objc/Tests/UnitTests/mac/TINKMacFactoryTest.mm - third_party/tink - Git at Google

 /**
  * Copyright 2017 Google Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  **************************************************************************
  */

 #import "objc/TINKAeadFactory.h"

 #import <XCTest/XCTest.h>

 #import "objc/TINKKeysetHandle.h"
 #import "objc/TINKMac.h"
 #import "objc/TINKMacConfig.h"
 #import "objc/TINKMacFactory.h"
 #import "objc/core/TINKKeysetHandle_Internal.h"
 #import "objc/util/TINKStrings.h"

 #include "tink/crypto_format.h"
 #include "tink/keyset_handle.h"
 #include "tink/mac.h"
 #include "tink/mac/hmac_key_manager.h"
 #include "tink/mac/mac_config.h"
 #include "tink/util/status.h"
 #include "tink/util/keyset_util.h"
 #include "tink/util/test_util.h"
 #include "proto/hmac.pb.h"
 #include "proto/tink.pb.h"

 using crypto::tink::HmacKeyManager;
 using crypto::tink::KeyFactory;
 using crypto::tink::KeysetUtil;
 using crypto::tink::test::AddRawKey;
 using crypto::tink::test::AddTinkKey;
 using google::crypto::tink::HashType;
 using google::crypto::tink::HmacKeyFormat;
 using google::crypto::tink::KeyData;
 using google::crypto::tink::Keyset;
 using google::crypto::tink::KeyStatusType;

 @interface TINKMacFactoryTest : XCTestCase
 @end

 @implementation TINKMacFactoryTest

 - (void)testEmptyKeyset {
   Keyset keyset;
   TINKKeysetHandle *handle =
       [[TINKKeysetHandle alloc] initWithCCKeysetHandle:KeysetUtil::GetKeysetHandle(keyset)];
   XCTAssertNotNil(handle);

   NSError *error = nil;
   id<TINKMac> mac = [TINKMacFactory primitiveWithKeysetHandle:handle error:&error];
   XCTAssertNil(mac);
   XCTAssertNotNil(error);
   XCTAssertTrue(error.code == crypto::tink::util::error::INVALID_ARGUMENT);
   XCTAssertTrue([error.localizedFailureReason containsString:@"at least one key"]);
 }

 - (void)testPrimitive {
   // Prepare a template for generating keys for a Keyset.
   HmacKeyManager key_manager;
   const KeyFactory &key_factory = key_manager.get_key_factory();
   std::string key_type = key_manager.get_key_type();

   HmacKeyFormat key_format;
   key_format.set_key_size(16);
   key_format.mutable_params()->set_tag_size(10);
   key_format.mutable_params()->set_hash(HashType::SHA256);

   // Prepare a Keyset.
   Keyset keyset;
   uint32_t key_id_1 = 1234543;
   auto new_key = std::move(key_factory.NewKey(key_format).ValueOrDie());
   AddTinkKey(key_type, key_id_1, *new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);

   uint32_t key_id_2 = 726329;
   new_key = std::move(key_factory.NewKey(key_format).ValueOrDie());
   AddRawKey(key_type, key_id_2, *new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);

   uint32_t key_id_3 = 7213743;
   new_key = std::move(key_factory.NewKey(key_format).ValueOrDie());
   AddTinkKey(key_type, key_id_3, *new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);

   keyset.set_primary_key_id(key_id_3);

   NSError *error = nil;
   TINKMacConfig *macConfig = [[TINKMacConfig alloc] initWithError:&error];
   XCTAssertNotNil(macConfig);
   XCTAssertNil(error);

   TINKKeysetHandle *handle =
       [[TINKKeysetHandle alloc] initWithCCKeysetHandle:KeysetUtil::GetKeysetHandle(keyset)];
   XCTAssertNotNil(handle);

   id<TINKMac> mac = [TINKMacFactory primitiveWithKeysetHandle:handle error:&error];
   XCTAssertNotNil(mac);
   XCTAssertNil(error);

   // Compute the mac.
   NSData *data = [@"some_data_for_mac" dataUsingEncoding:NSUTF8StringEncoding];
   error = nil;
   NSData *computedMac = [mac computeMacForData:data error:&error];
   XCTAssertNil(error);
   XCTAssertNotNil(computedMac);

   // Verify that the mac is correct.
   XCTAssertTrue([mac verifyMac:computedMac forData:data error:&error]);
   XCTAssertNil(error);

   // Try again with different data.
   XCTAssertFalse([mac verifyMac:computedMac
                         forData:[@"bad data for mac" dataUsingEncoding:NSUTF8StringEncoding]
                           error:&error]);
   XCTAssertTrue(error.code == crypto::tink::util::error::INVALID_ARGUMENT);
   XCTAssertTrue([error.localizedFailureReason containsString:@"verification failed"]);

