diff options
author | wconner <wconner@google.com> | 2023-08-10 06:06:02 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-08-10 06:06:52 -0700 |
commit | 5e27fd3e43a4930a639a8050db358b77ab62dbc5 (patch) | |
tree | 67664091efca0eccc7ca9a3f70259bed761e3a17 /java_src/src/test | |
parent | 17d20a40b5f9fb0717927fd28d524a8be9c04924 (diff) | |
download | tink-5e27fd3e43a4930a639a8050db358b77ab62dbc5.tar.gz |
Ensure that input HPKE proto keys have correct length prior to parsing.
PiperOrigin-RevId: 555460591
Diffstat (limited to 'java_src/src/test')
-rw-r--r-- | java_src/src/test/java/com/google/crypto/tink/hybrid/BUILD.bazel | 1 | ||||
-rw-r--r-- | java_src/src/test/java/com/google/crypto/tink/hybrid/HpkeProtoSerializationTest.java | 77 |
2 files changed, 78 insertions, 0 deletions
diff --git a/java_src/src/test/java/com/google/crypto/tink/hybrid/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/hybrid/BUILD.bazel index 8b23db591..598b911a9 100644 --- a/java_src/src/test/java/com/google/crypto/tink/hybrid/BUILD.bazel +++ b/java_src/src/test/java/com/google/crypto/tink/hybrid/BUILD.bazel @@ -346,6 +346,7 @@ java_test( "//src/main/java/com/google/crypto/tink/internal:proto_key_serialization", "//src/main/java/com/google/crypto/tink/internal:proto_parameters_serialization", "//src/main/java/com/google/crypto/tink/internal/testing:asserts", + "//src/main/java/com/google/crypto/tink/subtle:bytes", "//src/main/java/com/google/crypto/tink/subtle:hex", "//src/main/java/com/google/crypto/tink/subtle:random", "//src/main/java/com/google/crypto/tink/util:bytes", diff --git a/java_src/src/test/java/com/google/crypto/tink/hybrid/HpkeProtoSerializationTest.java b/java_src/src/test/java/com/google/crypto/tink/hybrid/HpkeProtoSerializationTest.java index 36fc093bb..b37d43c1c 100644 --- a/java_src/src/test/java/com/google/crypto/tink/hybrid/HpkeProtoSerializationTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/hybrid/HpkeProtoSerializationTest.java @@ -342,6 +342,42 @@ public final class HpkeProtoSerializationTest { } @Theory + public void parsePublicKey_withExtraLeadingZero( + @FromDataPoints("kems") KemTuple kemTuple, + @FromDataPoints("kdfs") KdfTuple kdfTuple, + @FromDataPoints("aeads") AeadTuple aeadTuple) + throws Exception { + HpkeParameters parameters = + HpkeParameters.builder() + .setKemId(kemTuple.kemId) + .setKdfId(kdfTuple.kdfId) + .setAeadId(aeadTuple.aeadId) + .setVariant(HpkeParameters.Variant.TINK) + .build(); + HpkePublicKey publicKey = + HpkePublicKey.create( + parameters, Bytes.copyFrom(kemTuple.publicKey), /* idRequirement= */ 123); + + HpkeParams protoParams = + createHpkeProtoParams(kemTuple.kemProto, kdfTuple.kdfProto, aeadTuple.aeadProto); + byte[] publicKeyBytes = + com.google.crypto.tink.subtle.Bytes.concat(new byte[] {0}, kemTuple.publicKey); + com.google.crypto.tink.proto.HpkePublicKey protoPublicKey = + createHpkeProtoPublicKey(/* version= */ 0, protoParams, publicKeyBytes); + + ProtoKeySerialization serialization = + ProtoKeySerialization.create( + "type.googleapis.com/google.crypto.tink.HpkePublicKey", + protoPublicKey.toByteString(), + KeyMaterialType.ASYMMETRIC_PUBLIC, + OutputPrefixType.TINK, + /* idRequirement= */ 123); + + Key parsed = registry.parseKey(serialization, /* access= */ null); + assertThat(parsed.equalsKey(publicKey)).isTrue(); + } + + @Theory public void serializeParsePrivateKey( @FromDataPoints("variants") VariantTuple variantTuple, @FromDataPoints("kems") KemTuple kemTuple, @@ -427,6 +463,47 @@ public final class HpkeProtoSerializationTest { assertThat(parsed.equalsKey(privateKey)).isTrue(); } + @Theory + public void parsePrivateKey_withExtraLeadingZero( + @FromDataPoints("kems") KemTuple kemTuple, + @FromDataPoints("kdfs") KdfTuple kdfTuple, + @FromDataPoints("aeads") AeadTuple aeadTuple) + throws Exception { + HpkeParameters parameters = + HpkeParameters.builder() + .setKemId(kemTuple.kemId) + .setKdfId(kdfTuple.kdfId) + .setAeadId(aeadTuple.aeadId) + .setVariant(HpkeParameters.Variant.TINK) + .build(); + HpkePublicKey publicKey = + HpkePublicKey.create( + parameters, Bytes.copyFrom(kemTuple.publicKey), /* idRequirement= */ 123); + HpkePrivateKey privateKey = + HpkePrivateKey.create( + publicKey, SecretBytes.copyFrom(kemTuple.privateKey, InsecureSecretKeyAccess.get())); + + HpkeParams protoParams = + createHpkeProtoParams(kemTuple.kemProto, kdfTuple.kdfProto, aeadTuple.aeadProto); + com.google.crypto.tink.proto.HpkePublicKey protoPublicKey = + createHpkeProtoPublicKey(/* version= */ 0, protoParams, kemTuple.publicKey); + byte[] privateKeyBytes = + com.google.crypto.tink.subtle.Bytes.concat(new byte[] {0}, kemTuple.privateKey); + com.google.crypto.tink.proto.HpkePrivateKey protoPrivateKey = + createHpkeProtoPrivateKey(/* version= */ 0, protoPublicKey, privateKeyBytes); + + ProtoKeySerialization serialization = + ProtoKeySerialization.create( + "type.googleapis.com/google.crypto.tink.HpkePrivateKey", + protoPrivateKey.toByteString(), + KeyMaterialType.ASYMMETRIC_PRIVATE, + OutputPrefixType.TINK, + /* idRequirement= */ 123); + + Key parsed = registry.parseKey(serialization, InsecureSecretKeyAccess.get()); + assertThat(parsed.equalsKey(privateKey)).isTrue(); + } + @Test public void parsePrivateKey_noAccess_throws() throws Exception { HpkeParams protoParams = |