1*e7b1675dSTing-Kang Chang // Copyright 2023 Google LLC
2*e7b1675dSTing-Kang Chang //
3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang //
7*e7b1675dSTing-Kang Chang // http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang //
9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang // limitations under the License.
14*e7b1675dSTing-Kang Chang //
15*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang
17*e7b1675dSTing-Kang Chang #include "tink/internal/configuration_impl.h"
18*e7b1675dSTing-Kang Chang
19*e7b1675dSTing-Kang Chang #include <memory>
20*e7b1675dSTing-Kang Chang #include <string>
21*e7b1675dSTing-Kang Chang
22*e7b1675dSTing-Kang Chang #include "gmock/gmock.h"
23*e7b1675dSTing-Kang Chang #include "gtest/gtest.h"
24*e7b1675dSTing-Kang Chang #include "absl/status/status.h"
25*e7b1675dSTing-Kang Chang #include "tink/cleartext_keyset_handle.h"
26*e7b1675dSTing-Kang Chang #include "tink/configuration.h"
27*e7b1675dSTing-Kang Chang #include "tink/internal/keyset_wrapper_store.h"
28*e7b1675dSTing-Kang Chang #include "tink/subtle/random.h"
29*e7b1675dSTing-Kang Chang #include "tink/util/test_matchers.h"
30*e7b1675dSTing-Kang Chang #include "tink/util/test_util.h"
31*e7b1675dSTing-Kang Chang #include "proto/aes_gcm.pb.h"
32*e7b1675dSTing-Kang Chang #include "proto/rsa_ssa_pss.pb.h"
33*e7b1675dSTing-Kang Chang
34*e7b1675dSTing-Kang Chang namespace crypto {
35*e7b1675dSTing-Kang Chang namespace tink {
36*e7b1675dSTing-Kang Chang namespace internal {
37*e7b1675dSTing-Kang Chang namespace {
38*e7b1675dSTing-Kang Chang
39*e7b1675dSTing-Kang Chang using ::crypto::tink::test::IsOk;
40*e7b1675dSTing-Kang Chang using ::crypto::tink::test::StatusIs;
41*e7b1675dSTing-Kang Chang using ::google::crypto::tink::AesGcmKey;
42*e7b1675dSTing-Kang Chang using ::google::crypto::tink::AesGcmKeyFormat;
43*e7b1675dSTing-Kang Chang using ::google::crypto::tink::KeyData;
44*e7b1675dSTing-Kang Chang using ::google::crypto::tink::Keyset;
45*e7b1675dSTing-Kang Chang using ::google::crypto::tink::KeyStatusType;
46*e7b1675dSTing-Kang Chang using ::google::crypto::tink::OutputPrefixType;
47*e7b1675dSTing-Kang Chang using ::google::crypto::tink::RsaSsaPssKeyFormat;
48*e7b1675dSTing-Kang Chang using ::google::crypto::tink::RsaSsaPssParams;
49*e7b1675dSTing-Kang Chang using ::google::crypto::tink::RsaSsaPssPrivateKey;
50*e7b1675dSTing-Kang Chang using ::google::crypto::tink::RsaSsaPssPublicKey;
51*e7b1675dSTing-Kang Chang
52*e7b1675dSTing-Kang Chang class FakePrimitive {
53*e7b1675dSTing-Kang Chang public:
FakePrimitive(std::string s)54*e7b1675dSTing-Kang Chang explicit FakePrimitive(std::string s) : s_(s) {}
get()55*e7b1675dSTing-Kang Chang std::string get() { return s_; }
56*e7b1675dSTing-Kang Chang
57*e7b1675dSTing-Kang Chang private:
58*e7b1675dSTing-Kang Chang std::string s_;
59*e7b1675dSTing-Kang Chang };
60*e7b1675dSTing-Kang Chang
61*e7b1675dSTing-Kang Chang class FakePrimitive2 {
62*e7b1675dSTing-Kang Chang public:
FakePrimitive2(std::string s)63*e7b1675dSTing-Kang Chang explicit FakePrimitive2(std::string s) : s_(s) {}
get()64*e7b1675dSTing-Kang Chang std::string get() { return s_ + "2"; }
65*e7b1675dSTing-Kang Chang
66*e7b1675dSTing-Kang Chang private:
67*e7b1675dSTing-Kang Chang std::string s_;
68*e7b1675dSTing-Kang Chang };
69*e7b1675dSTing-Kang Chang
70*e7b1675dSTing-Kang Chang // Transforms AesGcmKey into FakePrimitive.
