Add a method to create an always failing deterministic AEAD.

This allows to create deterministic AEAD objects which will return an error on any API call, which can for instance be used for testing correct failure behavior.

PiperOrigin-RevId: 452483150

5 files changed, 219 insertions, 0 deletions

diff --git a/cc/daead/BUILD.bazel b/cc/daead/BUILD.bazel
index 473cc9e2b..ffe890b49 100644
--- a/cc/daead/BUILD.bazel
+++ b/cc/daead/BUILD.bazel
@@ -186,3 +186,25 @@ cc_test(
         "@com_google_googletest//:gtest_main",
     ],
 )
+
+cc_library(
+    name = "failing_daead",
+    srcs = ["failing_daead.cc"],
+    hdrs = ["failing_daead.h"],
+    include_prefix = "tink/daead",
+    deps = [
+        "//:deterministic_aead",
+        "@com_google_absl//absl/strings",
+    ],
+)
+
+cc_test(
+    name = "failing_daead_test",
+    srcs = ["failing_daead_test.cc"],
+    deps = [
+        ":failing_daead",
+        "//util:test_matchers",
+        "@com_google_absl//absl/status",
+        "@com_google_googletest//:gtest_main",
+    ],
+)
diff --git a/cc/daead/CMakeLists.txt b/cc/daead/CMakeLists.txt
index 4bfc5cd67..6aca5a1b9 100644
--- a/cc/daead/CMakeLists.txt
+++ b/cc/daead/CMakeLists.txt
@@ -173,3 +173,24 @@ tink_cc_test(
     tink::proto::common_cc_proto
     tink::proto::tink_cc_proto
 )
+
+tink_cc_library(
+  NAME failing_daead
+  SRCS
+    failing_daead.cc
+    failing_daead.h
+  DEPS
+    absl::strings
+    tink::core::deterministic_aead
+)
+
+tink_cc_test(
+  NAME failing_daead_test
+  SRCS
+    failing_daead_test.cc
+  DEPS
+    tink::daead::failing_daead
+    gmock
+    absl::status
+    tink::util::test_matchers
+)
diff --git a/cc/daead/failing_daead.cc b/cc/daead/failing_daead.cc
new file mode 100644
index 000000000..61b30f963
--- /dev/null
+++ b/cc/daead/failing_daead.cc
@@ -0,0 +1,63 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+#include "tink/daead/failing_daead.h"
+
+#include <string>
+#include <utility>
+
+namespace crypto {
+namespace tink {
+namespace {
+
+// A deterministic AEAD that always return a kInternal status on API calls.
+class AlwaysFailDeterministicAead : public DeterministicAead {
+ public:
+  explicit AlwaysFailDeterministicAead(std::string message)
+      : message_(std::move(message)) {}
+
+  util::StatusOr<std::string> EncryptDeterministically(
+      absl::string_view plaintext,
+      absl::string_view associated_data) const override {
+    return util::Status(
+        absl::StatusCode::kInternal,
+        absl::StrCat(
+            "AlwaysFailDeterministicAead will always fail on encrypt (msg=",
+            message_, ")"));
+  }
+
+  util::StatusOr<std::string> DecryptDeterministically(
+      absl::string_view ciphertext,
+      absl::string_view associated_data) const override {
+    return util::Status(
+        absl::StatusCode::kInternal,
+        absl::StrCat(
+            "AlwaysFailDeterministicAead will always fail on decrypt (msg=",
+            message_, ")"));
+  }
+
+ private:
+  const std::string message_;
+};
+
+}  // namespace
+
+std::unique_ptr<DeterministicAead> CreateAlwaysFailingDeterministicAead(
+    std::string message) {
+  return absl::make_unique<AlwaysFailDeterministicAead>(std::move(message));
+}
+
+}  // namespace tink
+}  // namespace crypto
diff --git a/cc/daead/failing_daead.h b/cc/daead/failing_daead.h
new file mode 100644
index 000000000..551ad4b7a
--- /dev/null
+++ b/cc/daead/failing_daead.h
@@ -0,0 +1,36 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+#ifndef TINK_DAEAD_FAILING_DAEAD_H_
+#define TINK_DAEAD_FAILING_DAEAD_H_
+
+#include <string>
+
+#include "absl/strings/string_view.h"
+#include "tink/deterministic_aead.h"
+
+namespace crypto {
+namespace tink {
+
+// Returns a deterministic AEAD which will always return an error when calling
+// EncryptDeterministically or DecryptDeterministically. The error message will
+// contain `message`.
+std::unique_ptr<DeterministicAead> CreateAlwaysFailingDeterministicAead(
+    std::string message = "");
+
+}  // namespace tink
+}  // namespace crypto
+
+#endif  // TINK_DAEAD_FAILING_DAEAD_H_
diff --git a/cc/daead/failing_daead_test.cc b/cc/daead/failing_daead_test.cc
new file mode 100644
index 000000000..0df4c99a4
--- /dev/null
+++ b/cc/daead/failing_daead_test.cc
@@ -0,0 +1,77 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+#include "tink/daead/failing_daead.h"
+#include <memory>
+#include <string>
+
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
+#include "absl/status/status.h"
+#include "tink/util/test_matchers.h"
+
+namespace crypto {
+namespace tink {
+namespace {
+
+using ::crypto::tink::test::StatusIs;
+using ::testing::HasSubstr;
+
+TEST(AlwaysFailDeterministicAead, EncryptFails) {
+  std::unique_ptr<DeterministicAead> failing_daead =
+      CreateAlwaysFailingDeterministicAead();
+
+  EXPECT_THAT(
+      failing_daead->EncryptDeterministically("plaintext", "associated_data")
+          .status(),
+      StatusIs(absl::StatusCode::kInternal));
+}
+
+TEST(AlwaysFailDeterministicAead, EncryptFailsContainsMessage) {
+  const std::string expected_message = "expected_message";
+  std::unique_ptr<DeterministicAead> failing_aead =
+      CreateAlwaysFailingDeterministicAead(expected_message);
+
+  EXPECT_THAT(
+      failing_aead->EncryptDeterministically("plaintext", "associated_data")
+          .status(),
+      StatusIs(absl::StatusCode::kInternal, HasSubstr(expected_message)));
+}
+
+TEST(AlwaysFailDeterministicAead, DecryptFails) {
+  std::unique_ptr<DeterministicAead> failing_daead =
+      CreateAlwaysFailingDeterministicAead();
+
+  EXPECT_THAT(
+      failing_daead->DecryptDeterministically("ciphertext", "associated_data")
+          .status(),
+      StatusIs(absl::StatusCode::kInternal));
+}
+
+TEST(AlwaysFailDeterministicAead, DecryptFailsContainsMessage) {
+  const std::string expected_message = "expected_message";
+  std::unique_ptr<DeterministicAead> failing_aead =
+      CreateAlwaysFailingDeterministicAead(expected_message);
+
+  EXPECT_THAT(
+      failing_aead->EncryptDeterministically("plaintext", "associated_data")
+          .status(),
+      StatusIs(absl::StatusCode::kInternal, HasSubstr(expected_message)));
+}
+
+}  // namespace
+}  // namespace tink
+}  // namespace crypto
+