search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Delay creating easy signin TPM keys until TPM is initialized
[chromium-blink-merge.git] / chrome / browser / chromeos / login / easy_unlock / easy_unlock_tpm_key_manager_unittest.cc
blob9747b0fcf4541a09e82c0a6ca15d26f0b16c0f53
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <cryptohi.h>
6
7 #include "base/base64.h"
8 #include "base/macros.h"
9 #include "base/message_loop/message_loop.h"
10 #include "base/prefs/scoped_user_pref_update.h"
11 #include "base/prefs/testing_pref_service.h"
12 #include "base/run_loop.h"
13 #include "base/strings/utf_string_conversions.h"
14 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.h"
15 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager_factory.h"
16 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
17 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h"
18 #include "chrome/browser/prefs/browser_prefs.h"
19 #include "chrome/common/chrome_constants.h"
20 #include "chrome/common/pref_names.h"
21 #include "chrome/test/base/scoped_testing_local_state.h"
22 #include "chrome/test/base/testing_browser_process.h"
23 #include "chrome/test/base/testing_pref_service_syncable.h"
24 #include "chrome/test/base/testing_profile.h"
25 #include "chrome/test/base/testing_profile_manager.h"
26 #include "content/public/browser/browser_thread.h"
27 #include "content/public/test/test_browser_thread_bundle.h"
28 #include "crypto/scoped_test_nss_chromeos_user.h"
29 #include "crypto/scoped_test_system_nss_key_slot.h"
30 #include "testing/gtest/include/gtest/gtest.h"
31
32 namespace {
33
34 // User that is associated with test user profile.
35 const char kTestUserId[] = "user_id@somewhere.com";
36
37 // Public part of the RSA key pair used as the RSA key pair associated with
38 // test user's Easy Unlock service.
39 const char kTestPublicKey[] = {
40 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
41 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
42 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xcb, 0x5a, 0x8d,
43 0x34, 0xa2, 0xe3, 0x43, 0x16, 0x94, 0x8d, 0xce, 0xa9, 0x92, 0xb0, 0x35,
44 0x5a, 0x34, 0x50, 0xd4, 0x7f, 0x14, 0x1f, 0xa3, 0x8e, 0x48, 0x2c, 0x42,
45 0xe8, 0xe4, 0xf6, 0x38, 0x5a, 0xdf, 0x08, 0x6b, 0x0e, 0x78, 0xc9, 0xfc,
46 0x72, 0x03, 0xb8, 0xd2, 0x75, 0x1d, 0x56, 0x8f, 0x6d, 0x8d, 0xe2, 0x65,
47 0x3b, 0x66, 0xbb, 0x66, 0xe3, 0x3a, 0x00, 0xc1, 0x4a, 0xe2, 0xf2, 0xc8,
48 0x2d, 0x95, 0x74, 0x5b, 0x65, 0xaa, 0xfd, 0xe1, 0x11, 0xf9, 0x9e, 0x73,
49 0x3d, 0x96, 0xb5, 0xae, 0x19, 0x03, 0x74, 0x0f, 0xfa, 0xbd, 0x52, 0x72,
50 0x83, 0x08, 0x1e, 0x53, 0x08, 0x30, 0xb6, 0xd3, 0xef, 0x4b, 0x2d, 0x65,
51 0x3c, 0x7d, 0xba, 0x55, 0xfe, 0x7d, 0x1c, 0xc5, 0xf1, 0x4e, 0x9c, 0xae,
52 0x27, 0xe2, 0x1b, 0x42, 0x2c, 0xd9, 0x6a, 0x81, 0x6c, 0x51, 0x2d, 0x7b,
53 0x7d, 0x28, 0xe3, 0xab, 0xaf, 0x30, 0x33, 0xd1, 0x46, 0xd1, 0xbe, 0x62,
54 0x2e, 0xd5, 0xfd, 0x32, 0x68, 0xb6, 0xe2, 0x95, 0x59, 0x6e, 0x69, 0xe9,
55 0x9c, 0x24, 0xf7, 0x71, 0xde, 0x5f, 0xd5, 0xc5, 0x8a, 0x71, 0xb3, 0x65,
56 0x77, 0xf9, 0x29, 0xf3, 0xce, 0x0a, 0x00, 0xca, 0xd7, 0xf9, 0x2e, 0x45,
57 0x04, 0xb5, 0x68, 0x1f, 0xfe, 0x4e, 0xac, 0xdd, 0xaa, 0xc5, 0x24, 0x6e,
58 0xec, 0x63, 0x36, 0x5f, 0xb9, 0x94, 0x0c, 0x7c, 0xf3, 0xcf, 0xa9, 0x44,
59 0x80, 0x99, 0x13, 0x89, 0x68, 0xbc, 0x6c, 0xfb, 0xe7, 0x2c, 0x94, 0x2e,
60 0x99, 0x31, 0xf1, 0x02, 0xd7, 0x27, 0xaf, 0xae, 0x69, 0xa9, 0x95, 0xd5,
61 0xf2, 0x6a, 0x6c, 0x46, 0x95, 0xdb, 0x30, 0xc9, 0x9f, 0xbe, 0xa0, 0x71,
62 0xc9, 0x74, 0xfb, 0xbb, 0x0a, 0x8b, 0xa1, 0x7c, 0x1a, 0xdf, 0xa3, 0xb2,
63 0x18, 0x29, 0xe5, 0xf6, 0x94, 0x9f, 0xa3, 0x50, 0x11, 0x4b, 0xfe, 0x05,
64 0xcb, 0x02, 0x03, 0x01, 0x00, 0x01
65 };
66
67 // Private part of the RSA key pair used as the RSA key pair associated with
68 // test user's Easy Unlock service.
