cryptohome/homedirs_keyset_management_unittest.cc - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2020 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "cryptohome/homedirs.h"

 #include <set>
 #include <string>
 #include <vector>

 #include <base/files/file_path.h>
 #include <brillo/cryptohome.h>
 #include <brillo/secure_blob.h>
 #include <gmock/gmock.h>
 #include <gtest/gtest.h>

 #include "cryptohome/credentials.h"
 #include "cryptohome/crypto.h"
 #include "cryptohome/cryptolib.h"
 #include "cryptohome/mock_platform.h"
 #include "cryptohome/mock_tpm.h"
 #include "cryptohome/vault_keyset.h"

 using ::testing::_;
 using ::testing::ElementsAre;
 using ::testing::NiceMock;
 using ::testing::Return;

 namespace cryptohome {

 namespace {

 struct UserPassword {
   const char* name;
   const char* password;
 };

 constexpr char kUser0[] = "First User";
 constexpr char kUserPassword0[] = "user0_pass";

 constexpr char kPasswordLabel[] = "password";

 }  // namespace

 // TODO(dlunev): Remove kKeyFile extern declaration once we have it declared
 // in the proper place.
 extern const char kKeyFile[];

 class KeysetManagementTest : public ::testing::Test {
  public:
   KeysetManagementTest() : crypto_(&platform_) {}
   ~KeysetManagementTest() override {}

   // Not copyable or movable
   KeysetManagementTest(const KeysetManagementTest&) = delete;
   KeysetManagementTest& operator=(const KeysetManagementTest&) = delete;
   KeysetManagementTest(KeysetManagementTest&&) = delete;
   KeysetManagementTest& operator=(KeysetManagementTest&&) = delete;

   void SetUp() override {
     crypto_.set_tpm(&tpm_);
     crypto_.set_use_tpm(false);
     homedirs_.Init(&platform_, &crypto_, nullptr);

     ASSERT_TRUE(homedirs_.GetSystemSalt(&system_salt_));
     platform_.GetFake()->SetSystemSaltForLibbrillo(system_salt_);

     AddUser(kUser0, kUserPassword0);

     PrepareDirectoryStructure();
   }

   void TearDown() override {
     platform_.GetFake()->RemoveSystemSaltForLibbrillo();
   }

  protected:
   NiceMock<MockPlatform> platform_;
   NiceMock<MockTpm> tpm_;
   Crypto crypto_;
   HomeDirs homedirs_;
   brillo::SecureBlob system_salt_;

   struct UserInfo {
     std::string name;
     std::string obfuscated;
     brillo::SecureBlob passkey;
     Credentials credentials;
     base::FilePath homedir_path;
     base::FilePath user_path;
   };

   // Information about users' homedirs. The order of users is equal to kUsers.
   std::vector<UserInfo> users_;

   void AddUser(const char* name, const char* password) {
     std::string obfuscated =
         brillo::cryptohome::home::SanitizeUserNameWithSalt(name, system_salt_);
     brillo::SecureBlob passkey;
     cryptohome::Crypto::PasswordToPasskey(password, system_salt_, &passkey);
     Credentials credentials(name, passkey);
     KeyData key_data;
     key_data.set_label(kPasswordLabel);
     credentials.set_key_data(key_data);

     UserInfo info = {name,
                      obfuscated,
                      passkey,
                      credentials,
                      homedirs_.shadow_root().Append(obfuscated),
                      brillo::cryptohome::home::GetHashedUserPath(obfuscated)};
     users_.push_back(info);
   }

   void PrepareDirectoryStructure() {
     ASSERT_TRUE(platform_.CreateDirectory(homedirs_.shadow_root()));
     ASSERT_TRUE(platform_.CreateDirectory(
         brillo::cryptohome::home::GetUserPathPrefix()));
     // We only need the homedir path, not the vault/mount paths.
     for (const auto& user : users_) {
       ASSERT_TRUE(platform_.CreateDirectory(user.homedir_path));
     }
   }
 };

 // Successfully adds initial keyset
 TEST_F(KeysetManagementTest, AddInitialKeyset) {
   // No key setup to test addition of the first keyset.

   // TEST

   EXPECT_TRUE(homedirs_.AddInitialKeyset(users_[0].credentials));

   // VERIFY

   std::vector<int> indicies;
   EXPECT_TRUE(homedirs_.GetVaultKeysets(users_[0].obfuscated, &indicies));
   EXPECT_THAT(indicies, ElementsAre(0));

   VaultKeyset vk0;
   vk0.Initialize(&platform_, homedirs_.crypto());
   EXPECT_TRUE(homedirs_.GetValidKeyset(users_[0].credentials, &vk0,
                                        /* error */ nullptr));
   EXPECT_EQ(vk0.legacy_index(), 0);
   EXPECT_EQ(vk0.label(), users_[0].credentials.key_data().label());
   // Expect reset seed and chaps_key to be created.
   EXPECT_TRUE(vk0.serialized().has_wrapped_chaps_key());
   EXPECT_TRUE(vk0.serialized().has_wrapped_reset_seed());
 }

