Add ability to pass decryption key id to CreateSecureMessage method

This should enable the message receiver to identify a key to be used for message decryption. BUG=409099 (depends on https://codereview.chromium.org/513013003/) Review URL: https://codereview.chromium.org/518643002 Cr-Commit-Position: refs/heads/master@{#293006}
cbchan · Sep 2, 2014 · 042e34f · 042e34f
1 parent dad3873
commit 042e34f
Show file tree

Hide file tree

Showing 11 changed files with 33 additions and 6 deletions.
diff --git a/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_api.cc b/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_api.cc
@@ -324,6 +324,8 @@ bool EasyUnlockPrivateCreateSecureMessageFunction::RunAsync() {
           *params->options.public_metadata : std::string(),
       params->options.verification_key_id ?
           *params->options.verification_key_id : std::string(),
+      params->options.decryption_key_id ?
+          *params->options.decryption_key_id : std::string(),
       params->options.encrypt_type,
       params->options.sign_type,
       base::Bind(&EasyUnlockPrivateCreateSecureMessageFunction::OnData,

diff --git a/...e/browser/extensions/api/easy_unlock_private/easy_unlock_private_api_chromeos_unittest.cc b/...e/browser/extensions/api/easy_unlock_private/easy_unlock_private_api_chromeos_unittest.cc
@@ -173,6 +173,7 @@ TEST_F(EasyUnlockPrivateApiTest, CreateSecureMessage) {
       "ASSOCIATED_DATA",
       "PUBLIC_METADATA",
       "VERIFICATION_KEY_ID",
+      "DECRYPTION_KEY_ID",
       easy_unlock::kEncryptionTypeAES256CBC,
       easy_unlock::kSignatureTypeHMACSHA256,
       base::Bind(&CopyData, &expected_result));
@@ -187,6 +188,8 @@ TEST_F(EasyUnlockPrivateApiTest, CreateSecureMessage) {
   options->Set("publicMetadata", StringToBinaryValue("PUBLIC_METADATA"));
   options->Set("verificationKeyId",
                StringToBinaryValue("VERIFICATION_KEY_ID"));
+  options->Set("decryptionKeyId",
+               StringToBinaryValue("DECRYPTION_KEY_ID"));
   options->SetString(
       "encryptType",
       api::ToString(api::ENCRYPTION_TYPE_AES_256_CBC));
@@ -212,9 +215,10 @@ TEST_F(EasyUnlockPrivateApiTest, CreateSecureMessage_EmptyOptions) {
   client_->CreateSecureMessage(
       "PAYLOAD",
       "KEY",
-      "",
-      "",
-      "",
+      "",  // associated data
+      "",  // public metadata
+      "",  // verification key id
+      "",  // decryption key id
       easy_unlock::kEncryptionTypeNone,
       easy_unlock::kSignatureTypeHMACSHA256,
       base::Bind(&CopyData, &expected_result));
@@ -245,8 +249,9 @@ TEST_F(EasyUnlockPrivateApiTest, CreateSecureMessage_AsymmetricSign) {
       "PAYLOAD",
       "KEY",
       "ASSOCIATED_DATA",
-      "",
+      "",  // public metadata
       "VERIFICATION_KEY_ID",
+      "",  // decryption key id
       easy_unlock::kEncryptionTypeNone,
       easy_unlock::kSignatureTypeECDSAP256SHA256,
       base::Bind(&CopyData, &expected_result));
@@ -320,7 +325,7 @@ TEST_F(EasyUnlockPrivateApiTest, UnwrapSecureMessage_EmptyOptions) {
   client_->UnwrapSecureMessage(
       "MESSAGE",
       "KEY",
-      "",
+      "",  // associated data
       easy_unlock::kEncryptionTypeNone,
       easy_unlock::kSignatureTypeHMACSHA256,
       base::Bind(&CopyData, &expected_result));

diff --git a/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate.h b/chrome/browser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate.h
@@ -41,6 +41,7 @@ class EasyUnlockPrivateCryptoDelegate {
       const std::string& associated_data,
       const std::string& public_metadata,
       const std::string& verification_key_id,
+      const std::string& decryption_key_id,
       easy_unlock_private::EncryptionType encryption_type,
       easy_unlock_private::SignatureType signature_type,
       const DataCallback& callback) = 0;

diff --git a/...rowser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate_chromeos.cc b/...rowser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate_chromeos.cc
@@ -64,6 +64,7 @@ class EasyUnlockPrivateCryptoDelegateChromeOS
       const std::string& associated_data,
       const std::string& public_metadata,
       const std::string& verification_key_id,
+      const std::string& decryption_key_id,
       easy_unlock_private::EncryptionType encryption_type,
       easy_unlock_private::SignatureType signature_type,
       const DataCallback& callback) OVERRIDE {
@@ -72,6 +73,7 @@ class EasyUnlockPrivateCryptoDelegateChromeOS
                                       associated_data,
                                       public_metadata,
                                       verification_key_id,
+                                      decryption_key_id,
                                       EncryptionTypeToString(encryption_type),
                                       SignatureTypeToString(signature_type),
                                       callback);

diff --git a/...me/browser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate_stub.cc b/...me/browser/extensions/api/easy_unlock_private/easy_unlock_private_crypto_delegate_stub.cc
@@ -33,6 +33,7 @@ class EasyUnlockPrivateCryptoDelegateStub
       const std::string& associated_data,
       const std::string& public_metadata,
       const std::string& verification_key_id,
+      const std::string& decryption_key_id,
       easy_unlock_private::EncryptionType encryption_type,
       easy_unlock_private::SignatureType signature_type,
       const DataCallback& callback) OVERRIDE {

diff --git a/chrome/common/extensions/api/easy_unlock_private.idl b/chrome/common/extensions/api/easy_unlock_private.idl
@@ -77,11 +77,15 @@
     ArrayBuffer? publicMetadata;
 
