Google Git
Sign in
fuchsia / third_party / tink / refs/tags/v1.4.0 / . / python / tink / tink_config_test.py
blob: df1c50095dc73ff5c61f8afca68c8b27bf20f600 [file] [log] [blame]
# Copyright 2019 Google LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Tests for tink.python.tink.tink_config."""
from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from absl.testing import absltest
from tink.proto import tink_pb2
from tink import aead
from tink import core
from tink import daead
from tink import hybrid
from tink import mac
from tink import signature
from tink import tink_config
def setUpModule():
tink_config.register()
def _primitive_and_key(key_data, primitive_class, output_prefix_type):
primitive = core.Registry.primitive(key_data, primitive_class)
key = tink_pb2.Keyset.Key(
key_id=1, status=tink_pb2.ENABLED, output_prefix_type=output_prefix_type)
key.key_data.CopyFrom(key_data)
return primitive, key
def _new_primitive_and_key(template, primitive_class, output_prefix_type):
return _primitive_and_key(
core.Registry.new_key_data(template), primitive_class, output_prefix_type)
def _public_primitive_and_key(private_key, primitive_class, output_prefix_type):
return _primitive_and_key(
core.Registry.public_key_data(private_key.key_data), primitive_class,
output_prefix_type)
class TinkConfigTest(absltest.TestCase):
def test_all_aead_templates_are_registered(self):
for template in [
aead.aead_key_templates.AES128_EAX,
aead.aead_key_templates.AES256_EAX,
aead.aead_key_templates.AES128_GCM,
aead.aead_key_templates.AES256_GCM,
aead.aead_key_templates.AES128_CTR_HMAC_SHA256,
aead.aead_key_templates.AES256_CTR_HMAC_SHA256,
aead.aead_key_templates.XCHACHA20_POLY1305
]:
key_data = core.Registry.new_key_data(template)
primitive = core.Registry.primitive(key_data, aead.Aead)
self.assertEqual(
primitive.decrypt(primitive.encrypt(b'message', b'ad'), b'ad'),
b'message')
def test_all_mac_templates_are_registered(self):
for template in [
mac.mac_key_templates.HMAC_SHA256_128BITTAG,
mac.mac_key_templates.HMAC_SHA256_256BITTAG
]:
key_data = core.Registry.new_key_data(template)
primitive = core.Registry.primitive(key_data, mac.Mac)
self.assertIsNone(
primitive.verify_mac(primitive.compute_mac(b'data'), b'data'))
def test_all_deterministic_aead_templates_are_registered(self):
key_data = core.Registry.new_key_data(
daead.deterministic_aead_key_templates.AES256_SIV)
daead_primitive = core.Registry.primitive(key_data, daead.DeterministicAead)
ciphertext = daead_primitive.encrypt_deterministically(b'message', b'ad')
self.assertEqual(
daead_primitive.decrypt_deterministically(ciphertext, b'ad'),
b'message')
def test_aead_wrapper_is_correctly_registered(self):
aead1, key1 = _new_primitive_and_key(aead.aead_key_templates.AES128_EAX,
aead.Aead, tink_pb2.RAW)
aead2, key2 = _new_primitive_and_key(aead.aead_key_templates.AES256_GCM,
aead.Aead, tink_pb2.TINK)
pset = core.PrimitiveSet(aead.Aead)
pset.add_primitive(aead1, key1)
pset.set_primary(pset.add_primitive(aead2, key2))
wrapped_aead = core.Registry.wrap(pset)
self.assertEqual(
wrapped_aead.decrypt(aead1.encrypt(b'plaintext1', b'ad1'), b'ad1'),
b'plaintext1')
self.assertEqual(
wrapped_aead.decrypt(
wrapped_aead.encrypt(b'plaintext2', b'ad2'), b'ad2'), b'plaintext2')
def test_mac_wrapper_is_correctly_registered(self):
mac1, key1 = _new_primitive_and_key(
mac.mac_key_templates.HMAC_SHA256_128BITTAG, mac.Mac, tink_pb2.RAW)
mac2, key2 = _new_primitive_and_key(
mac.mac_key_templates.HMAC_SHA256_256BITTAG, mac.Mac, tink_pb2.TINK)
pset = core.PrimitiveSet(mac.Mac)
pset.add_primitive(mac1, key1)
pset.set_primary(pset.add_primitive(mac2, key2))
wrapped_mac = core.Registry.wrap(pset)
self.assertIsNone(
wrapped_mac.verify_mac(mac1.compute_mac(b'data1'), b'data1'))
self.assertIsNone(
