cc/util/test_util.cc

*e7b1675dSTing-Kang Chang// Copyright 2017 Google Inc.
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License");
*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License.
*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang//     http://www.apache.org/licenses/LICENSE-2.0
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software
*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS,
*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and
*e7b1675dSTing-Kang Chang// limitations under the License.
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang///////////////////////////////////////////////////////////////////////////////
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include "tink/util/test_util.h"
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include <stdarg.h>
*e7b1675dSTing-Kang Chang#include <stdlib.h>
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include <cmath>
*e7b1675dSTing-Kang Chang#include <cstdint>
*e7b1675dSTing-Kang Chang#include <cstdlib>
*e7b1675dSTing-Kang Chang#include <fstream>
*e7b1675dSTing-Kang Chang#include <ios>
*e7b1675dSTing-Kang Chang#include <iostream>
*e7b1675dSTing-Kang Chang#include <memory>
*e7b1675dSTing-Kang Chang#include <ostream>
*e7b1675dSTing-Kang Chang#include <sstream>
*e7b1675dSTing-Kang Chang#include <string>
*e7b1675dSTing-Kang Chang#include <vector>
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include "absl/memory/memory.h"
*e7b1675dSTing-Kang Chang#include "absl/status/status.h"
*e7b1675dSTing-Kang Chang#include "absl/strings/str_cat.h"
*e7b1675dSTing-Kang Chang#include "absl/strings/str_join.h"
*e7b1675dSTing-Kang Chang#include "tink/aead/aes_ctr_hmac_aead_key_manager.h"
*e7b1675dSTing-Kang Chang#include "tink/aead/aes_gcm_key_manager.h"
*e7b1675dSTing-Kang Chang#include "tink/aead/xchacha20_poly1305_key_manager.h"
*e7b1675dSTing-Kang Chang#include "tink/cleartext_keyset_handle.h"
*e7b1675dSTing-Kang Chang#include "tink/daead/aes_siv_key_manager.h"
*e7b1675dSTing-Kang Chang#include "tink/internal/ec_util.h"
*e7b1675dSTing-Kang Chang#include "tink/keyset_handle.h"
*e7b1675dSTing-Kang Chang#include "tink/subtle/common_enums.h"
*e7b1675dSTing-Kang Chang#include "tink/subtle/random.h"
*e7b1675dSTing-Kang Chang#include "tink/util/enums.h"
*e7b1675dSTing-Kang Chang#include "tink/util/protobuf_helper.h"
*e7b1675dSTing-Kang Chang#include "tink/util/secret_data.h"
*e7b1675dSTing-Kang Chang#include "tink/util/status.h"
*e7b1675dSTing-Kang Chang#include "tink/util/statusor.h"
*e7b1675dSTing-Kang Chang#include "proto/aes_ctr.pb.h"
*e7b1675dSTing-Kang Chang#include "proto/aes_ctr_hmac_aead.pb.h"
*e7b1675dSTing-Kang Chang#include "proto/aes_siv.pb.h"
*e7b1675dSTing-Kang Chang#include "proto/common.pb.h"
*e7b1675dSTing-Kang Chang#include "proto/ecdsa.pb.h"
*e7b1675dSTing-Kang Chang#include "proto/ecies_aead_hkdf.pb.h"
*e7b1675dSTing-Kang Chang#include "proto/ed25519.pb.h"
*e7b1675dSTing-Kang Chang#include "proto/hmac.pb.h"
*e7b1675dSTing-Kang Chang#include "proto/tink.pb.h"
*e7b1675dSTing-Kang Chang#include "proto/xchacha20_poly1305.pb.h"
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changusing crypto::tink::util::Enums;
*e7b1675dSTing-Kang Changusing crypto::tink::util::Status;
*e7b1675dSTing-Kang Changusing google::crypto::tink::AesGcmKeyFormat;
*e7b1675dSTing-Kang Changusing google::crypto::tink::EcdsaPrivateKey;
*e7b1675dSTing-Kang Changusing google::crypto::tink::EciesAeadHkdfPrivateKey;
*e7b1675dSTing-Kang Changusing google::crypto::tink::Ed25519PrivateKey;
*e7b1675dSTing-Kang Changusing google::crypto::tink::Keyset;
*e7b1675dSTing-Kang Changusing google::crypto::tink::OutputPrefixType;
