From bc3ba3fab0c198927656eee0651e57eb43866ebc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damir=20Jeli=C4=87?= Date: Wed, 27 Jan 2021 15:19:32 +0100 Subject: [PATCH] crypto: Add tests for the sled cryptostore --- .../src/store/sled_store/store_key.rs | 2 - matrix_sdk_crypto/src/store/mod.rs | 2 +- matrix_sdk_crypto/src/store/sled.rs | 567 +++++++++++++++++- 3 files changed, 567 insertions(+), 4 deletions(-) diff --git a/matrix_sdk_base/src/store/sled_store/store_key.rs b/matrix_sdk_base/src/store/sled_store/store_key.rs index 801a3399..ffb2ec55 100644 --- a/matrix_sdk_base/src/store/sled_store/store_key.rs +++ b/matrix_sdk_base/src/store/sled_store/store_key.rs @@ -12,8 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -#![allow(dead_code)] - use std::convert::TryFrom; use chacha20poly1305::{ diff --git a/matrix_sdk_crypto/src/store/mod.rs b/matrix_sdk_crypto/src/store/mod.rs index 20232ff8..06dd52dd 100644 --- a/matrix_sdk_crypto/src/store/mod.rs +++ b/matrix_sdk_crypto/src/store/mod.rs @@ -109,7 +109,7 @@ pub(crate) struct Store { verification_machine: VerificationMachine, } -#[derive(Debug, Default)] +#[derive(Clone, Debug, Default)] #[allow(missing_docs)] pub struct Changes { pub account: Option, diff --git a/matrix_sdk_crypto/src/store/sled.rs b/matrix_sdk_crypto/src/store/sled.rs index fbf0e3a3..6ad3b920 100644 --- a/matrix_sdk_crypto/src/store/sled.rs +++ b/matrix_sdk_crypto/src/store/sled.rs @@ -612,4 +612,569 @@ impl CryptoStore for SledStore { } #[cfg(test)] -mod test {} +mod test { + use crate::{ + identities::{ + device::test::get_device, + user::test::{get_other_identity, get_own_identity}, + }, + olm::{ + GroupSessionKey, InboundGroupSession, OlmMessageHash, PrivateCrossSigningIdentity, + ReadOnlyAccount, Session, + }, + store::{Changes, DeviceChanges, IdentityChanges}, + }; + use matrix_sdk_common::{ + api::r0::keys::SignedKey, + identifiers::{room_id, user_id, DeviceId, UserId}, + }; + use matrix_sdk_test::async_test; + use olm_rs::outbound_group_session::OlmOutboundGroupSession; + use std::collections::BTreeMap; + use tempfile::tempdir; + + use super::{CryptoStore, SledStore}; + + fn alice_id() -> UserId { + user_id!("@alice:example.org") + } + + fn alice_device_id() -> Box { + "ALICEDEVICE".into() + } + + fn bob_id() -> UserId { + user_id!("@bob:example.org") + } + + fn bob_device_id() -> Box { + "BOBDEVICE".into() + } + + async fn get_store(passphrase: Option<&str>) -> (SledStore, tempfile::TempDir) { + let tmpdir = tempdir().unwrap(); + let tmpdir_path = tmpdir.path().to_str().unwrap(); + + let store = SledStore::open_with_passphrase(tmpdir_path, passphrase) + .expect("Can't create a passphrase protected store"); + + (store, tmpdir) + } + + async fn get_loaded_store() -> (ReadOnlyAccount, SledStore, tempfile::TempDir) { + let (store, dir) = get_store(None).await; + let account = get_account(); + store + .save_account(account.clone()) + .await + .expect("Can't save account"); + + (account, store, dir) + } + + fn get_account() -> ReadOnlyAccount { + ReadOnlyAccount::new(&alice_id(), &alice_device_id()) + } + + async fn get_account_and_session() -> (ReadOnlyAccount, Session) { + let alice = ReadOnlyAccount::new(&alice_id(), &alice_device_id()); + let bob = ReadOnlyAccount::new(&bob_id(), &bob_device_id()); + + bob.generate_one_time_keys_helper(1).await; + let one_time_key = bob + .one_time_keys() + .await + .curve25519() + .iter() + .next() + .unwrap() + .1 + .to_owned(); + let one_time_key = SignedKey { + key: one_time_key, + signatures: BTreeMap::new(), + }; + let sender_key = bob.identity_keys().curve25519().to_owned(); + let session = alice + .create_outbound_session_helper(&sender_key, &one_time_key) + .await + .unwrap(); + + (alice, session) + } + + #[async_test] + async fn create_store() { + let tmpdir = tempdir().unwrap(); + let tmpdir_path = tmpdir.path().to_str().unwrap(); + let _ = SledStore::open_with_passphrase(tmpdir_path, None).expect("Can't create store"); + } + + #[async_test] + async fn save_account() { + let (store, _dir) = get_store(None).await; + assert!