go/keyset/handle_test.go - third_party/tink - Git at Google

 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 package keyset_test

 import (
 	"strings"
 	"testing"

 	"github.com/golang/protobuf/proto"
 	"github.com/google/tink/go/keyset"
 	"github.com/google/tink/go/mac"
 	"github.com/google/tink/go/subtle/aead"
 	"github.com/google/tink/go/testkeyset"
 	"github.com/google/tink/go/testutil"

 	tinkpb "github.com/google/tink/proto/tink_go_proto"
 )

 func TestNewHandle(t *testing.T) {
 	kt := mac.HMACSHA256Tag128KeyTemplate()
 	kh, err := keyset.NewHandle(kt)
 	if err != nil {
 		t.Errorf("unexpected error: %s", err)
 	}
 	keyset := kh.Keyset()
 	if len(keyset.Key) != 1 {
 		t.Errorf("incorrect number of keys in the keyset: %d", len(keyset.Key))
 	}
 	key := keyset.Key[0]
 	if keyset.PrimaryKeyId != key.KeyId {
 		t.Errorf("incorrect primary key id, expect %d, got %d", key.KeyId, keyset.PrimaryKeyId)
 	}
 	if key.KeyData.TypeUrl != kt.TypeUrl {
 		t.Errorf("incorrect type url, expect %s, got %s", kt.TypeUrl, key.KeyData.TypeUrl)
 	}
 	if _, err = mac.New(kh); err != nil {
 		t.Errorf("cannot get primitive from generated keyset handle: %s", err)
 	}
 }

 func TestNewHandleWithInvalidInput(t *testing.T) {
 	// template unregistered TypeUrl
 	template := mac.HMACSHA256Tag128KeyTemplate()
 	template.TypeUrl = "some unknown TypeUrl"
 	if _, err := keyset.NewHandle(template); err == nil {
 		t.Errorf("expect an error when TypeUrl is not registered")
 	}
 	// nil
 	if _, err := keyset.NewHandle(nil); err == nil {
 		t.Errorf("expect an error when template is nil")
 	}
 }

 func TestRead(t *testing.T) {
 	masterKey, err := aead.NewAESGCM([]byte(strings.Repeat("A", 32)))
 	if err != nil {
 		t.Errorf("aead.NewAESGCM(): %v", err)
 	}

 	// Create a keyset
 	keyData := testutil.NewKeyData("some type url", []byte{0}, tinkpb.KeyData_SYMMETRIC)
 	key := testutil.NewKey(keyData, tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK)
 	ks := testutil.NewKeyset(1, []*tinkpb.Keyset_Key{key})
 	h, _ := testkeyset.NewHandle(ks)

 	memKeyset := &keyset.MemReaderWriter{}
 	if err := h.Write(memKeyset, masterKey); err != nil {
 		t.Fatalf("handle.Write(): %v", err)
 	}
 	h2, err := keyset.Read(memKeyset, masterKey)
 	if err != nil {
 		t.Fatalf("keyset.Read(): %v", err)
 	}
 	if !proto.Equal(h.Keyset(), h2.Keyset()) {
 		t.Fatalf("Decrypt failed: got %v, want %v", h2, h)
 	}
 }

 func TestReadWithNoSecrets(t *testing.T) {
 	// Create a keyset containing public key material
 	keyData := testutil.NewKeyData("some type url", []byte{0}, tinkpb.KeyData_ASYMMETRIC_PUBLIC)
 	key := testutil.NewKey(keyData, tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK)
 	ks := testutil.NewKeyset(1, []*tinkpb.Keyset_Key{key})
 	h, _ := testkeyset.NewHandle(ks)

 	memKeyset := &keyset.MemReaderWriter{}
 	if err := h.WriteWithNoSecrets(memKeyset); err != nil {
 		t.Fatalf("handle.WriteWithNoSecrets(): %v", err)
 	}
 	h2, err := keyset.ReadWithNoSecrets(memKeyset)
 	if err != nil {
 		t.Fatalf("keyset.ReadWithNoSecrets(): %v", err)
 	}
 	if !proto.Equal(h.Keyset(), h2.Keyset()) {
 		t.Fatalf("Decrypt failed: got %v, want %v", h2, h)
 	}
 }

 func TestWithNoSecretsFunctionsFailWhenHandlingSecretKeyMaterial(t *testing.T) {
 	// Create a keyset containing secret key material (symmetric)
 	keyData := testutil.NewKeyData("some type url", []byte{0}, tinkpb.KeyData_SYMMETRIC)
 	key := testutil.NewKey(keyData, tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK)
 	ks := testutil.NewKeyset(1, []*tinkpb.Keyset_Key{key})
 	h, _ := testkeyset.NewHandle(ks)

 	if err := h.WriteWithNoSecrets(&keyset.MemReaderWriter{}); err == nil {
 		t.Error("handle.WriteWithNoSecrets() should fail when exporting secret key material")
 	}

 	if _, err := keyset.ReadWithNoSecrets(&keyset.MemReaderWriter{Keyset: h.Keyset()}); err == nil {
 		t.Error("keyset.ReadWithNoSecrets should fail when importing secret key material")
 	}
 }
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	package keyset_test

	import (
	"strings"
	"testing"

