1*e7b1675dSTing-Kang Chang// Copyright 2019 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage keyset_test 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "bytes" 21*e7b1675dSTing-Kang Chang "testing" 22*e7b1675dSTing-Kang Chang 23*e7b1675dSTing-Kang Chang "google.golang.org/protobuf/proto" 24*e7b1675dSTing-Kang Chang "github.com/google/tink/go/aead" 25*e7b1675dSTing-Kang Chang "github.com/google/tink/go/keyset" 26*e7b1675dSTing-Kang Chang "github.com/google/tink/go/mac" 27*e7b1675dSTing-Kang Chang "github.com/google/tink/go/signature" 28*e7b1675dSTing-Kang Chang "github.com/google/tink/go/testkeyset" 29*e7b1675dSTing-Kang Chang "github.com/google/tink/go/testutil" 30*e7b1675dSTing-Kang Chang tinkpb "github.com/google/tink/go/proto/tink_go_proto" 31*e7b1675dSTing-Kang Chang) 32*e7b1675dSTing-Kang Chang 33*e7b1675dSTing-Kang Changfunc TestNewHandle(t *testing.T) { 34*e7b1675dSTing-Kang Chang template := mac.HMACSHA256Tag128KeyTemplate() 35*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(template) 36*e7b1675dSTing-Kang Chang if err != nil { 37*e7b1675dSTing-Kang Chang t.Errorf("keyset.NewHandle(template) = %v, want nil", err) 38*e7b1675dSTing-Kang Chang } 39*e7b1675dSTing-Kang Chang ks := testkeyset.KeysetMaterial(handle) 40*e7b1675dSTing-Kang Chang if len(ks.Key) != 1 { 41*e7b1675dSTing-Kang Chang t.Errorf("len(ks.Key) = %d, want 1", len(ks.Key)) 42*e7b1675dSTing-Kang Chang } 43*e7b1675dSTing-Kang Chang key := ks.Key[0] 44*e7b1675dSTing-Kang Chang if ks.PrimaryKeyId != key.KeyId { 45*e7b1675dSTing-Kang Chang t.Errorf("ks.PrimaryKeyId = %d, want %d", ks.PrimaryKeyId, key.KeyId) 46*e7b1675dSTing-Kang Chang } 47*e7b1675dSTing-Kang Chang if key.KeyData.TypeUrl != template.TypeUrl { 48*e7b1675dSTing-Kang Chang t.Errorf("key.KeyData.TypeUrl = %v, want %v", key.KeyData.TypeUrl, template.TypeUrl) 49*e7b1675dSTing-Kang Chang } 50*e7b1675dSTing-Kang Chang if _, err = mac.New(handle); err != nil { 51*e7b1675dSTing-Kang Chang t.Errorf("mac.New(handle) err = %v, want nil", err) 52*e7b1675dSTing-Kang Chang } 53*e7b1675dSTing-Kang Chang} 54*e7b1675dSTing-Kang Chang 55*e7b1675dSTing-Kang Changfunc TestNewHandleWithInvalidTypeURLFails(t *testing.T) { 56*e7b1675dSTing-Kang Chang // template with unknown TypeURL 57*e7b1675dSTing-Kang Chang invalidTemplate := mac.HMACSHA256Tag128KeyTemplate() 58*e7b1675dSTing-Kang Chang invalidTemplate.TypeUrl = "some unknown TypeURL" 59*e7b1675dSTing-Kang Chang if _, err := keyset.NewHandle(invalidTemplate); err == nil { 60*e7b1675dSTing-Kang Chang t.Errorf("keyset.NewHandle(invalidTemplate) err = nil, want error") 61*e7b1675dSTing-Kang Chang } 62*e7b1675dSTing-Kang Chang} 63*e7b1675dSTing-Kang Chang 64*e7b1675dSTing-Kang Changfunc TestNewHandleWithNilTemplateFails(t *testing.T) { 65*e7b1675dSTing-Kang Chang if _, err := keyset.NewHandle(nil); err == nil { 66*e7b1675dSTing-Kang Chang t.Error("keyset.NewHandle(nil) err = nil, want error") 67*e7b1675dSTing-Kang Chang } 68*e7b1675dSTing-Kang Chang} 69*e7b1675dSTing-Kang Chang 70*e7b1675dSTing-Kang Changfunc TestWriteAndReadInBinary(t *testing.T) { 71*e7b1675dSTing-Kang Chang keysetEncryptionHandle, err := keyset.NewHandle(aead.AES128GCMKeyTemplate()) 