cryptohome/auth_input_utils_unittest.cc - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2022 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "cryptohome/auth_input_utils.h"

 #include <optional>

 #include <brillo/secure_blob.h>
 #include <cryptohome/proto_bindings/auth_factor.pb.h>
 #include <gtest/gtest.h>

 #include "cryptohome/key_objects.h"

 using brillo::SecureBlob;

 namespace cryptohome {

 namespace {

 constexpr char kObfuscatedUsername[] = "fake-user@example.org";

 }  // namespace

 // Test the conversion from the password AuthInput proto into the cryptohome
 // struct.
 TEST(AuthInputUtils, CreateAuthInputPassword) {
   constexpr char kPassword[] = "fake-password";

   user_data_auth::AuthInput proto;
   proto.mutable_password_input()->set_secret(kPassword);

   std::optional<AuthInput> auth_input = CreateAuthInput(
       proto, kObfuscatedUsername, /*locked_to_single_user=*/false,
       /*cryptohome_recovery_ephemeral_pub_key=*/std::nullopt);
   ASSERT_TRUE(auth_input.has_value());
   EXPECT_EQ(auth_input.value().user_input, SecureBlob(kPassword));
   EXPECT_EQ(auth_input.value().obfuscated_username, kObfuscatedUsername);
   EXPECT_EQ(auth_input.value().locked_to_single_user, false);
 }

 // Test the conversion from the password AuthInput proto into the cryptohome
 // struct, with the locked_to_single_user flag set.
 TEST(AuthInputUtils, CreateAuthInputPasswordLocked) {
   constexpr char kPassword[] = "fake-password";

   user_data_auth::AuthInput proto;
   proto.mutable_password_input()->set_secret(kPassword);

   std::optional<AuthInput> auth_input = CreateAuthInput(
       proto, kObfuscatedUsername, /*locked_to_single_user=*/true,
       /*cryptohome_recovery_ephemeral_pub_key=*/std::nullopt);
   ASSERT_TRUE(auth_input.has_value());
   EXPECT_EQ(auth_input.value().user_input, SecureBlob(kPassword));
   EXPECT_EQ(auth_input.value().obfuscated_username, kObfuscatedUsername);
   EXPECT_EQ(auth_input.value().locked_to_single_user, true);
 }

 // Test the conversion from an empty AuthInput proto fails.
 TEST(AuthInputUtils, CreateAuthInputErrorEmpty) {
   user_data_auth::AuthInput proto;

   std::optional<AuthInput> auth_input = CreateAuthInput(
       proto, kObfuscatedUsername, /*locked_to_single_user=*/false,
       /*cryptohome_recovery_ephemeral_pub_key=*/std::nullopt);
   EXPECT_FALSE(auth_input.has_value());
 }

 TEST(AuthInputUtils, CreateAuthInputRecoveryCreate) {
   constexpr char kMediatorPubKey[] = "fake_mediator_pub_key";

   user_data_auth::AuthInput proto;
   proto.mutable_cryptohome_recovery_input()->set_mediator_pub_key(
       kMediatorPubKey);

   std::optional<AuthInput> auth_input = CreateAuthInput(
       proto, kObfuscatedUsername, /*locked_to_single_user=*/true,
       /*cryptohome_recovery_ephemeral_pub_key=*/std::nullopt);
   ASSERT_TRUE(auth_input.has_value());
   ASSERT_TRUE(auth_input.value().cryptohome_recovery_auth_input.has_value());
   EXPECT_EQ(auth_input.value()
                 .cryptohome_recovery_auth_input.value()
                 .mediator_pub_key,
             SecureBlob(kMediatorPubKey));
 }

 TEST(AuthInputUtils, CreateAuthInputRecoveryDerive) {
   constexpr char kEpochResponse[] = "fake_epoch_response";
   constexpr char kRecoveryResponse[] = "fake_recovery_response";
   SecureBlob ephemeral_pub_key = SecureBlob("fake_ephemeral_pub_key");

   user_data_auth::AuthInput proto;
   proto.mutable_cryptohome_recovery_input()->set_epoch_response(kEpochResponse);
   proto.mutable_cryptohome_recovery_input()->set_recovery_response(
       kRecoveryResponse);

   std::optional<AuthInput> auth_input =
       CreateAuthInput(proto, kObfuscatedUsername,
                       /*locked_to_single_user=*/true, ephemeral_pub_key);
   ASSERT_TRUE(auth_input.has_value());
   ASSERT_TRUE(auth_input.value().cryptohome_recovery_auth_input.has_value());
   EXPECT_EQ(
       auth_input.value().cryptohome_recovery_auth_input.value().epoch_response,
       SecureBlob(kEpochResponse));
   EXPECT_EQ(auth_input.value()
                 .cryptohome_recovery_auth_input.value()
                 .recovery_response,
             SecureBlob(kRecoveryResponse));
   EXPECT_EQ(auth_input.value()
                 .cryptohome_recovery_auth_input.value()
                 .ephemeral_pub_key,
             ephemeral_pub_key);
 }

