1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 #include "tink/signature/signature_pem_keyset_reader.h"
17
18 #include <memory>
19 #include <string>
20 #include <utility>
21
22 #include "gmock/gmock.h"
23 #include "gtest/gtest.h"
24 #include "absl/status/status.h"
25 #include "absl/strings/escaping.h"
26 #include "absl/strings/str_cat.h"
27 #include "absl/strings/string_view.h"
28 #include "tink/internal/rsa_util.h"
29 #include "tink/internal/ssl_util.h"
30 #include "tink/keyset_handle.h"
31 #include "tink/keyset_reader.h"
32 #include "tink/public_key_sign.h"
33 #include "tink/public_key_verify.h"
34 #include "tink/signature/ecdsa_verify_key_manager.h"
35 #include "tink/signature/rsa_ssa_pss_sign_key_manager.h"
36 #include "tink/signature/rsa_ssa_pss_verify_key_manager.h"
37 #include "tink/signature/signature_config.h"
38 #include "tink/subtle/pem_parser_boringssl.h"
39 #include "tink/util/enums.h"
40 #include "tink/util/secret_data.h"
41 #include "tink/util/status.h"
42 #include "tink/util/statusor.h"
43 #include "tink/util/test_matchers.h"
44 #include "proto/common.pb.h"
45 #include "proto/ecdsa.pb.h"
46 #include "proto/rsa_ssa_pss.pb.h"
47 #include "proto/tink.pb.h"
48
49 namespace crypto {
50 namespace tink {
51 namespace {
52
53 using ::crypto::tink::test::EqualsKey;
54 using ::crypto::tink::test::IsOk;
55 using ::crypto::tink::test::StatusIs;
56 using ::google::crypto::tink::EcdsaPublicKey;
57 using ::google::crypto::tink::EcdsaSignatureEncoding;
58 using ::google::crypto::tink::EllipticCurveType;
59 using ::google::crypto::tink::HashType;
60 using ::google::crypto::tink::KeyData;
61 using ::google::crypto::tink::Keyset;
62 using ::google::crypto::tink::KeyStatusType;
63 using ::google::crypto::tink::OutputPrefixType;
64 using ::google::crypto::tink::RsaSsaPssPrivateKey;
65 using ::google::crypto::tink::RsaSsaPssPublicKey;
66 using ::testing::Eq;
67 using ::testing::Not;
68 using ::testing::SizeIs;
69
70 constexpr absl::string_view kEcdsaP256PublicKey =
71 "-----BEGIN PUBLIC KEY-----\n"
72 "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1M5IlCiYLvNDGG65DmoErfQTZjWa\n"
73 "UI/nrGayg/BmQa4f9db4zQRCc5IwErn3JtlLDAxQ8fXUoy99klswBEMZ/A==\n"
74 "-----END PUBLIC KEY-----\n";
75 constexpr absl::string_view kEcdsaP256PublicKeyX =
76 "d4ce489428982ef343186eb90e6a04adf41366359a508fe7ac66b283f06641ae";
77 constexpr absl::string_view kEcdsaP256PublicKeyY =
78 "1ff5d6f8cd044273923012b9f726d94b0c0c50f1f5d4a32f7d925b30044319fc";
79
80 constexpr absl::string_view kEcdsaP384PublicKey =
81 "-----BEGIN PUBLIC KEY-----"
82 "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAESbGnhTcoHIGYTgAJLwTCLGEMrCq6ej3p"
83 "kr9q0iMF0tVFAYdX7YI8ZDM04Y2VsuZC0qhRRFxdoL8NVD6q1f+YY0SDxUnZYEUk"
84 "MSHtbVybpk2rZWptJeAYsBxNOrPxc4mJ"
85 "-----END PUBLIC KEY-----";
86
87 constexpr absl::string_view kSecp256k1PublicKey =
88 "-----BEGIN PUBLIC KEY-----\n"
89 "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEuDj/ROW8F3vyEYnQdmCC/J2EMiaIf8l2\n"
90 "A3EQC37iCm/wyddb+6ezGmvKGXRJbutW3jVwcZVdg8Sxutqgshgy6Q==\n"
91 "-----END PUBLIC KEY-----";
92
93 constexpr absl::string_view kEd25519PublicKey =
94 "-----BEGIN PUBLIC KEY-----\n"
