xref: /aosp_15_r20/external/tink/go/keyset/validation_test.go (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2019 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17package keyset_test
18
19import (
20	"testing"
21
22	"github.com/google/tink/go/keyset"
23	"github.com/google/tink/go/subtle/random"
24	"github.com/google/tink/go/testutil"
25	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
26)
27
28func TestValidateKeyVersion(t *testing.T) {
29	if keyset.ValidateKeyVersion(2, 1) == nil ||
30		keyset.ValidateKeyVersion(1, 1) != nil ||
31		keyset.ValidateKeyVersion(1, 2) != nil {
32		t.Errorf("incorrect version validation")
33	}
34}
35
36func TestValidate(t *testing.T) {
37	var err error
38	// nil input
39	if err = keyset.Validate(nil); err == nil {
40		t.Errorf("expect an error when keyset is nil")
41	}
42	// empty keyset
43	var emptyKeys []*tinkpb.Keyset_Key
44	if err = keyset.Validate(testutil.NewKeyset(1, emptyKeys)); err == nil {
45		t.Errorf("expect an error when keyset is empty")
46	}
47	// no primary key
48	keys := []*tinkpb.Keyset_Key{
49		testutil.NewDummyKey(1, tinkpb.KeyStatusType_ENABLED, tinkpb.OutputPrefixType_TINK),
50	}
51	if err = keyset.Validate(testutil.NewKeyset(2, keys)); err == nil {
52		t.Errorf("expect an error when there is no primary key")
53	}
54	// primary key is disabled
55	keys = []*tinkpb.Keyset_Key{
56		testutil.NewDummyKey(1, tinkpb.KeyStatusType_ENABLED, tinkpb.OutputPrefixType_TINK),
57		testutil.NewDummyKey(2, tinkpb.KeyStatusType_DISABLED, tinkpb.OutputPrefixType_LEGACY),
58	}
59	if err = keyset.Validate(testutil.NewKeyset(2, keys)); err == nil {
60		t.Errorf("expect an error when primary key is disabled")
61	}
62	// multiple primary keys
63	keys = []*tinkpb.Keyset_Key{
64		testutil.NewDummyKey(1, tinkpb.KeyStatusType_ENABLED, tinkpb.OutputPrefixType_TINK),
65		testutil.NewDummyKey(1, tinkpb.KeyStatusType_ENABLED, tinkpb.OutputPrefixType_LEGACY),
66	}
67	if err = keyset.Validate(testutil.NewKeyset(1, keys)); err == nil {
68		t.Errorf("expect an error when there are multiple primary keys")
69	}
70	// invalid keys
71	invalidKeys := generateInvalidKeys()
72	for i, key := range invalidKeys {
73		err = keyset.Validate(testutil.NewKeyset(1, []*tinkpb.Keyset_Key{key}))
74		if err == nil {
75			t.Errorf("expect an error when validate invalid key %d", i)
76		}
77	}
78	//no primary keys
79	keys = []*tinkpb.Keyset_Key{
80		testutil.NewDummyKey(1, tinkpb.KeyStatusType_DISABLED, tinkpb.OutputPrefixType_TINK),
81		testutil.NewDummyKey(1, tinkpb.KeyStatusType_DISABLED, tinkpb.OutputPrefixType_LEGACY),
82	}
83	if err = keyset.Validate(testutil.NewKeyset(1, keys)); err == nil {
84		t.Errorf("expect an error when there are no primary keys")
85	}
86	// public key only
87	keys = []*tinkpb.Keyset_Key{
88		testutil.NewKey(testutil.NewKeyData(testutil.EciesAeadHkdfPublicKeyTypeURL, random.GetRandomBytes(10), tinkpb.KeyData_ASYMMETRIC_PUBLIC), tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK),
89	}
90	if err = keyset.Validate(testutil.NewKeyset(1, keys)); err != nil {
91		t.Errorf("valid test failed when using public key only: %v", err)
92	}
93	// private key
94	keys = []*tinkpb.Keyset_Key{
95		testutil.NewKey(testutil.NewKeyData(testutil.EciesAeadHkdfPublicKeyTypeURL, random.GetRandomBytes(10), tinkpb.KeyData_ASYMMETRIC_PUBLIC), tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK),
96		testutil.NewKey(testutil.NewKeyData(testutil.EciesAeadHkdfPrivateKeyTypeURL, random.GetRandomBytes(10), tinkpb.KeyData_ASYMMETRIC_PRIVATE), tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK),
97	}
98	if err = keyset.Validate(testutil.NewKeyset(1, keys)); err == nil {
99		t.Errorf("expect an error when there are keydata other than public")
100	}
101}
102
103func generateInvalidKeys() []*tinkpb.Keyset_Key {
104	return []*tinkpb.Keyset_Key{
105		nil,
106		// nil KeyData
107		testutil.NewKey(nil, tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK),
108		// unknown status
109		testutil.NewKey(new(tinkpb.KeyData), tinkpb.KeyStatusType_UNKNOWN_STATUS, 1, tinkpb.OutputPrefixType_TINK),
110		// unknown prefix
111		testutil.NewKey(new(tinkpb.KeyData), tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_UNKNOWN_PREFIX),
112	}
113}
114