diff options
author | lizatretyakova <lizatretyakova@google.com> | 2023-08-10 03:43:52 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-08-10 03:45:09 -0700 |
commit | 17d20a40b5f9fb0717927fd28d524a8be9c04924 (patch) | |
tree | c16bc3305434915f02fcac809f556bfbfb3c981f /java_src/src/test/java | |
parent | 5056f93c15d85b24c97f9d2eca2c6e8376528e23 (diff) | |
download | tink-17d20a40b5f9fb0717927fd28d524a8be9c04924.tar.gz |
Undoing the MacWrapper change.
PiperOrigin-RevId: 555434824
Diffstat (limited to 'java_src/src/test/java')
4 files changed, 71 insertions, 104 deletions
diff --git a/java_src/src/test/java/com/google/crypto/tink/internal/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/internal/BUILD.bazel index b441ac2fd..5f6b30d6c 100644 --- a/java_src/src/test/java/com/google/crypto/tink/internal/BUILD.bazel +++ b/java_src/src/test/java/com/google/crypto/tink/internal/BUILD.bazel @@ -476,17 +476,13 @@ java_test( "//src/main/java/com/google/crypto/tink:registry_cluster", "//src/main/java/com/google/crypto/tink/aead:aes_eax_key", "//src/main/java/com/google/crypto/tink/aead:aes_eax_parameters", - "//src/main/java/com/google/crypto/tink/internal:legacy_proto_key", "//src/main/java/com/google/crypto/tink/internal:mutable_primitive_registry", - "//src/main/java/com/google/crypto/tink/internal:mutable_serialization_registry", - "//src/main/java/com/google/crypto/tink/internal:proto_key_serialization", "//src/main/java/com/google/crypto/tink/internal:registry_configuration", "//src/main/java/com/google/crypto/tink/mac:chunked_mac", "//src/main/java/com/google/crypto/tink/mac:chunked_mac_computation", "//src/main/java/com/google/crypto/tink/mac:hmac_key", "//src/main/java/com/google/crypto/tink/mac:hmac_parameters", "//src/main/java/com/google/crypto/tink/mac:mac_config", - "//src/main/java/com/google/crypto/tink/mac/internal:legacy_full_mac", "//src/main/java/com/google/crypto/tink/util:secret_bytes", "@maven//:com_google_protobuf_protobuf_java", "@maven//:com_google_truth_truth", diff --git a/java_src/src/test/java/com/google/crypto/tink/internal/RegistryConfigurationTest.java b/java_src/src/test/java/com/google/crypto/tink/internal/RegistryConfigurationTest.java index 4b24e1aeb..5a7ef7596 100644 --- a/java_src/src/test/java/com/google/crypto/tink/internal/RegistryConfigurationTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/internal/RegistryConfigurationTest.java @@ -35,7 +35,6 @@ import com.google.crypto.tink.mac.HmacKey; import com.google.crypto.tink.mac.HmacParameters; import com.google.crypto.tink.mac.HmacParameters.HashType; import com.google.crypto.tink.mac.MacConfig; -import com.google.crypto.tink.mac.internal.LegacyFullMac; import com.google.crypto.tink.proto.HmacParams; import com.google.crypto.tink.proto.KeyData; import com.google.crypto.tink.proto.KeyData.KeyMaterialType; @@ -60,7 +59,6 @@ public class RegistryConfigurationTest { private static HmacKey rawKey; private static KeyData rawKeyData; private static Keyset.Key rawKeysetKey; - private static LegacyProtoKey legacyProtoRawKey; @Before public void setUp() throws GeneralSecurityException { @@ -112,11 +110,6 @@ public class RegistryConfigurationTest { .setKeyId(keysetHandle.getKeysetInfo().getPrimaryKeyId()) .setOutputPrefixType(OutputPrefixType.RAW) .build(); - legacyProtoRawKey = - new LegacyProtoKey( - MutableSerializationRegistry.globalInstance() - .serializeKey(rawKey, ProtoKeySerialization.class, InsecureSecretKeyAccess.get()), - InsecureSecretKeyAccess.get()); } catch (GeneralSecurityException e) { throw new IllegalStateException(e); } @@ -155,13 +148,13 @@ public class RegistryConfigurationTest { byte[] plaintext = "plaintext".getBytes(UTF_8); Mac registryMac = Registry.getPrimitive(rawKeyData, Mac.class); - // The following relies on the fact that internally LegacyFullMac uses RegistryConfiguration. + Mac configurationMac = RegistryConfiguration.get().getLegacyPrimitive(rawKeyData, Mac.class); Mac wrappedConfigurationMac = RegistryConfiguration.get() .wrap( PrimitiveSet.newBuilder(Mac.class) .addPrimaryFullPrimitiveAndOptionalPrimitive( - LegacyFullMac.create(legacyProtoRawKey), null, rawKeysetKey) + null, configurationMac, rawKeysetKey) .build(), Mac.class); diff --git a/java_src/src/test/java/com/google/crypto/tink/mac/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/mac/BUILD.bazel index fe7d2013c..1a46ce179 100644 --- a/java_src/src/test/java/com/google/crypto/tink/mac/BUILD.bazel +++ b/java_src/src/test/java/com/google/crypto/tink/mac/BUILD.bazel @@ -118,25 +118,25 @@ java_test( size = "small", srcs = ["MacWrapperTest.java"], deps = [ + "//proto:tink_java_proto", "//src/main/java/com/google/crypto/tink:insecure_secret_key_access", "//src/main/java/com/google/crypto/tink:mac", - "//src/main/java/com/google/crypto/tink:registry", + "//src/main/java/com/google/crypto/tink:primitive_set", "//src/main/java/com/google/crypto/tink:registry_cluster", "//src/main/java/com/google/crypto/tink/internal:mutable_monitoring_registry", - "//src/main/java/com/google/crypto/tink/internal:mutable_primitive_registry", - "//src/main/java/com/google/crypto/tink/internal:primitive_constructor", "//src/main/java/com/google/crypto/tink/internal/testing:fake_monitoring_client", "//src/main/java/com/google/crypto/tink/mac:aes_cmac_key", "//src/main/java/com/google/crypto/tink/mac:aes_cmac_parameters", "//src/main/java/com/google/crypto/tink/mac:aes_cmac_proto_serialization", "//src/main/java/com/google/crypto/tink/mac:hmac_key", - "//src/main/java/com/google/crypto/tink/mac:hmac_key_manager", "//src/main/java/com/google/crypto/tink/mac:hmac_parameters", "//src/main/java/com/google/crypto/tink/mac:mac_config", "//src/main/java/com/google/crypto/tink/mac:mac_wrapper", "//src/main/java/com/google/crypto/tink/mac/internal:hmac_proto_serialization", "//src/main/java/com/google/crypto/tink/monitoring:monitoring_annotations", "//src/main/java/com/google/crypto/tink/subtle:hex", + "//src/main/java/com/google/crypto/tink/subtle:random", + "//src/main/java/com/google/crypto/tink/testing:test_util", "//src/main/java/com/google/crypto/tink/util:secret_bytes", "@maven//:com_google_truth_truth", "@maven//:junit_junit", diff --git a/java_src/src/test/java/com/google/crypto/tink/mac/MacWrapperTest.java b/java_src/src/test/java/com/google/crypto/tink/mac/MacWrapperTest.java index 443f3870f..a60dce6cb 100644 --- a/java_src/src/test/java/com/google/crypto/tink/mac/MacWrapperTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/mac/MacWrapperTest.java @@ -23,15 +23,18 @@ import static org.junit.Assert.assertThrows; import com.google.crypto.tink.InsecureSecretKeyAccess; import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.Mac; -import com.google.crypto.tink.Registry; +import com.google.crypto.tink.PrimitiveSet; import com.google.crypto.tink.internal.MutableMonitoringRegistry; -import com.google.crypto.tink.internal.MutablePrimitiveRegistry; -import com.google.crypto.tink.internal.PrimitiveConstructor; import com.google.crypto.tink.internal.testing.FakeMonitoringClient; import com.google.crypto.tink.mac.HmacParameters.HashType; import com.google.crypto.tink.mac.internal.HmacProtoSerialization; import com.google.crypto.tink.monitoring.MonitoringAnnotations; +import com.google.crypto.tink.proto.KeyStatusType; +import com.google.crypto.tink.proto.Keyset.Key; +import com.google.crypto.tink.proto.OutputPrefixType; import com.google.crypto.tink.subtle.Hex; +import com.google.crypto.tink.subtle.Random; +import com.google.crypto.tink.testing.TestUtil; import com.google.crypto.tink.util.SecretBytes; import java.security.GeneralSecurityException; import java.util.List; @@ -194,9 +197,6 @@ public class MacWrapperTest { @Test public void testComputeVerifyMac_throwsOnWrongKey() throws Exception { - MutablePrimitiveRegistry.resetGlobalInstanceTestOnly(); - MacConfig.register(); - byte[] plaintext = "plaintext".getBytes(UTF_8); KeysetHandle computeKeysetHandle = KeysetHandle.newBuilder() @@ -216,9 +216,6 @@ public class MacWrapperTest { @Test public void testVerifyMac_checksAllNecessaryRawKeys() throws Exception { - MutablePrimitiveRegistry.resetGlobalInstanceTestOnly(); - MacConfig.register(); - byte[] plaintext = "plaintext".getBytes(UTF_8); KeysetHandle computeKeysetHandle = KeysetHandle.newBuilder() @@ -239,9 +236,6 @@ public class MacWrapperTest { @Test public void testVerifyMac_checksRawKeysWhenTagHasTinkKeyPrefix() throws Exception { - MutablePrimitiveRegistry.resetGlobalInstanceTestOnly(); - MacConfig.register(); - byte[] plaintext = "plaintext".getBytes(UTF_8); byte[] tag = Hex.decode("0152af9740d2fab0cf3f"); HmacKey rawKey5 = @@ -273,9 +267,6 @@ public class MacWrapperTest { @Test public void computeMac_usesPrimaryKey() throws Exception { - MutablePrimitiveRegistry.resetGlobalInstanceTestOnly(); - MacConfig.register(); - byte[] plaintext = "plaintext".getBytes(UTF_8); KeysetHandle keysetHandle = KeysetHandle.newBuilder() @@ -297,9 +288,6 @@ public class MacWrapperTest { @Test public void testComputeVerifyMac_manyKeysWork() throws Exception { - MutablePrimitiveRegistry.resetGlobalInstanceTestOnly(); - MacConfig.register(); - byte[] plaintext = "plaintext".getBytes(UTF_8); KeysetHandle assortedKeysetHandle = KeysetHandle.newBuilder() @@ -323,9 +311,6 @@ public class MacWrapperTest { @Test public void testVerifyMac_shiftedPrimaryWithManyKeysWorks() throws Exception { - MutablePrimitiveRegistry.resetGlobalInstanceTestOnly(); - MacConfig.register(); - byte[] plaintext = "plaintext".getBytes(UTF_8); KeysetHandle assortedKeysetHandle0 = KeysetHandle.newBuilder() @@ -354,9 +339,6 @@ public class MacWrapperTest { @Test public void