xref: /aosp_15_r20/external/tink/cc/daead/aes_siv_key_manager_test.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 #include "tink/daead/aes_siv_key_manager.h"
18 
19 #include <sstream>
20 
21 #include "gmock/gmock.h"
22 #include "gtest/gtest.h"
23 #include "absl/status/status.h"
24 #include "tink/deterministic_aead.h"
25 #include "tink/util/istream_input_stream.h"
26 #include "tink/util/secret_data.h"
27 #include "tink/util/status.h"
28 #include "tink/util/statusor.h"
29 #include "tink/util/test_matchers.h"
30 #include "proto/aes_siv.pb.h"
31 
32 namespace crypto {
33 namespace tink {
34 
35 using ::crypto::tink::test::IsOk;
36 using ::crypto::tink::test::StatusIs;
37 using ::google::crypto::tink::AesSivKey;
38 using ::google::crypto::tink::AesSivKeyFormat;
39 using ::testing::Eq;
40 using ::testing::HasSubstr;
41 using ::testing::Ne;
42 using ::testing::Not;
43 using ::testing::SizeIs;
44 
45 namespace {
46 
TEST(AesSivKeyManagerTest,Basics)47 TEST(AesSivKeyManagerTest, Basics) {
48   EXPECT_THAT(AesSivKeyManager().get_version(), Eq(0));
49   EXPECT_THAT(AesSivKeyManager().get_key_type(),
50               Eq("type.googleapis.com/google.crypto.tink.AesSivKey"));
51   EXPECT_THAT(AesSivKeyManager().key_material_type(),
52               Eq(google::crypto::tink::KeyData::SYMMETRIC));
53 }
54 
TEST(AesSivKeyManagerTest,ValidateEmptyKey)55 TEST(AesSivKeyManagerTest, ValidateEmptyKey) {
56   EXPECT_THAT(AesSivKeyManager().ValidateKey(AesSivKey()), Not(IsOk()));
57 }
58 
TEST(AesSivKeyManagerTest,ValidateEmptyKeyFormat)59 TEST(AesSivKeyManagerTest, ValidateEmptyKeyFormat) {
60   EXPECT_THAT(AesSivKeyManager().ValidateKeyFormat(AesSivKeyFormat()),
61               Not(IsOk()));
62 }
63 
TEST(AesSivKeyManagerTest,ValidKeyFormat)64 TEST(AesSivKeyManagerTest, ValidKeyFormat) {
65   AesSivKeyFormat format;
66   format.set_key_size(64);
67   EXPECT_THAT(AesSivKeyManager().ValidateKeyFormat(format), IsOk());
68 }
69 
TEST(AesSivKeyManagerTest,ValidateKeyFormatWithWrongSizes)70 TEST(AesSivKeyManagerTest, ValidateKeyFormatWithWrongSizes) {
71   AesSivKeyFormat format;
72 
73   for (int i = 0; i < 64; ++i) {
74     format.set_key_size(i);
75     EXPECT_THAT(AesSivKeyManager().ValidateKeyFormat(format), Not(IsOk()))
76         << " for length " << i;
77   }
78   for (int i = 65; i <= 200; ++i) {
79     format.set_key_size(i);
80     EXPECT_THAT(AesSivKeyManager().ValidateKeyFormat(format), Not(IsOk()))
81         << " for length " << i;
82   }
83 }
84 
TEST(AesSivKeyManagerTest,CreateKey)85 TEST(AesSivKeyManagerTest, CreateKey) {
86   AesSivKeyFormat format;
87   format.set_key_size(64);
88   auto key_or = AesSivKeyManager().CreateKey(format);
89   ASSERT_THAT(key_or, IsOk());
90   EXPECT_THAT(key_or.value().key_value(), SizeIs(format.key_size()));
91   EXPECT_THAT(key_or.value().version(), Eq(0));
92 }
93 
TEST(AesSivKeyManagerTest,CreateKeyIsValid)94 TEST(AesSivKeyManagerTest, CreateKeyIsValid) {
95   AesSivKeyFormat format;
96   format.set_key_size(64);
97   auto key_or = AesSivKeyManager().CreateKey(format);
98   ASSERT_THAT(key_or, IsOk());
99   EXPECT_THAT(AesSivKeyManager().ValidateKey(key_or.value()), IsOk());
100 }
101 
TEST(AesSivKeyManagerTest,MultipleCreateCallsCreateDifferentKeys)102 TEST(AesSivKeyManagerTest, MultipleCreateCallsCreateDifferentKeys) {
103   AesSivKeyFormat format;
104   AesSivKeyManager manager;
105   format.set_key_size(64);
106   auto key1_or = manager.CreateKey(format);
107   ASSERT_THAT(key1_or, IsOk());
108   auto key2_or = manager.CreateKey(format);
109   ASSERT_THAT(key2_or, IsOk());
110   EXPECT_THAT(key1_or.value().key_value(), Ne(key2_or.value().key_value()));
111 }
112 
TEST(AesSivKeyManagerTest,DeriveKey)113 TEST(AesSivKeyManagerTest, DeriveKey) {
114   util::IstreamInputStream input_stream{absl::make_unique<std::stringstream>(
115       "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")};
116   AesSivKeyFormat format;
117   format.set_key_size(64);
118   format.set_version(0);
119   auto key_or = AesSivKeyManager().DeriveKey(format, &input_stream);