   // One more time with the wrong mac.
   XCTAssertFalse([mac verifyMac:[@"some bad mac value" dataUsingEncoding:NSUTF8StringEncoding]
                         forData:data
                           error:&error]);
   XCTAssertTrue(error.code == crypto::tink::util::error::INVALID_ARGUMENT);
   XCTAssertTrue([error.localizedFailureReason containsString:@"verification failed"]);

   const char *dataBytes = (const char *)data.bytes;
   XCTAssertTrue(dataBytes != NULL);

   // Flip all the bits in data one by one.
   for (NSUInteger byteIndex = 0; byteIndex < data.length; byteIndex++) {
     const char currentByte = dataBytes[byteIndex];

     for (NSUInteger bitIndex = 0; bitIndex < 8; bitIndex++) {
       // Flip every bit on this byte.
       char flippedByte = (currentByte ^ (1 << bitIndex));
       XCTAssertTrue(flippedByte != currentByte);

       // Replace the mutated byte in the original data.
       NSMutableData *mutableData = data.mutableCopy;
       char *mutableBytes = (char *)mutableData.mutableBytes;
       mutableBytes[byteIndex] = flippedByte;

       XCTAssertFalse(
           [mac verifyMac:computedMac forData:[NSData dataWithData:mutableData] error:&error]);
       XCTAssertTrue(error.code == crypto::tink::util::error::INVALID_ARGUMENT);
       XCTAssertTrue([error.localizedFailureReason containsString:@"verification failed"]);
     }
   }

   const char *macBytes = (const char *)computedMac.bytes;
   XCTAssertTrue(macBytes != NULL);

   // Flip all the bits in the MAC one by one.
   for (NSUInteger byteIndex = 0; byteIndex < computedMac.length; byteIndex++) {
     const char currentByte = macBytes[byteIndex];

     for (NSUInteger bitIndex = 0; bitIndex < 8; bitIndex++) {
       // Flip every bit on this byte.
       char flippedByte = (currentByte ^ (1 << bitIndex));
       XCTAssertTrue(flippedByte != currentByte);

       // Replace the mutated byte in the original data.
       NSMutableData *mutableMac = computedMac.mutableCopy;
       char *mutableBytes = (char *)mutableMac.mutableBytes;
       mutableBytes[byteIndex] = flippedByte;

       XCTAssertFalse([mac verifyMac:[NSData dataWithData:mutableMac] forData:data error:&error]);
       XCTAssertTrue(error.code == crypto::tink::util::error::INVALID_ARGUMENT);
       XCTAssertTrue([error.localizedFailureReason containsString:@"verification failed"]);
     }
   }
 }

 @end
	/**
	* Copyright 2017 Google Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	**************************************************************************
	*/

	#import "objc/TINKAeadFactory.h"

	#import <XCTest/XCTest.h>

	#import "objc/TINKKeysetHandle.h"
	#import "objc/TINKMac.h"
	#import "objc/TINKMacConfig.h"
	#import "objc/TINKMacFactory.h"
	#import "objc/core/TINKKeysetHandle_Internal.h"
	#import "objc/util/TINKStrings.h"

	#include "tink/crypto_format.h"
	#include "tink/keyset_handle.h"
	#include "tink/mac.h"
	#include "tink/mac/hmac_key_manager.h"
	#include "tink/mac/mac_config.h"
	#include "tink/util/status.h"
	#include "tink/util/keyset_util.h"
	#include "tink/util/test_util.h"
	#include "proto/hmac.pb.h"
	#include "proto/tink.pb.h"

	using crypto::tink::HmacKeyManager;
	using crypto::tink::KeyFactory;
	using crypto::tink::KeysetUtil;
	using crypto::tink::test::AddRawKey;
	using crypto::tink::test::AddTinkKey;
	using google::crypto::tink::HashType;
	using google::crypto::tink::HmacKeyFormat;
	using google::crypto::tink::KeyData;
	using google::crypto::tink::Keyset;
	using google::crypto::tink::KeyStatusType;

	@interface TINKMacFactoryTest : XCTestCase
	@end

	@implementation TINKMacFactoryTest

	- (void)testEmptyKeyset {
	Keyset keyset;
	TINKKeysetHandle *handle =
	[[TINKKeysetHandle alloc] initWithCCKeysetHandle:KeysetUtil::GetKeysetHandle(keyset)];
	XCTAssertNotNil(handle);

	NSError *error = nil;
	id<TINKMac> mac = [TINKMacFactory primitiveWithKeysetHandle:handle error:&error];
	XCTAssertNil(mac);
	XCTAssertNotNil(error);
	XCTAssertTrue(error.code == crypto::tink::util::error::INVALID_ARGUMENT);
	XCTAssertTrue([error.localizedFailureReason containsString:@"at least one key"]);
	}

	- (void)testPrimitive {
	// Prepare a template for generating keys for a Keyset.
	HmacKeyManager key_manager;
	const KeyFactory &key_factory = key_manager.get_key_factory();
	std::string key_type = key_manager.get_key_type();