69 const unsigned char kTestPrivateKey[] = {
70 0x30, 0x82, 0x04, 0xbf, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
71 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
72 0x04, 0xa9, 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
73 0x01, 0x00, 0xcb, 0x5a, 0x8d, 0x34, 0xa2, 0xe3, 0x43, 0x16, 0x94, 0x8d,
74 0xce, 0xa9, 0x92, 0xb0, 0x35, 0x5a, 0x34, 0x50, 0xd4, 0x7f, 0x14, 0x1f,
75 0xa3, 0x8e, 0x48, 0x2c, 0x42, 0xe8, 0xe4, 0xf6, 0x38, 0x5a, 0xdf, 0x08,
76 0x6b, 0x0e, 0x78, 0xc9, 0xfc, 0x72, 0x03, 0xb8, 0xd2, 0x75, 0x1d, 0x56,
77 0x8f, 0x6d, 0x8d, 0xe2, 0x65, 0x3b, 0x66, 0xbb, 0x66, 0xe3, 0x3a, 0x00,
78 0xc1, 0x4a, 0xe2, 0xf2, 0xc8, 0x2d, 0x95, 0x74, 0x5b, 0x65, 0xaa, 0xfd,
79 0xe1, 0x11, 0xf9, 0x9e, 0x73, 0x3d, 0x96, 0xb5, 0xae, 0x19, 0x03, 0x74,
80 0x0f, 0xfa, 0xbd, 0x52, 0x72, 0x83, 0x08, 0x1e, 0x53, 0x08, 0x30, 0xb6,
81 0xd3, 0xef, 0x4b, 0x2d, 0x65, 0x3c, 0x7d, 0xba, 0x55, 0xfe, 0x7d, 0x1c,
82 0xc5, 0xf1, 0x4e, 0x9c, 0xae, 0x27, 0xe2, 0x1b, 0x42, 0x2c, 0xd9, 0x6a,
83 0x81, 0x6c, 0x51, 0x2d, 0x7b, 0x7d, 0x28, 0xe3, 0xab, 0xaf, 0x30, 0x33,
84 0xd1, 0x46, 0xd1, 0xbe, 0x62, 0x2e, 0xd5, 0xfd, 0x32, 0x68, 0xb6, 0xe2,
85 0x95, 0x59, 0x6e, 0x69, 0xe9, 0x9c, 0x24, 0xf7, 0x71, 0xde, 0x5f, 0xd5,
86 0xc5, 0x8a, 0x71, 0xb3, 0x65, 0x77, 0xf9, 0x29, 0xf3, 0xce, 0x0a, 0x00,
87 0xca, 0xd7, 0xf9, 0x2e, 0x45, 0x04, 0xb5, 0x68, 0x1f, 0xfe, 0x4e, 0xac,
88 0xdd, 0xaa, 0xc5, 0x24, 0x6e, 0xec, 0x63, 0x36, 0x5f, 0xb9, 0x94, 0x0c,
89 0x7c, 0xf3, 0xcf, 0xa9, 0x44, 0x80, 0x99, 0x13, 0x89, 0x68, 0xbc, 0x6c,
90 0xfb, 0xe7, 0x2c, 0x94, 0x2e, 0x99, 0x31, 0xf1, 0x02, 0xd7, 0x27, 0xaf,
91 0xae, 0x69, 0xa9, 0x95, 0xd5, 0xf2, 0x6a, 0x6c, 0x46, 0x95, 0xdb, 0x30,
92 0xc9, 0x9f, 0xbe, 0xa0, 0x71, 0xc9, 0x74, 0xfb, 0xbb, 0x0a, 0x8b, 0xa1,
93 0x7c, 0x1a, 0xdf, 0xa3, 0xb2, 0x18, 0x29, 0xe5, 0xf6, 0x94, 0x9f, 0xa3,
94 0x50, 0x11, 0x4b, 0xfe, 0x05, 0xcb, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
95 0x82, 0x01, 0x01, 0x00, 0xc3, 0xec, 0x1c, 0x7c, 0x08, 0x2b, 0xf9, 0xa9,
96 0x39, 0xbb, 0x5e, 0xcf, 0x96, 0x1a, 0xdb, 0x6c, 0x6b, 0x57, 0x2d, 0x44,
97 0xba, 0x78, 0xb9, 0x36, 0x0e, 0x67, 0x46, 0x97, 0xe8, 0x71, 0x29, 0x5e,
98 0xb3, 0xe0, 0x02, 0x75, 0x50, 0xff, 0x1a, 0x90, 0x26, 0xf1, 0xdd, 0x23,
99 0x24, 0xff, 0x0e, 0xf5, 0x38, 0x6c, 0x55, 0xa8, 0x63, 0x94, 0x4e, 0xce,
100 0xc2, 0x45, 0x93, 0xf5, 0xb8, 0xae, 0xbd, 0x1a, 0xde, 0x11, 0xdb, 0x35,
101 0x1b, 0x07, 0xbb, 0xdf, 0x7b, 0xa6, 0xa3, 0xd5, 0x44, 0xed, 0x0a, 0x2d,
102 0xe3, 0x5b, 0xe1, 0x41, 0x6d, 0x42, 0x90, 0x3d, 0x9a, 0x86, 0xcc, 0xec,
103 0xe9, 0x32, 0x5d, 0x03, 0x02, 0x65, 0x5c, 0x52, 0x69, 0xb8, 0x2b, 0xbe,