(store.load_account().await.unwrap().is_none()); + let account = get_account(); + + store + .save_account(account) + .await + .expect("Can't save account"); + } + + #[async_test] + async fn load_account() { + let (store, _dir) = get_store(None).await; + let account = get_account(); + + store + .save_account(account.clone()) + .await + .expect("Can't save account"); + + let loaded_account = store.load_account().await.expect("Can't load account"); + let loaded_account = loaded_account.unwrap(); + + assert_eq!(account, loaded_account); + } + + #[async_test] + async fn load_account_with_passphrase() { + let (store, _dir) = get_store(Some("secret_passphrase")).await; + let account = get_account(); + + store + .save_account(account.clone()) + .await + .expect("Can't save account"); + + let loaded_account = store.load_account().await.expect("Can't load account"); + let loaded_account = loaded_account.unwrap(); + + assert_eq!(account, loaded_account); + } + + #[async_test] + async fn save_and_share_account() { + let (store, _dir) = get_store(None).await; + let account = get_account(); + + store + .save_account(account.clone()) + .await + .expect("Can't save account"); + + account.mark_as_shared(); + account.update_uploaded_key_count(50); + + store + .save_account(account.clone()) + .await + .expect("Can't save account"); + + let loaded_account = store.load_account().await.expect("Can't load account"); + let loaded_account = loaded_account.unwrap(); + + assert_eq!(account, loaded_account); + assert_eq!( + account.uploaded_key_count(), + loaded_account.uploaded_key_count() + ); + } + + #[async_test] + async fn load_sessions() { + let (store, _dir) = get_store(None).await; + let (account, session) = get_account_and_session().await; + store + .save_account(account.clone()) + .await + .expect("Can't save account"); + + let changes = Changes { + sessions: vec![session.clone()], + ..Default::default() + }; + + store.save_changes(changes).await.unwrap(); + + let sessions = store + .get_sessions(&session.sender_key) + .await + .expect("Can't load sessions") + .unwrap(); + let loaded_session = sessions.lock().await.get(0).cloned().unwrap(); + + assert_eq!(&session, &loaded_session); + } + + #[async_test] + async fn add_and_save_session() { + let (store, dir) = get_store(None).await; + let (account, session) = get_account_and_session().await; + let sender_key = session.sender_key.to_owned(); + let session_id = session.session_id().to_owned(); + + store + .save_account(account.clone()) + .await + .expect("Can't save account"); + + let changes = Changes { + sessions: vec![session.clone()], + ..Default::default() + }; + store.save_changes(changes).await.unwrap(); + + let sessions = store.get_sessions(&sender_key).await.unwrap().unwrap(); + let sessions_lock = sessions.lock().await; + let session = &sessions_lock[0]; + + assert_eq!(session_id, session.session_id()); + + drop(store); + + let store = SledStore::open_with_passphrase(dir.path(), None).expect("Can't create store"); + + let loaded_account = store.load_account().await.unwrap().unwrap(); + assert_eq!(account, loaded_account); + + let sessions = store.get_sessions(&sender_key).await.unwrap().unwrap(); + let sessions_lock = sessions.lock().await; + let session = &sessions_lock[0]; + + assert_eq!(session_id, session.session_id()); + } + + #[async_test] + async fn save_inbound_group_session() { + let (account, store, _dir) = get_loaded_store().await; + + let identity_keys = account.identity_keys(); + let outbound_session = OlmOutboundGroupSession::new(); + let session = InboundGroupSession::new( + identity_keys.curve25519(), + identity_keys.ed25519(), + &room_id!