	"github.com/golang/protobuf/proto"
	"github.com/google/tink/go/keyset"
	"github.com/google/tink/go/mac"
	"github.com/google/tink/go/subtle/aead"
	"github.com/google/tink/go/testkeyset"
	"github.com/google/tink/go/testutil"

	tinkpb "github.com/google/tink/proto/tink_go_proto"
	)

	func TestNewHandle(t *testing.T) {
	kt := mac.HMACSHA256Tag128KeyTemplate()
	kh, err := keyset.NewHandle(kt)
	if err != nil {
	t.Errorf("unexpected error: %s", err)
	}
	keyset := kh.Keyset()
	if len(keyset.Key) != 1 {
	t.Errorf("incorrect number of keys in the keyset: %d", len(keyset.Key))
	}
	key := keyset.Key[0]
	if keyset.PrimaryKeyId != key.KeyId {
	t.Errorf("incorrect primary key id, expect %d, got %d", key.KeyId, keyset.PrimaryKeyId)
	}
	if key.KeyData.TypeUrl != kt.TypeUrl {
	t.Errorf("incorrect type url, expect %s, got %s", kt.TypeUrl, key.KeyData.TypeUrl)
	}
	if _, err = mac.New(kh); err != nil {
	t.Errorf("cannot get primitive from generated keyset handle: %s", err)
	}
	}

	func TestNewHandleWithInvalidInput(t *testing.T) {
	// template unregistered TypeUrl
	template := mac.HMACSHA256Tag128KeyTemplate()
	template.TypeUrl = "some unknown TypeUrl"
	if _, err := keyset.NewHandle(template); err == nil {
	t.Errorf("expect an error when TypeUrl is not registered")
	}
	// nil
	if _, err := keyset.NewHandle(nil); err == nil {
	t.Errorf("expect an error when template is nil")
	}
	}

	func TestRead(t *testing.T) {
	masterKey, err := aead.NewAESGCM([]byte(strings.Repeat("A", 32)))
	if err != nil {
	t.Errorf("aead.NewAESGCM(): %v", err)
	}

	// Create a keyset
	keyData := testutil.NewKeyData("some type url", []byte{0}, tinkpb.KeyData_SYMMETRIC)
	key := testutil.NewKey(keyData, tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK)
	ks := testutil.NewKeyset(1, []*tinkpb.Keyset_Key{key})
	h, _ := testkeyset.NewHandle(ks)

	memKeyset := &keyset.MemReaderWriter{}
	if err := h.Write(memKeyset, masterKey); err != nil {
	t.Fatalf("handle.Write(): %v", err)
	}
	h2, err := keyset.Read(memKeyset, masterKey)
	if err != nil {
	t.Fatalf("keyset.Read(): %v", err)
	}
	if !proto.Equal(h.Keyset(), h2.Keyset()) {
	t.Fatalf("Decrypt failed: got %v, want %v", h2, h)
	}
	}

	func TestReadWithNoSecrets(t *testing.T) {
	// Create a keyset containing public key material
	keyData := testutil.NewKeyData("some type url", []byte{0}, tinkpb.KeyData_ASYMMETRIC_PUBLIC)
	key := testutil.NewKey(keyData, tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK)
	ks := testutil.NewKeyset(1, []*tinkpb.Keyset_Key{key})
	h, _ := testkeyset.NewHandle(ks)

	memKeyset := &keyset.MemReaderWriter{}
	if err := h.WriteWithNoSecrets(memKeyset); err != nil {
	t.Fatalf("handle.WriteWithNoSecrets(): %v", err)
	}
	h2, err := keyset.ReadWithNoSecrets(memKeyset)
	if err != nil {
	t.Fatalf("keyset.ReadWithNoSecrets(): %v", err)
	}
	if !proto.Equal(h.Keyset(), h2.Keyset()) {
	t.Fatalf("Decrypt failed: got %v, want %v", h2, h)
	}
	}

	func TestWithNoSecretsFunctionsFailWhenHandlingSecretKeyMaterial(t *testing.T) {
	// Create a keyset containing secret key material (symmetric)
	keyData := testutil.NewKeyData("some type url", []byte{0}, tinkpb.KeyData_SYMMETRIC)
	key := testutil.NewKey(keyData, tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK)
	ks := testutil.NewKeyset(1, []*tinkpb.Keyset_Key{key})
	h, _ := testkeyset.NewHandle(ks)

	if err := h.WriteWithNoSecrets(&keyset.MemReaderWriter{}); err == nil {
	t.Error("handle.WriteWithNoSecrets() should fail when exporting secret key material")
	}

	if _, err := keyset.ReadWithNoSecrets(&keyset.MemReaderWriter{Keyset: h.Keyset()}); err == nil {
	t.Error("keyset.ReadWithNoSecrets should fail when importing secret key material")
	}
	}