Google Git
Sign in
fuchsia / third_party / tink / 7a59397ba3c086dc03649b95176fbca1dde61934 / . / cc / daead / aes_siv_key_manager_test.cc
blob: 6cb3649c1c26120ad69cb4d8df1bdcca68bb164d [file] [log] [blame]
// Copyright 2018 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
#include "tink/daead/aes_siv_key_manager.h"
#include "tink/deterministic_aead.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
#include "gtest/gtest.h"
#include "proto/aes_eax.pb.h"
#include "proto/aes_siv.pb.h"
#include "proto/common.pb.h"
#include "proto/tink.pb.h"
namespace crypto {
namespace tink {
using google::crypto::tink::AesEaxKey;
using google::crypto::tink::AesEaxKeyFormat;
using google::crypto::tink::AesSivKey;
using google::crypto::tink::AesSivKeyFormat;
using google::crypto::tink::KeyData;
using google::crypto::tink::KeyTemplate;
namespace {
class AesSivKeyManagerTest : public ::testing::Test {
protected:
std::string key_type_prefix_ = "type.googleapis.com/";
std::string aes_siv_key_type_ =
"type.googleapis.com/google.crypto.tink.AesSivKey";
};
TEST_F(AesSivKeyManagerTest, testBasic) {
AesSivKeyManager key_manager;
EXPECT_EQ(0, key_manager.get_version());
EXPECT_EQ("type.googleapis.com/google.crypto.tink.AesSivKey",
key_manager.get_key_type());
EXPECT_TRUE(key_manager.DoesSupport(key_manager.get_key_type()));
}
TEST_F(AesSivKeyManagerTest, testKeyDataErrors) {
AesSivKeyManager key_manager;
{ // Bad key type.
KeyData key_data;
std::string bad_key_type =
"type.googleapis.com/google.crypto.tink.SomeOtherKey";
key_data.set_type_url(bad_key_type);
auto result = key_manager.GetPrimitive(key_data);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
result.status().error_message());
EXPECT_PRED_FORMAT2(testing::IsSubstring, bad_key_type,
result.status().error_message());
}
{ // Bad key value.
KeyData key_data;
key_data.set_type_url(aes_siv_key_type_);
key_data.set_value("some bad serialized proto");
auto result = key_manager.GetPrimitive(key_data);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "not parse",
result.status().error_message());
}
{ // Bad version.
KeyData key_data;
AesSivKey key;
key.set_version(1);
key_data.set_type_url(aes_siv_key_type_);
key_data.set_value(key.SerializeAsString());
auto result = key_manager.GetPrimitive(key_data);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "version",
result.status().error_message());
}
{ // Bad key_value size (supported size: 64).
for (int len = 0; len < 72; len++) {
AesSivKey key;
key.set_version(0);
key.set_key_value(std::string(len, 'a'));
KeyData key_data;
key_data.set_type_url(aes_siv_key_type_);
key_data.set_value(key.SerializeAsString());
auto result = key_manager.GetPrimitive(key_data);
if (len == 64) {
EXPECT_TRUE(result.ok()) << result.status();
} else {
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT,
result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring,
std::to_string(len) + " bytes",
result.status().error_message());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "supported size",
result.status().error_message());
}
}
}
}
TEST_F(AesSivKeyManagerTest, testKeyMessageErrors) {
AesSivKeyManager key_manager;
{ // Bad protobuffer.
AesEaxKey key;
auto result = key_manager.GetPrimitive(key);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "AesEaxKey",
result.status().error_message());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
result.status().error_message());
}
{ // Bad key_value size (supported size: 64).
for (int len = 0; len < 72; len++) {
AesSivKey key;
key.set_version(0);
key.set_key_value(std::string(len, 'a'));
auto result = key_manager.GetPrimitive(key);
if (len == 64) {
EXPECT_TRUE(result.ok()) << result.status();
} else {
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT,
result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring,
std::to_string(len) + " bytes",
result.status().error_message());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "supported size",
result.status().error_message());
}
}
}
}
TEST_F(AesSivKeyManagerTest, testPrimitives) {
std::string plaintext = "some plaintext";
std::string aad = "some aad";
AesSivKeyManager key_manager;
AesSivKey key;
key.set_version(0);
key.set_key_value(
"64 bytes of key 0123456789abcdef0123456789abcdef0123456789abcdef");
{ // Using key message only.
