, 0xe1,
      0x7f, 0xbf, 0xf0, 0x18, 0xf5, 0x6b, 0x2a, 0xa4, 0x80, 0x1b, 0xb3,
      0xad, 0x5d, 0x45, 0x38, 0x6b, 0xb2, 0x0f, 0x9c, 0xea, 0x8c,
  };
  constexpr uint8_t kExpectedContactID[] = {
      0x63, 0x5f, 0x31, 0x48, 0x4f, 0x56, 0x39, 0x47, 0x45, 0x33, 0x55, 0x3a,
      0x41, 0x50, 0x41, 0x39, 0x31, 0x62, 0x48, 0x67, 0x55, 0x67, 0x74, 0x70,
      0x62, 0x33, 0x66, 0x73, 0x34, 0x47, 0x7a, 0x5a, 0x36, 0x79, 0x62, 0x77,
      0x69, 0x36, 0x38, 0x77, 0x4b, 0x75, 0x4f, 0x4d, 0x79, 0x4b, 0x64, 0x35,
      0x6d, 0x47, 0x53, 0x58, 0x4d, 0x73, 0x49, 0x66, 0x70, 0x63, 0x67, 0x6a,
      0x61, 0x4e, 0x5f, 0x66, 0x6f, 0x57, 0x61, 0x4e, 0x30, 0x4d, 0x6c, 0x42,
      0x4e, 0x35, 0x7a, 0x34, 0x67, 0x45, 0x46, 0x43, 0x2d, 0x52, 0x6a, 0x57,
      0x70, 0x34, 0x72, 0x4b, 0x46, 0x5a, 0x35, 0x32, 0x65, 0x59, 0x48, 0x37,
      0x36, 0x73, 0x54, 0x33, 0x37, 0x41, 0x66, 0x61, 0x43, 0x78, 0x68, 0x72,
      0x6d, 0x71, 0x65, 0x53, 0x4c, 0x34, 0x6f, 0x30, 0x6a, 0x72, 0x4d, 0x61,
      0x30, 0x78, 0x68, 0x47, 0x4e, 0x37, 0x37, 0x77, 0x41, 0x71, 0x74, 0x39,
      0x56, 0x4e, 0x55, 0x6b, 0x67, 0x4c, 0x31, 0x4e, 0x55, 0x7a, 0x68, 0x5f,
      0x77, 0x44, 0x4e, 0x4e, 0x74, 0x4f, 0x6f, 0x56,
  };

  EXPECT_EQ(result->tunnel_server_domain, 0);
  EXPECT_EQ(result->id, 19508u);
  EXPECT_TRUE(
      base::ranges::equal(result->peer_public_key_x962, kExpectedPublicKey));
  EXPECT_TRUE(base::ranges::equal(result->secret, kExpectedSecret));
  EXPECT_TRUE(base::ranges::equal(result->contact_id, kExpectedContactID));

  const std::vector<uint8_t> reserialized =
      webauthn::authenticator::internal::CBORFromPaaskInfo(*result);
  const std::optional<syncer::DeviceInfo::PhoneAsASecurityKeyInfo> result2 =
      webauthn::authenticator::internal::PaaskInfoFromCBOR(reserialized);
  CHECK(result2);
  EXPECT_EQ(result->tunnel_server_domain, result2->tunnel_server_domain);
  EXPECT_EQ(result->id, result2->id);
  EXPECT_TRUE(base::ranges::equal(result->peer_public_key_x962,
                                  result2->peer_public_key_x962));
  EXPECT_TRUE(base::ranges::equal(result->secret, result2->secret));
  EXPECT_TRUE(base::ranges::equal(result->contact_id, result2->contact_id));
}

TEST(CableModuleAndroidTest, Cache) {
  using webauthn::authenticator::internal::CacheResult;
  using NotReady = syncer::DeviceInfo::PhoneAsASecurityKeyInfo::NotReady;
  using NoSupport = syncer::DeviceInfo::PhoneAsASecurityKeyInfo::NoSupport;
  using PhoneAsASecurityKeyInfo = syncer::DeviceInfo::PhoneAsASecurityKeyInfo;

  TestingPrefServiceSimple dummy_prefs;
  webauthn::authenticator::RegisterLocalState(dummy_prefs.registry());
  syncer::DeviceInfo::PhoneAsASecurityKeyInfo::StatusOrInfo result;

  result = CacheResult(NotReady(), &dummy_prefs);
  EXPECT_TRUE(absl::get_if<NotReady>(&result));

  result = CacheResult(NoSupport(), &dummy_prefs);
  EXPECT_TRUE(absl::get_if<NoSupport>(&result));

  // The "NoSupport" state should have been cached.
  result = CacheResult(NotReady(), &dummy_prefs);
  EXPECT_TRUE(absl::get_if<NoSupport>(&result));

  std::optional<PhoneAsASecurityKeyInfo> paask_info =
      webauthn::authenticator::internal::PaaskInfoFromCBOR(kCBOR);
  CHECK(paask_info);
  result = CacheResult(*paask_info, &dummy_prefs);
  EXPECT_TRUE(absl::get_if<PhoneAsASecurityKeyInfo>(&result));

  // Now the `PhoneAsASecurityKeyInfo` should have been cached.
  result = CacheResult(NotReady(), &dummy_prefs);
  EXPECT_TRUE(absl::get_if<PhoneAsASecurityKeyInfo>(&result));

  // Corrupt data should be ignored.
  dummy_prefs.SetString("webauthn.authenticator_info", "AAAA");
  result = CacheResult(NotReady(), &dummy_prefs);
  EXPECT_TRUE(absl::get_if<NotReady>(&result));
}