104 0x23, 0x80, 0xa3, 0x5d, 0x98, 0xa5, 0xf0, 0x4d, 0x50, 0xd5, 0x7e, 0x6e,
105 0x83, 0x92, 0xcf, 0xdb, 0x32, 0x63, 0x25, 0xc5, 0x32, 0xae, 0x17, 0xeb,
106 0xda, 0x81, 0xa8, 0xcc, 0x37, 0x6a, 0xdb, 0x3b, 0xe1, 0x48, 0x5f, 0xfc,
107 0x31, 0x98, 0x49, 0x53, 0x2a, 0xf0, 0x71, 0x67, 0x52, 0xdc, 0x01, 0x07,
108 0x3e, 0xb1, 0x7f, 0xb1, 0xc4, 0x1a, 0x23, 0x3d, 0x7a, 0x94, 0x63, 0xb4,
109 0xb6, 0x9a, 0xa3, 0x7e, 0x8d, 0x4a, 0xba, 0x9c, 0x88, 0xfd, 0xd2, 0x2e,
110 0x32, 0x5f, 0xa6, 0x2c, 0xf4, 0xc8, 0x54, 0xa5, 0x7a, 0x5a, 0x02, 0x0c,
111 0x80, 0xa4, 0x8b, 0x6c, 0x4a, 0xda, 0x00, 0x62, 0x77, 0xd9, 0x49, 0x11,
112 0xae, 0xe5, 0x51, 0xc4, 0x54, 0x68, 0xe9, 0xbd, 0x9f, 0x95, 0x8f, 0x1b,
113 0xb7, 0x0b, 0x25, 0x6b, 0xe7, 0x32, 0x55, 0x92, 0xb0, 0x0f, 0x10, 0xe2,
114 0xc6, 0xef, 0x5f, 0xe1, 0x54, 0xdb, 0xe0, 0x2d, 0x59, 0xe4, 0xc0, 0x92,
115 0x60, 0x5b, 0x25, 0xb0, 0x33, 0x1a, 0x6b, 0xa4, 0x03, 0xd2, 0xd2, 0x3b,
116 0x09, 0xd6, 0xc4, 0x4e, 0xde, 0x09, 0xdc, 0x81, 0x02, 0x81, 0x81, 0x00,
117 0xf9, 0xf8, 0x73, 0x97, 0x11, 0xfd, 0x87, 0x76, 0xd3, 0x70, 0x38, 0xbe,
118 0x17, 0xe0, 0xdc, 0x55, 0x11, 0x95, 0x83, 0xa7, 0x4e, 0xbc, 0x8c, 0xe9,
119 0x59, 0xe4, 0x64, 0xa2, 0xd3, 0xc9, 0xd9, 0x48, 0x1a, 0xe7, 0x96, 0x2c,
120 0xc5, 0x21, 0x87, 0x77, 0x9e, 0x43, 0xaa, 0xdf, 0x26, 0x96, 0x22, 0xc2,
121 0x14, 0x01, 0xbf, 0x56, 0xda, 0xe9, 0x36, 0xf5, 0x06, 0xa9, 0x0f, 0x9a,
122 0xae, 0x86, 0xc6, 0x73, 0x8f, 0x46, 0x48, 0x8e, 0x5d, 0x17, 0xb7, 0xff,
123 0x24, 0x85, 0x3a, 0xac, 0x9e, 0x65, 0x04, 0xc9, 0x24, 0x47, 0x05, 0xfa,
124 0xf2, 0xda, 0x19, 0xd4, 0x39, 0x89, 0x29, 0xc7, 0x12, 0xb0, 0x89, 0x1a,
125 0x96, 0x46, 0x79, 0x28, 0x80, 0x6d, 0xb8, 0xb6, 0x9a, 0x2e, 0x36, 0xa6,
126 0x5a, 0xc5, 0x98, 0xfb, 0x26, 0xe7, 0xbc, 0xe3, 0x9f, 0xd5, 0x07, 0x0d,
127 0xb0, 0xcd, 0x55, 0xe6, 0x1b, 0x1e, 0x16, 0x2b, 0x02, 0x81, 0x81, 0x00,
128 0xd0, 0x42, 0x3e, 0xb6, 0x35, 0xf7, 0x40, 0xc7, 0xb4, 0xd1, 0xd0, 0x23,
129 0xb5, 0xcc, 0x61, 0x42, 0x3b, 0x21, 0xa8, 0x19, 0x9d, 0xea, 0xf5, 0x8c,
130 0xf2, 0xf7, 0x2a, 0xa4, 0xee, 0x81, 0x50, 0x16, 0x38, 0x99, 0x50, 0x72,
131 0xe6, 0xf5, 0xae, 0xf1, 0x11, 0x6c, 0x08, 0xa1, 0x7e, 0x34, 0x3e, 0xea,
132 0x6d, 0x21, 0x29, 0xad, 0x72, 0x8a, 0xa5, 0x4e, 0x0a, 0x21, 0x0b, 0x3c,
133 0x32, 0xd9, 0xce, 0xdb, 0x2c, 0x5f, 0x88, 0x6f, 0x8f, 0xc1, 0x76, 0xcb,
134 0x32, 0xb2, 0x4a, 0x99, 0x8a, 0x43, 0x3f, 0x7c, 0x30, 0x10, 0x80, 0xd9,
135 0x3a, 0xd8, 0xf3, 0xa5, 0x5e, 0x69, 0x7f, 0x76, 0x3c, 0x79, 0x0e, 0xf5,
136 0x5c, 0xdc, 0x14, 0x8a, 0x22, 0x1c, 0xdf, 0xb6, 0xfb, 0x95, 0xfc, 0xa1,
137 0x7d, 0x29, 0xee, 0xee, 0xce, 0x82, 0xfd, 0xbb, 0xdc, 0x0e, 0xd9, 0xfb,
