Migrate the tests for the EciesAeadHkdfPrivateKeyManager and add some tests for the corresponding public key manager.
PiperOrigin-RevId: 267579948
diff --git a/java/src/test/java/com/google/crypto/tink/hybrid/EciesAeadHkdfPrivateKeyManagerTest.java b/java/src/test/java/com/google/crypto/tink/hybrid/EciesAeadHkdfPrivateKeyManagerTest.java
index f044557..4985fb2 100644
--- a/java/src/test/java/com/google/crypto/tink/hybrid/EciesAeadHkdfPrivateKeyManagerTest.java
+++ b/java/src/test/java/com/google/crypto/tink/hybrid/EciesAeadHkdfPrivateKeyManagerTest.java
@@ -16,31 +16,32 @@
package com.google.crypto.tink.hybrid;
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.fail;
-import com.google.crypto.tink.Config;
import com.google.crypto.tink.HybridDecrypt;
import com.google.crypto.tink.HybridEncrypt;
-import com.google.crypto.tink.KeyManager;
-import com.google.crypto.tink.KeyManagerImpl;
-import com.google.crypto.tink.KeysetHandle;
-import com.google.crypto.tink.PrivateKeyManager;
-import com.google.crypto.tink.PrivateKeyManagerImpl;
import com.google.crypto.tink.TestUtil;
+import com.google.crypto.tink.aead.AeadConfig;
import com.google.crypto.tink.aead.AeadKeyTemplates;
import com.google.crypto.tink.proto.EcPointFormat;
+import com.google.crypto.tink.proto.EciesAeadDemParams;
import com.google.crypto.tink.proto.EciesAeadHkdfKeyFormat;
import com.google.crypto.tink.proto.EciesAeadHkdfParams;
import com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey;
+import com.google.crypto.tink.proto.EciesAeadHkdfPublicKey;
+import com.google.crypto.tink.proto.EciesHkdfKemParams;
import com.google.crypto.tink.proto.EllipticCurveType;
import com.google.crypto.tink.proto.HashType;
-import com.google.crypto.tink.proto.KeyData;
-import com.google.crypto.tink.proto.KeyStatusType;
+import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
import com.google.crypto.tink.proto.KeyTemplate;
-import com.google.crypto.tink.proto.Keyset.Key;
-import com.google.crypto.tink.proto.OutputPrefixType;
+import com.google.crypto.tink.subtle.EciesAeadHkdfDemHelper;
+import com.google.crypto.tink.subtle.EciesAeadHkdfHybridEncrypt;
+import com.google.crypto.tink.subtle.EllipticCurves;
import com.google.crypto.tink.subtle.Random;
+import com.google.protobuf.ByteString;
+import java.security.GeneralSecurityException;
+import java.security.interfaces.ECPublicKey;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -51,86 +52,214 @@
public class EciesAeadHkdfPrivateKeyManagerTest {
@BeforeClass
public static void setUp() throws Exception {
- Config.register(HybridConfig.TINK_1_0_0);
+ AeadConfig.register();
+ }
+
+ private final EciesAeadHkdfPrivateKeyManager manager = new EciesAeadHkdfPrivateKeyManager();
+ private final EciesAeadHkdfPrivateKeyManager.KeyFactory<
+ EciesAeadHkdfKeyFormat, EciesAeadHkdfPrivateKey>
+ factory = manager.keyFactory();
+
+ @Test
+ public void basics() throws Exception {
+ assertThat(manager.getKeyType())
+ .isEqualTo("type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey");
+ assertThat(manager.getVersion()).isEqualTo(0);
+ assertThat(manager.keyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PRIVATE);
}
@Test
- public void testNewKey() throws Exception {
- EllipticCurveType curve = EllipticCurveType.NIST_P384;
- HashType hashType = HashType.SHA256;
- EcPointFormat pointFormat = EcPointFormat.UNCOMPRESSED;
- KeyTemplate demKeyTemplate = AeadKeyTemplates.AES128_CTR_HMAC_SHA256;
+ public void validateKeyFormat_empty() throws Exception {
+ try {