testMultipleKeysWithoutAnnotation() throws Exception { - MutablePrimitiveRegistry.resetGlobalInstanceTestOnly(); - MacConfig.register(); - FakeMonitoringClient fakeMonitoringClient = new FakeMonitoringClient(); MutableMonitoringRegistry.globalInstance().clear(); MutableMonitoringRegistry.globalInstance().registerMonitoringClient(fakeMonitoringClient); @@ -406,36 +388,45 @@ public class MacWrapperTest { @Test public void testWithAnnotation_hasMonitoring() throws Exception { - MutablePrimitiveRegistry.resetGlobalInstanceTestOnly(); - MacConfig.register(); - FakeMonitoringClient fakeMonitoringClient = new FakeMonitoringClient(); MutableMonitoringRegistry.globalInstance().clear(); MutableMonitoringRegistry.globalInstance().registerMonitoringClient(fakeMonitoringClient); + Key tinkKey = + TestUtil.createKey( + TestUtil.createHmacKeyData(Random.randBytes(HMAC_KEY_SIZE), 16), + 42, + KeyStatusType.ENABLED, + OutputPrefixType.TINK); + Key rawKey = + TestUtil.createKey( + TestUtil.createHmacKeyData(Random.randBytes(HMAC_KEY_SIZE), 16), + 43, + KeyStatusType.ENABLED, + OutputPrefixType.RAW); + Key legacyKey = + TestUtil.createKey( + TestUtil.createHmacKeyData(Random.randBytes(HMAC_KEY_SIZE), 16), + 44, + KeyStatusType.ENABLED, + OutputPrefixType.LEGACY); MonitoringAnnotations annotations = MonitoringAnnotations.newBuilder().add("annotation_name", "annotation_value").build(); - KeysetHandle rawKeysetHandle = - KeysetHandle.newBuilder() - .addEntry(KeysetHandle.importKey(rawKey0).withFixedId(43).makePrimary()) - .setMonitoringAnnotations(annotations) - .build(); - KeysetHandle legacyKeysetHandle = - KeysetHandle.newBuilder() - .addEntry(KeysetHandle.importKey(legacyKey0).makePrimary()) - .setMonitoringAnnotations(annotations) - .build(); - KeysetHandle mixedKeysetHandle = - KeysetHandle.newBuilder() - .addEntry(KeysetHandle.importKey(tinkKey1).makePrimary()) - .addEntry(KeysetHandle.importKey(rawKey0).withFixedId(43)) - .addEntry(KeysetHandle.importKey(legacyKey0)) - .setMonitoringAnnotations(annotations) - .build(); - Mac rawMac = rawKeysetHandle.getPrimitive(Mac.class); - Mac legacyMac = legacyKeysetHandle.getPrimitive(Mac.class); - Mac mac = mixedKeysetHandle.getPrimitive(Mac.class); - + Mac rawMac = + new MacWrapper() + .wrap( + TestUtil.createPrimitiveSetWithAnnotations( + TestUtil.createKeyset(rawKey), annotations, Mac.class)); + Mac legacyMac = + new MacWrapper() + .wrap( + TestUtil.createPrimitiveSetWithAnnotations( + TestUtil.createKeyset(legacyKey), annotations, Mac.class)); + Mac mac = + new MacWrapper() + .wrap( + TestUtil.createPrimitiveSetWithAnnotations( + TestUtil.createKeyset(tinkKey, rawKey, legacyKey), annotations, Mac.class)); byte[] plaintext = "plaintext".getBytes(UTF_8); byte[] tinkTag = mac.computeMac(plaintext); byte[] rawTag = rawMac.computeMac(plaintext); @@ -449,8 +440,7 @@ public class MacWrapperTest { assertThat(logEntries).hasSize(6); FakeMonitoringClient.LogEntry tinkComputeEntry = logEntries.get(0); - // 5 is tinkKey1's id. - assertThat(tinkComputeEntry.getKeyId()).isEqualTo(5); + assertThat(tinkComputeEntry.getKeyId()).isEqualTo(42); assertThat(tinkComputeEntry.getPrimitive()).isEqualTo("mac"); assertThat(tinkComputeEntry.getApi()).isEqualTo("compute"); assertThat(tinkComputeEntry.getNumBytesAsInput()).isEqualTo(plaintext.length); @@ -464,16 +454,15 @@ public class MacWrapperTest { assertThat(rawComputeEntry.getKeysetInfo().getAnnotations()).isEqualTo(annotations); FakeMonitoringClient.LogEntry legacyComputeEntry = logEntries.get(2); - // 8 is legacyKey0's id. - assertThat(legacyComputeEntry.getKeyId()).isEqualTo(8); + assertThat(legacyComputeEntry.getKeyId()).isEqualTo(44); assertThat(legacyComputeEntry.getPrimitive()).isEqualTo("mac"); assertThat(legacyComputeEntry.getApi()).isEqualTo("compute"); - assertThat(legacyComputeEntry.getNumBytesAsInput()).isEqualTo(plaintext.length); + // legacy mac appends one byte to the input data, therefore the input length is one longer. + assertThat(legacyComputeEntry.getNumBytesAsInput()).isEqualTo(plaintext.length + 1); assertThat(legacyComputeEntry.getKeysetInfo().getAnnotations()).isEqualTo(annotations); FakeMonitoringClient.LogEntry tinkVerifyEntry = logEntries.get(3); - // 5 is tinkKey1's id. - assertThat(tinkVerifyEntry.getKeyId()).isEqualTo(5); + assertThat(tinkVerifyEntry.getKeyId()).isEqualTo(42); assertThat(tinkVerifyEntry.getPrimitive()).isEqualTo("mac"); assertThat(tinkVerifyEntry.getApi()).isEqualTo("verify"); assertThat(tinkVerifyEntry.getNumBytesAsInput()).isEqualTo(plaintext.length); @@ -487,11 +476,11 @@ public class MacWrapperTest { assertThat(rawVerifyEntry.getKeysetInfo().getAnnotations()).isEqualTo(annotations); FakeMonitoringClient.LogEntry legacyVerifyEntry = logEntries.get(5); - // 8 is legacyKey0's id. - assertThat(legacyVerifyEntry.getKeyId()).isEqualTo(8); + assertThat(legacyVerifyEntry.getKeyId()).isEqualTo(44); assertThat(legacyVerifyEntry.getPrimitive()).isEqualTo("mac"); assertThat(legacyVerifyEntry.getApi()).isEqualTo("verify"); - assertThat(legacyVerifyEntry.getNumBytesAsInput()).isEqualTo(plaintext.length); + // legacy mac appends one byte to the input data, therefore the input length is one longer. + assertThat(legacyVerifyEntry.getNumBytesAsInput()).isEqualTo(plaintext.length + 1); assertThat(legacyVerifyEntry.getKeysetInfo().getAnnotations()).isEqualTo(annotations); List<FakeMonitoringClient.LogFailureEntry> failures = @@ -500,15 +489,11 @@ public class MacWrapperTest { FakeMonitoringClient.LogFailureEntry verifyFailure = failures.get(0); assertThat(verifyFailure.getPrimitive()).isEqualTo("mac"); assertThat(verifyFailure.getApi()).isEqualTo("verify"); - // 5 is tinkKey1's id. - assertThat(verifyFailure.getKeysetInfo().getPrimaryKeyId()).isEqualTo(5); + assertThat(verifyFailure.getKeysetInfo().getPrimaryKeyId()).isEqualTo(42); assertThat(verifyFailure.getKeysetInfo().getAnnotations()).isEqualTo(annotations); } public static class AlwaysFailingMac implements Mac { - - AlwaysFailingMac(HmacKey key) {} - @Override public byte[] computeMac(final byte[] data) throws GeneralSecurityException { throw new GeneralSecurityException("fail"); @@ -522,39 +507,35 @@ public class MacWrapperTest { @Test public void testAlwaysFailingWithAnnotation_hasMonitoring() throws Exception { - // Test setup. - MutablePrimitiveRegistry.resetGlobalInstanceTestOnly(); - MutablePrimitiveRegistry.globalInstance() - .registerPrimitiveConstructor( - PrimitiveConstructor.create(AlwaysFailingMac::new, HmacKey.class, Mac.class)); - MacWrapper.register(); - HmacProtoSerialization.register(); - Registry.registerKeyManager(new