95 "MCowBQYDK2VwAyEAfU0Of2FTpptiQrUiq77mhf2kQg+INLEIw72uNp71Sfo=\n"
96 "-----END PUBLIC KEY-----\n";
97
98 constexpr absl::string_view kRsaPublicKey2048 =
99 "-----BEGIN PUBLIC KEY-----\n"
100 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsll1i7Arx1tosXYSyb9o\n"
101 "xfoFlYozTGHhZ7wgvMdXV8Em6JIQud85iQcs9iYOaIPHzUr00x3emRW2mzAfvvli\n"
102 "3oxxvS217GJdollxL4ao3D0kHpaIyCORt78evDWDEfVcJr6RC3b2H+pAjtaS8alX\n"
103 "imIsgsD89vae82cOOL/JD2PaTzu70IjIrno8WlXmb2R01WLTLM57ft188BScoOls\n"
104 "tlJegfu6gVqPEnSONOUTX1crLhe3ukMAgVl+b7kDPABYhNWTURjGDXWwEPb+zn7N\n"
105 "zBy31Y0TiWk9Qzd/Tz3pScseQQXnkrltfwSwzSYqwzz/xaiQ0mdCXmHBnpNjVQ8i\n"
106 "hQIDAQAB\n"
107 "-----END PUBLIC KEY-----\n";
108
109 constexpr absl::string_view kRsaPublicKey1024 =
110 "-----BEGIN PUBLIC KEY-----\n"
111 "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+lQMh614+1PINuxuGg8ks1DOD\n"
112 "pxDGcbLm47clu/J3KE7htWxPaiLsVeowNURyYTLTscZ/AcD7p3ceVDWNwz5xtETI\n"
113 "n2GcHy9Jaaph6HSYak2IOg0p5btxqbd9+UfqKhbmrtMNDNrdRJOq8Z7oLlvbzT0x\n"
114 "pj37y294RWqIWhm1rwIDAQAB\n"
115 "-----END PUBLIC KEY-----\n";
116
117 constexpr absl::string_view kRsaPrivateKey2048 =
118 "-----BEGIN RSA PRIVATE KEY-----\n"
119 "MIIEpAIBAAKCAQEAsll1i7Arx1tosXYSyb9oxfoFlYozTGHhZ7wgvMdXV8Em6JIQ\n"
120 "ud85iQcs9iYOaIPHzUr00x3emRW2mzAfvvli3oxxvS217GJdollxL4ao3D0kHpaI\n"
121 "yCORt78evDWDEfVcJr6RC3b2H+pAjtaS8alXimIsgsD89vae82cOOL/JD2PaTzu7\n"
122 "0IjIrno8WlXmb2R01WLTLM57ft188BScoOlstlJegfu6gVqPEnSONOUTX1crLhe3\n"
123 "ukMAgVl+b7kDPABYhNWTURjGDXWwEPb+zn7NzBy31Y0TiWk9Qzd/Tz3pScseQQXn\n"
124 "krltfwSwzSYqwzz/xaiQ0mdCXmHBnpNjVQ8ihQIDAQABAoIBAHYrXf3bEXa6syh6\n"
125 "AkLYZzRdz5tggVLHu9C+zrYmIlILsZsBRMHTDM0lCv5hAsTvI9B7LLJBJT8rKt2y\n"
126 "SiaAGKk6RxZAljx0hHPQbXU+9N1QSYFW3nQ1VRR5NoUfs6OPfapSM8pz3OoSjQnX\n"
127 "VG94c39GQxWzhyifCXxeuQaS1EY0F8g9HKkSdRbvsNVF/2j+rdmWeur8swtYBDCN\n"
128 "nBymiDhEBj/Y1Ft3R6ywC14YM/af4aDWTbhQvZYPtITdoEtOWulGkqcx0j/NlMYU\n"
129 "SZcaG3M/6UuKXGzibtO4w9LlI00HPlBDi3fQGbezk6WyLNjcE4xj/MKFg7VosgN7\n"
130 "XDy68tUCgYEA6FovqDcya6JxivhyVZks98e22sPARwpowI3Nt+gsF5uPcqQMvbot\n"
131 "ACzKHjqxRJyGbioMUI8Ao20/f2PxzeI5wAtH2HPNaN6bCbBXvxlCTMCAokbHSWjW\n"
132 "stK2PXl2cqF/51ED7EPbgxABetGyfudsx22QowSR66Sq3I8UtZnQVUMCgYEAxIBC\n"
133 "EW2oLh9ZUKxEeMuFlMN1FJCCqIx3zeVjUtAC3Vm/VvodEL0KM7w9Y123BfeoWMnG\n"
134 "HaqNUEZRUO/bMvaiIXVykF19NTCxym4s6eKNBwGsdWvxroRm0k37uhflt9A7iVX6\n"
135 "HmDVPYgjLJbPmLc8+Ms5ML6Od7qXKajRFOPmSJcCgYEA28JY6s/x9013+InNkdpD\n"
136 "ZsNU1gpo9IgK1XwJQ1TrRxTRkwtIJbZN06mJLRg0C4HDv7QzW4o1f1zXvsQnsqOy\n"
137 "HUpOFJJKiFJq7roD8/GO/Irh3xn0aSEoV4/l37Te68KF96FvhWoU1xwvWhu1qEN4\n"
138 "ZhLhxt2OqgJfvCXz32LwYYMCgYBVEL0JNHJw/Qs6PEksDdcXLoI509FsS9r1XE9i\n"
139 "I0CKOHb3nTEF9QA8o0nkAUbhI3RSc477esDQNpCvPBalelV3rJNa4c35P8pHuuhg\n"
140 "m723gcb50i/+/7xPYIkP55Z/u3p6mqi7i+nkSFIJ1IOsNe8EOV3ZtzSPqkwUMcvJ\n"
141 "gltHowKBgQDkB76QzH3xb4jABKehkCxVxqyGLKxU7SOZpLpCc/5OHbo12u/CwlwG\n"
142 "uAeidKZk3SJEmj0F1+Aiir2KRv+RX543VvzCtEXNkVViVrirzvjZUGKPdkMWfbF8\n"
143 "OdD7qHPPNu5jSyaroeN6VqfbELpewhYzulMEipckEZlU4+Dxu2k1eQ==\n"
144 "-----END RSA PRIVATE KEY-----\n";
145
146 // Helper function that creates an EcdsaPublicKey from the given PEM encoded
147 // key `pem_encoded_key`, Hash type `hash_type` and key version `key_version`.