138 0x99, 0xca, 0xe2, 0x48, 0x2d, 0x9a, 0x9e, 0xe1, 0x02, 0x81, 0x81, 0x00,
139 0xbf, 0x5c, 0x97, 0x48, 0xd0, 0x89, 0xf1, 0x39, 0x63, 0x56, 0x66, 0xea,
140 0x07, 0xa7, 0xa9, 0xa5, 0x2a, 0x27, 0xf6, 0xb8, 0x8f, 0x4b, 0x42, 0xe8,
141 0xa5, 0x5b, 0x76, 0x3b, 0x3c, 0xbd, 0x2a, 0xac, 0xcb, 0x83, 0xfc, 0xf0,
142 0x5b, 0x1d, 0x76, 0xf2, 0x78, 0xe3, 0x3e, 0x9d, 0x44, 0x91, 0xed, 0x1b,
143 0xfc, 0x6a, 0xf6, 0x0a, 0xcc, 0xdd, 0x7a, 0xa8, 0x0b, 0xa8, 0x42, 0xfc,
144 0xdc, 0x9c, 0xea, 0xb1, 0xae, 0xbe, 0x54, 0x6f, 0x40, 0x0f, 0x17, 0x59,
145 0xa8, 0xa0, 0xa1, 0xb1, 0x62, 0x34, 0xdd, 0x7c, 0x0a, 0x5c, 0xa0, 0xd4,
146 0x63, 0x33, 0xda, 0x50, 0x20, 0x97, 0xc3, 0xb6, 0xd5, 0xb4, 0xf5, 0xd0,
147 0xb7, 0xb8, 0x4d, 0xaa, 0x56, 0xdf, 0x28, 0x68, 0x0a, 0x12, 0x54, 0xdd,
148 0xf7, 0x61, 0x8b, 0xe2, 0xc0, 0xfe, 0xe9, 0x18, 0xac, 0xd4, 0x4d, 0x69,
149 0x0a, 0xaf, 0xb7, 0x11, 0xc8, 0x32, 0xb9, 0x2f, 0x02, 0x81, 0x81, 0x00,
150 0xce, 0x5f, 0xd7, 0x25, 0x59, 0x75, 0x1b, 0x8c, 0xcb, 0x72, 0xdf, 0x7f,
151 0x83, 0xb8, 0x74, 0xe8, 0xdd, 0x10, 0x0d, 0x34, 0xd5, 0x78, 0xf0, 0xbc,
152 0x2c, 0x49, 0x22, 0xc9, 0x2e, 0x50, 0x96, 0xbc, 0x6e, 0x79, 0xff, 0x6e,
153 0xdd, 0xd0, 0xb8, 0xfb, 0xca, 0xf7, 0xf3, 0xd5, 0x94, 0xea, 0xd1, 0x2e,
154 0x1d, 0xd6, 0xaf, 0x26, 0x62, 0x4b, 0x62, 0x64, 0x63, 0x45, 0x3b, 0x8c,
155 0xfc, 0x17, 0x3b, 0x15, 0x96, 0x73, 0x55, 0x10, 0xb8, 0xb4, 0x4e, 0xb4,
156 0x2e, 0x18, 0xe0, 0x34, 0x26, 0xff, 0x5c, 0xfa, 0x03, 0xe7, 0x56, 0xc7,
157 0xed, 0xb8, 0xf0, 0x38, 0xff, 0xc6, 0x2b, 0xb9, 0x4f, 0x53, 0xe7, 0xae,
158 0xdd, 0xc6, 0x79, 0xd4, 0x28, 0xd9, 0xd4, 0x17, 0xd0, 0x58, 0x61, 0x70,
159 0xe6, 0x47, 0x97, 0xae, 0xae, 0x96, 0xc0, 0x3a, 0x59, 0x67, 0x9e, 0x3b,
160 0xe5, 0xbb, 0x57, 0x61, 0x8f, 0x4f, 0x9a, 0x01, 0x02, 0x81, 0x80, 0x57,
161 0xfa, 0x17, 0x0a, 0x87, 0x99, 0xdb, 0x93, 0x94, 0x10, 0x3f, 0xa9, 0xbf,
162 0xa4, 0x02, 0x7d, 0xf1, 0x04, 0x41, 0x08, 0x68, 0x6a, 0x9b, 0x79, 0xfd,
163 0xf4, 0x10, 0x8f, 0xc8, 0xdd, 0xfe, 0x0c, 0xc7, 0xc3, 0x42, 0x2d, 0xac,
164 0x80, 0xc3, 0xfb, 0xa0, 0x8d, 0x31, 0x9b, 0x5b, 0xf8, 0xbb, 0x8c, 0x05,
165 0x56, 0xaf, 0x49, 0xca, 0xa9, 0xe5, 0xab, 0x80, 0xa9, 0x39, 0xfd, 0xd4,
166 0x78, 0x45, 0xaa, 0xd6, 0x27, 0x91, 0xa8, 0x76, 0x01, 0x98, 0xf0, 0x4f,
167 0x48, 0xe0, 0x4e, 0x53, 0x53, 0x55, 0x5e, 0x2b, 0x1a, 0x4f, 0x00, 0x62,
168 0xe4, 0x0e, 0x05, 0xa0, 0x94, 0x6e, 0xff, 0xd4, 0x13, 0x6f, 0x2e, 0x7c,
169 0x08, 0x92, 0x20, 0xa9, 0x29, 0xee, 0xb0, 0xbb, 0x14, 0x52, 0xf9, 0x6d,
170 0x28, 0xd9, 0xbd, 0x84, 0x11, 0x43, 0x71, 0xc2, 0x60, 0x69, 0xb3, 0x34,
171 0xe5, 0xae, 0xd7, 0x75, 0x4c, 0xb8, 0x3d, 0x0a
172 };
173
174 // Closure that fail the test if it's called.