wrapped_mac.verify_mac(wrapped_mac.compute_mac(b'data2'), b'data2'))
def test_deterministic_aead_wrapper_is_correctly_registered(self):
daead1, key1 = _new_primitive_and_key(
daead.deterministic_aead_key_templates.AES256_SIV,
daead.DeterministicAead, tink_pb2.RAW)
daead2, key2 = _new_primitive_and_key(
daead.deterministic_aead_key_templates.AES256_SIV,
daead.DeterministicAead, tink_pb2.TINK)
pset = core.PrimitiveSet(daead.DeterministicAead)
pset.add_primitive(daead1, key1)
pset.set_primary(pset.add_primitive(daead2, key2))
wrapped_daead = core.Registry.wrap(pset)
self.assertEqual(
wrapped_daead.decrypt_deterministically(
daead1.encrypt_deterministically(b'plaintext1', b'ad1'), b'ad1'),
b'plaintext1')
self.assertEqual(
wrapped_daead.decrypt_deterministically(
wrapped_daead.encrypt_deterministically(b'plaintext2', b'ad2'),
b'ad2'), b'plaintext2')
def test_hybrid_wrappers_are_correctly_registered(self):
dec1, dec1_key = _new_primitive_and_key(
hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM,
hybrid.HybridDecrypt, tink_pb2.RAW)
enc1, enc1_key = _public_primitive_and_key(dec1_key, hybrid.HybridEncrypt,
tink_pb2.RAW)
dec2, dec2_key = _new_primitive_and_key(
hybrid.hybrid_key_templates.ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM,
hybrid.HybridDecrypt, tink_pb2.RAW)
enc2, enc2_key = _public_primitive_and_key(dec2_key, hybrid.HybridEncrypt,
tink_pb2.RAW)
dec_pset = core.PrimitiveSet(hybrid.HybridDecrypt)
dec_pset.add_primitive(dec1, dec1_key)
dec_pset.set_primary(dec_pset.add_primitive(dec2, dec2_key))
wrapped_dec = core.Registry.wrap(dec_pset)
enc_pset = core.PrimitiveSet(hybrid.HybridEncrypt)
enc_pset.add_primitive(enc1, enc1_key)
enc_pset.set_primary(enc_pset.add_primitive(enc2, enc2_key))
wrapped_enc = core.Registry.wrap(enc_pset)
self.assertEqual(
wrapped_dec.decrypt(enc1.encrypt(b'plaintext1', b'ad1'), b'ad1'),
b'plaintext1')
self.assertEqual(
wrapped_dec.decrypt(wrapped_enc.encrypt(b'plaintext2', b'ad2'), b'ad2'),
b'plaintext2')
def test_key_managers_for_signature_templates_are_registered(self):
key_templates = signature.signature_key_templates
for template in [
key_templates.ECDSA_P256, key_templates.ECDSA_P384,
key_templates.ECDSA_P521, key_templates.ECDSA_P256_IEEE_P1363,
key_templates.ECDSA_P256_IEEE_P1363,
key_templates.ECDSA_P521_IEEE_P1363, key_templates.ED25519,
key_templates.RSA_SSA_PSS_3072_SHA256_SHA256_32_F4,
key_templates.RSA_SSA_PSS_4096_SHA512_SHA512_64_F4,
key_templates.RSA_SSA_PKCS1_3072_SHA256_F4,
key_templates.RSA_SSA_PKCS1_4096_SHA512_F4
]:
key_data = core.Registry.new_key_data(template)
primitive = core.Registry.primitive(key_data, signature.PublicKeySign)
sig = primitive.sign(b'data')
public_key = core.Registry.public_key_data(key_data)
primitive_verify = core.Registry.primitive(public_key,
signature.PublicKeyVerify)
primitive_verify.verify(sig, b'data')
def test_signature_wrapper_is_correctly_registered(self):
sig1, key1 = _new_primitive_and_key(
signature.signature_key_templates.ECDSA_P256, signature.PublicKeySign,
tink_pb2.TINK)
sig2, key2 = _new_primitive_and_key(
signature.signature_key_templates.ECDSA_P256, signature.PublicKeySign,
tink_pb2.TINK)
ver1, pubkey1 = _public_primitive_and_key(key1, signature.PublicKeyVerify,
tink_pb2.TINK)
ver2, pubkey2 = _public_primitive_and_key(key2, signature.PublicKeyVerify,
tink_pb2.TINK)
pset = core.PrimitiveSet(signature.PublicKeySign)
pset.add_primitive(sig1, key1)
pset.set_primary(pset.add_primitive(sig2, key2))
wrapped_sig = core.Registry.wrap(pset)
pset_verify = core.new_primitive_set(signature.PublicKeyVerify)
pset_verify.add_primitive(ver1, pubkey1)
pset_verify.set_primary(pset_verify.add_primitive(ver2, pubkey2))
wrapped_ver = core.Registry.wrap(pset_verify)
sig = wrapped_sig.sign(b'data')
wrapped_ver.verify(sig, b'data')
if __name__ == '__main__':
absltest.main()