     // Verification key id added to the message header. Should be set if the
-    // message is signed using |ECDSA_P256_SHA256|. It's used by the message
+    // message is signed using |ECDSA_P256_SHA256|. Used by the message
     // recepient to determine which key should be used to verify the message
     // signature.
     ArrayBuffer? verificationKeyId;
 
+    // Decryption key id added to the message header. Used by the message
+    // recepient to determine which key should be used to decrypt the message.
+    ArrayBuffer? decryptionKeyId;
+
     // The encryption algorithm that should be used to encrypt the message.
     // Should not be set for a cleartext message.
     EncryptionType? encryptType;

diff --git a/chromeos/dbus/easy_unlock_client.cc b/chromeos/dbus/easy_unlock_client.cc
@@ -78,6 +78,7 @@ class EasyUnlockClientImpl : public EasyUnlockClient {
                                    const std::string& associated_data,
                                    const std::string& public_metadata,
                                    const std::string& verification_key_id,
+                                   const std::string& decryption_key_id,
                                    const std::string& encryption_type,
                                    const std::string& signature_type,
                                    const DataCallback& callback) OVERRIDE {
@@ -92,6 +93,7 @@ class EasyUnlockClientImpl : public EasyUnlockClient {
     AppendStringAsByteArray(associated_data, &writer);
     AppendStringAsByteArray(public_metadata, &writer);
     AppendStringAsByteArray(verification_key_id, &writer);
+    AppendStringAsByteArray(decryption_key_id, &writer);
     writer.AppendString(encryption_type);
     writer.AppendString(signature_type);
     proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT,

diff --git a/chromeos/dbus/easy_unlock_client.h b/chromeos/dbus/easy_unlock_client.h
@@ -62,6 +62,9 @@ class CHROMEOS_EXPORT EasyUnlockClient : public DBusClient {
   //     set if the message is signed with private asymetric key. This value
   //     is used by the receiver to identify the public key that should be used
   //     to verify the signature.
+  // |decryption_key_id|: Key id added to the message header. Used by the
+  //     message receiver to identify the key that should be used to decrypt
+  //     the message.
   // |encryption_type|: The encryption algorithm to use for encrypting the
   //     message. (May be set to none).
   // |signature_type|: The algorithm to use to sign the message.
@@ -72,6 +75,7 @@ class CHROMEOS_EXPORT EasyUnlockClient : public DBusClient {
                                    const std::string& associated_data,
                                    const std::string& public_metadata,
                                    const std::string& verification_key_id,
+                                   const std::string& decryption_key_id,
                                    const std::string& encryption_type,
                                    const std::string& signature_type,
                                    const DataCallback& callback) = 0;

diff --git a/chromeos/dbus/fake_easy_unlock_client.cc b/chromeos/dbus/fake_easy_unlock_client.cc
@@ -99,6 +99,7 @@ void FakeEasyUnlockClient::CreateSecureMessage(
     const std::string& associated_data,
     const std::string& public_metadata,
     const std::string& verification_key_id,
+    const std::string& decryption_key_id,
     const std::string& encryption_type,
     const std::string& signature_type,
     const DataCallback& callback) {
@@ -109,6 +110,7 @@ void FakeEasyUnlockClient::CreateSecureMessage(
           "\"associated_data\": \"%s\","
           "\"public_metadata\": \"%s\","
           "\"verification_key_id\": \"%s\","
+          "\"decryption_key_id\": \"%s\","
           "\"encryption_type\": \"%s\","
           "\"signature_type\": \"%s\""
       "}}",
@@ -117,6 +119,7 @@ void FakeEasyUnlockClient::CreateSecureMessage(
       associated_data.c_str(),
       public_metadata.c_str(),
       verification_key_id.c_str(),
+      decryption_key_id.c_str(),
       encryption_type.c_str(),
       signature_type.c_str()));
 }

diff --git a/chromeos/dbus/fake_easy_unlock_client.h b/chromeos/dbus/fake_easy_unlock_client.h
@@ -33,6 +33,7 @@ class CHROMEOS_EXPORT FakeEasyUnlockClient : public EasyUnlockClient {
                                    const std::string& associated_data,
                                    const std::string& public_metadata,
                                    const std::string& verification_key_id,
+                                   const std::string& decryption_key_id,
                                    const std::string& encryption_type,
                                    const std::string& signature_type,
                                    const DataCallback& callback) OVERRIDE;

diff --git a/chromeos/dbus/fake_easy_unlock_client_unittest.cc b/chromeos/dbus/fake_easy_unlock_client_unittest.cc
@@ -209,6 +209,7 @@ TEST(FakeEasyUnlockClientTest, CreateSecureMessage) {
       "ASSOCIATED_DATA",
       "PUBLIC_METADATA",
       "VERIFICATION_KEY_ID",
+      "DECRYPTION_KEY_ID",
       "ENCRYPTION_TYPE",
       "SIGNATURE_TYPE",
       base::Bind(&RecordData, &message));
@@ -220,6 +221,7 @@ TEST(FakeEasyUnlockClientTest, CreateSecureMessage) {
           "\"associated_data\": \"ASSOCIATED_DATA\","
           "\"public_metadata\": \"PUBLIC_METADATA\","
           "\"verification_key_id\": \"VERIFICATION_KEY_ID\","
+          "\"decryption_key_id\": \"DECRYPTION_KEY_ID\","
           "\"encryption_type\": \"ENCRYPTION_TYPE\","
           "\"signature_type\": \"SIGNATURE_TYPE\"}"
       "}");