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changnamespace crypto {
*e7b1675dSTing-Kang Changnamespace tink {
*e7b1675dSTing-Kang Changnamespace test {
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changstd::string ReadTestFile(absl::string_view filename) {
*e7b1675dSTing-Kang Chang  std::string full_filename = absl::StrCat(test::TmpDir(), "/", filename);
*e7b1675dSTing-Kang Chang  std::ifstream input_stream(full_filename, std::ios::binary);
*e7b1675dSTing-Kang Chang  if (!input_stream) {
*e7b1675dSTing-Kang Chang    std::clog << "Cannot open file " << full_filename << std::endl;
*e7b1675dSTing-Kang Chang    exit(1);
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  std::stringstream buffer;
*e7b1675dSTing-Kang Chang  buffer << input_stream.rdbuf();
*e7b1675dSTing-Kang Chang  return buffer.str();
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changutil::StatusOr<std::string> HexDecode(absl::string_view hex) {
*e7b1675dSTing-Kang Chang  if (hex.size() % 2 != 0) {
*e7b1675dSTing-Kang Chang    return util::Status(absl::StatusCode::kInvalidArgument,
*e7b1675dSTing-Kang Chang                        "Input has odd size.");
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  std::string decoded(hex.size() / 2, static_cast<char>(0));
*e7b1675dSTing-Kang Chang  for (size_t i = 0; i < hex.size(); ++i) {
*e7b1675dSTing-Kang Chang    char c = hex[i];
*e7b1675dSTing-Kang Chang    char val;
*e7b1675dSTing-Kang Chang    if ('0' <= c && c <= '9')
*e7b1675dSTing-Kang Chang      val = c - '0';
*e7b1675dSTing-Kang Chang    else if ('a' <= c && c <= 'f')
*e7b1675dSTing-Kang Chang      val = c - 'a' + 10;
*e7b1675dSTing-Kang Chang    else if ('A' <= c && c <= 'F')
*e7b1675dSTing-Kang Chang      val = c - 'A' + 10;
*e7b1675dSTing-Kang Chang    else
*e7b1675dSTing-Kang Chang      return util::Status(absl::StatusCode::kInvalidArgument,
*e7b1675dSTing-Kang Chang                          "Not hexadecimal");
*e7b1675dSTing-Kang Chang    decoded[i / 2] = (decoded[i / 2] << 4) | val;
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  return decoded;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changstd::string HexDecodeOrDie(absl::string_view hex) {
*e7b1675dSTing-Kang Chang  return HexDecode(hex).value();
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changstd::string HexEncode(absl::string_view bytes) {
*e7b1675dSTing-Kang Chang  std::string hexchars = "0123456789abcdef";
*e7b1675dSTing-Kang Chang  std::string res(bytes.size() * 2, static_cast<char>(255));
*e7b1675dSTing-Kang Chang  for (size_t i = 0; i < bytes.size(); ++i) {
*e7b1675dSTing-Kang Chang    uint8_t c = static_cast<uint8_t>(bytes[i]);
*e7b1675dSTing-Kang Chang    res[2 * i] = hexchars[c / 16];
*e7b1675dSTing-Kang Chang    res[2 * i + 1] = hexchars[c % 16];
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  return res;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changstd::string TmpDir() {
*e7b1675dSTing-Kang Chang  // Try the following environment variables in order:
*e7b1675dSTing-Kang Chang  //  - TEST_TMPDIR: Set by `bazel test`.
*e7b1675dSTing-Kang Chang  //  - TMPDIR: Set by some Tink tests.
*e7b1675dSTing-Kang Chang  //  - TEMP, TMP: Set on Windows; they contain the tmp dir's path.
*e7b1675dSTing-Kang Chang  for (const std::string& tmp_env_variable :
*e7b1675dSTing-Kang Chang       {"TEST_TMPDIR", "TMPDIR", "TEMP", "TMP"}) {
*e7b1675dSTing-Kang Chang    const char* env = getenv(tmp_env_variable.c_str());
*e7b1675dSTing-Kang Chang    if (env && env[0] != '\0') {
*e7b1675dSTing-Kang Chang      return env;
*e7b1675dSTing-Kang Chang    }
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  // Tmp dir on Linux/macOS.