GetExpectedEcdsaPublicKeyProto(EcdsaSignatureEncoding encoding)148 EcdsaPublicKey GetExpectedEcdsaPublicKeyProto(EcdsaSignatureEncoding encoding) {
149 EcdsaPublicKey public_key_proto;
150 public_key_proto.set_version(0);
151 public_key_proto.set_x(absl::HexStringToBytes(kEcdsaP256PublicKeyX));
152 public_key_proto.set_y(absl::HexStringToBytes(kEcdsaP256PublicKeyY));
153 public_key_proto.mutable_params()->set_hash_type(HashType::SHA256);
154 public_key_proto.mutable_params()->set_curve(EllipticCurveType::NIST_P256);
155 public_key_proto.mutable_params()->set_encoding(encoding);
156
157 return public_key_proto;
158 }
159
160 // Helper function that creates an RsaSsaPssPublicKey from the given PEM encoded
161 // key `pem_encoded_key`, Hash type `hash_type` and key version `key_version`.
GetRsaSsaPssPublicKeyProto(absl::string_view pem_encoded_key,HashType hash_type,uint32_t key_version)162 util::StatusOr<RsaSsaPssPublicKey> GetRsaSsaPssPublicKeyProto(
163 absl::string_view pem_encoded_key, HashType hash_type,
164 uint32_t key_version) {
165 util::StatusOr<std::unique_ptr<internal::RsaPublicKey>> public_key =
166 subtle::PemParser::ParseRsaPublicKey(pem_encoded_key);
167 if (!public_key.ok()) {
168 return public_key.status();
169 }
170 std::unique_ptr<internal::RsaPublicKey> key_subtle = *std::move(public_key);
171
172 RsaSsaPssPublicKey public_key_proto;
173 public_key_proto.set_version(key_version);
174 public_key_proto.set_e(key_subtle->e);
175 public_key_proto.set_n(key_subtle->n);
176 public_key_proto.mutable_params()->set_mgf1_hash(hash_type);
177 public_key_proto.mutable_params()->set_sig_hash(hash_type);
178 public_key_proto.mutable_params()->set_salt_length(
179 util::Enums::HashLength(hash_type).value());
180
181 return public_key_proto;
182 }
183
184 // Helper function that creates an RsaSsaPssPrivateKey from the given PEM
185 // encoded key `pem_encoded_key`, Hash type `hash_type` and key version
186 // `key_version`.
GetRsaSsaPssPrivateKeyProto(absl::string_view pem_encoded_key,HashType hash_type,uint32_t key_version)187 util::StatusOr<RsaSsaPssPrivateKey> GetRsaSsaPssPrivateKeyProto(
188 absl::string_view pem_encoded_key, HashType hash_type,
189 uint32_t key_version) {
190 // Parse the key with subtle::PemParser to make sure the proto key fields are
191 // correct.
192 util::StatusOr<std::unique_ptr<internal::RsaPrivateKey>> private_key =
193 subtle::PemParser::ParseRsaPrivateKey(pem_encoded_key);
194 if (!private_key.ok()) {
195 return private_key.status();
196 }
197 std::unique_ptr<internal::RsaPrivateKey> key_subtle = *std::move(private_key);
198
199 // Set the inner RSASSA-PSS public key and its parameters.
200 RsaSsaPssPrivateKey private_key_proto;
201
202 private_key_proto.set_version(key_version);
203 private_key_proto.set_d(
204 std::string(util::SecretDataAsStringView(key_subtle->d)));
205 private_key_proto.set_p(
206 std::string(util::SecretDataAsStringView(key_subtle->p)));
207 private_key_proto.set_q(
208 std::string(util::SecretDataAsStringView(key_subtle->q)));
209 private_key_proto.set_dp(
210 std::string(util::SecretDataAsStringView(key_subtle->dp)));
211 private_key_proto.set_dq(
212 std::string(util::SecretDataAsStringView(key_subtle->dq)));
213 private_key_proto.set_crt(
214 std::string(util::SecretDataAsStringView(key_subtle->crt)));
215
216 // Set public key parameters.
