// Copyright 2023 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // /////////////////////////////////////////////////////////////////////////////// #include "tink/internal/keyset_wrapper_store.h" #include #include #include #include #include "gmock/gmock.h" #include "gtest/gtest.h" #include "absl/status/status.h" #include "tink/internal/registry_impl.h" #include "tink/mac/mac_wrapper.h" #include "tink/primitive_set.h" #include "tink/primitive_wrapper.h" #include "tink/subtle/random.h" #include "tink/util/status.h" #include "tink/util/statusor.h" #include "tink/util/test_matchers.h" #include "tink/util/test_util.h" #include "proto/aes_gcm.pb.h" namespace crypto { namespace tink { namespace internal { namespace { using ::crypto::tink::test::IsOk; using ::crypto::tink::test::StatusIs; using ::google::crypto::tink::AesGcmKey; using ::google::crypto::tink::AesGcmKeyFormat; using ::google::crypto::tink::KeyData; using ::google::crypto::tink::Keyset; using ::google::crypto::tink::KeysetInfo; using ::google::crypto::tink::KeyStatusType; using ::google::crypto::tink::OutputPrefixType; using ::testing::Eq; class FakePrimitive { public: explicit FakePrimitive(std::string s) : s_(s) {} std::string get() { return s_; } private: std::string s_; }; class FakeKeyTypeManager : public KeyTypeManager> { public: class FakePrimitiveFactory : public PrimitiveFactory { public: util::StatusOr> Create( const AesGcmKey& key) const override { return absl::make_unique(key.key_value()); } }; FakeKeyTypeManager() : KeyTypeManager(absl::make_unique()) {} KeyData::KeyMaterialType key_material_type() const override { return KeyData::SYMMETRIC; } uint32_t get_version() const override { return 0; } const std::string& get_key_type() const override { return key_type_; } util::Status ValidateKey(const AesGcmKey& key) const override { return util::OkStatus(); } util::Status ValidateKeyFormat( const AesGcmKeyFormat& key_format) const override { return util::OkStatus(); } util::StatusOr CreateKey( const AesGcmKeyFormat& key_format) const override { return AesGcmKey(); } util::StatusOr DeriveKey( const AesGcmKeyFormat& key_format, InputStream* input_stream) const override { return AesGcmKey(); } private: const std::string key_type_ = "type.googleapis.com/google.crypto.tink.AesGcmKey"; }; class FakePrimitiveWrapper : public PrimitiveWrapper { public: util::StatusOr> Wrap( std::unique_ptr> primitive_set) const override { return absl::make_unique( primitive_set->get_primary()->get_primitive().get()); } }; class FakePrimitiveWrapper2 : public PrimitiveWrapper { public: util::StatusOr> Wrap( std::unique_ptr> primitive_set) const override { return absl::make_unique( primitive_set->get_primary()->get_primitive().get()); } }; std::string AddAesGcmKeyToKeyset(Keyset& keyset, uint32_t key_id, OutputPrefixType output_prefix_type, KeyStatusType key_status_type) { AesGcmKey key; key.set_version(0); key.set_key_value(subtle::Random::GetRandomBytes(16)); KeyData key_data; key_data.set_value(key.SerializeAsString()); key_data.set_type_url("type.googleapis.com/google.crypto.tink.AesGcmKey"); test::AddKeyData(key_data, key_id, output_prefix_type, key_status_type, &keyset); return key.key_value(); } // Returns the function that relies on `registry` to transform `key_data` into // FakePrimitive. util::StatusOr>(const KeyData& key_data)>> PrimitiveGetter(RegistryImpl& registry) { util::Status status = registry.RegisterKeyTypeManager>( absl::make_unique(), /*new_key_allowed=*/true); if (!status.ok()) { return status; } return [®istry](const KeyData& key_data) { return registry.GetPrimitive(key_data); }; } TEST(KeysetWrapperStoreTest, Add) { RegistryImpl registry; util::StatusOr>( const KeyData& key_data)>> primitive_getter = PrimitiveGetter(registry); ASSERT_THAT(primitive_getter, IsOk()); KeysetWrapperStore store; EXPECT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), IsOk()); } TEST(KeysetWrapperStoreTest, AddNull) { RegistryImpl registry; util::StatusOr>( const KeyData& key_data)>> primitive_getter = PrimitiveGetter(registry); ASSERT_THAT(primitive_getter, IsOk()); KeysetWrapperStore store; EXPECT_THAT((store.Add(/*wrapper=*/nullptr, *primitive_getter)), StatusIs(absl::StatusCode::kInvalidArgument)); } TEST(KeysetWrapperStoreTest, AddWrappersForDifferentPrimitivesSucceeds) { RegistryImpl registry; util::StatusOr>( const KeyData& key_data)>> primitive_getter = PrimitiveGetter(registry); ASSERT_THAT(primitive_getter, IsOk()); KeysetWrapperStore store; ASSERT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), IsOk()); std::function>(const KeyData& key_data)> primitive_getter_mac = [®istry](const KeyData& key_data) { return