*e7b1675dSTing-Kang Chang  return "/tmp";
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changvoid AddKeyData(const google::crypto::tink::KeyData& key_data, uint32_t key_id,
*e7b1675dSTing-Kang Chang                google::crypto::tink::OutputPrefixType output_prefix,
*e7b1675dSTing-Kang Chang                google::crypto::tink::KeyStatusType key_status,
*e7b1675dSTing-Kang Chang                google::crypto::tink::Keyset* keyset) {
*e7b1675dSTing-Kang Chang  Keyset::Key* key = keyset->add_key();
*e7b1675dSTing-Kang Chang  key->set_output_prefix_type(output_prefix);
*e7b1675dSTing-Kang Chang  key->set_key_id(key_id);
*e7b1675dSTing-Kang Chang  key->set_status(key_status);
*e7b1675dSTing-Kang Chang  *key->mutable_key_data() = key_data;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changvoid AddKey(const std::string& key_type, uint32_t key_id,
*e7b1675dSTing-Kang Chang            const portable_proto::MessageLite& new_key,
*e7b1675dSTing-Kang Chang            google::crypto::tink::OutputPrefixType output_prefix,
*e7b1675dSTing-Kang Chang            google::crypto::tink::KeyStatusType key_status,
*e7b1675dSTing-Kang Chang            google::crypto::tink::KeyData::KeyMaterialType material_type,
*e7b1675dSTing-Kang Chang            google::crypto::tink::Keyset* keyset) {
*e7b1675dSTing-Kang Chang  google::crypto::tink::KeyData key_data;
*e7b1675dSTing-Kang Chang  key_data.set_type_url(key_type);
*e7b1675dSTing-Kang Chang  key_data.set_key_material_type(material_type);
*e7b1675dSTing-Kang Chang  key_data.set_value(new_key.SerializeAsString());
*e7b1675dSTing-Kang Chang  AddKeyData(key_data, key_id, output_prefix, key_status, keyset);
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changvoid AddTinkKey(const std::string& key_type, uint32_t key_id,
*e7b1675dSTing-Kang Chang                const portable_proto::MessageLite& key,
*e7b1675dSTing-Kang Chang                google::crypto::tink::KeyStatusType key_status,
*e7b1675dSTing-Kang Chang                google::crypto::tink::KeyData::KeyMaterialType material_type,
*e7b1675dSTing-Kang Chang                google::crypto::tink::Keyset* keyset) {
*e7b1675dSTing-Kang Chang  AddKey(key_type, key_id, key, OutputPrefixType::TINK,
*e7b1675dSTing-Kang Chang         key_status, material_type, keyset);
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changvoid AddLegacyKey(const std::string& key_type, uint32_t key_id,
*e7b1675dSTing-Kang Chang                  const portable_proto::MessageLite& key,
*e7b1675dSTing-Kang Chang                  google::crypto::tink::KeyStatusType key_status,
*e7b1675dSTing-Kang Chang                  google::crypto::tink::KeyData::KeyMaterialType material_type,
*e7b1675dSTing-Kang Chang                  google::crypto::tink::Keyset* keyset) {
*e7b1675dSTing-Kang Chang  AddKey(key_type, key_id, key, OutputPrefixType::LEGACY,
*e7b1675dSTing-Kang Chang         key_status, material_type, keyset);
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changvoid AddRawKey(const std::string& key_type, uint32_t key_id,
*e7b1675dSTing-Kang Chang               const portable_proto::MessageLite& key,
*e7b1675dSTing-Kang Chang               google::crypto::tink::KeyStatusType key_status,
*e7b1675dSTing-Kang Chang               google::crypto::tink::KeyData::KeyMaterialType material_type,
*e7b1675dSTing-Kang Chang               google::crypto::tink::Keyset* keyset) {
*e7b1675dSTing-Kang Chang  AddKey(key_type, key_id, key, OutputPrefixType::RAW,
*e7b1675dSTing-Kang Chang         key_status, material_type, keyset);
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang ChangEciesAeadHkdfPrivateKey GetEciesAesGcmHkdfTestKey(