71*e7b1675dSTing-Kang Chang class FakeKeyTypeManager
72*e7b1675dSTing-Kang Chang : public KeyTypeManager<AesGcmKey, AesGcmKeyFormat, List<FakePrimitive>> {
73*e7b1675dSTing-Kang Chang public:
74*e7b1675dSTing-Kang Chang class FakePrimitiveFactory : public PrimitiveFactory<FakePrimitive> {
75*e7b1675dSTing-Kang Chang public:
Create(const AesGcmKey & key) const76*e7b1675dSTing-Kang Chang util::StatusOr<std::unique_ptr<FakePrimitive>> Create(
77*e7b1675dSTing-Kang Chang const AesGcmKey& key) const override {
78*e7b1675dSTing-Kang Chang return absl::make_unique<FakePrimitive>(key.key_value());
79*e7b1675dSTing-Kang Chang }
80*e7b1675dSTing-Kang Chang };
81*e7b1675dSTing-Kang Chang
FakeKeyTypeManager()82*e7b1675dSTing-Kang Chang FakeKeyTypeManager()
83*e7b1675dSTing-Kang Chang : KeyTypeManager(absl::make_unique<FakePrimitiveFactory>()) {}
84*e7b1675dSTing-Kang Chang
key_material_type() const85*e7b1675dSTing-Kang Chang KeyData::KeyMaterialType key_material_type() const override {
86*e7b1675dSTing-Kang Chang return KeyData::SYMMETRIC;
87*e7b1675dSTing-Kang Chang }
88*e7b1675dSTing-Kang Chang
get_version() const89*e7b1675dSTing-Kang Chang uint32_t get_version() const override { return 0; }
90*e7b1675dSTing-Kang Chang
get_key_type() const91*e7b1675dSTing-Kang Chang const std::string& get_key_type() const override { return key_type_; }
92*e7b1675dSTing-Kang Chang
ValidateKey(const AesGcmKey & key) const93*e7b1675dSTing-Kang Chang util::Status ValidateKey(const AesGcmKey& key) const override {
94*e7b1675dSTing-Kang Chang return util::OkStatus();
95*e7b1675dSTing-Kang Chang }
96*e7b1675dSTing-Kang Chang
ValidateKeyFormat(const AesGcmKeyFormat & key_format) const97*e7b1675dSTing-Kang Chang util::Status ValidateKeyFormat(
98*e7b1675dSTing-Kang Chang const AesGcmKeyFormat& key_format) const override {
99*e7b1675dSTing-Kang Chang return util::OkStatus();
100*e7b1675dSTing-Kang Chang }
101*e7b1675dSTing-Kang Chang
CreateKey(const AesGcmKeyFormat & key_format) const102*e7b1675dSTing-Kang Chang util::StatusOr<AesGcmKey> CreateKey(
103*e7b1675dSTing-Kang Chang const AesGcmKeyFormat& key_format) const override {
104*e7b1675dSTing-Kang Chang return AesGcmKey();
105*e7b1675dSTing-Kang Chang }
106*e7b1675dSTing-Kang Chang
DeriveKey(const AesGcmKeyFormat & key_format,InputStream * input_stream) const107*e7b1675dSTing-Kang Chang util::StatusOr<AesGcmKey> DeriveKey(
108*e7b1675dSTing-Kang Chang const AesGcmKeyFormat& key_format,
109*e7b1675dSTing-Kang Chang InputStream* input_stream) const override {
110*e7b1675dSTing-Kang Chang return AesGcmKey();
111*e7b1675dSTing-Kang Chang }
112*e7b1675dSTing-Kang Chang
113*e7b1675dSTing-Kang Chang private:
114*e7b1675dSTing-Kang Chang const std::string key_type_ =
115*e7b1675dSTing-Kang Chang "type.googleapis.com/google.crypto.tink.AesGcmKey";
116*e7b1675dSTing-Kang Chang };
117*e7b1675dSTing-Kang Chang
118*e7b1675dSTing-Kang Chang // Transforms FakePrimitive into FakePrimitive.
119*e7b1675dSTing-Kang Chang class FakePrimitiveWrapper
120*e7b1675dSTing-Kang Chang : public PrimitiveWrapper<FakePrimitive, FakePrimitive> {
121*e7b1675dSTing-Kang Chang public:
Wrap(std::unique_ptr<PrimitiveSet<FakePrimitive>> primitive_set) const122*e7b1675dSTing-Kang Chang util::StatusOr<std::unique_ptr<FakePrimitive>> Wrap(
123*e7b1675dSTing-Kang Chang std::unique_ptr<PrimitiveSet<FakePrimitive>> primitive_set)
124*e7b1675dSTing-Kang Chang const override {
125*e7b1675dSTing-Kang Chang return absl::make_unique<FakePrimitive>(
126*e7b1675dSTing-Kang Chang primitive_set->get_primary()->get_primitive().get());
127*e7b1675dSTing-Kang Chang }
128*e7b1675dSTing-Kang Chang };
129*e7b1675dSTing-Kang Chang
130*e7b1675dSTing-Kang Chang // Transforms FakePrimitive2 into FakePrimitive.