+ factory.validateKeyFormat(EciesAeadHkdfKeyFormat.getDefaultInstance());
+ fail();
+ } catch (GeneralSecurityException e) {
+ // expected
+ }
+ }
- byte[] salt = "some salt".getBytes("UTF-8");
+ private static EciesAeadHkdfKeyFormat createKeyFormat(
+ EllipticCurveType curve,
+ HashType hashType,
+ EcPointFormat ecPointFormat,
+ KeyTemplate demKeyTemplate,
+ byte[] salt) {
+ EciesHkdfKemParams kemParams =
+ EciesHkdfKemParams.newBuilder()
+ .setCurveType(curve)
+ .setHkdfHashType(hashType)
+ .setHkdfSalt(ByteString.copyFrom(salt))
+ .build();
+ EciesAeadDemParams demParams =
+ EciesAeadDemParams.newBuilder().setAeadDem(demKeyTemplate).build();
EciesAeadHkdfParams params =
- HybridKeyTemplates.createEciesAeadHkdfParams(
- curve, hashType, pointFormat, demKeyTemplate, salt);
+ EciesAeadHkdfParams.newBuilder()
+ .setKemParams(kemParams)
+ .setDemParams(demParams)
+ .setEcPointFormat(ecPointFormat)
+ .build();
- PrivateKeyManager<HybridDecrypt> manager =
- new PrivateKeyManagerImpl<>(
- new EciesAeadHkdfPrivateKeyManager(),
- new EciesAeadHkdfPublicKeyManager(),
- HybridDecrypt.class);
- EciesAeadHkdfPrivateKey keyProto =
- (EciesAeadHkdfPrivateKey)
- manager.newKey(EciesAeadHkdfKeyFormat.newBuilder().setParams(params).build());
- assertEquals(params, keyProto.getPublicKey().getParams());
-
- Key primaryPriv =
- TestUtil.createKey(
- TestUtil.createKeyData(
- keyProto,
- new EciesAeadHkdfPrivateKeyManager().getKeyType(),
- KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE),
- 8,
- KeyStatusType.ENABLED,
- OutputPrefixType.RAW);
- Key primaryPub =
- TestUtil.createKey(
- TestUtil.createKeyData(
- keyProto.getPublicKey(),
- new EciesAeadHkdfPublicKeyManager().getKeyType(),
- KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC),
- 42,
- KeyStatusType.ENABLED,
- OutputPrefixType.RAW);
- KeysetHandle keysetHandlePub = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPub));
- KeysetHandle keysetHandlePriv = TestUtil.createKeysetHandle(TestUtil.createKeyset(primaryPriv));
- HybridEncrypt hybridEncrypt = HybridEncryptFactory.getPrimitive(keysetHandlePub);
- HybridDecrypt hybridDecrypt = HybridDecryptFactory.getPrimitive(keysetHandlePriv);
- byte[] plaintext = Random.randBytes(20);
- byte[] contextInfo = Random.randBytes(20);
- byte[] ciphertext = hybridEncrypt.encrypt(plaintext, contextInfo);
- assertArrayEquals(plaintext, hybridDecrypt.decrypt(ciphertext, contextInfo));
+ return EciesAeadHkdfKeyFormat.newBuilder().setParams(params).build();
}
- /** Tests that a public key is extracted properly from a private key. */
@Test
- public void testGetPublicKeyData() throws Exception {
- KeysetHandle privateHandle =
- KeysetHandle.generateNew(
- HybridKeyTemplates.ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256);
- KeyData privateKeyData = TestUtil.getKeyset(privateHandle).getKey(0).getKeyData();
- PrivateKeyManager<HybridDecrypt> privateManager =
- new PrivateKeyManagerImpl<>(
- new EciesAeadHkdfPrivateKeyManager(),
- new EciesAeadHkdfPublicKeyManager(),
- HybridDecrypt.class);
- KeyData publicKeyData = privateManager.getPublicKeyData(privateKeyData.getValue());
- assertEquals(new EciesAeadHkdfPublicKeyManager().getKeyType(), publicKeyData.getTypeUrl());
- assertEquals(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, publicKeyData.getKeyMaterialType());
- EciesAeadHkdfPrivateKey privateKey =
- EciesAeadHkdfPrivateKey.parseFrom(privateKeyData.getValue());
- assertArrayEquals(
- privateKey.getPublicKey().toByteArray(), publicKeyData.getValue().toByteArray());
+ public void validateKeyFormat_valid() throws Exception {