72*e7b1675dSTing-Kang Chang if err != nil { 73*e7b1675dSTing-Kang Chang t.Errorf("keyset.NewHandle(aead.AES128GCMKeyTemplate()) err = %v, want nil", err) 74*e7b1675dSTing-Kang Chang } 75*e7b1675dSTing-Kang Chang keysetEncryptionAead, err := aead.New(keysetEncryptionHandle) 76*e7b1675dSTing-Kang Chang if err != nil { 77*e7b1675dSTing-Kang Chang t.Errorf("aead.New(keysetEncryptionHandle) err = %v, want nil", err) 78*e7b1675dSTing-Kang Chang } 79*e7b1675dSTing-Kang Chang 80*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 81*e7b1675dSTing-Kang Chang if err != nil { 82*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err) 83*e7b1675dSTing-Kang Chang } 84*e7b1675dSTing-Kang Chang 85*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 86*e7b1675dSTing-Kang Chang err = handle.Write(keyset.NewBinaryWriter(buff), keysetEncryptionAead) 87*e7b1675dSTing-Kang Chang if err != nil { 88*e7b1675dSTing-Kang Chang t.Fatalf("handle.Write(keyset.NewBinaryWriter(buff), keysetEncryptionAead) err = %v, want nil", err) 89*e7b1675dSTing-Kang Chang } 90*e7b1675dSTing-Kang Chang encrypted := buff.Bytes() 91*e7b1675dSTing-Kang Chang 92*e7b1675dSTing-Kang Chang gotHandle, err := keyset.Read(keyset.NewBinaryReader(bytes.NewBuffer(encrypted)), keysetEncryptionAead) 93*e7b1675dSTing-Kang Chang if err != nil { 94*e7b1675dSTing-Kang Chang t.Fatalf("keyset.Read() err = %v, want nil", err) 95*e7b1675dSTing-Kang Chang } 96*e7b1675dSTing-Kang Chang 97*e7b1675dSTing-Kang Chang if !proto.Equal(testkeyset.KeysetMaterial(gotHandle), testkeyset.KeysetMaterial(handle)) { 98*e7b1675dSTing-Kang Chang t.Fatalf("keyset.Read() = %v, want %v", gotHandle, handle) 99*e7b1675dSTing-Kang Chang } 100*e7b1675dSTing-Kang Chang} 101*e7b1675dSTing-Kang Chang 102*e7b1675dSTing-Kang Changfunc TestWriteAndReadInJSON(t *testing.T) { 103*e7b1675dSTing-Kang Chang keysetEncryptionHandle, err := keyset.NewHandle(aead.AES128GCMKeyTemplate()) 104*e7b1675dSTing-Kang Chang if err != nil { 105*e7b1675dSTing-Kang Chang t.Errorf("keyset.NewHandle(aead.AES128GCMKeyTemplate()) err = %v, want nil", err) 106*e7b1675dSTing-Kang Chang } 107*e7b1675dSTing-Kang Chang keysetEncryptionAead, err := aead.New(keysetEncryptionHandle) 108*e7b1675dSTing-Kang Chang if err != nil { 109*e7b1675dSTing-Kang Chang t.Errorf("aead.New(keysetEncryptionHandle) err = %v, want nil", err) 110*e7b1675dSTing-Kang Chang } 111*e7b1675dSTing-Kang Chang 112*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 113*e7b1675dSTing-Kang Chang if err != nil { 114*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err) 115*e7b1675dSTing-Kang Chang } 116*e7b1675dSTing-Kang Chang 117*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 118*e7b1675dSTing-Kang Chang err = handle.Write(keyset.NewJSONWriter(buff), keysetEncryptionAead) 119*e7b1675dSTing-Kang Chang if err != nil { 120*e7b1675dSTing-Kang Chang t.Fatalf("h.Write(keyset.NewJSONWriter(buff), keysetEncryptionAead) err = %v, want nil", err) 121*e7b1675dSTing-Kang Chang } 122*e7b1675dSTing-Kang Chang encrypted := buff.Bytes() 123*e7b1675dSTing-Kang Chang 124*e7b1675dSTing-Kang Chang gotHandle, err := keyset.Read(keyset.NewJSONReader(bytes.NewBuffer(encrypted)), keysetEncryptionAead) 125*e7b1675dSTing-Kang Chang if err != nil { 126*e7b1675dSTing-Kang Chang t.Fatalf("keyset.Read() err = %v, want nil", err) 127*e7b1675dSTing-Kang Chang } 128*e7b1675dSTing-Kang Chang 129*e7b1675dSTing-Kang Chang if !proto.Equal(testkeyset.KeysetMaterial(gotHandle), testkeyset.KeysetMaterial(handle)) { 130*e7b1675dSTing-Kang Chang t.Fatalf("keyset.Read() = %v, want %v", gotHandle, handle) 131*e7b1675dSTing-Kang Chang } 132*e7b1675dSTing-Kang Chang} 133*e7b1675dSTing-Kang Chang 134*e7b1675dSTing-Kang Changfunc TestWriteAndReadWithAssociatedData(t *testing.T) { 135*e7b1675dSTing-Kang Chang keysetEncryptionHandle, err := keyset.NewHandle(aead.AES128GCMKeyTemplate()) 136*e7b1675dSTing-Kang Chang if err != nil { 137*e7b1675dSTing-Kang Chang t.Errorf("keyset.NewHandle(aead.AES128GCMKeyTemplate()) err = %v, want nil", err) 138*e7b1675dSTing-Kang Chang } 139*e7b1675dSTing-Kang Chang keysetEncryptionAead, err := aead.New(keysetEncryptionHandle) 140*e7b1675dSTing-Kang Chang if err != nil { 141*e7b1675dSTing-Kang Chang t.Errorf("aead.New(keysetEncryptionHandle) err = %v, want nil", err) 142*e7b1675dSTing-Kang Chang } 143*e7b1675dSTing-Kang Chang 144*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 145*e7b1675dSTing-Kang Chang if err != nil { 146*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err) 147*e7b1675dSTing-Kang Chang } 148*e7b1675dSTing-Kang Chang associatedData := []byte{0x01, 0x02} 149*e7b1675dSTing-Kang Chang 150*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 151*e7b1675dSTing-Kang Chang err = handle.WriteWithAssociatedData(keyset.NewBinaryWriter(buff), keysetEncryptionAead, associatedData) 152*e7b1675dSTing-Kang Chang if err != nil { 153*e7b1675dSTing-Kang Chang t.Fatalf("handle.WriteWithAssociatedData() err = %v, want nil", err) 154*e7b1675dSTing-Kang Chang } 155*e7b1675dSTing-Kang Chang encrypted := buff.Bytes() 156*e7b1675dSTing-Kang Chang 157*e7b1675dSTing-Kang Chang handle2, err := keyset.ReadWithAssociatedData(keyset.NewBinaryReader(bytes.NewBuffer(encrypted)), keysetEncryptionAead, associatedData) 158*e7b1675dSTing-Kang Chang if err != nil { 159*e7b1675dSTing-Kang Chang t.Fatalf("keyset.ReadWithAssociatedData() err = %v, want nil", err) 160*e7b1675dSTing-Kang Chang } 161*e7b1675dSTing-Kang Chang 162*e7b1675dSTing-Kang Chang if !proto.Equal(testkeyset.KeysetMaterial(handle), testkeyset.KeysetMaterial(handle2)) { 163*e7b1675dSTing-Kang Chang t.Errorf("keyset.ReadWithAssociatedData() = %v, want %v", handle2, handle) 164*e7b1675dSTing-Kang Chang } 165*e7b1675dSTing-Kang Chang} 166*e7b1675dSTing-Kang Chang 167*e7b1675dSTing-Kang Changfunc TestReadWithMismatchedAssociatedData(t *testing.T) { 168*e7b1675dSTing-Kang Chang keysetEncryptionHandle, err := keyset.NewHandle(aead.AES128GCMKeyTemplate()) 169*e7b1675dSTing-Kang Chang if err != nil { 170*e7b1675dSTing-Kang Chang t.Errorf("keyset.NewHandle(aead.AES128GCMKeyTemplate()) err = %v, want nil", err) 171*e7b1675dSTing-Kang Chang } 172*e7b1675dSTing-Kang Chang keysetEncryptionAead, err := aead.New(keysetEncryptionHandle) 173*e7b1675dSTing-Kang Chang if err != nil { 174*e7b1675dSTing-Kang