("!test:localhost"), + GroupSessionKey(outbound_session.session_key()), + ) + .expect("Can't create session"); + + let changes = Changes { + inbound_group_sessions: vec![session], + ..Default::default() + }; + + store + .save_changes(changes) + .await + .expect("Can't save group session"); + } + + #[async_test] + async fn load_inbound_group_session() { + let (account, store, dir) = get_loaded_store().await; + + let identity_keys = account.identity_keys(); + let outbound_session = OlmOutboundGroupSession::new(); + let session = InboundGroupSession::new( + identity_keys.curve25519(), + identity_keys.ed25519(), + &room_id!("!test:localhost"), + GroupSessionKey(outbound_session.session_key()), + ) + .expect("Can't create session"); + + let mut export = session.export().await; + + export.forwarding_curve25519_key_chain = vec!["some_chain".to_owned()]; + + let session = InboundGroupSession::from_export(export).unwrap(); + + let changes = Changes { + inbound_group_sessions: vec![session.clone()], + ..Default::default() + }; + + store + .save_changes(changes) + .await + .expect("Can't save group session"); + + drop(store); + + let store = SledStore::open_with_passphrase(dir.path(), None).expect("Can't create store"); + + store.load_account().await.unwrap(); + + let loaded_session = store + .get_inbound_group_session(&session.room_id, &session.sender_key, session.session_id()) + .await + .unwrap() + .unwrap(); + assert_eq!(session, loaded_session); + let export = loaded_session.export().await; + assert!(!export.forwarding_curve25519_key_chain.is_empty()) + } + + #[async_test] + async fn test_tracked_users() { + let (_account, store, dir) = get_loaded_store().await; + let device = get_device(); + + assert!(store + .update_tracked_user(device.user_id(), false) + .await + .unwrap()); + assert!(!store + .update_tracked_user(device.user_id(), false) + .await + .unwrap()); + + assert!(store.is_user_tracked(device.user_id())); + assert!(!store.users_for_key_query().contains(device.user_id())); + assert!(!store + .update_tracked_user(device.user_id(), true) + .await + .unwrap()); + assert!(store.users_for_key_query().contains(device.user_id())); + drop(store); + + let store = SledStore::open_with_passphrase(dir.path(), None).expect("Can't create store"); + + store.load_account().await.unwrap(); + + assert!(store.is_user_tracked(device.user_id())); + assert!(store.users_for_key_query().contains(device.user_id())); + + store + .update_tracked_user(device.user_id(), false) + .await + .unwrap(); + assert!(!store.users_for_key_query().contains(device.user_id())); + drop(store); + + let store = SledStore::open_with_passphrase(dir.path(), None).expect("Can't create store"); + + store.load_account().await.unwrap(); + + assert!(!store.users_for_key_query().contains(device.user_id())); + } + + #[async_test] + async fn device_saving() { + let (_account, store, dir) = get_loaded_store().await; + let device = get_device(); + + let changes = Changes { + devices: DeviceChanges { + changed: vec![device.clone()], + ..Default::default() + }, + ..Default::default() + }; + + store.save_changes(changes).await.unwrap(); + + drop(store); + + let store = SledStore::open_with_passphrase(dir.path(), None).expect("Can't create store"); + + store.load_account().await.unwrap(); + + let loaded_device = store + .get_device(device.user_id(), device.device_id()) + .await + .unwrap() + .unwrap(); + + assert_eq!(device, loaded_device); + + for algorithm in loaded_device.algorithms() { + assert!(device.algorithms().contains(algorithm)); + } + assert_eq!(device.algorithms().len(), loaded_device.algorithms().len()); + assert_eq!(device.keys(), loaded_device.keys()); + + let user_devices = store.get_user_devices(device.user_id()).await.unwrap(); + assert_eq!(&**user_devices.keys().next().unwrap(), device.device_id()); + assert_eq!(user_devices.values().next().unwrap(), &device); + } + + #[async_test] + async fn device_deleting() { + let (_account, store, dir) = get_loaded_store().await; + let device = get_device(); + + let changes = Changes { + devices: DeviceChanges { + changed: vec![device.clone()], + ..Default::default() + }, + ..Default::default() + }; + + store.save_changes(changes).await.unwrap(); + + let changes = Changes { + devices: DeviceChanges { + deleted: vec![device.clone()], + ..Default::default() + }, + ..Default::default() + }; + + store.save_changes(changes).await.unwrap(); + drop(store); + + let store = SledStore::open_with_passphrase(dir.path(), None).expect("Can't create store"); + + store.load_account().await.unwrap(); + + let loaded_device = store + .get_device(device.user_id(), device.device_id()) + .await + .unwrap(); + + assert!