1 // Copyright 2020 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16
17 #include "signature_impl.h"
18
19 #include <memory>
20 #include <ostream>
21 #include <sstream>
22 #include <string>
23
24 #include "gmock/gmock.h"
25 #include "gtest/gtest.h"
26 #include "tink/binary_keyset_writer.h"
27 #include "tink/cleartext_keyset_handle.h"
28 #include "tink/signature/signature_config.h"
29 #include "tink/signature/signature_key_templates.h"
30
31 namespace crypto {
32 namespace tink {
33 namespace {
34
35 using ::crypto::tink::BinaryKeysetWriter;
36 using ::crypto::tink::CleartextKeysetHandle;
37 using ::crypto::tink::SignatureKeyTemplates;
38
39 using ::testing::IsEmpty;
40 using ::tink_testing_api::CreationRequest;
41 using ::tink_testing_api::CreationResponse;
42 using ::tink_testing_api::SignatureSignRequest;
43 using ::tink_testing_api::SignatureSignResponse;
44 using ::tink_testing_api::SignatureVerifyRequest;
45 using ::tink_testing_api::SignatureVerifyResponse;
46
47 using crypto::tink::KeysetHandle;
48 using google::crypto::tink::KeyTemplate;
49
KeysetBytes(const KeysetHandle & keyset_handle)50 std::string KeysetBytes(const KeysetHandle& keyset_handle) {
51 std::stringbuf keyset;
52 auto writer_result =
53 BinaryKeysetWriter::New(absl::make_unique<std::ostream>(&keyset));
54 EXPECT_TRUE(writer_result.ok());
55 auto status =
56 CleartextKeysetHandle::Write(writer_result.value().get(), keyset_handle);
57 EXPECT_TRUE(status.ok());
58 return keyset.str();
59 }
60
61 class SignatureImplTest : public ::testing::Test {
62 protected:
SetUpTestSuite()63 static void SetUpTestSuite() {
64 ASSERT_TRUE(SignatureConfig::Register().ok());
65 }
66 };
67
TEST_F(SignatureImplTest,CreatePublicKeySignSuccess)68 TEST_F(SignatureImplTest, CreatePublicKeySignSuccess) {
69 tink_testing_api::SignatureImpl signature;
70 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP256();
71 ::crypto::tink::util::StatusOr<std::unique_ptr<KeysetHandle>>
72 private_keyset_handle = KeysetHandle::GenerateNew(key_template);
73 ASSERT_TRUE(private_keyset_handle.status().ok())
74 << private_keyset_handle.status();
75
76 CreationRequest request;
77 request.mutable_annotated_keyset()->set_serialized_keyset(
78 KeysetBytes(**private_keyset_handle));
79 CreationResponse response;
80
81 EXPECT_TRUE(signature.CreatePublicKeySign(nullptr, &request, &response).ok());
82 EXPECT_THAT(response.err(), IsEmpty());
83 }
84
TEST_F(SignatureImplTest,CreatePublicKeySignFailure)85 TEST_F(SignatureImplTest, CreatePublicKeySignFailure) {
86 tink_testing_api::SignatureImpl signature;
87
88 CreationRequest request;
89 request.mutable_annotated_keyset()->set_serialized_keyset("\x80");
90 CreationResponse response;
91
92 EXPECT_TRUE(signature.CreatePublicKeySign(nullptr, &request, &response).ok());
93 EXPECT_THAT(response.err(), Not(IsEmpty()));
94 }
95
TEST_F(SignatureImplTest,CreatePublicKeyVerifySuccess)96 TEST_F(SignatureImplTest, CreatePublicKeyVerifySuccess) {
97 tink_testing_api::SignatureImpl signature;
98 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP256();
99 ::crypto::tink::util::StatusOr<std::unique_ptr<KeysetHandle>>
100 private_keyset_handle = KeysetHandle::GenerateNew(key_template);
101 ASSERT_TRUE(private_keyset_handle.status().ok())
102 << private_keyset_handle.status();
103 ::crypto::tink::util::StatusOr<std::unique_ptr<KeysetHandle>>
104 public_keyset_handle = (*private_keyset_handle)->GetPublicKeysetHandle();
105 ASSERT_TRUE(public_keyset_handle.status().ok())
106 << public_keyset_handle.status();
107
108 CreationRequest request;
