// Copyright 2023 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // /////////////////////////////////////////////////////////////////////////////// #include "tink/internal/key_gen_configuration_impl.h" #include #include #include "gmock/gmock.h" #include "gtest/gtest.h" #include "tink/aead/aead_key_templates.h" #include "tink/key_gen_configuration.h" #include "tink/util/test_matchers.h" #include "tink/util/test_util.h" #include "proto/aes_gcm.pb.h" #include "proto/rsa_ssa_pss.pb.h" namespace crypto { namespace tink { namespace internal { namespace { using ::crypto::tink::test::IsOk; using ::crypto::tink::test::StatusIs; using ::google::crypto::tink::AesGcmKey; using ::google::crypto::tink::AesGcmKeyFormat; using ::google::crypto::tink::KeyData; using ::google::crypto::tink::RsaSsaPssKeyFormat; using ::google::crypto::tink::RsaSsaPssParams; using ::google::crypto::tink::RsaSsaPssPrivateKey; using ::google::crypto::tink::RsaSsaPssPublicKey; class FakePrimitive { public: explicit FakePrimitive(std::string s) : s_(s) {} std::string get() { return s_; } private: std::string s_; }; class FakeKeyTypeManager : public KeyTypeManager> { public: class FakePrimitiveFactory : public PrimitiveFactory { public: util::StatusOr> Create( const AesGcmKey& key) const override { return absl::make_unique(key.key_value()); } }; FakeKeyTypeManager() : KeyTypeManager(absl::make_unique()) {} KeyData::KeyMaterialType key_material_type() const override { return KeyData::SYMMETRIC; } uint32_t get_version() const override { return 0; } const std::string& get_key_type() const override { return key_type_; } util::Status ValidateKey(const AesGcmKey& key) const override { return util::OkStatus(); } util::Status ValidateKeyFormat( const AesGcmKeyFormat& key_format) const override { return util::OkStatus(); } util::StatusOr CreateKey( const AesGcmKeyFormat& key_format) const override { return AesGcmKey(); } util::StatusOr DeriveKey( const AesGcmKeyFormat& key_format, InputStream* input_stream) const override { return AesGcmKey(); } private: const std::string key_type_ = "type.googleapis.com/google.crypto.tink.AesGcmKey"; }; TEST(KeyGenConfigurationImplTest, AddKeyTypeManager) { KeyGenConfiguration config; EXPECT_THAT(KeyGenConfigurationImpl::AddKeyTypeManager( absl::make_unique(), config), IsOk()); } TEST(KeyGenConfigurationImplTest, GetKeyTypeInfoStore) { KeyGenConfiguration config; ASSERT_THAT(KeyGenConfigurationImpl::AddKeyTypeManager( absl::make_unique(), config), IsOk()); std::string type_url = FakeKeyTypeManager().get_key_type(); util::StatusOr store = KeyGenConfigurationImpl::GetKeyTypeInfoStore(config); ASSERT_THAT(store, IsOk()); util::StatusOr info = (*store)->Get(type_url); ASSERT_THAT(info, IsOk()); util::StatusOr*> key_manager = (*info)->get_key_manager(type_url); ASSERT_THAT(key_manager, IsOk()); EXPECT_EQ((*key_manager)->get_key_type(), type_url); } TEST(KeyGenConfigurationImplTest, GetKeyTypeInfoStoreMissingInfoFails) { KeyGenConfiguration config; util::StatusOr store = KeyGenConfigurationImpl::GetKeyTypeInfoStore(config); ASSERT_THAT(store, IsOk()); EXPECT_THAT((*store)->Get("i.do.not.exist").status(), StatusIs(absl::StatusCode::kNotFound)); } class FakeSignKeyManager : public PrivateKeyTypeManager> { public: class PublicKeySignFactory : public PrimitiveFactory { public: util::StatusOr> Create( const RsaSsaPssPrivateKey& key) const override { return {absl::make_unique("a public key sign")}; } }; explicit FakeSignKeyManager() : PrivateKeyTypeManager(absl::make_unique()) {} KeyData::KeyMaterialType key_material_type() const override { return KeyData::ASYMMETRIC_PRIVATE; } uint32_t get_version() const override { return 0; } const std::string& get_key_type() const override { return key_type_; } util::Status ValidateKey(const RsaSsaPssPrivateKey& key) const override { return util::OkStatus(); } util::Status ValidateKeyFormat( const RsaSsaPssKeyFormat& key_format) const override { return util::OkStatus(); } util::StatusOr CreateKey( const RsaSsaPssKeyFormat& key_format) const override { return