(loaded_device.is_none()); + } + + #[async_test] + async fn user_saving() { + let dir = tempdir().unwrap(); + let tmpdir_path = dir.path().to_str().unwrap(); + + let user_id = user_id!("@example:localhost"); + let device_id: &DeviceId = "WSKKLTJZCL".into(); + + let store = SledStore::open_with_passphrase(tmpdir_path, None).expect("Can't create store"); + + let account = ReadOnlyAccount::new(&user_id, &device_id); + + store + .save_account(account.clone()) + .await + .expect("Can't save account"); + + let own_identity = get_own_identity(); + + let changes = Changes { + identities: IdentityChanges { + changed: vec![own_identity.clone().into()], + ..Default::default() + }, + ..Default::default() + }; + + store + .save_changes(changes) + .await + .expect("Can't save identity"); + + drop(store); + + let store = SledStore::open_with_passphrase(dir.path(), None).expect("Can't create store"); + + store.load_account().await.unwrap(); + + let loaded_user = store + .get_user_identity(own_identity.user_id()) + .await + .unwrap() + .unwrap(); + + assert_eq!(loaded_user.master_key(), own_identity.master_key()); + assert_eq!( + loaded_user.self_signing_key(), + own_identity.self_signing_key() + ); + assert_eq!(loaded_user, own_identity.clone().into()); + + let other_identity = get_other_identity(); + + let changes = Changes { + identities: IdentityChanges { + changed: vec![other_identity.clone().into()], + ..Default::default() + }, + ..Default::default() + }; + + store.save_changes(changes).await.unwrap(); + + let loaded_user = store + .get_user_identity(other_identity.user_id()) + .await + .unwrap() + .unwrap(); + + assert_eq!(loaded_user.master_key(), other_identity.master_key()); + assert_eq!( + loaded_user.self_signing_key(), + other_identity.self_signing_key() + ); + assert_eq!(loaded_user, other_identity.into()); + + own_identity.mark_as_verified(); + + let changes = Changes { + identities: IdentityChanges { + changed: vec![own_identity.into()], + ..Default::default() + }, + ..Default::default() + }; + + store.save_changes(changes).await.unwrap(); + let loaded_user = store.get_user_identity(&user_id).await.unwrap().unwrap(); + assert!(loaded_user.own().unwrap().is_verified()) + } + + #[async_test] + async fn private_identity_saving() { + let (_, store, _dir) = get_loaded_store().await; + assert!(store.load_identity().await.unwrap().is_none()); + let identity = PrivateCrossSigningIdentity::new(alice_id()).await; + + let changes = Changes { + private_identity: Some(identity.clone()), + ..Default::default() + }; + + store.save_changes(changes).await.unwrap(); + let loaded_identity = store.load_identity().await.unwrap().unwrap(); + assert_eq!(identity.user_id(), loaded_identity.user_id()); + } + + #[async_test] + async fn key_value_saving() { + let (_, store, _dir) = get_loaded_store().await; + let key = "test_key".to_string(); + let value = "secret value".to_string(); + + store.save_value(key.clone(), value.clone()).await.unwrap(); + let stored_value = store.get_value(&key).await.unwrap().unwrap(); + + assert_eq!(value, stored_value); + + store.remove_value(&key).await.unwrap(); + assert!(store.get_value(&key).await.unwrap().is_none()); + } + + #[async_test] + async fn olm_hash_saving() { + let (_, store, _dir) = get_loaded_store().await; + + let hash = OlmMessageHash { + sender_key: "test_sender".to_owned(), + hash: "test_hash".to_owned(), + }; + + let mut changes = Changes::default(); + changes.message_hashes.push(hash.clone()); + + assert!(!store.is_message_known(&hash).await.unwrap()); + store.save_changes(changes).await.unwrap(); + assert!(store.is_message_known(&hash).await.unwrap()); + } +}