+ EciesAeadHkdfKeyFormat format =
+ createKeyFormat(
+ EllipticCurveType.NIST_P256,
+ HashType.SHA256,
+ EcPointFormat.UNCOMPRESSED,
+ AeadKeyTemplates.AES128_CTR_HMAC_SHA256,
+ TestUtil.hexDecode("aabbccddeeff"));
+ factory.validateKeyFormat(format);
+ }
- KeyManager<HybridEncrypt> publicManager =
- new KeyManagerImpl<>(new EciesAeadHkdfPublicKeyManager(), HybridEncrypt.class);
- HybridEncrypt hybridEncrypt = publicManager.getPrimitive(publicKeyData.getValue());
- HybridDecrypt hybridDecrypt = privateManager.getPrimitive(privateKeyData.getValue());
+ @Test
+ public void validateKeyFormat_noPointFormat_throws() throws Exception {
+ EciesAeadHkdfKeyFormat format =
+ createKeyFormat(
+ EllipticCurveType.NIST_P256,
+ HashType.SHA256,
+ EcPointFormat.UNKNOWN_FORMAT,
+ AeadKeyTemplates.AES128_CTR_HMAC_SHA256,
+ TestUtil.hexDecode("aabbccddeeff"));
+ try {
+ factory.validateKeyFormat(format);
+ fail();
+ } catch (GeneralSecurityException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void validateKeyFormat_noDem_throws() throws Exception {
+ EciesAeadHkdfKeyFormat format =
+ createKeyFormat(
+ EllipticCurveType.NIST_P256,
+ HashType.SHA256,
+ EcPointFormat.UNCOMPRESSED,
+ KeyTemplate.getDefaultInstance(),
+ TestUtil.hexDecode("aabbccddeeff"));
+ try {
+ factory.validateKeyFormat(format);
+ fail();
+ } catch (GeneralSecurityException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void validateKeyFormat_noKemCurve_throws() throws Exception {
+ EciesAeadHkdfKeyFormat format =
+ createKeyFormat(
+ EllipticCurveType.UNKNOWN_CURVE,
+ HashType.SHA256,
+ EcPointFormat.UNCOMPRESSED,
+ AeadKeyTemplates.AES128_CTR_HMAC_SHA256,
+ TestUtil.hexDecode("aabbccddeeff"));
+ try {
+ factory.validateKeyFormat(format);
+ fail();
+ } catch (GeneralSecurityException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void validateKeyFormat_noKemHash_throws() throws Exception {
+ EciesAeadHkdfKeyFormat format =
+ createKeyFormat(
+ EllipticCurveType.NIST_P256,
+ HashType.UNKNOWN_HASH,
+ EcPointFormat.UNCOMPRESSED,
+ AeadKeyTemplates.AES128_CTR_HMAC_SHA256,
+ TestUtil.hexDecode("aabbccddeeff"));
+ try {
+ factory.validateKeyFormat(format);
+ fail();
+ } catch (GeneralSecurityException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void createKey_checkValues() throws Exception {
+ EciesAeadHkdfKeyFormat format =
+ createKeyFormat(
+ EllipticCurveType.NIST_P256,
+ HashType.SHA256,
+ EcPointFormat.UNCOMPRESSED,
+ AeadKeyTemplates.AES128_CTR_HMAC_SHA256,
+ TestUtil.hexDecode("aabbccddeeff"));
+ EciesAeadHkdfPrivateKey key = factory.createKey(format);
+ assertThat(key.getPublicKey().getParams()).isEqualTo(format.getParams());
+ assertThat(key.getPublicKey().getX()).isNotEmpty();
+ assertThat(key.getPublicKey().getY()).isNotEmpty();
+ assertThat(key.getKeyValue()).isNotEmpty();
+ }
+
+ private EciesAeadHkdfPrivateKey createValidKey() throws Exception {
+ EciesAeadHkdfKeyFormat format =
+ createKeyFormat(
+ EllipticCurveType.NIST_P256,
+ HashType.SHA256,
+ EcPointFormat.UNCOMPRESSED,
+ AeadKeyTemplates.AES128_CTR_HMAC_SHA256,
+ TestUtil.hexDecode("aabbccddeeff"));
+ return factory.createKey(format);
+ }
+
+ @Test
+ public void validateKey_valid() throws Exception {
+ manager.validateKey(createValidKey());
+ }
+
+ @Test
+ public void validateKey_invalidVersion_throws() throws Exception {
+ EciesAeadHkdfPrivateKey key =
+ EciesAeadHkdfPrivateKey.newBuilder(createValidKey()).setVersion(1).build();
+ try {
+ manager.validateKey(key);
+ fail();
