1*e7b1675dSTing-Kang Chang// Copyright 2019 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage insecurecleartextkeyset_test 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "bytes" 21*e7b1675dSTing-Kang Chang "testing" 22*e7b1675dSTing-Kang Chang 23*e7b1675dSTing-Kang Chang "github.com/google/go-cmp/cmp" 24*e7b1675dSTing-Kang Chang "google.golang.org/protobuf/proto" 25*e7b1675dSTing-Kang Chang "google.golang.org/protobuf/testing/protocmp" 26*e7b1675dSTing-Kang Chang "github.com/google/tink/go/aead" 27*e7b1675dSTing-Kang Chang "github.com/google/tink/go/hybrid" 28*e7b1675dSTing-Kang Chang "github.com/google/tink/go/insecurecleartextkeyset" 29*e7b1675dSTing-Kang Chang "github.com/google/tink/go/internal/internalregistry" 30*e7b1675dSTing-Kang Chang "github.com/google/tink/go/keyset" 31*e7b1675dSTing-Kang Chang "github.com/google/tink/go/mac" 32*e7b1675dSTing-Kang Chang "github.com/google/tink/go/testing/fakemonitoring" 33*e7b1675dSTing-Kang Chang 34*e7b1675dSTing-Kang Chang tinkpb "github.com/google/tink/go/proto/tink_go_proto" 35*e7b1675dSTing-Kang Chang) 36*e7b1675dSTing-Kang Chang 37*e7b1675dSTing-Kang Chang// A KeysetReader that always returns nil. 38*e7b1675dSTing-Kang Changtype NilKeysetReader struct { 39*e7b1675dSTing-Kang Chang} 40*e7b1675dSTing-Kang Chang 41*e7b1675dSTing-Kang Changfunc (m *NilKeysetReader) Read() (*tinkpb.Keyset, error) { 42*e7b1675dSTing-Kang Chang return nil, nil 43*e7b1675dSTing-Kang Chang} 44*e7b1675dSTing-Kang Chang 45*e7b1675dSTing-Kang Changfunc (m *NilKeysetReader) ReadEncrypted() (*tinkpb.EncryptedKeyset, error) { 46*e7b1675dSTing-Kang Chang return nil, nil 47*e7b1675dSTing-Kang Chang} 48*e7b1675dSTing-Kang Chang 49*e7b1675dSTing-Kang Changfunc TestReadWithNilKeysetFails(t *testing.T) { 50*e7b1675dSTing-Kang Chang if _, err := insecurecleartextkeyset.Read(&NilKeysetReader{}); err == nil { 51*e7b1675dSTing-Kang Chang t.Error("insecurecleartextkeyset.Read(&NilKeysetReader{}) err = nil, want error") 52*e7b1675dSTing-Kang Chang } 53*e7b1675dSTing-Kang Chang} 54*e7b1675dSTing-Kang Chang 55*e7b1675dSTing-Kang Changfunc TestReadWithNilReaderFails(t *testing.T) { 56*e7b1675dSTing-Kang Chang if _, err := insecurecleartextkeyset.Read(nil); err == nil { 57*e7b1675dSTing-Kang Chang t.Error("insecurecleartextkeyset.Read(nil) err = nil, want error") 58*e7b1675dSTing-Kang Chang } 59*e7b1675dSTing-Kang Chang} 60*e7b1675dSTing-Kang Chang 61*e7b1675dSTing-Kang Changfunc TestWriteWithNilHandleFails(t *testing.T) { 62*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 63*e7b1675dSTing-Kang Chang if err := insecurecleartextkeyset.Write(nil, keyset.NewBinaryWriter(buff)); err == nil { 64*e7b1675dSTing-Kang Chang t.Error("insecurecleartextkeyset.Write(nil, _) err = nil, want error") 65*e7b1675dSTing-Kang Chang } 66*e7b1675dSTing-Kang Chang} 67*e7b1675dSTing-Kang Chang 68*e7b1675dSTing-Kang Changfunc TestWriteWithNilWriterFails(t *testing.T) { 69*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 70*e7b1675dSTing-Kang Chang if err != nil { 71*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(aead.