*e7b1675dSTing-Kang Chang    subtle::EllipticCurveType curve_type,
*e7b1675dSTing-Kang Chang    subtle::EcPointFormat ec_point_format,
*e7b1675dSTing-Kang Chang    subtle::HashType hash_type,
*e7b1675dSTing-Kang Chang    uint32_t aes_gcm_key_size) {
*e7b1675dSTing-Kang Chang  return GetEciesAesGcmHkdfTestKey(
*e7b1675dSTing-Kang Chang      Enums::SubtleToProto(curve_type),
*e7b1675dSTing-Kang Chang      Enums::SubtleToProto(ec_point_format),
*e7b1675dSTing-Kang Chang      Enums::SubtleToProto(hash_type),
*e7b1675dSTing-Kang Chang      aes_gcm_key_size);
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang ChangEciesAeadHkdfPrivateKey GetEciesAeadHkdfTestKey(
*e7b1675dSTing-Kang Chang    google::crypto::tink::EllipticCurveType curve_type,
*e7b1675dSTing-Kang Chang    google::crypto::tink::EcPointFormat ec_point_format,
*e7b1675dSTing-Kang Chang    google::crypto::tink::HashType hash_type) {
*e7b1675dSTing-Kang Chang  auto test_key = internal::NewEcKey(Enums::ProtoToSubtle(curve_type)).value();
*e7b1675dSTing-Kang Chang  EciesAeadHkdfPrivateKey ecies_key;
*e7b1675dSTing-Kang Chang  ecies_key.set_version(0);
*e7b1675dSTing-Kang Chang  ecies_key.set_key_value(
*e7b1675dSTing-Kang Chang      std::string(util::SecretDataAsStringView(test_key.priv)));
*e7b1675dSTing-Kang Chang  auto public_key = ecies_key.mutable_public_key();
*e7b1675dSTing-Kang Chang  public_key->set_version(0);
*e7b1675dSTing-Kang Chang  public_key->set_x(test_key.pub_x);
*e7b1675dSTing-Kang Chang  public_key->set_y(test_key.pub_y);
*e7b1675dSTing-Kang Chang  auto params = public_key->mutable_params();
*e7b1675dSTing-Kang Chang  params->set_ec_point_format(ec_point_format);
*e7b1675dSTing-Kang Chang  params->mutable_kem_params()->set_curve_type(curve_type);
*e7b1675dSTing-Kang Chang  params->mutable_kem_params()->set_hkdf_hash_type(hash_type);
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  return ecies_key;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang ChangEciesAeadHkdfPrivateKey GetEciesAesGcmHkdfTestKey(
*e7b1675dSTing-Kang Chang    google::crypto::tink::EllipticCurveType curve_type,
*e7b1675dSTing-Kang Chang    google::crypto::tink::EcPointFormat ec_point_format,
*e7b1675dSTing-Kang Chang    google::crypto::tink::HashType hash_type, uint32_t aes_gcm_key_size) {
*e7b1675dSTing-Kang Chang  auto ecies_key =
*e7b1675dSTing-Kang Chang      GetEciesAeadHkdfTestKey(curve_type, ec_point_format, hash_type);
*e7b1675dSTing-Kang Chang  auto params = ecies_key.mutable_public_key()->mutable_params();
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  AesGcmKeyFormat key_format;
*e7b1675dSTing-Kang Chang  key_format.set_key_size(aes_gcm_key_size);
*e7b1675dSTing-Kang Chang  auto aead_dem = params->mutable_dem_params()->mutable_aead_dem();
*e7b1675dSTing-Kang Chang  std::unique_ptr<AesGcmKeyManager> key_manager(new AesGcmKeyManager());
*e7b1675dSTing-Kang Chang  std::string dem_key_type = key_manager->get_key_type();
*e7b1675dSTing-Kang Chang  aead_dem->set_type_url(dem_key_type);
*e7b1675dSTing-Kang Chang  aead_dem->set_value(key_format.SerializeAsString());
*e7b1675dSTing-Kang Chang  return ecies_key;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang ChangEciesAeadHkdfPrivateKey GetEciesAesCtrHmacHkdfTestKey(
*e7b1675dSTing-Kang Chang    google::crypto::tink::EllipticCurveType curve_type,
*e7b1675dSTing-Kang Chang    google::crypto::tink::EcPointFormat ec_point_format,
*e7b1675dSTing-Kang Chang    google::crypto::tink::HashType hash_type, uint32_t aes_ctr_key_size,
*e7b1675dSTing-Kang Chang    uint32_t aes_ctr_iv_size, google::crypto::tink::HashType hmac_hash_type,
*e7b1675dSTing-Kang Chang    uint32_t hmac_tag_size, uint32_t hmac_key_size) {
