1 // Copyright 2024 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/scoped_fake_user_verifying_key_provider.h"
6
7 #include <memory>
8 #include <utility>
9 #include <vector>
10
11 #include "base/base64.h"
12 #include "base/containers/flat_map.h"
13 #include "base/containers/span.h"
14 #include "base/functional/bind.h"
15 #include "base/functional/callback.h"
16 #include "crypto/signature_verifier.h"
17 #include "crypto/unexportable_key.h"
18 #include "crypto/user_verifying_key.h"
19
20 namespace crypto {
21
22 namespace {
23
24 // This tracks deleted keys, so calling `DeleteUserVerifyingKey` with one
25 // can return false, allowing deletion to be tested.
26 std::vector<UserVerifyingKeyLabel> g_deleted_keys_;
27
28 // Wraps a software `UnexportableSigningKey`.
29 class FakeUserVerifyingSigningKey : public UserVerifyingSigningKey {
30 public:
FakeUserVerifyingSigningKey(UserVerifyingKeyLabel label,std::unique_ptr<UnexportableSigningKey> software_key)31 FakeUserVerifyingSigningKey(
32 UserVerifyingKeyLabel label,
33 std::unique_ptr<UnexportableSigningKey> software_key)
34 : label_(std::move(label)), software_key_(std::move(software_key)) {}
35
36 ~FakeUserVerifyingSigningKey() override = default;
37
Sign(base::span<const uint8_t> data,UserVerifyingKeySignatureCallback callback)38 void Sign(base::span<const uint8_t> data,
39 UserVerifyingKeySignatureCallback callback) override {
40 auto opt_signature = software_key_->SignSlowly(data);
41 if (!opt_signature.has_value()) {
42 std::move(callback).Run(
43 base::unexpected(UserVerifyingKeySigningError::kUnknownError));
44 return;
45 }
46 std::move(callback).Run(base::ok(*opt_signature));
47 }
48
GetPublicKey() const49 std::vector<uint8_t> GetPublicKey() const override {
50 return software_key_->GetSubjectPublicKeyInfo();
51 }
52
GetKeyLabel() const53 const UserVerifyingKeyLabel& GetKeyLabel() const override { return label_; }
54
55 private:
56 const UserVerifyingKeyLabel label_;
57 std::unique_ptr<UnexportableSigningKey> software_key_;
58 };
59
60 class FakeUserVerifyingKeyProvider : public UserVerifyingKeyProvider {
61 public:
62 ~FakeUserVerifyingKeyProvider() override = default;
63
GenerateUserVerifyingSigningKey(base::span<const SignatureVerifier::SignatureAlgorithm> acceptable_algorithms,UserVerifyingKeyCreationCallback callback)64 void GenerateUserVerifyingSigningKey(
65 base::span<const SignatureVerifier::SignatureAlgorithm>
66 acceptable_algorithms,
67 UserVerifyingKeyCreationCallback callback) override {
68 auto software_unexportable_key =
69 GetSoftwareUnsecureUnexportableKeyProvider()->GenerateSigningKeySlowly(
70 acceptable_algorithms);
71 UserVerifyingKeyLabel key_label =
72 base::Base64Encode(software_unexportable_key->GetWrappedKey());
73 std::move(callback).Run(std::make_unique<FakeUserVerifyingSigningKey>(
74 std::move(key_label), std::move(software_unexportable_key)));
75 }
76
GetUserVerifyingSigningKey(UserVerifyingKeyLabel key_label,UserVerifyingKeyCreationCallback callback)77 void GetUserVerifyingSigningKey(
78 UserVerifyingKeyLabel key_label,
79 UserVerifyingKeyCreationCallback callback) override {
80 for (auto deleted_key : g_deleted_keys_) {
81 if (deleted_key == key_label) {
82 std::move(callback).Run(
83 base::unexpected(UserVerifyingKeyCreationError::kUnknownError));
84 return;
85 }
86 }
87 std::vector<SignatureVerifier::SignatureAlgorithm> algorithms = {
88 SignatureVerifier::SignatureAlgorithm::ECDSA_SHA256};
89 std::optional<std::vector<uint8_t>> wrapped_key =
90 base::Base64Decode(key_label);
91 CHECK(wrapped_key);
92 auto software_unexportable_key =
93 GetSoftwareUnsecureUnexportableKeyProvider()
94 ->FromWrappedSigningKeySlowly(*wrapped_key);
95 CHECK(software_unexportable_key);
96 std::move(callback).Run(
97 base::ok(std::make_unique<FakeUserVerifyingSigningKey>(
98 std::move(key_label), std::move(software_unexportable_key))));
99 }
100
DeleteUserVerifyingKey(UserVerifyingKeyLabel key_label,base::OnceCallback<void (bool)> callback)101 void DeleteUserVerifyingKey(
