xref: /aosp_15_r20/external/tink/go/insecurecleartextkeyset/insecurecleartextkeyset_test.go (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2019 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17package insecurecleartextkeyset_test
18
19import (
20	"bytes"
21	"testing"
22
23	"github.com/google/go-cmp/cmp"
24	"google.golang.org/protobuf/proto"
25	"google.golang.org/protobuf/testing/protocmp"
26	"github.com/google/tink/go/aead"
27	"github.com/google/tink/go/hybrid"
28	"github.com/google/tink/go/insecurecleartextkeyset"
29	"github.com/google/tink/go/internal/internalregistry"
30	"github.com/google/tink/go/keyset"
31	"github.com/google/tink/go/mac"
32	"github.com/google/tink/go/testing/fakemonitoring"
33
34	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
35)
36
37// A KeysetReader that always returns nil.
38type NilKeysetReader struct {
39}
40
41func (m *NilKeysetReader) Read() (*tinkpb.Keyset, error) {
42	return nil, nil
43}
44
45func (m *NilKeysetReader) ReadEncrypted() (*tinkpb.EncryptedKeyset, error) {
46	return nil, nil
47}
48
49func TestReadWithNilKeysetFails(t *testing.T) {
50	if _, err := insecurecleartextkeyset.Read(&NilKeysetReader{}); err == nil {
51		t.Error("insecurecleartextkeyset.Read(&NilKeysetReader{}) err = nil, want error")
52	}
53}
54
55func TestReadWithNilReaderFails(t *testing.T) {
56	if _, err := insecurecleartextkeyset.Read(nil); err == nil {
57		t.Error("insecurecleartextkeyset.Read(nil) err = nil, want error")
58	}
59}
60
61func TestWriteWithNilHandleFails(t *testing.T) {
62	buff := &bytes.Buffer{}
63	if err := insecurecleartextkeyset.Write(nil, keyset.NewBinaryWriter(buff)); err == nil {
64		t.Error("insecurecleartextkeyset.Write(nil, _) err = nil, want error")
65	}
66}
67
68func TestWriteWithNilWriterFails(t *testing.T) {
69	handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate())
70	if err != nil {
71		t.Fatalf("keyset.NewHandle(aead.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err)
72	}
73	if err := insecurecleartextkeyset.Write(handle, nil); err == nil {
74		t.Error("insecurecleartextkeyset.Write(_, nil) err = nil, want error")
75	}
76}
77
78func TestWriteAndReadInBinary(t *testing.T) {
79	handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate())
80	if err != nil {
81		t.Fatalf("keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err)
82	}
83
84	buff := &bytes.Buffer{}
85	err = insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff))
86	if err != nil {
87		t.Fatalf("insecurecleartextkeyset.Write() err = %v, want nil", err)
88	}
89	serialized := buff.Bytes()
90
91	parsedHandle, err := insecurecleartextkeyset.Read(keyset.NewBinaryReader(bytes.NewBuffer(serialized)))
92	if err != nil {
93		t.Fatalf("insecurecleartextkeyset.Read() err = %v, want nil", err)
94	}
95
96	want := insecurecleartextkeyset.KeysetMaterial(handle)
97	got := insecurecleartextkeyset.KeysetMaterial(parsedHandle)
98	if !proto.Equal(got, want) {
99		t.Errorf("KeysetMaterial(Read()) = %q, want %q", got, want)
100	}
101}
102
103func TestWriteAndReadInJson(t *testing.T) {
104	handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate())
105	if err != nil {
106		t.Fatalf("keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err)
107	}
108
109	buff := &bytes.Buffer{}
110	err = insecurecleartextkeyset.Write(handle, keyset.NewJSONWriter(buff))
111	if err != nil {
112		t.Fatalf("insecurecleartextkeyset.Write() err = %v, want nil", err)
113	}
114	serialized := buff.Bytes()
115
116	parsedHandle, err := insecurecleartextkeyset.Read(keyset.NewJSONReader(bytes.NewBuffer(serialized)))
117	if err != nil {
118		t.Fatalf("insecurecleartextkeyset.Read() err = %v, want nil", err)
119	}
120
121	want := insecurecleartextkeyset.KeysetMaterial(handle)
122	got := insecurecleartextkeyset.KeysetMaterial(parsedHandle)
123	if !proto.Equal(got, want) {
124		t.Errorf("KeysetMaterial(Read()) = %q, want %q", got, want)
125	}
126}
127
128func TestLegacyKeysetHandle(t *testing.T) {
129	handle, err := keyset.NewHandle(hybrid.DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Key_Template())
130	if err != nil {
131		t.Fatalf(" keyset.NewHandle(hybrid.DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Key_Template()) err = %v, want nil", err)
132	}
133	ks := insecurecleartextkeyset.KeysetMaterial(handle)