+ } catch (GeneralSecurityException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void getPublicKey_values() throws Exception {
+ EciesAeadHkdfPrivateKey key = createValidKey();
+ EciesAeadHkdfPublicKey publicKey = manager.getPublicKey(key);
+
+ assertThat(publicKey).isEqualTo(key.getPublicKey());
+ }
+
+ @Test
+ public void createPrimitive() throws Exception {
+ EciesAeadHkdfPrivateKey key = createValidKey();
+ HybridDecrypt hybridDecrypt = manager.getPrimitive(key, HybridDecrypt.class);
+
+ EciesAeadHkdfParams eciesParams = key.getPublicKey().getParams();
+ EciesHkdfKemParams kemParams = eciesParams.getKemParams();
+ ECPublicKey recipientPublicKey =
+ EllipticCurves.getEcPublicKey(
+ HybridUtil.toCurveType(kemParams.getCurveType()),
+ key.getPublicKey().getX().toByteArray(),
+ key.getPublicKey().getY().toByteArray());
+ EciesAeadHkdfDemHelper demHelper =
+ new RegistryEciesAeadHkdfDemHelper(eciesParams.getDemParams().getAeadDem());
+ HybridEncrypt hybridEncrypt = new EciesAeadHkdfHybridEncrypt(
+ recipientPublicKey,
+ kemParams.getHkdfSalt().toByteArray(),
+ HybridUtil.toHmacAlgo(kemParams.getHkdfHashType()),
+ HybridUtil.toPointFormatType(eciesParams.getEcPointFormat()),
+ demHelper);
+
byte[] message = Random.randBytes(20);
byte[] contextInfo = Random.randBytes(20);
- assertArrayEquals(
- message, hybridDecrypt.decrypt(hybridEncrypt.encrypt(message, contextInfo), contextInfo));
+ assertThat(hybridDecrypt.decrypt(hybridEncrypt.encrypt(message, contextInfo), contextInfo))
+ .isEqualTo(message);
}
+
+
}
diff --git a/java/src/test/java/com/google/crypto/tink/hybrid/EciesAeadHkdfPublicKeyManagerTest.java b/java/src/test/java/com/google/crypto/tink/hybrid/EciesAeadHkdfPublicKeyManagerTest.java
new file mode 100644
index 0000000..2c56ac0
--- /dev/null
+++ b/java/src/test/java/com/google/crypto/tink/hybrid/EciesAeadHkdfPublicKeyManagerTest.java
@@ -0,0 +1,165 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+package com.google.crypto.tink.hybrid;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.fail;
+
+import com.google.crypto.tink.HybridDecrypt;
+import com.google.crypto.tink.HybridEncrypt;
+import com.google.crypto.tink.aead.AeadConfig;
+import com.google.crypto.tink.aead.AeadKeyTemplates;
+import com.google.crypto.tink.proto.EcPointFormat;
+import com.google.crypto.tink.proto.EciesAeadDemParams;
+import com.google.crypto.tink.proto.EciesAeadHkdfKeyFormat;
+import com.google.crypto.tink.proto.EciesAeadHkdfParams;
+import com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey;
+import com.google.crypto.tink.proto.EciesAeadHkdfPublicKey;
+import com.google.crypto.tink.proto.EciesHkdfKemParams;
+import com.google.crypto.tink.proto.EllipticCurveType;
+import com.google.crypto.tink.proto.HashType;
+import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
+import com.google.crypto.tink.proto.KeyTemplate;
+import com.google.crypto.tink.subtle.Random;
+import com.google.protobuf.ByteString;
+import java.security.GeneralSecurityException;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/** Unit tests for RsaSsaPssVerifyKeyManager. */
+@RunWith(JUnit4.class)
+public final class EciesAeadHkdfPublicKeyManagerTest {
+ private final EciesAeadHkdfPrivateKeyManager privateManager =
+ new EciesAeadHkdfPrivateKeyManager();
+ private final EciesAeadHkdfPrivateKeyManager.KeyFactory<
+ EciesAeadHkdfKeyFormat, EciesAeadHkdfPrivateKey>
+ factory = privateManager.keyFactory();
+ private final EciesAeadHkdfPublicKeyManager publicManager = new EciesAeadHkdfPublicKeyManager();
+
+ @BeforeClass