*e7b1675dSTing-Kang Chang  auto ecies_key =
*e7b1675dSTing-Kang Chang      GetEciesAeadHkdfTestKey(curve_type, ec_point_format, hash_type);
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  google::crypto::tink::AesCtrHmacAeadKeyFormat key_format;
*e7b1675dSTing-Kang Chang  auto aes_ctr_key_format = key_format.mutable_aes_ctr_key_format();
*e7b1675dSTing-Kang Chang  auto aes_ctr_params = aes_ctr_key_format->mutable_params();
*e7b1675dSTing-Kang Chang  aes_ctr_params->set_iv_size(aes_ctr_iv_size);
*e7b1675dSTing-Kang Chang  aes_ctr_key_format->set_key_size(aes_ctr_key_size);
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  auto hmac_key_format = key_format.mutable_hmac_key_format();
*e7b1675dSTing-Kang Chang  auto hmac_params = hmac_key_format->mutable_params();
*e7b1675dSTing-Kang Chang  hmac_params->set_hash(hmac_hash_type);
*e7b1675dSTing-Kang Chang  hmac_params->set_tag_size(hmac_tag_size);
*e7b1675dSTing-Kang Chang  hmac_key_format->set_key_size(hmac_key_size);
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  auto params = ecies_key.mutable_public_key()->mutable_params();
*e7b1675dSTing-Kang Chang  auto aead_dem = params->mutable_dem_params()->mutable_aead_dem();
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  std::unique_ptr<AesCtrHmacAeadKeyManager> key_manager(
*e7b1675dSTing-Kang Chang      new AesCtrHmacAeadKeyManager());
*e7b1675dSTing-Kang Chang  std::string dem_key_type = key_manager->get_key_type();
*e7b1675dSTing-Kang Chang  aead_dem->set_type_url(dem_key_type);
*e7b1675dSTing-Kang Chang  aead_dem->set_value(key_format.SerializeAsString());
*e7b1675dSTing-Kang Chang  return ecies_key;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang ChangEciesAeadHkdfPrivateKey GetEciesXChaCha20Poly1305HkdfTestKey(
*e7b1675dSTing-Kang Chang    google::crypto::tink::EllipticCurveType curve_type,
*e7b1675dSTing-Kang Chang    google::crypto::tink::EcPointFormat ec_point_format,
*e7b1675dSTing-Kang Chang    google::crypto::tink::HashType hash_type) {
*e7b1675dSTing-Kang Chang  auto ecies_key =
*e7b1675dSTing-Kang Chang      GetEciesAeadHkdfTestKey(curve_type, ec_point_format, hash_type);
*e7b1675dSTing-Kang Chang  auto params = ecies_key.mutable_public_key()->mutable_params();
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  google::crypto::tink::XChaCha20Poly1305KeyFormat key_format;
*e7b1675dSTing-Kang Chang  auto aead_dem = params->mutable_dem_params()->mutable_aead_dem();
*e7b1675dSTing-Kang Chang  std::unique_ptr<XChaCha20Poly1305KeyManager> key_manager(
*e7b1675dSTing-Kang Chang      new XChaCha20Poly1305KeyManager());
*e7b1675dSTing-Kang Chang  std::string dem_key_type = key_manager->get_key_type();
*e7b1675dSTing-Kang Chang  aead_dem->set_type_url(dem_key_type);
*e7b1675dSTing-Kang Chang  aead_dem->set_value(key_format.SerializeAsString());
*e7b1675dSTing-Kang Chang  return ecies_key;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changgoogle::crypto::tink::EciesAeadHkdfPrivateKey GetEciesAesSivHkdfTestKey(
*e7b1675dSTing-Kang Chang    google::crypto::tink::EllipticCurveType curve_type,
*e7b1675dSTing-Kang Chang    google::crypto::tink::EcPointFormat ec_point_format,
*e7b1675dSTing-Kang Chang    google::crypto::tink::HashType hash_type) {
*e7b1675dSTing-Kang Chang  auto ecies_key =
*e7b1675dSTing-Kang Chang      GetEciesAeadHkdfTestKey(curve_type, ec_point_format, hash_type);
*e7b1675dSTing-Kang Chang  auto params = ecies_key.mutable_public_key()->mutable_params();
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  google::crypto::tink::AesSivKeyFormat key_format;
*e7b1675dSTing-Kang Chang  key_format.set_key_size(64);