109 request.mutable_annotated_keyset()->set_serialized_keyset(
110 KeysetBytes(**public_keyset_handle));
111 CreationResponse response;
112
113 EXPECT_TRUE(
114 signature.CreatePublicKeyVerify(nullptr, &request, &response).ok());
115 EXPECT_THAT(response.err(), IsEmpty());
116 }
117
TEST_F(SignatureImplTest,CreatePublicKeyVerifyFailure)118 TEST_F(SignatureImplTest, CreatePublicKeyVerifyFailure) {
119 tink_testing_api::SignatureImpl signature;
120
121 CreationRequest request;
122 request.mutable_annotated_keyset()->set_serialized_keyset("\x80");
123 CreationResponse response;
124
125 EXPECT_TRUE(
126 signature.CreatePublicKeyVerify(nullptr, &request, &response).ok());
127 EXPECT_THAT(response.err(), Not(IsEmpty()));
128 }
129
TEST_F(SignatureImplTest,SignVerifySuccess)130 TEST_F(SignatureImplTest, SignVerifySuccess) {
131 tink_testing_api::SignatureImpl signature;
132 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP256();
133 auto private_handle_result = KeysetHandle::GenerateNew(key_template);
134 EXPECT_TRUE(private_handle_result.ok());
135 auto public_handle_result =
136 private_handle_result.value()->GetPublicKeysetHandle();
137 EXPECT_TRUE(public_handle_result.ok());
138
139 SignatureSignRequest sign_request;
140 sign_request.mutable_private_annotated_keyset()->set_serialized_keyset(
141 KeysetBytes(*private_handle_result.value()));
142 sign_request.set_data("some data");
143 SignatureSignResponse sign_response;
144
145 EXPECT_TRUE(signature.Sign(nullptr, &sign_request, &sign_response).ok());
146 EXPECT_THAT(sign_response.err(), IsEmpty());
147
148 SignatureVerifyRequest verify_request;
149 verify_request.mutable_public_annotated_keyset()->set_serialized_keyset(
150 KeysetBytes(*public_handle_result.value()));
151 verify_request.set_signature(sign_response.signature());
152 verify_request.set_data("some data");
153 SignatureVerifyResponse verify_response;
154
155 EXPECT_TRUE(
156 signature.Verify(nullptr, &verify_request, &verify_response).ok());
157 EXPECT_THAT(verify_response.err(), IsEmpty());
158 }
159
TEST_F(SignatureImplTest,SignBadKeysetFail)160 TEST_F(SignatureImplTest, SignBadKeysetFail) {
161 tink_testing_api::SignatureImpl signature;
162 SignatureSignRequest sign_request;
163 sign_request.mutable_private_annotated_keyset()->set_serialized_keyset(
164 "bad private keyset");
165 sign_request.set_data("some data");
166 SignatureSignResponse sign_response;
167
168 EXPECT_TRUE(signature.Sign(nullptr, &sign_request, &sign_response).ok());
169 EXPECT_THAT(sign_response.err(), Not(IsEmpty()));
170 }
171
TEST_F(SignatureImplTest,VerifyBadCiphertextFail)172 TEST_F(SignatureImplTest, VerifyBadCiphertextFail) {
173 tink_testing_api::SignatureImpl signature;
174 const KeyTemplate& key_template = SignatureKeyTemplates::EcdsaP256();
175 auto private_handle_result = KeysetHandle::GenerateNew(key_template);
176 EXPECT_TRUE(private_handle_result.ok());
177 auto public_handle_result =
178 private_handle_result.value()->GetPublicKeysetHandle();
179 EXPECT_TRUE(public_handle_result.ok());
180
181 SignatureVerifyRequest verify_request;
182 verify_request.mutable_public_annotated_keyset()->set_serialized_keyset(
183 KeysetBytes(*public_handle_result.value()));
184 verify_request.set_signature("bad signature");
185 verify_request.set_data("some data");
186 SignatureVerifyResponse verify_response;
187
188 EXPECT_TRUE(
189 signature.Verify(nullptr, &verify_request, &verify_response).ok());
190 EXPECT_THAT(verify_response.err(), Not(IsEmpty()));
191 }
192
193 } // namespace
194 } // namespace tink
195 } // namespace crypto
196