cc/hybrid/hybrid_config_test.cc - third_party/tink - Git at Google

 // Copyright 2017 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 #include "tink/hybrid/hybrid_config.h"

 #include "gtest/gtest.h"
 #include "gmock/gmock.h"
 #include "tink/catalogue.h"
 #include "tink/config.h"
 #include "tink/hybrid/hybrid_key_templates.h"
 #include "tink/hybrid_decrypt.h"
 #include "tink/hybrid_encrypt.h"
 #include "tink/keyset_handle.h"
 #include "tink/registry.h"
 #include "tink/util/status.h"
 #include "tink/util/test_util.h"

 namespace crypto {
 namespace tink {
 namespace {

 using ::crypto::tink::test::DummyHybridEncrypt;
 using ::crypto::tink::test::DummyHybridDecrypt;

 class DummyHybridDecryptCatalogue : public Catalogue<HybridDecrypt> {
  public:
   DummyHybridDecryptCatalogue() {}

   crypto::tink::util::StatusOr<std::unique_ptr<KeyManager<HybridDecrypt>>>
   GetKeyManager(const std::string& type_url,
                 const std::string& primitive_name,
                 uint32_t min_version) const override {
     return util::Status::UNKNOWN;
   }
 };


 class HybridConfigTest : public ::testing::Test {
  protected:
   void SetUp() override {
     Registry::Reset();
   }
 };

 TEST_F(HybridConfigTest, testBasic) {
   std::string decrypt_key_type =
       "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey";
   std::string encrypt_key_type =
       "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey";
   std::string aes_ctr_hmac_aead_key_type =
       "type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey";
   std::string aes_eax_key_type =
       "type.googleapis.com/google.crypto.tink.AesEaxKey";
   std::string aes_gcm_key_type =
       "type.googleapis.com/google.crypto.tink.AesGcmKey";
   std::string xchacha20_poly1305_key_type =
       "type.googleapis.com/google.crypto.tink.XChaCha20Poly1305Key";
   std::string hmac_key_type =
       "type.googleapis.com/google.crypto.tink.HmacKey";
   auto& config = HybridConfig::Latest();

   EXPECT_EQ(7, HybridConfig::Latest().entry_size());

   EXPECT_EQ("TinkMac", config.entry(0).catalogue_name());
   EXPECT_EQ("Mac", config.entry(0).primitive_name());
   EXPECT_EQ(hmac_key_type, config.entry(0).type_url());
   EXPECT_EQ(true, config.entry(0).new_key_allowed());
   EXPECT_EQ(0, config.entry(0).key_manager_version());

   EXPECT_EQ("TinkAead", config.entry(1).catalogue_name());
   EXPECT_EQ("Aead", config.entry(1).primitive_name());
   EXPECT_EQ(aes_ctr_hmac_aead_key_type, config.entry(1).type_url());
   EXPECT_EQ(true, config.entry(1).new_key_allowed());
   EXPECT_EQ(0, config.entry(1).key_manager_version());

   EXPECT_EQ("TinkAead", config.entry(2).catalogue_name());
   EXPECT_EQ("Aead", config.entry(2).primitive_name());
   EXPECT_EQ(aes_gcm_key_type, config.entry(2).type_url());
   EXPECT_EQ(true, config.entry(2).new_key_allowed());
   EXPECT_EQ(0, config.entry(2).key_manager_version());

   EXPECT_EQ("TinkAead", config.entry(3).catalogue_name());
   EXPECT_EQ("Aead", config.entry(3).primitive_name());
   EXPECT_EQ(aes_eax_key_type, config.entry(3).type_url());
   EXPECT_EQ(true, config.entry(3).new_key_allowed());
   EXPECT_EQ(0, config.entry(3).key_manager_version());

   EXPECT_EQ("TinkAead", config.entry(4).catalogue_name());
   EXPECT_EQ("Aead", config.entry(4).primitive_name());
   EXPECT_EQ(xchacha20_poly1305_key_type, config.entry(4).type_url());
   EXPECT_EQ(true, config.entry(4).new_key_allowed());
   EXPECT_EQ(0, config.entry(4).key_manager_version());