131*e7b1675dSTing-Kang Chang class FakePrimitiveWrapper2
132*e7b1675dSTing-Kang Chang : public PrimitiveWrapper<FakePrimitive2, FakePrimitive> {
133*e7b1675dSTing-Kang Chang public:
Wrap(std::unique_ptr<PrimitiveSet<FakePrimitive2>> primitive_set) const134*e7b1675dSTing-Kang Chang util::StatusOr<std::unique_ptr<FakePrimitive>> Wrap(
135*e7b1675dSTing-Kang Chang std::unique_ptr<PrimitiveSet<FakePrimitive2>> primitive_set)
136*e7b1675dSTing-Kang Chang const override {
137*e7b1675dSTing-Kang Chang return absl::make_unique<FakePrimitive>(
138*e7b1675dSTing-Kang Chang primitive_set->get_primary()->get_primitive().get());
139*e7b1675dSTing-Kang Chang }
140*e7b1675dSTing-Kang Chang };
141*e7b1675dSTing-Kang Chang
AddAesGcmKeyToKeyset(Keyset & keyset,uint32_t key_id,OutputPrefixType output_prefix_type,KeyStatusType key_status_type)142*e7b1675dSTing-Kang Chang std::string AddAesGcmKeyToKeyset(Keyset& keyset, uint32_t key_id,
143*e7b1675dSTing-Kang Chang OutputPrefixType output_prefix_type,
144*e7b1675dSTing-Kang Chang KeyStatusType key_status_type) {
145*e7b1675dSTing-Kang Chang AesGcmKey key;
146*e7b1675dSTing-Kang Chang key.set_version(0);
147*e7b1675dSTing-Kang Chang key.set_key_value(subtle::Random::GetRandomBytes(16));
148*e7b1675dSTing-Kang Chang KeyData key_data;
149*e7b1675dSTing-Kang Chang key_data.set_value(key.SerializeAsString());
150*e7b1675dSTing-Kang Chang key_data.set_type_url("type.googleapis.com/google.crypto.tink.AesGcmKey");
151*e7b1675dSTing-Kang Chang test::AddKeyData(key_data, key_id, output_prefix_type, key_status_type,
152*e7b1675dSTing-Kang Chang &keyset);
153*e7b1675dSTing-Kang Chang return key.key_value();
154*e7b1675dSTing-Kang Chang }
155*e7b1675dSTing-Kang Chang
TEST(ConfigurationImplTest,AddPrimitiveWrapper)156*e7b1675dSTing-Kang Chang TEST(ConfigurationImplTest, AddPrimitiveWrapper) {
157*e7b1675dSTing-Kang Chang Configuration config;
158*e7b1675dSTing-Kang Chang EXPECT_THAT((ConfigurationImpl::AddPrimitiveWrapper(
159*e7b1675dSTing-Kang Chang absl::make_unique<FakePrimitiveWrapper>(), config)),
160*e7b1675dSTing-Kang Chang IsOk());
161*e7b1675dSTing-Kang Chang }
162*e7b1675dSTing-Kang Chang
TEST(ConfigurationImplTest,AddKeyTypeManager)163*e7b1675dSTing-Kang Chang TEST(ConfigurationImplTest, AddKeyTypeManager) {
164*e7b1675dSTing-Kang Chang Configuration config;
165*e7b1675dSTing-Kang Chang EXPECT_THAT(ConfigurationImpl::AddKeyTypeManager(
166*e7b1675dSTing-Kang Chang absl::make_unique<FakeKeyTypeManager>(), config),
167*e7b1675dSTing-Kang Chang IsOk());
168*e7b1675dSTing-Kang Chang }
169*e7b1675dSTing-Kang Chang
TEST(ConfigurationImplTest,GetKeyTypeInfoStore)170*e7b1675dSTing-Kang Chang TEST(ConfigurationImplTest, GetKeyTypeInfoStore) {
171*e7b1675dSTing-Kang Chang Configuration config;
172*e7b1675dSTing-Kang Chang ASSERT_THAT(ConfigurationImpl::AddKeyTypeManager(
173*e7b1675dSTing-Kang Chang absl::make_unique<FakeKeyTypeManager>(), config),
174*e7b1675dSTing-Kang Chang IsOk());
175*e7b1675dSTing-Kang Chang
176*e7b1675dSTing-Kang Chang std::string type_url = FakeKeyTypeManager().get_key_type();
177*e7b1675dSTing-Kang Chang util::StatusOr<const KeyTypeInfoStore*> store =
178*e7b1675dSTing-Kang Chang ConfigurationImpl::GetKeyTypeInfoStore(config);
179*e7b1675dSTing-Kang Chang ASSERT_THAT(store, IsOk());
180*e7b1675dSTing-Kang Chang util::StatusOr<const KeyTypeInfoStore::Info*> info = (*store)->Get(type_url);
181*e7b1675dSTing-Kang Chang ASSERT_THAT(info, IsOk());
182*e7b1675dSTing-Kang Chang
183*e7b1675dSTing-Kang Chang util::StatusOr<const KeyManager<FakePrimitive>*> key_manager =
184*e7b1675dSTing-Kang Chang (*info)->get_key_manager<FakePrimitive>(type_url);
185*e7b1675dSTing-Kang Chang ASSERT_THAT(key_manager, IsOk());
186*e7b1675dSTing-Kang Chang EXPECT_EQ((*key_manager)->get_key_type(), type_url);
187*e7b1675dSTing-Kang Chang }
188*e7b1675dSTing-Kang Chang
TEST(ConfigurationImplTest,GetKeyTypeInfoStoreMissingInfoFails)189*e7b1675dSTing-Kang Chang TEST(ConfigurationImplTest, GetKeyTypeInfoStoreMissingInfoFails) {