*e7b1675dSTing-Kang Chang  auto aead_dem = params->mutable_dem_params()->mutable_aead_dem();
*e7b1675dSTing-Kang Chang  AesSivKeyManager key_manager;
*e7b1675dSTing-Kang Chang  std::string dem_key_type = key_manager.get_key_type();
*e7b1675dSTing-Kang Chang  aead_dem->set_type_url(dem_key_type);
*e7b1675dSTing-Kang Chang  aead_dem->set_value(key_format.SerializeAsString());
*e7b1675dSTing-Kang Chang  return ecies_key;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang ChangEcdsaPrivateKey GetEcdsaTestPrivateKey(
*e7b1675dSTing-Kang Chang    subtle::EllipticCurveType curve_type, subtle::HashType hash_type,
*e7b1675dSTing-Kang Chang    subtle::EcdsaSignatureEncoding encoding) {
*e7b1675dSTing-Kang Chang  return GetEcdsaTestPrivateKey(Enums::SubtleToProto(curve_type),
*e7b1675dSTing-Kang Chang                                Enums::SubtleToProto(hash_type),
*e7b1675dSTing-Kang Chang                                Enums::SubtleToProto(encoding));
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang ChangEcdsaPrivateKey GetEcdsaTestPrivateKey(
*e7b1675dSTing-Kang Chang    google::crypto::tink::EllipticCurveType curve_type,
*e7b1675dSTing-Kang Chang    google::crypto::tink::HashType hash_type,
*e7b1675dSTing-Kang Chang    google::crypto::tink::EcdsaSignatureEncoding encoding) {
*e7b1675dSTing-Kang Chang  auto test_key = internal::NewEcKey(Enums::ProtoToSubtle(curve_type)).value();
*e7b1675dSTing-Kang Chang  EcdsaPrivateKey ecdsa_key;
*e7b1675dSTing-Kang Chang  ecdsa_key.set_version(0);
*e7b1675dSTing-Kang Chang  ecdsa_key.set_key_value(
*e7b1675dSTing-Kang Chang      std::string(util::SecretDataAsStringView(test_key.priv)));
*e7b1675dSTing-Kang Chang  auto public_key = ecdsa_key.mutable_public_key();
*e7b1675dSTing-Kang Chang  public_key->set_version(0);
*e7b1675dSTing-Kang Chang  public_key->set_x(test_key.pub_x);
*e7b1675dSTing-Kang Chang  public_key->set_y(test_key.pub_y);
*e7b1675dSTing-Kang Chang  auto params = public_key->mutable_params();
*e7b1675dSTing-Kang Chang  params->set_hash_type(hash_type);
*e7b1675dSTing-Kang Chang  params->set_curve(curve_type);
*e7b1675dSTing-Kang Chang  params->set_encoding(encoding);
*e7b1675dSTing-Kang Chang  return ecdsa_key;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang ChangEd25519PrivateKey GetEd25519TestPrivateKey() {
*e7b1675dSTing-Kang Chang  auto test_key = internal::NewEd25519Key().value();
*e7b1675dSTing-Kang Chang  Ed25519PrivateKey ed25519_key;
*e7b1675dSTing-Kang Chang  ed25519_key.set_version(0);
*e7b1675dSTing-Kang Chang  ed25519_key.set_key_value(test_key->private_key);
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  auto public_key = ed25519_key.mutable_public_key();
*e7b1675dSTing-Kang Chang  public_key->set_version(0);
*e7b1675dSTing-Kang Chang  public_key->set_key_value(test_key->public_key);
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  return ed25519_key;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changutil::Status ZTestUniformString(absl::string_view bytes) {
*e7b1675dSTing-Kang Chang  double expected = bytes.size() * 8.0 / 2.0;
*e7b1675dSTing-Kang Chang  double stddev = std::sqrt(static_cast<double>(bytes.size()) * 8.0 / 4.0);
*e7b1675dSTing-Kang Chang  uint64_t num_set_bits = 0;
*e7b1675dSTing-Kang Chang  for (uint8_t byte : bytes) {
*e7b1675dSTing-Kang Chang    // Counting the number of bits set in byte:
*e7b1675dSTing-Kang Chang    while (byte != 0) {
*e7b1675dSTing-Kang Chang      num_set_bits++;
*e7b1675dSTing-Kang Chang      byte = byte & (byte - 1);
*e7b1675dSTing-Kang Chang    }
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  // Check that the number of bits is within 10 stddevs.