   EXPECT_EQ("TinkHybridDecrypt", config.entry(5).catalogue_name());
   EXPECT_EQ("HybridDecrypt", config.entry(5).primitive_name());
   EXPECT_EQ(decrypt_key_type, config.entry(5).type_url());
   EXPECT_EQ(true, config.entry(5).new_key_allowed());
   EXPECT_EQ(0, config.entry(5).key_manager_version());

   EXPECT_EQ("TinkHybridEncrypt", config.entry(6).catalogue_name());
   EXPECT_EQ("HybridEncrypt", config.entry(6).primitive_name());
   EXPECT_EQ(encrypt_key_type, config.entry(6).type_url());
   EXPECT_EQ(true, config.entry(6).new_key_allowed());
   EXPECT_EQ(0, config.entry(6).key_manager_version());

   // No key manager before registration.
   auto decrypt_manager_result =
       Registry::get_key_manager<HybridDecrypt>(decrypt_key_type);
   EXPECT_FALSE(decrypt_manager_result.ok());
   EXPECT_EQ(util::error::NOT_FOUND,
             decrypt_manager_result.status().error_code());

   auto encrypt_manager_result =
       Registry::get_key_manager<HybridEncrypt>(encrypt_key_type);
   EXPECT_FALSE(encrypt_manager_result.ok());
   EXPECT_EQ(util::error::NOT_FOUND,
             encrypt_manager_result.status().error_code());

   // Registration of standard key types works.
   auto status = HybridConfig::Register();
   EXPECT_TRUE(status.ok()) << status;
   decrypt_manager_result =
       Registry::get_key_manager<HybridDecrypt>(decrypt_key_type);
   EXPECT_TRUE(decrypt_manager_result.ok()) << decrypt_manager_result.status();
   EXPECT_TRUE(decrypt_manager_result.ValueOrDie()
               ->DoesSupport(decrypt_key_type));
   encrypt_manager_result =
       Registry::get_key_manager<HybridEncrypt>(encrypt_key_type);
   EXPECT_TRUE(encrypt_manager_result.ok()) << encrypt_manager_result.status();
   EXPECT_TRUE(encrypt_manager_result.ValueOrDie()
               ->DoesSupport(encrypt_key_type));
 }

 TEST_F(HybridConfigTest, testRegister) {
   std::string key_type =
       "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey";

   // Try on empty registry.
   auto status = Config::Register(HybridConfig::Latest());
   EXPECT_FALSE(status.ok());
   EXPECT_EQ(util::error::NOT_FOUND, status.error_code());
   auto manager_result = Registry::get_key_manager<HybridEncrypt>(key_type);
   EXPECT_FALSE(manager_result.ok());

   // Register and try again.
   status = HybridConfig::Register();
   EXPECT_TRUE(status.ok()) << status;
   manager_result = Registry::get_key_manager<HybridEncrypt>(key_type);
   EXPECT_TRUE(manager_result.ok()) << manager_result.status();

   // Try Register() again, should succeed (idempotence).
   status = HybridConfig::Register();
   EXPECT_TRUE(status.ok()) << status;

   // Reset the registry, and try overriding a catalogue with a different one.
   Registry::Reset();
   status = Registry::AddCatalogue("TinkHybridDecrypt",
                                   new DummyHybridDecryptCatalogue());
   EXPECT_TRUE(status.ok()) << status;
   status = HybridConfig::Register();
   EXPECT_FALSE(status.ok());
   EXPECT_EQ(util::error::ALREADY_EXISTS, status.error_code());
 }

 // Tests that the HybridEncryptWrapper has been properly registered and we
 // can wrap primitives.
 TEST_F(HybridConfigTest, EncryptWrapperRegistered) {
   ASSERT_TRUE(HybridConfig::Register().ok());

   google::crypto::tink::Keyset::Key key;
   key.set_status(google::crypto::tink::KeyStatusType::ENABLED);
   key.set_key_id(1234);
   key.set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
   auto primitive_set = absl::make_unique<PrimitiveSet<HybridEncrypt>>();
   primitive_set->set_primary(
       primitive_set
           ->AddPrimitive(absl::make_unique<DummyHybridEncrypt>("dummy"), key)
           .ValueOrDie());

   auto wrapped = Registry::Wrap(std::move(primitive_set));