registry.GetPrimitive(key_data); }; EXPECT_THAT((store.Add(absl::make_unique(), primitive_getter_mac)), IsOk()); } TEST(KeysetWrapperStoreTest, AddSameWrapperTwiceSucceeds) { RegistryImpl registry; util::StatusOr>( const KeyData& key_data)>> primitive_getter = PrimitiveGetter(registry); ASSERT_THAT(primitive_getter, IsOk()); KeysetWrapperStore store; ASSERT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), IsOk()); EXPECT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), IsOk()); } TEST(KeysetWrapperStoreTest, AddDifferentWrappersForSamePrimitiveFails) { RegistryImpl registry; util::StatusOr>( const KeyData& key_data)>> primitive_getter = PrimitiveGetter(registry); ASSERT_THAT(primitive_getter, IsOk()); KeysetWrapperStore store; ASSERT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), IsOk()); EXPECT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), StatusIs(absl::StatusCode::kAlreadyExists)); } TEST(KeysetWrapperStoreTest, GetPrimitiveWrapper) { RegistryImpl registry; util::StatusOr>( const KeyData& key_data)>> primitive_getter = PrimitiveGetter(registry); ASSERT_THAT(primitive_getter, IsOk()); KeysetWrapperStore store; ASSERT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), IsOk()); util::StatusOr*> legacy_wrapper = store.GetPrimitiveWrapper(); ASSERT_THAT(legacy_wrapper, IsOk()); Keyset keyset; std::string raw_key = AddAesGcmKeyToKeyset(keyset, 13, OutputPrefixType::TINK, KeyStatusType::ENABLED); KeysetInfo keyset_info; keyset_info.add_key_info(); keyset_info.mutable_key_info(0)->set_output_prefix_type( OutputPrefixType::TINK); keyset_info.mutable_key_info(0)->set_key_id(1234543); keyset_info.mutable_key_info(0)->set_status(KeyStatusType::ENABLED); keyset_info.set_primary_key_id(1234543); std::unique_ptr> primitive_set( new PrimitiveSet()); auto entry = primitive_set->AddPrimitive( absl::make_unique(raw_key), keyset_info.key_info(0)); ASSERT_THAT(entry, IsOk()); ASSERT_THAT(primitive_set->set_primary(*entry), IsOk()); util::StatusOr> legacy_aead = (*legacy_wrapper)->Wrap(std::move(primitive_set)); ASSERT_THAT(legacy_aead, IsOk()); EXPECT_THAT((*legacy_aead)->get(), Eq(raw_key)); } TEST(KeysetWrapperStoreTest, GetPrimitiveWrapperNonexistentWrapperFails) { RegistryImpl registry; util::StatusOr>( const KeyData& key_data)>> primitive_getter = PrimitiveGetter(registry); ASSERT_THAT(primitive_getter, IsOk()); KeysetWrapperStore store; ASSERT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), IsOk()); EXPECT_THAT(store.GetPrimitiveWrapper().status(), StatusIs(absl::StatusCode::kNotFound)); } TEST(KeysetWrapperStoreTest, Get) { RegistryImpl registry; util::StatusOr>( const KeyData& key_data)>> primitive_getter = PrimitiveGetter(registry); ASSERT_THAT(primitive_getter, IsOk()); KeysetWrapperStore store; ASSERT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), IsOk()); util::StatusOr*> wrapper = store.Get(); ASSERT_THAT(wrapper, IsOk()); Keyset keyset; std::string raw_key = AddAesGcmKeyToKeyset(keyset, 13, OutputPrefixType::TINK, KeyStatusType::ENABLED); keyset.set_primary_key_id(13); util::StatusOr> aead = (*wrapper)->Wrap(keyset, /*annotations=*/{}); ASSERT_THAT(aead, IsOk()); EXPECT_THAT((*aead)->get(), Eq(raw_key)); } TEST(KeysetWrapperStoreTest, GetNonexistentWrapperFails) { RegistryImpl registry; util::StatusOr>( const KeyData& key_data)>> primitive_getter = PrimitiveGetter(registry); ASSERT_THAT(primitive_getter, IsOk()); KeysetWrapperStore store; ASSERT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), IsOk()); EXPECT_THAT(store.Get().status(), StatusIs(absl::StatusCode::kNotFound)); } TEST(KeysetWrapperStoreTest, IsEmpty) { KeysetWrapperStore store; EXPECT_EQ(store.IsEmpty(), true); RegistryImpl registry; util::StatusOr>( const KeyData& key_data)>> primitive_getter = PrimitiveGetter(registry); ASSERT_THAT(primitive_getter, IsOk()); ASSERT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), IsOk()); EXPECT_THAT(store.IsEmpty(), false); } TEST(KeysetWrapperStoreTest, Move) { RegistryImpl registry; util::StatusOr>( const KeyData& key_data)>> primitive_getter = PrimitiveGetter(registry); ASSERT_THAT(primitive_getter, IsOk()); KeysetWrapperStore store; ASSERT_THAT( (store.Add( absl::make_unique(), *primitive_getter)), IsOk()); util::StatusOr*> wrapper = store.Get(); ASSERT_THAT(wrapper, IsOk()); KeysetWrapperStore new_store = std::move(store); wrapper = new_store.Get(); ASSERT_THAT(wrapper, IsOk()); Keyset keyset; std::string raw_key = AddAesGcmKeyToKeyset(keyset, 13, OutputPrefixType::TINK, KeyStatusType::ENABLED); keyset.set_primary_key_id(13); util::StatusOr> aead = (*wrapper)->Wrap(keyset, /*annotations=*/{}); ASSERT_THAT(aead, IsOk()); EXPECT_THAT((*aead)->get(), Eq(raw_key)); } } // namespace } // namespace internal } // namespace tink } // namespace crypto