| // Copyright 2022 Google LLC |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| //////////////////////////////////////////////////////////////////////////////// |
| |
| package hpke |
| |
| import ( |
| "testing" |
| |
| pb "github.com/google/tink/go/proto/hpke_go_proto" |
| ) |
| |
| func TestNewKEM(t *testing.T) { |
| kemID, err := kemIDFromProto(pb.HpkeKem_DHKEM_X25519_HKDF_SHA256) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if kemID != x25519HKDFSHA256 { |
| t.Errorf("kemID: got %d, want %d", kemID, x25519HKDFSHA256) |
| } |
| |
| kem, err := newKEM(kemID) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if kem.id() != x25519HKDFSHA256 { |
| t.Errorf("id: got %d, want %d", kem.id(), x25519HKDFSHA256) |
| } |
| } |
| |
| func TestNewKEMUnsupportedID(t *testing.T) { |
| if _, err := newKEM(0x0010 /*= DHKEM(P-256, HKDF-SHA256)*/); err == nil { |
| t.Fatal("newKEM(unsupported ID): got success, want err") |
| } |
| } |
| |
| func TestKEMIDFromProtoUnsupportedID(t *testing.T) { |
| if _, err := kemIDFromProto(pb.HpkeKem_KEM_UNKNOWN); err == nil { |
| t.Fatal("kemIDFromProto(unsupported ID): got success, want err") |
| } |
| } |
| |
| func TestNewKDF(t *testing.T) { |
| kdfID, err := kdfIDFromProto(pb.HpkeKdf_HKDF_SHA256) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if kdfID != hkdfSHA256 { |
| t.Errorf("kdfID: got %d, want %d", kdfID, hkdfSHA256) |
| } |
| |
| kdf, err := newKDF(kdfID) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if kdf.id() != hkdfSHA256 { |
| t.Errorf("id: got %d, want %d", kdf.id(), hkdfSHA256) |
| } |
| } |
| |
| func TestNewKDFUnsupportedID(t *testing.T) { |
| if _, err := newKDF(0x0002 /*= HKDF-SHA384*/); err == nil { |
| t.Fatal("newKDF(unsupported ID): got success, want err") |
| } |
| } |
| |
| func TestKDFIDFromProtoUnsupportedID(t *testing.T) { |
| if _, err := kdfIDFromProto(pb.HpkeKdf_KDF_UNKNOWN); err == nil { |
| t.Fatal("kdfIDFromProto(unsupported ID): got success, want err") |
| } |
| } |
| |
| var aeads = []struct { |
| name string |
| proto pb.HpkeAead |
| id uint16 |
| }{ |
| {"AES-128-GCM", pb.HpkeAead_AES_128_GCM, aes128GCM}, |
| {"AES-256-GCM", pb.HpkeAead_AES_256_GCM, aes256GCM}, |
| {"ChaCha20Poly1305", pb.HpkeAead_CHACHA20_POLY1305, chaCha20Poly1305}, |
| } |
| |
| func TestNewAEAD(t *testing.T) { |
| for _, a := range aeads { |
| t.Run(a.name, func(t *testing.T) { |
| aeadID, err := aeadIDFromProto(a.proto) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if aeadID != a.id { |
| t.Errorf("aeadID: got %d, want %d", aeadID, a.id) |
| } |
| |
| aead, err := newAEAD(aeadID) |
| if err != nil { |
| t.Fatal(err) |
| } |
| if aead.id() != a.id { |
| t.Errorf("id: got %d, want %d", aead.id(), a.id) |
| } |
| }) |
| } |
| } |
| |
| func TestNewAEADUnsupportedID(t *testing.T) { |
| if _, err := newAEAD(0xFFFF /*= Export-only*/); err == nil { |
| t.Fatal("newAEAD(unsupported ID): got success, want err") |
| } |
| } |
| |
| func TestAEADIDFromProtoUnsupportedID(t *testing.T) { |
| if _, err := aeadIDFromProto(pb.HpkeAead_AEAD_UNKNOWN); err == nil { |
| t.Fatal("aeadIDFromProto(unsupported ID): got success, want err") |
| } |
| } |
| |
| func TestNewPrimitivesFromProto(t *testing.T) { |
| for _, a := range aeads { |
| t.Run("", func(t *testing.T) { |
| params := &pb.HpkeParams{ |
| Kem: pb.HpkeKem_DHKEM_X25519_HKDF_SHA256, |
| Kdf: pb.HpkeKdf_HKDF_SHA256, |
| Aead: a.proto, |
| } |
| kem, kdf, aead, err := newPrimitivesFromProto(params) |
| if err != nil { |
| t.Fatalf("newPrimitivesFromProto: %v", err) |
| } |
| |
| if kem.id() != x25519HKDFSHA256 { |
| t.Errorf("kem.id: got %d, want %d", kem.id(), x25519HKDFSHA256) |
| } |
| if kdf.id() != hkdfSHA256 { |
| t.Errorf("kdf.id: got %d, want %d", kdf.id(), hkdfSHA256) |
| } |
| if aead.id() != a.id { |
| t.Errorf("aead.id: got %d, want %d", aead.id(), a.id) |
| } |
| }) |
| } |
| } |
| |
| func TestNewPrimitivesFromProtoUnsupportedID(t *testing.T) { |
| tests := []struct { |
| name string |
| params *pb.HpkeParams |
| }{ |
| { |
| "KEM", |
| &pb.HpkeParams{ |
| Kem: pb.HpkeKem_KEM_UNKNOWN, |
| Kdf: pb.HpkeKdf_HKDF_SHA256, |
| Aead: pb.HpkeAead_AES_256_GCM, |
| }, |
| }, |
| {"KDF", |
| &pb.HpkeParams{ |
| Kem: pb.HpkeKem_DHKEM_X25519_HKDF_SHA256, |
| Kdf: pb.HpkeKdf_KDF_UNKNOWN, |
| Aead: pb.HpkeAead_AES_256_GCM, |
| }, |
| }, |
| {"AEAD", |
| &pb.HpkeParams{ |
| Kem: pb.HpkeKem_DHKEM_X25519_HKDF_SHA256, |
| Kdf: pb.HpkeKdf_HKDF_SHA256, |
| Aead: pb.HpkeAead_AEAD_UNKNOWN, |
| }, |
| }, |
| } |
| |
| for _, test := range tests { |
| t.Run(test.name, func(t *testing.T) { |
| if _, _, _, err := newPrimitivesFromProto(test.params); err == nil { |
| t.Error("newPrimitivesFromProto: got success, want err") |
| } |
| }) |
| } |
| } |