217 RsaSsaPssPublicKey* public_key_proto = private_key_proto.mutable_public_key();
218 public_key_proto->set_version(key_version);
219 public_key_proto->set_e(key_subtle->e);
220 public_key_proto->set_n(key_subtle->n);
221 // Set algorithm-specific parameters.
222 public_key_proto->mutable_params()->set_mgf1_hash(hash_type);
223 public_key_proto->mutable_params()->set_sig_hash(hash_type);
224 public_key_proto->mutable_params()->set_salt_length(
225 util::Enums::HashLength(hash_type).value());
226
227 return private_key_proto;
228 }
229
CreatePemKey(absl::string_view serialized_key,crypto::tink::PemKeyType key_type,crypto::tink::PemAlgorithm algorithm,size_t key_size_in_bits,google::crypto::tink::HashType hash_type)230 PemKey CreatePemKey(absl::string_view serialized_key,
231 crypto::tink::PemKeyType key_type,
232 crypto::tink::PemAlgorithm algorithm,
233 size_t key_size_in_bits,
234 google::crypto::tink::HashType hash_type) {
235 PemKey pem_key = {
236 /*serialized_key=*/std::string(serialized_key),
237 /*parameters=*/{key_type, algorithm, key_size_in_bits, hash_type},
238 };
239 return pem_key;
240 }
241
242 // Verify check on PEM array size not zero before creating a reader.
TEST(SignaturePemKeysetReaderTest,BuildEmptyPemArray)243 TEST(SignaturePemKeysetReaderTest, BuildEmptyPemArray) {
244 auto builder = SignaturePemKeysetReaderBuilder(
245 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_SIGN);
246 auto keyset_reader_or = builder.Build();
247 EXPECT_THAT(keyset_reader_or.status(),
248 StatusIs(absl::StatusCode::kInvalidArgument));
249 }
250
251 // Make sure ReadUnencrypted returns an UNSUPPORTED error as expected.
TEST(SignaturePemKeysetReaderTest,ReadEncryptedUnsupported)252 TEST(SignaturePemKeysetReaderTest, ReadEncryptedUnsupported) {
253 auto builder = SignaturePemKeysetReaderBuilder(
254 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
255 builder.Add(CreatePemKey(kRsaPublicKey2048, PemKeyType::PEM_RSA,
256 PemAlgorithm::RSASSA_PSS, /*key_size_in_bits=*/2048,
257 HashType::SHA384));
258
259 auto keyset_reader_or = builder.Build();
260 ASSERT_THAT(keyset_reader_or, IsOk());
261 std::unique_ptr<KeysetReader> keyset_reader =
262 std::move(keyset_reader_or).value();
263
264 EXPECT_THAT(keyset_reader->ReadEncrypted().status(),
265 StatusIs(absl::StatusCode::kUnimplemented));
266 }
267
268 // Verify parsing works correctly on valid inputs.
TEST(SignaturePemKeysetReaderTest,ReadRsaCorrectPublicKey)269 TEST(SignaturePemKeysetReaderTest, ReadRsaCorrectPublicKey) {
270 auto builder = SignaturePemKeysetReaderBuilder(
271 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
272
273 builder.Add(CreatePemKey(kRsaPublicKey2048, PemKeyType::PEM_RSA,
274 PemAlgorithm::RSASSA_PSS, /*key_size_in_bits=*/2048,
275 HashType::SHA384));
276 builder.Add(CreatePemKey(kRsaPublicKey2048, PemKeyType::PEM_RSA,
277 PemAlgorithm::RSASSA_PSS, /*key_size_in_bits=*/2048,
278 HashType::SHA256));
279
280 auto keyset_reader_or = builder.Build();
281 ASSERT_THAT(keyset_reader_or, IsOk());
282 std::unique_ptr<KeysetReader> keyset_reader =
283 std::move(keyset_reader_or).value();
284
285 auto keyset_or = keyset_reader->Read();
286 ASSERT_THAT(keyset_or, IsOk());
287 std::unique_ptr<Keyset> keyset = std::move(keyset_or).value();
288
289 // Key manager to validate key type and key material type.
290 RsaSsaPssVerifyKeyManager verify_key_manager;
291 EXPECT_THAT(keyset->key(), SizeIs(2));
292 EXPECT_EQ(keyset->primary_key_id(), keyset->key(0).key_id());
293 EXPECT_THAT(keyset->key(0).key_id(), Not(Eq(keyset->key(1).key_id())));
294
295 // Build the expectedi primary key.
296 Keyset::Key expected_key1;
297 // ID is randomly generated, so we simply copy the primary key ID.
298 expected_key1.set_key_id(keyset->primary_key_id());
299 expected_key1.set_status(KeyStatusType::ENABLED);
300 expected_key1.set_output_prefix_type(OutputPrefixType::RAW);
301 // Populate the expected primary key KeyData.