   ASSERT_TRUE(wrapped.ok()) << wrapped.status();
   auto encryption_result = wrapped.ValueOrDie()->Encrypt("secret", "");
   ASSERT_TRUE(encryption_result.ok());

   std::string prefix = CryptoFormat::get_output_prefix(key).ValueOrDie();
   EXPECT_EQ(
       encryption_result.ValueOrDie(),
       absl::StrCat(
           prefix,
           DummyHybridEncrypt("dummy").Encrypt("secret", "").ValueOrDie()));
 }

 // Tests that the HybridDecryptWrapper has been properly registered and we
 // can wrap primitives.
 TEST_F(HybridConfigTest, DecryptWrapperRegistered) {
   ASSERT_TRUE(HybridConfig::Register().ok());

   google::crypto::tink::Keyset::Key key;
   key.set_status(google::crypto::tink::KeyStatusType::ENABLED);
   key.set_key_id(1234);
   key.set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
   auto primitive_set = absl::make_unique<PrimitiveSet<HybridDecrypt>>();
   primitive_set->set_primary(
       primitive_set
           ->AddPrimitive(absl::make_unique<DummyHybridDecrypt>("dummy"), key)
           .ValueOrDie());

   auto wrapped = Registry::Wrap(std::move(primitive_set));

   ASSERT_TRUE(wrapped.ok()) << wrapped.status();

   std::string prefix = CryptoFormat::get_output_prefix(key).ValueOrDie();
   std::string encryption =
       DummyHybridEncrypt("dummy").Encrypt("secret", "").ValueOrDie();

   ASSERT_EQ(wrapped.ValueOrDie()
                 ->Decrypt(absl::StrCat(prefix, encryption), "")
                 .ValueOrDie(),
             "secret");
 }

 }  // namespace
 }  // namespace tink
 }  // namespace crypto
	// Copyright 2017 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	#include "tink/hybrid/hybrid_config.h"

	#include "gtest/gtest.h"
	#include "gmock/gmock.h"
	#include "tink/catalogue.h"
	#include "tink/config.h"
	#include "tink/hybrid/hybrid_key_templates.h"
	#include "tink/hybrid_decrypt.h"
	#include "tink/hybrid_encrypt.h"
	#include "tink/keyset_handle.h"
	#include "tink/registry.h"
	#include "tink/util/status.h"
	#include "tink/util/test_util.h"

	namespace crypto {
	namespace tink {
	namespace {

	using ::crypto::tink::test::DummyHybridEncrypt;
	using ::crypto::tink::test::DummyHybridDecrypt;

	class DummyHybridDecryptCatalogue : public Catalogue<HybridDecrypt> {
	public:
	DummyHybridDecryptCatalogue() {}

	crypto::tink::util::StatusOr<std::unique_ptr<KeyManager<HybridDecrypt>>>
	GetKeyManager(const std::string& type_url,
	const std::string& primitive_name,
	uint32_t min_version) const override {
	return util::Status::UNKNOWN;
	}
	};


	class HybridConfigTest : public ::testing::Test {
	protected:
	void SetUp() override {
	Registry::Reset();
	}
	};

	TEST_F(HybridConfigTest, testBasic) {
	std::string decrypt_key_type =
	"type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey";
	std::string encrypt_key_type =
	"type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey";
	std::string aes_ctr_hmac_aead_key_type =
	"type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey";
	std::string aes_eax_key_type =
	"type.googleapis.com/google.crypto.tink.AesEaxKey";
	std::string aes_gcm_key_type =
	"type.googleapis.com/google.crypto.tink.AesGcmKey";
	std::string xchacha20_poly1305_key_type =
	"type.googleapis.com/google.crypto.tink.XChaCha20Poly1305Key";
	std::string hmac_key_type =
	"type.googleapis.com/google.crypto.tink.HmacKey";
	auto& config = HybridConfig::Latest();