102 UserVerifyingKeyLabel key_label,
103 base::OnceCallback<void(bool)> callback) override {
104 g_deleted_keys_.push_back(key_label);
105 std::move(callback).Run(true);
106 }
107 };
108
109 class FailingUserVerifyingSigningKey : public UserVerifyingSigningKey {
110 public:
FailingUserVerifyingSigningKey()111 FailingUserVerifyingSigningKey() : label_("test") {}
112 ~FailingUserVerifyingSigningKey() override = default;
113
Sign(base::span<const uint8_t> data,UserVerifyingKeySignatureCallback callback)114 void Sign(base::span<const uint8_t> data,
115 UserVerifyingKeySignatureCallback callback) override {
116 std::move(callback).Run(
117 base::unexpected(UserVerifyingKeySigningError::kUnknownError));
118 }
119
GetPublicKey() const120 std::vector<uint8_t> GetPublicKey() const override { return {1, 2, 3, 4}; }
121
GetKeyLabel() const122 const UserVerifyingKeyLabel& GetKeyLabel() const override { return label_; }
123
124 private:
125 const UserVerifyingKeyLabel label_;
126 };
127
128 class FailingUserVerifyingKeyProvider : public UserVerifyingKeyProvider {
129 public:
130 ~FailingUserVerifyingKeyProvider() override = default;
131
GenerateUserVerifyingSigningKey(base::span<const SignatureVerifier::SignatureAlgorithm> acceptable_algorithms,UserVerifyingKeyCreationCallback callback)132 void GenerateUserVerifyingSigningKey(
133 base::span<const SignatureVerifier::SignatureAlgorithm>
134 acceptable_algorithms,
135 UserVerifyingKeyCreationCallback callback) override {
136 std::move(callback).Run(
137 base::ok(std::make_unique<FailingUserVerifyingSigningKey>()));
138 }
139
GetUserVerifyingSigningKey(UserVerifyingKeyLabel key_label,UserVerifyingKeyCreationCallback callback)140 void GetUserVerifyingSigningKey(
141 UserVerifyingKeyLabel key_label,
142 UserVerifyingKeyCreationCallback callback) override {
143 std::move(callback).Run(
144 base::ok(std::make_unique<FailingUserVerifyingSigningKey>()));
145 }
146
DeleteUserVerifyingKey(UserVerifyingKeyLabel key_label,base::OnceCallback<void (bool)> callback)147 void DeleteUserVerifyingKey(
148 UserVerifyingKeyLabel key_label,
149 base::OnceCallback<void(bool)> callback) override {}
150 };
151
GetMockUserVerifyingKeyProvider()152 std::unique_ptr<UserVerifyingKeyProvider> GetMockUserVerifyingKeyProvider() {
153 return std::make_unique<FakeUserVerifyingKeyProvider>();
154 }
155
GetNullUserVerifyingKeyProvider()156 std::unique_ptr<UserVerifyingKeyProvider> GetNullUserVerifyingKeyProvider() {
157 return nullptr;
158 }
159
GetFailingUserVerifyingKeyProvider()160 std::unique_ptr<UserVerifyingKeyProvider> GetFailingUserVerifyingKeyProvider() {
161 return std::make_unique<FailingUserVerifyingKeyProvider>();
162 }
163
164 } // namespace
165
ScopedFakeUserVerifyingKeyProvider()166 ScopedFakeUserVerifyingKeyProvider::ScopedFakeUserVerifyingKeyProvider() {
167 internal::SetUserVerifyingKeyProviderForTesting(
168 GetMockUserVerifyingKeyProvider);
169 }
170
~ScopedFakeUserVerifyingKeyProvider()171 ScopedFakeUserVerifyingKeyProvider::~ScopedFakeUserVerifyingKeyProvider() {
172 internal::SetUserVerifyingKeyProviderForTesting(nullptr);
173 }
174
ScopedNullUserVerifyingKeyProvider()175 ScopedNullUserVerifyingKeyProvider::ScopedNullUserVerifyingKeyProvider() {
176 internal::SetUserVerifyingKeyProviderForTesting(
177 GetNullUserVerifyingKeyProvider);
178 }
179
~ScopedNullUserVerifyingKeyProvider()180 ScopedNullUserVerifyingKeyProvider::~ScopedNullUserVerifyingKeyProvider() {
181 internal::SetUserVerifyingKeyProviderForTesting(nullptr);
182 }
183
ScopedFailingUserVerifyingKeyProvider()184 ScopedFailingUserVerifyingKeyProvider::ScopedFailingUserVerifyingKeyProvider() {
185 internal::SetUserVerifyingKeyProviderForTesting(
186 GetFailingUserVerifyingKeyProvider);
187 }
188
189 ScopedFailingUserVerifyingKeyProvider::
~ScopedFailingUserVerifyingKeyProvider()190 ~ScopedFailingUserVerifyingKeyProvider() {
191 internal::SetUserVerifyingKeyProviderForTesting(nullptr);
192 }
193 } // namespace crypto
194