 }  // namespace cryptohome
	// Copyright 2020 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "cryptohome/homedirs.h"

	#include <set>
	#include <string>
	#include <vector>

	#include <base/files/file_path.h>
	#include <brillo/cryptohome.h>
	#include <brillo/secure_blob.h>
	#include <gmock/gmock.h>
	#include <gtest/gtest.h>

	#include "cryptohome/credentials.h"
	#include "cryptohome/crypto.h"
	#include "cryptohome/cryptolib.h"
	#include "cryptohome/mock_platform.h"
	#include "cryptohome/mock_tpm.h"
	#include "cryptohome/vault_keyset.h"

	using ::testing::_;
	using ::testing::ElementsAre;
	using ::testing::NiceMock;
	using ::testing::Return;

	namespace cryptohome {

	namespace {

	struct UserPassword {
	const char* name;
	const char* password;
	};

	constexpr char kUser0[] = "First User";
	constexpr char kUserPassword0[] = "user0_pass";

	constexpr char kPasswordLabel[] = "password";

	} // namespace

	// TODO(dlunev): Remove kKeyFile extern declaration once we have it declared
	// in the proper place.
	extern const char kKeyFile[];

	class KeysetManagementTest : public ::testing::Test {
	public:
	KeysetManagementTest() : crypto_(&platform_) {}
	~KeysetManagementTest() override {}

	// Not copyable or movable
	KeysetManagementTest(const KeysetManagementTest&) = delete;
	KeysetManagementTest& operator=(const KeysetManagementTest&) = delete;
	KeysetManagementTest(KeysetManagementTest&&) = delete;
	KeysetManagementTest& operator=(KeysetManagementTest&&) = delete;

	void SetUp() override {
	crypto_.set_tpm(&tpm_);
	crypto_.set_use_tpm(false);
	homedirs_.Init(&platform_, &crypto_, nullptr);

	ASSERT_TRUE(homedirs_.GetSystemSalt(&system_salt_));
	platform_.GetFake()->SetSystemSaltForLibbrillo(system_salt_);

	AddUser(kUser0, kUserPassword0);

	PrepareDirectoryStructure();
	}

	void TearDown() override {
	platform_.GetFake()->RemoveSystemSaltForLibbrillo();
	}

	protected:
	NiceMock<MockPlatform> platform_;
	NiceMock<MockTpm> tpm_;
	Crypto crypto_;
	HomeDirs homedirs_;
	brillo::SecureBlob system_salt_;

	struct UserInfo {
	std::string name;
	std::string obfuscated;
	brillo::SecureBlob passkey;
	Credentials credentials;
	base::FilePath homedir_path;
	base::FilePath user_path;
	};

	// Information about users' homedirs. The order of users is equal to kUsers.
	std::vector<UserInfo> users_;

	void AddUser(const char* name, const char* password) {
	std::string obfuscated =
	brillo::cryptohome::home::SanitizeUserNameWithSalt(name, system_salt_);
	brillo::SecureBlob passkey;
	cryptohome::Crypto::PasswordToPasskey(password, system_salt_, &passkey);
	Credentials credentials(name, passkey);
	KeyData key_data;
	key_data.set_label(kPasswordLabel);
	credentials.set_key_data(key_data);

	UserInfo info = {name,
	obfuscated,
	passkey,
	credentials,
	homedirs_.shadow_root().Append(obfuscated),
	brillo::cryptohome::home::GetHashedUserPath(obfuscated)};
	users_.push_back(info);
	}

	void PrepareDirectoryStructure() {
	ASSERT_TRUE(platform_.CreateDirectory(homedirs_.shadow_root()));
	ASSERT_TRUE(platform_.CreateDirectory(
	brillo::cryptohome::home::GetUserPathPrefix()));
	// We only need the homedir path, not the vault/mount paths.
	for (const auto& user : users_) {
	ASSERT_TRUE(platform_.CreateDirectory(user.homedir_path));
	}
	}
	};

	// Successfully adds initial keyset
	TEST_F(KeysetManagementTest, AddInitialKeyset) {
	// No key setup to test addition of the first keyset.

	// TEST

	EXPECT_TRUE(homedirs_.AddInitialKeyset(users_[0].credentials));

	// VERIFY

	std::vector<int> indicies;
	EXPECT_TRUE(homedirs_.GetVaultKeysets(users_[0].obfuscated, &indicies));
	EXPECT_THAT(indicies, ElementsAre(0));

	VaultKeyset vk0;
	vk0.Initialize(&platform_, homedirs_.crypto());
	EXPECT_TRUE(homedirs_.GetValidKeyset(users_[0].credentials, &vk0,
	/* error */ nullptr));
	EXPECT_EQ(vk0.legacy_index(), 0);
	EXPECT_EQ(vk0.label(), users_[0].credentials.key_data().label());
	// Expect reset seed and chaps_key to be created.
	EXPECT_TRUE(vk0.serialized().has_wrapped_chaps_key());
	EXPECT_TRUE(vk0.serialized().has_wrapped_reset_seed());
	}

	} // namespace cryptohome