175 void ExpectNotCalledCallback() {
176 ADD_FAILURE() << "Not reached";
177 }
178
179 // Used to track how may |EasyUnlockTpmKeyManager::PrepareTpmKey| callbacks
180 // have been called. It increases |*count| by 1.
181 void IncreaseCount(int* count) {
182 ++(*count);
183 }
184
185 // Sets |*result| to |value| and runs |callback|.
186 // Used as a callback to EasyUnlockTpmKeyManager::SignUsingTpmKey in tests.
187 void RecordStringAndRunClosure(std::string* result,
188 const base::Closure& callback,
189 const std::string& value) {
190 *result = value;
191 callback.Run();
192 }
193
194 class EasyUnlockTpmKeyManagerTest : public testing::Test {
195 public:
196 EasyUnlockTpmKeyManagerTest()
197 : thread_bundle_(content::TestBrowserThreadBundle::REAL_IO_THREAD),
198 user_manager_(new chromeos::FakeChromeUserManager()),
199 user_manager_enabler_(user_manager_),
200 profile_manager_(TestingBrowserProcess::GetGlobal()) {}
201 ~EasyUnlockTpmKeyManagerTest() override {}
202
203 void SetUp() override {
204 ASSERT_TRUE(profile_manager_.SetUp());
205 const user_manager::User* user = user_manager_->AddUser(kTestUserId);
206 username_hash_ = user->username_hash();
207
208 signin_profile_ = profile_manager_.CreateTestingProfile(
209 chrome::kInitialProfile,
210 scoped_ptr<TestingPrefServiceSyncable>(),
211 base::UTF8ToUTF16(chrome::kInitialProfile),
212 0 /* avatar id */,
213 std::string() /* supervized user id */,
214 TestingProfile::TestingFactories());
215
216 user_profile_ = profile_manager_.CreateTestingProfile(
217 kTestUserId,
218 scoped_ptr<TestingPrefServiceSyncable>(),
219 base::UTF8ToUTF16(kTestUserId),
220 0 /* avatar id */,
221 std::string() /* supervized user id */,
222 TestingProfile::TestingFactories());
223 }
224
225 void TearDown() override {
226 if (test_nss_user_)
227 ResetTestNssUser();
228 profile_manager_.DeleteTestingProfile(kTestUserId);
229 profile_manager_.DeleteTestingProfile(chrome::kInitialProfile);
230 }
231
232 bool InitTestNssUser() {
233 bool success = false;
234 base::RunLoop run_loop;
235 // Has to be done on IO thread due to thread assertions in nss code.
236 content::BrowserThread::PostTaskAndReply(
237 content::BrowserThread::IO, FROM_HERE,
238 base::Bind(&EasyUnlockTpmKeyManagerTest::InitTestNssUserOnIOThread,
239 base::Unretained(this), base::Unretained(&success)),
240 run_loop.QuitClosure());
241 run_loop.Run();
242 return success;
243 }
244
245 void InitTestNssUserOnIOThread(bool* success) {
246 test_nss_user_.reset(new crypto::ScopedTestNSSChromeOSUser(username_hash_));
247 *success = test_nss_user_->constructed_successfully();
248 }
249
250 // Verifies that easy sign-in TPM key generation does not start before user
251 // TPM is completely done, then finalizes user TPM initialization.
252 // Note that easy sign-in key generation should not start before TPM is
253 // initialized in order to prevent TPM initialization from blocking IO thread
254 // while waiting for TPM lock (taken for key creation) to be released.
255 void VerifyKeyGenerationNotStartedAndFinalizeTestNssUser() {
256 EXPECT_FALSE(user_key_manager()->StartedCreatingTpmKeys());
257
258 base::RunLoop run_loop;
259 // Has to be done on IO thread due to thread assertions in nss code.