Chang t.Errorf("aead.New(keysetEncryptionHandle) err = %v, want nil", err) 175*e7b1675dSTing-Kang Chang } 176*e7b1675dSTing-Kang Chang 177*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 178*e7b1675dSTing-Kang Chang if err != nil { 179*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) err = %v, want nil", err) 180*e7b1675dSTing-Kang Chang } 181*e7b1675dSTing-Kang Chang associatedData := []byte{0x01, 0x02} 182*e7b1675dSTing-Kang Chang 183*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 184*e7b1675dSTing-Kang Chang err = handle.WriteWithAssociatedData(keyset.NewBinaryWriter(buff), keysetEncryptionAead, associatedData) 185*e7b1675dSTing-Kang Chang if err != nil { 186*e7b1675dSTing-Kang Chang t.Fatalf("handle.WriteWithAssociatedData() err = %v, want nil", err) 187*e7b1675dSTing-Kang Chang } 188*e7b1675dSTing-Kang Chang encrypted := buff.Bytes() 189*e7b1675dSTing-Kang Chang 190*e7b1675dSTing-Kang Chang invalidAssociatedData := []byte{0x01, 0x03} 191*e7b1675dSTing-Kang Chang _, err = keyset.ReadWithAssociatedData(keyset.NewBinaryReader(bytes.NewBuffer(encrypted)), keysetEncryptionAead, invalidAssociatedData) 192*e7b1675dSTing-Kang Chang if err == nil { 193*e7b1675dSTing-Kang Chang t.Errorf("keyset.ReadWithAssociatedData() err = nil, want err") 194*e7b1675dSTing-Kang Chang } 195*e7b1675dSTing-Kang Chang} 196*e7b1675dSTing-Kang Chang 197*e7b1675dSTing-Kang Changfunc TestWriteAndReadWithNoSecrets(t *testing.T) { 198*e7b1675dSTing-Kang Chang // Create a keyset that contains a public key. 199*e7b1675dSTing-Kang Chang privateHandle, err := keyset.NewHandle(signature.ECDSAP256KeyTemplate()) 200*e7b1675dSTing-Kang Chang if err != nil { 201*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(signature.ECDSAP256KeyTemplate()) err = %v, want nil", err) 202*e7b1675dSTing-Kang Chang } 203*e7b1675dSTing-Kang Chang handle, err := privateHandle.Public() 204*e7b1675dSTing-Kang Chang if err != nil { 205*e7b1675dSTing-Kang Chang t.Fatalf("privateHandle.Public() err = %v, want nil", err) 206*e7b1675dSTing-Kang Chang } 207*e7b1675dSTing-Kang Chang 208*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 209*e7b1675dSTing-Kang Chang err = handle.WriteWithNoSecrets(keyset.NewBinaryWriter(buff)) 210*e7b1675dSTing-Kang Chang if err != nil { 211*e7b1675dSTing-Kang Chang t.Fatalf("handle.WriteWithAssociatedData(keyset.NewBinaryWriter(buff), masterKey, associatedData) err = %v, want nil", err) 212*e7b1675dSTing-Kang Chang } 213*e7b1675dSTing-Kang Chang serialized := buff.Bytes() 214*e7b1675dSTing-Kang Chang 215*e7b1675dSTing-Kang Chang handle2, err := keyset.ReadWithNoSecrets(keyset.NewBinaryReader(bytes.NewBuffer(serialized))) 216*e7b1675dSTing-Kang Chang if err != nil { 217*e7b1675dSTing-Kang Chang t.Fatalf("keyset.ReadWithNoSecrets() err = %v, want nil", err) 218*e7b1675dSTing-Kang Chang } 219*e7b1675dSTing-Kang Chang 220*e7b1675dSTing-Kang Chang if !proto.Equal(testkeyset.KeysetMaterial(handle), testkeyset.KeysetMaterial(handle2)) { 221*e7b1675dSTing-Kang Chang t.Fatalf("keyset.ReadWithNoSecrets() = %v, want %v", handle2, handle) 222*e7b1675dSTing-Kang Chang } 223*e7b1675dSTing-Kang Chang} 224*e7b1675dSTing-Kang Chang 