HmacKeyManager(), true); - FakeMonitoringClient fakeMonitoringClient = new FakeMonitoringClient(); MutableMonitoringRegistry.globalInstance().clear(); MutableMonitoringRegistry.globalInstance().registerMonitoringClient(fakeMonitoringClient); MonitoringAnnotations annotations = MonitoringAnnotations.newBuilder().add("annotation_name", "annotation_value").build(); - KeysetHandle keysetHandle = - KeysetHandle.newBuilder() - .addEntry(KeysetHandle.importKey(tinkKey0).makePrimary()) - .setMonitoringAnnotations(annotations) + PrimitiveSet<Mac> primitives = + PrimitiveSet.newBuilder(Mac.class) + .setAnnotations(annotations) + .addPrimaryPrimitive( + new AlwaysFailingMac(), + TestUtil.createKey( + TestUtil.createHmacKeyData(Random.randBytes(HMAC_KEY_SIZE), 16), + 42, + KeyStatusType.ENABLED, + OutputPrefixType.TINK)) .build(); - Mac mac = keysetHandle.getPrimitive(Mac.class); + Mac mac = new MacWrapper().wrap(primitives); byte[] data = "some data".getBytes(UTF_8); byte[] invalidTag = "an invalid tag".getBytes(UTF_8); - byte[] shortInvalidTag = "t".getBytes(UTF_8); - // Test active work, including a test with a short tag, because there is a different code path - // for this. assertThrows(GeneralSecurityException.class, () -> mac.computeMac(data)); assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(invalidTag, data)); + + // Test short tags, because there is a different code path for this. + byte[] shortInvalidTag = "t".getBytes(UTF_8); assertThrows(GeneralSecurityException.class, () -> mac.verifyMac(shortInvalidTag, data)); - // Assert correctness. assertThat(fakeMonitoringClient.getLogEntries()).isEmpty(); List<FakeMonitoringClient.LogFailureEntry> failures = @@ -563,22 +544,19 @@ public class MacWrapperTest { FakeMonitoringClient.LogFailureEntry compFailure = failures.get(0); assertThat(compFailure.getPrimitive()).isEqualTo("mac"); assertThat(compFailure.getApi()).isEqualTo("compute"); - // 4 is tinkKey0's id. - assertThat(compFailure.getKeysetInfo().getPrimaryKeyId()).isEqualTo(4); + assertThat(compFailure.getKeysetInfo().getPrimaryKeyId()).isEqualTo(42); assertThat(compFailure.getKeysetInfo().getAnnotations()).isEqualTo(annotations); FakeMonitoringClient.LogFailureEntry verifyFailure = failures.get(1); assertThat(verifyFailure.getPrimitive()).isEqualTo("mac"); assertThat(verifyFailure.getApi()).isEqualTo("verify"); - // 4 is tinkKey0's id. - assertThat(verifyFailure.getKeysetInfo().getPrimaryKeyId()).isEqualTo(4); + assertThat(verifyFailure.getKeysetInfo().getPrimaryKeyId()).isEqualTo(42); assertThat(verifyFailure.getKeysetInfo().getAnnotations()).isEqualTo(annotations); FakeMonitoringClient.LogFailureEntry verifyFailure2 = failures.get(2); assertThat(verifyFailure2.getPrimitive()).isEqualTo("mac"); assertThat(verifyFailure2.getApi()).isEqualTo("verify"); - // 4 is tinkKey0's id. - assertThat(verifyFailure2.getKeysetInfo().getPrimaryKeyId()).isEqualTo(4); + assertThat(verifyFailure2.getKeysetInfo().getPrimaryKeyId()).isEqualTo(42); assertThat(verifyFailure2.getKeysetInfo().getAnnotations()).isEqualTo(annotations); } } |