302 KeyData* expected_keydata1 = expected_key1.mutable_key_data();
303 expected_keydata1->set_type_url(verify_key_manager.get_key_type());
304 expected_keydata1->set_key_material_type(
305 verify_key_manager.key_material_type());
306
307 util::StatusOr<RsaSsaPssPublicKey> rsa_ssa_pss_pub_key =
308 GetRsaSsaPssPublicKeyProto(kRsaPublicKey2048, HashType::SHA384,
309 verify_key_manager.get_version());
310 ASSERT_THAT(rsa_ssa_pss_pub_key, IsOk());
311 expected_keydata1->set_value(rsa_ssa_pss_pub_key->SerializeAsString());
312 EXPECT_THAT(keyset->key(0), EqualsKey(expected_key1));
313
314 // Build the expected second key.
315 Keyset::Key expected_key2;
316 // ID is randomly generated, so we simply copy the secondary key ID.
317 expected_key2.set_key_id(keyset->key(1).key_id());
318 expected_key2.set_status(KeyStatusType::ENABLED);
319 expected_key2.set_output_prefix_type(OutputPrefixType::RAW);
320 // Populate the expected second key KeyData.
321 KeyData* expected_keydata2 = expected_key2.mutable_key_data();
322 expected_keydata2->set_type_url(verify_key_manager.get_key_type());
323 expected_keydata2->set_key_material_type(
324 verify_key_manager.key_material_type());
325
326 util::StatusOr<RsaSsaPssPublicKey> rsa_ssa_pss_pub_key2 =
327 GetRsaSsaPssPublicKeyProto(kRsaPublicKey2048, HashType::SHA256,
328 verify_key_manager.get_version());
329 ASSERT_THAT(rsa_ssa_pss_pub_key2, IsOk());
330 expected_keydata2->set_value(rsa_ssa_pss_pub_key2->SerializeAsString());
331
332 EXPECT_THAT(keyset->key(1), EqualsKey(expected_key2));
333 }
334
TEST(SignaturePemKeysetReaderTest,ReadRsaCorrectPrivateKey)335 TEST(SignaturePemKeysetReaderTest, ReadRsaCorrectPrivateKey) {
336 auto builder = SignaturePemKeysetReaderBuilder(
337 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_SIGN);
338
339 builder.Add(CreatePemKey(kRsaPrivateKey2048, PemKeyType::PEM_RSA,
340 PemAlgorithm::RSASSA_PSS, /*key_size_in_bits=*/2048,
341 HashType::SHA256));
342 builder.Add(CreatePemKey(kRsaPrivateKey2048, PemKeyType::PEM_RSA,
343 PemAlgorithm::RSASSA_PSS, /*key_size_in_bits=*/2048,
344 HashType::SHA384));
345
346 auto keyset_reader_or = builder.Build();
347 ASSERT_THAT(keyset_reader_or, IsOk());
348 std::unique_ptr<KeysetReader> keyset_reader =
349 std::move(keyset_reader_or).value();
350
351 auto keyset_or = keyset_reader->Read();
352 ASSERT_THAT(keyset_or, IsOk());
353 std::unique_ptr<Keyset> keyset = std::move(keyset_or).value();
354
355 EXPECT_THAT(keyset->key(), SizeIs(2));
356 EXPECT_EQ(keyset->primary_key_id(), keyset->key(0).key_id());
357 EXPECT_THAT(keyset->key(0).key_id(), Not(Eq(keyset->key(1).key_id())));
358
359 // Key manager to validate key type and key material type.
360 RsaSsaPssSignKeyManager sign_key_manager;
361
362 // Build the expected primary key.
363 Keyset::Key expected_key1;
364 // ID is randomly generated, so we simply copy the primary key ID.
365 expected_key1.set_key_id(keyset->primary_key_id());
366 expected_key1.set_status(KeyStatusType::ENABLED);
367 expected_key1.set_output_prefix_type(OutputPrefixType::RAW);
368 // Populate the expected primary key KeyData.
369 KeyData* expected_keydata1 = expected_key1.mutable_key_data();
370 expected_keydata1->set_type_url(sign_key_manager.get_key_type());
371 expected_keydata1->set_key_material_type(
372 sign_key_manager.key_material_type());
373 util::StatusOr<RsaSsaPssPrivateKey> rsa_pss_private_key1 =
374 GetRsaSsaPssPrivateKeyProto(kRsaPrivateKey2048, HashType::SHA256,
375 sign_key_manager.get_version());
376 ASSERT_THAT(rsa_pss_private_key1, IsOk());
377 expected_keydata1->set_value(rsa_pss_private_key1->SerializeAsString());
378 EXPECT_THAT(keyset->key(0), EqualsKey(expected_key1));
379
380 // Build the expected second key.
381 Keyset::Key expected_key2;
382 // ID is randomly generated, so we simply copy the one from the second key.
383 expected_key2.set_key_id(keyset->key(1).key_id());
384 expected_key2.set_status(KeyStatusType::ENABLED);
385 expected_key2.set_output_prefix_type(OutputPrefixType::RAW);
386 // Populate the expected second key KeyData.