260 content::BrowserThread::PostTaskAndReply(
261 content::BrowserThread::IO, FROM_HERE,
262 base::Bind(&EasyUnlockTpmKeyManagerTest::FinalizeTestNssUserOnIOThread,
263 base::Unretained(this)),
264 run_loop.QuitClosure());
265 run_loop.Run();
266 }
267
268 void FinalizeTestNssUserOnIOThread() { test_nss_user_->FinishInit(); }
269
270 void ResetTestNssUser() {
271 base::RunLoop run_loop;
272 // Has to be done on IO thread due to thread assertions in nss code.
273 content::BrowserThread::PostTaskAndReply(
274 content::BrowserThread::IO, FROM_HERE,
275 base::Bind(&EasyUnlockTpmKeyManagerTest::ResetTestNssUserOnIOThread,
276 base::Unretained(this)),
277 run_loop.QuitClosure());
278 run_loop.Run();
279 }
280
281 void ResetTestNssUserOnIOThread() { test_nss_user_.reset(); }
282
283 // Creates and sets test system NSS key slot.
284 bool SetUpTestSystemSlot() {
285 test_system_slot_.reset(new crypto::ScopedTestSystemNSSKeySlot());
286 return test_system_slot_->ConstructedSuccessfully();
287 }
288
289 // Imports a private RSA key to the test system slot.
290 // It returns whether the key has been imported. In order for the method to
291 // succeed, the test system slot must have been set up
292 // (using |SetUpTestSystemSlot|).
293 bool ImportPrivateKey(const unsigned char* key, int key_size) {
294 if (!test_system_slot_ || !test_system_slot_->slot()) {
295 LOG(ERROR) << "System slot not initialized.";
296 return false;
297 }
298
299 SECItem pki_der_user = {
300 siBuffer,
301 // NSS requires non-const data even though it is just for input.
302 const_cast<unsigned char*>(key),
303 key_size
304 };
305
306 return SECSuccess ==
307 PK11_ImportDERPrivateKeyInfo(test_system_slot_->slot(),
308 &pki_der_user,
309 NULL, // nickname
310 NULL, // publicValue
311 true, // isPerm
312 true, // isPrivate
313 KU_ALL, // usage
314 NULL);
315 }
316
317 // Returns EasyUnlockTPMKeyManager for user profile.
318 EasyUnlockTpmKeyManager* user_key_manager() {
319 return EasyUnlockTpmKeyManagerFactory::GetInstance()->Get(user_profile_);
320 }
321
322 // Returns EasyUnlockTPMKeyManager for signin profile.
323 EasyUnlockTpmKeyManager* signin_key_manager() {
324 return EasyUnlockTpmKeyManagerFactory::GetInstance()->Get(signin_profile_);
325 }
326
327 // Sets TPM public key pref in the test user's profile prefs.
328 void SetLocalStatePublicKey(const std::string& user_id,
329 const std::string& value) {
330 std::string encoded;
331 base::Base64Encode(value, &encoded);
332 DictionaryPrefUpdate update(g_browser_process->local_state(),
333 prefs::kEasyUnlockLocalStateTpmKeys);
334 update->SetStringWithoutPathExpansion(kTestUserId, encoded);
335 }
336
337 private:
338 content::TestBrowserThreadBundle thread_bundle_;
339
340 // The NSS system slot used by EasyUnlockTPMKeyManagers in tests.
341 scoped_ptr<crypto::ScopedTestSystemNSSKeySlot> test_system_slot_;
342 scoped_ptr<crypto::ScopedTestNSSChromeOSUser> test_nss_user_;
343
344 // Needed to properly set up signin and user profiles for test.
345 user_manager::FakeUserManager* user_manager_;
346 chromeos::ScopedUserManagerEnabler user_manager_enabler_;
347 TestingProfileManager profile_manager_;
348
349 // The testing profiles that own EasyUnlockTPMKeyManager services.
350 // Owned by |profile_manager_|.
351 TestingProfile* user_profile_;
352 TestingProfile* signin_profile_;
353
354 // The test user's username hash.
355 std::string username_hash_;
356
357 DISALLOW_COPY_AND_ASSIGN(EasyUnlockTpmKeyManagerTest);
358 };
359
360 TEST_F(EasyUnlockTpmKeyManagerTest, CreateKeyPair) {
361 ASSERT_TRUE(InitTestNssUser());
362
363 base::RunLoop run_loop;
364 EXPECT_TRUE(user_key_manager()->GetPublicTpmKey(kTestUserId).empty());
365 EXPECT_TRUE(signin_key_manager()->GetPublicTpmKey(kTestUserId).empty());
366 ASSERT_FALSE(user_key_manager()->PrepareTpmKey(
367 false /* check_private_key */,
368 run_loop.QuitClosure()));
369 EXPECT_TRUE(user_key_manager()->GetPublicTpmKey(kTestUserId).empty());
370
371 ASSERT_TRUE(SetUpTestSystemSlot());
372 VerifyKeyGenerationNotStartedAndFinalizeTestNssUser();
373 run_loop.Run();
374
375 EXPECT_FALSE(user_key_manager()->GetPublicTpmKey(kTestUserId).empty());
376 EXPECT_EQ(user_key_manager()->GetPublicTpmKey(kTestUserId),
377 signin_key_manager()->GetPublicTpmKey(kTestUserId));
378
379 EXPECT_TRUE(user_key_manager()->PrepareTpmKey(
380 false /* check_private_key */,
381 base::Bind(&ExpectNotCalledCallback)));
382 }
383
384 TEST_F(EasyUnlockTpmKeyManagerTest, CreateKeyPairMultipleCallbacks) {
385 ASSERT_TRUE(InitTestNssUser());
386
387 int callback_count = 0;
388 base::RunLoop run_loop;
389
390 ASSERT_FALSE(user_key_manager()->PrepareTpmKey(
391 false /* check_private_key */,
392 run_loop.QuitClosure()));
393 EXPECT_FALSE(user_key_manager()->PrepareTpmKey(
394 false /* check_private_key */,
395 base::Bind(&IncreaseCount, &callback_count)));
396 EXPECT_FALSE(user_key_manager()->PrepareTpmKey(
397 false /* check_private_key */,
398 base::Bind(&IncreaseCount, &callback_count)));
399 // Verify that the method works with empty callback.