auto result = key_manager.GetPrimitive(key);
EXPECT_TRUE(result.ok()) << result.status();
auto aes_siv = std::move(result.ValueOrDie());
auto encrypt_result = aes_siv->EncryptDeterministically(plaintext, aad);
EXPECT_TRUE(encrypt_result.ok()) << encrypt_result.status();
auto decrypt_result =
aes_siv->DecryptDeterministically(encrypt_result.ValueOrDie(), aad);
EXPECT_TRUE(decrypt_result.ok()) << decrypt_result.status();
EXPECT_EQ(plaintext, decrypt_result.ValueOrDie());
}
{ // Using KeyData proto.
KeyData key_data;
key_data.set_type_url(aes_siv_key_type_);
key_data.set_value(key.SerializeAsString());
auto result = key_manager.GetPrimitive(key_data);
EXPECT_TRUE(result.ok()) << result.status();
auto aes_siv = std::move(result.ValueOrDie());
auto encrypt_result = aes_siv->EncryptDeterministically(plaintext, aad);
EXPECT_TRUE(encrypt_result.ok()) << encrypt_result.status();
auto decrypt_result =
aes_siv->DecryptDeterministically(encrypt_result.ValueOrDie(), aad);
EXPECT_TRUE(decrypt_result.ok()) << decrypt_result.status();
EXPECT_EQ(plaintext, decrypt_result.ValueOrDie());
}
}
TEST_F(AesSivKeyManagerTest, testNewKeyErrors) {
AesSivKeyManager key_manager;
const KeyFactory& key_factory = key_manager.get_key_factory();
{ // Bad key format.
AesEaxKeyFormat key_format;
auto result = key_factory.NewKey(key_format);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
result.status().error_message());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "AesEaxKeyFormat",
result.status().error_message());
}
{ // Bad serialized key format.
auto result = key_factory.NewKey("some bad serialized proto");
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "not parse",
result.status().error_message());
}
{ // Bad AesSivKeyFormat: small key_size.
AesSivKeyFormat key_format;
key_format.set_key_size(32);
auto result = key_factory.NewKey(key_format);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "key_size",
result.status().error_message());
}
}
TEST_F(AesSivKeyManagerTest, testNewKeyBasic) {
AesSivKeyManager key_manager;
const KeyFactory& key_factory = key_manager.get_key_factory();
AesSivKeyFormat key_format;
key_format.set_key_size(64);
{ // Via NewKey(format_proto).
auto result = key_factory.NewKey(key_format);
EXPECT_TRUE(result.ok()) << result.status();
auto key = std::move(result.ValueOrDie());
EXPECT_EQ(key_type_prefix_ + key->GetTypeName(), aes_siv_key_type_);
std::unique_ptr<AesSivKey> aes_siv_key(
reinterpret_cast<AesSivKey*>(key.release()));
EXPECT_EQ(0, aes_siv_key->version());
EXPECT_EQ(key_format.key_size(), aes_siv_key->key_value().size());
}
{ // Via NewKey(serialized_format_proto).
auto result = key_factory.NewKey(key_format.SerializeAsString());
EXPECT_TRUE(result.ok()) << result.status();
auto key = std::move(result.ValueOrDie());
EXPECT_EQ(key_type_prefix_ + key->GetTypeName(), aes_siv_key_type_);
std::unique_ptr<AesSivKey> aes_siv_key(
reinterpret_cast<AesSivKey*>(key.release()));
EXPECT_EQ(0, aes_siv_key->version());
EXPECT_EQ(key_format.key_size(), aes_siv_key->key_value().size());
}
{ // Via NewKeyData(serialized_format_proto).
auto result = key_factory.NewKeyData(key_format.SerializeAsString());
EXPECT_TRUE(result.ok()) << result.status();
auto key_data = std::move(result.ValueOrDie());
EXPECT_EQ(aes_siv_key_type_, key_data->type_url());
EXPECT_EQ(KeyData::SYMMETRIC, key_data->key_material_type());
AesSivKey aes_siv_key;
EXPECT_TRUE(aes_siv_key.ParseFromString(key_data->value()));
EXPECT_EQ(0, aes_siv_key.version());
EXPECT_EQ(key_format.key_size(), aes_siv_key.key_value().size());
}
}
} // namespace
} // namespace tink
} // namespace crypto