387 KeyData* expected_keydata2 = expected_key2.mutable_key_data();
388 expected_keydata2->set_type_url(sign_key_manager.get_key_type());
389 expected_keydata2->set_key_material_type(
390 sign_key_manager.key_material_type());
391 util::StatusOr<RsaSsaPssPrivateKey> rsa_pss_private_key2 =
392 GetRsaSsaPssPrivateKeyProto(kRsaPrivateKey2048, HashType::SHA384,
393 sign_key_manager.get_version());
394 ASSERT_THAT(rsa_pss_private_key2, IsOk());
395 expected_keydata2->set_value(rsa_pss_private_key2->SerializeAsString());
396 EXPECT_THAT(keyset->key(1), EqualsKey(expected_key2));
397 }
398
399 // Expects an INVLID_ARGUMENT when passing a public key to a
400 // PublicKeySignPemKeysetReader.
TEST(SignaturePemKeysetReaderTest,ReadRsaPrivateKeyKeyTypeMismatch)401 TEST(SignaturePemKeysetReaderTest, ReadRsaPrivateKeyKeyTypeMismatch) {
402 auto builder = SignaturePemKeysetReaderBuilder(
403 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_SIGN);
404 builder.Add(CreatePemKey(kRsaPublicKey2048, PemKeyType::PEM_RSA,
405 PemAlgorithm::RSASSA_PSS, /*key_size_in_bits=*/2048,
406 HashType::SHA384));
407
408 auto keyset_reader_or = builder.Build();
409 ASSERT_THAT(keyset_reader_or, IsOk());
410 std::unique_ptr<KeysetReader> keyset_reader =
411 std::move(keyset_reader_or).value();
412
413 EXPECT_THAT(keyset_reader->Read().status(),
414 StatusIs(absl::StatusCode::kInvalidArgument));
415 }
416
417 // Expects an INVLID_ARGUMENT when passing a private key to a
418 // PublicKeyVerifyPemKeysetReader.
TEST(SignaturePemKeysetReaderTest,ReadRsaPublicKeyKeyTypeMismatch)419 TEST(SignaturePemKeysetReaderTest, ReadRsaPublicKeyKeyTypeMismatch) {
420 auto builder = SignaturePemKeysetReaderBuilder(
421 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
422
423 builder.Add(CreatePemKey(kRsaPrivateKey2048, PemKeyType::PEM_RSA,
424 PemAlgorithm::RSASSA_PSS, /*key_size_in_bits=*/2048,
425 HashType::SHA256));
426
427 auto keyset_reader_or = builder.Build();
428 ASSERT_THAT(keyset_reader_or, IsOk());
429 std::unique_ptr<KeysetReader> keyset_reader =
430 std::move(keyset_reader_or).value();
431
432 EXPECT_THAT(keyset_reader->Read().status(),
433 StatusIs(absl::StatusCode::kInvalidArgument));
434 }
435
436 // Expects an INVALID_ARGUMENT error as the key size is too small.
TEST(SignaturePemKeysetReaderTest,ReadRsaPublicKeyTooSmall)437 TEST(SignaturePemKeysetReaderTest, ReadRsaPublicKeyTooSmall) {
438 auto builder = SignaturePemKeysetReaderBuilder(
439 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
440
441 builder.Add(CreatePemKey(kRsaPublicKey1024, PemKeyType::PEM_RSA,
442 PemAlgorithm::RSASSA_PSS, /*key_size_in_bits=*/1024,
443 HashType::SHA256));
444
445 auto keyset_reader_or = builder.Build();
446 ASSERT_THAT(keyset_reader_or, IsOk());
447 std::unique_ptr<KeysetReader> keyset_reader =
448 std::move(keyset_reader_or).value();
449
450 EXPECT_THAT(keyset_reader->Read().status(),
451 StatusIs(absl::StatusCode::kInvalidArgument));
452 }
453
454 // Expects an INVALID_ARGUMENT error as the key is 2048 bits, but PemKeyParams
455 // reports 3072.
TEST(SignaturePemKeysetReaderTest,ReadRsaPublicKeySizeMismatch)456 TEST(SignaturePemKeysetReaderTest, ReadRsaPublicKeySizeMismatch) {
457 auto builder = SignaturePemKeysetReaderBuilder(
458 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
459
460 builder.Add(CreatePemKey(kRsaPublicKey2048, PemKeyType::PEM_RSA,
461 PemAlgorithm::RSASSA_PSS, /*key_size_in_bits=*/3072,
462 HashType::SHA256));
463
464 auto keyset_reader_or = builder.Build();
465 ASSERT_THAT(keyset_reader_or, IsOk());
466 std::unique_ptr<KeysetReader> keyset_reader =
467 std::move(keyset_reader_or).value();
468
469 EXPECT_THAT(keyset_reader->Read().status(),
470 StatusIs(absl::StatusCode::kInvalidArgument));
471 }
472
473 // Expects an INVALID_ARGUMENT error as SHA1 is not allowed.