190*e7b1675dSTing-Kang Chang Configuration config;
191*e7b1675dSTing-Kang Chang util::StatusOr<const KeyTypeInfoStore*> store =
192*e7b1675dSTing-Kang Chang ConfigurationImpl::GetKeyTypeInfoStore(config);
193*e7b1675dSTing-Kang Chang ASSERT_THAT(store, IsOk());
194*e7b1675dSTing-Kang Chang EXPECT_THAT((*store)->Get("i.do.not.exist").status(),
195*e7b1675dSTing-Kang Chang StatusIs(absl::StatusCode::kNotFound));
196*e7b1675dSTing-Kang Chang }
197*e7b1675dSTing-Kang Chang
TEST(ConfigurationImplTest,GetKeysetWrapperStoreAndWrap)198*e7b1675dSTing-Kang Chang TEST(ConfigurationImplTest, GetKeysetWrapperStoreAndWrap) {
199*e7b1675dSTing-Kang Chang Configuration config;
200*e7b1675dSTing-Kang Chang ASSERT_THAT((ConfigurationImpl::AddPrimitiveWrapper(
201*e7b1675dSTing-Kang Chang absl::make_unique<FakePrimitiveWrapper>(), config)),
202*e7b1675dSTing-Kang Chang IsOk());
203*e7b1675dSTing-Kang Chang ASSERT_THAT(ConfigurationImpl::AddKeyTypeManager(
204*e7b1675dSTing-Kang Chang absl::make_unique<FakeKeyTypeManager>(), config),
205*e7b1675dSTing-Kang Chang IsOk());
206*e7b1675dSTing-Kang Chang
207*e7b1675dSTing-Kang Chang util::StatusOr<const KeysetWrapperStore*> store =
208*e7b1675dSTing-Kang Chang ConfigurationImpl::GetKeysetWrapperStore(config);
209*e7b1675dSTing-Kang Chang ASSERT_THAT(store, IsOk());
210*e7b1675dSTing-Kang Chang util::StatusOr<const KeysetWrapper<FakePrimitive>*> wrapper =
211*e7b1675dSTing-Kang Chang (*store)->Get<FakePrimitive>();
212*e7b1675dSTing-Kang Chang ASSERT_THAT(wrapper, IsOk());
213*e7b1675dSTing-Kang Chang
214*e7b1675dSTing-Kang Chang Keyset keyset;
215*e7b1675dSTing-Kang Chang std::string raw_key = AddAesGcmKeyToKeyset(
216*e7b1675dSTing-Kang Chang keyset, /*key_id=*/13, OutputPrefixType::TINK, KeyStatusType::ENABLED);
217*e7b1675dSTing-Kang Chang keyset.set_primary_key_id(13);
218*e7b1675dSTing-Kang Chang
219*e7b1675dSTing-Kang Chang util::StatusOr<std::unique_ptr<FakePrimitive>> aead =
220*e7b1675dSTing-Kang Chang (*wrapper)->Wrap(keyset, /*annotations=*/{});
221*e7b1675dSTing-Kang Chang ASSERT_THAT(aead, IsOk());
222*e7b1675dSTing-Kang Chang EXPECT_EQ((*aead)->get(), raw_key);
223*e7b1675dSTing-Kang Chang }
224*e7b1675dSTing-Kang Chang
TEST(ConfigurationImplTest,KeysetWrapperWrapMissingKeyTypeInfoFails)225*e7b1675dSTing-Kang Chang TEST(ConfigurationImplTest, KeysetWrapperWrapMissingKeyTypeInfoFails) {
226*e7b1675dSTing-Kang Chang Configuration config;
227*e7b1675dSTing-Kang Chang ASSERT_THAT(ConfigurationImpl::AddPrimitiveWrapper(
228*e7b1675dSTing-Kang Chang absl::make_unique<FakePrimitiveWrapper>(), config),
229*e7b1675dSTing-Kang Chang IsOk());
230*e7b1675dSTing-Kang Chang
231*e7b1675dSTing-Kang Chang util::StatusOr<const KeysetWrapperStore*> store =
232*e7b1675dSTing-Kang Chang ConfigurationImpl::GetKeysetWrapperStore(config);
233*e7b1675dSTing-Kang Chang ASSERT_THAT(store, IsOk());
234*e7b1675dSTing-Kang Chang util::StatusOr<const KeysetWrapper<FakePrimitive>*> wrapper =
235*e7b1675dSTing-Kang Chang (*store)->Get<FakePrimitive>();
236*e7b1675dSTing-Kang Chang ASSERT_THAT(wrapper, IsOk());
237*e7b1675dSTing-Kang Chang
238*e7b1675dSTing-Kang Chang Keyset keyset;
239*e7b1675dSTing-Kang Chang std::string raw_key = AddAesGcmKeyToKeyset(
240*e7b1675dSTing-Kang Chang keyset, /*key_id=*/13, OutputPrefixType::TINK, KeyStatusType::ENABLED);
241*e7b1675dSTing-Kang Chang keyset.set_primary_key_id(13);
242*e7b1675dSTing-Kang Chang
243*e7b1675dSTing-Kang Chang EXPECT_THAT((*wrapper)->Wrap(keyset, /*annotations=*/{}).status(),
244*e7b1675dSTing-Kang Chang StatusIs(absl::StatusCode::kNotFound));
245*e7b1675dSTing-Kang Chang }
246*e7b1675dSTing-Kang Chang
TEST(ConfigurationImplTest,KeysetWrapperWrapMissingKeyManagerFails)247*e7b1675dSTing-Kang Chang TEST(ConfigurationImplTest, KeysetWrapperWrapMissingKeyManagerFails) {
248*e7b1675dSTing-Kang Chang Configuration config;
249*e7b1675dSTing-Kang Chang // Transforms FakePrimitive2 to FakePrimitive.