134	gotHandle1 := insecurecleartextkeyset.KeysetHandle(ks)
135	if !cmp.Equal(gotHandle1.KeysetInfo(), handle.KeysetInfo(), protocmp.Transform()) {
136		t.Errorf("gotHandle1.KeysetInfo() = %v, want %v", gotHandle1.KeysetInfo(), handle.KeysetInfo())
137	}
138	serializedKeyset, err := proto.Marshal(ks)
139	if err != nil {
140		t.Fatalf("proto.Marshal() err = %v, want nil", err)
141	}
142	gotHandle2, err := insecurecleartextkeyset.Read(keyset.NewBinaryReader(bytes.NewBuffer(serializedKeyset)))
143	if err != nil {
144		t.Fatalf("insecurecleartextkeyset.Read() err = %v, want nil", err)
145	}
146	if !cmp.Equal(gotHandle2.KeysetInfo(), handle.KeysetInfo(), protocmp.Transform()) {
147		t.Errorf("gotHandle2.KeysetInfo() = %v, want %v", gotHandle2.KeysetInfo(), handle.KeysetInfo())
148	}
149}
150
151func TestHandleFromReaderWithAnnotationsGetsMonitored(t *testing.T) {
152	defer internalregistry.ClearMonitoringClient()
153	client := &fakemonitoring.Client{}
154	if err := internalregistry.RegisterMonitoringClient(client); err != nil {
155		t.Fatalf("internalregistry.RegisterMonitoringClient() err = %v, want nil", err)
156	}
157	handle, err := keyset.NewHandle(aead.AES256GCMKeyTemplate())
158	if err != nil {
159		t.Fatalf(" keyset.NewHandle(aead.AES256GCMKeyTemplate()) err = %v, want nil", err)
160	}
161	buff := &bytes.Buffer{}
162	if err := insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)); err != nil {
163		t.Fatalf("insecurecleartextkeyset.Write() err = %v, want nil", err)
164	}
165	wantAnnotations := map[string]string{"foo": "bar"}
166	annotatedHandle, err := insecurecleartextkeyset.Read(keyset.NewBinaryReader(buff), keyset.WithAnnotations(wantAnnotations))
167	if err != nil {
168		t.Fatalf("insecurecleartextkeyset.Read() err = %v, want nil", err)
169	}
170	p, err := aead.New(annotatedHandle)
171	if err != nil {
172		t.Fatalf("aead.New() err = %v, want nil", err)
173	}
174	if _, err := p.Encrypt([]byte("some_data"), nil); err != nil {
175		t.Fatalf("Encrypt() err = %v, want nil", err)
176	}
177	events := client.Events()
178	gotAnnotations := events[0].Context.KeysetInfo.Annotations
179	if !cmp.Equal(gotAnnotations, wantAnnotations) {
180		t.Errorf("Annotations = %v, want %v", gotAnnotations, wantAnnotations)
181	}
182}
183
184func TestHandleFromReaderWithAnnotationsTwiceFails(t *testing.T) {
185	handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate())
186	if err != nil {
187		t.Fatalf(" keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err)
188	}
189	buff := &bytes.Buffer{}
190	if err := insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)); err != nil {
191		t.Fatalf("insecurecleartextkeyset.Write() err = %v, want nil", err)
192	}
193	annotations := map[string]string{"foo": "bar"}
194	if _, err := insecurecleartextkeyset.Read(
195		keyset.NewBinaryReader(buff),
196		keyset.WithAnnotations(annotations),
197		keyset.WithAnnotations(annotations)); err == nil {
198		t.Fatalf("insecurecleartextkeyset.Read() err = nil, want error")
199	}
200}
201
202func TestHandleFromReaderWithoutAnnotationsDoesNotGetMonitored(t *testing.T) {
203	defer internalregistry.ClearMonitoringClient()
204	client := &fakemonitoring.Client{}
205	if err := internalregistry.RegisterMonitoringClient(client); err != nil {
206		t.Fatalf("internalregistry.RegisterMonitoringClient() err = %v, want nil", err)
207	}
208	handle, err := keyset.NewHandle(aead.AES256GCMKeyTemplate())
209	if err != nil {
210		t.Fatalf(" keyset.NewHandle(aead.AES256GCMKeyTemplate()) err = %v, want nil", err)
211	}
212	buff := &bytes.Buffer{}
213	if err := insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)); err != nil {
214		t.Fatalf("insecurecleartextkeyset.Write() err = %v, want nil", err)
215	}
216	unannotatedHandle, err := insecurecleartextkeyset.Read(keyset.NewBinaryReader(buff))
217	if err != nil {
218		t.Fatalf("insecurecleartextkeyset.Read() err = %v, want nil", err)
219	}
220	p, err := aead.New(unannotatedHandle)
221	if err != nil {
222		t.Fatalf("aead.New() err = %v, want nil", err)
223	}
224	if _, err := p.Encrypt([]byte("some_data"), nil); err != nil {
225		t.Fatalf("Encrypt() err = %v, want nil", err)
226	}
227	if len(client.Events()) != 0 {
228		t.Errorf("len(client.Events()) = %d, want 0", len(client.Events()))
229	}
230}
231