+ public static void setUp() throws Exception {
+ AeadConfig.register();
+ }
+
+ @Test
+ public void basics() throws Exception {
+ assertThat(publicManager.getKeyType())
+ .isEqualTo("type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey");
+ assertThat(publicManager.getVersion()).isEqualTo(0);
+ assertThat(publicManager.keyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
+ }
+
+ @Test
+ public void validateKey_empty_throws() throws Exception {
+ try {
+ publicManager.validateKey(EciesAeadHkdfPublicKey.getDefaultInstance());
+ fail();
+ } catch (GeneralSecurityException e) {
+ // expected
+ }
+ }
+
+ private EciesAeadHkdfKeyFormat createKeyFormat(
+ EllipticCurveType curve,
+ HashType hashType,
+ EcPointFormat ecPointFormat,
+ KeyTemplate demKeyTemplate,
+ byte[] salt) {
+ EciesHkdfKemParams kemParams =
+ EciesHkdfKemParams.newBuilder()
+ .setCurveType(curve)
+ .setHkdfHashType(hashType)
+ .setHkdfSalt(ByteString.copyFrom(salt))
+ .build();
+ EciesAeadDemParams demParams =
+ EciesAeadDemParams.newBuilder().setAeadDem(demKeyTemplate).build();
+ EciesAeadHkdfParams params =
+ EciesAeadHkdfParams.newBuilder()
+ .setKemParams(kemParams)
+ .setDemParams(demParams)
+ .setEcPointFormat(ecPointFormat)
+ .build();
+
+ return EciesAeadHkdfKeyFormat.newBuilder().setParams(params).build();
+ }
+
+ private EciesAeadHkdfPrivateKey createValidPrivateKey() throws Exception {
+ EciesAeadHkdfKeyFormat format =
+ createKeyFormat(
+ EllipticCurveType.NIST_P256,
+ HashType.SHA256,
+ EcPointFormat.UNCOMPRESSED,
+ AeadKeyTemplates.AES128_CTR_HMAC_SHA256,
+ "some salt".getBytes("UTF-8"));
+ return factory.createKey(format);
+ }
+
+ @Test
+ public void validateKey_valid() throws Exception {
+ EciesAeadHkdfPrivateKey privateKey = createValidPrivateKey();
+ publicManager.validateKey(privateManager.getPublicKey(privateKey));
+ }
+
+ @Test
+ public void validateKey_invalidWrongVersion_throws() throws Exception {
+ EciesAeadHkdfPrivateKey privateKey = createValidPrivateKey();
+ EciesAeadHkdfPublicKey publicKey = privateManager.getPublicKey(privateKey);
+ EciesAeadHkdfPublicKey invalidKey = EciesAeadHkdfPublicKey.newBuilder().setVersion(1).build();
+ try {
+ publicManager.validateKey(invalidKey);
+ fail();
+ } catch (GeneralSecurityException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void validateKey_invalidPointFormat_throws() throws Exception {
+ EciesAeadHkdfPrivateKey privateKey = createValidPrivateKey();
+ EciesAeadHkdfPublicKey publicKey = privateManager.getPublicKey(privateKey);
+ EciesAeadHkdfPublicKey invalidKey =
+ EciesAeadHkdfPublicKey.newBuilder()
+ .setParams(
+ createKeyFormat(
+ EllipticCurveType.NIST_P256,
+ HashType.SHA256,
+ EcPointFormat.UNKNOWN_FORMAT,
+ AeadKeyTemplates.AES128_CTR_HMAC_SHA256,
+ "some salt".getBytes("UTF-8"))
+ .getParams()).build();
+ try {
+ publicManager.validateKey(invalidKey);
+ fail();
+ } catch (GeneralSecurityException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void createPrimitive() throws Exception {
+ EciesAeadHkdfPrivateKey privateKey = createValidPrivateKey();
+ HybridDecrypt hybridDecrypt = privateManager.getPrimitive(privateKey, HybridDecrypt.class);
+
+ EciesAeadHkdfPublicKey publicKey = privateManager.getPublicKey(privateKey);
+ HybridEncrypt hybridEncrypt = publicManager.getPrimitive(publicKey, HybridEncrypt.class);
+
+ byte[] message = Random.randBytes(20);
+ byte[] contextInfo = Random.randBytes(20);
+ assertThat(hybridDecrypt.decrypt(hybridEncrypt.encrypt(message, contextInfo), contextInfo))
+ .isEqualTo(message);
+ }
+
+}