TEST(SignaturePemKeysetReaderTest,ReadRsaPublicKeyInvalidHashType)474 TEST(SignaturePemKeysetReaderTest, ReadRsaPublicKeyInvalidHashType) {
475 auto builder = SignaturePemKeysetReaderBuilder(
476 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
477
478 builder.Add(CreatePemKey(kRsaPublicKey2048, PemKeyType::PEM_RSA,
479 PemAlgorithm::RSASSA_PSS, /*key_size_in_bits=*/2048,
480 HashType::SHA1));
481
482 auto keyset_reader_or = builder.Build();
483 ASSERT_THAT(keyset_reader_or, IsOk());
484 std::unique_ptr<KeysetReader> keyset_reader =
485 std::move(keyset_reader_or).value();
486
487 EXPECT_THAT(keyset_reader->Read().status(),
488 StatusIs(absl::StatusCode::kInvalidArgument));
489 }
490
TEST(SignaturePemKeysetReaderTest,ReadECDSACorrectPublicKey)491 TEST(SignaturePemKeysetReaderTest, ReadECDSACorrectPublicKey) {
492 auto builder = SignaturePemKeysetReaderBuilder(
493 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
494
495 builder.Add(CreatePemKey(kEcdsaP256PublicKey, PemKeyType::PEM_EC,
496 PemAlgorithm::ECDSA_IEEE, /*key_size_in_bits=*/256,
497 HashType::SHA256));
498
499 builder.Add(CreatePemKey(kEcdsaP256PublicKey, PemKeyType::PEM_EC,
500 PemAlgorithm::ECDSA_DER, /*key_size_in_bits=*/256,
501 HashType::SHA256));
502
503 auto reader = builder.Build();
504 ASSERT_THAT(reader, IsOk());
505
506 auto keyset_read = reader->get()->Read();
507 ASSERT_THAT(keyset_read, IsOk());
508 std::unique_ptr<Keyset> keyset = std::move(keyset_read).value();
509
510 // Key manager to validate key type and key material type.
511 EcdsaVerifyKeyManager key_manager;
512 EXPECT_THAT(keyset->key(), SizeIs(2));
513 EXPECT_THAT(keyset->primary_key_id(), keyset->key(0).key_id());
514 EXPECT_THAT(keyset->key(0).key_id(), Not(Eq(keyset->key(1).key_id())));
515
516 // Build the expected primary key.
517 Keyset::Key expected_primary;
518 // ID is randomly generated, so we simply copy the primary key ID.
519 expected_primary.set_key_id(keyset->primary_key_id());
520 expected_primary.set_status(KeyStatusType::ENABLED);
521 expected_primary.set_output_prefix_type(OutputPrefixType::RAW);
522
523 // Populate the expected primary key KeyData.
524 KeyData* expected_primary_data = expected_primary.mutable_key_data();
525 expected_primary_data->set_type_url(key_manager.get_key_type());
526 expected_primary_data->set_key_material_type(key_manager.key_material_type());
527 expected_primary_data->set_value(
528 GetExpectedEcdsaPublicKeyProto(
529 EcdsaSignatureEncoding::IEEE_P1363).SerializeAsString());
530 EXPECT_THAT(keyset->key(0), EqualsKey(expected_primary))
531 << "expected key: " << expected_primary.DebugString();
532
533 // Build the expected secondary key.
534 Keyset::Key expected_secondary;
535 // ID is randomly generated, so we simply copy the primary key ID.
536 expected_secondary.set_key_id(keyset->key(1).key_id());
537 expected_secondary.set_status(KeyStatusType::ENABLED);
538 expected_secondary.set_output_prefix_type(OutputPrefixType::RAW);
539
540 // Populate the expected secondary key KeyData.