225*e7b1675dSTing-Kang Changfunc TestWriteWithNoSecretsFailsWithSymmetricSecretKey(t *testing.T) { 226*e7b1675dSTing-Kang Chang // Create a keyset that contains a symmetric secret key. 227*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 228*e7b1675dSTing-Kang Chang if err != nil { 229*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(aead.AES256GCMKeyTemplate()) err = %v, want nil", err) 230*e7b1675dSTing-Kang Chang } 231*e7b1675dSTing-Kang Chang 232*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 233*e7b1675dSTing-Kang Chang err = handle.WriteWithNoSecrets(keyset.NewBinaryWriter(buff)) 234*e7b1675dSTing-Kang Chang if err == nil { 235*e7b1675dSTing-Kang Chang t.Error("handle.WriteWithNoSecrets() = nil, want error") 236*e7b1675dSTing-Kang Chang } 237*e7b1675dSTing-Kang Chang} 238*e7b1675dSTing-Kang Chang 239*e7b1675dSTing-Kang Changfunc TestReadWithNoSecretsFailsWithSymmetricSecretKey(t *testing.T) { 240*e7b1675dSTing-Kang Chang // Create a keyset that contains a symmetric secret key. 241*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(mac.HMACSHA256Tag128KeyTemplate()) 242*e7b1675dSTing-Kang Chang if err != nil { 243*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(aead.AES256GCMKeyTemplate()) err = %v, want nil", err) 244*e7b1675dSTing-Kang Chang } 245*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 246*e7b1675dSTing-Kang Chang err = testkeyset.Write(handle, keyset.NewBinaryWriter(buff)) 247*e7b1675dSTing-Kang Chang if err != nil { 248*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)) err = %v, want nil", err) 249*e7b1675dSTing-Kang Chang } 250*e7b1675dSTing-Kang Chang serialized := buff.Bytes() 251*e7b1675dSTing-Kang Chang 252*e7b1675dSTing-Kang Chang _, err = keyset.ReadWithNoSecrets(keyset.NewBinaryReader(bytes.NewBuffer(serialized))) 253*e7b1675dSTing-Kang Chang if err == nil { 254*e7b1675dSTing-Kang Chang t.Error("keyset.ReadWithNoSecrets() = nil, want error") 255*e7b1675dSTing-Kang Chang } 256*e7b1675dSTing-Kang Chang} 257*e7b1675dSTing-Kang Chang 258*e7b1675dSTing-Kang Changfunc TestWriteWithNoSecretsFailsWithPrivateKey(t *testing.T) { 259*e7b1675dSTing-Kang Chang // Create a keyset that contains a private key. 260*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(signature.ECDSAP256KeyTemplate()) 261*e7b1675dSTing-Kang Chang if err != nil { 262*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(signature.ECDSAP256KeyTemplate()) err = %v, want nil", err) 263*e7b1675dSTing-Kang Chang } 264*e7b1675dSTing-Kang Chang 265*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 266*e7b1675dSTing-Kang Chang if err := handle.WriteWithNoSecrets(keyset.NewBinaryWriter(buff)); err == nil { 267*e7b1675dSTing-Kang Chang t.Error("handle.WriteWithNoSecrets() = nil, want error") 268*e7b1675dSTing-Kang Chang } 269*e7b1675dSTing-Kang Chang} 270*e7b1675dSTing-Kang Chang 271*e7b1675dSTing-Kang Changfunc TestReadWithNoSecretsFailsWithPrivateKey(t *testing.T) { 272*e7b1675dSTing-Kang Chang // Create a keyset that contains a private key. 273*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(signature.ECDSAP256KeyTemplate()) 274*e7b1675dSTing-Kang Chang if err != nil { 