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err) 72*e7b1675dSTing-Kang Chang } 73*e7b1675dSTing-Kang Chang if err := insecurecleartextkeyset.Write(handle, nil); err == nil { 74*e7b1675dSTing-Kang Chang t.Error("insecurecleartextkeyset.Write(_, nil) err = nil, want error") 75*e7b1675dSTing-Kang Chang } 76*e7b1675dSTing-Kang Chang} 77*e7b1675dSTing-Kang Chang 78*e7b1675dSTing-Kang Changfunc TestWriteAndReadInBinary(t *testing.T) { 79*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 80*e7b1675dSTing-Kang Chang if err != nil { 81*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err) 82*e7b1675dSTing-Kang Chang } 83*e7b1675dSTing-Kang Chang 84*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 85*e7b1675dSTing-Kang Chang err = insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)) 86*e7b1675dSTing-Kang Chang if err != nil { 87*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Write() err = %v, want nil", err) 88*e7b1675dSTing-Kang Chang } 89*e7b1675dSTing-Kang Chang serialized := buff.Bytes() 90*e7b1675dSTing-Kang Chang 91*e7b1675dSTing-Kang Chang parsedHandle, err := insecurecleartextkeyset.Read(keyset.NewBinaryReader(bytes.NewBuffer(serialized))) 92*e7b1675dSTing-Kang Chang if err != nil { 93*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Read() err = %v, want nil", err) 94*e7b1675dSTing-Kang Chang } 95*e7b1675dSTing-Kang Chang 96*e7b1675dSTing-Kang Chang want := insecurecleartextkeyset.KeysetMaterial(handle) 97*e7b1675dSTing-Kang Chang got := insecurecleartextkeyset.KeysetMaterial(parsedHandle) 98*e7b1675dSTing-Kang Chang if !proto.Equal(got, want) { 99*e7b1675dSTing-Kang Chang t.Errorf("KeysetMaterial(Read()) = %q, want %q", got, want) 100*e7b1675dSTing-Kang Chang } 101*e7b1675dSTing-Kang Chang} 102*e7b1675dSTing-Kang Chang 103*e7b1675dSTing-Kang Changfunc TestWriteAndReadInJson(t *testing.T) { 104*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 105*e7b1675dSTing-Kang Chang if err != nil { 106*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err) 107*e7b1675dSTing-Kang Chang } 108*e7b1675dSTing-Kang Chang 109*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 110*e7b1675dSTing-Kang Chang err = insecurecleartextkeyset.Write(handle, keyset.NewJSONWriter(buff)) 111*e7b1675dSTing-Kang Chang if err != nil { 112*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Write() err = %v, want nil", err) 113*e7b1675dSTing-Kang Chang } 114*e7b1675dSTing-Kang Chang serialized := buff.Bytes() 115*e7b1675dSTing-Kang Chang 116*e7b1675dSTing-Kang Chang parsedHandle, err := insecurecleartextkeyset.Read(keyset.NewJSONReader(bytes.NewBuffer(serialized))) 117*e7b1675dSTing-Kang Chang if err != nil { 118*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Read() err = %v, want nil", err) 119*e7b1675dSTing-Kang Chang } 120*e7b1675dSTing-Kang Chang 121*e7b1675dSTing-Kang Chang want := insecurecleartextkeyset.KeysetMaterial(handle) 122*e7b1675dSTing-Kang Chang got := insecurecleartextkeyset.KeysetMaterial(parsedHandle) 123*e7b1675dSTing-Kang Chang if !proto.Equal(got, want) { 124*e7b1675dSTing-Kang Chang t.Errorf("KeysetMaterial(Read()) = %q, want %q", got, want) 125*e7b1675dSTing-Kang Chang } 126*e7b1675dSTing-Kang Chang} 127*e7b1675dSTing-Kang Chang 128*e7b1675dSTing-Kang Changfunc TestLegacyKeysetHandle(t *testing.T) { 129*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(hybrid.DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Key_Template()) 130*e7b1675dSTing-Kang Chang if err != nil { 131*e7b1675dSTing-Kang Chang t.Fatalf(" keyset.NewHandle(hybrid.DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Key_Template()) err = %v, want nil", err) 