	HmacKeyFormat key_format;
	key_format.set_key_size(16);
	key_format.mutable_params()->set_tag_size(10);
	key_format.mutable_params()->set_hash(HashType::SHA256);

	// Prepare a Keyset.
	Keyset keyset;
	uint32_t key_id_1 = 1234543;
	auto new_key = std::move(key_factory.NewKey(key_format).ValueOrDie());
	AddTinkKey(key_type, key_id_1, *new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);

	uint32_t key_id_2 = 726329;
	new_key = std::move(key_factory.NewKey(key_format).ValueOrDie());
	AddRawKey(key_type, key_id_2, *new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);

	uint32_t key_id_3 = 7213743;
	new_key = std::move(key_factory.NewKey(key_format).ValueOrDie());
	AddTinkKey(key_type, key_id_3, *new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);

	keyset.set_primary_key_id(key_id_3);

	NSError *error = nil;
	TINKMacConfig *macConfig = [[TINKMacConfig alloc] initWithError:&error];
	XCTAssertNotNil(macConfig);
	XCTAssertNil(error);

	TINKKeysetHandle *handle =
	[[TINKKeysetHandle alloc] initWithCCKeysetHandle:KeysetUtil::GetKeysetHandle(keyset)];
	XCTAssertNotNil(handle);

	id<TINKMac> mac = [TINKMacFactory primitiveWithKeysetHandle:handle error:&error];
	XCTAssertNotNil(mac);
	XCTAssertNil(error);

	// Compute the mac.
	NSData *data = [@"some_data_for_mac" dataUsingEncoding:NSUTF8StringEncoding];
	error = nil;
	NSData *computedMac = [mac computeMacForData:data error:&error];
	XCTAssertNil(error);
	XCTAssertNotNil(computedMac);

	// Verify that the mac is correct.
	XCTAssertTrue([mac verifyMac:computedMac forData:data error:&error]);
	XCTAssertNil(error);

	// Try again with different data.
	XCTAssertFalse([mac verifyMac:computedMac
	forData:[@"bad data for mac" dataUsingEncoding:NSUTF8StringEncoding]
	error:&error]);
	XCTAssertTrue(error.code == crypto::tink::util::error::INVALID_ARGUMENT);
	XCTAssertTrue([error.localizedFailureReason containsString:@"verification failed"]);

	// One more time with the wrong mac.
	XCTAssertFalse([mac verifyMac:[@"some bad mac value" dataUsingEncoding:NSUTF8StringEncoding]
	forData:data
	error:&error]);
	XCTAssertTrue(error.code == crypto::tink::util::error::INVALID_ARGUMENT);
	XCTAssertTrue([error.localizedFailureReason containsString:@"verification failed"]);

	const char dataBytes = (const char )data.bytes;
	XCTAssertTrue(dataBytes != NULL);

	// Flip all the bits in data one by one.
	for (NSUInteger byteIndex = 0; byteIndex < data.length; byteIndex++) {
	const char currentByte = dataBytes[byteIndex];

	for (NSUInteger bitIndex = 0; bitIndex < 8; bitIndex++) {
	// Flip every bit on this byte.
	char flippedByte = (currentByte ^ (1 << bitIndex));
	XCTAssertTrue(flippedByte != currentByte);

	// Replace the mutated byte in the original data.
	NSMutableData *mutableData = data.mutableCopy;
	char mutableBytes = (char )mutableData.mutableBytes;
	mutableBytes[byteIndex] = flippedByte;

	XCTAssertFalse(
	[mac verifyMac:computedMac forData:[NSData dataWithData:mutableData] error:&error]);
	XCTAssertTrue(error.code == crypto::tink::util::error::INVALID_ARGUMENT);
	XCTAssertTrue([error.localizedFailureReason containsString:@"verification failed"]);
	}
	}

	const char macBytes = (const char )computedMac.bytes;
	XCTAssertTrue(macBytes != NULL);

	// Flip all the bits in the MAC one by one.
	for (NSUInteger byteIndex = 0; byteIndex < computedMac.length; byteIndex++) {
	const char currentByte = macBytes[byteIndex];

	for (NSUInteger bitIndex = 0; bitIndex < 8; bitIndex++) {
	// Flip every bit on this byte.
	char flippedByte = (currentByte ^ (1 << bitIndex));
	XCTAssertTrue(flippedByte != currentByte);

	// Replace the mutated byte in the original data.
	NSMutableData *mutableMac = computedMac.mutableCopy;
	char mutableBytes = (char )mutableMac.mutableBytes;
	mutableBytes[byteIndex] = flippedByte;

	XCTAssertFalse([mac verifyMac:[NSData dataWithData:mutableMac] forData:data error:&error]);
	XCTAssertTrue(error.code == crypto::tink::util::error::INVALID_ARGUMENT);
	XCTAssertTrue([error.localizedFailureReason containsString:@"verification failed"]);
	}
	}
	}

	@end