275*e7b1675dSTing-Kang Chang t.Fatalf("keyset.NewHandle(signature.ECDSAP256KeyTemplate()) err = %v, want nil", err) 276*e7b1675dSTing-Kang Chang } 277*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 278*e7b1675dSTing-Kang Chang err = testkeyset.Write(handle, keyset.NewBinaryWriter(buff)) 279*e7b1675dSTing-Kang Chang if err != nil { 280*e7b1675dSTing-Kang Chang t.Fatalf("insecurecleartextkeyset.Write(handle, keyset.NewBinaryWriter(buff)) err = %v, want nil", err) 281*e7b1675dSTing-Kang Chang } 282*e7b1675dSTing-Kang Chang serialized := buff.Bytes() 283*e7b1675dSTing-Kang Chang 284*e7b1675dSTing-Kang Chang _, err = keyset.ReadWithNoSecrets(keyset.NewBinaryReader(bytes.NewBuffer(serialized))) 285*e7b1675dSTing-Kang Chang if err == nil { 286*e7b1675dSTing-Kang Chang t.Error("keyset.ReadWithNoSecrets() = nil, want error") 287*e7b1675dSTing-Kang Chang } 288*e7b1675dSTing-Kang Chang} 289*e7b1675dSTing-Kang Chang 290*e7b1675dSTing-Kang Changfunc TestWriteAndReadWithNoSecretsFailsWithUnknownKeyMaterial(t *testing.T) { 291*e7b1675dSTing-Kang Chang // Create a keyset that contains unknown key material. 292*e7b1675dSTing-Kang Chang keyData := testutil.NewKeyData("some type url", []byte{0}, tinkpb.KeyData_UNKNOWN_KEYMATERIAL) 293*e7b1675dSTing-Kang Chang key := testutil.NewKey(keyData, tinkpb.KeyStatusType_ENABLED, 1, tinkpb.OutputPrefixType_TINK) 294*e7b1675dSTing-Kang Chang ks := testutil.NewKeyset(1, []*tinkpb.Keyset_Key{key}) 295*e7b1675dSTing-Kang Chang handle, err := testkeyset.NewHandle(ks) 296*e7b1675dSTing-Kang Chang if err != nil { 297*e7b1675dSTing-Kang Chang t.Fatal(err) 298*e7b1675dSTing-Kang Chang } 299*e7b1675dSTing-Kang Chang serialized, err := proto.Marshal(ks) 300*e7b1675dSTing-Kang Chang if err != nil { 301*e7b1675dSTing-Kang Chang t.Fatal(err) 302*e7b1675dSTing-Kang Chang } 303*e7b1675dSTing-Kang Chang 304*e7b1675dSTing-Kang Chang buff := &bytes.Buffer{} 305*e7b1675dSTing-Kang Chang err = handle.WriteWithNoSecrets(keyset.NewBinaryWriter(buff)) 306*e7b1675dSTing-Kang Chang if err == nil { 307*e7b1675dSTing-Kang Chang t.Error("handle.WriteWithNoSecrets() = nil, want error") 308*e7b1675dSTing-Kang Chang } 309*e7b1675dSTing-Kang Chang 310*e7b1675dSTing-Kang Chang _, err = keyset.ReadWithNoSecrets(keyset.NewBinaryReader(bytes.NewBuffer(serialized))) 311*e7b1675dSTing-Kang Chang if err == nil { 312*e7b1675dSTing-Kang Chang t.Error("handle.ReadWithNoSecrets() = nil, want error") 313*e7b1675dSTing-Kang Chang } 314*e7b1675dSTing-Kang Chang} 315*e7b1675dSTing-Kang Chang 316*e7b1675dSTing-Kang Changfunc TestKeysetInfo(t *testing.T) { 317*e7b1675dSTing-Kang Chang kt := mac.HMACSHA256Tag128KeyTemplate() 318*e7b1675dSTing-Kang Chang kh, err := keyset.NewHandle(kt) 319*e7b1675dSTing-Kang Chang if err != nil { 320*e7b1675dSTing-Kang Chang t.Errorf("unexpected error: %s", err) 321*e7b1675dSTing-Kang Chang } 322*e7b1675dSTing-Kang Chang info := kh.KeysetInfo() 323*e7b1675dSTing-Kang Chang if info.PrimaryKeyId != info.KeyInfo[0].KeyId { 324*e7b1675dSTing-Kang Chang t.Errorf("Expected primary key id: %d, but got: %d", info.KeyInfo[0].KeyId, info.PrimaryKeyId) 325*e7b1675dSTing-Kang Chang } 326*e7b1675dSTing-Kang Chang} 327