 }  // namespace cryptohome
	// Copyright 2022 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "cryptohome/auth_input_utils.h"

	#include <optional>

	#include <brillo/secure_blob.h>
	#include <cryptohome/proto_bindings/auth_factor.pb.h>
	#include <gtest/gtest.h>

	#include "cryptohome/key_objects.h"

	using brillo::SecureBlob;

	namespace cryptohome {

	namespace {

	constexpr char kObfuscatedUsername[] = "fake-user@example.org";

	} // namespace

	// Test the conversion from the password AuthInput proto into the cryptohome
	// struct.
	TEST(AuthInputUtils, CreateAuthInputPassword) {
	constexpr char kPassword[] = "fake-password";

	user_data_auth::AuthInput proto;
	proto.mutable_password_input()->set_secret(kPassword);

	std::optional<AuthInput> auth_input = CreateAuthInput(
	proto, kObfuscatedUsername, /locked_to_single_user=/false,
	/cryptohome_recovery_ephemeral_pub_key=/std::nullopt);
	ASSERT_TRUE(auth_input.has_value());
	EXPECT_EQ(auth_input.value().user_input, SecureBlob(kPassword));
	EXPECT_EQ(auth_input.value().obfuscated_username, kObfuscatedUsername);
	EXPECT_EQ(auth_input.value().locked_to_single_user, false);
	}

	// Test the conversion from the password AuthInput proto into the cryptohome
	// struct, with the locked_to_single_user flag set.
	TEST(AuthInputUtils, CreateAuthInputPasswordLocked) {
	constexpr char kPassword[] = "fake-password";

	user_data_auth::AuthInput proto;
	proto.mutable_password_input()->set_secret(kPassword);

	std::optional<AuthInput> auth_input = CreateAuthInput(
	proto, kObfuscatedUsername, /locked_to_single_user=/true,
	/cryptohome_recovery_ephemeral_pub_key=/std::nullopt);
	ASSERT_TRUE(auth_input.has_value());
	EXPECT_EQ(auth_input.value().user_input, SecureBlob(kPassword));
	EXPECT_EQ(auth_input.value().obfuscated_username, kObfuscatedUsername);
	EXPECT_EQ(auth_input.value().locked_to_single_user, true);
	}

	// Test the conversion from an empty AuthInput proto fails.
	TEST(AuthInputUtils, CreateAuthInputErrorEmpty) {
	user_data_auth::AuthInput proto;

	std::optional<AuthInput> auth_input = CreateAuthInput(
	proto, kObfuscatedUsername, /locked_to_single_user=/false,
	/cryptohome_recovery_ephemeral_pub_key=/std::nullopt);
	EXPECT_FALSE(auth_input.has_value());
	}

	TEST(AuthInputUtils, CreateAuthInputRecoveryCreate) {
	constexpr char kMediatorPubKey[] = "fake_mediator_pub_key";

	user_data_auth::AuthInput proto;
	proto.mutable_cryptohome_recovery_input()->set_mediator_pub_key(
	kMediatorPubKey);

	std::optional<AuthInput> auth_input = CreateAuthInput(
	proto, kObfuscatedUsername, /locked_to_single_user=/true,
	/cryptohome_recovery_ephemeral_pub_key=/std::nullopt);
	ASSERT_TRUE(auth_input.has_value());
	ASSERT_TRUE(auth_input.value().cryptohome_recovery_auth_input.has_value());
	EXPECT_EQ(auth_input.value()
	.cryptohome_recovery_auth_input.value()
	.mediator_pub_key,
	SecureBlob(kMediatorPubKey));
	}

	TEST(AuthInputUtils, CreateAuthInputRecoveryDerive) {
	constexpr char kEpochResponse[] = "fake_epoch_response";
	constexpr char kRecoveryResponse[] = "fake_recovery_response";
	SecureBlob ephemeral_pub_key = SecureBlob("fake_ephemeral_pub_key");

	user_data_auth::AuthInput proto;
	proto.mutable_cryptohome_recovery_input()->set_epoch_response(kEpochResponse);
	proto.mutable_cryptohome_recovery_input()->set_recovery_response(
	kRecoveryResponse);

	std::optional<AuthInput> auth_input =
	CreateAuthInput(proto, kObfuscatedUsername,
	/locked_to_single_user=/true, ephemeral_pub_key);
	ASSERT_TRUE(auth_input.has_value());
	ASSERT_TRUE(auth_input.value().cryptohome_recovery_auth_input.has_value());
	EXPECT_EQ(
	auth_input.value().cryptohome_recovery_auth_input.value().epoch_response,
	SecureBlob(kEpochResponse));
	EXPECT_EQ(auth_input.value()
	.cryptohome_recovery_auth_input.value()
	.recovery_response,
	SecureBlob(kRecoveryResponse));
	EXPECT_EQ(auth_input.value()
	.cryptohome_recovery_auth_input.value()
	.ephemeral_pub_key,
	ephemeral_pub_key);
	}

	} // namespace cryptohome