132*e7b1675dSTing-Kang Chang } 133*e7b1675dSTing-Kang Chang ks := insecurecleartextkeyset.KeysetMaterial(handle) 134*e7b1675dSTing-Kang Chang gotHandle1 := insecurecleartextkeyset.KeysetHandle(ks) 135*e7b1675dSTing-Kang Chang if !cmp.Equal(gotHandle1.KeysetInfo(), handle.KeysetInfo(), protocmp.Transform()) { 136*e7b1675dSTing-Kang Chang t.Errorf("gotHandle1.KeysetInfo() = %v, want %v", gotHandle1.KeysetInfo(), handle.KeysetInfo()) 137*e7b1675dSTing-Kang Chang } 138*e7b1675dSTing-Kang Chang serializedKeyset, err := proto.Marshal(ks) 139*e7b1675dSTing-Kang Chang if err != nil { 140*e7b1675dSTing-Kang Chang t.Fatalf("proto.Marshal() err = %v, want nil", err) 141*e7b1675dSTing-Kang Chang } 142*e7b1675dSTing-Kang Chang gotHandle2, err := insecurecleartextkeyset.Read(keyset.NewBinaryReader(bytes.NewBuffer(serializedKeyset))) 143*e7b1675dSTing-Kang Chang if err != nil { 144*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Read() err = %v, want nil", err) 145*e7b1675dSTing-Kang Chang } 146*e7b1675dSTing-Kang Chang if !cmp.Equal(gotHandle2.KeysetInfo(), handle.KeysetInfo(), protocmp.Transform()) { 147*e7b1675dSTing-Kang Chang t.Errorf("gotHandle2.KeysetInfo() = %v, want %v", gotHandle2.KeysetInfo(), handle.KeysetInfo()) 148*e7b1675dSTing-Kang Chang } 149*e7b1675dSTing-Kang Chang} 150*e7b1675dSTing-Kang Chang 151*e7b1675dSTing-Kang Changfunc TestHandleFromReaderWithAnnotationsGetsMonitored(t *testing.T) { 152*e7b1675dSTing-Kang Chang defer internalregistry.ClearMonitoringClient() 153*e7b1675dSTing-Kang Chang client := &fakemonitoring.Client{} 154*e7b1675dSTing-Kang Chang if err := internalregistry.RegisterMonitoringClient(client); err != nil { 155*e7b1675dSTing-Kang Chang t.Fatalf("internalregistry.RegisterMonitoringClient() err = %v, want nil", err) 156*e7b1675dSTing-Kang Chang } 157*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(aead.AES256GCMKeyTemplate()) 158*e7b1675dSTing-Kang Chang if err != nil { 159*e7b1675dSTing-Kang Chang t.Fatalf(" keyset.NewHandle(aead.AES256GCMKeyTemplate()) err = %v, want nil", err) 160*e7b1675dSTing-Kang Chang } 161*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 162*e7b1675dSTing-Kang Chang if err := insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)); err != nil { 163*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Write() err = %v, want nil", err) 164*e7b1675dSTing-Kang Chang } 165*e7b1675dSTing-Kang Chang wantAnnotations := map[string]string{"foo": "bar"} 166*e7b1675dSTing-Kang Chang annotatedHandle, err := insecurecleartextkeyset.Read(keyset.NewBinaryReader(buff), keyset.WithAnnotations(wantAnnotations)) 167*e7b1675dSTing-Kang Chang if err != nil { 168*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Read() err = %v, want nil", err) 169*e7b1675dSTing-Kang Chang } 170*e7b1675dSTing-Kang Chang p, err := aead.New(annotatedHandle) 171*e7b1675dSTing-Kang Chang if err != nil { 172*e7b1675dSTing-Kang Chang t.Fatalf("aead.New() err = %v, want nil", err) 173*e7b1675dSTing-Kang Chang } 174*e7b1675dSTing-Kang Chang if _, err := p.Encrypt([]byte("some_data"), nil); err != nil { 175*e7b1675dSTing-Kang Chang t.Fatalf("Encrypt() err = %v, want nil", err) 176*e7b1675dSTing-Kang Chang } 177*e7b1675dSTing-Kang Chang events := client.Events() 178*e7b1675dSTing-Kang Chang gotAnnotations := events[0].Context.KeysetInfo.Annotations 179*e7b1675dSTing-Kang Chang if !cmp.Equal(gotAnnotations, wantAnnotations) { 180*e7b1675dSTing-Kang Chang t.Errorf("Annotations = %v, want %v", gotAnnotations, wantAnnotations) 181*e7b1675dSTing-Kang Chang } 182*e7b1675dSTing-Kang Chang} 183*e7b1675dSTing-Kang Chang 184*e7b1675dSTing-Kang Changfunc TestHandleFromReaderWithAnnotationsTwiceFails(t *testing.T) { 185*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 186*e7b1675dSTing-Kang Chang if err != nil { 187*e7b1675dSTing-Kang Chang t.Fatalf(" keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err) 188*e7b1675dSTing-Kang Chang } 189*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 190*e7b1675dSTing-Kang Chang if err := insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)); err != nil { 191*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Write() err = %v, want nil", err) 192*e7b1675dSTing-Kang Chang } 193*e7b1675dSTing-Kang Chang annotations := map[string]string{"foo": "bar"} 194*e7b1675dSTing-Kang Chang if _, err := insecurecleartextkeyset.Read( 195*e7b1675dSTing-Kang Chang keyset.NewBinaryReader(buff), 196*e7b1675dSTing-Kang Chang keyset.WithAnnotations(annotations), 197*e7b1675dSTing-Kang Chang keyset.WithAnnotations(annotations)); err == nil { 198*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Read() err = nil, want error") 199*e7b1675dSTing-Kang Chang } 200*e7b1675dSTing-Kang Chang} 201*e7b1675dSTing-Kang Chang 202*e7b1675dSTing-Kang Changfunc TestHandleFromReaderWithoutAnnotationsDoesNotGetMonitored(t *testing.T) { 203*e7b1675dSTing-Kang Chang defer internalregistry.ClearMonitoringClient() 204*e7b1675dSTing-Kang Chang client := &fakemonitoring.Client{} 205*e7b1675dSTing-Kang Chang if err := internalregistry.RegisterMonitoringClient(client); err != nil { 206*e7b1675dSTing-Kang Chang t.Fatalf("internalregistry.RegisterMonitoringClient() err = %v, want nil", err) 207*e7b1675dSTing-Kang Chang } 208*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(aead.AES256GCMKeyTemplate()) 209*e7b1675dSTing-Kang Chang if err != nil { 210*e7b1675dSTing-Kang Chang t.Fatalf(" keyset.NewHandle(aead.AES256GCMKeyTemplate()) err = %v, want nil", err) 211*e7b1675dSTing-Kang Chang } 212*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 213*e7b1675dSTing-Kang Chang if err := insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)); err != nil { 214*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Write() err = %v, want nil", err) 215*e7b1675dSTing-Kang Chang } 216*e7b1675dSTing-Kang Chang unannotatedHandle, err := insecurecleartextkeyset.Read(keyset.NewBinaryReader(buff)) 217*e7b1675dSTing-Kang Chang if err != nil { 218*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Read() err = %v, want nil", err) 219*e7b1675dSTing-Kang Chang } 220*e7b1675dSTing-Kang Chang p, err := aead.New(unannotatedHandle) 221*e7b1675dSTing-Kang Chang if err != nil { 222*e7b1675dSTing-Kang Chang t.Fatalf("aead.New() err = %v, want nil", err) 223*e7b1675dSTing-Kang Chang } 224*e7b1675dSTing-Kang Chang if _, err := p.Encrypt([]byte("some_data"), nil); err != nil { 225*e7b1675dSTing-Kang Chang t.Fatalf("Encrypt() err = %v, want nil", err) 226*e7b1675dSTing-Kang Chang } 227*e7b1675dSTing-Kang Chang if len(client.Events()) != 0 { 228*e7b1675dSTing-Kang Chang t.Errorf("len(client.Events()) = %d, want 0", len(client.Events())) 229*e7b1675dSTing-Kang Chang } 230*e7b1675dSTing-Kang Chang} 231