oobe_config/rollback_openssl_encryption_test.cc - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2021 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "oobe_config/rollback_openssl_encryption.h"

 #include <base/optional.h>
 #include <brillo/secure_blob.h>
 #include <gtest/gtest.h>

 namespace {

 constexpr int kIvSize = 12;
 constexpr int kKeySize = 32;
 constexpr int kTagSize = 16;

 const brillo::SecureBlob kKey(kKeySize, 60);
 const brillo::SecureBlob kSensitiveData(859, 61);
 const brillo::Blob kData(857, 63);

 }  // namespace

 namespace oobe_config {

 TEST(RollbackOpenSslEncryptionTest, EncryptDecrypt) {
   base::Optional<EncryptedData> encrypted_data = Encrypt(kSensitiveData);
   ASSERT_TRUE(encrypted_data.has_value());

   // Make sure data was changed by encryption.
   auto first_mismatch =
       std::mismatch(std::begin(kSensitiveData), std::end(kSensitiveData),
                     std::begin(encrypted_data->data));
   ASSERT_FALSE(first_mismatch.first == std::end(kSensitiveData));

   base::Optional<brillo::SecureBlob> decrypted_data = Decrypt(*encrypted_data);
   ASSERT_TRUE(decrypted_data.has_value());
   ASSERT_EQ(kSensitiveData, *decrypted_data);
 }

 TEST(RollbackOpenSslEncryptionTest, EncryptDecryptWithWrongKey) {
   base::Optional<EncryptedData> encrypted_data = Encrypt(kSensitiveData);
   ASSERT_TRUE(encrypted_data.has_value());

   base::Optional<brillo::SecureBlob> decrypted_data =
       Decrypt({encrypted_data->data, kKey});
   ASSERT_FALSE(decrypted_data.has_value());
 }

 TEST(RollbackOpenSslEncryptionTest, DecryptModifyData) {
   base::Optional<EncryptedData> encrypted_data = Encrypt(kSensitiveData);
   ASSERT_TRUE(encrypted_data.has_value());
   encrypted_data->data[1]++;
   base::Optional<brillo::SecureBlob> decrypted_data =
       Decrypt(encrypted_data.value());
   ASSERT_FALSE(decrypted_data.has_value());
 }

 TEST(RollbackOpenSslEncryptionTest, DecryptModifyKey) {
   base::Optional<EncryptedData> encrypted_data = Encrypt(kSensitiveData);
   ASSERT_TRUE(encrypted_data.has_value());
   encrypted_data->key[1]++;
   base::Optional<brillo::SecureBlob> decrypted_data =
       Decrypt(encrypted_data.value());
   ASSERT_FALSE(decrypted_data.has_value());
 }

 TEST(RollbackOpenSslEncryptionTest, DecryptNonesense) {
   base::Optional<brillo::SecureBlob> decrypted_data = Decrypt({kData, kKey});
   ASSERT_FALSE(decrypted_data.has_value());
 }

 TEST(RollbackOpenSslEncryptionTest, EncryptedDataSize) {
   base::Optional<EncryptedData> encrypted_data = Encrypt(kSensitiveData);
   ASSERT_TRUE(encrypted_data.has_value());

   EXPECT_GE(encrypted_data->data.size(),
             kSensitiveData.size() + kTagSize + kIvSize);
   EXPECT_EQ(encrypted_data->key.size(), kKeySize);
 }

 }  // namespace oobe_config
	// Copyright 2021 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "oobe_config/rollback_openssl_encryption.h"

	#include <base/optional.h>
	#include <brillo/secure_blob.h>
	#include <gtest/gtest.h>

	namespace {

	constexpr int kIvSize = 12;
	constexpr int kKeySize = 32;
	constexpr int kTagSize = 16;

	const brillo::SecureBlob kKey(kKeySize, 60);
	const brillo::SecureBlob kSensitiveData(859, 61);
	const brillo::Blob kData(857, 63);

	} // namespace

	namespace oobe_config {

	TEST(RollbackOpenSslEncryptionTest, EncryptDecrypt) {
	base::Optional<EncryptedData> encrypted_data = Encrypt(kSensitiveData);
	ASSERT_TRUE(encrypted_data.has_value());

	// Make sure data was changed by encryption.
	auto first_mismatch =
	std::mismatch(std::begin(kSensitiveData), std::end(kSensitiveData),
	std::begin(encrypted_data->data));
	ASSERT_FALSE(first_mismatch.first == std::end(kSensitiveData));

	base::Optional<brillo::SecureBlob> decrypted_data = Decrypt(*encrypted_data);
	ASSERT_TRUE(decrypted_data.has_value());
	ASSERT_EQ(kSensitiveData, *decrypted_data);
	}

	TEST(RollbackOpenSslEncryptionTest, EncryptDecryptWithWrongKey) {
	base::Optional<EncryptedData> encrypted_data = Encrypt(kSensitiveData);
	ASSERT_TRUE(encrypted_data.has_value());

	base::Optional<brillo::SecureBlob> decrypted_data =
	Decrypt({encrypted_data->data, kKey});
	ASSERT_FALSE(decrypted_data.has_value());
	}

	TEST(RollbackOpenSslEncryptionTest, DecryptModifyData) {
	base::Optional<EncryptedData> encrypted_data = Encrypt(kSensitiveData);
	ASSERT_TRUE(encrypted_data.has_value());
	encrypted_data->data[1]++;
	base::Optional<brillo::SecureBlob> decrypted_data =
	Decrypt(encrypted_data.value());
	ASSERT_FALSE(decrypted_data.has_value());
	}

	TEST(RollbackOpenSslEncryptionTest, DecryptModifyKey) {
	base::Optional<EncryptedData> encrypted_data = Encrypt(kSensitiveData);
	ASSERT_TRUE(encrypted_data.has_value());
	encrypted_data->key[1]++;
	base::Optional<brillo::SecureBlob> decrypted_data =
	Decrypt(encrypted_data.value());
	ASSERT_FALSE(decrypted_data.has_value());
	}

	TEST(RollbackOpenSslEncryptionTest, DecryptNonesense) {
	base::Optional<brillo::SecureBlob> decrypted_data = Decrypt({kData, kKey});
	ASSERT_FALSE(decrypted_data.has_value());
	}

	TEST(RollbackOpenSslEncryptionTest, EncryptedDataSize) {
	base::Optional<EncryptedData> encrypted_data = Encrypt(kSensitiveData);
	ASSERT_TRUE(encrypted_data.has_value());

	EXPECT_GE(encrypted_data->data.size(),
	kSensitiveData.size() + kTagSize + kIvSize);
	EXPECT_EQ(encrypted_data->key.size(), kKeySize);
	}

	} // namespace oobe_config