400 EXPECT_FALSE(user_key_manager()->PrepareTpmKey(
401 false /* check_private_key */, base::Closure()));
402
403 ASSERT_TRUE(SetUpTestSystemSlot());
404 VerifyKeyGenerationNotStartedAndFinalizeTestNssUser();
405 EXPECT_EQ(0, callback_count);
406
407 run_loop.Run();
408
409 EXPECT_EQ(2, callback_count);
410 EXPECT_FALSE(user_key_manager()->GetPublicTpmKey(kTestUserId).empty());
411 EXPECT_EQ(user_key_manager()->GetPublicTpmKey(kTestUserId),
412 signin_key_manager()->GetPublicTpmKey(kTestUserId));
413
414 EXPECT_TRUE(user_key_manager()->PrepareTpmKey(
415 false /* check_private_key */,
416 base::Bind(&ExpectNotCalledCallback)));
417 }
418
419 TEST_F(EasyUnlockTpmKeyManagerTest, PublicKeySetInPrefs) {
420 SetLocalStatePublicKey(
421 kTestUserId, std::string(kTestPublicKey, arraysize(kTestPublicKey)));
422
423 EXPECT_TRUE(user_key_manager()->PrepareTpmKey(
424 false /* check_private_key */,
425 base::Bind(&ExpectNotCalledCallback)));
426
427 EXPECT_FALSE(user_key_manager()->GetPublicTpmKey(kTestUserId).empty());
428 EXPECT_EQ(user_key_manager()->GetPublicTpmKey(kTestUserId),
429 std::string(kTestPublicKey, arraysize(kTestPublicKey)));
430 EXPECT_EQ(user_key_manager()->GetPublicTpmKey(kTestUserId),
431 signin_key_manager()->GetPublicTpmKey(kTestUserId));
432 }
433
434 TEST_F(EasyUnlockTpmKeyManagerTest, PublicKeySetInPrefsCheckPrivateKey) {
435 ASSERT_TRUE(InitTestNssUser());
436
437 SetLocalStatePublicKey(
438 kTestUserId, std::string(kTestPublicKey, arraysize(kTestPublicKey)));
439
440 base::RunLoop run_loop;
441 ASSERT_FALSE(user_key_manager()->PrepareTpmKey(
442 true /* check_private_key */,
443 run_loop.QuitClosure()));
444
445 ASSERT_TRUE(SetUpTestSystemSlot());
446 VerifyKeyGenerationNotStartedAndFinalizeTestNssUser();
447 run_loop.Run();
448
449 EXPECT_FALSE(user_key_manager()->GetPublicTpmKey(kTestUserId).empty());
450 EXPECT_NE(user_key_manager()->GetPublicTpmKey(kTestUserId),
451 std::string(kTestPublicKey, arraysize(kTestPublicKey)));
452 EXPECT_EQ(user_key_manager()->GetPublicTpmKey(kTestUserId),
453 signin_key_manager()->GetPublicTpmKey(kTestUserId));
454 }
455
456 TEST_F(EasyUnlockTpmKeyManagerTest, PublicKeySetInPrefsCheckPrivateKey_OK) {
457 ASSERT_TRUE(InitTestNssUser());
458 ASSERT_TRUE(SetUpTestSystemSlot());
459 VerifyKeyGenerationNotStartedAndFinalizeTestNssUser();
460 ASSERT_TRUE(ImportPrivateKey(kTestPrivateKey, arraysize(kTestPrivateKey)));
461 SetLocalStatePublicKey(
462 kTestUserId, std::string(kTestPublicKey, arraysize(kTestPublicKey)));
463
464 int callback_count = 0;
465 base::RunLoop run_loop;
466 ASSERT_FALSE(user_key_manager()->PrepareTpmKey(
467 true /* check_private_key */,
468 run_loop.QuitClosure()));
469
470 EXPECT_FALSE(user_key_manager()->PrepareTpmKey(
471 false /* check_private_key */,
472 base::Bind(&IncreaseCount, &callback_count)));
473
474 run_loop.Run();
475
476 EXPECT_EQ(1, callback_count);
477 EXPECT_FALSE(user_key_manager()->GetPublicTpmKey(kTestUserId).empty());
478 EXPECT_EQ(user_key_manager()->GetPublicTpmKey(kTestUserId),
479 std::string(kTestPublicKey, arraysize(kTestPublicKey)));
480 EXPECT_EQ(user_key_manager()->GetPublicTpmKey(kTestUserId),
481 signin_key_manager()->GetPublicTpmKey(kTestUserId));
482
483 EXPECT_TRUE(user_key_manager()->PrepareTpmKey(
484 true /* check_private_key */,
485 base::Bind(&ExpectNotCalledCallback)));
486 }
487
488 TEST_F(EasyUnlockTpmKeyManagerTest, GetSystemSlotTimeoutTriggers) {
489 ASSERT_TRUE(InitTestNssUser());