541 KeyData* expected_secondary_data = expected_secondary.mutable_key_data();
542 expected_secondary_data->set_type_url(key_manager.get_key_type());
543 expected_secondary_data->set_key_material_type(
544 key_manager.key_material_type());
545 expected_secondary_data->set_value(
546 GetExpectedEcdsaPublicKeyProto(
547 EcdsaSignatureEncoding::DER).SerializeAsString());
548 EXPECT_THAT(keyset->key(1), EqualsKey(expected_secondary))
549 << "expected key: " << expected_secondary.DebugString();
550 }
551
TEST(SignaturePemKeysetReaderTest,ReadECDSAWrongHashType)552 TEST(SignaturePemKeysetReaderTest, ReadECDSAWrongHashType) {
553 auto builder = SignaturePemKeysetReaderBuilder(
554 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
555
556 builder.Add(CreatePemKey(kEcdsaP256PublicKey, PemKeyType::PEM_EC,
557 PemAlgorithm::ECDSA_IEEE, /*key_size_in_bits=*/256,
558 HashType::SHA512));
559
560 auto reader = builder.Build();
561 ASSERT_THAT(reader, IsOk());
562 auto keyset_read = reader->get()->Read();
563 ASSERT_THAT(keyset_read.status(),
564 StatusIs(absl::StatusCode::kInvalidArgument));
565 }
566
TEST(SignaturePemKeysetReaderTest,ReadECDSAWrongKeySize)567 TEST(SignaturePemKeysetReaderTest, ReadECDSAWrongKeySize) {
568 auto builder = SignaturePemKeysetReaderBuilder(
569 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
570
571 builder.Add(CreatePemKey(kEcdsaP256PublicKey, PemKeyType::PEM_EC,
572 PemAlgorithm::ECDSA_IEEE, /*key_size_in_bits=*/512,
573 HashType::SHA256));
574
575 auto reader = builder.Build();
576 ASSERT_THAT(reader, IsOk());
577 auto keyset_read = reader->get()->Read();
578 ASSERT_THAT(keyset_read.status(),
579 StatusIs(absl::StatusCode::kInvalidArgument));
580 }
581
TEST(SignaturePemKeysetReaderTest,ReadECDSAWrongAlgorithm)582 TEST(SignaturePemKeysetReaderTest, ReadECDSAWrongAlgorithm) {
583 auto builder = SignaturePemKeysetReaderBuilder(
584 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
585
586 builder.Add(CreatePemKey(kEcdsaP256PublicKey, PemKeyType::PEM_EC,
587 PemAlgorithm::RSASSA_PSS, /*key_size_in_bits=*/256,
588 HashType::SHA256));
589
590 auto reader = builder.Build();
591 ASSERT_THAT(reader, IsOk());
592 auto keyset_read = reader->get()->Read();
593 ASSERT_THAT(keyset_read.status(),
594 StatusIs(absl::StatusCode::kInvalidArgument));
595 }
596
TEST(SignaturePemKeysetReaderTest,ReadEd25519ShouldFail)597 TEST(SignaturePemKeysetReaderTest, ReadEd25519ShouldFail) {
598 auto builder = SignaturePemKeysetReaderBuilder(
599 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
600
601 builder.Add(CreatePemKey(kEd25519PublicKey, PemKeyType::PEM_EC,
602 PemAlgorithm::ECDSA_IEEE, /*key_size_in_bits=*/256,
603 HashType::SHA256));
604
605 auto reader = builder.Build();
606 ASSERT_THAT(reader, IsOk());
607 auto keyset_read = reader->get()->Read();
608 ASSERT_THAT(keyset_read.status(),
609 StatusIs(absl::StatusCode::kInvalidArgument));
610 }
611
TEST(SignaturePemKeysetReaderTest,ReadSecp256k1ShouldFail)612 TEST(SignaturePemKeysetReaderTest, ReadSecp256k1ShouldFail) {
613 auto builder = SignaturePemKeysetReaderBuilder(
614 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
615
616 builder.Add(CreatePemKey(kSecp256k1PublicKey, PemKeyType::PEM_EC,
617 PemAlgorithm::ECDSA_IEEE, /*key_size_in_bits=*/256,
618 HashType::SHA256));
619
620 auto reader = builder.Build();
621 ASSERT_THAT(reader, IsOk());
622 auto keyset_read = reader->get()->Read();
623 // With BoringSSL parsing of the PEM key fails when an unsupported curve is
624 // used [1]; Supported curves are defined here [2]. Tink doesn't distinguish
625 // between an error caused by a malformed PEM and an unsupported group by
626 // BoringSSL. On the other hand, with OpenSSL parsing succeeds, but this
627 // curve is unsupported by Tink. As a consequence, this fails with two
628 // different errors.
629 //
630 // [1]https://github.com/google/boringssl/blob/master/crypto/ec_extra/ec_asn1.c#L324
631 // [2]https://github.com/google/boringssl/blob/master/crypto/fipsmodule/ec/ec.c#L218
632 if (internal::IsBoringSsl()) {
633 EXPECT_THAT(keyset_read.status(),
634 StatusIs(absl::StatusCode::kInvalidArgument));
635 } else {
636 EXPECT_THAT(keyset_read.status(),
637 StatusIs(absl::StatusCode::kUnimplemented));
638 }
639 }
640
TEST(SignaturePemKeysetReaderTest,ReadEcdsaP384ShouldFail)641 TEST(SignaturePemKeysetReaderTest, ReadEcdsaP384ShouldFail) {
642 auto builder = SignaturePemKeysetReaderBuilder(
643 SignaturePemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
644
645 builder.Add(CreatePemKey(kEcdsaP384PublicKey, PemKeyType::PEM_EC,
646 PemAlgorithm::ECDSA_IEEE, /*key_size_in_bits=*/384,
647 HashType::SHA384));
648
649 auto reader = builder.Build();
650 ASSERT_THAT(reader, IsOk());
651 auto keyset_read = reader->get()->Read();
652 ASSERT_THAT(keyset_read.status(),
653 StatusIs(absl::StatusCode::kInvalidArgument));
654 }
655
656 } // namespace
657 } // namespace tink
658 } // namespace crypto
659