	EXPECT_EQ(7, HybridConfig::Latest().entry_size());

	EXPECT_EQ("TinkMac", config.entry(0).catalogue_name());
	EXPECT_EQ("Mac", config.entry(0).primitive_name());
	EXPECT_EQ(hmac_key_type, config.entry(0).type_url());
	EXPECT_EQ(true, config.entry(0).new_key_allowed());
	EXPECT_EQ(0, config.entry(0).key_manager_version());

	EXPECT_EQ("TinkAead", config.entry(1).catalogue_name());
	EXPECT_EQ("Aead", config.entry(1).primitive_name());
	EXPECT_EQ(aes_ctr_hmac_aead_key_type, config.entry(1).type_url());
	EXPECT_EQ(true, config.entry(1).new_key_allowed());
	EXPECT_EQ(0, config.entry(1).key_manager_version());

	EXPECT_EQ("TinkAead", config.entry(2).catalogue_name());
	EXPECT_EQ("Aead", config.entry(2).primitive_name());
	EXPECT_EQ(aes_gcm_key_type, config.entry(2).type_url());
	EXPECT_EQ(true, config.entry(2).new_key_allowed());
	EXPECT_EQ(0, config.entry(2).key_manager_version());

	EXPECT_EQ("TinkAead", config.entry(3).catalogue_name());
	EXPECT_EQ("Aead", config.entry(3).primitive_name());
	EXPECT_EQ(aes_eax_key_type, config.entry(3).type_url());
	EXPECT_EQ(true, config.entry(3).new_key_allowed());
	EXPECT_EQ(0, config.entry(3).key_manager_version());

	EXPECT_EQ("TinkAead", config.entry(4).catalogue_name());
	EXPECT_EQ("Aead", config.entry(4).primitive_name());
	EXPECT_EQ(xchacha20_poly1305_key_type, config.entry(4).type_url());
	EXPECT_EQ(true, config.entry(4).new_key_allowed());
	EXPECT_EQ(0, config.entry(4).key_manager_version());

	EXPECT_EQ("TinkHybridDecrypt", config.entry(5).catalogue_name());
	EXPECT_EQ("HybridDecrypt", config.entry(5).primitive_name());
	EXPECT_EQ(decrypt_key_type, config.entry(5).type_url());
	EXPECT_EQ(true, config.entry(5).new_key_allowed());
	EXPECT_EQ(0, config.entry(5).key_manager_version());

	EXPECT_EQ("TinkHybridEncrypt", config.entry(6).catalogue_name());
	EXPECT_EQ("HybridEncrypt", config.entry(6).primitive_name());
	EXPECT_EQ(encrypt_key_type, config.entry(6).type_url());
	EXPECT_EQ(true, config.entry(6).new_key_allowed());
	EXPECT_EQ(0, config.entry(6).key_manager_version());

	// No key manager before registration.
	auto decrypt_manager_result =
	Registry::get_key_manager<HybridDecrypt>(decrypt_key_type);
	EXPECT_FALSE(decrypt_manager_result.ok());
	EXPECT_EQ(util::error::NOT_FOUND,
	decrypt_manager_result.status().error_code());

	auto encrypt_manager_result =
	Registry::get_key_manager<HybridEncrypt>(encrypt_key_type);
	EXPECT_FALSE(encrypt_manager_result.ok());
	EXPECT_EQ(util::error::NOT_FOUND,
	encrypt_manager_result.status().error_code());

	// Registration of standard key types works.
	auto status = HybridConfig::Register();
	EXPECT_TRUE(status.ok()) << status;
	decrypt_manager_result =
	Registry::get_key_manager<HybridDecrypt>(decrypt_key_type);
	EXPECT_TRUE(decrypt_manager_result.ok()) << decrypt_manager_result.status();
	EXPECT_TRUE(decrypt_manager_result.ValueOrDie()
	->DoesSupport(decrypt_key_type));
	encrypt_manager_result =
	Registry::get_key_manager<HybridEncrypt>(encrypt_key_type);
	EXPECT_TRUE(encrypt_manager_result.ok()) << encrypt_manager_result.status();
	EXPECT_TRUE(encrypt_manager_result.ValueOrDie()
	->DoesSupport(encrypt_key_type));
	}