250*e7b1675dSTing-Kang Chang ASSERT_THAT((ConfigurationImpl::AddPrimitiveWrapper(
251*e7b1675dSTing-Kang Chang absl::make_unique<FakePrimitiveWrapper2>(), config)),
252*e7b1675dSTing-Kang Chang IsOk());
253*e7b1675dSTing-Kang Chang // Transforms KeyData to FakePrimitive.
254*e7b1675dSTing-Kang Chang ASSERT_THAT(ConfigurationImpl::AddKeyTypeManager(
255*e7b1675dSTing-Kang Chang absl::make_unique<FakeKeyTypeManager>(), config),
256*e7b1675dSTing-Kang Chang IsOk());
257*e7b1675dSTing-Kang Chang
258*e7b1675dSTing-Kang Chang // AesGcmKey KeyData -> FakePrimitive2 -> FakePrimitive is the success path,
259*e7b1675dSTing-Kang Chang // but the AesGcmKey KeyData -> FakePrimitive2 transformation is not
260*e7b1675dSTing-Kang Chang // registered.
261*e7b1675dSTing-Kang Chang util::StatusOr<const KeysetWrapperStore*> store =
262*e7b1675dSTing-Kang Chang ConfigurationImpl::GetKeysetWrapperStore(config);
263*e7b1675dSTing-Kang Chang ASSERT_THAT(store, IsOk());
264*e7b1675dSTing-Kang Chang util::StatusOr<const KeysetWrapper<FakePrimitive>*> wrapper =
265*e7b1675dSTing-Kang Chang (*store)->Get<FakePrimitive>();
266*e7b1675dSTing-Kang Chang ASSERT_THAT(wrapper, IsOk());
267*e7b1675dSTing-Kang Chang
268*e7b1675dSTing-Kang Chang Keyset keyset;
269*e7b1675dSTing-Kang Chang std::string raw_key = AddAesGcmKeyToKeyset(
270*e7b1675dSTing-Kang Chang keyset, /*key_id=*/13, OutputPrefixType::TINK, KeyStatusType::ENABLED);
271*e7b1675dSTing-Kang Chang keyset.set_primary_key_id(13);
272*e7b1675dSTing-Kang Chang
273*e7b1675dSTing-Kang Chang // FakeKeyTypeManager cannot transform AesGcmKey KeyData -> FakePrimitive2.
274*e7b1675dSTing-Kang Chang EXPECT_THAT((*wrapper)->Wrap(keyset, /*annotations=*/{}).status(),
275*e7b1675dSTing-Kang Chang StatusIs(absl::StatusCode::kInvalidArgument));
276*e7b1675dSTing-Kang Chang }
277*e7b1675dSTing-Kang Chang
278*e7b1675dSTing-Kang Chang class FakeSignKeyManager
279*e7b1675dSTing-Kang Chang : public PrivateKeyTypeManager<RsaSsaPssPrivateKey, RsaSsaPssKeyFormat,
280*e7b1675dSTing-Kang Chang RsaSsaPssPublicKey, List<PublicKeySign>> {
281*e7b1675dSTing-Kang Chang public:
282*e7b1675dSTing-Kang Chang class PublicKeySignFactory : public PrimitiveFactory<PublicKeySign> {
283*e7b1675dSTing-Kang Chang public:
Create(const RsaSsaPssPrivateKey & key) const284*e7b1675dSTing-Kang Chang util::StatusOr<std::unique_ptr<PublicKeySign>> Create(
285*e7b1675dSTing-Kang Chang const RsaSsaPssPrivateKey& key) const override {
286*e7b1675dSTing-Kang Chang return {absl::make_unique<test::DummyPublicKeySign>("a public key sign")};
287*e7b1675dSTing-Kang Chang }
288*e7b1675dSTing-Kang Chang };
289*e7b1675dSTing-Kang Chang
FakeSignKeyManager()290*e7b1675dSTing-Kang Chang explicit FakeSignKeyManager()
291*e7b1675dSTing-Kang Chang : PrivateKeyTypeManager(absl::make_unique<PublicKeySignFactory>()) {}
292*e7b1675dSTing-Kang Chang
key_material_type() const293*e7b1675dSTing-Kang Chang KeyData::KeyMaterialType key_material_type() const override {
294*e7b1675dSTing-Kang Chang return KeyData::ASYMMETRIC_PRIVATE;
295*e7b1675dSTing-Kang Chang }
296*e7b1675dSTing-Kang Chang
get_version() const297*e7b1675dSTing-Kang Chang uint32_t get_version() const override { return 0; }
298*e7b1675dSTing-Kang Chang
get_key_type() const299*e7b1675dSTing-Kang Chang const std::string& get_key_type() const override { return key_type_; }
300*e7b1675dSTing-Kang Chang
ValidateKey(const RsaSsaPssPrivateKey & key) const301*e7b1675dSTing-Kang Chang util::Status ValidateKey(const RsaSsaPssPrivateKey& key) const override {
302*e7b1675dSTing-Kang Chang return util::OkStatus();
303*e7b1675dSTing-Kang Chang }
304*e7b1675dSTing-Kang Chang