120 
121   ASSERT_THAT(key_or, IsOk());
122   EXPECT_THAT(key_or.value().key_value(), SizeIs(64));
123   EXPECT_THAT(key_or.value().version(), Eq(0));
124 }
125 
TEST(AesSivKeyManagerTest,DeriveKeyFromLongSeed)126 TEST(AesSivKeyManagerTest, DeriveKeyFromLongSeed) {
127   util::IstreamInputStream input_stream{absl::make_unique<std::stringstream>(
128       "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdefXXXXX")};
129 
130   AesSivKeyFormat format;
131   format.set_key_size(64);
132   format.set_version(0);
133   auto key_or = AesSivKeyManager().DeriveKey(format, &input_stream);
134 
135   ASSERT_THAT(key_or, IsOk());
136   EXPECT_THAT(
137       key_or.value().key_value(),
138       Eq("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"));
139 }
140 
TEST(AesSivKeyManagerTest,DeriveKeyWithoutEnoughEntropy)141 TEST(AesSivKeyManagerTest, DeriveKeyWithoutEnoughEntropy) {
142   AesSivKeyFormat format;
143   format.set_key_size(64);
144   format.set_version(0);
145   util::IstreamInputStream input_stream{
146       absl::make_unique<std::stringstream>("0123456789abcdef0123456789abcdef")};
147   auto key_or = AesSivKeyManager().DeriveKey(format, &input_stream);
148   ASSERT_THAT(key_or.status(), StatusIs(absl::StatusCode::kInvalidArgument,
149                                         HasSubstr("pseudorandomness")));
150 }
151 
TEST(AesSivKeyManagerTest,DeriveKeyWrongVersion)152 TEST(AesSivKeyManagerTest, DeriveKeyWrongVersion) {
153   util::IstreamInputStream input_stream{absl::make_unique<std::stringstream>(
154       "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")};
155   AesSivKeyFormat format;
156   format.set_key_size(64);
157   format.set_version(1);
158   auto key_or = AesSivKeyManager().DeriveKey(format, &input_stream);
159 
160   ASSERT_THAT(key_or.status(), StatusIs(absl::StatusCode::kInvalidArgument,
161                                         HasSubstr("version")));
162 }
163 
TEST(AesSivKeyManagerTest,ValidateKey)164 TEST(AesSivKeyManagerTest, ValidateKey) {
165   AesSivKey key;
166   *key.mutable_key_value() = std::string(64, 'a');
167   key.set_version(0);
168   EXPECT_THAT(AesSivKeyManager().ValidateKey(key), IsOk());
169 }
170 
TEST(AesSivKeyManagerTest,ValidateKeyStringLength)171 TEST(AesSivKeyManagerTest, ValidateKeyStringLength) {
172   AesSivKey key;
173     key.set_version(0);
174   for (int i = 0 ; i < 64; ++i) {
175     *key.mutable_key_value() = std::string(i, 'a');
176     EXPECT_THAT(AesSivKeyManager().ValidateKey(key), Not(IsOk()));
177   }
178   for (int i = 65 ; i <= 200; ++i) {
179     *key.mutable_key_value() = std::string(i, 'a');
180     EXPECT_THAT(AesSivKeyManager().ValidateKey(key), Not(IsOk()));
181   }
182 }
183 
TEST(AesSivKeyManagerTest,ValidateKeyVersion)184 TEST(AesSivKeyManagerTest, ValidateKeyVersion) {
185   AesSivKey key;
186   *key.mutable_key_value() = std::string(64, 'a');
187   key.set_version(1);
188   EXPECT_THAT(AesSivKeyManager().ValidateKey(key), Not(IsOk()));
189 }
190 
TEST(AesSivKeyManagerTest,GetPrimitive)191 TEST(AesSivKeyManagerTest, GetPrimitive) {
192   AesSivKeyFormat format;
193   format.set_key_size(64);
194   auto key_or = AesSivKeyManager().CreateKey(format);
195   ASSERT_THAT(key_or, IsOk());
196   auto daead_or =
197       AesSivKeyManager().GetPrimitive<DeterministicAead>(key_or.value());
198   ASSERT_THAT(daead_or, IsOk());
199 
200   auto direct_daead_or = subtle::AesSivBoringSsl::New(
201       util::SecretDataFromStringView(key_or.value().key_value()));
202   ASSERT_THAT(direct_daead_or, IsOk());
203 
204   auto encryption_or =
205       daead_or.value()->EncryptDeterministically("123", "abcd");
206   ASSERT_THAT(encryption_or, IsOk());
207   auto direct_encryption_or =
208       direct_daead_or.value()->EncryptDeterministically("123", "abcd");
209   ASSERT_THAT(direct_encryption_or, IsOk());
210   ASSERT_THAT(encryption_or.value(), Eq(direct_encryption_or.value()));
211 }
212 
213 }  // namespace
214 }  // namespace tink
215 }  // namespace crypto
216