	TEST_F(HybridConfigTest, testRegister) {
	std::string key_type =
	"type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey";

	// Try on empty registry.
	auto status = Config::Register(HybridConfig::Latest());
	EXPECT_FALSE(status.ok());
	EXPECT_EQ(util::error::NOT_FOUND, status.error_code());
	auto manager_result = Registry::get_key_manager<HybridEncrypt>(key_type);
	EXPECT_FALSE(manager_result.ok());

	// Register and try again.
	status = HybridConfig::Register();
	EXPECT_TRUE(status.ok()) << status;
	manager_result = Registry::get_key_manager<HybridEncrypt>(key_type);
	EXPECT_TRUE(manager_result.ok()) << manager_result.status();

	// Try Register() again, should succeed (idempotence).
	status = HybridConfig::Register();
	EXPECT_TRUE(status.ok()) << status;

	// Reset the registry, and try overriding a catalogue with a different one.
	Registry::Reset();
	status = Registry::AddCatalogue("TinkHybridDecrypt",
	new DummyHybridDecryptCatalogue());
	EXPECT_TRUE(status.ok()) << status;
	status = HybridConfig::Register();
	EXPECT_FALSE(status.ok());
	EXPECT_EQ(util::error::ALREADY_EXISTS, status.error_code());
	}

	// Tests that the HybridEncryptWrapper has been properly registered and we
	// can wrap primitives.
	TEST_F(HybridConfigTest, EncryptWrapperRegistered) {
	ASSERT_TRUE(HybridConfig::Register().ok());

	google::crypto::tink::Keyset::Key key;
	key.set_status(google::crypto::tink::KeyStatusType::ENABLED);
	key.set_key_id(1234);
	key.set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
	auto primitive_set = absl::make_unique<PrimitiveSet<HybridEncrypt>>();
	primitive_set->set_primary(
	primitive_set
	->AddPrimitive(absl::make_unique<DummyHybridEncrypt>("dummy"), key)
	.ValueOrDie());

	auto wrapped = Registry::Wrap(std::move(primitive_set));

	ASSERT_TRUE(wrapped.ok()) << wrapped.status();
	auto encryption_result = wrapped.ValueOrDie()->Encrypt("secret", "");
	ASSERT_TRUE(encryption_result.ok());

	std::string prefix = CryptoFormat::get_output_prefix(key).ValueOrDie();
	EXPECT_EQ(
	encryption_result.ValueOrDie(),
	absl::StrCat(
	prefix,
	DummyHybridEncrypt("dummy").Encrypt("secret", "").ValueOrDie()));
	}

	// Tests that the HybridDecryptWrapper has been properly registered and we
	// can wrap primitives.
	TEST_F(HybridConfigTest, DecryptWrapperRegistered) {
	ASSERT_TRUE(HybridConfig::Register().ok());

	google::crypto::tink::Keyset::Key key;
	key.set_status(google::crypto::tink::KeyStatusType::ENABLED);
	key.set_key_id(1234);
	key.set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
	auto primitive_set = absl::make_unique<PrimitiveSet<HybridDecrypt>>();
	primitive_set->set_primary(
	primitive_set
	->AddPrimitive(absl::make_unique<DummyHybridDecrypt>("dummy"), key)
	.ValueOrDie());

	auto wrapped = Registry::Wrap(std::move(primitive_set));

	ASSERT_TRUE(wrapped.ok()) << wrapped.status();

	std::string prefix = CryptoFormat::get_output_prefix(key).ValueOrDie();
	std::string encryption =
	DummyHybridEncrypt("dummy").Encrypt("secret", "").ValueOrDie();

	ASSERT_EQ(wrapped.ValueOrDie()
	->Decrypt(absl::StrCat(prefix, encryption), "")
	.ValueOrDie(),
	"secret");
	}

	} // namespace
	} // namespace tink
	} // namespace crypto