490
491 base::RunLoop run_loop;
492 ASSERT_FALSE(user_key_manager()->PrepareTpmKey(
493 false /* check_private_key */,
494 run_loop.QuitClosure()));
495
496 base::RunLoop run_loop_get_slot_timeout;
497 ASSERT_TRUE(user_key_manager()->StartGetSystemSlotTimeoutMs(0));
498 run_loop_get_slot_timeout.RunUntilIdle();
499
500 ASSERT_TRUE(SetUpTestSystemSlot());
501 VerifyKeyGenerationNotStartedAndFinalizeTestNssUser();
502
503 run_loop.Run();
504
505 EXPECT_TRUE(user_key_manager()->GetPublicTpmKey(kTestUserId).empty());
506 }
507
508 TEST_F(EasyUnlockTpmKeyManagerTest, GetSystemSlotTimeoutAfterSlotFetched) {
509 ASSERT_TRUE(InitTestNssUser());
510 base::RunLoop run_loop;
511 ASSERT_FALSE(user_key_manager()->PrepareTpmKey(
512 false /* check_private_key */,
513 run_loop.QuitClosure()));
514
515 base::RunLoop run_loop_slot;
516 VerifyKeyGenerationNotStartedAndFinalizeTestNssUser();
517 ASSERT_TRUE(SetUpTestSystemSlot());
518 run_loop_slot.RunUntilIdle();
519
520 ASSERT_FALSE(user_key_manager()->StartGetSystemSlotTimeoutMs(0));
521
522 run_loop.Run();
523
524 EXPECT_FALSE(user_key_manager()->GetPublicTpmKey(kTestUserId).empty());
525 }
526
527 TEST_F(EasyUnlockTpmKeyManagerTest, GetSystemSlotRetryAfterFailure) {
528 ASSERT_TRUE(InitTestNssUser());
529 base::RunLoop run_loop;
530 ASSERT_FALSE(user_key_manager()->PrepareTpmKey(
531 false /* check_private_key */,
532 run_loop.QuitClosure()));
533
534 base::RunLoop run_loop_get_slot_timeout;
535 ASSERT_TRUE(user_key_manager()->StartGetSystemSlotTimeoutMs(0));
536 run_loop_get_slot_timeout.RunUntilIdle();
537
538 run_loop.Run();
539
540 EXPECT_TRUE(user_key_manager()->GetPublicTpmKey(kTestUserId).empty());
541
542 base::RunLoop run_loop_retry;
543
544 ASSERT_FALSE(user_key_manager()->PrepareTpmKey(
545 false /* check_private_key */,
546 run_loop_retry.QuitClosure()));
547
548 ASSERT_TRUE(SetUpTestSystemSlot());
549 VerifyKeyGenerationNotStartedAndFinalizeTestNssUser();
550
551 run_loop_retry.Run();
552
553 EXPECT_FALSE(user_key_manager()->GetPublicTpmKey(kTestUserId).empty());
554 }
555
556 TEST_F(EasyUnlockTpmKeyManagerTest, SignData) {
557 ASSERT_TRUE(SetUpTestSystemSlot());
558 ASSERT_TRUE(ImportPrivateKey(kTestPrivateKey, arraysize(kTestPrivateKey)));
559 SetLocalStatePublicKey(
560 kTestUserId, std::string(kTestPublicKey, arraysize(kTestPublicKey)));
561
562 base::RunLoop loop;
563 std::string signed_data;
564 signin_key_manager()->SignUsingTpmKey(
565 kTestUserId,
566 "data",
567 base::Bind(&RecordStringAndRunClosure, &signed_data, loop.QuitClosure()));
568 loop.Run();
569
570 EXPECT_FALSE(signed_data.empty());
571 }
572
573 TEST_F(EasyUnlockTpmKeyManagerTest, SignNoPublicKeySet) {
574 base::RunLoop loop;
575 std::string signed_data;
576 signin_key_manager()->SignUsingTpmKey(
577 kTestUserId,
578 "data",
579 base::Bind(&RecordStringAndRunClosure, &signed_data, loop.QuitClosure()));
580 loop.Run();
581
582 EXPECT_TRUE(signed_data.empty());
583 }
584
585 TEST_F(EasyUnlockTpmKeyManagerTest, SignDataNoPrivateKeyPresent) {
586 SetLocalStatePublicKey(
587 kTestUserId, std::string(kTestPublicKey, arraysize(kTestPublicKey)));
588
589 base::RunLoop loop;
590 std::string signed_data;
591 signin_key_manager()->SignUsingTpmKey(
592 kTestUserId,
593 "data",
594 base::Bind(&RecordStringAndRunClosure, &signed_data, loop.QuitClosure()));
595
596 ASSERT_TRUE(SetUpTestSystemSlot());
597
598 loop.Run();
599
600 EXPECT_TRUE(signed_data.empty());
601 }
602
603 } // namespace