*e7b1675dSTing-Kang Chang  if (abs(static_cast<double>(num_set_bits) - expected) < 10.0 * stddev) {
*e7b1675dSTing-Kang Chang    return util::OkStatus();
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  return util::Status(
*e7b1675dSTing-Kang Chang      absl::StatusCode::kInternal,
*e7b1675dSTing-Kang Chang      absl::StrCat("Z test for uniformly distributed variable out of bounds; "
*e7b1675dSTing-Kang Chang                   "Actual number of set bits was ",
*e7b1675dSTing-Kang Chang                   num_set_bits, " expected was ", expected,
*e7b1675dSTing-Kang Chang                   " 10 * standard deviation is 10 * ", stddev, " = ",
*e7b1675dSTing-Kang Chang                   10.0 * stddev));
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changstd::string Rotate(absl::string_view bytes) {
*e7b1675dSTing-Kang Chang  std::string result(bytes.size(), '\0');
*e7b1675dSTing-Kang Chang  for (int i = 0; i < bytes.size(); i++) {
*e7b1675dSTing-Kang Chang    result[i] = (static_cast<uint8_t>(bytes[i]) >> 1) |
*e7b1675dSTing-Kang Chang                (bytes[(i == 0 ? bytes.size() : i) - 1] << 7);
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  return result;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changutil::Status ZTestCrosscorrelationUniformStrings(absl::string_view bytes1,
*e7b1675dSTing-Kang Chang                                                 absl::string_view bytes2) {
*e7b1675dSTing-Kang Chang  if (bytes1.size() != bytes2.size()) {
*e7b1675dSTing-Kang Chang    return util::Status(absl::StatusCode::kInvalidArgument,
*e7b1675dSTing-Kang Chang                        "Strings are not of equal length");
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  std::string crossed(bytes1.size(), '\0');
*e7b1675dSTing-Kang Chang  for (int i = 0; i < bytes1.size(); i++) {
*e7b1675dSTing-Kang Chang    crossed[i] = bytes1[i] ^ bytes2[i];
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  return ZTestUniformString(crossed);
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changutil::Status ZTestAutocorrelationUniformString(absl::string_view bytes) {
*e7b1675dSTing-Kang Chang  std::string rotated(bytes);
*e7b1675dSTing-Kang Chang  std::vector<int> violations;
*e7b1675dSTing-Kang Chang  for (int i = 1; i < bytes.size() * 8; i++) {
*e7b1675dSTing-Kang Chang    rotated = Rotate(rotated);
*e7b1675dSTing-Kang Chang    auto status = ZTestCrosscorrelationUniformStrings(bytes, rotated);
*e7b1675dSTing-Kang Chang    if (!status.ok()) {
*e7b1675dSTing-Kang Chang      violations.push_back(i);
*e7b1675dSTing-Kang Chang    }
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  if (violations.empty()) {
*e7b1675dSTing-Kang Chang    return util::OkStatus();
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  return util::Status(
*e7b1675dSTing-Kang Chang      absl::StatusCode::kInternal,
*e7b1675dSTing-Kang Chang      absl::StrCat("Autocorrelation exceeded 10 standard deviation at ",
*e7b1675dSTing-Kang Chang                   violations.size(),
*e7b1675dSTing-Kang Chang                   " indices: ", absl::StrJoin(violations, ", ")));
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang}  // namespace test
*e7b1675dSTing-Kang Chang}  // namespace tink
*e7b1675dSTing-Kang Chang}  // namespace crypto