ValidateKeyFormat(const RsaSsaPssKeyFormat & key_format) const305*e7b1675dSTing-Kang Chang util::Status ValidateKeyFormat(
306*e7b1675dSTing-Kang Chang const RsaSsaPssKeyFormat& key_format) const override {
307*e7b1675dSTing-Kang Chang return util::OkStatus();
308*e7b1675dSTing-Kang Chang }
309*e7b1675dSTing-Kang Chang
CreateKey(const RsaSsaPssKeyFormat & key_format) const310*e7b1675dSTing-Kang Chang util::StatusOr<RsaSsaPssPrivateKey> CreateKey(
311*e7b1675dSTing-Kang Chang const RsaSsaPssKeyFormat& key_format) const override {
312*e7b1675dSTing-Kang Chang return RsaSsaPssPrivateKey();
313*e7b1675dSTing-Kang Chang }
314*e7b1675dSTing-Kang Chang
DeriveKey(const RsaSsaPssKeyFormat & key_format,InputStream * input_stream) const315*e7b1675dSTing-Kang Chang util::StatusOr<RsaSsaPssPrivateKey> DeriveKey(
316*e7b1675dSTing-Kang Chang const RsaSsaPssKeyFormat& key_format,
317*e7b1675dSTing-Kang Chang InputStream* input_stream) const override {
318*e7b1675dSTing-Kang Chang return RsaSsaPssPrivateKey();
319*e7b1675dSTing-Kang Chang }
320*e7b1675dSTing-Kang Chang
GetPublicKey(const RsaSsaPssPrivateKey & private_key) const321*e7b1675dSTing-Kang Chang util::StatusOr<RsaSsaPssPublicKey> GetPublicKey(
322*e7b1675dSTing-Kang Chang const RsaSsaPssPrivateKey& private_key) const override {
323*e7b1675dSTing-Kang Chang return private_key.public_key();
324*e7b1675dSTing-Kang Chang }
325*e7b1675dSTing-Kang Chang
326*e7b1675dSTing-Kang Chang private:
327*e7b1675dSTing-Kang Chang const std::string key_type_ = "some.sign.key.type";
328*e7b1675dSTing-Kang Chang };
329*e7b1675dSTing-Kang Chang
330*e7b1675dSTing-Kang Chang class FakeVerifyKeyManager
331*e7b1675dSTing-Kang Chang : public KeyTypeManager<RsaSsaPssPublicKey, void, List<PublicKeyVerify>> {
332*e7b1675dSTing-Kang Chang public:
333*e7b1675dSTing-Kang Chang class PublicKeyVerifyFactory : public PrimitiveFactory<PublicKeyVerify> {
334*e7b1675dSTing-Kang Chang public:
Create(const RsaSsaPssPublicKey & key) const335*e7b1675dSTing-Kang Chang util::StatusOr<std::unique_ptr<PublicKeyVerify>> Create(
336*e7b1675dSTing-Kang Chang const RsaSsaPssPublicKey& key) const override {
337*e7b1675dSTing-Kang Chang return {
338*e7b1675dSTing-Kang Chang absl::make_unique<test::DummyPublicKeyVerify>("a public key verify")};
339*e7b1675dSTing-Kang Chang }
340*e7b1675dSTing-Kang Chang };
341*e7b1675dSTing-Kang Chang
FakeVerifyKeyManager()342*e7b1675dSTing-Kang Chang explicit FakeVerifyKeyManager()
343*e7b1675dSTing-Kang Chang : KeyTypeManager(absl::make_unique<PublicKeyVerifyFactory>()) {}
344*e7b1675dSTing-Kang Chang
key_material_type() const345*e7b1675dSTing-Kang Chang KeyData::KeyMaterialType key_material_type() const override {
346*e7b1675dSTing-Kang Chang return KeyData::ASYMMETRIC_PUBLIC;
347*e7b1675dSTing-Kang Chang }
348*e7b1675dSTing-Kang Chang
get_version() const349*e7b1675dSTing-Kang Chang uint32_t get_version() const override { return 0; }
350*e7b1675dSTing-Kang Chang
get_key_type() const351*e7b1675dSTing-Kang Chang const std::string& get_key_type() const override { return key_type_; }
352*e7b1675dSTing-Kang Chang
ValidateKey(const RsaSsaPssPublicKey & key) const353*e7b1675dSTing-Kang Chang util::Status ValidateKey(const RsaSsaPssPublicKey& key) const override {
354*e7b1675dSTing-Kang Chang return util::OkStatus();
355*e7b1675dSTing-Kang Chang }
356*e7b1675dSTing-Kang Chang
ValidateParams(const RsaSsaPssParams & params) const357*e7b1675dSTing-Kang Chang util::Status ValidateParams(const RsaSsaPssParams& params) const {
358*e7b1675dSTing-Kang Chang return util::OkStatus();
359*e7b1675dSTing-Kang Chang }
360*e7b1675dSTing-Kang Chang
