1 // Copyright 2019 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/signature/ed25519_verify_key_manager.h"
18
19 #include <string>
20
21 #include "gmock/gmock.h"
22 #include "gtest/gtest.h"
23 #include "tink/public_key_sign.h"
24 #include "tink/public_key_verify.h"
25 #include "tink/registry.h"
26 #include "tink/signature/ed25519_sign_key_manager.h"
27 #include "tink/subtle/ed25519_sign_boringssl.h"
28 #include "tink/util/enums.h"
29 #include "tink/util/secret_data.h"
30 #include "tink/util/status.h"
31 #include "tink/util/statusor.h"
32 #include "tink/util/test_matchers.h"
33 #include "tink/util/test_util.h"
34 #include "proto/ed25519.pb.h"
35
36 namespace crypto {
37 namespace tink {
38
39 using ::crypto::tink::test::IsOk;
40 using ::google::crypto::tink::Ed25519KeyFormat;
41 using ::google::crypto::tink::Ed25519PrivateKey;
42 using ::google::crypto::tink::Ed25519PublicKey;
43 using ::google::crypto::tink::KeyData;
44 using ::testing::Eq;
45 using ::testing::Not;
46
47 namespace {
48
TEST(Ed25519VerifyKeyManagerTest,Basics)49 TEST(Ed25519VerifyKeyManagerTest, Basics) {
50 EXPECT_THAT(Ed25519VerifyKeyManager().get_version(), Eq(0));
51 EXPECT_THAT(Ed25519VerifyKeyManager().key_material_type(),
52 Eq(KeyData::ASYMMETRIC_PUBLIC));
53 EXPECT_THAT(Ed25519VerifyKeyManager().get_key_type(),
54 Eq("type.googleapis.com/google.crypto.tink.Ed25519PublicKey"));
55 }
56
TEST(Ed25519VerifyKeyManagerTest,ValidateEmptyKey)57 TEST(Ed25519VerifyKeyManagerTest, ValidateEmptyKey) {
58 EXPECT_THAT(Ed25519VerifyKeyManager().ValidateKey(Ed25519PublicKey()),
59 Not(IsOk()));
60 }
61
CreateValidPrivateKey()62 Ed25519PrivateKey CreateValidPrivateKey() {
63 return Ed25519SignKeyManager().CreateKey(Ed25519KeyFormat()).value();
64 }
65
CreateValidPublicKey()66 Ed25519PublicKey CreateValidPublicKey() {
67 return Ed25519SignKeyManager().GetPublicKey(CreateValidPrivateKey()).value();
68 }
69
70 // Checks that a public key generaed by the SignKeyManager is considered valid.
TEST(Ed25519VerifyKeyManagerTest,PublicKeyValid)71 TEST(Ed25519VerifyKeyManagerTest, PublicKeyValid) {
72 Ed25519PublicKey key = CreateValidPublicKey();
73 EXPECT_THAT(Ed25519VerifyKeyManager().ValidateKey(key), IsOk());
74 }
75
TEST(Ed25519VerifyKeyManagerTest,PublicKeyWrongVersion)76 TEST(Ed25519VerifyKeyManagerTest, PublicKeyWrongVersion) {
77 Ed25519PublicKey key = CreateValidPublicKey();
78 key.set_version(1);
79 EXPECT_THAT(Ed25519VerifyKeyManager().ValidateKey(key), Not(IsOk()));
80 }
81
TEST(Ed25519VerifyKeyManagerTest,PublicKeyWrongKeyLength31)82 TEST(Ed25519VerifyKeyManagerTest, PublicKeyWrongKeyLength31) {
83 Ed25519PublicKey key = CreateValidPublicKey();
84 key.set_key_value(std::string(31, 'a'));
85 EXPECT_THAT(Ed25519VerifyKeyManager().ValidateKey(key), Not(IsOk()));
86 }
87
TEST(Ed25519VerifyKeyManagerTest,PublicKeyWrongKeyLength64)88 TEST(Ed25519VerifyKeyManagerTest, PublicKeyWrongKeyLength64) {
89 Ed25519PublicKey key = CreateValidPublicKey();
90 key.set_key_value(std::string(64, 'a'));
91 EXPECT_THAT(Ed25519VerifyKeyManager().ValidateKey(key), Not(IsOk()));
92 }
93
TEST(Ed25519SignKeyManagerTest,Create)94 TEST(Ed25519SignKeyManagerTest, Create) {
95 Ed25519PrivateKey private_key = CreateValidPrivateKey();
96 Ed25519PublicKey public_key =
97 Ed25519SignKeyManager().GetPublicKey(private_key).value();
98
99 auto direct_signer_or =
100 subtle::Ed25519SignBoringSsl::New(util::SecretDataFromStringView(
101 absl::StrCat(private_key.key_value(), public_key.key_value())));
102 ASSERT_THAT(direct_signer_or, IsOk());
103
104 auto verifier_or =
105 Ed25519VerifyKeyManager().GetPrimitive<PublicKeyVerify>(public_key);
106 ASSERT_THAT(verifier_or, IsOk());
107
108 std::string message = "Some message";
109 EXPECT_THAT(verifier_or.value()->Verify(
110 direct_signer_or.value()->Sign(message).value(), message),
111 IsOk());
112 }
113
TEST(Ed25519SignKeyManagerTest,CreateDifferentPrivateKey)114 TEST(Ed25519SignKeyManagerTest, CreateDifferentPrivateKey) {
115 Ed25519PrivateKey private_key = CreateValidPrivateKey();
116 // Note: we create a new key in the next line.
117 Ed25519PublicKey public_key =
118 Ed25519SignKeyManager().GetPublicKey(CreateValidPrivateKey()).value();
119
120 auto direct_signer_or = subtle::Ed25519SignBoringSsl::New(
121 util::SecretDataFromStringView(absl::StrCat(
122 private_key.key_value(), private_key.public_key().key_value())));
123 ASSERT_THAT(direct_signer_or, IsOk());
124
125 auto verifier_or =
126 Ed25519VerifyKeyManager().GetPrimitive<PublicKeyVerify>(public_key);
127 ASSERT_THAT(verifier_or, IsOk());
128
129 std::string message = "Some message";
130 EXPECT_THAT(verifier_or.value()->Verify(
131 direct_signer_or.value()->Sign(message).value(), message),
132 Not(IsOk()));
133 }
134
135 } // namespace
136 } // namespace tink
137 } // namespace crypto
138