RsaSsaPssPrivateKey(); } util::StatusOr DeriveKey( const RsaSsaPssKeyFormat& key_format, InputStream* input_stream) const override { return RsaSsaPssPrivateKey(); } util::StatusOr GetPublicKey( const RsaSsaPssPrivateKey& private_key) const override { return private_key.public_key(); } private: const std::string key_type_ = "some.sign.key.type"; }; class FakeVerifyKeyManager : public KeyTypeManager> { public: class PublicKeyVerifyFactory : public PrimitiveFactory { public: util::StatusOr> Create( const RsaSsaPssPublicKey& key) const override { return { absl::make_unique("a public key verify")}; } }; explicit FakeVerifyKeyManager() : KeyTypeManager(absl::make_unique()) {} KeyData::KeyMaterialType key_material_type() const override { return KeyData::ASYMMETRIC_PUBLIC; } uint32_t get_version() const override { return 0; } const std::string& get_key_type() const override { return key_type_; } util::Status ValidateKey(const RsaSsaPssPublicKey& key) const override { return util::OkStatus(); } util::Status ValidateParams(const RsaSsaPssParams& params) const { return util::OkStatus(); } private: const std::string key_type_ = "some.verify.key.type"; }; TEST(KeyGenConfigurationImplTest, AddAsymmetricKeyManagers) { KeyGenConfiguration config; EXPECT_THAT(KeyGenConfigurationImpl::AddAsymmetricKeyManagers( absl::make_unique(), absl::make_unique(), config), IsOk()); } TEST(KeyGenConfigurationImplTest, GetKeyTypeInfoStoreAsymmetric) { KeyGenConfiguration config; ASSERT_THAT(KeyGenConfigurationImpl::AddAsymmetricKeyManagers( absl::make_unique(), absl::make_unique(), config), IsOk()); { std::string type_url = FakeSignKeyManager().get_key_type(); util::StatusOr store = KeyGenConfigurationImpl::GetKeyTypeInfoStore(config); ASSERT_THAT(store, IsOk()); util::StatusOr info = (*store)->Get(type_url); ASSERT_THAT(info, IsOk()); util::StatusOr*> key_manager = (*info)->get_key_manager(type_url); ASSERT_THAT(key_manager, IsOk()); EXPECT_EQ((*key_manager)->get_key_type(), type_url); } { std::string type_url = FakeVerifyKeyManager().get_key_type(); util::StatusOr store = KeyGenConfigurationImpl::GetKeyTypeInfoStore(config); ASSERT_THAT(store, IsOk()); util::StatusOr info = (*store)->Get(type_url); ASSERT_THAT(info, IsOk()); util::StatusOr*> key_manager = (*info)->get_key_manager(type_url); ASSERT_THAT(key_manager, IsOk()); EXPECT_EQ((*key_manager)->get_key_type(), type_url); } } TEST(KeyGenConfigurationImplTest, GlobalRegistryMode) { Registry::Reset(); KeyGenConfiguration config; ASSERT_THAT(KeyGenConfigurationImpl::SetGlobalRegistryMode(config), IsOk()); EXPECT_TRUE(KeyGenConfigurationImpl::IsInGlobalRegistryMode(config)); // Check that KeyGenConfigurationImpl functions return kFailedPrecondition. EXPECT_THAT(KeyGenConfigurationImpl::AddKeyTypeManager( absl::make_unique(), config), StatusIs(absl::StatusCode::kFailedPrecondition)); EXPECT_THAT(KeyGenConfigurationImpl::AddAsymmetricKeyManagers( absl::make_unique(), absl::make_unique(), config), StatusIs(absl::StatusCode::kFailedPrecondition)); EXPECT_THAT(KeyGenConfigurationImpl::GetKeyTypeInfoStore(config).status(), StatusIs(absl::StatusCode::kFailedPrecondition)); // TODO(b/265705174): Replace with KeysetHandle::GenerateNew(config). EXPECT_THAT(Registry::NewKeyData(AeadKeyTemplates::Aes256Gcm()).status(), StatusIs(absl::StatusCode::kNotFound)); ASSERT_THAT( Registry::RegisterKeyTypeManager(absl::make_unique(), /*new_key_allowed=*/true), IsOk()); // TODO(b/265705174): Replace with KeysetHandle::GenerateNew(config) once // implemented. EXPECT_THAT(Registry::NewKeyData(AeadKeyTemplates::Aes256Gcm()), IsOk()); } TEST(KeyGenConfigurationImplTest, GlobalRegistryModeWithNonEmptyConfigFails) { KeyGenConfiguration config; ASSERT_THAT(KeyGenConfigurationImpl::AddKeyTypeManager( absl::make_unique(), config), IsOk()); EXPECT_THAT(KeyGenConfigurationImpl::SetGlobalRegistryMode(config), StatusIs(absl::StatusCode::kFailedPrecondition)); EXPECT_FALSE(KeyGenConfigurationImpl::IsInGlobalRegistryMode(config)); } } // namespace } // namespace internal } // namespace tink } // namespace crypto