361*e7b1675dSTing-Kang Chang private:
362*e7b1675dSTing-Kang Chang const std::string key_type_ = "some.verify.key.type";
363*e7b1675dSTing-Kang Chang };
364*e7b1675dSTing-Kang Chang
TEST(ConfigurationImplTest,AddAsymmetricKeyManagers)365*e7b1675dSTing-Kang Chang TEST(ConfigurationImplTest, AddAsymmetricKeyManagers) {
366*e7b1675dSTing-Kang Chang Configuration config;
367*e7b1675dSTing-Kang Chang EXPECT_THAT(ConfigurationImpl::AddAsymmetricKeyManagers(
368*e7b1675dSTing-Kang Chang absl::make_unique<FakeSignKeyManager>(),
369*e7b1675dSTing-Kang Chang absl::make_unique<FakeVerifyKeyManager>(), config),
370*e7b1675dSTing-Kang Chang IsOk());
371*e7b1675dSTing-Kang Chang }
372*e7b1675dSTing-Kang Chang
TEST(ConfigurationImplTest,GetKeyTypeInfoStoreAsymmetric)373*e7b1675dSTing-Kang Chang TEST(ConfigurationImplTest, GetKeyTypeInfoStoreAsymmetric) {
374*e7b1675dSTing-Kang Chang Configuration config;
375*e7b1675dSTing-Kang Chang ASSERT_THAT(ConfigurationImpl::AddAsymmetricKeyManagers(
376*e7b1675dSTing-Kang Chang absl::make_unique<FakeSignKeyManager>(),
377*e7b1675dSTing-Kang Chang absl::make_unique<FakeVerifyKeyManager>(), config),
378*e7b1675dSTing-Kang Chang IsOk());
379*e7b1675dSTing-Kang Chang
380*e7b1675dSTing-Kang Chang {
381*e7b1675dSTing-Kang Chang std::string type_url = FakeSignKeyManager().get_key_type();
382*e7b1675dSTing-Kang Chang util::StatusOr<const KeyTypeInfoStore*> store =
383*e7b1675dSTing-Kang Chang ConfigurationImpl::GetKeyTypeInfoStore(config);
384*e7b1675dSTing-Kang Chang ASSERT_THAT(store, IsOk());
385*e7b1675dSTing-Kang Chang util::StatusOr<const KeyTypeInfoStore::Info*> info =
386*e7b1675dSTing-Kang Chang (*store)->Get(type_url);
387*e7b1675dSTing-Kang Chang ASSERT_THAT(info, IsOk());
388*e7b1675dSTing-Kang Chang
389*e7b1675dSTing-Kang Chang util::StatusOr<const KeyManager<PublicKeySign>*> key_manager =
390*e7b1675dSTing-Kang Chang (*info)->get_key_manager<PublicKeySign>(type_url);
391*e7b1675dSTing-Kang Chang ASSERT_THAT(key_manager, IsOk());
392*e7b1675dSTing-Kang Chang EXPECT_EQ((*key_manager)->get_key_type(), type_url);
393*e7b1675dSTing-Kang Chang }
394*e7b1675dSTing-Kang Chang {
395*e7b1675dSTing-Kang Chang std::string type_url = FakeVerifyKeyManager().get_key_type();
396*e7b1675dSTing-Kang Chang util::StatusOr<const KeyTypeInfoStore*> store =
397*e7b1675dSTing-Kang Chang ConfigurationImpl::GetKeyTypeInfoStore(config);
398*e7b1675dSTing-Kang Chang ASSERT_THAT(store, IsOk());
399*e7b1675dSTing-Kang Chang util::StatusOr<const KeyTypeInfoStore::Info*> info =
400*e7b1675dSTing-Kang Chang (*store)->Get(type_url);
401*e7b1675dSTing-Kang Chang ASSERT_THAT(info, IsOk());
402*e7b1675dSTing-Kang Chang
403*e7b1675dSTing-Kang Chang util::StatusOr<const KeyManager<PublicKeyVerify>*> key_manager =
404*e7b1675dSTing-Kang Chang (*info)->get_key_manager<PublicKeyVerify>(type_url);
405*e7b1675dSTing-Kang Chang ASSERT_THAT(key_manager, IsOk());
406*e7b1675dSTing-Kang Chang EXPECT_EQ((*key_manager)->get_key_type(), type_url);
407*e7b1675dSTing-Kang Chang }
408*e7b1675dSTing-Kang Chang }
409*e7b1675dSTing-Kang Chang
TEST(ConfigurationImplTest,GlobalRegistryMode)410*e7b1675dSTing-Kang Chang TEST(ConfigurationImplTest, GlobalRegistryMode) {
411*e7b1675dSTing-Kang Chang Registry::Reset();
412*e7b1675dSTing-Kang Chang Configuration config;
413*e7b1675dSTing-Kang Chang ASSERT_THAT(ConfigurationImpl::SetGlobalRegistryMode(config), IsOk());
414*e7b1675dSTing-Kang Chang EXPECT_TRUE(ConfigurationImpl::IsInGlobalRegistryMode(config));
415*e7b1675dSTing-Kang Chang
416*e7b1675dSTing-Kang Chang // Check that ConfigurationImpl functions return kFailedPrecondition.
