xref: /aosp_15_r20/external/tink/go/keyderivation/keyset_deriver_factory_test.go (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2022 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17package keyderivation
18
19import (
20	"strings"
21	"testing"
22
23	"github.com/google/tink/go/aead"
24	"github.com/google/tink/go/core/cryptofmt"
25	"github.com/google/tink/go/core/primitiveset"
26	"github.com/google/tink/go/keyset"
27	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
28)
29
30// invalidDeriver returns two keys, but wrappedKeysetDeriver accepts only one.
31type invalidDeriver struct{}
32
33var _ KeysetDeriver = (*invalidDeriver)(nil)
34
35func (i *invalidDeriver) DeriveKeyset(salt []byte) (*keyset.Handle, error) {
36	manager := keyset.NewManager()
37	keyID, err := manager.Add(aead.AES128GCMKeyTemplate())
38	if err != nil {
39		return nil, err
40	}
41	manager.SetPrimary(keyID)
42	if _, err = manager.Add(aead.AES256GCMKeyTemplate()); err != nil {
43		return nil, err
44	}
45	return manager.Handle()
46}
47
48func TestDeriveKeysetWithInvalidPrimitiveImplementationFails(t *testing.T) {
49	entry := &primitiveset.Entry{
50		KeyID:     119,
51		Primitive: &invalidDeriver{},
52		Prefix:    cryptofmt.RawPrefix,
53		Status:    tinkpb.KeyStatusType_ENABLED,
54		TypeURL:   "type.googleapis.com/google.crypto.tink.PrfBasedDeriverKey",
55	}
56	ps := &primitiveset.PrimitiveSet{
57		Primary: entry,
58		Entries: map[string][]*primitiveset.Entry{
59			cryptofmt.RawPrefix: []*primitiveset.Entry{entry},
60		},
61		EntriesInKeysetOrder: []*primitiveset.Entry{entry},
62	}
63	wrappedDeriver, err := newWrappedKeysetDeriver(ps)
64	if err != nil {
65		t.Fatalf("newWrappedKeysetDeriver() err = %v, want nil", err)
66	}
67	_, err = wrappedDeriver.DeriveKeyset([]byte("salt"))
68	if err == nil {
69		t.Fatal("DeriveKeyset() err = nil, want non-nil")
70	}
71	if !strings.Contains(err.Error(), "exactly one key") {
72		t.Errorf("DeriveKeyset() err = %q, doesn't contain %q", err, "exactly one key")
73	}
74}
75
76func TestNewWrappedKeysetDeriverWrongPrimitiveFails(t *testing.T) {
77	handle, err := keyset.NewHandle(aead.AES128GCMKeyTemplate())
78	if err != nil {
79		t.Fatalf("keyset.NewHandle() err = %v, want nil", err)
80	}
81	ps, err := handle.Primitives()
82	if err != nil {
83		t.Fatalf("handle.Primitives() err = %v, want nil", err)
84	}
85	if _, err := newWrappedKeysetDeriver(ps); err == nil {
86		t.Errorf("newWrappedKeysetDeriver() err = nil, want non-nil")
87	}
88}
89