417*e7b1675dSTing-Kang Chang EXPECT_THAT(ConfigurationImpl::AddPrimitiveWrapper(
418*e7b1675dSTing-Kang Chang absl::make_unique<FakePrimitiveWrapper>(), config),
419*e7b1675dSTing-Kang Chang StatusIs(absl::StatusCode::kFailedPrecondition));
420*e7b1675dSTing-Kang Chang EXPECT_THAT(ConfigurationImpl::AddKeyTypeManager(
421*e7b1675dSTing-Kang Chang absl::make_unique<FakeKeyTypeManager>(), config),
422*e7b1675dSTing-Kang Chang StatusIs(absl::StatusCode::kFailedPrecondition));
423*e7b1675dSTing-Kang Chang EXPECT_THAT(ConfigurationImpl::AddAsymmetricKeyManagers(
424*e7b1675dSTing-Kang Chang absl::make_unique<FakeSignKeyManager>(),
425*e7b1675dSTing-Kang Chang absl::make_unique<FakeVerifyKeyManager>(), config),
426*e7b1675dSTing-Kang Chang StatusIs(absl::StatusCode::kFailedPrecondition));
427*e7b1675dSTing-Kang Chang EXPECT_THAT(ConfigurationImpl::GetKeyTypeInfoStore(config).status(),
428*e7b1675dSTing-Kang Chang StatusIs(absl::StatusCode::kFailedPrecondition));
429*e7b1675dSTing-Kang Chang EXPECT_THAT(ConfigurationImpl::GetKeysetWrapperStore(config).status(),
430*e7b1675dSTing-Kang Chang StatusIs(absl::StatusCode::kFailedPrecondition));
431*e7b1675dSTing-Kang Chang
432*e7b1675dSTing-Kang Chang Keyset keyset;
433*e7b1675dSTing-Kang Chang std::string raw_key = AddAesGcmKeyToKeyset(
434*e7b1675dSTing-Kang Chang keyset, /*key_id=*/13, OutputPrefixType::TINK, KeyStatusType::ENABLED);
435*e7b1675dSTing-Kang Chang keyset.set_primary_key_id(13);
436*e7b1675dSTing-Kang Chang std::unique_ptr<KeysetHandle> handle =
437*e7b1675dSTing-Kang Chang CleartextKeysetHandle::GetKeysetHandle(keyset);
438*e7b1675dSTing-Kang Chang // TODO(b/265705174): Replace with GetPrimitive(config) once implemented.
439*e7b1675dSTing-Kang Chang EXPECT_THAT(handle->GetPrimitive<FakePrimitive>().status(),
440*e7b1675dSTing-Kang Chang StatusIs(absl::StatusCode::kNotFound));
441*e7b1675dSTing-Kang Chang
442*e7b1675dSTing-Kang Chang ASSERT_THAT(Registry::RegisterPrimitiveWrapper(
443*e7b1675dSTing-Kang Chang absl::make_unique<FakePrimitiveWrapper>()),
444*e7b1675dSTing-Kang Chang IsOk());
445*e7b1675dSTing-Kang Chang ASSERT_THAT(
446*e7b1675dSTing-Kang Chang Registry::RegisterKeyTypeManager(absl::make_unique<FakeKeyTypeManager>(),
447*e7b1675dSTing-Kang Chang /*new_key_allowed=*/true),
448*e7b1675dSTing-Kang Chang IsOk());
449*e7b1675dSTing-Kang Chang // TODO(b/265705174): Replace with GetPrimitive(config) once implemented.
450*e7b1675dSTing-Kang Chang EXPECT_THAT(handle->GetPrimitive<FakePrimitive>(), IsOk());
451*e7b1675dSTing-Kang Chang }
452*e7b1675dSTing-Kang Chang
TEST(ConfigurationImplTest,GlobalRegistryModeWithNonEmptyConfigFails)453*e7b1675dSTing-Kang Chang TEST(ConfigurationImplTest, GlobalRegistryModeWithNonEmptyConfigFails) {
454*e7b1675dSTing-Kang Chang Configuration config;
455*e7b1675dSTing-Kang Chang ASSERT_THAT(ConfigurationImpl::AddPrimitiveWrapper(
456*e7b1675dSTing-Kang Chang absl::make_unique<FakePrimitiveWrapper>(), config),
457*e7b1675dSTing-Kang Chang IsOk());
458*e7b1675dSTing-Kang Chang EXPECT_THAT(ConfigurationImpl::SetGlobalRegistryMode(config),
459*e7b1675dSTing-Kang Chang StatusIs(absl::StatusCode::kFailedPrecondition));
460*e7b1675dSTing-Kang Chang EXPECT_FALSE(ConfigurationImpl::IsInGlobalRegistryMode(config));
461*e7b1675dSTing-Kang Chang }
462*e7b1675dSTing-Kang Chang
463*e7b1675dSTing-Kang Chang } // namespace
464*e7b1675dSTing-Kang Chang } // namespace internal
465*e7b1675dSTing-Kang Chang } // namespace tink
466*e7b1675dSTing-Kang Chang } // namespace crypto
467